release-gates: scaffold v0.1 gate protocol + E2E box + verdict schema#2
Merged
Merged
Conversation
Stands up the release-gate discipline for v0.1. - docs/release-gates.md — tiers (infra / integration / E2E / release), reviewer cadence (Wizard + code-reviewer), E2E box spec, fixture contract, cost logging (Fork C), API key handling, re-publish checklist, rollback, release train lifecycle. - tests/e2e/schemas/verdict.schema.json — Draft-07 schema for the release-gate verdict artifact. The schema IS the contract; tighten the bar by adding assertions here. - tests/e2e/Dockerfile — ubuntu:24.04 + python3.12 + node20 + @anthropic-ai/claude-code. Local execution only. - tests/e2e/scripts/e2e-box.sh — host-side driver. - tests/e2e/scripts/e2e-runner.sh — container-side runner (scaffold; completed by BON-359 once the fixture lands). - docs/release-gate-tickets.md — Linear drafts for BON-356 epic and its six children (to be filed when Linear OAuth is live). Context: repo flipped private at session start. Fixture repo created at BonfireAI/bonfire-e2e-fixture (private). v0.1 integration branch live at origin. E2E runs LOCAL ONLY — never in CI. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
15 tasks
Antawari
added a commit
that referenced
this pull request
Apr 17, 2026
Fixes ISSUE #1 from the retrospective review of PR #2 (tracked in issue #3). The scaffolded runner did `git clone https://` of the private fixture repo inside the container — anonymous HTTPS fails, and stuffing a token into the container to work around that grows the secret surface. New flow: the host clones via SSH into .e2e-runs/<run-id>/target (host SSH keys handle auth) and bind-mounts the directory into the container at /workspace/target. The box reaches only api.anthropic.com; GitHub is unreachable from inside. Changes - tests/e2e/scripts/e2e-box.sh: host clone + fixture bind-mount - tests/e2e/scripts/e2e-runner.sh: in-container clone replaced by mount sanity check - docs/release-gates.md: §Flow step 2 rewritten; offline-box security property documented Closes issue #3 checkbox #1. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
6 tasks
Antawari
added a commit
that referenced
this pull request
Apr 17, 2026
) Fixes ISSUE #1 from the retrospective review of PR #2 (tracked in issue #3). The scaffolded runner did `git clone https://` of the private fixture repo inside the container — anonymous HTTPS fails, and stuffing a token into the container to work around that grows the secret surface. New flow: the host clones via SSH into .e2e-runs/<run-id>/target (host SSH keys handle auth) and bind-mounts the directory into the container at /workspace/target. The box reaches only api.anthropic.com; GitHub is unreachable from inside. Changes - tests/e2e/scripts/e2e-box.sh: host clone + fixture bind-mount - tests/e2e/scripts/e2e-runner.sh: in-container clone replaced by mount sanity check - docs/release-gates.md: §Flow step 2 rewritten; offline-box security property documented Closes issue #3 checkbox #1. Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Antawari
added a commit
that referenced
this pull request
Apr 17, 2026
… family) The file was a staging ground while Linear OAuth was fragile during S054. All 9 tickets are now filed in Linear under epic BON-421: - BON-422 (v0.1 branch + protection) — Done - BON-423 (release-gates.md + verdict schema) — Done - BON-424 E2E box runnable completion — Backlog - BON-425 fixture target repo populate — Backlog (blocks 424) - BON-426 per-wave gate checklist template — Backlog - BON-427 audit open branches — Backlog - BON-428 canonical branch-name assertion — Backlog (PR #2 retro) - BON-429 Pin the gate — Backlog (PR #2 retro) Renumbering note: drafts were BON-356–364 when written; Operation Seal (private lane, S055) consumed BON-361 + BON-362 overnight, so the public tickets landed at BON-421–429. Linear auto-numbers monotonically across the team. File stays until epic BON-421 closes at v0.1.0 publish. Then delete. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Antawari
added a commit
that referenced
this pull request
Apr 17, 2026
… family) (#5) * release-gates: scaffold v0.1 gate protocol + E2E box + verdict schema (#2) Stands up the release-gate discipline for v0.1. - docs/release-gates.md — tiers (infra / integration / E2E / release), reviewer cadence (Wizard + code-reviewer), E2E box spec, fixture contract, cost logging (Fork C), API key handling, re-publish checklist, rollback, release train lifecycle. - tests/e2e/schemas/verdict.schema.json — Draft-07 schema for the release-gate verdict artifact. The schema IS the contract; tighten the bar by adding assertions here. - tests/e2e/Dockerfile — ubuntu:24.04 + python3.12 + node20 + @anthropic-ai/claude-code. Local execution only. - tests/e2e/scripts/e2e-box.sh — host-side driver. - tests/e2e/scripts/e2e-runner.sh — container-side runner (scaffold; completed by BON-359 once the fixture lands). - docs/release-gate-tickets.md — Linear drafts for BON-356 epic and its six children (to be filed when Linear OAuth is live). Context: repo flipped private at session start. Fixture repo created at BonfireAI/bonfire-e2e-fixture (private). v0.1 integration branch live at origin. E2E runs LOCAL ONLY — never in CI. Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * e2e: host-clone fixture, bind-mount into box (no creds in container) (#4) Fixes ISSUE #1 from the retrospective review of PR #2 (tracked in issue #3). The scaffolded runner did `git clone https://` of the private fixture repo inside the container — anonymous HTTPS fails, and stuffing a token into the container to work around that grows the secret surface. New flow: the host clones via SSH into .e2e-runs/<run-id>/target (host SSH keys handle auth) and bind-mounts the directory into the container at /workspace/target. The box reaches only api.anthropic.com; GitHub is unreachable from inside. Changes - tests/e2e/scripts/e2e-box.sh: host clone + fixture bind-mount - tests/e2e/scripts/e2e-runner.sh: in-container clone replaced by mount sanity check - docs/release-gates.md: §Flow step 2 rewritten; offline-box security property documented Closes issue #3 checkbox #1. Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * docs(release-gate-tickets): replace drafts with Linear links (BON-421 family) The file was a staging ground while Linear OAuth was fragile during S054. All 9 tickets are now filed in Linear under epic BON-421: - BON-422 (v0.1 branch + protection) — Done - BON-423 (release-gates.md + verdict schema) — Done - BON-424 E2E box runnable completion — Backlog - BON-425 fixture target repo populate — Backlog (blocks 424) - BON-426 per-wave gate checklist template — Backlog - BON-427 audit open branches — Backlog - BON-428 canonical branch-name assertion — Backlog (PR #2 retro) - BON-429 Pin the gate — Backlog (PR #2 retro) Renumbering note: drafts were BON-356–364 when written; Operation Seal (private lane, S055) consumed BON-361 + BON-362 overnight, so the public tickets landed at BON-421–429. Linear auto-numbers monotonically across the team. File stays until epic BON-421 closes at v0.1.0 publish. Then delete. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> --------- Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Antawari
added a commit
that referenced
this pull request
Apr 17, 2026
… family) Retry of PR #5 which accidentally targeted main instead of v0.1 and was reverted in PR #6. This PR is explicitly --base v0.1. All 9 release-gate tickets are now filed in Linear under epic BON-421: - BON-422 v0.1 branch + protection — Done - BON-423 release-gates.md + verdict schema — Done - BON-424 E2E box runnable completion — Backlog - BON-425 fixture target repo populate — Backlog (blocks 424) - BON-426 per-wave gate checklist template — Backlog - BON-427 audit open branches — Backlog - BON-428 canonical branch-name assertion — Backlog (PR #2 retro) - BON-429 Pin the gate — Backlog (PR #2 retro) File stays on v0.1 until epic BON-421 closes at v0.1.0 publish. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Antawari
added a commit
that referenced
this pull request
Apr 17, 2026
… family) (#7) Retry of PR #5 which accidentally targeted main instead of v0.1 and was reverted in PR #6. This PR is explicitly --base v0.1. All 9 release-gate tickets are now filed in Linear under epic BON-421: - BON-422 v0.1 branch + protection — Done - BON-423 release-gates.md + verdict schema — Done - BON-424 E2E box runnable completion — Backlog - BON-425 fixture target repo populate — Backlog (blocks 424) - BON-426 per-wave gate checklist template — Backlog - BON-427 audit open branches — Backlog - BON-428 canonical branch-name assertion — Backlog (PR #2 retro) - BON-429 Pin the gate — Backlog (PR #2 retro) File stays on v0.1 until epic BON-421 closes at v0.1.0 publish. Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
4 tasks
This was referenced Apr 28, 2026
This was referenced May 15, 2026
3 tasks
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Stands up the release-gate discipline for v0.1. Scaffold only — runnable completion is split across BON-356's six children.
docs/release-gates.md— the operative protocol: tiers, reviewer cadence, E2E box, fixture contract, cost logging (Fork C), API key handling, re-publish checklist, rollback, release train.tests/e2e/schemas/verdict.schema.json— Draft-07 schema. Seven mechanical assertions. Tightening the bar means adding an assertion here.tests/e2e/Dockerfile—ubuntu:24.04 + python3.12 + node20 + @anthropic-ai/claude-code. Local execution only.tests/e2e/scripts/e2e-box.sh— host driver. Needs.envat repo root withANTHROPIC_API_KEY.tests/e2e/scripts/e2e-runner.sh— container runner. Scaffold with TODOs tied to BON-359 for final CLI invocation once the fixture'sgate/check-verdict.shlands.docs/release-gate-tickets.md— Linear drafts for BON-356 epic + 6 children (to be filed when Linear OAuth is live).Context
BonfireAI/bonfire-e2e-fixture(private).v0.1integration branch live at origin.v0.1, notmain.Test plan
python3 -c 'json.load(open(schema))'— schema parsesbash -nclean on both scriptschmod +xon both scripts (shipped as 100755)docs/release-gates.mdre-read against BON-179 vision for consistencyFollow-ups (BON-356 family)
mainandv0.1(UI click)🤖 Generated with Claude Code