Stella Ops Project Governance

Lazy Consensus • Maintainer Charter • Transparent Veto

Scope – applies to all repositories under
https://git.stella-ops.org/stella-ops/* unless a sub‑project overrides it with its own charter approved by the Core Maintainers.

1 · Decision‑making workflow 🗳️

Stage	Default vote	Timer
Docs / non‑code PR	`+1`	48 h
Code / tests PR	`+1`	7 × 24 h
Security‑sensitive / breaking API	`+1` + explicit `security‑LGTM`	7 × 24 h

Lazy‑consensus – silence = approval once the timer elapses.

Veto ‑1 must include a concrete concern and a path to resolution.
After 3 unresolved vetoes the PR escalates to a Maintainer Summit call.

2 · Maintainer approval thresholds 👥

Change class	Approvals required	Example
Trivial	0	Typos, comment fixes
Non‑trivial	2 Maintainers	New API endpoint, feature flag
Security / breaking	Lazy‑consensus + `security‑LGTM`	JWT validation, crypto swap

Approval is recorded via Git forge review or a signed commit trailer
Signed-off-by: <maintainer>.

3 · Becoming (and staying) a Maintainer 🌱

3 + months of consistent, high‑quality contributions.
Nomination by an existing Maintainer via issue.
7‑day vote – needs ≥ ⅔ majority “+1”.
Sign MAINTAINER_AGREEMENT.md and enable 2FA.
Inactivity > 6 months → automatic emeritus status (can be re‑activated).

4 · Release authority & provenance 🔏

Every tag is co‑signed by at least one Security Maintainer.
CI emits a signed SPDX SBOM + Cosign provenance.
Release cadence is fixed – see public Road‑map.
Security fixes may create out‑of‑band x.y.z‑hotfix tags.

5 · Escalation lanes 🚦

Situation	Escalation
Technical deadlock	Maintainer Summit (recorded & published)
Security bug	Follow Security Policy
Code of Conduct violation	See `12_CODE_OF_CONDUCT.md` escalation ladder

6 · Contribution etiquette 🤝

Draft PRs early – CI linting & tests help you iterate.
“There are no stupid questions” – ask in Matrix #dev.
Keep commit messages in imperative mood (Fix typo, Add SBOM cache).
Run the pre‑commit hook locally before pushing.

7 · Licence reminder 📜

Stella Ops is AGPL‑3.0‑or‑later. By contributing you agree that your patches are released under the same licence.

Appendix A – Maintainer list 📇

(Generated via scripts/gen-maintainers.sh – edit the YAML, not this section directly.)

Handle	Area	Since
`@alice`	Core scanner • Security	2025‑04
`@bob`	UI • Docs	2025‑06

3.2 KiB Executable File Raw Blame History Unescape Escape

Stella Ops Project Governance

1 · Decision‑making workflow 🗳️

2 · Maintainer approval thresholds 👥

3 · Becoming (and staying) a Maintainer 🌱

4 · Release authority & provenance 🔏

5 · Escalation lanes 🚦

6 · Contribution etiquette 🤝

7 · Licence reminder 📜