Open
Conversation
- Remove GPG resign infrastructure for branch commits (validate scan, strategic-review resign checkpoint/step, complete resign-artifact-commits, manage-git gpg-resign-range protocol) - Add squash merge detection in start-work-package (GitHub API) with squash_merge_available variable driving downstream DCO path - Add context_scope variable (repo-only|web-retrieval|mixed) set at end of research phase via new context-scope-declaration checkpoint - Add provenance-log.md artifact to implement; log-provenance step appends one row per task (model, prompt class, context scope, description) - Add Assisted-by commit trailer to manage-git code-commits protocol - Strengthen post-impl-review manual diff review: affirmative rationale confirmation replaces passive issue-flagging only - Add DCO sign-off blocking checkpoint in submit-for-review presenting the six-item DCO checklist before push - Add merge-strategy-reminder checkpoint instructing squash merge with signed commit (local git merge --squash flow for GPG verification) - Add AI Assistance section to PR description Final template Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Move implementation methodology out of activity step description prose into referenced skills, following the workflow convention that descriptions state WHAT and skills contain HOW. - Add skill 24-dco-provenance: provenance log schema, attestation recording protocol, and context scope classification - Add detect-merge-strategy and squash-merge-instruction protocols to manage-git skill - detect-merge-strategy step now references manage-git (was github-cli-protocol) - declare-context-scope, log-provenance, dco-sign-off, instruct-merge-strategy steps: trimmed descriptions to declarative-only, added skill references - Update skills README: count 24→25, skill 15 description, add skill 24 row Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
…laude
Assisted-by trailer, provenance log schema, and PR description template
now use {tool}/{model_id} placeholders rather than hardcoding claude,
to support any AI assistant (claude, gpt, gemini, etc.).
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
…ware protocol Co-authored-by is the GitHub-compatible standard trailer that produces the 'X and Y committed' byline. The code-commits protocol now documents per-assistant harness behaviour to prevent double-injection: Claude Code auto-adds the trailer so the agent must not add it again; other assistants that do not auto-inject must add it explicitly. Cleans up two stale Assisted-by references in variable descriptions. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Aligns the work-package workflow with the DCO-Safe Agentic Coding Policy by removing the per-commit GPG resign infrastructure and replacing it with a squash-merge-based signing model, provenance tracking, and a human DCO sign-off gate.
📐 Engineering
Motivation
The existing workflow re-signed all branch commits with GPG before submission, which required force-pushes and could only be done by the agent on behalf of the human — conflicting with the policy requirement that humans make attestations themselves. The new model pushes signing to merge time (squash commit) where it is a deliberate human action, and removes the need for force-push surgery on branch history.
Changes
workflow.toon— Removeunsigned_commits_in_pr/summary/resign_requestedvariables; addsquash_merge_availableandcontext_scope01-start-work-package— Adddetect-merge-strategystep (GitHub APIallow_squash_mergedetection)04-research— Adddeclare-context-scopecheckpoint (repo-only | web-retrieval | mixed)08-implement— Addprovenance-log.mdartifact andlog-provenancestep per task09-post-impl-review— Strengthen manual diff review: affirmative rationale confirmation per block10-validate— Remove GPG preflight scan step and related context11-strategic-review— Removeunsigned-commits-promptcheckpoint andresign-unsigned-pr-commitsstep12-submit-for-review— Add blockingdco-sign-offcheckpoint (6-item DCO checklist) andmerge-strategy-remindercheckpoint13-complete— Removeresign-artifact-commitsstep15-manage-git— Removegpg-resign-rangeprotocol; remove--no-gpg-signmandate from artifact-commits; addcode-commitsprotocol withAssisted-bytrailer12-pr-description— Add## AI Assistancesection to Final template📌 Submission Checklist
🗹 TODO before merging
🤖 Generated with Claude Code