Skip to main content

Ownerless Governance

This document is the canonical ownerless governance contract for this repository. It defines how repo-tracked governance works without relying on a standing human owner, maintainer team, or org membership to interpret or repair routine failures.

Core Rule

Every governed surface must have:
  1. one canonical source
  2. one deterministic validator
  3. one exact repair path
  4. one primary gate layer
If any of those are missing, the surface is not ownerless-ready and must remain advisory.

Vocabulary

Gate Ownership Rules

Each governed surface must declare exactly one primary gate layer in operations/governance/config/ownerless-governance-surfaces.json. Allowed gate layers:
  • pre-commit
  • pr-changed
  • scheduled
  • manual
Secondary checks may exist, but the manifest must name only one primary layer.

Repair Path Rules

  • Every blocking failure must print:
    • why it failed
    • the re-check command
    • the repair command
  • Repair commands must be repo-backed commands that an OSS contributor or AI agent can run directly.
  • If repair is not deterministic, the surface stays advisory until deterministic repair exists.
  • Historical review-map files may remain archived for context, but they cannot act as an active routing or approval contract.

Rollout State Rules

Promotion to blocking requires:
  1. one clean baseline run on the full governed surface
  2. changed-file PR simulation proving the scope is bounded
  3. exact repair output for every blocking failure mode

Production Approval Gate

Governance-sensitive PRs are controlled by the canonical approval policy at:
  • operations/governance/config/governance-approval-policy.json
The required PR body section is:
  • ## Governance Approval
The CI approval labels are:
  • approval:governance-schema
  • approval:governance-gate
  • approval:workflow-governance
  • approval:governance-retirement
Those labels are GitHub-native approval evidence for governance-sensitive PRs. They do not replace the existing human-only commit trailers required for .allowlist edits or tracked deletions.

Surface Registry

The machine-readable surface registry lives at:
  • operations/governance/config/ownerless-governance-surfaces.json
That manifest is the canonical index for:
  • governed globs
  • canonical sources
  • derived outputs
  • validators
  • repair commands
  • gate layer
  • rollout state
  • network dependence
  • ownerless readiness
Legacy runtime mirrors are retired. Active governance reads must target operations/governance/config/** only.

OSS Contributor Loop

The ownerless contributor path is:
  1. change canonical source or governed surface
  2. run or trigger the bounded validator
  3. read exact repair output
  4. run the repair command
  5. re-run the validator
  6. merge once the surface is green in its declared gate layer
No repo-tracked governance surface should require private staff-only context for those steps.

Current Policy Connections

  • docs-guide/policies/source-of-truth-policy.mdx defines canonical boundaries.
  • docs-guide/policies/infrastructure-principles.mdx defines the gate-layer model.
  • operations/tests/unit/ownerless-governance.test.js validates the manifest and ownerless language rules.
  • operations/tests/unit/ai-tools-registry.test.js validates the AI-tools registry surface declared in the ownerless manifest.
  • operations/tests/unit/governance-approval-policy.test.js validates the production governance approval contract and PR evidence rules.
Last modified on April 7, 2026