Configuration safety
This issue tracks a recurring review-feedback class from the EvalOps review feedback sentinel.
- Class:
configuration-safety
- Score:
160
- Findings:
2
- Repos:
evalops/deploy
- Generated at:
2026-06-07T12:51:37Z
- Window: merged since
2026-06-04 with minimum severity high
Guardrail to build
Add desired-state validation that renders and checks configuration invariants before apply or merge.
Representative feedback
p1 evalops/deploy#5372 k8s/kyverno-policies/gitops-only-workload-admission.yaml:64
p1 evalops/deploy#5351 infrastructure/gcp/stacks/60-bazel-remote-execution/main.tf:97
Finding fingerprints
e211061a044b615a2f09c74e85e91b8756abcb504a4d4e7156bca701ca4a35dee477db06afb475024c16973408ba2fb833a6b614eeac184056d26953a9f22215
Acceptance criteria
- The class has an owner repo and a concrete guardrail location.
- The guardrail fails for at least one representative feedback shape listed above.
- The guardrail is wired into the smallest relevant CI or preflight target.
- The issue is closed only after the guardrail has merged and the feedback sentinel no longer ranks this class as an unaddressed candidate.
Configuration safety
This issue tracks a recurring review-feedback class from the EvalOps review feedback sentinel.
configuration-safety1602evalops/deploy2026-06-07T12:51:37Z2026-06-04with minimum severityhighGuardrail to build
Add desired-state validation that renders and checks configuration invariants before apply or merge.
Representative feedback
p1evalops/deploy#5372 k8s/kyverno-policies/gitops-only-workload-admission.yaml:64p1evalops/deploy#5351 infrastructure/gcp/stacks/60-bazel-remote-execution/main.tf:97Finding fingerprints
e211061a044b615a2f09c74e85e91b8756abcb504a4d4e7156bca701ca4a35dee477db06afb475024c16973408ba2fb833a6b614eeac184056d26953a9f22215Acceptance criteria