docs: document branch protection rules, rulesets, and auto-merge policy

[don-petry]

Summary

• Documents all branch protection settings (classic + rulesets) across the org
• Adds required status checks table per repo
• Documents the new pr-quality ruleset with required thread resolution
• Documents Dependabot auto-merge behavior, AI reviewer handling, and Claude workflow skip logic
• Replaces the old "Branch Protection & SonarCloud" subsection with comprehensive policy docs

Context

Thread resolution (required_review_thread_resolution) is now enforced on all repos via the pr-quality ruleset. The auto-merge workflow is being updated to resolve AI reviewer threads and use --auto instead of --admin. This PR documents the full policy.

Test plan

• Review accuracy of settings tables against actual repo configurations
• Verify AGENTS.md renders correctly

🤖 Generated with Claude Code

Summary by CodeRabbit

• Documentation
  • Updated branch protection and merge enforcement configuration guidance with expanded ruleset details.
  • Enhanced SonarCloud quality gate documentation and integration troubleshooting steps.
  • Added comprehensive Dependabot auto-merge workflow and policy documentation.
  • Clarified pull request review thread resolution requirements.

[coderabbitai]

📝 Walkthrough

Walkthrough

Documentation update to AGENTS.md revising CI and merge enforcement practices. Replaced classic branch protection plus SonarCloud model with expanded approach combining classic protection and repository rulesets. Added configuration tables, new pr-quality ruleset definition, updated SonarCloud guidance, and expanded Dependabot auto-merge and thread-resolution policies.

Changes

Cohort / File(s)

Summary

CI/Merge Enforcement Documentation AGENTS.md

Restructured CI enforcement model from classic branch protection + SonarCloud to classic protection plus repository rulesets. Added explicit configuration tables for classic branch protection settings and repo-specific required status checks. Introduced new pr-quality ruleset requiring 1 approving review, thread resolution before merge, and squash-only merges. Updated SonarCloud guidance for resolving check mismatches. Expanded sections on Dependabot auto-merge behavior, thread resolution policy for all AI review tools, and step-level skipping of Claude Code on Dependabot PRs.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Possibly related PRs

• Addressing PR comments #1 — Modifies AGENTS.md with overlapping changes to CI/quality gate expectations (including SonarCloud) and thread-resolution policies.
• Add stacked PR strategy and Epic-level workflow guidance #5 — Updates AGENTS.md branch-protection and SonarCloud/CI enforcement guidance (enforce_admins behavior and required status-checks configuration).
• Add workflow, environment, and orchestration guidance #4 — Modifies AGENTS.md branch-protection and SonarCloud guidance with focus on enforce_admins behavior and SonarCloud enforcement mechanics.

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately summarizes the main change—documentation of branch protection rules, rulesets, and auto-merge policy—which aligns with the primary content additions and revisions in AGENTS.md.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch docs/branch-protection-policy

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[Copilot]

Pull request overview

Updates org guidance in AGENTS.md to comprehensively document branch protection (classic + rulesets), required status checks per repo, thread-resolution requirements, and Dependabot auto-merge / AI-reviewer handling policies.

Changes:

• Replaces the older “Branch Protection & SonarCloud” section with a combined “Branch Protection & Repository Rulesets” policy section.
• Adds a per-repo required status checks table and documents the pr-quality ruleset (including required thread resolution and squash-only merges).
• Documents Dependabot auto-merge behavior and Claude workflow skip logic for Dependabot PRs.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@AGENTS.md`:
- Around line 423-432: The "Required Status Checks by Repo" table under the
"Required Status Checks by Repo" header is inconsistent with the policy
statements that mandate format, lint, typecheck, tests, coverage and addressing
CodeRabbit/Copilot comments; update the table to either (A) enumerate all
policy-required checks (format, lint, typecheck, tests, coverage, CodeRabbit,
Copilot) per repo where they apply, or (B) add a clear note under the table
stating it only lists currently configured blocking checks and separately list
the additional CI checks that run but are non-blocking (format, lint, typecheck,
tests, coverage, CodeRabbit, Copilot) so the document is unambiguous.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: ASSERTIVE

Plan: Pro

Run ID: 6d446dca-3c33-4c1e-94c3-37b3358bbe4c

📥 Commits

Reviewing files that changed from the base of the PR and between 28e485d and 5448216.

📒 Files selected for processing (1)

• AGENTS.md