You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
### 2026-05-15: Maintainer-Only Access to `.squad/` Files
28
+
**Proposed by:** SecurityExpert
29
+
**Status:** Approved
30
+
**Scope:** Squad governance protection
31
+
32
+
**Summary:** ONLY repository owners and maintainers may modify ANY files under `.squad/`. Applies to external contributors, internal collaborators, bots, and AI agents.
33
+
34
+
**Why:**`.squad/` directory contains sensitive configuration controlling agent routing, team structure, constitution, decisions, and ceremonies. Compromise could allow rerouting security-sensitive work, weakening code review, deleting decision history, or modifying agent charters. Defense against insider threats — common attack vector in open source.
35
+
36
+
**Implementation:**
37
+
- Add `/.squad/ @Azure/apiops-maintainers` to CODEOWNERS
38
+
- Require 2 maintainer approvals for ANY `.squad/` change in branch ruleset
39
+
- No bypass allowed (even for admins)
40
+
41
+
---
42
+
7
43
### 2026-04-29: CLI version uses package.json as single source of truth via ESM import attributes
0 commit comments