feat(kernel-iac): folder hierarchy and permissions drift detection

[amaralc]

What and why was modified?

• Implement automated GCP folder hierarchy provisioning from repository structure as source of truth
• Add folder-level IAM permissions management to eliminate manual drift
• Create drift detection workflow to catch folder/permissions divergence from repository intent
• Consolidate insights documentation for infrastructure patterns and decisions

How was it modified?

• New Terraform modules:

  • gcp-folder-hierarchy/: Provisions folder trees from repo path structure with atomic operations
  • repo-path-to-hierarchy/: Transforms repository paths into GCP folder names and hierarchy

• Bootstrap automation:

  • Updated project-setup.sh to use new hierarchy modules
  • Enhanced idempotent checks before resource creation

• Drift detection:

  • Added teams-kernel-workflows-drift-detection.yml to detect folder/IAM divergence

• Documentation:

  • Added insights on package.json as explicit project markers
  • Documented path.module hierarchy extraction patterns
  • Updated long/short-term insights for organizational learning

Reference links and evaluation steps

• Review Terraform modules: teams/kernel/iac-modules/gcp-folder-hierarchy/
• Review bootstrap script: teams/kernel/iac/bootstrap/project-setup.sh
• Verify drift detection workflow: .github/workflows/teams-kernel-workflows-drift-detection.yml
• Run: terraform init && terraform plan in production IaC to validate changes

Experiment Record

Field	Details
Date and step	See branch: 256-folder-and-permissions-drift
Expected result and how to measure	Folder hierarchy auto-provisions from repo structure; drift detection catches divergence within 24h; no manual folder/IAM corrections needed
Coach	N/A @
Type of experiment	Go and see Exploratory Testing hypothesis
What happened	Implemented unified provisioning model reading repository structure as source of truth for GCP folder hierarchy and IAM permissions
What did we learn	Repository structure as authoritative source eliminates drift risk and manual maintenance; drift detection provides continuous verification signal

Next step

Link to follow-up obstacles or new experiments if discovered during testing.

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
explore	Ready	Preview, Comment	Feb 18, 2026 11:19am

[coderabbitai]

Important

Review skipped

Draft detected.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

• 🔍 Trigger review

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch 256-folder-and-permissions-drift

Tip

Issue Planner is now in beta. Read the docs and try it out! Share your feedback on Discord.

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[nx-cloud]

View your CI Pipeline Execution ↗ for commit 0d89f94

Command	Status	Duration	Result
nx affected --target=build --base=origin/main -...	✅ Succeeded	<1s	View ↗
nx affected --target=test --base=origin/main --...	✅ Succeeded	<1s	View ↗
nx affected --target=lint --base=origin/main --...	✅ Succeeded	<1s	View ↗

---

☁️ Nx Cloud last updated this comment at 2026-02-18 11:22:27 UTC

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud