Update GOVERNANCE.md

GsCommand · web-flow · commit a8f54d4b6d3c · 2025-11-29T19:23:11.000-05:00
diff --git a/GOVERNANCE.md b/GOVERNANCE.md
@@ -1,88 +1,140 @@
-# Governance — Protocol-Commons
+# COMMANDLAYER GOVERNANCE — CORE PROTOCOLS
+Applies To: Protocol-Commons, Agent-Cards  
+Status: v1.0.0 — Stable-Lock
 
-The CommandLayer Protocol Commons defines the canonical verb and schema layer for agents.
+> This document is **NORMATIVE and ENFORCEABLE**.
 
-During the v1.0.0 cycle, it operates under a single-maintainer model to ensure stability and correctness of the core language. As adoption grows, stewardship will expand to a small group of trusted maintainers under a transparent proposal and review process.
+---
+
+## 1. Authority Model
+
+- **Sole Governance Council:** commandlayer.eth  
+- Holds exclusive authority over:
+  - Approving and publishing normative changes
+  - Signing `manifest.json` and checksum sets
+  - Updating ENS TXT canonical fields
+  - Issuing and locking version releases
+  - Revocation and security incident handling
+
+No external party may alter canonical standards without Council approval.
+
+---
+
+## 2. Change Classes
+
+| Change Type | Examples | Version Requirement | Logging Requirement |
+|------------|----------|-------------------|--------------------|
+| **Normative** | Schema shapes, `$id` format, ENS TXT rules | Major: `v1 → v2` | `RESOLUTION.md` |
+| **Compatibility-affecting** | Request/receipt structure tightening | Minor: `v1.0 → v1.1` | `RESOLUTION.md` |
+| **Non-behavioral** | Docs, comments, logo | Patch: `v1.0.0 → v1.0.1` | Commit message OK |
+
+No change is valid until **CIDs + checksums** are published and signed.
 
 ---
 
-## Stewardship
+## 3. Immutability Guarantees
 
-- **Owner:** commandlayer.eth  
-- **Maintainer:** CommandLayer Governance Council  
-- **Contact:** dev@commandlayer.org  
+Once published:
 
-The Commons MUST remain:
+- Version directories MUST NOT mutate
+- `$id` and CID MUST remain stable forever
+- ENS TXT MUST continue to resolve to matching artifacts
 
-- Neutral — no vendor-specific semantics  
-- Minimal — only what is required for interoperability  
-- Strictly versioned  
-- Immutable once tagged and published  
+Violations trigger:
+- Immediate revocation event in `RESOLUTION.md`
+- Replacement version required
 
 ---
 
-## Change Process
+## 4. Release Requirements
 
-1. Open an Issue describing the change request  
-2. Provide justification  
-   - Interoperability need  
-   - Bug fix  
-   - Security correction  
-3. Update/verifying artifacts:
-   - Request + receipt schemas validated under strict Ajv
-   - Checksums regenerated
-   - Manifest updated
-4. Maintainer review + decision
-5. Versioned release:
-   - New tag (e.g., `commons-v1.0.1`)
-   - New IPFS CID recorded in `SECURITY_PROVENANCE.md`
+Every Protocol-Commons or Agent-Cards release MUST include:
 
-⚠️ Any change to request/receipt shape or `$id` structure requires a **minor/major** version bump.
+- Validated schemas under **Ajv strict**
+- IPFS CID root pinned and verified
+- Updated manifest with:
+  - checksum mappings
+  - `$id` integrity
+  - version and status fields
+- ENS TXT updates propagated
+
+CI enforcement is mandatory.
 
 ---
 
-## ENS Binding
+## 5. ENS TXT Enforcement
 
-Protocol-Commons is responsible ONLY for:
-```
-cl.verb
-cl.version
-cl.schema.request
-cl.schema.receipt
-cl.cid.schemas
-cl.schemas.mirror.ipfs
-```
+Council MUST validate:
 
-These are **immutable protocol commitments** once published.
+- `cl.verb` matches **implements[0]**
+- `cl.version` matches card `version`
+- All `cl.schema.*` mappings match `$id` values
+- All CID + checksum fields resolve and match
 
-Updates MUST be approved via governance and logged in `RESOLUTION.md`.
+Any mismatch → **Resolver MUST reject as untrusted**
 
 ---
 
-## Deprecation
+## 6. Security Oversight
+
+Governance responsibilities include:
 
-1. Log change in `RESOLUTION.md`
-2. Mark deprecated in documentation
-3. Preserve for backward compatibility unless removal is a security event
+- Enforcing policies in:
+  - `SECURITY.md`
+  - `SECURITY_PROVENANCE.md`
+- Revoking compromised artifacts
+- Requiring replacement CID publication
+- Maintaining audit trail in `RESOLUTION.md`
 
-Deprecation window: **≥90 days** before removal.
+Security reports MUST receive a response within **7 days**.
 
 ---
 
-## Transparency Artifacts
+## 7. Dispute / Revocation Handling
+
+If an artifact becomes compromised:
 
-- `POLICY.md` — rules for verbs & schemas  
-- `SPEC.md` — normative protocol requirements  
-- `RESOLUTION.md` — lifecycle history  
-- `SECURITY_PROVENANCE.md` — CIDs & hashes for each release  
+1. Record revocation in `RESOLUTION.md`
+2. Mark deprecated or blocked in metadata
+3. Update ENS TXT with appropriate state
+4. Issue a new signed replacement version if viable
+
+Council judgment is final.
 
 ---
 
+## 8. Compatibility Claims
 
+Software MAY claim:
 
+- **Protocol-Commons-Compatible**  
+- **Agent-Cards-Compatible**
 
+…only if it completely:
 
+- Resolves ENS TXT → identity → schemas
+- Validates all artifacts in strict mode
+- Enforces trace and status guarantees
+- Invokes via x402 canonical `entry` URIs
 
+False claims are governance violations.
 
+---
 
+## 9. Transparency Artifacts
+
+| Doc | Purpose |
+|-----|---------|
+| `SPEC.md` | Normative standard requirements |
+| `POLICY.md` | Publication + correctness rules |
+| `RESOLUTION.md` | Lifecycle + incident log |
+| `SECURITY.md` | Incident intake + expectations |
+| `SECURITY_PROVENANCE.md` | CID + checksum signing |
+| `VERSIONING.md` | Change class mapping |
+
+All MUST be updated atomically with each release.
+
+---
 
+_Last updated: v1.0.0 Stable-Lock_  
+Signed: **commandlayer.eth**
