This repository uses a two-track branch model:
dev: active integration and testnet — default target for all feature work; maps to OP Sepolia staging deploymentmain: mainnet-ready only — source of truth for mainnet releases
- Default target for feature branches and iterative changes.
- Automatically triggers staging rehearsal deployment (OP Sepolia) on push.
- Must stay buildable and testable at all times.
- Code merged here is considered testnet-ready.
- Contains only reviewed, mainnet-ready code.
- Used for mainnet deployment preparation and release tags.
- Must pass full contract checks and staging rehearsal before merge.
feature/<name>: regular feature or refactor work, branch fromdev, merge intodev.hotfix/<name>: urgent production fix, branch frommain, merge tomain, then back-merge todev.release/<name>(optional): additional stabilization before mergingdevintomain.
ci-fastruns on pushes todevandmain, and on all PRs into protected branches.ci-fullruns on pushes todevandmain, on PRs, on schedule, and manual dispatch — includes invariants + release gate.governancevalidates required-check consistency across:scripts/github/apply-governance.shBRANCHING.md.github/PRODUCTION_GOVERNANCE_CHECKLIST.md
contracts-staging-rehearsalis automatically triggered on push todev.contracts-release-gateruns release gate in a pinned container on pushes todev/mainand manual dispatch.contracts-mainnet-readinessis production-gated:- manual only (
workflow_dispatch) - enforced to run from
mainbranch - tied to
productionenvironment
- manual only (
- GitHub settings implementation checklist:
.github/PRODUCTION_GOVERNANCE_CHECKLIST.md
- Review/PR governance files:
.github/CODEOWNERS.github/pull_request_template.md.github/PULL_REQUEST_TEMPLATE/release.md
Use this matrix as the merge baseline.
Typecheck + LintSecret Scan (trufflehog)Detect Secrets DriftDependency ReviewRelease Gate ContainerContracts Core (Unit + Invariant) / Contracts CoreContracts Security (Semgrep) / Semgrep ScanContracts Fuzz / Contracts FuzzCircuits Core (Build + Tests + Circomspect) / Circuits CoreFrontend Checks (Node 24) / Frontend Checks (Node 24.3.0)Analyze (javascript-typescript)- If PR touches governance policy files (
apply-governance.sh,BRANCHING.md, governance checklist):Validate Governance Policy Consistency
Typecheck + LintSecret Scan (trufflehog)Detect Secrets DriftDependency ReviewRelease Gate ContainerContracts Core (Unit + Invariant) / Contracts CoreContracts Security (Semgrep) / Semgrep ScanContracts Fuzz / Contracts FuzzCircuits Core (Build + Tests + Circomspect) / Circuits CoreFrontend Checks (Node 24) / Frontend Checks (Node 24.3.0)Analyze (javascript-typescript)Validate Release PR ChecklistValidate Release Evidence- If PR touches governance policy files (
apply-governance.sh,BRANCHING.md, governance checklist):Validate Governance Policy Consistency
- Manually run
Contracts Mainnet Readinessfrommain - Capture readiness artifact and run URL in release records
Apply these repository settings:
- Protect
main
- Require pull request before merge.
- Require status checks:
Typecheck + LintSecret Scan (trufflehog)Dependency ReviewContracts Core (Unit + Invariant) / Contracts CoreContracts Security (Semgrep) / Semgrep ScanContracts Fuzz / Contracts FuzzCircuits Core (Build + Tests + Circomspect) / Circuits CoreFrontend Checks (Node 24) / Frontend Checks (Node 24.3.0)Detect Secrets DriftRelease Gate ContainerValidate Release PR ChecklistValidate Release Evidence
- Require at least 1-2 approvals.
- Dismiss stale approvals on new commits.
- Restrict direct push.
- Protect
dev
- Require pull request before merge (or allow maintainers direct push if desired).
- Require status checks:
Typecheck + LintSecret Scan (trufflehog)Dependency ReviewContracts Core (Unit + Invariant) / Contracts CoreContracts Security (Semgrep) / Semgrep ScanContracts Fuzz / Contracts FuzzCircuits Core (Build + Tests + Circomspect) / Circuits CoreFrontend Checks (Node 24) / Frontend Checks (Node 24.3.0)Detect Secrets DriftRelease Gate Container
- Require at least 1-2 approvals.
- Dismiss stale approvals on new commits.
- Restrict direct push.
Notes:
- Do not add
Validate Governance Policy Consistencyas a global required branch-protection check because it is intentionally path-filtered; require it only on governance-touching PRs. Contracts Core (Unit + Invariant) / Contracts Coreis the required branch-protection check;Contracts Core (With Invariants)refers to theci-fullvariant that runs afterci-fastpasses and is not an additional required check (to avoid PR timeouts).
- Protect tags
- Release tags (
v*) are protected by thetag-protectionruleset: creation is restricted to maintainers, deletion and force-update are blocked for all actors.
- Create
feature/*fromdev. - Open PR into
dev; resolve feedback and green checks. - Staging rehearsal runs automatically on push to
dev. - Open PR
dev -> mainonce staging rehearsal passes. - Run production readiness workflow from
main. - Tag release on
mainafter approval.