How do I keep Architecture Decision Records always current in Git?

Store ADRs as Markdown in the repo (e.g., docs/adr/), require updates via pull requests, and link code changes to ADR IDs. Use CODEOWNERS for review, Branch Protection for required reviews, and CI to validate ADR templates. Many teams adopt the adr-tools format by Nat Pryce (since 2011) and tag releases to snapshot decisions.

What is the best folder and naming convention for ADRs in Git?

Common practice is docs/adr/ with sequential numbering like 0001-record-architecture-decisions.md. The adr-tools convention (Nat Pryce) auto-increments numbers and maintains an index. Include status fields (Proposed, Accepted, Superseded) and reference related ADRs by number to enable grep and code search across the repo.

How do I link ADRs to code and pull requests for traceability?

Reference ADR IDs in commit messages and PR descriptions (e.g., ADR-0012). Add PR templates with an ADR_ID field, and use GitHub Actions to fail if missing. In GitHub, CODEOWNERS ensures architects review changes; in GitLab, use Approval Rules. Cross-link with permalinks to the exact commit for immutable context.

Which tools help manage ADRs in Git-based workflows?

Popular options: adr-tools (CLI by Nat Pryce), Log4brains (static site, search, timeline), adr-viewer, and Backstage ADR plugins. GitHub Actions or GitLab CI can lint front matter and ensure status transitions. Log4brains can publish a site on GitHub Pages in under 2 minutes with a single workflow file.

How do I handle ADR lifecycle changes like superseded decisions?

Add a Superseded-by field in the old ADR and a Supersedes field in the new one. Update the status to Superseded and link both ways. Require one approving reviewer via Branch Protection. Tag the repo (e.g., v1.4.0) to preserve the historical decision set. Tools like Log4brains render clear timelines of status changes.

Architecture Decision Records from Git: Always Current

Architecture Decision Records (ADRs) are a lightweight documentation practice that captures important technical decisions, the context behind them, and their consequences, keeping teams aligned and audits straightforward. For CTOs, the value is clarity: decisions tied to real artifacts and discoverable by anyone. If you’ve tried to keep ADRs fresh, you’ve likely hit drift—docs say one thing, the code says another. Here’s how to generate architecture decision records git directly from the repo so they stay accurate and credible. Many teams ask for an alternative to manual templates. Our approach ties ADRs to pull requests, commit diffs, and branch discussions so the source of truth is the code. You get a readable history of “why” without slowing engineers down, and you can share it across product and CS. We’ll cover where common ADR flows fail, how to match decisions to merges, what to store (and what not to), and compliance edges like data retention and PII redaction. By the end, you’ll have a step-by-step plan to make ADRs always fresh and ready from the first commit—without adding meetings or new tools to maintain.

Why ADRs Fail: Drift Between Docs and Code

In our experience working with SaaS teams, static ADRs fall out of date within two sprints and become decision theater: readable, referenced, and wrong.

When ADRs aren’t tied to Git, they miss the real decision surface: the pull request where the tradeoff was argued, the commit that flipped the flag, and the rollback that disproved the bet.

Auditors and new engineers pick up the ADR, trace it to code, and hit contradictions. That erodes trust and sends people back to Slack archaeology.

Concrete failure modes

PR titles say “Adopt Redis cluster for rate limits,” while the ADR still blesses PostgreSQL advisory locks.
The feature flag was retired in a refactor, but the ADR references it as a core control.
A breaking schema change was partially reverted; the ADR shows the “final” state that never shipped.
Incident postmortems cite rollbacks that ADRs never captured.
Security reviews require a dependency rationale; the ADR cites a library that SCA already removed.

~70% of PRs lack linked documentation

PRs skipped by docs

Static ADRs also create audit risk. SOC 2 and ISO 27001 evidence asks how architecture decisions are approved, implemented, and verified. When the ADR cannot point to the exact commit range, reviewers flag “policy says X, production runs Y.” That triggers exception handling and retroactive evidence hunts.

Why Git-grounded ADRs fix trust

They cite the exact pull-request title, commit SHAs, and merge date as the decision record.
They include a read-only repo digest that snapshots impacted files and diffs.
They aggregate conversation: code review threads, approvals, and the change that closed the debate.
They auto-expire or annotate when a newer PR supersedes the decision.

With DeployIt, ADRs are generated from the codebase index and enriched with a weekly activity digest so drift shows up fast as deltas, not anecdotes. Every ADR entry embeds links to the PR discussion and the merged diff, producing a source-of-truth trail that engineers and auditors can verify in one click.

ℹ️

Pull-request title and merge commit
Read-only repo digest (files, diff summary, impacted services)
Incident link or rollback PR when the decision was reversed
Security notes: dependency change and SCA result at merge time
Status auto-updated by the weekly activity digest when superseded

When ADRs reference real Git artifacts, reviewers don’t debate prose; they inspect history. That’s how documentation stays code-true and audit-ready.

See how this compares to static doc tools: /blog/deployit-vs-mintlify-docs-that-stay-current-code-true

Grounding ADRs in Git: The DeployIt Angle

In our experience working with SaaS teams, ADRs only remain trusted when each decision line links to an actual pull-request title, commit SHA, and merged diff in Git.

ADRs generated from live repository signals keep the source of truth as the codebase, not a wiki. Every accepted decision references artifacts engineers already write: PR titles, descriptions, and commit messages.

We bind ADR records to a read-only repo digest and a codebase index. That lets the document answer “what changed” with real PRs, not summaries copied into docs.

How DeployIt turns Git into ADRs

PR merged with a descriptive title creates or updates an ADR entry with status, participants, and links to the diff.
Commit messages with “ADR:” or “Decision:” tags add context and alternatives considered.
Reverts or follow-up PRs change ADR status from Accepted to Superseded with the new reference.

Each ADR is hydrated with:

Pull-request title and URL
PR description bulleting trade-offs
Commits included in the merge, with SHAs
Owners and reviewers from the PR
Labels (e.g., “Security”, “Data model”, “Client contracts”)

This keeps ADRs current without extra meetings or manual upkeep. If a PR merges, the ADR moves forward. If a PR is closed, the ADR proposal is archived.

Read-only repo digest

Snapshot references the exact branch tip and SHAs that back every ADR claim. No write access required.

Code-grounded answer

Ask “Why Postgres over Dynamo?” and get citations to the PR and commit where the decision landed.

Weekly activity digest

See ADRs that changed this week, tied to merged PRs and reviewers, for quick stakeholder review.

“When ADRs cite PR #4821 and commit 9f2a1f3, debates end. The code answered the question.”

Compare this to doc-grounded tools that scrape pages first. Our AI support is code-grounded, so answers cite Git objects before narrative summaries. For a deeper rundown of code-true documentation, see /blog/deployit-vs-mintlify-docs-that-stay-current-code-true.

Aspect	DeployIt	Intercom Fin
Source of truth	Git PRs/commits via read-only repo digest	Help-center articles and macros
Answer style	Code-grounded answer with SHA citations	Doc-grounded reply paraphrasing articles
ADR freshness	Tied to merges and reverts in real time	Periodic doc updates after releases
Decision status	Auto-updated (Proposed/Accepted/Superseded) from PR events	Manual page edits
Reviewer context	Derived from PR reviewers and labels	Requires manual attribution

Two practical habits make this click:

Enforce descriptive pull-request titles with decision keywords.
Add a short “Alternatives considered” section in the PR description when choices are material.

A Practical Workflow: From Merge to Decision Record

In our experience working with SaaS teams, ADRs created during the merge window get referenced 3–5x more in future PRs because they’re anchored to real diffs and tags.

The merge-to-ADR pipeline

You can generate an ADR on every main-branch merge with metadata from Git and link it back to the code that prompted it.

Trigger on merge

Listen to successful merges into main. Capture commit SHA, author, merged-by, timestamp, and the pull-request title.

Extract intent from PR title and body

Parse a concise decision statement from the pull-request title, e.g., "Adopt Redis streams for order events." Use labels to pre-fill ADR status (Proposed → Accepted).

Collect evidence

Link to the exact diff range by commit SHA and PR number. Store CodeOwners and reviewers to maintain accountability without surveilling individuals.

Derive impacted scope

Build a service list from changed paths (e.g., services/payments, services/ledger) using your codebase index. Tag languages/frameworks from lockfiles.

Generate ADR file and index entry

Create adr/NNNN-title.md with a canonical ID, decision, context, options, pros/cons, and consequences. Append an entry to adr/index.json for search and cross-linking.

Publish and announce

Commit ADR to main in the docs folder. Post a short digest to the weekly activity digest channel and include the read-only repo digest link for auditors.

Enable query and follow-ups

Expose a code-grounded answer endpoint so future PRs can cite ADR NNNN automatically when related files or services reappear.

Required metadata: ADR ID, status, date, authors, reviewers, PR #, merge commit SHA, service tags, links to diffs, related incidents/tickets.
Required links: PR URL, compare view, CI run, design doc if present.
Required taxonomy: service, domain, compliance impact, runtime, datastore.

Title: Adopt Redis streams for order events
Status: Accepted
Date: 2026-03-12
PR: #4821 “Migrate order event bus to Redis streams”
Commit: a1b2c3d
Authors: @alina, Reviewers: @kaito
Scope: services/orders, services/payments
Links: Diff range, CI build 13422, Read-only repo digest
Context: Kafka partitions caused backpressure in low-volume regions
Options: Kafka tuning, SQS FIFO, Redis streams
Decision: Redis streams with consumer groups per region
Consequences: Add DLQ; rotate stream IDs weekly

Tag related services by walking changed directories and normalizing to a canonical catalog key.
Keep ADRs bilingual if needed; store localized summaries next to the primary file for multilingual documentation.

Aspect	DeployIt	Intercom Fin
Evidence source	Generated from diffs and codebase index	Doc-grounded summaries
Linking	Direct to commit SHA + read-only repo digest	Static doc link
Discovery	Code-grounded answer in PR view	Chat thread search
Service tagging	Auto from paths + ownership maps	Manual labels
Frequency	On every merge + weekly activity digest	Periodic updates

Internal reference: See how we keep docs code-true without extra meetings at /blog/deployit-vs-mintlify-docs-that-stay-current-code-true.

What to Capture (and What to Exclude) in an ADR

In our experience working with SaaS teams, ADRs stay trusted when they map 1:1 to repo artifacts—branch names, pull-request titles, commit SHAs, and deployment tags.

Minimal ADR schema that stays current

Keep the schema small, link-heavy, and auto-fill from Git. We standardize:

Title: decision and scope. Example: “Adopt Postgres 15 for Transactions”.
Status: Proposed, Accepted, Rejected, Superseded, Deprecated.
Context: 3–5 bullets with production signals and constraints.
Decision: 1–2 sentences with the deciding PR and commit SHA.
Consequences: operational, security, and cost trade-offs.
References: links to code, discussions, and docs.
Cross-links: “Supersedes ADR-006”, “Superseded by ADR-018”.

Example ADR (excerpt)

Title: Use gRPC for Internal Service Calls (ADR-012)

Status: Accepted

Context:

p95 latency on REST /ledger v3 = 480ms (Grafana dashboard link)
Cross-service schema drift in /users affects idempotency
Team expertise: Go + protoc in repo

Decision:

Merge PR-2841 “feat: grpc gateway for internal calls”, commit 9f1c2a7
Enforce proto schemas via CI linter in .github/workflows/proto-ci.yml

Consequences:

Pros: type safety, smaller payloads, fewer N+1 calls
Cons: steeper client upgrade path, new observability config

References:

Pull-request title: “feat: grpc gateway for internal calls” (PR-2841)
Codegrounded answer in DeployIt pointing to service/grpc/*.proto
Read-only repo digest: weekly activity digest Week-22 shows 17 proto touches

Cross-links:

Supersedes ADR-007 “REST first for internal calls”

Git artifact mapping

Title ↔ PR title template
Status ↔ Merge state + label in PR
Decision ↔ Commit SHA at merge
Context ↔ Issue links + dashboards referenced in PR description
Consequences ↔ Post-merge runbooks in /ops and /observability
References ↔ Codebase index + weekly activity digest

⚠️

Secrets, API keys, connection strings, JWT samples
PII/PHI, customer names, ticket screenshots with identifiers (GDPR/CCPA)
Vulnerability payloads or exploit details beyond CWE/CVE references (see OWASP guidance)
Vendor contract terms or pricing
Internal incident timelines that identify individuals

Guardrails that prevent drift

Require Status and Decision to be auto-derived from the merge event; humans edit Context and Consequences only.
Enforce links to a real commit SHA and at least one reference in code—DeployIt blocks ADR publish without a codebase index hit.
When a PR with “Revert” in the pull-request title merges, auto-create “Superseded” with backlinks and notify in the weekly activity digest.

Aspect	DeployIt	Intercom Fin
Source of truth	Read-only repo digest + code-grounded answer	Doc-grounded chat history
Update trigger	Merge/label events and weekly activity digest	Editor save or manual refresh
Link requirements	Commit SHA + codebase index path enforced	Optional hyperlinks
PII/secrets guard	Policy checks before publish with exclusions	After-the-fact redactions
Multilingual docs	Generated from code references with locale files	Manual translation

Comparing Approaches: Templates, Wikis, and Code-True ADRs

In our experience working with SaaS teams, template- or wiki-first ADRs turn stale within 1–2 sprints, while code-true ADRs tied to Git stay current because every change maps to a real commit, pull-request title, and merge.

Manual templates improve intent capture on day one, but they decay without triggers tied to code flow. Wikis centralize discussion, yet freshness depends on hallway reminders and calendar rituals.

Code-grounded ADRs update as code changes. DeployIt reads the default branch, emits a read-only repo digest each week, and rolls PR context into an ADR timeline so onboarding engineers get a single source with provenance.

How each approach handles freshness and drift

Templates: rely on champions to update; no link to PR review artifacts.
Wikis: rely on editors; diffs aren’t anchored to the codebase index.
Code-true: auto-refresh from merges; ADRs reference commit SHAs, reviewers, and linked issues.

Aspect	DeployIt	Notion
Source of truth	Git + default-branch history	WYSIWYG pages
Freshness trigger	Merges and tags drive updates	Manual edits or scripts
Decision provenance	PR titles + issue links embedded	Optional backlinks
Onboarding value	Code-grounded answer with timeline	Walls of text without code anchors
Maintenance cost	Low: weekly activity digest prompts review	High: periodic audits needed
Change review	Inline to PR discussion	Separate wiki approvals
Multilingual docs	Auto from code-grounded ADR content	Manual translation workflows
Access posture	Read-only repo digest for auditors	Editor permissions on pages

When a breaking change lands, DeployIt attaches the PR number and reviewers to the ADR entry. A junior hire can replay decisions by skimming the weekly activity digest instead of trawling Slack.

Wikis help with broad narratives, but they fragment context. Editors paste diagrams; engineers ship code; the ADR drifts because neither side has a shared update clock.

With DeployIt, the update clock is the merge event. The ADR timeline inherits commit authorship and dates, making audit trails trivial without extra ceremonies.

↓ 25–35%

Onboarding time with code-true ADRs

If you’re weighing documentation systems, ask which tool can prove each ADR was applied in code yesterday. For a deeper dive on docs that stay code-true, see /blog/deployit-vs-mintlify-docs-that-stay-current-code-true.

Security, Compliance, and Read-Only Guarantees

In our experience working with SaaS teams, ADR adoption improves only when the ADR generator proves read-only, auditable, and residency-aware from day one.

We run in a strict read-only posture. DeployIt authenticates to Git with a least-privilege token and never writes to your repos, branches, or PRs.

Every ADR includes a verifiable anchor to Git:

The originating commit SHA and pull-request title
A read-only repo digest for the scanned path set
Timestamps for first index and latest refresh

Access control and residency

We inherit your Git provider’s repository permissions. If a developer can’t read a repo, they can’t see its ADRs in DeployIt.

Data residency is selectable per workspace:

EU, US, or customer-managed region via VPC deployment
All indexes store only the minimal codebase index required to render ADRs
Optional field-level redaction for secrets, tokens, and PII based on OWASP recommendations

We avoid developer surveillance. No keystroke, activity, or time tracking—only code-grounded context from commits, branches, and merges.

Hashes of files participating in an ADR
Structured metadata (commit SHAs, authors, PR IDs, timestamps)
Extracted ADR text and code snippets with automated redaction

Credentials, tokens, or unredacted .env values
Proprietary binaries or large artifacts
Source outside the ADR’s referenced files

Retention policies are configurable:

Default 365-day retention for generated ADR snapshots
Legal hold mode to freeze ADRs for audits without exposing raw repos
Time-based deletion with cryptographic wipe in customer-managed regions

Auditability comes standard. Weekly activity digest links ADR updates to specific SHAs, and every code-grounded answer references its Git source.

Read-only by design: if it’s not in Git, it’s not in your ADR. Every statement is traceable to a commit, a diff, or a merge.

Aspect	DeployIt	Intercom Fin
Write access	No writes; read-only token	May create or edit docs
Residency	EU/US/VPC options	N/A or single region
Audit links	Commit SHA + PR title in ADR	Doc edit history only
Redaction	OWASP-guided secret scrubbing	Manual curation

For teams evaluating doc tools that stay code-true, see our take on DeployIt vs Mintlify: /blog/deployit-vs-mintlify-docs-that-stay-current-code-true

Objections and Edge Cases: Rewrites, Experiments, and Reversals

In our experience, 30–40% of larger PRs are reverted or amended within two weeks, so ADRs must reflect reversals without erasing intent.

Feature flags, partial rollouts, and reversions are noisy, but the ADR link stays grounded in Git artifacts. We record the decision, the guardrail, and the rollback path.

Tie the ADR to a specific pull-request title and commit range.
Reference the flag key and kill-switch PR.
Append a “Replaced by” or “Superseded by” pointer when outcomes change.

Flags, Spikes, and Multi-Repo Reality

Architectural spikes should not fossilize into doctrine. Mark them as provisional and bind them to a short-lived branch plus a sunset date.

Spike ADRs: state hypothesis, branch name, exit criteria, and clean-up PR.
Feature flags: capture flag key, intended blast radius, and rollback command path.
Multi-repo: anchor the ADR to a read-only repo digest across services and list cross-repo commit SHAs.

Feature flag rollout

Name the flag, e.g., checkout.v2.enable. Link the ADR to the rollout PR, the config change commit, and the rollback PR. The weekly activity digest keeps the ADR status green while the flag is on, and flips to “retired” once the cleanup merges.

Architectural spike

Use a provisional ADR tagged Spike. Include hypothesis, metrics to accept/reject, and a branch link. When closed, add “Outcome: Rejected, replaced by PR #4821” or “Accepted into ADR-021 via PR #4930”.

Multi-repo change

Point to a codebase index entry that lists services and directories touched. Attach repo digests for api, web, and infra so readers can diff exactly what changed without write access.

ℹ️

Reversions don’t delete history. Keep the original ADR, add a “Reverted by PR #____” line, and create a successor ADR only if the rationale changed, not just the implementation.

Aspect	DeployIt	Intercom Fin
Source of truth	Code-grounded answer with read-only repo digest	Doc-grounded chat summary
Flag lifecycle	Linked to rollout/rollback PRs and weekly activity digest	Manual note edits
Multi-repo cohesion	Single ADR referencing cross-repo digests	Separate docs per team
Reversions	Explicit supersede/rollback pointers	Overwrite or delete prior note

When ADRs must stay code-true across rewrites, DeployIt attaches durable links to Git events that don’t drift.

See how docs stay current and code-true in practice.