You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: MAINTAINERS.md
+24-17Lines changed: 24 additions & 17 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -1,20 +1,20 @@
1
1
# Maintainers
2
2
3
-
This document separates advisory review responsibility from binding merge
4
-
authority.
3
+
This document defines how maintainer responsibility, review routing, and
4
+
operational authority work in this project.
5
5
6
6
codebase-memory-mcp is currently a user-owned repository. Because GitHub teams
7
7
are not available here, all delegated ownership is expressed with individual
8
8
GitHub handles.
9
9
10
10
## Authority Model
11
11
12
-
| Role | Scope | Authority |
12
+
| Role | Scope | Authority in this project |
13
13
| --- | --- | --- |
14
14
| Project owner | Entire repository | Final roadmap, security, release, workflow, and merge authority. |
15
-
| Release operator | Dry-run and release preparation |May prepare release notes, run checklists, and request dry runs when explicitly delegated. May not publish without owner approval. |
16
-
| Area reviewer | One technical area |May review, test, reproduce, and recommend merge for that area. Approval is advisory until the project owner approves. |
17
-
| Triage collaborator | Issues and discussions |May label, deduplicate, reproduce, and request information. No merge or release authority. |
| Area reviewer | One technical area |Reviews, tests, reproduces, and recommends merge for that area. Approval is advisory until the project owner approves. |
17
+
| Triage collaborator | Issues and discussions |Labels, deduplicates, reproduces, and requests information. This role has no merge or release authority. |
18
18
19
19
The binding rule is intentionally simple: all pull requests require
20
20
`@DeusData` approval before merge. `MAINTAINERS.md` routes review; it does not
@@ -28,8 +28,8 @@ override `.github/CODEOWNERS`.
28
28
29
29
## Area Review Map
30
30
31
-
Use this map to request informed review. Entries marked `TBD` are open slots
32
-
for future co-maintainers.
31
+
Review requests follow this map. Entries marked `TBD` are currently unassigned
Operational authority is stricter than code review authority.
52
52
53
-
| Operation | Current authority |Delegation rule |
53
+
| Operation | Current authority |Project rule |
54
54
| --- | --- | --- |
55
55
| PR validation (`pr.yml`, DCO, CodeQL) | Automatic | Anyone may trigger it by opening or updating a PR. Required checks must pass. |
56
-
| Dry run (`dry-run.yml`) |`@DeusData`|May be delegated to release operators after trust is established. Dry-run delegation does not imply release authority. |
57
-
| Smoke/soak/repro manual runs |`@DeusData`|May be delegated to area reviewers for diagnosis, but results are advisory. |
56
+
| Dry run (`dry-run.yml`) |`@DeusData`|Delegated release operators may run dry runs after promotion. Dry-run delegation does not imply release authority. |
57
+
| Smoke/soak/repro manual runs |`@DeusData`|Area reviewers may operate these runs when delegated for diagnosis. Results are advisory. |
58
58
| Release workflow (`release.yml`) |`@DeusData` only | Owner-only until a release operator is explicitly promoted. Publishing, replacing releases, and tag movement remain owner-gated. |
59
59
| Package registry publishing |`@DeusData` only | Owner-only initially because registry credentials and public packages are irreversible operational surfaces. |
60
60
| Security advisory handling |`@DeusData` only | Do not delegate across advisories. Keep private reports isolated. |
61
61
| Workflow, ruleset, CODEOWNERS, and branch protection changes |`@DeusData` only | Owner-only because these define authority itself. |
62
62
63
-
Before granting a collaborator `Write` access, verify that they should be able
64
-
to run manual GitHub Actions workflows in this user-owned repository. Prefer
65
-
`Triage` for issue-only delegation. If `Write` becomes necessary, use protected
66
-
branches, required code-owner review, and protected release environments where
67
-
available so release jobs still require `@DeusData` approval.
63
+
Repository access follows the same authority model:
64
+
65
+
-`Triage` is the default collaborator role for issue-only delegation.
66
+
-`Write` access is reserved for collaborators whose operational access has
67
+
been approved by `@DeusData`.
68
+
- Release authority is separate from code review authority.
69
+
- Protected branches, required code-owner review, required status checks, and
70
+
protected release environments are part of the project control model where
71
+
GitHub supports them.
68
72
69
73
## Promotion Path
70
74
71
-
Promotion is gradual and reversible.
75
+
Promotion is gradual, explicit, and reversible.
72
76
73
77
| Stage | Requirements | Capabilities |
74
78
| --- | --- | --- |
@@ -78,6 +82,9 @@ Promotion is gradual and reversible.
78
82
| Release operator | Proven reliability on dry runs, packaging, and release checklists. | May run delegated dry runs and prepare releases. |
79
83
| Full maintainer | Long-term trust across code, security, release, and governance. | Only after explicit owner decision and updated policy. |
80
84
85
+
Maintainer promotions are recorded in this file. Binding authority changes are
86
+
recorded in `.github/CODEOWNERS` and repository settings.
87
+
81
88
## High-Risk Change Rules
82
89
83
90
These changes always require project-owner review, even if an area reviewer
0 commit comments