Project Governance
Thermocline is an open-source project governed by the principles of transparency, meritocracy, and community collaboration.
Project Structure
Organization
| Entity | Role |
|---|---|
| StronglyAI, Inc. | Project steward, primary sponsor |
| Core Team | Day-to-day project management and technical direction |
| Maintainers | Component-level ownership and review |
| Contributors | Community members with merged contributions |
Roles
Core Team
- Set technical direction and roadmap priorities
- Make final decisions on architecture and design
- Manage releases and versioning
- Handle security vulnerability disclosure
- Mentor new contributors
Maintainers
- Review and merge pull requests in their area
- Triage issues and feature requests
- Ensure code quality and test coverage
- Participate in design discussions
Contributors
- Submit pull requests and bug fixes
- Report issues and suggest features
- Improve documentation
- Help others in community discussions
Decision Making
Technical Decisions
- Minor changes — Approved by any maintainer via PR review
- Significant changes — Discussed in GitHub issue, approved by 2+ maintainers
- Architectural changes — RFC process with community input, approved by Core Team
- Breaking changes — RFC process, minimum 2-week comment period
RFC Process
For significant changes, we follow a Request for Comments (RFC) process:
- Open a GitHub Discussion with the
RFClabel - Describe the problem, proposed solution, and alternatives
- Community provides feedback for minimum 2 weeks
- Core Team reviews and makes a decision
- If approved, implementation begins
Versioning
Thermocline follows Semantic Versioning:
- Major (X.0.0) — Breaking changes to user-facing APIs
- Minor (0.X.0) — New features, backward-compatible
- Patch (0.0.X) — Bug fixes, backward-compatible
Release Process
- Release candidate branch created from
main - Testing period (1-2 weeks for major, days for patch)
- Release notes drafted
- Tag created and artifacts published
- Announcement on blog and community channels
License
Thermocline is licensed under the Server Side Public License (SSPL) v1.
This means you can:
- Use Thermocline freely for any purpose
- Modify and distribute the source code
- Run it as part of your own infrastructure
Requirements:
- If you offer Thermocline as a service, you must release the source code of your entire service stack under SSPL
- Include the license and copyright notice
- State changes made to the code
Security
Vulnerability Reporting
If you discover a security vulnerability, please report it responsibly:
- Do NOT open a public GitHub issue
- Email support@strongly.ai
- Include steps to reproduce and potential impact
- We will acknowledge within 48 hours
- We aim to release a fix within 7 days for critical issues
Security Policy
- All reported vulnerabilities are treated confidentially
- Credit is given to reporters (unless they prefer anonymity)
- Fixes are backported to supported versions
- Security advisories are published on GitHub