-
Notifications
You must be signed in to change notification settings - Fork 0
chore: add pre-push review gates to CLAUDE.md #25
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Changes from 1 commit
b740ff5
67d7713
40a69f2
4c225ee
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -78,6 +78,17 @@ mantle serve # Start persistent server (Phase 5+) | |
| 5. **Triggers & Server Mode** — `mantle serve`, cron scheduler, webhook ingestion | ||
| 6. **Multi-tenancy & RBAC** — teams, users, roles, API keys, team scoping retrofit | ||
|
|
||
| ## Pre-Push Review Gates | ||
|
|
||
| Before pushing any PR to GitHub, run the work through these review agents (in parallel): | ||
|
|
||
| 1. **Technical Writer** — Review all changed docs, comments, CLI output, and error messages for clarity, accuracy, and consistency with existing documentation tone. | ||
| 2. **Product Owner** — Verify the changes align with the project goals, V1 phasing priorities, and architecture principles listed above. Flag scope creep or work that doesn't serve the current phase. | ||
| 3. **Legal Compliance Checker** — Check for license compliance (dependencies, attribution), security concerns (credential handling, injection risks), and anything that conflicts with the BSL/SSPL-style license. | ||
| 4. **Reality Checker** — Challenge claims of completeness, correctness, and production readiness. Default to "needs work" — require overwhelming evidence before approving. If tests aren't shown passing, it's not done. If edge cases aren't covered, it's not ready. | ||
|
Contributor
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. 🧹 Nitpick | 🔵 Trivial Consider softening the Reality Checker's adversarial tone. The Reality Checker description states: "Default to 'needs work' — require overwhelming evidence before approving." This adversarial stance could unnecessarily slow development velocity and create friction, especially for straightforward changes with clear evidence (passing tests, covered edge cases). A more balanced approach would maintain rigor while avoiding an assumption of inadequacy. 📝 Proposed tone adjustment-4. **Reality Checker** — Challenge claims of completeness, correctness, and production readiness. Default to "needs work" — require overwhelming evidence before approving. If tests aren't shown passing, it's not done. If edge cases aren't covered, it's not ready.
+4. **Reality Checker** — Verify claims of completeness, correctness, and production readiness with concrete evidence. Require passing tests, covered edge cases, and demonstrated correctness. Challenge assumptions and flag gaps in testing or error handling.🤖 Prompt for AI Agents |
||
|
|
||
| These reviews catch misalignment early. Do not skip them even for small changes — small PRs are where assumptions slip through unchecked. | ||
|
Comment on lines
+81
to
+90
Contributor
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. 🧹 Nitpick | 🔵 Trivial Specify the enforcement mechanism and integration with GitHub workflow. The section defines review requirements but doesn't specify how they should be enforced or integrated into the development workflow. This creates ambiguity about:
Without an implementation mechanism, these gates may be inconsistently applied or gradually ignored. 💡 Suggested additions to clarify implementationConsider adding a subsection that specifies the implementation approach: ### Implementation
These reviews should be conducted by the PR author using AI-assisted tooling before creating the PR. Document completion in the PR description using this checklist:
- [ ] Technical Writer review: All docs, CLI output, and error messages reviewed for clarity
- [ ] Product Owner review: Changes align with V1 phasing and architecture principles
- [ ] Legal Compliance review: License compliance and security concerns checked
- [ ] Reality Checker review: Edge cases covered, tests passing, evidence providedOr, if using automated tooling: ### Implementation
These reviews are enforced via GitHub Actions that run AI-powered analysis on each PR. The workflow must pass all four checks before merging is allowed.🤖 Prompt for AI Agents
Comment on lines
+83
to
+90
Contributor
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. 🧹 Nitpick | 🔵 Trivial Consider scalability and practicality for small changes. Requiring four separate reviews for every change—including small documentation fixes, typos, or minor refactors—may be impractical for small teams or solo maintainers. The explicit prohibition against skipping reviews "even for small changes" could create unnecessary overhead. Consider introducing a pragmatic risk-based approach where the depth of review scales with the impact and risk of the change. 🎯 Suggested risk-based approachBefore pushing any PR to GitHub, assess the risk level and apply appropriate review depth:
**High-risk changes** (new features, security-sensitive code, API changes, database migrations):
- All four review perspectives required with documented evidence
**Medium-risk changes** (bug fixes, refactors, non-trivial documentation):
- Technical Writer + Reality Checker required
- Product Owner + Legal Compliance as needed
**Low-risk changes** (typo fixes, comment updates, minor doc clarifications):
- Quick self-review covering all four perspectives
- Document any concerns in PR description
These reviews catch misalignment early. When in doubt, err on the side of more thorough review.🤖 Prompt for AI Agents |
||
|
|
||
| ## License | ||
|
|
||
| BSL/SSPL-style — source available, no commercial resale of forks. | ||
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Clarify "before pushing any PR to GitHub."
The phrase "before pushing any PR to GitHub" is ambiguous. Pull requests are created on GitHub, so they cannot be reviewed before being pushed there. Consider rephrasing to one of:
Additionally, the term "review agents" is ambiguous—it's unclear whether these are human roles, AI-powered automated checks, checklists for the PR author, or something else.
✏️ Proposed clarification
Or if the intent is AI/automated agents:
🤖 Prompt for AI Agents