AI-Native SDLC + CI/CD Plans
Project-specific GitHub Actions and SDLC proposals for Pocket Coach and FORQA. Planning artifacts only; no repo workflows, GitHub settings, Supabase projects, secrets, deployments, or production data were changed.
Protects frozen beta/prod while adding AI-assisted spec, branch, CI, dev/test deployment, QA, release candidate, production approval, monitoring and rollback gates.
Prioritises credential safety, controlled single-tenant/design-partner hardening, multi-tenant/RLS gates, integration isolation and production deployment controls.
FORQA security note: research flagged a hard-coded PAT in a visible workflow. The token was not copied into any artifact. Treat this as a credential-rotation/incident-response item before CI/CD hardening.
Approval boundary: implementation is not authorised by this artifact. Repo writes, workflow files, GitHub environment settings, Supabase changes, secrets, deployments and production data actions require Jack approval.