Add governance instructions for production code

[chitcommit]

Added governance and coding guidelines for production code in a multi-repo environment, covering priorities, security, quality, and review policies.

Summary by CodeRabbit

• Documentation
  • Added internal development governance guidelines covering security, code quality, and PR review standards.

[chatgpt-codex-connector]

You have reached your Codex usage limits for code reviews. You can see your limits in the Codex usage dashboard.

[github-actions]

@coderabbitai review
@copilot review
Adversarial review request: evaluate security, policy bypass paths, and regression risk.

[coderabbitai]

📝 Walkthrough

Walkthrough

A new governance policy document is introduced that outlines development priorities, security requirements, coding standards, PR guidelines, and review procedures. The document prescribes observable behavior for development workflows without introducing executable logic.

Changes

Cohort / File(s)	Summary
Governance & Policy Documentation .github/instructions/*.instructions.md	New policy file defining repository priorities (security, correctness, maintainability, performance), language defaults (TypeScript, npm, strict typing), security constraints (no secrets, input validation, least privilege), quality standards (testing, edge cases, backward compatibility), and PR/review guidelines (single concern area, small PRs, mandatory cleanup).

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~12 minutes

Poem

🐰 With whiskers twitching, guidelines now set,
A document planted, no stone left unmet,
Security, standards, and wisdom so clear—
Our repository hops with confidence here! 🌿

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title 'Add governance instructions for production code' accurately and concisely describes the main change: adding a new governance/instructions document for production code governance.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch chitcommit-patch-1

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[Copilot]

Pull request overview

Adds a repository instruction file intended to guide production-code changes in a governance-heavy multi-repo environment (security, quality, review policy, and response style).

Changes:

• Added governance/coding guidelines covering priorities, security requirements, quality/compatibility, PR policy, and governance constraints.
• Added response-style guidance for reviewers/assistants.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[coderabbitai]

Actionable comments posted: 2

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In @.github/instructions/*.instructions.md:
- Around line 33-40: Update the PR policy block to explicitly require code-owner
approval for changes to workflow and setup files by adding a rule that any
modifications under the .github/workflows/ path and any setup scripts must have
approval from designated owners; specify the default reviewer group and user
(nickbianchi and ChittyOS/cicd-admins) as required approvers in the policy text
and ensure the policy entry is placed alongside the existing PR and review
policy list so reviewers and CI admins are alerted for those high-impact
changes.
- Around line 42-47: Replace the vague governance bullet “Assume required status
checks, code scanning, and workflow gates are enforced” with an explicit list of
branch-protection requirements: require the status checks named "beacon-check",
"test", and "security" before merging; enable "Dismiss stale pull request
approvals" and "Require review from Code Owners"; and state that required check
contexts must match existing workflow names (do not add contexts that do not
exist on the base branch) and that protections remain in single-operator mode
even if approval count is 0. Update the Governance constraints section to
include these exact check names and the two review settings so the document is a
source-of-truth rather than an assumption.

---

ℹ️ Review info

Configuration used: defaults

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 97d81f3 and 2c36580.

📒 Files selected for processing (1)

• .github/instructions/*.instructions.md