Skip to content

Add platform governance scaffolding#7

Merged
MaximillianGroup merged 4 commits into
mainfrom
claude/mu-plugin-governance-setup-d0r0ba
Jul 1, 2026
Merged

Add platform governance scaffolding#7
MaximillianGroup merged 4 commits into
mainfrom
claude/mu-plugin-governance-setup-d0r0ba

Conversation

@MaximillianGroup

Copy link
Copy Markdown
Contributor

Summary

Brings StarCache into the org's platform governance system, per the
org-wide "Platform Governance — Repo Setup Instructions" doc. This repo
had no .github/ directory, no spec, and no agent/Copilot instructions
before this PR.

  • ROLE.md — declares what StarCache owns / does not own, and that
    it produces no contracts and has no other repo depending on it
    (standalone product, no SPARXSTAR component interaction).
  • AGENTS.md — governance references for Claude Code sessions, plus
    repo-specific hard rules pulled from TECHNICAL-SPECIFICATION.md
    (component boundaries, hook ordering, deprecation notices).
  • .github/copilot-instructions.md — MCP reference repos + a
    StarCache-specific invariant checklist for PR review.
  • .github/workflows/standards.yml — calls the reusable
    php-enforcement.yml workflow (repo_type: wp-plugin,
    enforcement_mode: advisory). PHP-only repo — no package.json, no
    repo-owned CSS/media, so the pnpm/css/media jobs from the template were
    omitted.
  • .github/workflows/governance.yml — pull-spec → test (phpunit
    only; lint/analyze already covered by standards.yml, not duplicated)
    → propose-spec-on-merge. No sync-contracts job — StarCache publishes
    no interfaces to sparxstar-contracts-registry.
  • docs/starcache-tech-spec.md — draft tech spec (status: draft)
    bootstrapped from TECHNICAL-SPECIFICATION.md and the current code,
    with the required 12 sections and draft REQ-*/AC-*/OQ-* IDs. Flags
    several open questions explicitly rather than assuming answers
    (notably OQ-003: whether the context-dimension hardening the old spec
    calls "required" is actually implemented — a follow-up review found it
    already is, see review notes below).
  • .gitignore — added .sparxstar/specs/ (gitignored, populated at CI
    time by the spec-fetch workflow).

Out of scope / needs an org admin

This session's GitHub access is scoped to this repo only, so the
following from the governance doc could not be done here and still need
an org-level action:

  • Confirming the two GitHub Apps (sparxstar-composer-resolver,
    sparxstar-contract-sync) and the four org secrets/variables are
    installed/set for this repo.
  • Triggering the governance-sync workflow from
    sparxstar-architecture-governance-registry so
    .github/instructions/governance/ gets populated — it does not exist
    yet, and AGENTS.md/docs/starcache-tech-spec.md call this out rather
    than fabricate its contents.
  • Verifying sparxstar-code-conformance's php-enforcement.yml accepts
    the exact input names used in standards.yml/governance.yml — that
    repo isn't in this session's GitHub scope, so the workflow inputs match
    the platform doc's template verbatim but are unverified against the
    actual reusable workflow.
  • The propose-spec job in governance.yml will open a PR against
    sparxstar-product-specification-registry automatically the first
    time this spec changes on main — no manual cross-repo PR was created
    in this session (also out of scope).

Code review notes (bonus — reviewed while in the repo)

Also did a full code review of the mu-plugin itself while setting up
governance (see PR conversation for the full report if requested).
Highlights, not fixed in this PR:

  • StarVersionStore::atomicBump() uses hrtime(true) as a "version
    counter" with no cross-process/cross-server synchronization — not
    actually atomic or guaranteed monotonic across machines.
  • The blanket updated_option hook in starcache.php bumps
    GROUP_OBJECTS on every WordPress option write (cron, transients
    falling back to wp_options, third-party plugin housekeeping),
    which can continuously invalidate star_cache_remember()-based
    caches — undermining the documented "no thundering herd" design goal.
  • Redis auth failure (wrong WP_REDIS_PASSWORD) falls through silently
    to the next backend with no error log, and repeats the failed
    connect+auth attempt on every request.
  • TECHNICAL-SPECIFICATION.md's "hardening required" checklist is
    stale — several items it lists as outstanding (context-dimension
    limits, key-builder separation, StarQueryCache hook removal) are
    already implemented in the current code.

Test plan

  • Confirm sparxstar-code-conformance/php-enforcement.yml@v1
    actually declares repo_type / enforcement_mode as input names
    (currently unverified, per Out of scope above).
  • Trigger governance-sync from the ADR registry and confirm
    .github/instructions/governance/ populates.
  • Review docs/starcache-tech-spec.md and either promote it via PR
    to the spec registry or note required edits.

Generated by Claude Code

…ructions, standards/governance workflows, draft tech spec)

Brings StarCache into the org governance system per the platform's repo
setup instructions: declares the repo boundary (ROLE.md), gives Claude
Code and Copilot the governance context they need, wires up the
reusable PHP standards-enforcement workflow in advisory mode, adds a
pull-spec/test/propose-spec governance workflow, and bootstraps a draft
product tech spec from the existing TECHNICAL-SPECIFICATION.md and
current code (with open questions flagged rather than assumed).

Org-level infrastructure (GitHub Apps, org secrets, the governance-sync
workflow in the ADR registry) is outside this repo's scope and must be
set up/triggered by an org admin before .github/instructions/governance/
will populate.

@amazon-q-developer amazon-q-developer Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This PR successfully adds platform governance scaffolding for StarCache, bringing it into the organization's governance system. The changes include well-structured GitHub Actions workflows, comprehensive documentation files, and a thorough technical specification.

All files follow correct syntax and organizational standards. The workflows properly reference external reusable workflows, the documentation is clear and comprehensive, and the .gitignore changes appropriately exclude generated spec files.

No blocking defects identified. The PR is ready for merge from a code review perspective, pending the organizational setup items mentioned in the PR description (GitHub Apps installation, secrets configuration, and governance-sync workflow trigger).


You can now have the agent implement changes and create commits directly on your pull request's source branch. Simply comment with /q followed by your request in natural language to ask the agent to make changes.

@gemini-code-assist gemini-code-assist Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code Review

This pull request adds key documentation files for StarCache, including Copilot review instructions, agent guidelines, role boundaries, and a draft product technical specification. The reviewer's feedback correctly points out that several features listed as open questions or unimplemented—specifically context-dimension hardening, adapter discipline, key-builder separation, and reference-length guards—are already fully implemented in the codebase. The feedback suggests updating the technical specification to reflect these as completed requirements and removing the corresponding open question from the list.

Important

The consumer version of Gemini Code Assist on GitHub is being sunset. Starting June 18, 2026, new organization installations will be blocked, and all code review activity will officially cease on July 17, 2026.
For more details on the timeline and next steps, please review the Help Documentation.

Comment thread docs/starcache-tech-spec.md Outdated
Comment thread docs/starcache-tech-spec.md Outdated
Comment thread docs/starcache-tech-spec.md Outdated
…ed work

Verified against StarCacheContext.php, StarCacheKey.php, and
StarCacheAdapter.php: context-dimension hardening, the reference-length
guard, key-builder segment separation, and adapter discipline are
already implemented (and tested), not outstanding as the pre-existing
TECHNICAL-SPECIFICATION.md checklist claimed. Resolves OQ-003 in
docs/starcache-tech-spec.md and updates REQ-004 accordingly.

Addresses gemini-code-assist review feedback on PR #7.
@MaximillianGroup

Copy link
Copy Markdown
Contributor Author

@copilot resolve the merge conflicts in this pull request

Copilot AI commented Jul 1, 2026

Copy link
Copy Markdown
Contributor

@copilot resolve the merge conflicts in this pull request

Merge conflicts resolved. The only conflicting file was .github/copilot-instructions.mdmain had added a short set of coding guidelines while this branch had added the full governance review instructions. Both sets of content are preserved: the coding guidelines are now a leading section in the merged file, followed by the governance reference repos, review checklist, and repo-specific invariants.

@MaximillianGroup
MaximillianGroup marked this pull request as ready for review July 1, 2026 16:08
Copilot AI review requested due to automatic review settings July 1, 2026 16:08

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Adds org platform-governance scaffolding to StarCache by introducing role/boundary documentation, agent/Copilot instructions, a draft product tech spec, and GitHub Actions workflows to run standards enforcement plus governance/spec sync steps.

Changes:

  • Add repo governance docs: ROLE.md, AGENTS.md, and docs/starcache-tech-spec.md (draft spec).
  • Add CI workflows: platform standards enforcement and governance (spec fetch → tests → propose spec update on merge).
  • Update existing internal technical spec hardening checklist to reflect current v2.1.1 state, and ignore fetched specs in .gitignore.

Reviewed changes

Copilot reviewed 7 out of 8 changed files in this pull request and generated 3 comments.

Show a summary per file
File Description
TECHNICAL-SPECIFICATION.md Updates the hardening checklist section to reflect current implementation status (v2.1.1) and adds governance-review notes.
ROLE.md Introduces an explicit owns/does-not-own boundary and dependency/contract statements for the product.
docs/starcache-tech-spec.md Adds a draft product tech spec intended for the governance spec registry (includes REQ/AC/OQ sections).
AGENTS.md Adds agent operating rules and references to governance registries and repo invariants.
.gitignore Ignores .sparxstar/specs/ (populated by spec-fetch workflows).
.github/workflows/standards.yml Adds platform standards enforcement workflow calling the reusable PHP enforcement workflow.
.github/workflows/governance.yml Adds governance workflow: pull spec, run tests, and propose spec updates on merge to main.
.github/copilot-instructions.md Expands Copilot review checklist and invariants to check against for StarCache PRs.

Comment thread .github/workflows/governance.yml
Comment thread docs/starcache-tech-spec.md Outdated
Comment thread docs/starcache-tech-spec.md
…ve Composer-auth wording

- governance.yml: propose-spec's changed-file check now diffs against
  github.event.before (falling back to HEAD~1) instead of always using
  HEAD~1, which silently missed spec changes on a multi-commit push
  (e.g. a fast-forward merge to main).
- docs/starcache-tech-spec.md: drop the personal email from Identity
  (frontmatter owner already covers it), and clarify that
  COMPOSER_RESOLVER_PRIVATE_KEY is passed through for the org's reusable
  workflows' own use, not because StarCache itself has private deps.
@MaximillianGroup
MaximillianGroup merged commit 42b6cda into main Jul 1, 2026
2 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

5 participants