docs: note the authorized automated submission path in SPEC.md#1
Merged
Merged
Conversation
Add a normative note that a listing's pull request MAY originate two ways: the manual fork+PR path (§7) or an authorized automated path — an external authorized service (the hub.dig.net dApp-submission flow) opens an equivalent PR on an admin-approved submitter's behalf, adding apps/<slug>/metadata.json + assets per §2–§4. Both paths are governed identically by the same app.schema.json + CI validation gate; an automated PR carries no merge privilege, must have featured:false, and still requires green CI + maintainer review — so the store remains curated with no self-service publishing pipeline. Cross-referenced from the §7 author checklist. Spec-only prose change. Bump: patch (0.1.0 -> 0.1.1) — docs-only, no behaviour or schema change.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
What
Adds a normative note to
SPEC.md(§1.1, cross-referenced from §7) that a listing's pull request MAY originate two ways, both governed identically by the existing validation contract:apps/<slug>/metadata.json+ the uploadedassets/exactly per §2–§4.The note is explicit that an automated PR is not privileged:
featuredMUST befalse, it carries no special merge rights, and it MUST pass the sameapp.schema.json+ CI validation gate (§3–§5) as any manual submission — so the store stays curated with no self-service publishing pipeline regardless of how a PR is opened (nothing ships without green CI + maintainer review). No secret or token value is embodied in the repository or the spec.This is a spec-only prose change — no schema, listing, code, or behaviour change.
Version bump
Patch: 0.1.0 → 0.1.1 — docs-only, backwards-compatible, no public-API/schema/behaviour change.
How verified (local, mirrors CI
ci.yml)npm run validate:apps— spec gate:OK — 4 listing(s) conform to SPEC.mdnpm run lint— 0 errors (4 pre-existing react-refresh warnings, unrelated)npm run typecheck— cleannpm run test:coverage— green, coverage thresholds (≥80% lines/functions/branches/statements) metnpm run build— catalog + SPA + prerender + dist sanity gate all passnpm run test:a11y— 46 Playwright a11y/SEO tests pass (axe WCAG 2.2 AA, desktop + mobile)