# Git Flow

MobiCred repositories use a simple integration flow so production branches do
not become scratch space.

## Branches

| Branch | Purpose | Rule |
| --- | --- | --- |
| `main` | Production source | Promote deliberately after a green integration branch. |
| `develop` | Active integration | Merge completed feature and fix branches here first. |
| `staging` | Release candidate | Create or update only when a staging deployment is wired. |
| `feature/*` | New capability | Branch from `develop`, merge back to `develop`, then delete. |
| `fix/*` | Defect repair | Branch from `develop`, merge back to `develop`, then delete. |
| `hotfix/*` | Urgent production repair | Branch from `main`, merge to `main` and back to `develop`. |

## Working Rules

1. Start work from the current `develop` branch.
2. Keep one concern per branch.
3. Use commit messages like `feat: add score snapshot replay` or
   `fix: forward kyc evidence`.
4. Run the narrow meaningful checks before merging.
5. Merge completed branches into `develop`.
6. Delete merged or superseded short-lived branches locally and remotely.
7. Promote to `main` only as an explicit production/release step.

## Orphan Branch Cleanup

Before merging an old branch, compare it with `develop`.

- Merge it when it adds capability that is not already present.
- Port only the missing slice when the branch is partially stale.
- Delete it when its changes are already superseded by stronger work.
- Never merge a branch that removes current API, deployment, data, or product
  safeguards without a reviewed replacement.

## Current Integration State

As of 2026-06-29, `develop` exists for:

- `service-credit-intelligence`
- `service-core-api`
- `service-api-mobile`
- `mobile-client-app`

The old `codex/*` branches for credit intelligence and KYC hardening were
integrated or superseded, then deleted after verification.
