potiuk opened a new pull request, #426:
URL: https://github.com/apache/airflow-steward/pull/426
## What & why
Promotes the two `apache/comdev` MCP servers from opt-in to **mandatory
pre-flight prerequisites for ASF projects**, and requires them to be
installed from — and kept on — the **latest `main`** of `apache/comdev`.
The servers (`ponymail-mcp`, `apache-projects-mcp`) ship as in-repo source
with no tagged releases, so `main` is the only channel. Tracking `main`
rather than a pinned tag is an **intentional exception** to the framework's
pin-with-cooldown convention for system tools (`bubblewrap` / `socat` /
`claude-code`) — documented as such in both adapter docs.
## Changes
**New adapter**
- `tools/apache-projects/` (`README.md` + `tool.md`) — the
`apache-projects-mcp`
server (read-only ASF rosters / people / releases; no auth).
**Manifest + prerequisites**
- `projects/_template/project.md`: `ponymail` → `mandatory: yes` (ASF
default);
new `project_metadata` block (`apache-projects`, `mandatory: true`).
- `docs/prerequisites.md`: PonyMail mandatory-for-ASF; new §8 for the
apache-projects metadata MCP.
- `tools/ponymail/tool.md`: install from comdev `main` + "Keeping the
checkout current".
**Pre-flight gates**
- `contributor-nomination` gates on the apache-projects MCP and uses it for
Apache-ID verification + vendor-neutrality.
- `security-issue-import` / `security-issue-sync` hard-stop when PonyMail is
unavailable **or unauthenticated** (ASF default).
**Lifecycle wiring (`setup-steward`)**
- `adopt.md` Step 9c — install both servers from latest comdev `main`.
- `upgrade.md` Step 6e — refresh the checkout (fetch + print `git pull
--ff-only`).
- `verify.md` check 8e — registered + authenticated + on-`main`/not-behind.
- `setup-isolated-setup` verify/update — on-`main` + not-behind assertions.
**Plumbing**
- `permission-audit` (+ test) and the allow-lists add the
`mcp__apache-projects__*` read tools; `sandbox-lint` baseline mirrors them
(M.29).
Non-ASF adopters are unaffected — every gate keys off the manifest's
`mandatory` flags, which non-ASF adopters override to `false`.
## Testing
`pre-commit` full suite green (ruff, mypy, workspace pytest, skill-and-tool
validator, sandbox-lint); lychee link/anchor check clean.
Generated-by: Claude Code (Opus 4.8)
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
