Skip to content

Governance Overview

This is the entrypoint for engineering governance.

Priority Order (highest to lowest)

  1. governance/agent_policy.yaml (machine-enforced policy baseline)
  2. governance/reviewguard_policy_draft.yaml (PR governance enforcement)
  3. API contracts:
  4. api/openapi.draft.yaml
  5. api/asyncapi.draft.yaml
  6. governance/openapi.spectral.yaml (OpenAPI lint policy)
  7. governance/Contract_Invariant_Gates.md (non-negotiable contract checks)
  8. governance/production_enforcement_policy.yaml (machine-readable production controls)
  9. governance/Contract_Versioning_Policy.md (contract evolution rules)
  10. governance/CI_Enforcement_Checklist.md (pipeline gate requirements)
  11. governance/Agent_Enforcement.md (agent behavior rules)
  12. governance/Coding_Standards.md (code quality/security style rules)
  13. governance/Testing_Standards.md (test and acceptance requirements)
  14. Security governance:
  15. governance/Security_Threat_Model.md
  16. governance/Security_Control_Verification.md
  17. governance/Assumptions_Register.md (explicit MVP assumptions and re-validation triggers)
  18. operations/Production_Platform_Baseline.md (required production platform controls and deferred infra decisions)

Policy Scope

  • Contract-first/API-first
  • Security and secret handling
  • Data integrity and idempotency
  • Compatibility/versioning
  • Testing and CI gates
  • Agent-generated PR requirements

Change Control

  • Governance changes require architecture/security owner review.
  • Breaking policy changes must include rollout note.
  • Machine-readable policies should be updated before prose docs.
  • Assumptions that affect architecture/contracts/security must be tracked in governance/Assumptions_Register.md.