TrustSecurityAI
Contributor Permission Model
permission-enforcement changes.
Access Levels
| Level | Example | Permission posture |
|---|---|---|
| Public reader | User, community member | Reads public docs and issues. |
| Community contributor | Docs, themes, templates, issues | Works through PRs, no direct production access. |
| Scoped maintainer | Official app owner, docs maintainer | Owns specific paths with review rules. |
| Core maintainer | Shell, API, registry, infra owner | Can approve high-impact changes. |
| Ops owner | Founder / Ops Steward | Reviews access, secrets, deployment, and succession readiness. |
Required Practices
- Use PR review for contributor work.
- Use CODEOWNERS when ownership becomes stable.
- Keep production credentials outside repo.
- Require explicit approval for auth, billing, database, deployment, and permission-enforcement changes.