Skip to content
Documentation

Platform PR Governance Checklist

⚠️ INTERNAL ONLY — Platform Operations
Not intended for public distribution.

When This Checklist Applies

Section titled “When This Checklist Applies”

Use this checklist for any pull request that:

  • Changes deployment topology, Cloudflare configuration, or infrastructure-as-code.
  • Alters security posture, zero trust boundaries, identity, or access policies.
  • Impacts architecture principles, ADR-aligned decisions, or data classification.
  • Modifies operational runbooks, build tooling, or version policy.

Rule: If the change touches architecture, security, or operations guardrails, author or update an ADR using the ADR Template.

Architecture Review (TOGAF Alignment)

Section titled “Architecture Review (TOGAF Alignment)”
  • Architecture principles still hold or updated ADR created.
  • Context diagrams, system boundaries, and data flows remain accurate.
  • New integrations documented in diagrams with trust boundaries clarified.

Security Review (Zero Trust + Least Privilege)

Section titled “Security Review (Zero Trust + Least Privilege)”
  • Cloudflare Access requirements remain enforced; access groups reviewed.
  • No secrets, credentials, or tokens committed.
  • Impact to threat model or mitigations assessed; security docs updated if needed.

Operations Review (Docker Parity + Build Health)

Section titled “Operations Review (Docker Parity + Build Health)”
  • Docker workflows stay reproducible; container instructions updated when required.
  • Runbooks reflect new operational steps or rollbacks.
  • Release and incident procedures reviewed for relevance.

Documentation Review

Section titled “Documentation Review”
  • Relevant ADRs created/updated and linked from ADR index.
  • Architecture, security, or ops navigation updated for new pages.
  • Diagrams regenerated or verified; legend and labels remain current.

Mandatory Verification Commands

Section titled “Mandatory Verification Commands”

Paste the output (or confirmation) of each command into the pull request description:

Terminal window
docker compose run --rm dev bash -lc "pnpm install"
docker compose run --rm dev bash -lc "pnpm build:docs"
docker compose run --rm dev bash -lc "pnpm build:site"
find apps -name .git -print

Publishing Rules

Section titled “Publishing Rules”
  • Confirm no dist/ or build artefacts are committed in the pull request.
  • Ensure branch protections and review requirements remain satisfied.