Initial commit (history squashed)

docs/11_GOVERNANCE.md

@@ -0,0 +1,93 @@
+# Stella Ops Project Governance  
+*Lazy Consensus • Maintainer Charter • Transparent Veto*
+
+> **Scope** – applies to **all** repositories under  
+> `https://git.stella-ops.org/stella-ops/*` unless a sub‑project overrides it
+> with its own charter approved by the Core Maintainers.
+
+---
+
+## 1 · Decision‑making workflow 🗳️
+
+| Stage | Default vote | Timer |
+|-------|--------------|-------|
+| **Docs / non‑code PR** | `+1` | **48 h** |
+| **Code / tests PR** | `+1` | **7 × 24 h** |
+| **Security‑sensitive / breaking API** | `+1` + explicit **`security‑LGTM`** | **7 × 24 h** |
+
+**Lazy‑consensus** – silence = approval once the timer elapses.
+
+* **Veto `‑1`** must include a concrete concern **and** a path to resolution.  
+* After 3 unresolved vetoes the PR escalates to a **Maintainer Summit** call.
+
+---
+
+## 2 · Maintainer approval thresholds 👥
+
+| Change class | Approvals required | Example |
+|--------------|-------------------|---------|
+| **Trivial** | 0 | Typos, comment fixes |
+| **Non‑trivial** | **2 Maintainers** | New API endpoint, feature flag |
+| **Security / breaking** | Lazy‑consensus **+ `security‑LGTM`** | JWT validation, crypto swap |
+
+Approval is recorded via Git forge review or a signed commit trailer  
+`Signed-off-by: <maintainer>`.
+
+---
+
+## 3 · Becoming (and staying) a Maintainer 🌱
+
+1. **3 + months** of consistent, high‑quality contributions.  
+2. **Nomination** by an existing Maintainer via issue.  
+3. **7‑day vote** – needs ≥ **⅔ majority** “`+1`”.  
+4. Sign `MAINTAINER_AGREEMENT.md` and enable **2FA**.  
+5. Inactivity > 6 months → automatic emeritus status (can be re‑activated).
+
+---
+
+## 4 · Release authority & provenance 🔏
+
+* Every tag is **co‑signed by at least one Security Maintainer**.  
+* CI emits a **signed SPDX SBOM** + **Cosign provenance**.  
+* Release cadence is fixed – see [public Road‑map](../roadmap/README.md).  
+* Security fixes may create out‑of‑band `x.y.z‑hotfix` tags.
+
+---
+
+## 5 · Escalation lanes 🚦
+
+| Situation | Escalation |
+|-----------|------------|
+| Technical deadlock | **Maintainer Summit** (recorded & published) |
+| Security bug | Follow [Security Policy](../security/01_SECURITY_POLICY.md) |
+| Code of Conduct violation | See `12_CODE_OF_CONDUCT.md` escalation ladder |
+
+---
+
+## 6 · Contribution etiquette 🤝
+
+* Draft PRs early – CI linting & tests help you iterate.  
+* “There are no stupid questions” – ask in **Matrix #dev**.  
+* Keep commit messages in **imperative mood** (`Fix typo`, `Add SBOM cache`).  
+* Run the `pre‑commit` hook locally before pushing.
+
+---
+
+## 7 · Licence reminder 📜
+
+Stella Ops is **AGPL‑3.0‑or‑later**. By contributing you agree that your
+patches are released under the same licence.
+
+---
+
+### Appendix A – Maintainer list 📇
+
+*(Generated via `scripts/gen-maintainers.sh` – edit the YAML, **not** this
+section directly.)*
+
+| Handle | Area | Since |
+|--------|------|-------|
+| `@alice` | Core scanner • Security | 2025‑04 |
+| `@bob` | UI • Docs | 2025‑06 |
+
+---