● zegit · proves
ZEGITFILE & config
Two files govern a repo: the ZEGITFILE (the governance contract) and .zegit/config.yaml (the validation pipeline). Both are written by zg init and are the source of the policy digest.
Documented from the implementation
Design documents describe a richer schema (roles, permissions, critical areas). This page documents the schema that zg init actually writes and zg actually parses today.
ZEGITFILE
The governance contract. The implemented schema is a single tag_request block that controls release quorum:
# ZEGITFILE — ZeGit Governance Contract
tag_request:
# Minimum number of distinct approvals before a tag can be created.
threshold: 1
# Roles permitted to approve a Tag Request.
approver_roles:
- owner
- maintainer
# When true, the AoV signed by the TR creator counts as one approval,
# enabling a solo-maintainer flow without a second identity. Default: false.
allow_aov_self_approval: false| Key | Type | Meaning |
|---|---|---|
tag_request.threshold | int | Distinct approvals needed to finalize a tag. |
tag_request.approver_roles | []string | Roles allowed to approve — owner, maintainer, developer. |
tag_request.allow_aov_self_approval | bool | Let the creator's own AoV count as one quorum vote (default false). |
.zegit/config.yaml
The validation pipeline that zg validate runs. Steps run in order; a required step exiting non-zero blocks the AoV.
version: 1
validate:
- id: lint
run: |
gofmt -l . | grep . && exit 1 || exit 0
required: true
- id: test
run: go test ./...
required: true| Key | Type | Meaning |
|---|---|---|
version | int | Schema version — must be 1. |
validate[].id | string | Step identifier (required). |
validate[].run | string | Shell to run (bash -c), required. |
validate[].required | bool | Whether a non-zero exit blocks. Defaults to true when omitted. |
The policy digest
Every AoV records a policy_ref.digest of the form sha256:<hex>, computed over the bytes of .zegit/config.yaml concatenated with ZEGITFILE (when present). The gateway compares this digest against the policy it expects — which is how "policy cannot be weakened" becomes a cryptographic property rather than a process promise. Change either file and the digest changes, so a stale or hand-edited policy no longer matches.
Keep both files in version control. They are your governance — reviewed like code, and bound into every attestation.
Authoritative reference, generated from the component repos. Spot something stale? Tell us.