Proposal System
Users can propose changes to every layer of the framework. Proposals follow a consistent two-scope model: changes take effect locally immediately, and can optionally be proposed upstream to the core framework where they go through governance.
What Can Be Proposed
| Layer | What | Local (immediate) | Upstream (governance) |
|---|---|---|---|
| 1. Sources | New intelligence source | Add to security/intel/sources-local.yaml | PR to intel/sources.yaml |
| 1. Sources | New source tier | Add tier to local sources | PR to create new tier in core catalog |
| 1. Sources | Re-score existing source | Override score in local config | PR to update score in core catalog |
| 1. Sources | Flag stale source | Local note | PR to downgrade/remove in core catalog |
| 1. Agents | New auditor domain | Add agent to project .claude/agents/ | PR to agents/focused/ |
| 1. Agents | Update agent checklist | Modify local copy | PR to agent .md file |
| 2. Governance | Board membership | N/A (core only) | GitHub Issue + team change |
| 3. Vectors | New attack vector | Add to security/vectors/ | PR to vectors/community/ |
| 3. Rules | New semgrep rule | Add to project .semgrep/ | PR to semgrep/ |
| 3. Standards | New standards mapping | Add to local standards/ | PR to standards/ |
| 4. Skills | New integration skill | Add to project .claude/skills/ | PR to skills/ |
Local-First Source Management
Users can add, score, and manage sources immediately for their own project without waiting for governance approval.
security/intel/sources-local.yaml:
version: "1.0"
last_updated: "2026-03-21"
sources:
# Internal source (project-specific, not proposable)
- id: local-internal-pentest-reports
name: "Internal Penetration Test Reports"
url: "https://wiki.internal/security/pentest"
type: page
domains: [all]
why: "Our internal red team tests Canton deployments quarterly"
score:
recency: 5
community: 1
depth: 5
acceptance: 2
authority: 4
composite: 3.55
# Public source flagged for upstream proposal
- id: local-canton-defi-tracker
name: "Canton DeFi Security Tracker"
url: "https://example.com/canton-security"
type: page
domains: [authorization, state]
why: "New tracker focused on Canton Network exploits"
score:
recency: 5
community: 3
depth: 4
acceptance: 3
authority: 3
composite: 3.70
propose_upstream: true
proposed_tier: 4
# Score override for a core source
- id: override:quantstamp-audits
score_override:
depth: 5
recency: 3
How agents merge both catalogs:
- Load core
intel/sources.yaml(from framework) - Load local
security/intel/sources-local.yaml(from project) - Merge: local sources added, score overrides applied
- Sort by composite score, sweep in order
Proposing Sources and Tiers Upstream
/bastion:propose --sources reads sources-local.yaml for entries with propose_upstream: true, validates the source is reachable and produces relevant content, and submits a GitHub PR.
New tier proposals include a tier definition with justification:
- id: proposed-tier-8-custody-security
tier: 8
tier_name: "Digital Asset Custodian Security"
tier_description: "Security sources specific to digital asset custody"
sources:
- id: custody-security-alliance
name: "Custody Security Alliance Reports"
url: "https://example.com/custody-security"
type: page
domains: [authorization, state]
score:
recency: 4
community: 3
depth: 4
acceptance: 3
authority: 3
composite: 3.50
Vector Proposal Flow
Zero-Friction Submission
The user's only job is to say "yes." Everything else is automated. The goal is to make sharing back easier than not sharing.
Makefile targets:
bastion-propose: ## Review and submit all pending proposals (interactive)
bastion-propose-vector: ## Submit a specific vector (usage: make bastion-propose-vector ID=AV-048)
bastion-propose-sources: ## Submit all flagged local sources
bastion-propose-pending: ## Submit everything in the pending queue
bastion-propose-dry-run: ## Preview without creating PRs
bastion-status: ## Show pending proposals, sync status, contribution stats
The most common flow: make bastion-propose-pending
Auto-generated PR example:
Bastion Proposal: Canton Topology Delegation Bypass
Type: Vector | Domain: authorization | Severity: HIGH | CWE: CWE-285
Description: Canton topology delegation transactions can bypass party vetting when a malicious participant submits a delegation with a forged namespace.
Mitigation Pattern:
assertMsg "Delegation must chain to a vetted root namespace" (isVettedNamespace delegationRoot)Evidence: Discovered by authorization-auditor agent on 2026-03-21. Local test PASSED. Semgrep rule validates.
Checklist: All 7 items auto-checked.
Where PR content comes from (nothing is manual):
| PR field | Collected during |
|---|---|
| Title, type, domain, severity, CWE | Layer 1: agent proposal |
| Description, mitigation pattern | Layer 3: /integrate-vector sanitization |
| Test evidence, semgrep evidence | Layer 4: verification run |
| Applicability statement | Layer 3: sanitization step |
| Labels | Auto-applied from YAML fields |
bastion-status output:
Bastion Status — canton-exchange
Framework version: 2.1.0 (up to date)
Last sync: 2026-03-21
Pending proposals (3):
VECTOR AV-048 Canton Topology Delegation Bypass HIGH Ready
SOURCE local-canton-defi-tracker Score: 3.7
RULE daml-topology-delegation-check Matches AV-048
Your contributions:
Vectors proposed: 8 | Accepted: 5
Sources proposed: 3 | Accepted: 2
Run: make bastion-propose-pending
Governing Body Review
Proposals arrive fully formed with evidence, test results, and validation — the review burden on the committee is minimal.
ACCEPT if: Applies to any DAML/Canton project, classification is accurate, content is correct and generic, not a duplicate, scoring is reasonable.
REJECT if: Project-specific, incomplete, already covered, scoring inflated.
VARIANT if: Similar to existing content but warrants expansion.
Governance Mechanism
See GOVERNANCE.md for the full GitHub-native implementation (rulesets, CODEOWNERS, teams, branch protection).