Skip to content

Repository Protected Surface Profile

The repository-protected-surface profile applies accountable surface rules to project repositories.

Scope

This profile covers repository surfaces such as:

  • repository identity files;
  • authority manifests;
  • project configuration;
  • dependency configuration;
  • public command surfaces;
  • schemas;
  • generated artifacts;
  • documentation contracts;
  • validation commands;
  • workflows;
  • release automation;
  • publishing automation;
  • credential-bearing automation.

Required self-protection

A repository using this profile MUST declare .accountability/surfaces.toml as an authority manifest surface.

AI authority over the authority manifest MUST be prohibited.

The required role terms are defined by accountable-surface-vocabulary. The manifest structure and self-protection rule are defined by accountable-surface-spec.

Profile-specific expectations

A repository using this profile SHOULD declare protected surfaces for:

  • repository identity;
  • project configuration;
  • dependency boundaries;
  • public command surfaces;
  • schema artifacts;
  • generated contract artifacts;
  • validation commands;
  • release-affecting workflows;
  • credential-bearing workflows.

Concrete examples are provided in examples/repository-protected-surface/surfaces.toml.

Minimum requirements

A repository-protected-surface manifest SHOULD define:

  • repository identity surfaces;
  • manifest self-protection;
  • public contract surfaces;
  • validation surfaces;
  • release-affecting surfaces;
  • generated artifact surfaces when applicable.

AI authority

AI authority SHOULD default to drafting or lower for protected repository surfaces.

AI authority MUST be prohibited for the authority manifest.