From 4d105aee5d23611a5056fafe983ea64fd7200612 Mon Sep 17 00:00:00 2001 From: "const.koutsakis@aurecongroup.com" Date: Mon, 25 May 2026 23:32:38 +1000 Subject: [PATCH 1/3] docs: mark admin-merge policy as transitional solo-owner state (#93) The existing "Solo-owner merge policy" section accurately documented how merges work today, but read as standing policy. From an external contributor's perspective it could look like the maintainer routinely bypasses their own gates. Adds a leading "Transitional" blockquote framing this as a single-owner workaround, not standing policy, and replaces the closing sentence with a numbered exit checklist (drop --admin, remove the subsection, update CODEOWNERS, optionally flip enforce_admins to true). All four changes land together when a second collaborator is onboarded. Mechanics of the merge command itself are unchanged. Closes #93 --- CONTRIBUTING.md | 15 ++++++++++++--- 1 file changed, 12 insertions(+), 3 deletions(-) diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 3565676..eb1d622 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -46,15 +46,24 @@ The subject is **lowercase** after the colon. Title Case prose (`Add the thing`) ### Solo-owner merge policy -This repo runs with a single code owner (`* @constk` in `CODEOWNERS`). GitHub forbids a PR author from approving their own PR, so the standard "1 code-owner review" gate cannot be satisfied without an admin override. While in this state, the **intended workflow is**: +> **Transitional — only while this repo has a single code owner.** Standard practice is a code-owner review on every PR. The flow below exists because GitHub forbids self-approval, so a single-owner repo cannot satisfy the "1 code-owner review" gate any other way. The exemption is **removed** the moment a second collaborator with merge rights joins. + +This repo currently runs with a single code owner (`* @constk` in `CODEOWNERS`). While in this state, the intended merge command is: ```sh gh pr merge --admin --squash --delete-branch ``` -…for `feat:` / `fix:` / `chore:` PRs, and `--admin --merge` (preserves history) for `release:` PRs. The `enforce_admins: false` line in `.github/branch-protection/{develop,main}.json` is the documented escape hatch — admin merge here is the policy, not a deviation from it. +…for `feat:` / `fix:` / `chore:` PRs, and `--admin --merge` (preserves history) for `release:` PRs. The `enforce_admins: false` line in `.github/branch-protection/{develop,main}.json` is the documented escape hatch — admin merge here is the documented single-owner workaround, not bypass of the gates (every required status check still has to pass). + +**When the exemption ends.** As soon as a second collaborator with merge rights is onboarded: + +1. Drop the `--admin` flag from the merge command and adopt standard PR review. +2. Remove this entire subsection. +3. Update `CODEOWNERS` to add the new collaborator. +4. Optionally flip `enforce_admins` to `true` in the branch-protection JSON for both branches. -When a second collaborator joins, drop the `--admin` flag and adopt standard PR review. Update this section + `CODEOWNERS` in the same PR. +All four changes land in a single PR. ## Line endings (Windows clones) From 3dc1cce91210a071bb178c182a7c8a4fc20136d9 Mon Sep 17 00:00:00 2001 From: "const.koutsakis@aurecongroup.com" Date: Mon, 25 May 2026 23:48:07 +1000 Subject: [PATCH 2/3] chore: bump version to 0.2.11 --- pyproject.toml | 2 +- uv.lock | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/pyproject.toml b/pyproject.toml index 701f7a5..c7affac 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -1,6 +1,6 @@ [project] name = "harness-python-react" -version = "0.2.13" +version = "0.2.14" description = "Production-quality LLM-driven coding harness — Python (FastAPI) backend, Vite + React + TypeScript frontend." readme = "README.md" requires-python = ">=3.14" diff --git a/uv.lock b/uv.lock index 1d71286..851edd4 100644 --- a/uv.lock +++ b/uv.lock @@ -337,7 +337,7 @@ wheels = [ [[package]] name = "harness-python-react" -version = "0.2.13" +version = "0.2.14" source = { virtual = "." } dependencies = [ { name = "fastapi" }, From 173b25e47ad7bfa0f139e6d0c55ac68c287cd84f Mon Sep 17 00:00:00 2001 From: "const.koutsakis@aurecongroup.com" Date: Tue, 26 May 2026 00:29:58 +1000 Subject: [PATCH 3/3] docs: make enforce_admins flip required in exit checklist (#93 review) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Code review on #101 pushed back on step 4 of the "When the exemption ends" checklist: "Optionally flip enforce_admins to true". Leaving it false in a 2-person setup keeps the admin-bypass door open even after the single-owner workaround is no longer needed — which defeats the point of having an exit checklist. Drops "Optionally" and adds a one-line rationale so a future reader understands why the flip is non-optional. Refs #93 --- CONTRIBUTING.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index eb1d622..a0c4b23 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -61,7 +61,7 @@ gh pr merge --admin --squash --delete-branch 1. Drop the `--admin` flag from the merge command and adopt standard PR review. 2. Remove this entire subsection. 3. Update `CODEOWNERS` to add the new collaborator. -4. Optionally flip `enforce_admins` to `true` in the branch-protection JSON for both branches. +4. Flip `enforce_admins` to `true` in the branch-protection JSON for both branches. Leaving it `false` would keep the admin-bypass door open even after the single-owner workaround is no longer needed — defeats the point of removing the workaround. All four changes land in a single PR.