feat(hookify): codify DeploymentGovernance canonical policies from chittyagent-tasks incident#4
feat(hookify): codify DeploymentGovernance canonical policies from chittyagent-tasks incident#4Copilot wants to merge 3 commits into
Conversation
Codifies the four deployment governance contracts identified in the chittyagent-tasks queue incident (#2, chittyos/chittyops#45): - deploy-from-main (block) - version-pin (block) - migration-freeze-interlock (block) - beacon-mismatch-alert (alert) DeploymentGovernance is now exported from @chittyfoundation/hookify alongside HookContract, HookRegistry, and HookGovernance. Agent-Logs-Url: https://github.com/chittyfoundation/.chittyops/sessions/0e3f14e5-ef11-4b52-a583-fe0733ebbffc Co-authored-by: chitcommit <208086304+chitcommit@users.noreply.github.com>
Agent-Logs-Url: https://github.com/chittyfoundation/.chittyops/sessions/0e3f14e5-ef11-4b52-a583-fe0733ebbffc Co-authored-by: chitcommit <208086304+chitcommit@users.noreply.github.com>
![chatgpt-codex-connector[bot]](https://avatars.githubusercontent.com/in/1144995?s=60&v=4){kind=small}
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 2947779270
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
| * @param {boolean} deployment.onMain - Commit is reachable from origin/main | ||
| * @param {boolean} deployment.versionMatches - Declared version matches the tag/commit | ||
| * @param {boolean} deployment.migrationFreezeActive - A migration freeze notice is present | ||
| * @param {boolean} deployment.addsNewColumnRefs - Deployment adds new schema column references | ||
| * @returns {{ allowed: boolean, violations: { policy: string, severity: string, message: string }[], blocked: { policy: string, severity: string, message: string }[] }} |
There was a problem hiding this comment.
The new class declares beacon-mismatch-alert as a canonical policy, but checkDeployment has no input or rule to detect when a deployed version is missing from main, so callers relying on this method cannot emit the required alert for that drift scenario. This means one of the four documented incident-derived policies is effectively unenforceable through the provided evaluation API.
Useful? React with 👍 / 👎.
chittyagent-tasksworker v1.2.0 was deployed ahead ofmainwhile a migration freeze was active, causing everycreateTaskcall to fail withcolumn "notify_policy" does not exist. The Foundation layer had no canonical contract preventing this class of drift.Changes
packages/hookify/src/index.js— addsDeploymentGovernanceclass with four canonical policies distilled from the incident:deploy-from-mainorigin/mainversion-pinVconstant must match tag/commitmigration-freeze-interlockbeacon-mismatch-alertDeploymentGovernanceis exported alongside the existingHookContract,HookRegistry,HookGovernanceexports — downstream implementations (CHITTYOS/chittyops) consume it to enforce these gates in CI..gitignore— adds exclusions fornode_modules/,package-lock.json,dist/.Usage