Skip to content

Change Management

This document defines what level of process a given change requires. It complements the task-risk model in docs/ai/task-classification-and-routing.md, which is written for AI agents; this document is the human-facing, document-centric counterpart.

Categories of change

1. Normal documentation edit

A wording fix, link repair, formatting cleanup, or clarification that does not change the meaning or binding content of a document. Requires no special process beyond normal editing — bump the document's version patch number (see versioning-and-release-management.md).

2. Product-specification update

A change to a specification's substantive content (adds/removes/changes a requirement, contract, or behavior). Requires the specification's owner (typically Product Owner) to review, and a version bump appropriate to the size of the change. Should not be moved to approved by the author alone (see document-lifecycle.md).

3. Venture-level decision

A change that affects how a venture operates but isn't captured by a single specification — e.g. a new venture standard, a change in venture scope. Recorded as a venture-level ADR or standard, owned by the Venture Lead, subject to company-level constraints (see authority-and-inheritance.md).

4. Company-level ADR

A change that affects the company as a whole, or that establishes a precedent intended to bind multiple ventures. Recorded as a company-level ADR in docs/decisions/, requiring Founder approval.

5. Human approval required (regardless of category)

Independent of the above categories, some changes always require human approval before being considered final — see docs/ai/human-review-and-approval.md and the "High risk" tier in docs/ai/task-classification-and-routing.md: company policy, security controls, privacy practices, legal claims, financial models used for decisions, food-safety guidance, medical/nutrition claims, destructive migrations, and public product claims.

6. Migration / release notes

A change that affects how existing content, data, or a live product must be migrated, or that corresponds to a shipped release. Requires a recorded release note or migration note (see versioning-and-release-management.md) so the change is traceable after the fact.

Decision table

Change Category Approval needed Version bump
Fix a typo, broken link, or formatting Normal edit None patch
Reword for clarity, no meaning change Normal edit None patch
Add a section to a guide or template Normal edit (guide/template) Owner review recommended minor
Change a specification's requirements Product-specification update Owner review, human approval before approved minor or major
Introduce a new venture standard Venture-level decision Venture Lead minor/major (new doc starts 0.1.0)
Change something affecting multiple ventures Company-level ADR Founder new ADR record
Touch security/privacy/legal/financial/food-safety/medical content Human approval required Founder and/or Security and Privacy Reviewer per content type above
Ship a product change / update a record of what happened Migration / release notes Depends on above record (new), not a version bump on history

Flow

Is this a wording/formatting-only change with no meaning change?
  └─ Yes → Normal edit. Proceed, bump patch version.
  └─ No ↓

Does it touch security, privacy, legal, financial, food-safety, or medical/nutrition content,
or public commercialization claims?
  └─ Yes → High risk. Draft it, but it MUST get explicit human approval before being treated
            as final. See docs/ai/human-review-and-approval.md.
  └─ No ↓

Does it change a product specification's substantive content?
  └─ Yes → Product-specification update. Owner review, version bump, do not self-approve.
  └─ No ↓

Does it affect one venture only?
  └─ Yes → Venture-level decision (ADR or standard), Venture Lead approval.
  └─ No → Company-level ADR, Founder approval.

See docs/governance/document-lifecycle.md for how status transitions interact with this table, and docs/ai/task-classification-and-routing.md for the agent-facing version of this risk model.


Report an issue about this page