Skip to content

ci(gates): add filename-policy gate (no monolith naming outside internal/api)#455

Merged
krisarmstrong merged 2 commits into
mainfrom
ci/filename-policy-gate
Jun 17, 2026
Merged

ci(gates): add filename-policy gate (no monolith naming outside internal/api)#455
krisarmstrong merged 2 commits into
mainfrom
ci/filename-policy-gate

Conversation

@krisarmstrong

Copy link
Copy Markdown
Collaborator

Summary

Ports seed's check-filename-policy.sh to stem for fleet enforcement
parity
. The gate fails if any handlers_*.go / jobs_*.go file exists
outside internal/api (unless it is the eponymous file of a package named
for that token, e.g. internal/platform/jobs/jobs.go).

The handlers_/jobs_ filename prefixes are meaningful grouping only
inside the flat internal/api monolith. Once a concern is decomposed into a
capability/leaf package, the package declaration already supplies that
context, so the prefix becomes stutter and must be dropped. This is not a Go
language rule — the toolchain accepts these names — it is an
architecture-consistency gate that keeps the ADR-0011 internal/api strangle
honest: monolith vocabulary stays in the monolith and is dropped on the way
out. (The four leaves landed so far — ratelimit, sse, tlsutil, cors
already follow this: none carries a handlers_/jobs_ prefix.)

Seed already runs this gate; niac gets it in a sibling PR (#831). The gate is
green on the current tree (zero handlers_/jobs_ files outside
internal/api) and only ever fires when a future decomposition carries the
prefix forward.

Linked Issue

Related to #450

Testing Evidence

$ bash scripts/check-filename-policy.sh
✓ Filename-policy gate: no monolith naming prefixes outside internal/api.

$ git ls-files -- ':(glob)**/handlers_*.go' ':(glob)**/jobs_*.go' \
    ':(exclude)internal/api/**' ':(exclude)vendor/**' | wc -l
0

$ git ls-files -s scripts/check-filename-policy.sh
100755 ...  scripts/check-filename-policy.sh   # executable bit set

$ gitleaks protect --staged --no-banner
no leaks found

The new CI step runs after the JSON wire-casing gate, mirroring seed's
ordering.

Security and Release Checklist

  • CI-only change — adds an architecture-consistency gate; no product
    code, no behaviour change.
  • New workflow step is a static script invocation with no untrusted
    input (no command-injection surface).
  • Script is byte-identical to seed's and niac's (fleet parity);
    executable bit set.
  • Gate is green on the current tree — does not block existing code.
  • No new secrets; gitleaks clean.
  • No customer-facing copy; no banned vocabulary.

…nal/api)

Ports seed's check-filename-policy.sh to stem for fleet enforcement parity.
The gate fails if any handlers_*.go / jobs_*.go file exists outside
internal/api (unless it's the eponymous file of a package named for that
token). The handlers_/jobs_ prefixes are meaningful grouping *only* inside
the flat internal/api monolith; once a concern is decomposed into a
capability package the package name already supplies that context, so the
prefix becomes stutter and must be dropped.

This locks in the ADR-0011 internal/api strangle discipline: a future
decomposition that carries the monolith's grouping prefix forward fails CI
instead of silently coupling the vocabulary outward. Green on the current
tree (zero handlers_/jobs_ files outside internal/api).
@krisarmstrong krisarmstrong enabled auto-merge (squash) June 16, 2026 21:33
@github-actions github-actions Bot added the ci label Jun 16, 2026
@github-actions

Copy link
Copy Markdown
Contributor

License Compliance Report

All dependencies pass license compliance checks

Go Dependencies

  • Unknown: 35 package(s)
  • MIT: 26 package(s)
  • BSD-3-Clause: 16 package(s)
  • Apache-2.0: 11 package(s)
  • BSD-2-Clause: 1 package(s)

npm Dependencies

See full report in workflow artifacts

Allowed Licenses: MIT, Apache-2.0, BSD-*, ISC, CC0-1.0, MPL-2.0
Forbidden: GPL, AGPL, SSPL (strong copyleft)

@github-actions github-actions Bot added the go label Jun 17, 2026
@github-actions

Copy link
Copy Markdown
Contributor

License Compliance Report

All dependencies pass license compliance checks

Go Dependencies

  • Unknown: 35 package(s)
  • MIT: 26 package(s)
  • BSD-3-Clause: 16 package(s)
  • Apache-2.0: 11 package(s)
  • BSD-2-Clause: 1 package(s)

npm Dependencies

See full report in workflow artifacts

Allowed Licenses: MIT, Apache-2.0, BSD-*, ISC, CC0-1.0, MPL-2.0
Forbidden: GPL, AGPL, SSPL (strong copyleft)

@krisarmstrong krisarmstrong merged commit a5e2518 into main Jun 17, 2026
30 checks passed
@krisarmstrong krisarmstrong deleted the ci/filename-policy-gate branch June 17, 2026 00:25
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant