Skip to main content

Org Model v2.3 — Reconciliation Reports

This directory is the committed audit trail for the 7-day zero-delta gate the founder uses to decide whether Org Model v2.3 Phase 2 (read cutover) is safe to flip in dev.

Parent tracker: #570 · HLD: #556 · LLD: #560 §10.1 · §10.2 · Task issue: #692

What lives here

A single markdown file per UTC day, named YYYY-MM-DD.md. Each file contains:

  1. A summary table with the number of tenants scanned, tenants with drift, total missing org_units rows, total missing org_unit_memberships rows, and the day's gate status (PASS / FAIL).
  2. A per-tenant breakdown (skipped when no tenants exist yet).
  3. A rolling-window table showing the last 7 days' gate status and drift counts.
  4. A "consecutive clean days" streak counter and a visible banner when the 7-day zero-delta gate is met.

How files land here

  • CI baseline run.github/workflows/org-v23-reconcile-report.yml runs daily at 08:00 UTC via cron. It invokes go run ./cmd/reconcile-report --baseline which emits an empty-cluster zero-drift stamp. This guarantees the 7-day gate has a continuous audit trail of file commits even before any real tenant exists. When the workflow detects a new file it opens a PR.
  • In-cluster CronJobdeploy/cron/org-v23-reconcile-report.yaml runs the same binary against a live Postgres. The rendered markdown is pushed to a PVC; an ops runbook step (documented in the cutover runbook) periodically reconciles that artefact back into this directory.
  • Manual run — any reviewer can reproduce the live report with: 
    DATABASE_URL=postgres://... \
      go run ./cmd/reconcile-report \
        --output-dir docs/runbooks/org-v23-reconciliation-reports
    Re-running on the same UTC date overwrites the day's file (idempotent).

How live alerting relates

The markdown reports are the audit trail, not the primary monitoring surface. Live drift alerting is the Prometheus rules in deploy/alerts/dualwrite.yaml against metrics emitted by internal/orgunit/dualwrite. A failing CI baseline run will show up as a GitHub status check; a failing in-cluster report will show up in both the PVC artefact and the matching Prometheus alert.

Gate criteria

Phase 2 cutover is unblocked when the last 7 consecutive daily reports show gate PASS (zero drift). See docs/runbooks/org-v23-phase2-cutover.md for the founder-operated flag-flip procedure.

Edit this page
Last updated on by upsquad-project-manager[bot]