# CODEOWNERS — auto-requests maintainer review on sensitive paths. # Last matching pattern wins. See MAINTAINERS.md for the team + ladder. # # Scope principle: gate what CI can't catch (a bad change here passes the # tests silently) + the catastrophic updater + governance docs. Code that # test-all.mjs / Renovate / dependency-review already guard (scan.mjs, # generate-pdf.mjs, test-all.mjs, package.json) is intentionally NOT gated, # so routine contributor PRs aren't bottlenecked on a single owner. Broaden # this list once there is more than one code owner. # Repo docs & governance /README*.md @santifer /CONTRIBUTING.md @santifer /MAINTAINERS.md @santifer /ARCHITECTURE.md @santifer /.github/CODEOWNERS @santifer # Agent behavior & the multi-CLI contract (prompt layer — CI-blind) /CLAUDE.md @santifer /AGENTS.md @santifer /CODEX.md @santifer /OPENCODE.md @santifer /GEMINI.md @santifer # Scoring & the system/user data contract (CI-blind; silent-danger) /modes/_shared.md @santifer /DATA_CONTRACT.md @santifer # The self-updater (catastrophic if wrong — touches user installs) /update-system.mjs @santifer /updater-migration-tests.mjs @santifer # Plugin governance chokepoint (a bad change here ships unreviewed code to # every user — the registry pin, the gates, and the CI must stay single-owner). /plugins-registry.json @santifer /validate-plugin-registry.mjs @santifer /plugin-install.mjs @santifer /plugin-audit.mjs @santifer /plugins/_engine.mjs @santifer /plugins/_lock.mjs @santifer /plugins/_net.mjs @santifer /plugins/_registry.mjs @santifer /.github/workflows/ @santifer /docs/PLUGIN_REVIEW.md @santifer # The experimental web UI — owned by the web track (dual-track review with the # core maintainer on any PR that also touches root files). /web/ @santifer