You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Remove the owner from routine pre-merge review while keeping hard safety boundaries. Owner decision 2026-07-07: implement directly, shadow mode skipped.
Design
Principle: the PR author (any agent) never decides mergeability; a deterministic GitHub-side gate does. The owner reviews only changes that can alter system behavior.
Tiers
Tier 0/1 — auto-merge: docs changes outside protected paths. The merge gate workflow auto-approves and enables auto-merge; merge happens when required checks pass. Post-merge weekly digest review via weekly_ai_os_review replaces pre-merge review.
Tier 2 — owner review, always:AGENTS.md, CLAUDE.md, GOAL_MODE.md, MASTER_STATUS.md, CURRENT_STATUS.md, SYNC_CONTRACT.md, scripts/, tests/, .github/, any PROJECT_INSTRUCTIONS.md. Enforced server-side via CODEOWNERS + required code-owner review, so even a tampered workflow cannot bypass it.
Mechanics
Branch ruleset on main: PRs only (no direct pushes — prevents a repeat of the [Audit] Local main has 6 unpushed direct commits bypassing PR flow and CI #134 local-main drift), 1 required approval, code-owner review required, required check docs-safety, no force-push/deletion. Bypass: repository admin (owner can always merge manually).
.github/workflows/auto-merge.yml: classifies the PR diff against the protected-path list; if clean -> approves + gh pr merge --auto; if protected -> leaves it to owner review. Approvals are dismissed on new pushes and re-evaluated.
Repo settings: allow auto-merge; allow Actions to approve PRs.
Content quality of auto-merged docs is caught post-merge (weekly digest), not pre-merge; docs-only repo keeps reverts cheap.
Prompt-injection-shaped content in Tier 0/1 docs merges without human eyes; behavior kernels (PROJECT_INSTRUCTIONS, AGENTS) stay human-gated, which bounds the blast radius.
The implementation PR is stacked after the current audit queue: merge order #139 -> #140 -> #141 -> #142 -> #143 -> this. The ruleset activates immediately; the owner merges the existing stack via admin bypass.
Acceptance
A docs-only PR outside protected paths merges with zero owner actions after checks pass.
A PR touching any protected path cannot merge without owner review, even if the workflow file itself is modified in that PR.
Goal
Remove the owner from routine pre-merge review while keeping hard safety boundaries. Owner decision 2026-07-07: implement directly, shadow mode skipped.
Design
Principle: the PR author (any agent) never decides mergeability; a deterministic GitHub-side gate does. The owner reviews only changes that can alter system behavior.
Tiers
weekly_ai_os_reviewreplaces pre-merge review.AGENTS.md,CLAUDE.md,GOAL_MODE.md,MASTER_STATUS.md,CURRENT_STATUS.md,SYNC_CONTRACT.md,scripts/,tests/,.github/, anyPROJECT_INSTRUCTIONS.md. Enforced server-side via CODEOWNERS + required code-owner review, so even a tampered workflow cannot bypass it.Mechanics
main: PRs only (no direct pushes — prevents a repeat of the [Audit] Local main has 6 unpushed direct commits bypassing PR flow and CI #134 local-main drift), 1 required approval, code-owner review required, required checkdocs-safety, no force-push/deletion. Bypass: repository admin (owner can always merge manually)..github/CODEOWNERSlisting Tier 2 paths -> @sergstack..github/workflows/auto-merge.yml: classifies the PR diff against the protected-path list; if clean -> approves +gh pr merge --auto; if protected -> leaves it to owner review. Approvals are dismissed on new pushes and re-evaluated.scripts/check_index_coverage.py(Knowledge dirs vs index files — the drift class from [Audit] [LLM] status file and README omit 8 existing Knowledge files; stale review metadata #135/[Audit] AI_OS_PROJECT_FILES_INDEX.md missing 8 existing [AI OS] Knowledge files #136 becomes machine-checked) wired intodocs-safety,sync_aios.py, AGENTS.md validation list, and pytest.Residual risks (accepted)
Sequencing
The implementation PR is stacked after the current audit queue: merge order #139 -> #140 -> #141 -> #142 -> #143 -> this. The ruleset activates immediately; the owner merges the existing stack via admin bypass.
Acceptance
mainare rejected.