Spotify's take on ADRs is great, but how do you enforce them at scale?

5•iamalizaidi•1h ago

Hey HN,

I built Decision Guardian — an open-source GitHub Action and CLI that automatically surfaces architectural decisions as PR comments when code touches protected files. The problem it solves:

Spotify published a great post in 2020 about when to write Architecture Decision Records. I followed the advice. My team wrote ADRs. They sat in docs/adr/. Nobody read them before opening a PR.

https://engineering.atspotify.com/2020/04/when-should-i-write-an-architecture-decision-record

The gap isn't documentation — it's surfacing. The right moment to surface a decision isn't onboarding or sprint planning. It's when someone is actively editing the code the decision protects.

How it works:

1) Write decisions in a Markdown file (compatible with existing ADRs) 2) Add the GitHub Action to your workflow 3) When a PR modifies protected files, Decision Guardian posts the relevant decisions as a comment automatically

Decision format (plain Markdown):

## Decision: Use Postgres for Billing

*Status*: Active *Severity*: Critical

*Files*: - `src/db/*/*.ts`

### Context We evaluated Postgres vs MongoDB. Billing requires ACID compliance. MongoDB was rejected — no transaction guarantees.

Features worth calling out:

1) Severity levels (Critical / Warning / Info) — can block PRs on critical violations 2) Advanced matching: glob patterns, regex, content-based rules, boolean logic 3) CLI works with any CI (GitLab, Jenkins, CircleCI, pre-commit hooks) 4) Handles PRs with 3000+ files without OOM 5) Idempotent comments — no spam, updates in place 6) Zero external network calls — nothing leaves your GitHub runner 7) 109 tests, ReDoS protection, path traversal protection

vs. CODEOWNERS: CODEOWNERS assigns reviewers. This explains why the review matters. Best used together. vs. Danger.js: Danger requires code. This requires Markdown. Non-JS engineers can own their decisions.

It's MIT licensed, single-step GitHub Action or npx decision-guardian CLI.

Happy to answer questions.

Repo: https://github.com/DecispherHQ/decision-guardian

Comments

guerython•46m ago

We run a similar enforcement hook: every ADR becomes a 4-part plan (context, decision, scorecard, guard). A GitHub action watches the guarded files, expects a `{status:'ok'}` response when the plan still holds, counts retries/cost spikes per plan, and if any guard trips it flags the PR discussion and pauses the pipeline until the safety team approves a diff. That keeps the ADR in the loop instead of just filing it away, and the guard logs give us a data point to explain why a change was denied. Curious how you tie those ADRs back into your toolchain when something trips a guard?

Show HN: Ask Mob

Show HN: A Kotlin Multiplatform app that works on watch, CLI, browser extension

NY bill would prohibit AI chatbots from giving legal advice

Show HN: Generate random, valid US residential addresses for testing

Unbound Video AI is the most unrestricted AI video tool I've tried in 2026

A timeline of cyber attacks:home users, contractors, and SMBs are now targets

Iran unleashes Shahed drones aimed at targets across Middle East

Shutting down, open sourced private AI document server

Zuckerberg's internal emails rendered as Facebook Messenger

Daily LNG freight rates jump over 40% amid Mideast strikes

Solar Time vs. Standard Time heat map chart

Show HN: One-click ComfyUI setup for RTX 50-series on Windows (cu130, no Docker)

Ask HN: Codex CLI error reveals "GPT-5.4-ab-arm2" string

The Optimization Trap: Why the Birth Rate Can't Be Fixed

OpenAI, Pentagon add more surveillance protections to AI deal

Meteorologist warns federal cuts are undermining weather forecasts nationwide

Decimal Time (French Republican Clock)

Made a register-based bytecode VM in C, heres how the handler table works

The exploitation paradox in open source

Coasty automates anything – this post was written by the CUA itself

"Here is a re-post of an internal note"

Ars Technica Fires Reporter After AI Controversy Involving Fabricated Quotes

Show HN: PHP 8 disable_functions bypass PoC

Anthropic Adds Free Memory Feature and Import Tool to Lure ChatGPT Users

LibreOffice hits back at critics, says its UI is better than Microsoft Office's

Dyndispatch – Dynamic Dispatch for Python

China-based assets being removed from the Asset Store on March 31st

Odido Security Breach – 6M Customers (Full Timeline and Analysis)

Show HN: VCBacked – Find venture funded startups for your business, fund, agency

Show HN: Evan-proxy, better teenager phone management