Skip to content

docs(merge): Tier-1 merge readiness audit (17 PRs, #338-#355)#356

Open
ctol3r wants to merge 2 commits into
mainfrom
wave/merge-readiness-audit
Open

docs(merge): Tier-1 merge readiness audit (17 PRs, #338-#355)#356
ctol3r wants to merge 2 commits into
mainfrom
wave/merge-readiness-audit

Conversation

@ctol3r
Copy link
Copy Markdown
Owner

@ctol3r ctol3r commented May 13, 2026

Summary

Doc-only PR. Operator runbook for the Tier-1 merge train covering the 14 PRs the brief enumerated plus 3 stack-base PRs (#342, #344, #345) the audit list omitted but the dependency chain requires.

Effective merge set: 17 PRs. All CLEAN + MERGEABLE at audit time.

Twelve sections

# Section Key finding
1 Audit-set integrity flag 14-PR list omits #342/#344/#345; effective set is 17
2 Merge state 17/17 CLEAN; 16/17 have green CI; #344 needs CI nudge
3 Dependency graph 4 tiers (A independent, B/C/D stacked)
4 File-collision matrix 2 files touched by multiple PRs, both on the SAME linear stack
5 Seven concrete risk checks zero or MEDIUM-with-mitigation on each
6 Blocker matrix Codex SAFE (CRITICAL), 3 MEDIUM operational items
7 Safe merge order docs → unblock → additive → security → math
8 Risky merge points per-PR watch items
9 Deploy sequencing exact codex exec + gh pr merge + cache-flush SQL
10 Operator pre-merge checklist 6 items
11 Success condition 17 merged, surfaces respond 200, convergence verifier exit 0
12 Out of scope what this doc deliberately doesn't cover

Critical findings

Finding Severity
14-PR list incomplete; #342/#344/#345 required by chain INFO
Codex SAFE missing on all 17 PRs (CRITICAL gate) CRITICAL
isPublicRoute() allowlist may not cover new verifier surfaces MEDIUM
#339 cache invalidation needed post-deploy MEDIUM
#348 changes metadata.actorId semantics (org → person) MEDIUM
#344 has no Web Quality check recorded LOW
Zero file collisions outside the linear stacks OK
Zero schema conflicts (no Prisma migrations) OK
Zero replay-contract drift across the merge set OK
Zero well-known path conflicts OK
Zero build-order failures OK
Zero runtime namespace collisions OK

Scope

  • 1 new doc file: MERGE_READINESS.md (456 lines)
  • Zero code changes
  • Zero test changes

Validation

  • All PR metadata cross-checked against current origin/main SHA 9eb5cdee
  • File-touch lists pulled from gh pr view --json files per PR
  • Banned-strings scan: CLEAN

@tol3r
docs(merge): Tier-1 merge readiness audit (17 PRs, #338-#355)
c04865e 
Doc-only PR. Comprehensive audit of the institutional convergence
stack ahead of the Tier-1 merge train.

Sections:
   1. Audit-set integrity flag — calls out that the operator-supplied
      14-PR list omits 3 stack-base PRs (#342, #344, #345) that the
      audit set depends on; effective set is 17 PRs
   2. Merge state — every PR confirmed CLEAN + MERGEABLE
   3. Dependency graph — topological tiers A/B/C/D
   4. File-collision matrix — 2 files touched by multiple PRs but
      all on the SAME linear stack (rebase, not conflict)
   5. Risk audit — the seven concrete checks the brief named:
      route collisions / schema conflicts / replay contract drift /
      well-known path conflicts / auth boundary regressions /
      build-order failures / runtime namespace collisions.
      Verdict on each: zero or MEDIUM with named mitigation.
   6. Blocker matrix — Codex SAFE per PR (CRITICAL); isPublicRoute()
      allowlist (MEDIUM); #339 cache flush (MEDIUM); #348 actorId
      semantics change (MEDIUM); #344 CI nudge (LOW); rebase
      mechanics (LOW)
   7. Safe merge order — Tier A independent (8), Tier B/C/D
      stacked (4/3/2)
   8. Risky merge points — per-PR watch items
   9. Deploy sequencing plan — exact codex exec + gh pr merge +
      cache-flush SQL commands for each phase
  10. Operator pre-merge checklist
  11. Success condition — 17 PRs merged, production verifier
      surfaces respond 200, cross-surface convergence verifier
      returns exit 0
  12. Out of scope

The doc is the operator runbook for the merge train; combine with
docs/ops/production-promotion-protocol.md (#338) for promotion to
production.
@vercel
Copy link
Copy Markdown

vercel Bot commented May 13, 2026
edited
Loading

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Actions Updated (UTC)
vcv-web Ready Ready Preview, Comment May 13, 2026 3:12am
vitalcv Ready Ready Preview, Comment May 13, 2026 3:12am

@tol3r
chore(merge-readiness): downgrade §5.5 blocker + ship the small fix
8d03708 
After auditing apps/web/lib/auth/roles.ts on origin/main against the
new verifier-continuity surfaces in #349, #345, #355:

  - .well-known/* surfaces  ✅ already covered by /^\/\.well-known(\/.*)?$/
  - /api/receipt/*          ✅ covered by /^\/api(\/.*)?$/
  - /verify                 ✅ covered by /^\/verify(\/.*)?$/
  - /trust                  ⚠️ falls through (no pattern matches, no
                              required role) — reachable but implicit

This PR resolves the lone gap by adding an explicit
/^\/trust(\/.*)?$/ pattern to PUBLIC_ROUTE_PATTERNS so the
verifier-continuity intent is documented in the allowlist rather
than relying on the middleware's neither-public-nor-protected
fall-through. Eight new rows in middleware.test.ts pin the public
status of every verifier-continuity surface so a future allowlist
regression fails CI.

MERGE_READINESS.md updated:
  - §5.5 verdict downgraded MEDIUM → LOW (was: blocker; now: resolved)
  - §6 blocker matrix row crossed out (resolved in this PR)

Files:
  apps/web/lib/auth/roles.ts             +1 line (one regex)
  apps/web/__tests__/middleware.test.ts  +8 rows (test matrix)
  MERGE_READINESS.md                     §5.5 + §6 updates

Validation:
  pnpm exec vitest run __tests__/middleware.test.ts → 44/44
  pnpm turbo run build --filter @vitalcv/web → 13/13 tasks
@ctol3r ctol3r mentioned this pull request May 13, 2026
Open
ctol3r pushed a commit that referenced this pull request May 13, 2026
@tol3r
docs(deploy): apex forensics + route ownership map (#357 expansion)
ae66419 
Two new forensics docs answering the operator's deployment-topology
questions in one place:

APEX_DEPLOYMENT_FORENSICS.md
  - Proves apex (vitalcv.com) deploys apps/web (not apps/marketing)
    via live probe of /api/health returning service: "web"
  - Identifies the two Vercel projects (apex web vs separate
    marketing) and their per-app vercel.json overrides
  - Critical operational finding: apex /api/health reports
    clerk.enabled: false / mode: "none" — the production Vercel
    project is missing NEXT_PUBLIC_CLERK_PUBLISHABLE_KEY +
    CLERK_SECRET_KEY env vars. /sign-in 500s as a result.
  - Independent of the 20-PR merge queue: this Clerk env gap is
    operator-side configuration, not code
  - 10 sections + recommendations

ROUTE_OWNERSHIP_MAP.md
  - Proves every named verifier route lives in apps/web (not
    apps/marketing) by filesystem inspection
  - /verify exists in both apps but they own different concepts:
    apps/web/app/verify/page.tsx = institutional inspector (#345),
    apps/marketing/app/verify/[shareId]/page.tsx = share-link
    viewer (different domain, different concern)
  - Eight of nine institutional routes are exclusive to apps/web
  - Confirms: when the merge train lands, every new route deploys
    automatically to apex — no project-rebinding, no domain
    reconfig, no migration required
  - 9 sections + summary table

Together with the existing BUILD_ARTIFACT_VERIFICATION.md
(physical build output) and MERGE_READINESS.md (#356, merge-train
sequencing), this PR is now the complete operator-facing answer
to: "what does apex serve, what's the build output, what's the
merge order, and what's the deployment risk?"

No code changes. Three doc files at repo root.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@ctol3r @tol3r