Summary
The private OKF repository is bootstrapped and the validate workflow is green.
Two operational hardening items still need owner action before scheduled refreshes
are fully production-ready.
Current state
- ✅
AS215932/knowledge exists and is private.
- ✅ Initial OKF bundle, JSONL exports, and SQLite export are committed.
- ✅
validate passes on main.
- ✅
ingest.yml is present for nightly and manual refreshes.
- ⚠️ Cross-repository private reads need an explicit credential.
- ⚠️
main branch protection is blocked by the current GitHub plan/settings.
Required follow-up
1. Configure scheduled-ingestion credentials
Create either:
- a read-only GitHub App, or
- a fine-grained token
with read access to the configured source repositories, including the private
AS215932/hyrule-business repository.
Save the credential as this repository secret:
Why this is needed: the workflow falls back to GITHUB_TOKEN, but that token
cannot read sibling private repositories such as AS215932/hyrule-business.
Minimum required access:
- Metadata: read
- Contents: read
- Issues: read
- Pull requests: read
2. Enable main branch protection
Protect main once the account/org plan supports branch protection for private
repositories, or move this repository to a plan where private branch protection
is available.
Attempted REST branch-protection setup returned:
HTTP 403: Upgrade to GitHub Pro or make this repository public to enable this feature.
Desired protection rules:
- Require PR before merge.
- Require the
validate check to pass.
- Require branches to be up to date before merge.
- Require at least one approving review.
- Dismiss stale reviews.
- Require conversation resolution.
- Disallow force pushes.
- Disallow branch deletion.
Acceptance criteria
Summary
The private OKF repository is bootstrapped and the
validateworkflow is green.Two operational hardening items still need owner action before scheduled refreshes
are fully production-ready.
Current state
AS215932/knowledgeexists and is private.validatepasses onmain.ingest.ymlis present for nightly and manual refreshes.mainbranch protection is blocked by the current GitHub plan/settings.Required follow-up
1. Configure scheduled-ingestion credentials
Create either:
with read access to the configured source repositories, including the private
AS215932/hyrule-businessrepository.Save the credential as this repository secret:
Why this is needed: the workflow falls back to
GITHUB_TOKEN, but that tokencannot read sibling private repositories such as
AS215932/hyrule-business.Minimum required access:
2. Enable
mainbranch protectionProtect
mainonce the account/org plan supports branch protection for privaterepositories, or move this repository to a plan where private branch protection
is available.
Attempted REST branch-protection setup returned:
Desired protection rules:
validatecheck to pass.Acceptance criteria
ingestcan clone every configured source repository.AS215932/hyrule-businessis included in scheduled refreshes.validatecheck before merge.