Stability checkpoint — Phase A closed + shields retired + docs polish
Post-stable-v1.0.10 session. First REAL post-Phase-A checkpoint where
the file-length gate + PMD/Checkstyle/ESLint tuning land alongside
actual user actions being taken (VM raise + signed commits + branch
protection). Two MRs merged: !130 (TASKS refresh) + !131 (shields +
docs). 10+ commits shipped.
Major deliveries:
1. Shields retired (314012f) — user raised Docker Desktop VM to 16 GB,
both test:k8s-apply + test:k8s-apply-prom re-armed as BLOCKING.
First successful exit of the ADR-0049 'dated exit ticket' pattern
(18h lead time vs 30d ceiling).
2. Signed commits end-to-end (314012f+ was the first SSH-signed commit).
GitHub required_signatures active on svc + UI main branches.
3. Phase A follow-ups:
- Checkstyle custom config swapping google_checks (a17b7b4)
- gitleaks Auth0 allowlist fix (e03f58f) — mirrors UI dac848b
4. Docs polish (several commits):
- ADR-0049 'CI shields with dated exit tickets' + retirement log
- ADR-0050 'CI YAML modularisation plan' (Proposed)
- docs/api/auth0-current-tenant-state.md — live tenant snapshot
- docs/audit/session-2026-04-22-user-actions-closed.md — flow audit
- docs/audit/clean-code-architecture-2026-04-22.md — 80%/70% posture
- TASKS.md refreshed, user-actions section closed to ✅ DONE
- 3 user-action runbooks shipped (docker-vm-cap + setup-signed-commits.sh
+ required-signed-commits-github)
5. Jargon vulgarisation fix — 'cost-bearing' glossed (ab5e910)
UI side unchanged since stable-v1.0.10 apart from path-filter dedupe
(b9734ea → merged in MR !70). UI tag stable-v1.0.11 posted in parallel
for alignment.
What's next (Phase B): QualityReportEndpoint 1934→7 parsers,
CI YAML modularisation, component splits. All tracked in TASKS.md.