Skip to content

docs: sync post-golden governance status #36

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
CoderDeltaLAN merged 1 commit into from
Jun 15, 2026
Merged

docs: sync post-golden governance status #36

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions CHANGELOG.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,7 @@ This project has no stable public release yet.
- Added the v0.2 governance rules specification for conservative, deterministic instruction-file diagnostics.
- Added unreleased governance findings for unsupported security or maturity claims, review or CI bypass guidance, unsafe command execution guidance, runtime network or LLM dependency guidance, missing secret-handling boundaries, and missing instruction scope or authority.
- Added governance finding coverage across console, JSON, and Markdown output paths.
- Added golden contract coverage for current governance console, JSON, and Markdown output behavior.
- Added structured finding evidence for line-based governance findings.
- Added regression coverage for redacting secret-like values from finding evidence in JSON output.

Expand Down
4 changes: 2 additions & 2 deletions README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -342,9 +342,9 @@ The local check suite verifies:

Current verified local result on `main`:

Ran 93 tests
./scripts/check.sh passes

OK
The exact unit test count may change as coverage evolves. The source of truth is the current `./scripts/check.sh` output and the matching GitHub Actions run for `main`.

CI runs the same local check script through GitHub Actions.

Expand Down
23 changes: 14 additions & 9 deletions docs/V0.2-GOVERNANCE-RULES-SPEC.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -398,17 +398,22 @@ The release review must confirm that:
* v0.2 documentation does not claim proof of repository safety;
* tag and GitHub Release point to the verified release SHA.

## Recommended next phase after this document
## Release readiness follow-up

Recommended next phase:
The `test/add-governance-golden-output-coverage` phase has been completed on current `main`.

`test/add-governance-golden-output-coverage`
The next follow-up should be a release-readiness audit before any v0.2 version, tag, or release decision.

Only if scope is limited to existing unreleased v0.2 behavior:
That audit should verify:

* no new governance rules;
* no output redesign;
* no release, tag, or version change;
* no security or maturity claims.
* README.md;
* CHANGELOG.md;
* SECURITY.md;
* docs/THREAT-MODEL.md;
* docs/PRODUCT-STRATEGY.md;
* current CLI output from real commands;
* packaging and version metadata;
* branch protection and required checks;
* release artifact expectations.

The next test phase must preserve read-only behavior and existing runtime boundaries.
The follow-up must not change code, tests, rules, output behavior, version metadata, tags, or releases unless that scope is approved as its own explicit phase.