Helios

Governance

How maintainers and contributors make decisions.

@helioslx/core is maintained in the open. Contributors open issues, PRs, and docs. Maintainers triage, review, merge, release, and protect credentials.

Maintainers

Expected to:

  • Prefer long-term technical and user-safety interests
  • Apply the code of conduct consistently
  • Disclose relevant conflicts of interest
  • Protect release and security-reporting access
  • Get review for their own material changes
  • Document breaking decisions and migrations

Maintainer status can be offered after sustained high-quality participation, or removed for inactivity, misuse of access, policy violations, or resignation. Access stays minimal for the role.

Decisions

Routine changes: lazy consensus via PR review after checks pass.

Material changes (public contracts, persistence compatibility, security, licensing, trademarks, governance, supported runtimes): explicit maintainer approval and a short rationale. Seek consensus; if needed, maintainers without a conflict decide by simple majority. A tie leaves current behavior in place.

Urgent security or release-integrity actions may be taken privately by the smallest practical group, with non-sensitive rationale documented after disclosure.

Releases

Only authorized maintainers create release tags or configure npm trusted publishing. Releases come from reviewed commits through protected CI. See versioning.

Where the host allows it, no single person should change protected source, create a release, and alter publishing trust alone.

Changing this policy

Same explicit approval process as other material policy changes. Proposals should state the problem, roles affected, transition plan, and alternatives.

On this page