From 1f50ab1903470731cf0378619662e5c6eb62a0b7 Mon Sep 17 00:00:00 2001 From: Affaan Mustafa Date: Tue, 12 May 2026 04:40:17 -0400 Subject: [PATCH] docs: record cross repo roadmap evidence (#1790) --- docs/ECC-2.0-GA-ROADMAP.md | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/docs/ECC-2.0-GA-ROADMAP.md b/docs/ECC-2.0-GA-ROADMAP.md index 48cc7474..01f26a33 100644 --- a/docs/ECC-2.0-GA-ROADMAP.md +++ b/docs/ECC-2.0-GA-ROADMAP.md @@ -40,8 +40,15 @@ As of 2026-05-12: review tail. - AgentShield PR #53 reduced two context-rule false positives and closed the remaining AgentShield issues. +- AgentShield PR #55 added GitHub Action organization-policy enforcement with + `policy` / `fail-on-policy` inputs, `policy-status` / + `policy-violations` outputs, job-summary evidence, and policy violation + annotations. - ECC PR #1778 recovered the useful stale #1413 network/homelab architect-agent concepts. +- ECC-Tools PR #26 added cost/token-risk predictive follow-ups for AI routing, + Claude/model calls, usage limits, quota, and analysis-budget changes that lack + budget, quota, rate-limit, or cost validation evidence. ## Operating Rules @@ -149,6 +156,8 @@ Acceptance: - Formal policy schema exists for org baselines, exceptions, owners, expiration, severity, and audit trails. - SARIF/code-scanning output is implemented and tested. +- GitHub Action policy gates expose organization policy status and violation + counts for branch-protection and CI evidence. - Policy packs are defined for OSS, team, enterprise, regulated, high-risk hooks/MCP, and CI enforcement. - Supply-chain intelligence plan covers MCP package provenance, npm/pip @@ -173,6 +182,8 @@ Acceptance: - PR check suite taxonomy includes Security Evidence, Harness Drift, Install Manifest Integrity, CI/CD Recommendation, Cost/Token Risk, and Agent Config Review. +- Cost/token-risk predictive follow-ups flag AI routing, model-call, usage, + quota, and budget changes when budget evidence is missing. - Linear sync design maps findings to issues/status without flooding the workspace.