- Bug fix (non-breaking)
- New feature (non-breaking)
- Refactoring (non-breaking)
- Documentation
- Breaking change (requires MAJOR version bump — see VERSIONING.md)
- Security fix
- Other:
- MAJOR version bump planned in
VERSIONandCMakeLists.txt - Migration guide added in
docs/migration/ - Announcement prepared for GitHub Discussions (≥ 2 weeks before release)
- CHANGELOG
### Removed/### Changedsection updated
- Unit tests added/updated
- Integration tests added/updated
- Manual testing performed
- Benchmarks run (if performance-sensitive change)
-
Impacted tier(s):
- T0 Trusted Core
- T1 Security & Platform Services
- T2 Data Plane Engines
- T3 Interface & Protocol Edge
- T4 Managed Extension Runtime
- T5 Plugin Boundary
- N/A (docs-only / non-runtime)
-
Trust-boundary crossings documented in PR description (example: T3 -> T2, T5 -> T4 brokered call)
-
Boundary controls validated for affected T3/T4/T5 paths (AuthN/AuthZ, validation, rate limits, audit)
-
Boundary-focused tests added/updated or explicit N/A rationale provided
-
If trust level/privilege increased, security maintainer approval is attached
- Diese PR basiert auf wissenschaftlichen Paper(s) oder Best Practices?
- Falls JA: Research-Dateien in
/docs/research/angelegt? - Falls JA: Im Modul-README unter "Wissenschaftliche Grundlagen" verlinkt?
- Falls JA: In
/docs/research/implementation_influence/eingetragen?
- Falls JA: Research-Dateien in
Relevante Quellen:
- Paper:
- Best Practice:
- Architecture Decision:
- Symbol-Referenzen mit
GetSymbolReferences_CppToolsgeprüft (siehe.github/instructions/cpp-language-service-tools.instructions.md) - Keine rohen Pointer und kein
new/deleteohne explizites Review eingeführt - RAII und Exception-Safety für neue/angepasste Pfade geprüft
- Keine unnötig komplexen KI-Abstraktionen eingeführt
- Performance-Metriken geprüft, falls Hotpath betroffen
- Findings-first review performed with
.github/prompts/pr-diff-findings-review.prompt.md - Security hardening review performed for security-sensitive/runtime changes with
.github/prompts/security-hardening-review.prompt.md(or N/A documented) - API impact review performed for API/contract changes with
.github/prompts/api-change-impact-review.prompt.md(or N/A documented) - All Critical/High findings are resolved or explicitly accepted with rationale in PR description
- Residual risks and follow-up actions documented in PR description
- Severity policy applied according to
.github/copilot/REVIEW_SEVERITY_POLICY.md
-
High-finding exception claimed in this PR
-
Finding reference:
-
Maintainer approver:
-
Mitigation in current release:
-
Target fix milestone:
-
Tracking issue:
-
Validation evidence:
- Release readiness reviewed with
.github/prompts/release-readiness-check.prompt.mdfor branch transition scope - Branch governance validated against
BRANCHING_STRATEGY.mdandRELEASE_STRATEGY.md - Versioning/changelog impact validated against
VERSIONING.mdandCHANGELOG.md
- Code follows project style guidelines (clang-format / clang-tidy)
- Self-review completed
- Documentation updated (if needed)
- CHANGELOG.md updated under
[Unreleased] - No new warnings introduced
- Security-sensitive paths reviewed by security maintainer (if applicable)
- IntelliSense/Compiler: no new errors in changed files
- clang-tidy/cppcheck: no new high-risk findings in changed files
- Gap Scanner: no new
criticalfindings in categoriessecurity,input_validation,query_correctness,distributed_consistency,concurrency,memory - Gap Scanner: no new
highfindings in the same categories (or explicitly approved) - Gap Scanner delta report attached (baseline vs current), not only absolute totals
- New
unknownscanner findings triaged (fixed, re-categorized, or justified)