Add component-owner approval guard for issue #10

[taherdhanera]

/claim #10

Algora claim registration

• Bounty issue: Project Repository & Version Control #10
• Active claim PR: Add component-owner approval guard for issue #10 #407
• Supersedes closed duplicate PR 387; this is the active review-ready submission.
• Claim status refresh requested because the issue table still shows my original attempt as WIP.

Summary

Adds repository-component-owner-approval-guard, a self-contained Project Repository & Version Control slice that validates component-owner approval quorum before protected-branch merge or tagged repository release.

The guard evaluates:

• repository component path ownership for manuscript/, data/, code/, notebooks/, protocols/, results/, and metadata.json
• fresh eligible approval coverage per touched component
• restricted data/protocol escalation owners
• stale approvals after changed files move
• conflicted self-approvals by merge request authors
• unmapped repository paths without component policy coverage

Non-overlap

This is not a broad repository ledger, release engine, structured diff/rollback module, provenance attestation layer, release embargo gate, notebook replay tool, schema migration assistant, citation impact verifier, API/export verifier, merge queue, environment drift checker, access review guard, DOI tombstone gate, metadata readiness gate, branch hypothesis lineage guard, sensitive-artifact scanner, dependency-license guard, legal-hold gate, restore rehearsal guard, or compute sandbox policy guard. It focuses specifically on component-owner approval quorum and approval freshness before merge.

Validation

Run from repository-component-owner-approval-guard/:

npm run check
npm test
npm run demo
npm run demo:video

Fresh validation passed after the latest reproducibility hardening commit.

Demo Video

• reports/demo.webm
• reports/demo.mp4

Reviewer Artifacts

• reports/summary.json
• reports/reviewer-packet.md
• reports/summary.svg
• reports/demo.webm
• reports/demo.mp4

Safety

All data is synthetic. The module does not call Git providers, repository hosting APIs, identity systems, storage systems, private repositories, or external services. It does not include private research data, credentials, real users, or live project mutations.

Current status - 2026-05-30 00:19 IST

Verified after newer same-issue #10 activity: this PR remains open, non-draft, CLEAN/mergeable, bounty-table listed, and claim-marked for issue #10.

This PR covers repository component-owner approval quorum before protected branch merge or tagged repository release: component ownership for manuscript/data/code/notebooks/protocols/results/metadata paths, fresh eligible owner approval coverage, restricted data/protocol escalation owners, stale approval handling after file movement, conflicted self-approval blocking, unmapped path coverage, and deterministic reviewer artifacts.

PR #425 covers immutable external-reference pinning and timestamp-freshness hardening for Git submodules, linked datasets, API snapshots, model weights, and external code/data references before DOI/citation publication or export bundle release. That is adjacent repository/version-control work, but it does not replace PR #407's component-owner approval quorum layer.

No contributor-side code changes are pending unless maintainers request revisions.

[taherdhanera]

Follow-up pushed in 8674251 for reviewer reproducibility.

npm run demo:video now verifies the committed reports/demo.webm and reports/demo.mp4 artifacts without rewriting browser-generated binary output on every run. Explicit re-recording is still available via RECORD_DEMO_VIDEO=1 node demo-video.js.

Fresh local validation after this commit:

• npm run check passed
• npm test passed
• npm run demo passed
• npm run demo:video passed and verified both video artifacts
• working tree stayed clean after validation

[taherdhanera]

@algora-pbc /claim #10

Claim registration follow-up for active replacement PR #407. This PR body includes /claim #10, is open, non-draft, mergeable/CLEAN, includes committed MP4/WebM demo artifacts plus fresh local validation, and supersedes my closed #387 attempt.

[taherdhanera]

Reviewer-ready checkpoint for /claim #10. I rechecked the active claim state: this PR is open, non-draft, mergeable/CLEAN, Bounty claim labeled, and the body contains /claim #10. It is the active replacement for the closed duplicate #387, with scope still limited to component-owner approval quorum before protected-branch merge or tagged release; validation and demo artifacts are included, with no credential/private-data expansion.

[taherdhanera]

Visibility update after PR #417: this existing /claim #10 remains open, non-draft, CLEAN, bounty-labeled, and claim-marked.

Scope remains the repository component-owner approval quorum guard, separate from the newer semantic version-tag governor. PR #407 covers required scientific component owner approvals for manuscript/data/code/notebooks/protocols/results/metadata changes before protected-branch merge or tagged release, including stale approval and conflicted self-approval checks.

I do not see a contributor-side blocker for review/reward decision on this PR.

[taherdhanera]

Status refresh after newer same-issue #10 activity.

Re-verified now: this PR is open, non-draft, mergeable/CLEAN, bounty-labeled, and claim-marked for issue #10.

The scope remains the repository component-owner approval quorum guard: required scientific component owner approvals for manuscript/data/code/notebooks/protocols/results/metadata changes before protected-branch merge or tagged release, stale approval checks, and conflicted self-approval checks.

This is distinct from the newer external reference pinning and semantic version-tag slices. No implementation changes are needed from my side unless reviewers request revisions.

[taherdhanera]

Status refresh after newer same-issue #10 activity.

Re-verified now: this PR is open, non-draft, mergeable/CLEAN, bounty-labeled, and claim-marked for issue #10.

The scope remains the repository component-owner approval quorum guard: required scientific component owner approvals for manuscript/data/code/notebooks/protocols/results/metadata changes before protected-branch merge or tagged release, stale approval checks, and conflicted self-approval checks.

This is distinct from the newer notebook output diff gate, external reference pinning, and semantic version-tag slices. No implementation changes are needed from my side unless reviewers request revisions.

[taherdhanera]

Status refresh after newer same-issue #10 PR activity, including PR #300. Re-verified now: this PR remains open, non-draft, mergeable/CLEAN, bounty-labeled, and claim-marked for issue #10.

The submitted scope remains the repository component-owner approval quorum guard: required scientific component owner approvals for manuscript/data/code/notebooks/protocols/results/metadata changes before protected-branch merge or tagged release, stale approval checks, and conflicted self-approval checks. This is distinct from branch hypothesis lineage, notebook output diff, external reference pinning, and semantic version-tag slices.

[taherdhanera]

Status refresh after the newer issue-side claim refresh for PR #425: PR #407 remains open, non-draft, mergeable/CLEAN, bounty-labeled, and claim-marked for issue #10.

The submitted scope remains the repository component-owner approval quorum guard: required scientific component owner approvals for manuscript/data/code/notebooks/protocols/results/metadata changes before protected-branch merge or tagged release, stale approval checks, and conflicted self-approval checks.

This is distinct from PR #425's repository external reference pinning guard and claim-format refresh, PR #429's notebook output diff gate, PR #417's semantic version-tag governor, restore rehearsal, compute sandbox, legal-hold, sensitive-artifact, dependency-license, and other repository/version-control slices. No contributor-side code changes are pending unless reviewers request revisions.

[taherdhanera]

Status refresh after PR #425's newer hardening update: PR #407 remains open, non-draft, mergeable/CLEAN, bounty-labeled, and claim-marked for issue #10.

The submitted scope remains the repository component-owner approval quorum guard: required scientific component owner approvals for manuscript/data/code/notebooks/protocols/results/metadata changes before protected-branch merge or tagged release, stale approval checks, and conflicted self-approval checks.

This is distinct from PR #425's repository external reference pinning guard and its latest durable-identifier hardening update, PR #429's notebook output diff gate, PR #417's semantic version-tag governor, restore rehearsal, compute sandbox, legal-hold, sensitive-artifact, dependency-license, and other repository/version-control slices. No contributor-side code changes are pending unless reviewers request revisions.

[taherdhanera]

Status refresh after newer same-issue PR #450 repository integrity auditor activity. PR #407 remains open, non-draft, mergeable/CLEAN, bounty-labeled, claim-marked for issue #10, and present in the Algora issue table.

Scope remains unchanged and distinct: repository component-owner approval quorum guard for Project Repository & Version Control. It covers required scientific component owner approval, approval quorum, stale or missing approvals, high-risk repository actions, and reviewer-ready evidence before protected repository/version-control actions proceed.

This is separate from the newer repository integrity auditor and other adjacent #10 slices. No implementation changes are needed unless reviewers request them.

[taherdhanera]

Status refresh after the newer same-issue PR #463 activity: PR #407 remains open, non-draft, mergeable/CLEAN, bounty-labeled, claim-marked for issue #10, and present in the Algora issue table.

The submitted scope remains the repository component-owner approval quorum guard: required scientific component owner approvals for manuscript/data/code-impacting repository changes, blocked self-approval paths, stale review detection, quorum evidence, and deterministic approval audit output before release/export.

PR #463 appears to add a separate fork provenance and attribution auditor for dropped upstream contributor attribution, ambiguous merge bases, unreviewed history rewrites, DOI/tag/export drift, export manifest hash mismatches, derivative license conflicts, and stale citation badges. That is adjacent, but PR #407 is still the prior component-owner approval quorum layer for this issue.

[taherdhanera]

Visibility refresh after new same-issue PR #475 activity on issue #10.

This existing submission remains PR #407, open, non-draft, CLEAN/mergeable, bounty-labeled, and tied to the Pending USD 500 Algora claim: https://algora.io/claims/MvNKk26EabZwTUUv

Maintainer review target remains the repository component-owner approval quorum guard implemented here: required scientific component owner approvals for manuscript/data/code/notebooks/protocols/results/metadata changes before protected-branch merge.

[taherdhanera]

Visibility refresh after later same-issue PR #392 activity on May 29.

This existing submission remains PR #407, open, non-draft, CLEAN/mergeable, bounty-labeled, /claim #10 present, and tied to the Pending USD 500 Algora claim: https://algora.io/claims/MvNKk26EabZwTUUv

Maintainer review target remains the component-owner approval quorum guard implemented here: required scientific component owner approvals for manuscript/data/code/notebooks/protocols/results/metadata changes before protected repository/version-control actions. That scope is separate from PR #392's compute sandbox policy guard.

[taherdhanera]

Visibility refresh after the newer same-issue PR #493 claim registration.

This existing submission remains PR #407, open, non-draft, CLEAN/mergeable, bounty-labeled, /claim #10 present, and tied to the Pending USD 500 Algora claim: https://algora.io/claims/MvNKk26EabZwTUUv

Maintainer review target remains the repository component-owner approval guard: component-owner approval quorum for manuscript, data, code, notebooks, protocols, results, and metadata paths; fresh eligible approval coverage; restricted data/protocol escalation owners; stale approval handling after file movement; and conflicted self-approval blocking. PR #493 appears to add a separate repository embargo release guard for embargo expiry, funder/publication exceptions, access group cleanup, DOI/export parity, and citation badge visibility; PR #407 remains the prior component-owner approval quorum layer.

[taherdhanera]

Visibility refresh after PR #425's newer hardening pass for future-dated external-reference verification evidence.

My existing issue #10 submission remains PR #407: #407

Current status re-verified now: PR #407 is open, non-draft, CLEAN/mergeable, bounty-labeled, includes /claim #10, and its Algora claim remains Pending for USD 500: https://algora.io/claims/MvNKk26EabZwTUUv

Scope reminder for review: PR #407 is the repository component-owner approval quorum guard for Project Repository & Version Control. It covers component-owner approval quorum for manuscript, data, code, notebooks, protocols, results, and metadata paths; fresh eligible approval coverage; restricted data/protocol escalation owners; stale approval handling after file movement; and conflicted self-approval blocking before protected repository/version-control actions proceed.

This remains separate from PR #425's external-reference pinning and timestamp-freshness hardening, PR #493's repository embargo release guard, PR #392's compute sandbox policy guard, and other adjacent #10 slices. No contributor-side code changes are pending unless maintainers request revisions.

[taherdhanera]

Visibility refresh after PR #425's newer hardening pass for future-dated API snapshot evidence.

My existing issue #10 submission remains PR #407: #407

Current status re-verified now: PR #407 is open, non-draft, CLEAN/mergeable, bounty-labeled, includes /claim #10, and its Algora claim remains Pending for USD 500: https://algora.io/claims/MvNKk26EabZwTUUv

Scope reminder for review: PR #407 is the repository component-owner approval quorum guard for Project Repository & Version Control. It covers component-owner approval quorum for manuscript, data, code, notebooks, protocols, results, and metadata paths; fresh eligible approval coverage; restricted data/protocol escalation owners; stale approval handling after file movement; blocked conflicted self-approval; unmapped path coverage; and deterministic reviewer artifacts.

This remains separate from PR #425's external-reference pinning / future-dated API snapshot evidence slice, PR #493's repository embargo release guard, PR #475's release signature guard, and the other same-issue repository/version-control slices. No contributor-side changes are pending unless maintainers request revisions.

[taherdhanera]

Visibility refresh after newer same-issue #10 competitor PR #425 activity. This PR #407 remains open, non-draft, CLEAN/mergeable, bounty-listed, and claim-marked for issue #10. Scope remains distinct: component-owner approval quorum guard: component path ownership, fresh eligible approvals, restricted data/protocol escalation owners, stale approval handling, self-approval blocking, and unmapped path coverage. No contributor-side code changes are pending unless maintainers request revisions.

[taherdhanera]

Visibility refresh after KoiosSG's latest PR #425 update (c3d3811) for invalid checksum placeholders in external-reference pinning evidence.

PR #407 remains my active issue #10 submission: open, non-draft, CLEAN/mergeable, bounty-labeled, /claim #10 present, and tied to the Pending USD 500 Algora claim: https://algora.io/claims/MvNKk26EabZwTUUv

Scope remains distinct: PR #407 is the repository component-owner approval quorum guard for protected repository/version-control actions. It covers component path ownership, fresh eligible approvals, restricted data/protocol escalation owners, stale approval handling, conflicted self-approval blocking, unmapped path coverage, and deterministic reviewer artifacts.

PR #425 is a separate external-reference pinning/checksum-evidence slice. No contributor-side code changes are pending for PR #407 unless maintainers request revisions.

[taherdhanera]

Visibility refresh after newer same-issue #10 competitor PR activity from KoiosSG PR #425.

This PR #407 remains open, non-draft, MERGEABLE, bounty-labeled, and claim-marked for issue #10. It is tied to the Pending USD 500 Algora claim: https://algora.io/claims/MvNKk26EabZwTUUv

Scope remains distinct: repository component-owner approval quorum, fresh eligible approval coverage, restricted data/protocol escalation owners, stale approval handling after file movement, conflicted self-approval blocking, unmapped path coverage, and reviewer artifacts. PR #425 remains a separate external-reference pinning slice. No contributor-side changes are pending unless maintainers request revisions.

[taherdhanera]

Visibility refresh after KoiosSG's newer PR #425 update (00969a1) for invalid DOI-placeholder evidence in external reference pinning.

PR #407 remains my active issue #10 submission: open, non-draft, MERGEABLE/CLEAN, bounty-labeled, /claim #10 present, and tied to the Pending USD 500 Algora claim: https://algora.io/claims/MvNKk26EabZwTUUv

Scope remains distinct: repository component-owner approval quorum, fresh eligible approval coverage, restricted data/protocol escalation owners, stale approval handling after file movement, conflicted self-approval blocking, unmapped path coverage, and deterministic reviewer artifacts.

PR #425 is a separate external-reference pinning/checksum/DOI evidence slice. No contributor-side code changes are pending for PR #407 unless maintainers request revisions.

[taherdhanera]

PR-side visibility refresh after newer same-issue #10 activity from @KoiosSG in PR #425 (repository external reference pin guard).

PR #407 remains open, non-draft, MERGEABLE/CLEAN, bounty-labeled, and claim-marked for #10. Algora reward link remains indexed: https://algora.io/claims/MvNKk26EabZwTUUv

Scope remains the component-owner approval guard, separate from PR #425's repository external reference pin guard. No contributor-side changes are pending unless maintainers request revisions.

[taherdhanera]

Visibility refresh after KoiosSG updated same-issue #10 PR #425 later than my last PR #407 status.

This active claim remains PR #407.

Current status re-verified now:

• open and non-draft
• MERGEABLE/CLEAN
• Bounty claim label present
• PR body includes /claim #10
• Algora reward link remains indexed: https://algora.io/claims/MvNKk26EabZwTUUv

Scope remains the repository component-owner approval guard: component path ownership, fresh eligible approvals, restricted data/protocol escalation owners, stale approval handling, conflicted self-approval blocking, unmapped path coverage, deterministic reviewer packets, and demo artifacts.

This remains separate from PR #425's repository external-reference pinning/checksum/DOI evidence slice. No contributor-side code changes are pending unless maintainers request revisions.

[taherdhanera]

PR-side visibility refresh after newer same-issue #10 activity from @Entr0zy / PR #500.

PR #407 remains open, non-draft, MERGEABLE/CLEAN, bounty-labeled, and claim-marked for issue #10. Its Algora claim remains Pending for USD 500: https://algora.io/claims/MvNKk26EabZwTUUv

Scope remains the component-owner approval quorum guard before protected branch merge or tagged repository release. It is separate from PR #500's branch-protection drift guard. No contributor-side changes are pending unless maintainers request revisions.

[taherdhanera]

Visibility refresh after newer same-issue #10 PR activity from @codeaustral-oss / PR #300.

PR #407 remains open, non-draft, CLEAN, bounty-labeled, and claim-marked for issue #10. Its Algora claim remains Pending for USD 500: https://algora.io/claims/MvNKk26EabZwTUUv

Scope remains the component-owner approval quorum guard before protected branch merge or tagged repository release. It is separate from PR #300's repository branch hypothesis lineage gate. No contributor-side changes are pending unless maintainers request revisions.

[taherdhanera]

Visibility refresh after newer same-issue #10 activity from @orenodinner / PR #503 at #10 (comment).

This PR remains my active #10 submission.

Current status re-verified now:

• PR Add component-owner approval guard for issue #10 #407 is open and non-draft
• PR Add component-owner approval guard for issue #10 #407 is MERGEABLE/CLEAN
• PR Add component-owner approval guard for issue #10 #407 has the Bounty claim label
• PR body includes /claim #10
• Algora claim remains Pending for USD 500: https://algora.io/claims/MvNKk26EabZwTUUv

No contributor-side changes are pending unless maintainers request revisions.

[taherdhanera]

PR-side visibility refresh after newer same-issue #10 activity from @attaboy11 at #10 (comment).

This PR #407 remains my active issue #10 submission.

Current status re-verified now:

• open and non-draft
• MERGEABLE/CLEAN
• Bounty claim label present
• PR body includes /claim #10
• Algora claim remains Pending for USD 500: https://algora.io/claims/MvNKk26EabZwTUUv

Scope remains the repository component-owner approval quorum guard, separate from the newer Git LFS pointer integrity and quota guard attempt. No contributor-side changes are pending unless maintainers request revisions.

[taherdhanera]

PR-side visibility refresh after newer same-issue #10 PR activity from @attaboy11 / PR #507: #507

This PR #407 remains my active issue #10 submission.

Current status re-verified now:

• open and non-draft
• MERGEABLE/CLEAN
• Bounty claim label present
• PR body includes /claim #10
• Algora claim remains Pending for USD 500: https://algora.io/claims/MvNKk26EabZwTUUv

Scope remains the repository component-owner approval quorum guard, separate from PR #507's Git LFS pointer integrity and quota guard. No contributor-side changes are pending unless maintainers request revisions.

[taherdhanera]

PR-side visibility refresh after the latest same-issue #10 PR update from @Entr0zy / PR #500: #500

This PR #407 remains my active issue #10 submission.

Current status re-verified now:

• open and non-draft
• MERGEABLE/CLEAN
• Bounty claim label present
• PR body includes /claim #10
• Algora claim remains Pending for USD 500: https://algora.io/claims/MvNKk26EabZwTUUv

Scope remains the component-owner approval quorum guard, separate from PR #500's branch-protection drift guard.

[taherdhanera]

PR-side visibility refresh after newer same-issue #10 PR update from @KoiosSG / PR #425: #425

This PR #407 remains my active issue #10 submission.

Current status re-verified now:

• open and non-draft
• MERGEABLE/CLEAN
• Bounty claim label present
• PR body includes /claim #10
• Algora claim remains Pending for USD 500: https://algora.io/claims/MvNKk26EabZwTUUv

Scope remains the component-owner approval quorum guard, separate from PR #425's repository external-reference pin guard.

[taherdhanera]

Merge/reward readiness refresh for /claim #10.

Current contributor-side status rechecked from the watcher:

• PR is open, non-draft, MERGEABLE/CLEAN
• Bounty claim label is present
• PR body includes /claim Project Repository & Version Control #10
• Algora claim remains Pending for USD 500: https://algora.io/claims/MvNKk26EabZwTUUv
• Scope remains the focused component-owner approval guard submission
• No known contributor-side blocker or requested change is visible from the latest PR state

Could a maintainer please review this PR for merge/reward decision, or point me to the exact change needed to unblock it? I can respond quickly.