Danijel Martinek
90341ff475
- ADR-023 codifies the four-pillar enforcement stack: Renovate for bumps + Action SHA pinning via pinGitHubActionDigests, Socket.dev as a 9th hard filter in evaluate-library (free App + self-hosted socket-cli + reviewer-prompt enforcement), weekly trace revalidation cron with two-tier divergence action (rolling dashboard issue + per-dep re-evaluation issues), and the baseline GitHub-native gates (CodeQL, pnpm audit signatures, gitleaks pre-commit + native push protection). Failure-mode hierarchy is the single source of truth referenced by the sandcastle reviewer. - Section 6 amends ADR-022 in place: major-bump re-evaluation trigger (minor/patch bumps skip), last-revalidated frontmatter field (preserves original date for adoption provenance), and Socket as the 9th hard filter. ADR-022 stays unedited; both ADRs read as a composed policy. - PRD at docs/work/prds/2026-05-14-ci-security-and-supply-chain.prd.md seeds the implementation epic; explicit sequencing -- depends on the in-flight library-evaluation epic's stories 01/02/04/06 landing first. - Glossary gains "Trace revalidation" + "Major-bump re-evaluation" entries referenced by both ADRs. Catalyst: 2026-05-14 audit confirmed zero security tooling in the repo + GitHub Actions pinned to major-version tags (the tj-actions/ changed-files attack class). ADR-022 closes the adoption-time gate; ADR-023 closes the post-adoption drift gate.
161 lines
4.8 KiB
JSON
161 lines
4.8 KiB
JSON
{
|
|
"updated_at": "2026-05-14T16:47:27.076Z",
|
|
"epics": {
|
|
"2026-05-13-binder-wrap-helper": {
|
|
"status": "done",
|
|
"title": "Collapse binder duplication via wireUseCase helper",
|
|
"prd": "docs/work/prds/2026-05-13-binder-wrap-helper.prd.md",
|
|
"stories": {
|
|
"01-wire-use-case-helper": {
|
|
"status": "done",
|
|
"title": "Introduce wireUseCase helper in core-shared",
|
|
"ac_total": 1,
|
|
"ac_completed": 1,
|
|
"depends_on": [],
|
|
"blocks": [
|
|
"02-migrate-feature-binders",
|
|
"03-update-generator-templates"
|
|
]
|
|
},
|
|
"02-migrate-feature-binders": {
|
|
"status": "done",
|
|
"title": "Migrate all five feature binders to wireUseCase",
|
|
"ac_total": 5,
|
|
"ac_completed": 5,
|
|
"depends_on": [
|
|
"01-wire-use-case-helper"
|
|
],
|
|
"blocks": []
|
|
},
|
|
"03-update-generator-templates": {
|
|
"status": "done",
|
|
"title": "Update feature generator templates to emit wireUseCase call shape",
|
|
"ac_total": 1,
|
|
"ac_completed": 1,
|
|
"depends_on": [
|
|
"01-wire-use-case-helper"
|
|
],
|
|
"blocks": []
|
|
}
|
|
}
|
|
},
|
|
"2026-05-14-library-evaluation-policy": {
|
|
"status": "done",
|
|
"title": "Library evaluation policy — skill, traces, enforcement stack",
|
|
"prd": "docs/work/prds/2026-05-14-library-evaluation-policy.prd.md",
|
|
"stories": {
|
|
"01-trace-schema-foundation": {
|
|
"status": "done",
|
|
"title": "Trace schema module + docs/library-decisions/ foundation",
|
|
"ac_total": 1,
|
|
"ac_completed": 1,
|
|
"depends_on": [],
|
|
"blocks": []
|
|
},
|
|
"02-pre-commit-check-script": {
|
|
"status": "done",
|
|
"title": "Pre-commit check script for library trace presence",
|
|
"ac_total": 1,
|
|
"ac_completed": 1,
|
|
"depends_on": [
|
|
"01-trace-schema-foundation"
|
|
],
|
|
"blocks": [
|
|
"06-sandcastle-reviewer-prompt"
|
|
]
|
|
},
|
|
"03-claude-hooks": {
|
|
"status": "done",
|
|
"title": "Claude PreToolUse / PostToolUse hooks for library-policy nudge",
|
|
"ac_total": 1,
|
|
"ac_completed": 1,
|
|
"depends_on": [],
|
|
"blocks": []
|
|
},
|
|
"04-evaluate-library-skill": {
|
|
"status": "done",
|
|
"title": "evaluate-library skill (SKILL.md + supporting files)",
|
|
"ac_total": 1,
|
|
"ac_completed": 1,
|
|
"depends_on": [
|
|
"01-trace-schema-foundation"
|
|
],
|
|
"blocks": [
|
|
"05-human-guide"
|
|
]
|
|
},
|
|
"05-human-guide": {
|
|
"status": "done",
|
|
"title": "Human reading-room guide — docs/guides/adding-a-library.md",
|
|
"ac_total": 1,
|
|
"ac_completed": 1,
|
|
"depends_on": [
|
|
"04-evaluate-library-skill"
|
|
],
|
|
"blocks": [
|
|
"09-claude-md-update"
|
|
]
|
|
},
|
|
"06-sandcastle-reviewer-prompt": {
|
|
"status": "done",
|
|
"title": "Sandcastle reviewer prompt — Library-trace check section",
|
|
"ac_total": 1,
|
|
"ac_completed": 1,
|
|
"depends_on": [
|
|
"02-pre-commit-check-script"
|
|
],
|
|
"blocks": []
|
|
},
|
|
"07-generator-pre-shipped-traces": {
|
|
"status": "done",
|
|
"title": "Generator templates — pre-shipped traces for optional core packages",
|
|
"ac_total": 1,
|
|
"ac_completed": 1,
|
|
"depends_on": [
|
|
"01-trace-schema-foundation"
|
|
],
|
|
"blocks": []
|
|
},
|
|
"08-backfill-traces": {
|
|
"status": "done",
|
|
"title": "Backfill library traces for existing feature- and core-tier runtime deps",
|
|
"ac_total": 4,
|
|
"ac_completed": 4,
|
|
"depends_on": [
|
|
"01-trace-schema-foundation"
|
|
],
|
|
"blocks": []
|
|
},
|
|
"09-claude-md-update": {
|
|
"status": "done",
|
|
"title": "CLAUDE.md Key Conventions — library policy bullet",
|
|
"ac_total": 1,
|
|
"ac_completed": 1,
|
|
"depends_on": [
|
|
"05-human-guide"
|
|
],
|
|
"blocks": []
|
|
}
|
|
}
|
|
},
|
|
"template-reset-v1": {
|
|
"status": "done",
|
|
"title": "Template reset — strip setup-process noise + archive history",
|
|
"prd": null,
|
|
"stories": {
|
|
"01-template-reset": {
|
|
"status": "done",
|
|
"title": "Strip setup refs + archive history + rename ADR-012",
|
|
"ac_total": 12,
|
|
"ac_completed": 12,
|
|
"depends_on": [],
|
|
"blocks": []
|
|
}
|
|
}
|
|
}
|
|
},
|
|
"ready": [],
|
|
"blocked": [],
|
|
"needs_prd_ship": []
|
|
}
|