This policy keeps KubeLens documentation current, reviewable, and release-ready. Documentation review refresh: 2026-05-07 (governance process unchanged).
The following docs are in mandatory governance scope:
ARCHITECTURE.mdFEATURES.mdapi.mdSECURITY.mdTHREAT_MODEL.mdOPERATIONS_VERIFICATION.mdSUPPLY_CHAIN_POLICY.mdSECRET_ROTATION_RUNBOOK.mdIMPLEMENTATION_PROGRAM.md
Documentation updates are required in the same change when:
- API behavior, contracts, or auth/security posture changes.
- Operational controls, deployment flow, or release process changes.
- User-facing features, routes, views, or workflow behavior changes.
- New threats/abuse paths are discovered or controls are added/removed.
- Program milestone status or execution gates change for roadmap epics.
- Per change: docs updated in the same PR/commit as behavior changes.
- Weekly: stale-doc monitoring workflow runs and reports drift.
- Quarterly: full documentation review by maintainers.
- After incidents: update relevant runbooks/policies as part of postmortem closure.
- Primary owner: maintainers for affected subsystem.
- Security owner: validates
SECURITY.md,THREAT_MODEL.md, supply-chain and secret controls. - Release owner: validates release/deployment doc accuracy before tag publication.
npm run verify:docsvalidates mandatory doc links and key control references.npm run verify:doc-impactenforces docs updates for high-impact code/configuration changes.- CI workflow enforces both checks on pushes and pull requests.
- Scheduled docs governance workflow checks staleness and opens/updates tracking issues.
A change is documentation-complete when:
- Related docs are updated and committed.
verify:docspasses.- Security/operations implications are reflected in
SECURITY.mdandOPERATIONS_VERIFICATION.mdwhen applicable. - Threat model is updated for new high-risk behavior.
IMPLEMENTATION_PROGRAM.mdis updated when epic status or phase scope changes.