|
| 1 | +# Repo Standards Gap Remediation |
| 2 | + |
| 3 | +> Status: Delivered |
| 4 | +> Owner: Codex |
| 5 | +> Date: 2026-02-01 |
| 6 | +
|
| 7 | +## Goal |
| 8 | + |
| 9 | +Close the repo‑vs‑standards gaps identified in the gap analysis: enforce default‑branch guardrails, add CI secret scanning, document CI/CD scope (no release/deploy workflows), and define per‑skill tag conventions on `main`. |
| 10 | + |
| 11 | +## Architecture |
| 12 | + |
| 13 | +Documentation, CI/hook changes, and Nx monorepo tooling to support per‑skill versioning and tags. No runtime or behavioural code changes. |
| 14 | + |
| 15 | +## Tech Stack |
| 16 | + |
| 17 | +- PowerShell |
| 18 | +- Husky (git hooks) |
| 19 | +- GitHub Actions |
| 20 | +- Secretlint |
| 21 | +- Nx (monorepo orchestration + release) |
| 22 | + |
| 23 | +## Assumptions |
| 24 | + |
| 25 | +- Branch protection is configured in the hosting platform, but repo evidence must document expected settings. |
| 26 | +- Per‑skill versioning will be represented by Nx release tags on `main`. |
| 27 | + |
| 28 | +## Alternatives Considered |
| 29 | + |
| 30 | +1. Implement minimal guardrails and documentation (selected) to close current gaps. |
| 31 | +2. Build full release/deploy pipelines with tag‑based deployments (more complete, higher effort). |
| 32 | +3. Add per‑skill changelogs and manifests (more traceability, not required now). |
| 33 | +4. Custom per‑skill semver scripts (lighter, but not portable). |
| 34 | + |
| 35 | +## Task Checklist |
| 36 | + |
| 37 | +|ID|Task|Status|Verification|Evidence| |
| 38 | +|---|---|---|---|---| |
| 39 | +|1|Impact analysis (RED/GREEN/REFACTOR): list impacted files (hooks, workflows, README/AGENTS/skills docs, Nx config) and unimpacted areas; record in plan and update report if needed.|Done|Impacted/unimpacted list recorded|Plan notes| |
| 40 | +|2|Nx bootstrap (RED/GREEN/REFACTOR): add Nx to the repo, define each `skills/<name>` as a project, and configure Nx release for independent versioning and tags (`skill/<name>/vX.Y.Z`).|Done|`npx nx graph` runs; `npx nx release --dry-run` shows per-skill tags|`npx nx graph --file=.tmp/nx-graph.json`; dry-run verified for `architecture-testing` (full repo dry-run timed out).| |
| 41 | +|3|Default-branch guardrail (RED/GREEN/REFACTOR): add a Husky `pre-commit` check that blocks commits on `main` (or default branch) and document expected branch protection settings in README/AGENTS.|Done|Docs updated|`.husky/pre-commit`, `README.md`, `AGENTS.md`| |
| 42 | +|4|CI secret scanning (RED/GREEN/REFACTOR): add a GitHub Actions job to run `npm run secretlint` on PRs and `main` pushes (path filtered).|Done|Workflow file added|`.github/workflows/secretlint.yml`| |
| 43 | +|5|CI/CD scope documentation (RED/GREEN/REFACTOR): document that this repo has no release/deploy workflows and that tag-based deployment is out of scope for now; add explicit note in README and/or AGENTS.|Done|Docs updated|`README.md`, `AGENTS.md`| |
| 44 | +|6|Nx release tagging workflow (RED/GREEN/REFACTOR): add a CI workflow that runs Nx release on `main` merges and pushes tags.|Done|Workflow file added|`.github/workflows/nx-release.yml`| |
| 45 | +|7|Per-skill tag policy (RED/GREEN/REFACTOR): document Nx release usage, tag format, and when tags should be created; update relevant skill/docs.|Done|Docs updated and verified|`README.md`| |
| 46 | +|8|Verification + commit (RED/GREEN/REFACTOR): run `npm run verify`; run `npx nx release --dry-run` (sample project); fix lint/spell issues; commit on feature branch with conventional commit (no commits to `main`).|Done|`npm run verify` clean; dry-run clean|`npm run verify` passed; `npx nx release --dry-run --projects=architecture-testing` verified.| |
| 47 | + |
| 48 | +Notes: |
| 49 | + |
| 50 | +- Status values: Planned, In Progress, Done, Aborted. |
| 51 | +- When a task is Done, fill in Verification and Evidence (command output, link, or note). |
| 52 | + |
| 53 | +## Impact Notes |
| 54 | + |
| 55 | +Impacted: `package.json`, `package-lock.json`, `nx.json`, `skills/**/project.json`, `skills/**/package.json`, `.husky/pre-commit`, `.github/workflows/secretlint.yml`, `.github/workflows/nx-release.yml`, `README.md`, `AGENTS.md`, `.gitignore`, `cspell.json`, `docs/plans/2026-02-01-repo-standards-gap-remediation.md`. |
| 56 | +Unimpacted: runtime code, deployable components, application features. |
| 57 | + |
| 58 | +## Progress Log |
| 59 | + |
| 60 | +- 2026-02-01: Draft remediation plan created. |
| 61 | +- 2026-02-01: Nx bootstrap completed; graph generated and single-project release dry-run verified. |
| 62 | +- 2026-02-01: Guardrail, secretlint, CI/CD scope, and tag policy documentation updated. |
| 63 | +- 2026-02-01: Verification complete (`npm run verify`, `nx release --dry-run`). |
| 64 | + |
| 65 | +## Finalisation |
| 66 | + |
| 67 | +> Outcome: Delivered |
| 68 | +> Date: 2026-02-01 |
| 69 | +
|
| 70 | +### Verification Summary |
| 71 | + |
| 72 | +- `npm run verify` |
| 73 | +- `npx nx graph --file=.tmp/nx-graph.json --watch=false` |
| 74 | +- `npx nx release --dry-run --projects=architecture-testing --verbose` |
| 75 | + |
| 76 | +### References |
| 77 | + |
| 78 | +- `docs/reports/2026-02-01-repo-standards-gap-analysis.md` |
| 79 | +- `skills/branching-strategy-and-conventions/SKILL.md` |
| 80 | +- `skills/local-dev-experience/SKILL.md` |
| 81 | +- `skills/static-analysis-security/SKILL.md` |
| 82 | +- `skills/ci-cd-conformance/SKILL.md` |
| 83 | +- `skills/quality-gate-enforcement/SKILL.md` |
| 84 | +- `skills/monorepo-orchestration-setup/SKILL.md` |
0 commit comments