Mirror the moonbase CI-strictness baseline (where it applies to this repo):
- Branch protection on
main (+ dev if used); changes land via PR.
- All CI checks required to merge, strict; admins may bypass.
- SonarCloud:
sonar.qualitygate.wait=true + a gate that fails on any new issue.
- pre-commit (file hygiene + secret scan) wired and enforced in CI.
Goal: nothing merges past failing checks or a failing quality gate; admin override retained.
Mirror the moonbase CI-strictness baseline (where it applies to this repo):
main(+devif used); changes land via PR.sonar.qualitygate.wait=true+ a gate that fails on any new issue.Goal: nothing merges past failing checks or a failing quality gate; admin override retained.