Skip to content

Tiered merge gate: remove owner from routine PR review #144

Description

@sergstack

Goal

Remove the owner from routine pre-merge review while keeping hard safety boundaries. Owner decision 2026-07-07: implement directly, shadow mode skipped.

Design

Principle: the PR author (any agent) never decides mergeability; a deterministic GitHub-side gate does. The owner reviews only changes that can alter system behavior.

Tiers

  • Tier 0/1 — auto-merge: docs changes outside protected paths. The merge gate workflow auto-approves and enables auto-merge; merge happens when required checks pass. Post-merge weekly digest review via weekly_ai_os_review replaces pre-merge review.
  • Tier 2 — owner review, always: AGENTS.md, CLAUDE.md, GOAL_MODE.md, MASTER_STATUS.md, CURRENT_STATUS.md, SYNC_CONTRACT.md, scripts/, tests/, .github/, any PROJECT_INSTRUCTIONS.md. Enforced server-side via CODEOWNERS + required code-owner review, so even a tampered workflow cannot bypass it.

Mechanics

  1. Branch ruleset on main: PRs only (no direct pushes — prevents a repeat of the [Audit] Local main has 6 unpushed direct commits bypassing PR flow and CI #134 local-main drift), 1 required approval, code-owner review required, required check docs-safety, no force-push/deletion. Bypass: repository admin (owner can always merge manually).
  2. .github/CODEOWNERS listing Tier 2 paths -> @sergstack.
  3. .github/workflows/auto-merge.yml: classifies the PR diff against the protected-path list; if clean -> approves + gh pr merge --auto; if protected -> leaves it to owner review. Approvals are dismissed on new pushes and re-evaluated.
  4. Repo settings: allow auto-merge; allow Actions to approve PRs.
  5. Gate hardening: new scripts/check_index_coverage.py (Knowledge dirs vs index files — the drift class from [Audit] [LLM] status file and README omit 8 existing Knowledge files; stale review metadata #135/[Audit] AI_OS_PROJECT_FILES_INDEX.md missing 8 existing [AI OS] Knowledge files #136 becomes machine-checked) wired into docs-safety, sync_aios.py, AGENTS.md validation list, and pytest.

Residual risks (accepted)

Sequencing

The implementation PR is stacked after the current audit queue: merge order #139 -> #140 -> #141 -> #142 -> #143 -> this. The ruleset activates immediately; the owner merges the existing stack via admin bypass.

Acceptance

  • A docs-only PR outside protected paths merges with zero owner actions after checks pass.
  • A PR touching any protected path cannot merge without owner review, even if the workflow file itself is modified in that PR.
  • Direct pushes to main are rejected.

Metadata

Metadata

Assignees

No one assigned

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions