| Repository topology | Folder boundaries are explicit and immutable. | Root sprawl, misplaced files, v1 mutation | .githooks/pre-commit, CI structure checks | P1 |
| Content contract | Docs pages, navigation, and imports must stay structurally valid. | Broken docs routes/imports/frontmatter | tests/run-all.js, tests/run-pr-checks.js | P1 |
| Generated artifacts | Generated files are rebuilt from source scripts, never hand-maintained. | index drift, stale docs-index, script catalog drift | pre-commit staged generators + CI checks | P2 |
| Local commit gate | Pre-commit runs only fast staged local checks. | slow commits, dependency coupling, local flakiness | .githooks/pre-commit | P2 |
| Branch governance | Codex branch contract and issue readiness are validated before push. | out-of-scope changes, missing readiness, unsafe force-push | .githooks/pre-push | P1 |
| PR changed-scope CI | CI blocks regressions in changed scope only. | silent regressions entering docs-v2 | .github/workflows/test-suite.yml + tests/run-pr-checks.js | P0 |
| Full sweep CI | Browser/link/page sweeps catch system-level regressions. | route-level runtime failures, broad link failures | test-v2-pages.yml, browser and audit workflows | P0 |
| Scheduled ingestion | External data syncs are isolated and idempotent. | stale snippets data, secret drift, workflow collisions | dedicated update workflows + fetch scripts | P2 |
| Policy system | Rules are authored once, referenced everywhere else. | contradictory docs, operator confusion, policy drift | this file + source-of-truth-policy.mdx | P1 |