constitution: make Gatehouse advisory gate enforceable (v1.9.0)#9
Conversation
§XII already declared Gatehouse advisory, but nothing stopped adopters from wiring the review job as a required status check — which they did, and a non-deterministic LLM finding blocked a green PR (gatehouse#23, mcp-trentina#56). Strengthen the rule: the review job is advisory by construction (exits 0 by default), MUST NOT be a required status check, and blocking is opt-in via the `blocking: true` input and still never a required check. The guard job is the one to mark required. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
There was a problem hiding this comment.
Code Review
This pull request updates the CrunchTools Constitution to version 1.9.0, specifying that the Gatehouse AI review job is advisory and must not be configured as a required status check. The review feedback suggests minor improvements to formatting consistency, such as enclosing the review job in backticks and refining the phrasing to align with RFC-style standards.
Important
The consumer version of Gemini Code Assist on GitHub is being sunset. Starting June 18, 2026, new organization installations will be blocked, and all code review activity will officially cease on July 17, 2026.
For more details on the timeline and next steps, please review the Help Documentation.
| - CI workflow name: `Gatehouse`. Job names: `Protect workflows` (guard) and `Gatehouse review` (review). | ||
| - Gatehouse is an **advisory gate** — findings are posted as PR review comments for the maintainer to triage, but do not block merge. | ||
| - The `guard` job is a **blocking gate** — PRs from non-members that modify `.github/workflows/` MUST be rejected. | ||
| - **The review job is advisory by construction and MUST NOT be a required status check.** An LLM reviewer is non-deterministic and hallucinates findings; giving it merge authority forces maintainers to either bypass branch protection or "fix" non-bugs. The reusable workflow exits `0` regardless of findings by default. Blocking behavior is opt-in only (the workflow's `blocking: true` input), and even when enabled the review job MUST NOT be added to branch protection as a required check. |
There was a problem hiding this comment.
For consistency with other job references (like guard), the review job should be enclosed in backticks. Additionally, adding a comma after 'enabled' improves readability.
| - **The review job is advisory by construction and MUST NOT be a required status check.** An LLM reviewer is non-deterministic and hallucinates findings; giving it merge authority forces maintainers to either bypass branch protection or "fix" non-bugs. The reusable workflow exits `0` regardless of findings by default. Blocking behavior is opt-in only (the workflow's `blocking: true` input), and even when enabled the review job MUST NOT be added to branch protection as a required check. | |
| - **The `review` job is advisory by construction and MUST NOT be a required status check.** An LLM reviewer is non-deterministic and hallucinates findings; giving it merge authority forces maintainers to either bypass branch protection or "fix" non-bugs. The reusable workflow exits `0` regardless of findings by default. Blocking behavior is opt-in only (the workflow's `blocking: true` input), and even when enabled, the `review` job MUST NOT be added to branch protection as a required check. |
| - Gatehouse is an **advisory gate** — findings are posted as PR review comments for the maintainer to triage, but do not block merge. | ||
| - The `guard` job is a **blocking gate** — PRs from non-members that modify `.github/workflows/` MUST be rejected. | ||
| - **The review job is advisory by construction and MUST NOT be a required status check.** An LLM reviewer is non-deterministic and hallucinates findings; giving it merge authority forces maintainers to either bypass branch protection or "fix" non-bugs. The reusable workflow exits `0` regardless of findings by default. Blocking behavior is opt-in only (the workflow's `blocking: true` input), and even when enabled the review job MUST NOT be added to branch protection as a required check. | ||
| - The `guard` job is a **blocking gate** — PRs from non-members that modify `.github/workflows/` MUST be rejected. It, not the review job, is the one to mark required. |
There was a problem hiding this comment.
The phrase 'It, not the review job, is the one to mark required' is slightly awkward and lacks the RFC-style formatting used elsewhere in the constitution. Enclosing review in backticks also ensures consistency with guard.
| - The `guard` job is a **blocking gate** — PRs from non-members that modify `.github/workflows/` MUST be rejected. It, not the review job, is the one to mark required. | |
| - The `guard` job is a **blocking gate** — PRs from non-members that modify `.github/workflows/` MUST be rejected. It, not the `review` job, MUST be configured as a required status check. |
Rationale
§XII already declared Gatehouse an advisory gate ("do not block merge"), but nothing in the doctrine stopped adopters from wiring the review job as a required status check. That happened: on
crunchtools/mcp-trentina#56, the review — configured as required — blocked an otherwise-green PR on three separate runs, each producing a different set of all-false HIGH findings (seecrunchtools/gatehouse#23). The PR had to be admin-merged.Change
Strengthens §XII → Gatehouse to make "advisory" enforceable, not just aspirational:
0regardless of findings by default.blocking: trueinput) and, even when enabled, still MUST NOT be a required check.guardjob is the one to mark required.Bumps
1.8.0 → 1.9.0(new governance constraint) with a ratification-history row.Companion PR
The gatehouse implementation that makes the reusable workflow honor this:
crunchtools/gatehouse#24.🤖 Generated with Claude Code