Release Gates

Release gates should block on verified, reproducible, high-impact findings.

  1. Define blocking thresholds
    Decide which severities and risk categories block release.
  2. Require replay
    Prefer bug-level deterministic replay for P0 and P1 findings.
  3. Keep budgets explicit
    Bound tokens, cost, time, and tool execution.
  4. Attach reports
    Store report JSON and Markdown as CI artifacts.

Gate rule

block=severity{P0,P1}replay=bug block = severity \in \{P0, P1\} \land replay = bug
Avoid noisy gates

Do not block a release on unverified narrative findings unless a human explicitly accepts that risk policy.