activeUpdated Feb 19, 2026, 8:25 PM
Policy ID js758cjes6hfq8gvsg43n9z10x81fqwg
Schema-derived client generation must have a clear source of truth. Rationale: - Unclear ownership of generated artifacts causes drift and non-reproducible builds. Scope: - PR review policy for Python services that generate API client code from OpenAPI/schema inputs. Trigger: - A PR adds or changes schema snapshot/reduction/codegen inputs, generated client policy, or generation scripts. Approval checks: 1) Committed source-of-truth inputs are explicit (schema/snapshot + transformation/codegen config). 2) Generated artifact policy is explicit and consistent: - generated code committed intentionally and maintained, or - generated code treated as ephemeral and reproducibly generated. 3) Runtime/quality entrypoints enforce generated-client freshness before use. Evidence: - Diff shows source-of-truth inputs and generation policy alignment (`.gitignore`, scripts, docs, CI). Exception path: - Allow deviation only when all are true: 1) PR description includes `Policy Exception: python-openapi-source-of-truth`. 2) PR explains why default artifact policy is unsuitable. 3) PR documents replacement reproducibility controls. Decision: - Return NOT APPROVED when trigger is met and source-of-truth/freshness controls are unclear without a valid exception.