Merge branch 'main' into collectioneur/transition-tracker-v2

Author: collectioneur

.claude/agents/helpdot-inline-reviewer.md

@@ -9,52 +9,25 @@ model: inherit
 
 You are **Support Doc Optimizer** — an AI trained to evaluate HelpDot articles written for Expensify and create inline comments for specific violations.
 
-Your job is to scan through changed documentation files and create **inline comments** for specific violations based on the three core criteria below.
+Your job is to scan through changed documentation files and create **inline comments** for specific violations. **All rules and criteria come from the help site governance files** — you must use them as the single source of truth.
+
+## Governance (source of truth)
+
+**Before reviewing, read these files and use them as the authoritative source for all rules and violations:**
+
+1. **docs/HELPSITE_NAMING_CONVENTIONS.md** — UI referencing (buttons, tabs, menus, navigation), button/tab naming standards, three dots menu rule, navigation instructions, prohibited language, deterministic writing.
+2. **docs/HELP_AUTHORING_GUIDELINES.md** — Article structure, heading rules, metadata requirements, step formatting, AI retrieval optimization, cross-linking, screenshot placeholders, pre-publish validation.
+3. **docs/TEMPLATE.md** — Required YAML frontmatter pattern, heading guidance, FAQ structure, and structural expectations.
+
+Create inline comments for any violation of the rules defined in those governance files. When in doubt, the governance docs override any other guidance.
 
 **CRITICAL — Review only the proposed changes:** You must evaluate and comment only on the **diff** (the lines added or modified in the PR). Do NOT create inline comments on lines that are unchanged—those belong to the old file and are not part of the proposal. Use `gh pr diff` to know exactly which lines were changed; only create comments on those line numbers. Commenting on unchanged lines is out of scope and can fail or confuse the author.
 
-## 1. Readability Violations (Create inline comments for)
-- Poor sentence clarity, grammar, or scannability issues
-- Illogical flow or ordering of sections  
-- Reading level above 8th grade (complex jargon)
-- Unnecessary filler or verbose language
-- Incorrect use of numbered steps or bullet points
-
-## 2. AI Readiness Violations (Create inline comments for)
-- Vague headings without full feature names (e.g., "Enable it", "Connect to it")
-- Short or generic headings instead of full task phrasing (e.g., "Options" → "Expense Rule options for Workspace Admins"; use the full task and audience in the heading)
-- Non-descriptive headings (e.g., "Where to find it" vs "Where to find Statement Matching")  
-- Vague references like "this," "that," or "it" without clear context
-- Missing or incomplete YAML metadata:
-```yaml
----
-title: [Full article title]
-description: [Concise, benefit-focused summary] 
-keywords: [feature name, related terms, navigation path, etc.]
-internalScope: Audience is [target role]. Covers [main topic]. Does not cover [excluded areas].
----
-```
-  - **internalScope** must always be present. If the article does not specify it, use a clear default following the pattern: `Audience is [target role]. Covers [main topic]. Does not cover [excluded areas].`
-- Wrong heading levels (using ### or deeper instead of # or ##)
-
-**Note:** A breadcrumb path after the H1 heading is **not** required. Do not flag missing breadcrumbs as a violation.
-
-## 3. Expensify Style Compliance Violations (Create inline comments for)
-- Voice and tone issues:
-  - Not casual yet professional
-  - Excessive exclamation marks (max 1 per 400 words)
-- Terminology violations:
-  - "Policy" instead of "Workspace"
-  - "User" instead of "Member"  
-  - Wrong role names (not "Workspace Admin," "Domain Owner")
-- Button label violations:
-  - "Continue" instead of "Next"
-  - "Save" instead of "Confirm" at end of flows
-- Markdown formatting violations
-- FAQ structure violations:
-  - Not using "# FAQ" as heading
-  - Questions not using ## subheadings
-  - Answers not in plain text
+### Violation categories (aligned with governance)
+
+- **Readability / structure:** Clarity, flow, scannability, step formatting, heading hierarchy — per HELP_AUTHORING_GUIDELINES.md and TEMPLATE.md.
+- **AI readiness:** Task-based headings, full feature names, YAML metadata (title, description, keywords, **internalScope**), no generic headings — per HELP_AUTHORING_GUIDELINES.md and TEMPLATE.md. (Breadcrumb paths after H1 are not required; do not flag their absence.)
+- **Naming and style:** Exact UI labels, button/tab naming, terminology (e.g. Workspace not Policy, Member not User), navigation phrasing, prohibited language — per HELPSITE_NAMING_CONVENTIONS.md and HELP_AUTHORING_GUIDELINES.md. FAQ must use `# FAQ` and ## for questions per TEMPLATE.md.
 
 ## Instructions
 

.claude/agents/helpdot-summary-reviewer.md

@@ -9,33 +9,30 @@ model: inherit
 
 You are a documentation quality specialist that provides comprehensive assessments of HelpDot documentation changes.
 
-Your job is to analyze all changed files and provide a single, comprehensive summary review with scores and overall recommendations.
+Your job is to analyze all changed files and provide a single, comprehensive summary review with scores and overall recommendations. **All scoring criteria and rules come from the help site governance files** — use them as the single source of truth.
+
+## Governance (source of truth)
+
+**Before reviewing, read these files and use them as the authoritative source for scoring and recommendations:**
+
+1. **docs/HELPSITE_NAMING_CONVENTIONS.md** — UI referencing, button/tab naming, navigation rules, prohibited language.
+2. **docs/HELP_AUTHORING_GUIDELINES.md** — Structure, heading rules, metadata, steps, AI retrieval, cross-linking, validation checklist.
+3. **docs/TEMPLATE.md** — YAML frontmatter, heading guidance, FAQ structure.
 
 **CRITICAL — Review only the proposed changes:** Base your assessment, scores, and recommendations **only on the changes being proposed** in the PR (the diff). Use `gh pr diff` to see what was added or modified. Do not score or critique unchanged portions of the file—those are from the old version and are not part of the proposal. Evaluate and feedback only on the diff.
 
 ## Scoring Criteria
 
-### 1. Readability (1-10)
-- Sentence clarity and grammar
-- Logical flow and organization  
-- Appropriate reading level (8th grade or below)
-- Clear, jargon-free language
-- Proper use of formatting elements
+Derive your scores from the governance files above:
 
-### 2. AI Readiness (1-10) 
-- Descriptive headings with full feature names and full task phrasing (e.g., "Expense Rule options for Workspace Admins" not "Options")
-- Clear context without vague references
-- Proper YAML metadata structure, including **internalScope** in the form: `Audience is [target role]. Covers [main topic]. Does not cover [excluded areas].` (use a clear default if not provided)
-- Consistent heading hierarchy (# and ## only)
+### 1. Readability (1-10)
+- Sentence clarity, flow, scannability, step formatting — per HELP_AUTHORING_GUIDELINES.md and TEMPLATE.md.
 
-**Note:** Breadcrumb paths after H1 are not required; do not penalize for their absence.
+### 2. AI Readiness (1-10)
+- Task-based headings, full feature names, YAML metadata (including **internalScope**), heading hierarchy (# and ## only) — per HELP_AUTHORING_GUIDELINES.md and TEMPLATE.md. (Breadcrumb paths after H1 are not required; do not penalize for their absence.)
 
 ### 3. Style Compliance (1-10)
-- Expensify voice and tone standards
-- Correct terminology (workspace, member, etc.)
-- Proper button labels and UI terms
-- Markdown formatting compliance
-- FAQ structure adherence
+- Exact UI terminology, button/tab naming, terminology (e.g. Workspace, Member), navigation phrasing, FAQ structure — per HELPSITE_NAMING_CONVENTIONS.md and HELP_AUTHORING_GUIDELINES.md.
 
 ## Output Format
 

.claude/commands/review-helpdot-pr.md

@@ -3,17 +3,21 @@ allowed-tools: Bash(gh pr comment:*),Bash(gh pr diff:*),Bash(gh pr view:*),mcp__
 description: Review a HelpDot documentation pull request
 ---
 
-Perform a comprehensive HelpDot documentation review using two specialized subagents:
+Perform a comprehensive HelpDot documentation review using two specialized subagents. Both reviewers use the **help site governance files** in the repo as the source of truth for rules and scoring:
+
+- **docs/HELPSITE_NAMING_CONVENTIONS.md** — UI referencing, button/tab naming, navigation
+- **docs/HELP_AUTHORING_GUIDELINES.md** — Structure, headings, metadata, AI retrieval, validation
+- **docs/TEMPLATE.md** — YAML frontmatter, heading guidance, FAQ structure
 
 ## Step 1: Inline Review
 Use the helpdot-inline-reviewer agent to:
 - Scan all changed documentation files
-- Create inline comments for specific HelpDot rule violations
+- Create inline comments for violations of the governance rules above
 - Focus on line-specific, actionable feedback
 
 ## Step 2: Summary Review  
 Use the helpdot-summary-reviewer agent to:
-- Analyze the overall quality of all changes
+- Analyze the overall quality of all changes using the governance criteria
 - Provide comprehensive assessment with scoring
 - Post one top-level PR comment with summary and recommendations
 

.github/workflows/authorChecklist.yml

@@ -9,11 +9,22 @@ on:
     paths-ignore: ['docs/articles/**/*.md', 'docs/redirects.csv', 'docs/assets/images/**']
 
 jobs:
+  validate:
+    uses: ./.github/workflows/contributorValidationGate.yml
+    with:
+      PR_NUMBER: ${{ github.event.pull_request.number }}
+      PR_AUTHOR: ${{ github.event.pull_request.user.login }}
+      AUTHOR_ASSOCIATION: ${{ github.event.pull_request.author_association }}
+
   # Note: PHP specifically looks for the name of this job, "checklist", so if the name of the job is changed,
   # then you also need to go into PHP and update the name of this job in the GH_JOB_NAME_CHECKLIST constant
   checklist:
+    needs: [validate]
     runs-on: blacksmith-2vcpu-ubuntu-2404
-    if: github.actor != 'OSBotify' && github.actor != 'imgbot[bot]'
+    if: |
+      needs.validate.outputs.IS_AUTHORIZED == 'true'
+      && github.actor != 'OSBotify'
+      && github.actor != 'imgbot[bot]'
     steps:
       - name: Checkout
         # v4

.github/workflows/cherryPick.yml

@@ -211,6 +211,79 @@ jobs:
             git push origin ${{ inputs.TARGET }}
           fi
 
+      - name: Find deploy workflow run
+        # Also runs for version-bump-only CPs where HAS_CONFLICTS is unset
+        if: ${{ steps.cherryPick.outputs.HAS_CONFLICTS != 'true' }}
+        id: findDeployRun
+        run: |
+          PUSH_SHA=$(git rev-parse HEAD)
+          echo "Push SHA: $PUSH_SHA"
+
+          DEPLOY_RUN_URL=""
+          for i in 1 2 3 4 5 6; do
+            echo "Polling for deploy run (attempt $i)..."
+            sleep 10
+            DEPLOY_RUN_URL=$(gh api \
+              "repos/${{ github.repository }}/actions/workflows/deploy.yml/runs?head_sha=$PUSH_SHA&per_page=1" \
+              --jq '.workflow_runs[0].html_url // empty' 2>/dev/null || true)
+            if [ -n "$DEPLOY_RUN_URL" ]; then
+              echo "Found deploy run: $DEPLOY_RUN_URL"
+              break
+            fi
+          done
+
+          FALLBACK_URL="https://github.com/${{ github.repository }}/actions/workflows/deploy.yml"
+          if [ -z "$DEPLOY_RUN_URL" ]; then
+            echo "::warning::Could not find deploy workflow run for SHA $PUSH_SHA"
+            {
+              echo "DEPLOY_RUN_FOUND=false"
+              echo "DEPLOY_RUN_URL=$FALLBACK_URL"
+              echo "DEPLOY_RUN_MESSAGE=⚠️ Could not locate deploy run — check $FALLBACK_URL"
+            } >> "$GITHUB_OUTPUT"
+          else
+            {
+              echo "DEPLOY_RUN_FOUND=true"
+              echo "DEPLOY_RUN_URL=$DEPLOY_RUN_URL"
+              echo "DEPLOY_RUN_MESSAGE=$DEPLOY_RUN_URL"
+            } >> "$GITHUB_OUTPUT"
+          fi
+        env:
+          GITHUB_TOKEN: ${{ github.token }}
+
+      - name: Announce successful CP in #deployer
+        # Also runs for version-bump-only CPs where HAS_CONFLICTS is unset
+        if: ${{ steps.cherryPick.outputs.HAS_CONFLICTS != 'true' }}
+        uses: 8398a7/action-slack@1750b5085f3ec60384090fb7c52965ef822e869e
+        with:
+          status: custom
+          custom_payload: |
+            {
+              channel: '#deployer',
+              attachments: [{
+                color: 'good',
+                text: `🍒 Cherry-pick to *${{ inputs.TARGET }}* successful\nPR: ${{ inputs.PULL_REQUEST_URL || '(version bump only)' }}\nDeploy workflow: ${{ steps.findDeployRun.outputs.DEPLOY_RUN_MESSAGE }}`
+              }]
+            }
+        env:
+          GITHUB_TOKEN: ${{ github.token }}
+          SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK }}
+
+      - name: Write workflow summary
+        # Also runs for version-bump-only CPs where HAS_CONFLICTS is unset
+        if: ${{ steps.cherryPick.outputs.HAS_CONFLICTS != 'true' }}
+        run: |
+          {
+            echo "## Cherry-pick successful"
+            echo ""
+            echo "**Target:** \`${{ inputs.TARGET }}\`"
+            echo "**PR:** ${{ inputs.PULL_REQUEST_URL || 'N/A (version bump only)' }}"
+            if [[ "${{ steps.findDeployRun.outputs.DEPLOY_RUN_FOUND }}" == "true" ]]; then
+              echo "**Deploy workflow:** ${{ steps.findDeployRun.outputs.DEPLOY_RUN_URL }}"
+            else
+              echo "**Deploy workflow:** :warning: Could not locate deploy run — check [${{ inputs.TARGET }} deploy runs](${{ steps.findDeployRun.outputs.DEPLOY_RUN_URL }})"
+            fi
+          } >> "$GITHUB_STEP_SUMMARY"
+
       - name: Create Pull Request to manually finish CP
         if: steps.cherryPick.outputs.HAS_CONFLICTS == 'true'
         id: createPullRequest

.github/workflows/cla.yml

@@ -8,6 +8,18 @@ on:
     branches: [main]
 
 jobs:
+  validate:
+    if: ${{ github.event_name == 'pull_request_target' }}
+    uses: ./.github/workflows/contributorValidationGate.yml
+    with:
+      PR_NUMBER: ${{ github.event.pull_request.number }}
+      PR_AUTHOR: ${{ github.event.pull_request.user.login }}
+      AUTHOR_ASSOCIATION: ${{ github.event.pull_request.author_association }}
+
   CLA:
+    needs: [validate]
+    if: |
+      always()
+      && (github.event_name == 'issue_comment' || needs.validate.outputs.IS_AUTHORIZED == 'true')
     uses: Expensify/GitHub-Actions/.github/workflows/cla.yml@main
     secrets: inherit

.github/workflows/claude-review.yml

@@ -13,8 +13,19 @@ concurrency:
   cancel-in-progress: true
 
 jobs:
+  validate:
+    uses: ./.github/workflows/contributorValidationGate.yml
+    with:
+      PR_NUMBER: ${{ github.event.pull_request.number }}
+      PR_AUTHOR: ${{ github.event.pull_request.user.login }}
+      AUTHOR_ASSOCIATION: ${{ github.event.pull_request.author_association }}
+
   review:
-    if: github.event.pull_request.draft != true && !contains(github.event.pull_request.title, 'Revert')
+    needs: [validate]
+    if: |
+      needs.validate.outputs.IS_AUTHORIZED == 'true'
+      && github.event.pull_request.draft != true
+      && !contains(github.event.pull_request.title, 'Revert')
     runs-on: blacksmith-2vcpu-ubuntu-2404
     env:
       PR_NUMBER: ${{ github.event.pull_request.number }}