Quality Gates (merge-gate matrix)¶
Status: governance. Captured 2026-06-14. Defines the Definition of Done / merge gate per product tier, so "what blocks a merge" is explicit and uniform instead of per-repo folklore. Tiers are defined in PRODUCT-PORTFOLIO.
Gate matrix¶
| Gate | Core (rust) | Companion (qBittorrentBB / aMuTorrent) | MFC (eMuleBB, 0.7.x → 0.8.x) | Lab (goed2k) | Infra |
|---|---|---|---|---|---|
| Build (matrix) | ✅ 3-OS | ✅ (fork CI) | ✅ x64 Debug+Release+diag | ⛔ while lab | ✅ |
| Unit/integration tests | ✅ blocking | ✅ | ✅ shared harness | ⛔ while lab | ✅ |
| Lint | 🔸 clippy advisory (relaxed; → -D warnings at Phase 0 close) + fmt ✅ |
✅ (upstream + fork checks) | warning-debt cleanup | — | — |
| Supply chain | ✅ cargo-deny advisories | dependency-review | dependency-review | — | dependency-review |
| Policy guard | ✅ rust-client policy | fork hygiene (output-root, env, bind) | workspace validate | — | workspace validate |
| Privacy guard | ✅ no private data / titles | ✅ | ✅ | ✅ | ✅ tracked-file-privacy-guard |
| Leak-test (networked) | ✅ release-blocking | ✅ release-blocking | required for live profiles | n/a (local-only) | n/a |
| Docs/normalization | ✅ LF + docs checks | ✅ | ✅ | ✅ | ✅ |
✅ = required to merge/release · ⛔ = intentionally not gated yet · — = not applicable
Current gaps (tracked)¶
- Core (rust): clippy is relaxed to advisory during active development —
re-enable blocking
-D warningsbefore the Phase 0 close. Leak-test gate not yet implemented (RUST-FEAT-005); eD2K TCP egress pin open (RUST-FEAT-003);kad_swarmtests non-blocking (RUST-BUG-001). cargo-deny enforces advisories only; bans/licenses pending a dep audit. - Companion (qBittorrentBB):
vpnReady()not truly fail-closed (QBBB-FEAT-004). - Lab (goed2k): no build/test CI by decision; promotion adds the Service bar.
Principles¶
- Invest by tier, not by history. Core/Companion carry the strongest gates; the
MFC app gets maintenance gates only on the shipping
0.7.xline (heavier gates return with the0.8.xmodernization line); Lab stays light until promoted. - The leak-test is non-negotiable for any networked product — it is the automated form of the P0 Network Safety invariant (WORKSPACE-POLICY).
- A non-blocking gate must have an owning item (e.g.
RUST-BUG-001) so it is visible debt, never silent. - New networked products inherit the Core/Companion bar at promotion time (see PRODUCT-PORTFOLIO lifecycle transitions).
- The test gating set (which test tiers gate which release: suite vs MFC
0.7.xvs on-demand reference) is defined in TEST-STRATEGY. MFC-source, parity, and VM/public tests are reference-only and do not gate a suite release.