gatewaycontributionnot identity
Harnessing mergeable work
The maintainer declares role-based agents and hooks. Every issue and PR from a non-allowlisted contributor is produced under those rules, through the platform's GitHub App, or it does not land.
chokepoint: allowlist · github-app · sandbox · branch-protection
Pipeline
contributor → merge- contributoridentity
- issuer-agentsystem prompt
- issuespec
- change-agentsystem prompt
- prdiff · github-app
- maintainerreview
- contributoridentity
- issuer-agentsystem prompt
- issuespec
- change-agentsystem prompt
- prdiff · github-app
- maintainerreview
gates · identity · prompt · spec · prompt · diff · review
issuer-agent produces the issue that change-agent consumes; slop lives between intent and diff
every untrusted write passes through the github-app
Maintainer declares
harness.yaml- issuer-agentsystem prompt + hooks
- change-agentsystem prompt + hooks
- prompt scoperepo-owned, not user-owned
- slash-command/security/, /dx/, /infra/
- hookblock new deps; block eval
- hookthreat-model required for /security/ changes
- allowlisttrusted humans bypass the agents
harness.yaml · excerpt
agents:
issuer:
role: issue
system_prompt: ./prompts/issuer.md
hooks:
- require: [ repro_steps, expected, actual ]
- dedupe_against: open_issues
- refuse_if: out_of_scope
change:
role: pr
system_prompt: ./prompts/change.md
hooks:
- forbid: [ new_dependency, eval, network_in_tests ]
- require: threat_model_for(["/security/"])
- link_back_to: source_issue
allowlist:
- org-admins
- vouched: ./allowlist.yamlrepo-owned harness.yaml beats user-side CLAUDE.md and AGENTS.md. The maintainer wins the prompt fight.
What the maintainer gets
6 effects- triageinvalid issues stop before a branch is ever created
- review-loadthe screener refuses out-of-scope; the maintainer never has to
- supply-chainnew dependencies and
evalget blocked before review - telemetrya continuous record of what contributors tried and where rules blocked them
- contributor-experiencea pr lands or fails with a project-specific reason
- governancebase prompts inherit across an org's repos
