Governance
Bootstrap safety → community voice → sustainable stewardship with clear SLOs.
Goal: Ship safely pre‑launch with tight controls, then progressively decentralize without compromising execution quality or user safety.
Phased governance model
Phase 0 — Bootstrap
Security‑focused multisig controls critical parameters; transparent change log; scope‑limited emergency powers.
Phase 1 — Transitional
Introduce proposal RFCs, risk council review, and community signaling; audits required for material changes.
Phase 2 — DAO
Token‑weighted or delegated voting with quorum and veto safeguards; on‑chain execution with timelocks.
Roles and responsibilities
Maintainers
Prepare releases, coordinate audits, operate incident response, and manage documentation and receipts schema.
Risk Council
Evaluates protocol risk of proposed changes (limits, adapters, routing weights) and publishes impact notes.
Guardians
Scope‑limited ability to pause specific adapters or routes under defined conditions; no custody powers.
Proposal lifecycle
- Idea → forum post with rationale, metrics, and risk analysis (≥72h discussion).
- RFC → structured spec with diffs, test plan, and backout plan (≥5d review).
- Audit → third‑party review for material code changes; publish report & remediation.
- Vote → on‑chain or snapshot with quorum and threshold; include parameters and timings.
- Timelock → T+48h for normal changes; T+7d for parameter/treasury changes.
- Execute → change applied; receipts and change log updated; post‑deployment monitoring.
Voting parameters (targets)
| Parameter | Phase 1 | Phase 2 | Notes |
|---|---|---|---|
| Quorum | 10–15% | 15–25% | Higher for treasury/parameter changes |
| Threshold | Simple majority | ≥60% | Supermajority for security‑sensitive proposals |
| Voting period | 3–5 days | 5–7 days | Short‑circuit allowed for clearly non‑controversial fixes |
| Timelock | ≥48h | ≥48–168h | Longer for treasury and emission schedules |
Governance KPIs
≤7 days
Idea→RFC median
≥20%
Voter participation
≤24 h
Incident MTTR
Emergency controls (scoped)
- Pause specific adapter/route only; core program remains live.
- Automatic unpause window unless renewed by vote (e.g., 72h).
- Immediate public notice, reason, and next steps; on‑chain receipt.
Transparency
- Public change log with diffs, receipts, and rollout timings.
- Metrics dashboard for participation, proposal cadence, and incident burndown.
- Quarterly reports summarizing shipped proposals, audits, and treasury movements.
Treasury & grants (outline)
| Track | Purpose | Guardrails |
|---|---|---|
| Protocol | Core routing, privacy features, audits | Milestone‑based, code open‑sourced |
| Ecosystem | Maker integrations, tooling, relayers | Matching + KPIs, non‑custodial only |
| Research | MEV mitigation, privacy analysis | Publish results; reproducible experiments |