docs: add RStack RFC ADR process

[richard-devbot]

Summary

• Adds the Roadmap: Add RFC / Architecture Decision Record process for RStack evolution #76 RFC / ADR process for research-backed RStack architecture decisions.
• Adds rfcs/README.md, rfcs/TEMPLATE.md, and initial RFC stubs for Roadmap: Add RStack Decision Queue and Definition-of-Ready readiness gate #70-Roadmap: Add untrusted contributor PR gate for protected RStack paths #75 / Roadmap: Publish RStack Spec v1alpha1 with JSON schemas and conformance examples #71.
• Adds Mintlify docs for the RFC process and research-backed design loop.
• Adds CI-backed RFC validation for filename, status, required section, numbering, and index discipline.
• Includes rfcs/ in package files and updates package asset tests.

Deep-dive findings

• Roadmap: Add research bibliography and methodology appendix for the RStack paper #77 established claims discipline and research source material; Roadmap: Add RFC / Architecture Decision Record process for RStack evolution #76 is the next dependency because it records design decisions before the runtime roadmap work begins.
• RStack has approvals, evidence, contracts, profiles, Business Hub, and research docs, but did not yet have a structured decision registry for major platform changes.
• This PR keeps the process lightweight: RFCs are markdown ADR-style records, not a heavy governance system.

RFCs added

• RFC-0001-rstack-spec-v1alpha1.md → Roadmap: Publish RStack Spec v1alpha1 with JSON schemas and conformance examples #71
• RFC-0002-decision-queue-and-readiness-gate.md → Roadmap: Add RStack Decision Queue and Definition-of-Ready readiness gate #70
• RFC-0003-cross-harness-validation.md → Roadmap: Enforce cross-harness builder/validator review independence #72
• RFC-0004-attestation-envelope.md → Roadmap: Add RStack attestation envelopes for builder, validator, and release evidence #73
• RFC-0005-traceability-drift-detection.md → Roadmap: Add traceability drift detection from requirements to tasks, evidence, and docs #74
• RFC-0006-untrusted-pr-gate.md → Roadmap: Add untrusted contributor PR gate for protected RStack paths #75

Validation

• npx tsx --test tests/validate-rfcs.test.js — 3 pass, 0 fail
• npm test — 185 pass, 0 fail
• npm run lint — pass
• npm run validate — all 196 agents passed validation
• git diff --check — pass
• npm pack --dry-run --json — package includes rfcs/README.md, six RFCs, and rfcs/TEMPLATE.md

Closes #76

Summary by CodeRabbit

• Documentation
  • Added comprehensive reference documentation for the RFC/ADR (Request for Comments/Architecture Decision Record) process and governance
  • New research-backed design decisions guide explaining how architectural decisions are developed and validated
  • Formal RFC/ADR registry now available, documenting all design decisions with status tracking, implementation roadmap, and research references

[qodo-code-review]

Qodo reviews are paused for this user.

Troubleshooting steps vary by plan Learn more →

On a Teams plan?
Reviews resume once this user has a paid seat and their Git account is linked in Qodo.
Link Git account →

Using GitHub Enterprise Server, GitLab Self-Managed, or Bitbucket Data Center?
These require an Enterprise plan - Contact us
Contact us →

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Repository UI

Review profile: CHILL

Plan: Pro Plus

Run ID: c8ab522e-afed-46a5-aa23-3708dbc811e1

📥 Commits

Reviewing files that changed from the base of the PR and between 1fc6309 and 619a1aa.

📒 Files selected for processing (4)

• README.md
• docs/mintlify/docs.json
• package.json
• tests/validate-package-assets.test.js

✅ Files skipped from review due to trivial changes (1)

• package.json

🚧 Files skipped from review as they are similar to previous changes (3)

• docs/mintlify/docs.json
• tests/validate-package-assets.test.js
• README.md

---

📝 Walkthrough

Walkthrough

This PR establishes an RFC/ADR governance framework for RStack by adding a registry, template, and six initial RFC proposals; implementing CI-backed validation for RFC structure; integrating RFC assets into the package; and publishing research-backed design documentation with Mintlify navigation.

Changes

RFC/ADR Governance Framework

Layer / File(s)	Summary
RFC registry & template foundation rfcs/README.md, rfcs/TEMPLATE.md	RFC registry defines when RFCs are required, allowed lifecycle states (Draft, Accepted, Implemented, Superseded), filename conventions with CI-enforced slug patterns, and mandatory section headings. Template provides canonical skeleton with owner label and all required sections.
RFC validation test suite tests/validate-rfcs.test.js	Test suite discovers RFC files by strict filename regex, parses status from Markdown headers, validates filename/header number alignment, checks for required sections and owner label, enforces unique and strictly sequential numbering starting from 0001, and verifies rfcs/README.md and rfcs/TEMPLATE.md exist and are indexed.
Initial RFC proposals rfcs/RFC-000{1..6}-*.md	Six RFCs propose: (1) spec-first RStack v1alpha1 with versioned JSON schemas, (2) decision queue with Definition-of-Ready gate blocking builds, (3) cross-harness validation with review independence metadata, (4) local-first attestation envelope for evidence packaging, (5) traceability drift detector scanning requirements and evidence, and (6) untrusted-PR gate requiring maintainer approval for protected paths.
Package integration & asset tests package.json, tests/validate-package-assets.test.js	Package description updated and rfcs/ directory added to published files array; asset validation test expanded to require both research/ and rfcs/ entries alongside existing extension/agent/skill/prompt/plugin directories.
Mintlify documentation pages docs/mintlify/reference/research-backed-design.mdx, docs/mintlify/reference/rfc-process.mdx	Research-backed design page outlines the development loop, workflow for turning prior art into RFC/ADR-backed implementation, evidence discipline for measured vs. hypothetical claims, and primary-source artifacts. RFC process page defines RFCs, explains their value for traceability, documents lifecycle states, describes CI validation checks with local run commands, and specifies merge rules requiring CI + operator approval.
Navigation & README updates README.md, docs/mintlify/docs.json, docs/mintlify/mint.json	README adds links to "RFC / ADR Process" and "Research-Backed Design Decisions" in Documentation section; docs.json adds both new reference pages to Business Hub and API Reference groups; mint.json adds them to the Reference group navigation.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Possibly related issues

• #76: RFC/ADR process implementation—this PR fully realizes the roadmap issue with registry, template, six initial RFCs, CI validation, and documentation.
• #71: RFC-0001 adds spec-first direction for RStack v1alpha1 with versioned JSON schemas and conformance examples matching the spec roadmap.
• #70: RFC-0002 introduces decision queue and Definition-of-Ready gate features directly aligned with the decision-queue roadmap.
• #72: RFC-0003 defines cross-harness validation with review independence metadata and enterprise enforcement matching the harness-independence roadmap.
• #75: RFC-0006 proposes untrusted-PR gate requiring maintainer approval for protected paths, implementing the access control roadmap.

Poem

📜 A hop through RStack's reasoning hall,
Where RFCs stand proud and tall,
From spec to queue to validation's call—
Each decision captured for research to recall,
A governance garden where proof flowers sprawl! 🌱✨

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	Title clearly summarizes the main change: adding RFC/ADR process documentation and CI validation to the repository.
Linked Issues check	✅ Passed	All coding requirements from issue #76 are met: rfcs/ directory structure [#76], RFC template [#76], initial RFC stubs [#76], Mintlify links [#76], research-backed design page [#76], and CI validation [#76].
Out of Scope Changes check	✅ Passed	All changes are directly scoped to issue #76: RFC documentation, Mintlify integration, CI validation tests, and package manifest updates align with stated objectives.
Docstring Coverage	✅ Passed	Docstring coverage is 100.00% which is sufficient. The required threshold is 80.00%.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

📝 Generate docstrings

• Create stacked PR
• Commit on current branch

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch docs/rfc-adr-process-76

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[mintlify]

Preview deployment for your docs. Learn more about Mintlify Previews.

Project	Status	Preview	Updated (UTC)
evoke-f0bfabff	🟢 Ready	View Preview	Jun 10, 2026, 4:21 AM

💡 Tip: Enable Workflows to automatically generate PRs for you.

[coderabbitai]

🧹 Nitpick comments (4)

rfcs/README.md (1)

32-42: ⚡ Quick win

Clarify that kebab-case slugs must be lowercase.

The filename format documentation shows examples in lowercase (rstack-spec-v1alpha1, decision-queue-and-readiness-gate), but doesn't explicitly state that the slug portion must be lowercase. The validation test at tests/validate-rfcs.test.js line 28 enforces this with the regex pattern [a-z0-9]+(?:-[a-z0-9]+)*.

📝 Proposed clarification

 RFC filenames must use this format:
 
 ```text
-RFC-000N-short-kebab-title.md
+RFC-000N-lowercase-kebab-slug.md

Examples:

</details>

<details>
<summary>🤖 Prompt for AI Agents</summary>

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In @rfcs/README.md around lines 32 - 42, Update the RFC filename guidance to
explicitly state that the kebab-case slug must be lowercase and adjust the
example filename accordingly (e.g., change "RFC-000N-short-kebab-title.md" to
"RFC-000N-lowercase-kebab-slug.md"); reference the validation regex
[a-z0-9]+(?:-[a-z0-9]+)* to make clear the slug only allows lowercase letters
and digits separated by hyphens so maintainers and contributors follow the same
rule enforced by the tests.

</details>

<!-- cr-comment:v1:c27e1e8361e78a0aa12a17ae -->

</blockquote></details>
<details>
<summary>docs/mintlify/reference/research-backed-design.mdx (1)</summary><blockquote>

`16-16`: **Clarify the NIST AI RMF naming; keep the other references in scope for a quick check.**
- NIST’s “AI RMF” is officially the “Artificial Intelligence Risk Management Framework,” and “AI RMF” is the correct abbreviation.
- Still consider confirming the formal titles/abbreviations of the other cited items (e.g., NIST SSDF, ISO/IEC 42001, OWASP, SLSA, DSSE, Sigstore) so the documentation matches current official wording.

<details>
<summary>🤖 Prompt for AI Agents</summary>

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In @docs/mintlify/reference/research-backed-design.mdx at line 16, Update the
"Research first" reference line so that "NIST AI RMF" is written with its full
formal name followed by the abbreviation (e.g., "Artificial Intelligence Risk
Management Framework (AI RMF)") while keeping the other references in scope;
also verify and standardize the formal titles/abbreviations for the other cited
items (NIST SSDF, ISO/IEC 42001, OWASP LLM Top 10, SLSA, DSSE, Sigstore, Augment
Code's AI-SDLC reference architecture, and the ai-sdlc-framework/ai-sdlc
string) to match their official naming/abbreviations and update the list
accordingly in the "Research first" bullet.

</details>

<!-- cr-comment:v1:996e6327d086092cfb97c759 -->

</blockquote></details>
<details>
<summary>docs/mintlify/reference/rfc-process.mdx (2)</summary><blockquote>

`22-31`: _⚡ Quick win_

**Hardcoded GitHub URLs reduce portability.**

The RFC registry table uses absolute GitHub URLs to `richard-devbot/SDLC-rstack`. If the repository is forked, renamed, or moved to a different organization, all six links will break. Consider using relative paths or repository-agnostic references.



<details>
<summary>♻️ Suggested relative-path approach</summary>

Mintlify typically supports relative references for content within the same repository. Consider replacing the full GitHub URLs with relative links to the RFC files:

```diff
-| [RFC-0001](https://github.com/richard-devbot/SDLC-rstack/blob/main/rfcs/RFC-0001-rstack-spec-v1alpha1.md) | Draft | [`#71`](https://github.com/richard-devbot/SDLC-rstack/issues/71) | RStack Spec v1alpha1. |
+| [RFC-0001](/rfcs/RFC-0001-rstack-spec-v1alpha1.md) | Draft | [`#71`](https://github.com/richard-devbot/SDLC-rstack/issues/71) | RStack Spec v1alpha1. |

Apply similar changes to RFC-0002 through RFC-0006.

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@docs/mintlify/reference/rfc-process.mdx` around lines 22 - 31, The table rows
for RFC-0001 through RFC-0006 use hardcoded GitHub URLs; replace each absolute
RFC file link (e.g., the [RFC-0001] link target) with a relative repository path
(e.g., relative link to rfcs/RFC-0001-...md) and change issue links (e.g.,
[`#71`], [`#70`], etc.) to repository-agnostic references or relative issue
references supported by Mintlify so links remain valid if the repo is
forked/renamed; update all six table entries (RFC-0001..RFC-0006) accordingly
and verify the rendered links still point to the correct RFC files and issues.

---

40-55: 💤 Low value

Minor command inconsistency with RFC README.

Line 54 instructs users to run npm test -- tests/validate-rfcs.test.js, but the RFC README (per context snippet from rfcs/README.md:72) instructs maintainers to run npm test. While both commands work, the README's simpler form runs all tests including RFC validation, which may be preferable for consistency.

♻️ Align with README command

-npm test -- tests/validate-rfcs.test.js
+npm test

Or clarify that the filtered command runs only RFC validation if that's the intended workflow.

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@docs/mintlify/reference/rfc-process.mdx` around lines 40 - 55, The command in
docs/mintlify/reference/rfc-process.mdx is inconsistent with the rfcs/README.md
guidance; update the example to use the README's simpler "npm test" or
explicitly state the difference: replace "npm test --
tests/validate-rfcs.test.js" with "npm test" for consistency, or keep the
current filtered command but add a clarifying sentence that "npm test --
tests/validate-rfcs.test.js" runs only the RFC validator
(tests/validate-rfcs.test.js) while "npm test" runs the full test suite,
referencing the RFC validator test name tests/validate-rfcs.test.js and the
rfcs/README.md guidance.

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Nitpick comments:
In `@docs/mintlify/reference/research-backed-design.mdx`:
- Line 16: Update the "Research first" reference line so that "NIST AI RMF" is
written with its full formal name followed by the abbreviation (e.g.,
"Artificial Intelligence Risk Management Framework (AI RMF)") while keeping the
other references in scope; also verify and standardize the formal
titles/abbreviations for the other cited items (NIST SSDF, ISO/IEC 42001, OWASP
LLM Top 10, SLSA, DSSE, Sigstore, Augment Code's AI-SDLC reference architecture,
and the `ai-sdlc-framework/ai-sdlc` string) to match their official
naming/abbreviations and update the list accordingly in the "Research first"
bullet.

In `@docs/mintlify/reference/rfc-process.mdx`:
- Around line 22-31: The table rows for RFC-0001 through RFC-0006 use hardcoded
GitHub URLs; replace each absolute RFC file link (e.g., the [RFC-0001] link
target) with a relative repository path (e.g., relative link to
rfcs/RFC-0001-...md) and change issue links (e.g., [`#71`], [`#70`], etc.) to
repository-agnostic references or relative issue references supported by
Mintlify so links remain valid if the repo is forked/renamed; update all six
table entries (RFC-0001..RFC-0006) accordingly and verify the rendered links
still point to the correct RFC files and issues.
- Around line 40-55: The command in docs/mintlify/reference/rfc-process.mdx is
inconsistent with the rfcs/README.md guidance; update the example to use the
README's simpler "npm test" or explicitly state the difference: replace "npm
test -- tests/validate-rfcs.test.js" with "npm test" for consistency, or keep
the current filtered command but add a clarifying sentence that "npm test --
tests/validate-rfcs.test.js" runs only the RFC validator
(tests/validate-rfcs.test.js) while "npm test" runs the full test suite,
referencing the RFC validator test name tests/validate-rfcs.test.js and the
rfcs/README.md guidance.

In `@rfcs/README.md`:
- Around line 32-42: Update the RFC filename guidance to explicitly state that
the kebab-case slug must be lowercase and adjust the example filename
accordingly (e.g., change "RFC-000N-short-kebab-title.md" to
"RFC-000N-lowercase-kebab-slug.md"); reference the validation regex
[a-z0-9]+(?:-[a-z0-9]+)* to make clear the slug only allows lowercase letters
and digits separated by hyphens so maintainers and contributors follow the same
rule enforced by the tests.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Repository UI

Review profile: CHILL

Plan: Pro Plus

Run ID: a08a116f-a76b-4b07-b183-4c0b5584a02c

📥 Commits

Reviewing files that changed from the base of the PR and between b339ec6 and 81fbafb.

📒 Files selected for processing (16)

• README.md
• docs/mintlify/docs.json
• docs/mintlify/mint.json
• docs/mintlify/reference/research-backed-design.mdx
• docs/mintlify/reference/rfc-process.mdx
• package.json
• rfcs/README.md
• rfcs/RFC-0001-rstack-spec-v1alpha1.md
• rfcs/RFC-0002-decision-queue-and-readiness-gate.md
• rfcs/RFC-0003-cross-harness-validation.md
• rfcs/RFC-0004-attestation-envelope.md
• rfcs/RFC-0005-traceability-drift-detection.md
• rfcs/RFC-0006-untrusted-pr-gate.md
• rfcs/TEMPLATE.md
• tests/validate-package-assets.test.js
• tests/validate-rfcs.test.js