covenant.yml, a robots.txt spec for human and AI repo governance
We’ve published the first draft of `covenant.yml`, a deterministic YAML specification intended to define rules of engagement between human contributors and autonomous agents within a repository.
The idea is similar in spirit to robots.txt, but for repository collaboration:
- Explicit agent PR policies (allow,warn,deny)
- Provenance requirements
- Thread intervention policies
The design goal is strict determinism and machine-verifiable outcomes, no fuzzy language, no interpretive governance, like praying for LLMs to respect CONTRIBUTIONS.md or AGENTS.md. Agents and CI systems should be able to compute compliance without ambiguity.
We’re interested in feedback from people working on:
- AI-assisted development
- OSS governance
- Secure supply chains
- GitHub automation/policy engines
Questions we’re exploring:
- What policy dimensions are missing?
- Where could ambiguity still creep in?
- Would you adopt something like this?
This is an early version and we are open to any contribution or feedback.
Replies