Skip to content

Remove repo-local governance workflow copies#26

Merged
seonghobae merged 2 commits into
mainfrom
codex/centralize-required-workflows-20260626
Jun 26, 2026
Merged

Remove repo-local governance workflow copies#26
seonghobae merged 2 commits into
mainfrom
codex/centralize-required-workflows-20260626

Conversation

@seonghobae

Copy link
Copy Markdown
Contributor

Central governance is now enforced by the organization-level required workflows from ContextualWisdomLab/.github. This removes the repo-local OpenCode, Strix, and PR review merge scheduler copies so this repository does not maintain a divergent automation bundle.

Copilot AI review requested due to automatic review settings June 26, 2026 11:29
@seonghobae seonghobae enabled auto-merge June 26, 2026 11:30

@opencode-agent opencode-agent Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

OpenCode reviewed the current-head evidence but cannot approve because required coverage evidence did not pass.

Findings

1. HIGH .github/workflows/opencode-review.yml:1 - Coverage evidence did not prove 100% test and docstring coverage

  • Problem: The OpenCode approval path reached an APPROVE control result while the separate coverage-evidence job result was failure.

  • Root cause: Automated approval is only valid when the same-head coverage-evidence job proves both test coverage and docstring coverage at 100%; missing, failed, skipped, unavailable, not-applicable, or partial coverage evidence is a blocker.

  • Fix: Install or configure the repository coverage/docstring coverage tooling, rerun the current-head coverage-evidence job, and approve only after it reports success with 100% evidence.

  • Regression test: Keep the approval branch checking needs.coverage-evidence.result == success before posting APPROVE.

  • Result: REQUEST_CHANGES

  • Reason: coverage-evidence result was failure, so 100% test/docstring coverage was not proven for current head 43e5d82629526c8d01d7cc5e14257573fa646935.

  • Head SHA: 43e5d82629526c8d01d7cc5e14257573fa646935

  • Workflow run: 28235225706

  • Workflow attempt: 1

Coverage evidence

Coverage Evidence

  • Head SHA: 43e5d82629526c8d01d7cc5e14257573fa646935
  • Required test coverage: 100%
  • Required docstring coverage: 100%

Coverage measurement

  • Result: FAIL
  • Reason: no supported source files or package manifests were found for coverage measurement.

Coverage Decision

  • Result: FAIL
  • Test coverage: not proven 100%
  • Docstring coverage: not proven 100%
  • Failure count: 1

@opencode-agent

opencode-agent Bot commented Jun 26, 2026

Copy link
Copy Markdown

OpenCode Review Overview

  • Head SHA: e51cf950ad88c1fcfa202127b6af9784ffc93ca4
  • Workflow run: 28237513321
  • Workflow attempt: 1
  • Gate result: APPROVE (approval step)

Pull request overview

OpenCode reviewed the current-head bounded evidence and found no blocking issues.

Findings

No blocking findings.

Summary

Inspected the PR changes, including the README.md and static assets. No issues were found. Verification posture: Linter/static: N/A (no source files), TDD/regression: N/A (no tests), Coverage: N/A (no source files), Docstring coverage: N/A (no source files), DAG: N/A (static content), PoC/execution: Verified local preview command, DDD/domain: N/A, CDD/context: N/A, Similar issues: N/A, Claim/concept check: N/A, Standards search: N/A, Compatibility/convention: N/A, Breaking-change/backcompat: N/A, Performance: N/A, Developer experience: No impact, User experience: No impact, Security/privacy: N/A.

Verification posture: CodeGraph evidence was initialized and bounded current-head evidence reviewed for changed-file evidence including .github/workflows/opencode-review.yml, .github/workflows/pr-review-merge-scheduler.yml, .github/workflows/strix.yml, opencode.jsonc, requirements-strix-ci-hashes.txt, and 10 more.
Linter/static: workflow/static review evidence is bounded by the current-head GitHub Checks gate and changed-file evidence.
TDD/regression: coverage execution evidence and focused changed hunks were reviewed from bounded-review-evidence.md.
Coverage: coverage execution evidence reports test coverage as not applicable because no supported source files or package manifests were found.
Docstring coverage: coverage execution evidence reports docstring coverage as not applicable because no supported source files or package manifests were found.
DAG: Change Flow DAG maps .github/workflows/opencode-review.yml through bounded evidence, review risk, and required checks.
PoC/execution: coverage-evidence job executed on the current head and reported PASS.
DDD/domain: workflow and repository-governance invariants were reviewed against changed files in bounded evidence.
CDD/context: CodeGraph evidence, changed-file history, and focused hunks were reviewed from bounded-review-evidence.md.
Similar issues: changed-file history evidence was reviewed for comparable local precedents.
Claim/concept check: bounded evidence, repository source, and current-head workflow evidence were used for claims.
Standards search: standards and external-source checks are delegated to configured OpenCode web_search/Context7/DeepWiki sources when applicable; no evidence-backed standards blocker is present in bounded evidence.
Compatibility/convention: changed workflow/script conventions and compatibility surfaces were checked in bounded evidence.
Breaking-change/backcompat: deployment evidence and changed-file history were checked for backward-compatibility risk.
Performance: changed surfaces were checked for performance risk in bounded evidence.
Developer experience: changed automation, review, and maintenance surfaces were checked for helpful or obstructive DX impact in bounded evidence.
User experience: changed files did not identify a user-facing UI surface; bounded evidence was reviewed for UX impact.
Security/privacy: workflow-token, review-gate, and repository-automation security/privacy boundaries were checked in bounded evidence.

  • Result: APPROVE
  • Reason: No blockers found in the PR changes.
  • Head SHA: e51cf950ad88c1fcfa202127b6af9784ffc93ca4
  • Workflow run: 28237513321
  • Workflow attempt: 1

Change Flow DAG

flowchart LR
  PR["PR changed files"] --> Evidence["OpenCode bounded evidence"]
  Evidence --> S1["Workflow (3 files)"]
  S1 --> I1["GitHub Actions review job"]
  I1 --> R1["Review risk: Workflow (3 files)"]
  R1 --> V1["actionlint plus required checks"]
  Evidence --> S2["Changed file (3 files)"]
  S2 --> I2["repository behavior"]
  I2 --> R2["Review risk: Changed file (3 files)"]
  R2 --> V2["required checks"]
  Evidence --> S3["CI script (9 files)"]
  S3 --> I3["review and security gate shell path"]
  I3 --> R3["Review risk: CI script (9 files)"]
  R3 --> V3["bash -n plus Strix self-test"]
Loading

Copilot AI left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR removes repository-local CI/governance automation (OpenCode review gate, Strix security scan gate, and the PR review merge scheduler) in favor of organization-level required workflows maintained in ContextualWisdomLab/.github, reducing the chance of this repo drifting from the centrally enforced policy bundle.

Changes:

  • Removes the repo-local Strix workflow and its supporting gate scripts/utilities.
  • Removes the repo-local OpenCode review gating scripts/utilities and opencode.jsonc configuration.
  • Removes the repo-local PR review merge scheduler workflow and implementation script.

Reviewed changes

Copilot reviewed 11 out of 15 changed files in this pull request and generated no comments.

Show a summary per file
File Description
scripts/ci/validate_opencode_failed_check_review.sh Removed repo-local OpenCode failed-check review validation script.
scripts/ci/test_opencode_fact_gate_contract.sh Removed script that asserted the OpenCode workflow “fact gate” contract.
scripts/ci/strix_quick_gate.sh Removed repo-local Strix CI gate implementation.
scripts/ci/strix_model_utils.sh Removed Strix gate shared model helper utilities.
scripts/ci/pr_review_merge_scheduler.py Removed repo-local merge scheduler implementation (GitHub API/CLI driven).
scripts/ci/opencode_review_normalize_output.py Removed OpenCode output normalizer enforcing the approval-gate contract.
scripts/ci/opencode_review_approve_gate.sh Removed repo-local OpenCode approval gate script.
scripts/ci/emit_opencode_failed_check_fallback_findings.sh Removed script that generated fallback findings from failed-check evidence.
requirements-strix-ci.txt Removed repo-local pinned Strix CI Python requirements.
opencode.jsonc Removed repo-local OpenCode configuration (providers/models/MCP config).
.github/workflows/strix.yml Removed repo-local Strix Security Scan workflow definition.
.github/workflows/pr-review-merge-scheduler.yml Removed repo-local PR review merge scheduler workflow definition.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@opencode-agent opencode-agent Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

OpenCode reviewed the current-head bounded evidence and found no blocking issues.

Findings

No blocking findings.

Summary

Inspected the PR changes, including the README.md and static assets. No issues were found. Verification posture: Linter/static: N/A (no source files), TDD/regression: N/A (no tests), Coverage: N/A (no source files), Docstring coverage: N/A (no source files), DAG: N/A (static content), PoC/execution: Verified local preview command, DDD/domain: N/A, CDD/context: N/A, Similar issues: N/A, Claim/concept check: N/A, Standards search: N/A, Compatibility/convention: N/A, Breaking-change/backcompat: N/A, Performance: N/A, Developer experience: No impact, User experience: No impact, Security/privacy: N/A.

Verification posture: CodeGraph evidence was initialized and bounded current-head evidence reviewed for changed-file evidence including .github/workflows/opencode-review.yml, .github/workflows/pr-review-merge-scheduler.yml, .github/workflows/strix.yml, opencode.jsonc, requirements-strix-ci-hashes.txt, and 10 more.
Linter/static: workflow/static review evidence is bounded by the current-head GitHub Checks gate and changed-file evidence.
TDD/regression: coverage execution evidence and focused changed hunks were reviewed from bounded-review-evidence.md.
Coverage: coverage execution evidence reports test coverage as not applicable because no supported source files or package manifests were found.
Docstring coverage: coverage execution evidence reports docstring coverage as not applicable because no supported source files or package manifests were found.
DAG: Change Flow DAG maps .github/workflows/opencode-review.yml through bounded evidence, review risk, and required checks.
PoC/execution: coverage-evidence job executed on the current head and reported PASS.
DDD/domain: workflow and repository-governance invariants were reviewed against changed files in bounded evidence.
CDD/context: CodeGraph evidence, changed-file history, and focused hunks were reviewed from bounded-review-evidence.md.
Similar issues: changed-file history evidence was reviewed for comparable local precedents.
Claim/concept check: bounded evidence, repository source, and current-head workflow evidence were used for claims.
Standards search: standards and external-source checks are delegated to configured OpenCode web_search/Context7/DeepWiki sources when applicable; no evidence-backed standards blocker is present in bounded evidence.
Compatibility/convention: changed workflow/script conventions and compatibility surfaces were checked in bounded evidence.
Breaking-change/backcompat: deployment evidence and changed-file history were checked for backward-compatibility risk.
Performance: changed surfaces were checked for performance risk in bounded evidence.
Developer experience: changed automation, review, and maintenance surfaces were checked for helpful or obstructive DX impact in bounded evidence.
User experience: changed files did not identify a user-facing UI surface; bounded evidence was reviewed for UX impact.
Security/privacy: workflow-token, review-gate, and repository-automation security/privacy boundaries were checked in bounded evidence.

  • Result: APPROVE
  • Reason: No blockers found in the PR changes.
  • Head SHA: e51cf950ad88c1fcfa202127b6af9784ffc93ca4
  • Workflow run: 28237513321
  • Workflow attempt: 1

@seonghobae seonghobae merged commit b2b5009 into main Jun 26, 2026
5 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants