First-pass adoption of the branch-and-PR workflow so Scott can onboard
Jr Claude contributors without blocking on the Lead. This PR is also
the inaugural test case of the workflow — branch + PR + review rather
than direct-to-master.
Three new files at the repo root:
- **CONTRIBUTING.md** — authoritative workflow policy. Based on the
doc Opus outlined, with ItsGoin-specific amendments:
1. Hotfix carve-out: Lead retains direct-to-master authority for
true production-down scenarios, with mandatory retrospective PR
within 24h.
2. Build trigger is explicit — Scott says "ship it," no rolling
auto-deploy.
3. Review SLA is "natural stopping point," no hard time budget.
Exception: Jr blocked + Scott flags urgent → Lead preempts.
4. Re-evaluation triggers for the Lead role (5+ agents, >1d review
latency, rewriting PRs in review, Scott's routing load).
5. Secrets policy explicit (`.deploy-creds` is .gitignored; never
commit credentials).
A Phase 0 checklist at the bottom tracks which prereqs (CI, branch
protection, Jr Forgejo account) are still pending.
- **AGENTS.md** — cross-agent session-start guide. Originally drafted
as CLAUDE.md, but that filename is `.gitignore`d at the repo root
because it has historically been a credential-leak vector. Switched
to AGENTS.md (emerging cross-tool convention) with an explicit
security banner at the top forbidding credential writes. Covers
session start, role-specific starts (Lead vs Jr), session end,
critical rules.
- **sessions.md** — rolling contributor coordination log. Seeded with
an entry for this PR and the current post-v0.6.2-ship state (anchor
PID 3475521, shipped artifacts, last merged commit 2ce668a).
No code touched. Workflow-only.
Phase 0 prereqs still open after this PR:
- Forgejo CI (`cargo check` + `cargo test` on push + PR)
- Branch protection on master (require PR + 1 review + green CI)
- Second Forgejo account + SSH key for Jr Claude(s)
