Skip to content

GitOps: branch audit and mainline consolidation plan #168

Description

@mdheller

Objective

Consolidate all valuable branch content into main without losing payload, silently closing uncaptured work, or merging stale/diverged branches blindly.

Non-negotiable invariant

No branch or PR is treated as disposable until its diff against current main is classified and one of the following is true:

  1. its payload is already present on main;
  2. its payload has been replayed onto a fresh current-main branch;
  3. its payload has been deliberately rejected with a recorded reason;
  4. it is a pure behind/no-ahead branch.

Phase 1 — Full branch audit manifest

  • Enumerate all branches in SocioProphet/agentplane.
  • For each branch, record:
    • branch name;
    • compare status against current main;
    • ahead_by / behind_by;
    • changed files;
    • associated open/closed PR, if any;
    • content category;
    • disposition.
  • Content categories:
    • already-on-main;
    • pure-behind;
    • open-pr-backed;
    • stale-duplicate;
    • unique-docs;
    • unique-contract-schema-fixture;
    • unique-runtime-code;
    • unique-workflow-ci;
    • needs-human-claim-review.

Phase 2 — Preservation before closure

Before closing or ignoring any branch/PR:

  • fetch and inspect the changed files;
  • compare with equivalent files on main where paths overlap;
  • if the old branch has stricter or richer content, replay that content onto a new current-main branch;
  • record the replay branch and replacement PR in this issue.

The stricter Agentic PR validator recovery is the template: the older PR looked superseded, but audit showed stronger checks; the stronger payload was restored and merged through #167.

Phase 3 — Replay rules

For each branch with unique content:

  • do not merge the stale branch directly if it is behind main;
  • create a clean replacement branch from the current main SHA;
  • replay only the intended payload files;
  • avoid wholesale Makefile rewrites unless required;
  • prefer dedicated workflow files when Makefile conflicts with existing validation topology;
  • open a replacement PR with:
    • source branch/PR references;
    • changed-file inventory;
    • validation command;
    • non-goals;
    • explicit statement that this is a current-main replay.

Phase 4 — Merge order

Merge in dependency-safe tranches:

  1. Baseline validators and control-plane contracts.
  2. Execution evidence primitives: run/replay, postcondition/divergence, runner helper, qemu wrapper.
  3. Admission and action contracts: event admission, action proposal/admission/runtime receipt, workspace operation plane.
  4. Integration bundles: SHIR, Regis/ACR, lawful-learning, SourceOS, banking, broker, Superconscious import.
  5. Documentation/architecture surfaces: reference architecture, topology, comprehensive docs, ADRs.
  6. Runtime enforcement and higher-risk executable branches only after focused review.

Phase 5 — Merge gates

A replay PR can merge only when:

  • it is based on current main;
  • it is not draft;
  • branch protection checks attach to the PR head;
  • required checks pass (lint, validate, ci, and any focused workflow/tests that apply);
  • expected-head SHA is used during merge;
  • no unresolved dependency PR is required.

Phase 6 — Closure rules

After a payload lands:

  • close older stale PRs in the family;
  • leave a closure note referencing the replacement PR/merge commit where possible;
  • keep branches until all sibling work is classified if branch deletion is unavailable;
  • maintain an issue checklist recording final disposition.

Known active findings so far

  • #167 restored and merged the stricter Agentic PR work-order validator after audit found the older branch was not fully captured.
  • feature/shir-governed-chain-job-fixture-v0.1b contains uncaptured SHIR fixture payload and is being replayed onto work/shir-governed-chain-job-current.
  • work/event-capability-admission-refresh contains uncaptured event-admission payload.
  • copilot/add-action-proposal-admission-receipt-contract contains uncaptured action-contract schemas/fixtures/docs.
  • copilot/route-agent-execution-workspace-plane contains uncaptured workspace operation plane schema/tool/tests/docs.
  • codex/run-replay-artifacts-v0-1 contains uncaptured run/replay artifact schemas and emitters.
  • banking-twin/agentplane-execution-bundles-v0-1 contains uncaptured banking execution bundles.
  • agentplane-runtime-enforcement-code contains uncaptured runtime-enforcement code changes.

Working checklist

  • Complete branch audit manifest for all branches.
  • Replay SHIR governed-chain job fixture onto current main.
  • Open and merge SHIR replay PR after checks pass.
  • Replay event-capability admission onto current main.
  • Open and merge event-admission replay PR after checks pass.
  • Audit action-contract branch and replay if still uncaptured.
  • Audit workspace-operation branch and replay if still uncaptured.
  • Audit run/replay artifact branch and replay if still uncaptured.
  • Audit remaining integration bundle branches.
  • Close stale duplicates only after replacement PRs land or content is proven present on main.
  • Final state: every branch has a recorded disposition and every accepted payload has landed on main.

Metadata

Metadata

Assignees

Labels

No labels
No labels

Type

No type

Fields

No fields configured for issues without a type.

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions