Purpose
Define the effectful mechanism for syncing remote forge provider surfaces into SSOT refs without making the remote forge a meaning authority.
This issue is split out from roccho-dev/adrs#191. ADRS #191 should consume this mechanism as a blocking readiness dependency, not implement it.
Scope
Build or specify the mechanism for:
- remote forge issue / PR / branch / release / package observation;
- SSOT ref update with exact lease;
- provider observation refs;
- conflict refs for stale or unsafe provider updates;
- receipt refs for every allowed/rejected update;
- retention and restore proof;
- remote readback proof;
- rollback path;
- writer policy that prevents provider events from writing accepted meaning refs.
Non-goals
- Do not decide ADRS retirement.
- Do not create accepted ADRS state.
- Do not make GitHub, GitHub Issues, GitHub PRs, GitHub Projects, CI green, releases, packages, or workflow artifacts accepted meaning authority.
- Do not collapse
roccho-dev/adrs#191 into a transport implementation issue.
Required outputs
The mechanism must provide, for every accepted or retained input ref:
- source SSOT ref;
- oid / digest;
- writer identity;
- promotion or write receipt;
- retention proof;
- restore proof;
- remote readback proof;
- rollback path;
- conflict handling rule;
- proof that provider events cannot write
refs/brain/accepted/*.
Reference surface roles
| surface role |
example |
long-lived dependency |
temporary use |
authority |
ssot |
self-hosted Git refs |
yes |
yes |
yes |
checked-mirror |
GitHub main as mirror of SSOT selected ref |
yes, if checked |
yes |
no |
preview-branch |
GitHub work/dev branch |
no |
yes |
no |
review-surface |
GitHub PR |
no |
yes |
no |
coordination-surface |
GitHub Issue / Project |
no |
yes |
no |
release-snapshot |
GitHub Release |
yes |
yes |
no |
package-output |
Nix output / binary cache / package artifact |
yes |
yes |
no |
public-projection |
console / Pages / dashboard |
read-only only |
yes |
no |
backup |
remote forge mirror / retained refs |
yes, for recovery |
yes |
no |
Suggested ref layout
| ref |
role |
refs/provider/<forge>/issues/<repo>/<number> |
observed issue state |
refs/provider/<forge>/pull_request/<repo>/<number> |
observed PR state |
refs/provider/<forge>/branches/<repo>/<branch> |
observed provider branch state |
refs/provider/<forge>/releases/<repo>/<tag> |
observed release snapshot state |
refs/provider/<forge>/packages/<repo>/<package> |
observed package output state |
refs/conflicts/<forge>/... |
stale / unsafe / authority-claiming provider event |
refs/receipts/<forge>-to-ssot/<delivery> |
audit receipt |
refs/items/<id> |
canonical work item, updated only through accepted lease policy |
refs/brain/accepted/* |
never written directly by provider events |
Acceptance criteria
Close only when:
- provider event intake is specified or implemented;
- exact-lease updates are proven;
- stale provider updates cannot overwrite SSOT item refs;
- conflicts are retained under conflict refs;
- all allowed/rejected updates emit receipt refs;
- provider events cannot write accepted meaning refs;
- retention/readback/restore proof exists;
- rollback path exists;
- GitHub or any remote forge remains a provider surface, not accepted meaning authority;
roccho-dev/adrs#191 can cite this as a readiness dependency.
Initial status
A local proof exists for single-run GitHub issue/PR provider-event reconciliation into SSOT refs, including stale conflict handling and accepted-ref write prohibition.
That proof does not prove a live webhook daemon, GitHub App delivery route, or production self-hosted Git server integration. Those remain in scope here.
Purpose
Define the effectful mechanism for syncing remote forge provider surfaces into SSOT refs without making the remote forge a meaning authority.
This issue is split out from
roccho-dev/adrs#191. ADRS #191 should consume this mechanism as a blocking readiness dependency, not implement it.Scope
Build or specify the mechanism for:
Non-goals
roccho-dev/adrs#191into a transport implementation issue.Required outputs
The mechanism must provide, for every accepted or retained input ref:
refs/brain/accepted/*.Reference surface roles
ssotchecked-mirrormainas mirror of SSOT selected refpreview-branchreview-surfacecoordination-surfacerelease-snapshotpackage-outputpublic-projectionbackupSuggested ref layout
refs/provider/<forge>/issues/<repo>/<number>refs/provider/<forge>/pull_request/<repo>/<number>refs/provider/<forge>/branches/<repo>/<branch>refs/provider/<forge>/releases/<repo>/<tag>refs/provider/<forge>/packages/<repo>/<package>refs/conflicts/<forge>/...refs/receipts/<forge>-to-ssot/<delivery>refs/items/<id>refs/brain/accepted/*Acceptance criteria
Close only when:
roccho-dev/adrs#191can cite this as a readiness dependency.Initial status
A local proof exists for single-run GitHub issue/PR provider-event reconciliation into SSOT refs, including stale conflict handling and accepted-ref write prohibition.
That proof does not prove a live webhook daemon, GitHub App delivery route, or production self-hosted Git server integration. Those remain in scope here.