Skip to content

ci: add release gates and advisory Skylos scan#14

Merged
duriantaco merged 1 commit into
mainfrom
feat/positioning-ci-gates
May 10, 2026
Merged

ci: add release gates and advisory Skylos scan#14
duriantaco merged 1 commit into
mainfrom
feat/positioning-ci-gates

Conversation

@duriantaco
Copy link
Copy Markdown
Owner

@duriantaco duriantaco commented May 10, 2026

Summary

  • Clarifies Vouch’s value proposition in the README... risky AI-written changes should not ship just because CI passed.
  • Adds a password-reset example to explain contracts, obligations, evidence, and release decisions.
  • Adds GitHub Actions CI with required-style Go checks and VouchBench acceptance.
  • Adds Skylos as an advisory, non-blocking scan for severe quality/security/dead-code signals.

CI Gates

Required checks to enable in branch protection:

  • Go checks
  • VouchBench acceptance
  • Skylos advisory (advisory)

Skylos is intentionally non-blocking via continue-on-error and --force, so findings show up in Actions annotations/summary without blocking merges.

Tests

  - `go test ./...`
  - `scripts/vouchbench.sh --out /tmp/vouchbench-ci` passed 114/114 assertions

@duriantaco duriantaco merged commit 977180b into main May 10, 2026
3 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@duriantaco