MokoConsulting/MokoCassiopeia
1
1
Fork 0
Code Issues 2 Pull Requests Actions Packages Releases 1 Activity
Files
0ea9392e62a82d9c266aeefd66a2e49686e69879
MokoCassiopeia/GOVERNANCE.md
Jonathan Miller 3f369c0a6c Governance update
2025-12-18 18:31:26 -06:00

251 lines
5.7 KiB
Markdown
Raw Blame History

<!--
Copyright (C) 2025 Moko Consulting <hello@mokoconsulting.tech>
This file is part of a Moko Consulting project.
SPDX-License-Identifier: GPL-3.0-or-later
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <https://www.gnu.org/licenses/>.
# FILE INFORMATION
DEFGROUP: Joomla.Template.Site
INGROUP: Moko-Cassiopeia.Documentation
REPO: https://github.com/mokoconsulting-tech/moko-cassiopeia
FILE: ./GOVERNANCE.md
VERSION: 03.05.00
BRIEF: Governance for Moko-Cassiopeia template
-->
# Governance Document Set
This document contains the canonical governance markdown files required for enterprise-grade open source project management within the Moko ecosystem. Each section represents an individual file.
---
## FILE: GOVERNANCE.md
# Governance
This document defines the governance framework for this repository. It establishes authority, decision-making processes, escalation paths, and accountability mechanisms.
### Governance Model
This repository operates under a maintainer-led governance model.
Final authority resides with the designated Maintainers, who are responsible for technical direction, compliance, and release approval.
### Roles and Responsibilities
**Maintainers**
- Approve releases and version tags
- Enforce coding, documentation, and licensing standards
- Resolve disputes and merge conflicts
- Ensure audit and compliance readiness
**Contributors**
- Submit changes via pull requests
- Adhere to all defined standards and workflows
- Respond to review feedback in a timely manner
### Decision Making
Decisions are made through documented pull requests and issues.
All material decisions must be traceable via Git history.
### Amendments
Changes to governance require Maintainer approval and must be recorded in the CHANGELOG.
---
## FILE: CODE_OF_CONDUCT.md
# Code of Conduct
This project adheres to a professional, inclusive, and respectful code of conduct.
### Expected Behavior
- Professional and respectful communication
- Constructive feedback
- Focus on technical merit and documented standards
### Unacceptable Behavior
- Harassment or discrimination
- Hostile or abusive language
- Disruptive behavior in issues or pull requests
### Enforcement
Maintainers are responsible for enforcement.
Violations may result in warnings, suspension, or removal.
---
## FILE: CONTRIBUTING.md
# Contributing
This document defines the contribution workflow and compliance requirements.
### Contribution Requirements
- All changes must be submitted via pull request
- All CI checks must pass
- SPDX headers and FILE INFORMATION blocks are mandatory where applicable
- Documentation changes must include Metadata and Revision History sections
### Commit Standards
Commits must be atomic, descriptive, and traceable to an issue or change request.
### Review Process
- Maintainer review is required
- CI validation is mandatory
- Approval is required before merge
---
## FILE: SECURITY.md
# Security Policy
This document defines the security posture and reporting process.
### Supported Versions
Only the latest released version and active development branches are supported.
### Reporting Vulnerabilities
Security issues must be reported privately to the Maintainers.
Public disclosure prior to resolution is prohibited.
### Response Process
- Acknowledge receipt within a reasonable timeframe
- Assess severity and impact
- Issue patches or mitigations as required
---
## FILE: COMPLIANCE.md
# Compliance
This repository is designed to support audit and compliance requirements.
### Licensing
All code must comply with GPL-3.0-or-later licensing requirements.
SPDX identifiers are mandatory.
### Documentation Compliance
- Mandatory Metadata sections
- Mandatory Revision History sections
- Version traceability across manifests, changelogs, and releases
### CI Enforcement
Automated workflows enforce:
- Path consistency
- Formatting rules
- Manifest validation
- Changelog governance
---
## FILE: RISK_REGISTER.md
# Risk Register
This document tracks identified risks and mitigation strategies.
### Risk Categories
- Technical debt
- Security vulnerabilities
- Compliance drift
- Dependency instability
### Management
Risks are reviewed during release cycles.
Mitigations must be documented and traceable.
---
## FILE: CHANGE_MANAGEMENT.md
# Change Management
This document defines how changes are introduced, reviewed, and released.
### Change Types
- Patch
- Minor
- Major
### Process
- Documented pull request
- CI validation
- Version bump and changelog update
- Maintainer approval
### Traceability
All changes must be traceable through Git history and release artifacts.
---
## FILE: GOVERNANCE_INDEX.md
# Governance Index
This file serves as the authoritative index of governance artifacts.
### Governance Documents
- GOVERNANCE.md
- CODE_OF_CONDUCT.md
- CONTRIBUTING.md
- SECURITY.md
- COMPLIANCE.md
- RISK_REGISTER.md
- CHANGE_MANAGEMENT.md
---
## Metadata
- DEFGROUP: MokoStandards
- INGROUP: Governance
- REPO: https://github.com/mokoconsulting-tech
- JURISDICTION: Tennessee, United States
- LICENSE: GPL-3.0-or-later
---
## Revision History
| Version | Date | Description |
|--------:|------------|---------------------------------|
| 01.00.00 | 2025-12-18 | Initial governance document set |
Reference in New Issue View Git Blame Copy Permalink