Formalize the public contribution surface. Maintainers keep a separate internal
process and are exempt from the intake gates; everyone stays bound by review,
CODEOWNERS, and branch protection.
Model:
- Issues = problem reports only (bug form + config.yml redirects ideas to
Discussions and disables blank issues).
- Discussions = ideas + RFC incubation.
- RFCs = anyone (incl. external) authors docs/rfcs/NNNN-*.md; a maintainer
merging it is acceptance. Distinct from the maintainer-internal
docs/dev/rfc-00N-* track.
- PRs = link an `accepted` issue or accepted RFC, or use the trivial fast-lane
(typos/docs/deps). Enforced softly to start (template + review).
Adds GOVERNANCE.md, rewrites CONTRIBUTING.md, adds docs/rfcs/ (README +
template), .github issue/PR/discussion templates. Wires docs/rfcs/ into the
doc-link checker (excluded like releases; linked from docs/dev/index.md).
Co-authored-by: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
- docs/deployment.md: new "Token sources" section listing the three
bearer-token source precedences (AWS SM, JSON file/env, single token).
New "Build Variants" section explaining default vs aws builds and
their release-artifact naming. New "AWS Secrets Manager" section
covering env var, secret payload format, IAM role credential
discovery, and the hard error for feature-less builds.
- CONTRIBUTING.md: documents the `aws` feature and the two test
commands contributors should run when touching auth code.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Describe the CI workflow that regenerates openapi.json on PRs and the
fork fallback. The workflow itself is added in a follow-up commit via
the GitHub API (local tooling lacks workflow-scope).
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Track a project pre-commit hook under scripts/hooks/ that regenerates
openapi.json when server source is staged, and auto-stages the updated
spec into the commit. Zero external dependencies — plain bash + cargo.
Enable via `git config core.hooksPath scripts/hooks`. The CI drift
test remains the authoritative check.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Wire a local pre-commit hook that regenerates openapi.json whenever
the server source changes, and document the workflow in CONTRIBUTING.
Opt-in via `pre-commit install`; the existing CI test remains the
authoritative drift check.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
