9e5e958d42
Some checks failed
Docs CI / lint-and-preview (push) Has been cancelled
- Added detailed task completion records for KMS interface implementation and CLI support for file-based keys. - Documented security enhancements including Argon2id password hashing, audit event contracts, and rate limiting configurations. - Included scoped service support and integration updates for the Plugin platform, ensuring proper DI handling and testing coverage.
94 lines
3.2 KiB
Markdown
Executable File
94 lines
3.2 KiB
Markdown
Executable File
# Stella Ops Project Governance
|
||
*Lazy Consensus • Maintainer Charter • Transparent Veto*
|
||
|
||
> **Scope** – applies to **all** repositories under
|
||
> `https://git.stella-ops.org/stella-ops/*` unless a sub‑project overrides it
|
||
> with its own charter approved by the Core Maintainers.
|
||
|
||
---
|
||
|
||
## 1 · Decision‑making workflow 🗳️
|
||
|
||
| Stage | Default vote | Timer |
|
||
|-------|--------------|-------|
|
||
| **Docs / non‑code PR** | `+1` | **48 h** |
|
||
| **Code / tests PR** | `+1` | **7 × 24 h** |
|
||
| **Security‑sensitive / breaking API** | `+1` + explicit **`security‑LGTM`** | **7 × 24 h** |
|
||
|
||
**Lazy‑consensus** – silence = approval once the timer elapses.
|
||
|
||
* **Veto `‑1`** must include a concrete concern **and** a path to resolution.
|
||
* After 3 unresolved vetoes the PR escalates to a **Maintainer Summit** call.
|
||
|
||
---
|
||
|
||
## 2 · Maintainer approval thresholds 👥
|
||
|
||
| Change class | Approvals required | Example |
|
||
|--------------|-------------------|---------|
|
||
| **Trivial** | 0 | Typos, comment fixes |
|
||
| **Non‑trivial** | **2 Maintainers** | New API endpoint, feature flag |
|
||
| **Security / breaking** | Lazy‑consensus **+ `security‑LGTM`** | JWT validation, crypto swap |
|
||
|
||
Approval is recorded via Git forge review or a signed commit trailer
|
||
`Signed-off-by: <maintainer>`.
|
||
|
||
---
|
||
|
||
## 3 · Becoming (and staying) a Maintainer 🌱
|
||
|
||
1. **3 + months** of consistent, high‑quality contributions.
|
||
2. **Nomination** by an existing Maintainer via issue.
|
||
3. **7‑day vote** – needs ≥ **⅔ majority** “`+1`”.
|
||
4. Sign `MAINTAINER_AGREEMENT.md` and enable **2FA**.
|
||
5. Inactivity > 6 months → automatic emeritus status (can be re‑activated).
|
||
|
||
---
|
||
|
||
## 4 · Release authority & provenance 🔏
|
||
|
||
* Every tag is **co‑signed by at least one Security Maintainer**.
|
||
* CI emits a **signed SPDX SBOM** + **Cosign provenance**.
|
||
* Release cadence is fixed – see [public Road‑map](05_ROADMAP.md).
|
||
* Security fixes may create out‑of‑band `x.y.z‑hotfix` tags.
|
||
|
||
---
|
||
|
||
## 5 · Escalation lanes 🚦
|
||
|
||
| Situation | Escalation |
|
||
|-----------|------------|
|
||
| Technical deadlock | **Maintainer Summit** (recorded & published) |
|
||
| Security bug | Follow [Security Policy](13_SECURITY_POLICY.md) |
|
||
| Code of Conduct violation | See `12_CODE_OF_CONDUCT.md` escalation ladder |
|
||
|
||
---
|
||
|
||
## 6 · Contribution etiquette 🤝
|
||
|
||
* Draft PRs early – CI linting & tests help you iterate.
|
||
* “There are no stupid questions” – ask in **Matrix #dev**.
|
||
* Keep commit messages in **imperative mood** (`Fix typo`, `Add SBOM cache`).
|
||
* Run the `pre‑commit` hook locally before pushing.
|
||
|
||
---
|
||
|
||
## 7 · Licence reminder 📜
|
||
|
||
Stella Ops is **AGPL‑3.0‑or‑later**. By contributing you agree that your
|
||
patches are released under the same licence.
|
||
|
||
---
|
||
|
||
### Appendix A – Maintainer list 📇
|
||
|
||
*(Generated via `scripts/gen-maintainers.sh` – edit the YAML, **not** this
|
||
section directly.)*
|
||
|
||
| Handle | Area | Since |
|
||
|--------|------|-------|
|
||
| `@alice` | Core scanner • Security | 2025‑04 |
|
||
| `@bob` | UI • Docs | 2025‑06 |
|
||
|
||
---
|