- Python 3.11+ source
- stdlib-first unless an explicit dependency is justified
- package-owned transport/protocol/runtime/security behavior stays package-owned
- no backward-compatibility shims
- no widening of public support through undocumented behavior
- config precedence remains
CLI > env > config file > defaults
.ssot/registry.jsonis the definitive machine-readable source of truth for the current governance graph- changes must preserve the current T/P/A/D/R boundary unless the boundary docs are updated first
- operator-only additions must not be presented as RFC certification claims
- RFC-facing changes must map to the canonical evidence policy before being marketed as complete
- immutable release roots are not a development workspace
When adding a public flag, API, or operator surface:
- update code
- update tests
- update
.ssot/registry.json - update machine-readable docs
- update human docs
- update current-state docs
- update release artifacts if the change is promotion-relevant
New mutable docs should live under docs/ short-path folders. Avoid creating new root notes.