SOP-006: PR Creation, Review, and Merge

Purpose

Create pull requests from the dev branch to staging, run the 4-gate review process (BA, Architect, Security, DevOps), and merge approved PRs. Ensures code quality and compliance before staging deployment.

Scope

Applies to all services in the ADLC pipeline. Covers branch consolidation, review gate execution, PR creation via gh, and merge to staging.

Prerequisites

• All dev tasks for the current phase are complete (or form a coherent deliverable)
• Tests pass: bash ~/dev/ops/adlc-v2/scripts/test-runner.sh {project} {service}
• Feature branches merged into dev (branch consolidation done)
• GitHub CLI (gh) authenticated
• Review agent definitions available in ~/.claude/agents/

Procedure

1. Consolidate feature branches into dev

Before reviews, all feature branch work must be on dev:

cd ~/dev/projects/{service}
git stash 2>/dev/null
git checkout dev
FEATURE_BRANCHES=$(git branch | grep 'feat/' | sed 's/^[* ]*//')

for branch in $FEATURE_BRANCHES; do
  git merge $branch --no-edit 2>/dev/null
  if [ $? -ne 0 ]; then
    git merge --abort
    echo "CONFLICT: {service}/$branch -- needs manual resolution"
    # Post to Slack DM if conflict cannot be resolved
  else
    git branch -d $branch
  fi
done

git push origin dev 2>/dev/null

2. Run test suite

bash ~/dev/ops/adlc-v2/scripts/test-runner.sh {project} {service}

All tests must pass before proceeding. If tests fail, spawn dev fix agent – do not proceed to reviews.

3. Run the 4-gate review process

Check memory before spawning:

awk '/MemAvailable/ {print int($2/1024)}' /proc/meminfo

If > 2000MB, spawn all reviews in parallel:

/agent ba "SERVICE: {service}. PROJECT: {project}. Review against spec: ~/dev/specs/{project}/specs/{service}/spec.md. Write JSON report to ~/dev/ops/reviews/{service}/ba-report.json."

/agent architect "SERVICE: {service}. PROJECT: {project}. Write JSON report to ~/dev/ops/reviews/{service}/architect-report.json"

/agent security "SERVICE: {service}. PROJECT: {project}. Write JSON report to ~/dev/ops/reviews/{service}/security-report.json"

/agent devops "SERVICE: {service}. PROJECT: {project}. MODE: review. Write JSON report to ~/dev/ops/reviews/{service}/devops-report.json"

4. Evaluate review results

BA=$(python3 -c "import json; print(json.load(open('$HOME/dev/ops/reviews/{service}/ba-report.json'))['status'])")
ARCH=$(python3 -c "import json; print(json.load(open('$HOME/dev/ops/reviews/{service}/architect-report.json'))['verdict'])")
SEC=$(python3 -c "import json; d=json.load(open('$HOME/dev/ops/reviews/{service}/security-report.json')); print(d['status'], d['severity'])")
DEVOPS=$(python3 -c "import json; print(json.load(open('$HOME/dev/ops/reviews/{service}/devops-report.json'))['verdict'])")

echo "BA: $BA | Architect: $ARCH | Security: $SEC | DevOps: $DEVOPS"

Gate criteria: | Review | Pass | Fail | |——–|——|——| | BA | compliant | non-compliant with missing criteria on done tasks | | Architect | PASS | FAIL | | Security | clean or concerns (not HIGH/CRITICAL) | critical or severity HIGH/CRITICAL | | DevOps | PASS or PASS_WITH_NOTES | FAIL |

If a review fails: - Read the report JSON for specific findings - Spawn dev fix agent targeting the specific issues - After fix, re-run ONLY the failed review(s), not all 4 - Track retry count – after 3 retries, mark BLOCKED (circuit breaker)

5. Create the PR

cd ~/dev/projects/{service}

# Handle staging divergence (lesson from 2026-03-22)
git fetch origin staging
git merge origin/staging --no-edit

# Create PR
gh pr create \
  --base staging \
  --head dev \
  --title "feat({service}): {description}" \
  --body "$(cat <<'EOF'
## Summary
- {bullet point summary of changes}

## Reviews
- BA: compliant ({X}/{Y} criteria)
- Architect: PASS
- Security: {status} ({severity})
- DevOps: PASS

## Test Results
- {X} unit tests passed
- {Y} integration tests passed

## Review Reports
See ~/dev/ops/reviews/{service}/
EOF
)"

6. Merge the PR

PR_NUMBER=$(gh pr list --base staging --head dev --json number -q '.[0].number')
gh pr merge $PR_NUMBER --merge

7. Write status and pipeline state

CLI="$HOME/dev/ops/adlc-v2/scripts/cli"
bash $CLI/write-status.sh {service} pr DONE "PR#$PR_NUMBER merged to staging"
bash $CLI/write-pipeline-state.sh {project} {service} PR_MERGED "PR#$PR_NUMBER"

Verification

• PR is merged: gh pr view $PR_NUMBER --json state -q '.state' returns MERGED
• Staging branch has the latest commits: git log origin/staging --oneline -3
• All review reports exist in ~/dev/ops/reviews/{service}/
• Status file updated: cat ~/dev/ops/outputs/{service}-pr.status

Rollback

If a PR was merged with issues: 1. Identify the merge commit: git log origin/staging --oneline -5 2. Create a revert PR: git revert {merge_commit} && gh pr create --base staging --title "revert: {service} PR#{number}" 3. Re-run the failed review to confirm the issue 4. Fix and create a new PR

References

• Review reports: ~/dev/ops/reviews/{service}/
• CLI tools: ~/dev/ops/adlc-v2/scripts/cli/write-review.sh
• Lesson: git push dev:staging rejected (2026-03-22) – always fetch and merge origin/staging first
• Lesson: BA FAIL blocking dev (2026-03-21) – BA should mark unimplemented tasks as N/A
• Lesson: Status file corruption from PR agent (2026-03-21) – use CLI tools, never write raw
• Lesson: Auth stub not replaced (2026-03-23) – grep for all imports when replacing a module
• Lesson: Commented-out security control is not a fix (2026-03-23) – verify fixes are active at runtime