Skip to content

Document PR-only workflow #2

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
RedBeret merged 1 commit into from
Apr 29, 2026
+41 −5
Merged

Document PR-only workflow #2

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
15 changes: 15 additions & 0 deletions AGENTS.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,15 @@
# Agent Instructions

These rules apply to all agent-driven work in this repository.

## Git Workflow

- Do not push directly to `main`.
- Make every change on a small topic branch.
- Open a pull request for every change, including documentation-only changes.
- Keep PRs incremental and focused on one concern.
- Run `bash scripts/publish-check.sh` before opening or updating a PR.
- Do not merge automated dependency or security PRs without reviewing the diff.

The only exception was the initial repository publication. Future Codex work
should use pull requests.
13 changes: 13 additions & 0 deletions CONTRIBUTING.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -27,3 +27,16 @@ file-specific, and justified by tests or documentation examples.

Use concise, human-readable commit messages. Do not include AI attribution
footers or generated-by text in commits.

## Pull Request Policy

All changes should go through pull requests. Do not push directly to `main`.

Keep PRs small:

- one feature, fix, or documentation update per PR
- clear title and summary
- publish-check output included when relevant
- no unrelated cleanup mixed into the same branch

This policy applies to agent-authored work as well as human-authored work.
18 changes: 13 additions & 5 deletions docs/PUBLICATION_CHECKLIST.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,27 +2,35 @@

Run these from the repository root before pushing publicly.

1. Confirm there are no private staging folders:
1. Create a topic branch. Do not push directly to `main`.

```bash
git checkout -b your-change-name
```

2. Confirm there are no private staging folders:

```bash
find . -name .git -type d -prune -print
find . -name '*.lock' -o -name '.DS_Store'
```

2. Run the bundled publish check:
3. Run the bundled publish check:

```bash
bash scripts/publish-check.sh
```

3. Check for personal identifiers:
4. Check for personal identifiers:

```bash
rg -n --hidden 'your-real-email@example.com|/Users/yourname|phone|token|password' .
```

4. Review `.security-allowlist` manually. Every entry should be narrow and
5. Review `.security-allowlist` manually. Every entry should be narrow and
explainable.

5. Confirm any `.env`, session, credential, backup, and local profile files are
6. Confirm any `.env`, session, credential, backup, and local profile files are
excluded by `.gitignore`.

7. Open a pull request.