fix(jackin): revert required_approving_review_count to 0 for solo-maintainer repo#15
Merged
Merged
Conversation
…ntainer repo The previous PR (#14) raised `required_approving_review_count` from 0 to 1 as part of the post-#266 hardening, on the assumption that a human reviewer would be available before each merge. The repo is operated by a single maintainer, and GitHub does not let the PR author approve their own pull request, so the rule blocks every merge instead of gating it. Revert to `required_approving_review_count = 0`. The remaining hardening from #14 stays in place: `strict_required_status_checks_policy = true` ensures the green CI run reflects the exact code that lands on main, and the expanded required-status-check list (`ci-required`, `construct-required`, `docs-required`, `docs-link-check`, `validate`, `DCO`) gives every gated workflow a hard gate at the GitHub layer. Add a code comment naming the constraint so a future change does not silently re-flip the knob without checking whether the project has gained additional reviewers in the meantime. Signed-off-by: Alexey Zhokhov <alexey@zhokhov.com> Co-authored-by: Claude <noreply@anthropic.com>
0556988 to
6c791e3
Compare
|
donbeave
added a commit
to jackin-project/jackin
that referenced
this pull request
May 9, 2026
Capture an invariant that has been silently shaping recent decisions but was nowhere written down: jackin has exactly one human contributor, and GitHub does not let a PR author approve their own pull request. The previous CI hardening round (jackin-project/jackin-github-terraform#14) raised `required_approving_review_count` to 1 on the assumption a second reviewer was available — they are not — and the resulting trap blocked every merge until it was reverted in jackin-project/jackin-github-terraform#15. Add a 'Project staffing: solo maintainer' section at the top of `AGENTS.md` naming the constraint and the four downstream consequences: branch protection cannot require an approving review; "get a second pair of eyes" is not an available pre-merge step (pre-merge confidence comes from CI, the path-aware aggregator status checks, the strict up-to-date branch policy, and the agent following PULL_REQUESTS.md); multi-agent review is the load-bearing substitute for the missing second human, not optional polish; and for irreversible or high-blast-radius changes the agent should prefer asking the operator to confirm one more time over assuming green CI is sufficient. The rule retires when the project gains additional human reviewers. Signed-off-by: Alexey Zhokhov <alexey@zhokhov.com> Co-authored-by: Claude <noreply@anthropic.com>
donbeave
added a commit
to jackin-project/jackin
that referenced
this pull request
May 18, 2026
Capture an invariant that has been silently shaping recent decisions but was nowhere written down: jackin has exactly one human contributor, and GitHub does not let a PR author approve their own pull request. The previous CI hardening round (jackin-project/jackin-github-terraform#14) raised `required_approving_review_count` to 1 on the assumption a second reviewer was available — they are not — and the resulting trap blocked every merge until it was reverted in jackin-project/jackin-github-terraform#15. Add a 'Project staffing: solo maintainer' section at the top of `AGENTS.md` naming the constraint and the four downstream consequences: branch protection cannot require an approving review; "get a second pair of eyes" is not an available pre-merge step (pre-merge confidence comes from CI, the path-aware aggregator status checks, the strict up-to-date branch policy, and the agent following PULL_REQUESTS.md); multi-agent review is the load-bearing substitute for the missing second human, not optional polish; and for irreversible or high-blast-radius changes the agent should prefer asking the operator to confirm one more time over assuming green CI is sufficient. The rule retires when the project gains additional human reviewers. Signed-off-by: Alexey Zhokhov <alexey@zhokhov.com> Co-authored-by: Claude <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Revert
required_approving_review_countfrom 1 back to 0 on thejackinrepo'sprotect_mainruleset. The previous PR (#14) raised it under the assumption a human reviewer would always be available, but the repo is operated by a single maintainer and GitHub does not let a PR author approve their own pull request — the rule blocks every merge instead of gating it.The other safety improvements from #14 stay in place:
strict_required_status_checks_policy = trueensures every PR runs CI against the actual merge state, and the expandedrepo_required_status_checkslist (ci-required,construct-required,docs-required,docs-link-check,validate,DCO) gives every gated workflow a hard gate at the GitHub layer. Together those still close the "two individually-green PRs become red when combined" hole; what they cannot do is force a second pair of eyes that doesn't exist.A code comment names the solo-maintainer constraint so a future change doesn't silently re-flip the knob without verifying the project has gained additional reviewers.
Verify locally
After merge, run
tofu planthentofu applyfrom your host to activate. Plan diff should show one resource change ongithub_repository_ruleset.protect_main["jackin"]:required_approving_review_count: 1 -> 0.