ITSMx

c993daf L73: editing a claude-code-action workflow file 401s the gate on every in-flight PR (the '31 PRs / 0 landed' day); repair is gh pr update-branch, not a re-run; needs a PAT. L74: a GITHUB_TOKEN self-heal can't list runners (use queue depth) or re-trigger gates (needs a PAT).

5946a51 First cycle of #170 crashed: gh api .../actions/runners returns 'Resource not accessible by integration' for the GITHUB_TOKEN (listing self-hosted runners needs admin rights it lacks), so idle became an error blob and budget went unbound. Switch the capacity signal to queued-run depth (readable with actions:read), force every value numeric so an API hiccup can't crash it, drop the in-workflow label-create (pre-created instead).

abde7ce A bounded, capacity-aware scheduled workflow that re-runs the compliance-gate on slice PRs that are CI-green but whose gate flaked/cancelled, so a green-able PR never sits stuck waiting for a human to click re-run (the 2026-06-03 jam, L72). Bounded on every axis so it never becomes the stampede it heals: acts only when a self-hosted runner is idle (never piles onto a busy fleet), max 2 re-runs/tick, gives up + labels stuck-needs-human after 3 tries, only touches CI-green PRs, and is gated by SELFHEAL_LIVE + the BUILDERS_PAUSED kill switch.

4d48005 The blocking compliance-gate (slice-pr-review.yml, 3 sequential AI lenses on the self-hosted fleet) had NO concurrency control, so every push to a PR stacked another ~36-min run without cancelling the stale one. With ~26 open slice PRs this starved the 4-runner fleet (runs queued 52-193 min, then cancelled -> no verdict -> fail-closed -> merge blocked) and drained the shared Max OAuth allowance. 0 slices shipped overnight. - Add a per-PR concurrency group with cancel-in-progress: true so a new commit kills the superseded gate run (latest-commit-wins). - Raise the gate job timeout 50->60 so a legitimate 3-lens+retry run isn't killed mid-verdict and false-fail-closed (the 34-50m FAILUREs). Documented as L72 in Docs/lessons-learned.md.

9b3c4b5 no extended description in this commit.

649d83e no extended description in this commit.

8153c12 no extended description in this commit.

5e85012 * ci(serializer): grant checks/statuses read for the PR pick query * ci(serializer): also grant actions:read (statusCheckRollup expands workflowRun)

fe5a884 Prevents recurrence of the 2026-06-01 night-run breakage (Docs/lessons-learned L67-L70): - scripts/check-migrations.mjs + a fast `migrations` CI job: statically block duplicate migration numbers and journal/file drift — the 0017 collision that cascade-failed ~92 integration suites. Dependency-free; runs in <1s. - main-guard.yml: run the FULL check set (migrations+typecheck+lint+test+build) on every push to main, not lint-only — so a red main (incl. an admin bypass) is caught + `main-broken` issue filed within minutes. - nightly-slice.yml + heavy-slice.yml: fail-fast preflight that refuses to branch a slice off a red main (the mechanism that propagated last night's breakage to every open PR). - lessons-learned.md: L67-L70. Companion change applied out-of-band: branch protection enforce_admins=true (the actual merge-before-green hole). The itmsx Cloudflare build is already non-required.

9f16999 * fix(stabilize-main): restore green CI after the 2026-06-01 night run The night run merged 12 slices into main with red CI (typecheck + build + test). Root causes and fixes: - integrations (TS2308/TS2315): SAP-01's config-carrying adapter contract and INTG-01's manifest contract both exported `IntegrationAdapter`/`DataResidency` via `export *`. Rename SAP's to `ConfigurableIntegrationAdapter`, single-source `DataResidency` in ./types, and re-export ./interface explicitly. - shared-db (TS2305): the schema barrel never exported the 6 tenant/sap-* schema files, so @itsmx/sap could not resolve sapConnections / SAP_AUTH_MODES / etc. Wire them into schema/index.ts. The adapter.ts `unknown->string` errors were a cascade and clear once the tables resolve. Also drop a duplicate tenant-integrations re-export and make tenant_integrations.created_by nullable. - migrations: two 0017 migrations (tenant_integrations vs integration_platform) both created tenant_integrations, breaking migratePublic() — which every integration test runs (92 failed suites). Reconcile into a single 0017_tenant_integrations (jsonb config + integration_sync_state enum) and renumber integration_platform -> 0018 (secrets + health events). - web build (string->Date): the change-calendar page passed `.toISOString()` strings to a `z.coerce.date()` input; tRPC uses superjson (preserves Date), so pass Date objects. Null-guard tRPC `.data` on calendar/sap/rules/transports. Treat tenant_integrations.config as jsonb (object) not a JSON string. - router: expose SAP connection/authorization/user-mapping/SoD/transport queries. Verified locally: pnpm typecheck / lint / build exit 0; integration suites across attachments, audit, change, cmdb, identity, incident, customization, sap pass.