feat(pipeline): add deploy-staging gate before prod deploy (ORCH-35)

src/qg/checks.py

@@ -440,6 +440,100 @@ def check_deploy_status(repo: str, work_item_id: str, branch: str | None = None)
     return False, "Deploy log not found (14-deploy-log.md)"
 
 
+
+def _parse_staging_status(content: str) -> tuple[bool, str]:
+    """Parse a 15-staging-log.md body and map its `staging_status:` frontmatter to a
+    quality-gate verdict. Reads ONLY the machine-readable YAML field, never prose.
+
+      staging_status: SUCCESS -> (True,  "Staging status: SUCCESS")
+      staging_status: FAILED  -> (False, "Staging status: FAILED")
+      missing field / no frontmatter / bad YAML -> (False, <reason>)
+    """
+    import yaml
+    status = None
+    if content.startswith("---"):
+        parts = content.split("---", 2)
+        if len(parts) >= 3:
+            try:
+                fm = yaml.safe_load(parts[1]) or {}
+            except yaml.YAMLError as e:
+                return False, f"Invalid YAML frontmatter in staging log: {e}"
+            status = str(fm.get("staging_status", "")).upper().strip()
+    if status == "SUCCESS":
+        return True, "Staging status: SUCCESS"
+    if status == "FAILED":
+        return False, "Staging status: FAILED"
+    return False, f"No machine-readable staging_status in frontmatter (got: {status!r})"
+
+
+def _staging_log_from_main(repo: str, work_item_id: str) -> str | None:
+    """Best-effort read of 15-staging-log.md from origin/main on the shared clone.
+
+    The deployer writes 15-staging-log.md and merges the staging artifacts into main
+    via a separate PR (mirroring the deploy-log pattern), so the file lands in
+    origin/main, NOT in the feature branch worktree the gate normally reads.
+    This recovers it from main.
+
+    Degrades gracefully: any git failure (no clone, network/fetch error, file
+    absent in main) returns None instead of raising, so the caller falls back to
+    the plain "not found" verdict. Never raises.
+    """
+    repo_clone = os.path.join(settings.repos_dir, repo)
+    if not os.path.isdir(os.path.join(repo_clone, ".git")):
+        return None
+    rel = f"docs/work-items/{work_item_id}/15-staging-log.md"
+    try:
+        # Refresh origin/main so we see freshly-merged staging artifacts.
+        subprocess.run(
+            ["git", "-C", repo_clone, "fetch", "origin", "main"],
+            check=False, capture_output=True, timeout=30,
+        )
+        show = subprocess.run(
+            ["git", "-C", repo_clone, "show", f"origin/main:{rel}"],
+            check=False, capture_output=True, text=True, timeout=15,
+        )
+    except (subprocess.SubprocessError, OSError) as e:
+        logger.warning("staging-log origin/main lookup failed for %s/%s: %s", repo, work_item_id, e)
+        return None
+    if show.returncode != 0:
+        return None
+    return show.stdout
+
+
+def check_staging_status(repo: str, work_item_id: str, branch: str | None = None) -> tuple[bool, str]:
+    """
+    Gate the deploy-staging -> deploy transition on the deployer's machine-readable
+    verdict in 15-staging-log.md frontmatter (staging_status: SUCCESS|FAILED).
+
+    Mirrors check_deploy_status (БАГ 8): reads ONLY the machine-readable YAML field,
+    never the body prose. The deployer runs the staging test suite against localhost:8501
+    and writes the verdict into 15-staging-log.md.
+
+    Lookup order: worktree -> origin/main -> not found.
+
+    Returns:
+      (True, ...)  -> staging_status: SUCCESS
+      (False, ...) -> staging_status: FAILED, missing field, or no frontmatter
+    """
+    repo_path = _repo_path(repo, branch)
+    log_path = os.path.join(repo_path, f"docs/work-items/{work_item_id}/15-staging-log.md")
+
+    if os.path.isfile(log_path):
+        try:
+            with open(log_path, "r") as f:
+                content = f.read()
+        except OSError as e:
+            return False, f"Error reading staging log: {e}"
+        return _parse_staging_status(content)
+
+    # Not in the feature worktree — the deployer may have merged it into main.
+    main_content = _staging_log_from_main(repo, work_item_id)
+    if main_content is not None:
+        return _parse_staging_status(main_content)
+
+    return False, "Staging log not found (15-staging-log.md)"
+
+
 # Registry for dynamic lookup by name
 QG_CHECKS = {
     "check_analysis_approved": check_analysis_approved,
@@ -451,4 +545,5 @@ QG_CHECKS = {
     "check_reviewer_verdict": check_reviewer_verdict,
     "check_tests_local": check_tests_local,
     "check_deploy_status": check_deploy_status,
+    "check_staging_status": check_staging_status,
 }