chore(governance): add CI/CD governance baseline

[chitcommit]

Automated governance baseline remediation from org control loop.

[cloudflare-workers-and-pages]

Deploying with    Cloudflare Workers

The latest updates on your project. Learn more about integrating Git with Workers.

Status	Name	Latest Commit	Updated (UTC)
✅ Deployment successful! View logs	chittyintel	866a1fb	Mar 02 2026, 02:40 AM

[coderabbitai]

Warning

Rate limit exceeded

@chitcommit has exceeded the limit for the number of commits that can be reviewed per hour. Please wait 6 minutes and 43 seconds before requesting another review.

⌛ How to resolve this issue?

After the wait time has elapsed, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout.

Please see our FAQ for further information.

📥 Commits

Reviewing files that changed from the base of the PR and between 3839d75 and 866a1fb.

📒 Files selected for processing (7)

• .github/allowed-workflow-secrets.txt
• .github/secret-catalog.json
• .github/workflows/adversarial-review.yml
• .github/workflows/governance-gates.yml
• .github/workflows/identity-context-onboarding.yml
• .github/workflows/onepassword-rotation-audit.yml
• .gitleaks.toml

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch automation/governance-baseline

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 866a1fbaee

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[chatgpt-codex-connector]

Point governance gate at an existing reusable workflow

This workflow calls ./.github/workflows/reusable-governance-gates.yml, but there is no file with that name in the repository (repo-wide search for reusable-governance-gates.yml returns no matches). On pull_request and push events, GitHub cannot load the referenced reusable workflow, so this gate job will not execute as intended and can break required CI checks.

Useful? React with 👍 / 👎.

[chatgpt-codex-connector]

Use an onboarding check script that actually exists

The onboarding gate runs bash scripts/check-chitty-onboarding.sh .chittyconnect.yml, but that script is not present in this repo (only scripts/onboard.sh exists under scripts/). As written, this step exits with "No such file or directory" on every PR/push run, so the onboarding workflow always fails.

Useful? React with 👍 / 👎.

[chatgpt-codex-connector]

Invoke a rotation-audit script that exists in-repo

The rotation job calls scripts/onepassword-rotation-audit.sh, but no such script exists in the repository, so the audit cannot run and the workflow will always take the failure path on schedule/dispatch. This turns the rotation audit into persistent noise instead of a functional control.

Useful? React with 👍 / 👎.