Change Control designed

GPUaaS change control is evidence-first and contract-first. A change should move from source authority to implementation to checks to review to release evidence, with the same discipline whether the author is a human or an agent.

Change Flow

Release Promotion Sequence

Rules

Rule	Meaning
Contract first	API/event behavior starts in doc/api/**
UX first	User-facing flows fit IA and UX specs before broad implementation
Evidence first	Done requires tests/checks/artifacts, not narrative only
Portable CI	Gate logic lives in scripts, CI YAML is orchestration
Release authority	Promote known source SHAs through platform-control policy
Guard graduation	Report-only controls should become warning and then blocking gates

Review Domains

Product, architecture, security, ops, frontend, backend, content, and governance reviews should be routed by the risk and ownership of the change. A docs-only change can still need architecture or security review if it explains a control, boundary, or release posture.

Canonical sources

• doc/Governance_Overview.mdraw
• doc/governance/Contract_Invariant_Gates.mdraw
• doc/governance/CI_Enforcement_Checklist.mdraw
• doc/governance/Evidence_First_Change_Protocol.mdraw
• doc/governance/Platform_Control_Release_Promotion_Policy.mdraw
• doc/governance/Coding_Standards.mdraw
• doc/governance/Testing_Standards.mdraw
• doc/operations/Fairway_Agent_Operating_Model.mdraw
• doc/operations/Fairway_Review_Operating_Model.mdraw