Add platform governance scaffolding#7
Conversation
…ructions, standards/governance workflows, draft tech spec) Brings StarCache into the org governance system per the platform's repo setup instructions: declares the repo boundary (ROLE.md), gives Claude Code and Copilot the governance context they need, wires up the reusable PHP standards-enforcement workflow in advisory mode, adds a pull-spec/test/propose-spec governance workflow, and bootstraps a draft product tech spec from the existing TECHNICAL-SPECIFICATION.md and current code (with open questions flagged rather than assumed). Org-level infrastructure (GitHub Apps, org secrets, the governance-sync workflow in the ADR registry) is outside this repo's scope and must be set up/triggered by an org admin before .github/instructions/governance/ will populate.
There was a problem hiding this comment.
This PR successfully adds platform governance scaffolding for StarCache, bringing it into the organization's governance system. The changes include well-structured GitHub Actions workflows, comprehensive documentation files, and a thorough technical specification.
All files follow correct syntax and organizational standards. The workflows properly reference external reusable workflows, the documentation is clear and comprehensive, and the .gitignore changes appropriately exclude generated spec files.
No blocking defects identified. The PR is ready for merge from a code review perspective, pending the organizational setup items mentioned in the PR description (GitHub Apps installation, secrets configuration, and governance-sync workflow trigger).
You can now have the agent implement changes and create commits directly on your pull request's source branch. Simply comment with /q followed by your request in natural language to ask the agent to make changes.
There was a problem hiding this comment.
Code Review
This pull request adds key documentation files for StarCache, including Copilot review instructions, agent guidelines, role boundaries, and a draft product technical specification. The reviewer's feedback correctly points out that several features listed as open questions or unimplemented—specifically context-dimension hardening, adapter discipline, key-builder separation, and reference-length guards—are already fully implemented in the codebase. The feedback suggests updating the technical specification to reflect these as completed requirements and removing the corresponding open question from the list.
Important
The consumer version of Gemini Code Assist on GitHub is being sunset. Starting June 18, 2026, new organization installations will be blocked, and all code review activity will officially cease on July 17, 2026.
For more details on the timeline and next steps, please review the Help Documentation.
…ed work Verified against StarCacheContext.php, StarCacheKey.php, and StarCacheAdapter.php: context-dimension hardening, the reference-length guard, key-builder segment separation, and adapter discipline are already implemented (and tested), not outstanding as the pre-existing TECHNICAL-SPECIFICATION.md checklist claimed. Resolves OQ-003 in docs/starcache-tech-spec.md and updates REQ-004 accordingly. Addresses gemini-code-assist review feedback on PR #7.
|
@copilot resolve the merge conflicts in this pull request |
Merge conflicts resolved. The only conflicting file was |
There was a problem hiding this comment.
Pull request overview
Adds org platform-governance scaffolding to StarCache by introducing role/boundary documentation, agent/Copilot instructions, a draft product tech spec, and GitHub Actions workflows to run standards enforcement plus governance/spec sync steps.
Changes:
- Add repo governance docs:
ROLE.md,AGENTS.md, anddocs/starcache-tech-spec.md(draft spec). - Add CI workflows: platform standards enforcement and governance (spec fetch → tests → propose spec update on merge).
- Update existing internal technical spec hardening checklist to reflect current v2.1.1 state, and ignore fetched specs in
.gitignore.
Reviewed changes
Copilot reviewed 7 out of 8 changed files in this pull request and generated 3 comments.
Show a summary per file
| File | Description |
|---|---|
TECHNICAL-SPECIFICATION.md |
Updates the hardening checklist section to reflect current implementation status (v2.1.1) and adds governance-review notes. |
ROLE.md |
Introduces an explicit owns/does-not-own boundary and dependency/contract statements for the product. |
docs/starcache-tech-spec.md |
Adds a draft product tech spec intended for the governance spec registry (includes REQ/AC/OQ sections). |
AGENTS.md |
Adds agent operating rules and references to governance registries and repo invariants. |
.gitignore |
Ignores .sparxstar/specs/ (populated by spec-fetch workflows). |
.github/workflows/standards.yml |
Adds platform standards enforcement workflow calling the reusable PHP enforcement workflow. |
.github/workflows/governance.yml |
Adds governance workflow: pull spec, run tests, and propose spec updates on merge to main. |
.github/copilot-instructions.md |
Expands Copilot review checklist and invariants to check against for StarCache PRs. |
…ve Composer-auth wording - governance.yml: propose-spec's changed-file check now diffs against github.event.before (falling back to HEAD~1) instead of always using HEAD~1, which silently missed spec changes on a multi-commit push (e.g. a fast-forward merge to main). - docs/starcache-tech-spec.md: drop the personal email from Identity (frontmatter owner already covers it), and clarify that COMPOSER_RESOLVER_PRIVATE_KEY is passed through for the org's reusable workflows' own use, not because StarCache itself has private deps.
Summary
Brings StarCache into the org's platform governance system, per the
org-wide "Platform Governance — Repo Setup Instructions" doc. This repo
had no
.github/directory, no spec, and no agent/Copilot instructionsbefore this PR.
ROLE.md— declares what StarCache owns / does not own, and thatit produces no contracts and has no other repo depending on it
(standalone product, no SPARXSTAR component interaction).
AGENTS.md— governance references for Claude Code sessions, plusrepo-specific hard rules pulled from
TECHNICAL-SPECIFICATION.md(component boundaries, hook ordering, deprecation notices).
.github/copilot-instructions.md— MCP reference repos + aStarCache-specific invariant checklist for PR review.
.github/workflows/standards.yml— calls the reusablephp-enforcement.ymlworkflow (repo_type: wp-plugin,enforcement_mode: advisory). PHP-only repo — nopackage.json, norepo-owned CSS/media, so the pnpm/css/media jobs from the template were
omitted.
.github/workflows/governance.yml— pull-spec → test (phpunitonly; lint/analyze already covered by
standards.yml, not duplicated)→ propose-spec-on-merge. No
sync-contractsjob — StarCache publishesno interfaces to
sparxstar-contracts-registry.docs/starcache-tech-spec.md— draft tech spec (status: draft)bootstrapped from
TECHNICAL-SPECIFICATION.mdand the current code,with the required 12 sections and draft
REQ-*/AC-*/OQ-*IDs. Flagsseveral open questions explicitly rather than assuming answers
(notably
OQ-003: whether the context-dimension hardening the old speccalls "required" is actually implemented — a follow-up review found it
already is, see review notes below).
.gitignore— added.sparxstar/specs/(gitignored, populated at CItime by the spec-fetch workflow).
Out of scope / needs an org admin
This session's GitHub access is scoped to this repo only, so the
following from the governance doc could not be done here and still need
an org-level action:
sparxstar-composer-resolver,sparxstar-contract-sync) and the four org secrets/variables areinstalled/set for this repo.
sparxstar-architecture-governance-registryso.github/instructions/governance/gets populated — it does not existyet, and
AGENTS.md/docs/starcache-tech-spec.mdcall this out ratherthan fabricate its contents.
sparxstar-code-conformance'sphp-enforcement.ymlacceptsthe exact input names used in
standards.yml/governance.yml— thatrepo isn't in this session's GitHub scope, so the workflow inputs match
the platform doc's template verbatim but are unverified against the
actual reusable workflow.
propose-specjob ingovernance.ymlwill open a PR againstsparxstar-product-specification-registryautomatically the firsttime this spec changes on
main— no manual cross-repo PR was createdin this session (also out of scope).
Code review notes (bonus — reviewed while in the repo)
Also did a full code review of the mu-plugin itself while setting up
governance (see PR conversation for the full report if requested).
Highlights, not fixed in this PR:
StarVersionStore::atomicBump()useshrtime(true)as a "versioncounter" with no cross-process/cross-server synchronization — not
actually atomic or guaranteed monotonic across machines.
updated_optionhook instarcache.phpbumpsGROUP_OBJECTSon every WordPress option write (cron, transientsfalling back to
wp_options, third-party plugin housekeeping),which can continuously invalidate
star_cache_remember()-basedcaches — undermining the documented "no thundering herd" design goal.
WP_REDIS_PASSWORD) falls through silentlyto the next backend with no error log, and repeats the failed
connect+auth attempt on every request.
TECHNICAL-SPECIFICATION.md's "hardening required" checklist isstale — several items it lists as outstanding (context-dimension
limits, key-builder separation,
StarQueryCachehook removal) arealready implemented in the current code.
Test plan
sparxstar-code-conformance/php-enforcement.yml@v1actually declares
repo_type/enforcement_modeas input names(currently unverified, per Out of scope above).
.github/instructions/governance/populates.docs/starcache-tech-spec.mdand either promote it via PRto the spec registry or note required edits.
Generated by Claude Code