Stability checkpoint — workflow allowlist + iris-common SHA bumps + clean unused imports - ci(workflow): add bin and docs/adr to allowlist for new gates - chore(submodule): bump iris-common SHA → 8e8eabd (gcc shellcheck format, conv-commits fixes) - (earlier between v1.2.1 and v1.2.2 also includes 12 stale eslint-disable removals + 5 unused imports cleanup, banner, mirador trace purge) CI : - ✅ Main pipeline #563 green (post-promote dev → main) - ✅ Main pipeline #562 green (post-bump SHA) - ✅ shellcheck job (uses --format=gcc fix from iris-common) - ✅ adr-drift job Local test pass : - ⏭ npm run build : not re-validated locally this rev (CI build gate confirms) - ⏭ npm test : same - ⏭ npm run e2e : same Regression check vs previous tag : - ✅ Workflow allowlist now includes bin/* + docs/adr/* — MR pipelines fire correctly on script + ADR changes - ⏭ N/A — frontend repo - ⏭ N/A — no security-relevant change in this rev (CSP / HSTS untouched) - ⏭ N/A — no domain feature in this rev - ⏭ N/A — frontend repo, no infra delta - ⏭ N/A - 12 stale eslint-disable directives removed (carried over from v1.2.1 sweep) - 5 unused imports removed in customer.component - bundle budgets respected (CI gate green) - workflow:rules now matches `bin/**/*` + `docs/adr/**/*` (MR pipelines fire on these paths) - iris-common templates updated transitively (gcc shellcheck format) - iris-common SHA bumped → 8e8eabd (flat α submodule per ADR-0060) - dev → main workflow uniform with java + python - Angular 21 zoneless + signals (unchanged) - Mobile-responsive (unchanged) - Bundle budgets : within limits - 8 stale local branches deleted post-merge (cleanup across 5 iris repos session-wide) - Auto-merge dev → main template available (iris-common ci-templates/auto-merge-dev-to-main.yml) - Mobile-responsive validation pending on new dashboards (existing limit, not session-introduced) - AUTOMERGE_TOKEN setup → activate auto-merge dev→main - Lighthouse / a11y re-run on load-bearing routes