Auto-PR: docs(rulesets): update ADR-004 for 2-rule structure, CONTRIBUTING.md signing options, CHANGELOG entry#17
Merged
Conversation
…signing options, CHANGELOG entry
romandidomizio
previously approved these changes
May 1, 2026
Contributor
There was a problem hiding this comment.
Pull request overview
Updates governance documentation to reflect the amended ~ALL ruleset structure, expands contributor guidance for fixing unsigned commits, and records the changes in the repo-level changelog.
Changes:
- Amend ADR-004 to describe the post-2026-05-01 two-rule
~ALLruleset structure. - Expand CONTRIBUTING troubleshooting guidance for “Merge blocked — requires signed commits”.
- Add an
[Unreleased]CHANGELOG entry documenting the above documentation/ruleset updates.
Reviewed changes
Copilot reviewed 3 out of 3 changed files in this pull request and generated 7 comments.
| File | Description |
|---|---|
CONTRIBUTING.md |
Replaces the prior “sign already-pushed commits” subsection with a broader “PR blocked—unsigned commits” troubleshooting flow. |
CHANGELOG.md |
Adds [Unreleased] entries describing the ADR and CONTRIBUTING updates (and related repo settings). |
.github/ADR-004-copilot-auto-review-ruleset.md |
Updates ADR-004 narrative to reflect the 2-rule structure (removing deletion from ~ALL). |
Comments suppressed due to low confidence (1)
.github/ADR-004-copilot-auto-review-ruleset.md:27
- This bullet still frames ADR-004’s scope as including “deletion protection”, but the ADR now documents that the
deletionrule was removed from~ALLbranches (with deletion protection only remaining onmainvia ADR-003 + repo auto-delete setting). Consider updating this sentence so the ADR’s stated scope matches the current ruleset behavior.
These can't go in ADR-003 because they target `~ALL`, not `~DEFAULT_BRANCH`. They warrant a separate ADR because:
- Their compliance mappings differ (focus on data integrity + AI safety + deletion protection, not change-management gating)
- They have a defense-in-depth pairing with an **enterprise-level** ruleset that mirrors the same rules at a broader scope
… ADR updates ## CODEOWNERS contributor handoff (2026-05-15) - Remove @romandidomizio from all path assignments (left 2026-05-15) - Remove @dhruvmalik007 references (no longer with team) - @ncimino is now sole assigned reviewer on all paths - @iamwaseem18 and @mshahid538 available at @ncimino's discretion - Drop all TODO(2026-05-15) handoff comments; clean up header ## Required reviewers: 2 → 1 - CODEOWNERS header, CONTRIBUTING.md §6.4, README.md Code Review Model - ADR-003 rule #1 table + Consequences; ADR-004 CIS row + pruning criteria - auto-pr-to-main.yml PR body; workflows/README.md §11 troubleshooting row ## ADR Deciders updated (all four ADRs) - Format: @romandidomizio (original author, left 2026-05-15) — @ncimino (current maintainer) - ADR-001: stewardship bullet updated; risk table stewardship row resolved - ADR-003: ADR-004 related-doc ref fixed (deletion rule removed); 2-reviewer → 1-reviewer throughout Consequences + Dev Attribution section ## Copilot PR #17 comment fixes - CONTRIBUTING.md §8 Cause B: remove git push --force-with-lease (blocked by non_fast_forward ruleset); redirect to close+recreate path - ADR-004 title: remove "Deletion Protection" (rule removed from ~ALL 2026-05-01) - ADR-004 verification expected output: ["deletion","non_fast_forward","copilot_code_review"] → ["non_fast_forward","copilot_code_review"]; "3 rules" → "2 rules" - ADR-004 Decision Log: remove PR7_HANDOFF_CHECKLIST.md reference - ADR-004 forward-looking posture: clarify auto-PR workflow push-before-PR pattern - auto-pr-to-main.yml NOTE: rewrite to clarify push-before-PR pattern; reconcile with ADR-004 empirical validation - workflows/README.md §11 Copilot row: clarify push-before-PR is specific to auto-pr-to-main.yml; manually-created PRs get Copilot at PR-creation time ## CONTRIBUTING.md additional updates - §1 prerequisites: @romandidomizio/@dhruvmalik007 contact → @ncimino - §10 Questions: governance contact → @ncimino + CODEOWNERS link ## auto-pr-to-main.yml reviewer assignment - --add-reviewer ncimino,romandidomizio → --add-reviewer ncimino (both paths) - Remove TODO(2026-05-15) comments from both PR update + PR create paths
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
Contributor
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 10 out of 10 changed files in this pull request and generated 6 comments.
Comments suppressed due to low confidence (1)
.github/workflows/README.md:606
- This related-docs update says CODEOWNERS/reviewer assignment is now
@ncimino, but the same README still documents the workflow's step 9 as running--add-reviewer ncimino,romandidomizio. Update that stale workflow walkthrough so operators do not follow the old two-reviewer assignment.
- `.github/CODEOWNERS` — Review assignment (`@ncimino` universal reviewer; `@iamwaseem18`/`@mshahid538` assignable at `@ncimino`'s discretion)
Member
|
@copilot apply changes based on the comments in this thread note: 1 reviewer is sufficient for now with our small team. just make note of adding second reviewers to codeowners at Niks discretion |
Agent-Logs-Url: https://github.com/WeOwnNetwork/ai/sessions/981d5570-7e8e-4abf-a496-c0ce9608b2d8 Co-authored-by: romandidomizio <123122767+romandidomizio@users.noreply.github.com>
Agent-Logs-Url: https://github.com/WeOwnNetwork/ai/sessions/981d5570-7e8e-4abf-a496-c0ce9608b2d8 Co-authored-by: romandidomizio <123122767+romandidomizio@users.noreply.github.com>
Contributor
Applied the requested thread fixes and your 1-reviewer note in commit |
## workflows/README.md — stale "2 reviewer" refs (comment 3236477797) - §6 PAT rotation step 13: "approved by 2 humans" → "1 human" - §8.1 rule #1 table: "2 reviewers" → "1 reviewer" - §8.1 Interaction with workflows: "2 reviewers + Code Owners" → "1 reviewer" - §9 step 4: "requires 2 approvals" → "1 approval" - §10 item #7: "2 reviewers" → "1 reviewer" ## workflows/README.md §9 Reviewer Rotation — stale Roman/dhruvmalik007 text - Step 1: updated to reflect handoff complete 2026-05-15 (PR #17); @romandidomizio + @dhruvmalik007 removed; @ncimino sole reviewer - Step 2: removed @dhruvmalik007 from done-placeholder list - Step 3: --add-reviewer ncimino only (was ncimino,<new-specialist>) ## workflows/README.md §10 Transition Checklist — stale @romandidomizio refs - Items 1, 4, 5: marked ✅ done with 2026-05-15 / PR #17 notes - Item 1 owner: @ncimino (was @romandidomizio + @ncimino) - Item 4 owner: @ncimino (was @romandidomizio + @ncimino) - Item 5 owner: @ncimino (was New rotation lead) - Items 2, 6 owner: @YonksTEAM (was @romandidomizio + @YonksTEAM) - Item 9 owner: @ncimino (was @romandidomizio) ## workflows/README.md §11 duplicate link (comment 3236447687) - Row "No Copilot review on first commit of auto-created PR": removed redundant second [ADR-004](...#empirical-validation-results) link; kept single [ADR-004 § Empirical Validation Results] link with anchor ## CODEOWNERS risk-acceptance note (comment 3236477912) - Added RISK ACCEPTANCE block explaining deliberate 2→1 reviewer posture change, rationale (team transition), and compensating controls (Copilot AI review + CodeQL); references ADR-003 rule #1 + PR #17 ## CHANGELOG.md - Added "Copilot PR #17 round-2 comment fixes" entry under ### Fixed - Renamed previous entry to "round-1"
Keep branch versions as authoritative: - ADR-004: 'history immutability' rationale (deletion removed 2026-05-01) - workflows/README.md: '1 reviewer + Code Owners review' (2->1 change) main had diverged with stale 3-rule ADR-004 and 2-reviewer README references.
romandidomizio
approved these changes
May 13, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
🤖 Automated Pull Request — authored by
weown-bot(ecosystem service account)Opened by: @romandidomizio
Last pushed by: @romandidomizio
Branch:
feature/roman-ruleset-cleanup-and-docs→mainContributors on this branch:
📋 Human Review Checklist — NIST CSF 2.0 Functions
Review per the 6 NIST CSF Functions. Frameworks referenced: NIST CSF 2.0, CIS Controls v8 IG1, CSA CCM v4, ISO/IEC 27001:2022, SOC 2, ISO/IEC 42001:2023. See
docs/COMPLIANCE_ROADMAP.md.🏛️ Govern (GV)
.github/CODEOWNERS)🔍 Identify (ID)
.github/SECURITY_ASSESSMENT.md)🛡️ Protect (PR)
--from-literal, never/tmp, always$(mktemp)— ISO A.8.24)restricted(NIST PR.IP, CIS 4)🕵️ Detect (DE)
livenessProbe+readinessProbe) configured🚨 Respond (RS)
.github/INCIDENT_RESPONSE.md)♻️ Recover (RC)
📚 Documentation & Versioning
CHANGELOG.mdupdated (per-directory or repo-level/CHANGELOG.md)#WeOwnVerversion bumped perdocs/VERSIONING_WEOWNVER.md📝 Recent Commits (full bodies for Copilot context)
2a49201 chore: merge main into branch; resolve ADR-004 + README.md conflicts
Author: romandidomizio
Date: Wed May 13 12:48:32 2026 -0600
Keep branch versions as authoritative:
main had diverged with stale 3-rule ADR-004 and 2-reviewer README references.
cac4605 docs(v3.4.2.1): fix remaining Copilot PR#17 comments (round-2)
Author: romandidomizio
Date: Wed May 13 12:36:54 2026 -0600
workflows/README.md — stale "2 reviewer" refs (comment 3236477797)
workflows/README.md §9 Reviewer Rotation — stale Roman/dhruvmalik007 text
@romandidomizio + @dhruvmalik007 removed; @ncimino sole reviewer
workflows/README.md §10 Transition Checklist — stale @romandidomizio refs
workflows/README.md §11 duplicate link (comment 3236447687)
redundant second ADR-004 link;
kept single [ADR-004 § Empirical Validation Results] link with anchor
CODEOWNERS risk-acceptance note (comment 3236477912)
posture change, rationale (team transition), and compensating controls
(Copilot AI review + CodeQL); references ADR-003 rule feat(wp-dev): add page content wrapper to display dynamic content in all business and landing templates #1 + PR Auto-PR: docs(rulesets): update ADR-004 for 2-rule structure, CONTRIBUTING.md signing options, CHANGELOG entry #17
CHANGELOG.md
3429a1b docs: clarify copilot trigger wording and layer-2 pruning criterion
Author: copilot-swe-agent[bot]
Date: Wed May 13 18:18:08 2026 +0000
Agent-Logs-Url: https://github.com/WeOwnNetwork/ai/sessions/981d5570-7e8e-4abf-a496-c0ce9608b2d8
Co-authored-by: romandidomizio 123122767+romandidomizio@users.noreply.github.com
5961680 docs: align review guidance, ruleset wording, and version metadata
Author: copilot-swe-agent[bot]
Date: Wed May 13 18:17:11 2026 +0000
Agent-Logs-Url: https://github.com/WeOwnNetwork/ai/sessions/981d5570-7e8e-4abf-a496-c0ce9608b2d8
Co-authored-by: romandidomizio 123122767+romandidomizio@users.noreply.github.com
4666bb5 Potential fix for pull request finding
Author: Roman Di Domizio
Date: Wed May 13 12:06:51 2026 -0600
Co-authored-by: Copilot Autofix powered by AI 175728472+Copilot@users.noreply.github.com
dc439ff docs(v3.3.5.1): CODEOWNERS handoff, 1-reviewer, Copilot PR#17 fixes + ADR updates
Author: romandidomizio
Date: Wed May 13 11:58:01 2026 -0600
CODEOWNERS contributor handoff (2026-05-15)
Required reviewers: 2 → 1
ADR Deciders updated (all four ADRs)
throughout Consequences + Dev Attribution section
Copilot PR #17 comment fixes
non_fast_forward ruleset); redirect to close+recreate path
→ ["non_fast_forward","copilot_code_review"]; "3 rules" → "2 rules"
ADR-004 empirical validation
auto-pr-to-main.yml; manually-created PRs get Copilot at PR-creation time
CONTRIBUTING.md additional updates
auto-pr-to-main.yml reviewer assignment
4cdbeed test(copilot): add explanatory comment to trigger auto-review
Author: romandidomizio
Date: Fri May 1 16:35:06 2026 -0600
4016188 docs(copilot): address auto-review findings + document PR-creation-time behavior
Author: romandidomizio
Date: Fri May 1 16:26:27 2026 -0600
ab4be45 docs(rulesets): update ADR-004 for 2-rule structure, CONTRIBUTING.md signing options, CHANGELOG entry
Author: romandidomizio
Date: Fri May 1 14:48:23 2026 -0600
🔍 Copilot AI Review: Copilot is configured to auto-request review for bot-authored PRs. If an auto-created PR opens without an initial Copilot review, push a follow-up commit to the same open PR (
review_on_push: true) to trigger review automatically.👥 Required Reviewers: 1 human approval enforced by branch protection. requested automatically.
📚 Review Guidelines:
.github/copilot-instructions.md(phase-aware compliance directives)🛠️ Workflow Operations:
.github/workflows/README.mdAuto-generated by
.github/workflows/auto-pr-to-main.yml