CLDMV/.github v4 — Ruleset Generator

Generates GitHub Ruleset JSON for the three v4 branches. After downloading, import each in your consumer repo: Settings → Rules → Rulesets → New ruleset → "Import a ruleset".

Repo settings Team size (optional) Selecting a team size pre-fills the approvals count below. You can override. Required approvals Number of approving reviews required before a PR can be merged. Default 1. Require Code Owner reviews on hotfixes Off by default. Requires a CODEOWNERS file at .github/, the repo root, or docs/ — without that file the rule is a silent no-op. Affects the hotfixes ruleset only. Require Copilot Code Review (next + hotfixes) Off by default — enabling costs money. Adds the copilot_code_review rule to next and hotfixes — the branches where feature / hotfix PRs actually land and need review. Master PRs are release bundles assembled from already-reviewed commits, so Copilot review there adds no signal. Every PR to next / hotfixes triggers a Copilot review against your org's Copilot subscription quota. Only enable if you have a paid Copilot tier and want AI review gating every change. Add the bot App to next + hotfixes bypass (recommended) The v4 reset/merge workflows (§6.3, §7.2) push to next/hotfixes as your bot's GitHub App; without bypass GitHub blocks them (GH013 / non_fast_forward). Checked = the bot is pre-added to those two rulesets so you skip the manual UI step. Uncheck to opt out — e.g. you'll add the bot by hand, or your flow doesn't reset those branches as the App. master is never given bot bypass. Bot GitHub App ID The bot App's numeric App ID (Org → Settings → Developer settings → GitHub Apps → your bot → "App ID"). Defaults to CLDMV's bot. If this is blank or non-numeric, the bot is not added even when the box above is checked.

Bot bypass is pre-added by default. With the checkbox above left on, the generated next.json / hotfixes.json already list your bot App in bypass_actors — no manual step needed. The v4 reset/merge workflows (§6.3, §7.2) push as the bot and would otherwise be blocked by non_fast_forward / require-PR.

If you opted out (or left the App ID blank), add it after import: open the imported ruleset → Bypass list → Add bypass → select your bot's GitHub App. master never needs bot bypass.

`master.json` — production branch

`next.json` — integration branch

`hotfixes.json` — hotfixes lane

Notes:

The required-check name is hardcoded as ✅ Required PR Check. If your repo's check uses a different name, edit the imported ruleset after import.
Merge methods are per-branch: master uses ["squash"] so each release lands as one clean commit; next and hotfixes use ["merge"] only — "Create a merge commit" preserves the PR's original signed commits intact. GitHub's "Rebase and merge" web-UI button re-creates commits server-side and strips GPG signatures, so it's deliberately disallowed on the staging branches. The slightly noisier git log on next/hotfixes is invisible at the master level: the master squash collapses the entire range (merge commits included) into one clean signed commit per release.
next.json intentionally omits required_linear_history so §7.2's master-into-next API merge can produce a merge commit when needed.
The bot App is pre-added to next/hotfixes bypass_actors by default (uncheck the box, or blank the App ID, to opt out). It is never added to master.

CLDMV/.github v4 — Ruleset Generator

master.json — production branch

next.json — integration branch

hotfixes.json — hotfixes lane

`master.json` — production branch

`next.json` — integration branch

`hotfixes.json` — hotfixes lane