/claim #10

Algora claim registration

• Bounty issue: Project Repository & Version Control #10
• Active claim PR: Add component-owner approval guard for issue #10 #407
• Supersedes closed duplicate PR 387; this is the active review-ready submission.
• Claim status refresh requested because the issue table still shows my original attempt as WIP.

Summary

Adds repository-component-owner-approval-guard, a self-contained Project Repository & Version Control slice that validates component-owner approval quorum before protected-branch merge or tagged repository release.

The guard evaluates:

• repository component path ownership for manuscript/, data/, code/, notebooks/, protocols/, results/, and metadata.json
• fresh eligible approval coverage per touched component
• restricted data/protocol escalation owners
• stale approvals after changed files move
• conflicted self-approvals by merge request authors
• unmapped repository paths without component policy coverage

Non-overlap

This is not a broad repository ledger, release engine, structured diff/rollback module, provenance attestation layer, release embargo gate, notebook replay tool, schema migration assistant, citation impact verifier, API/export verifier, merge queue, environment drift checker, access review guard, DOI tombstone gate, metadata readiness gate, branch hypothesis lineage guard, sensitive-artifact scanner, dependency-license guard, legal-hold gate, restore rehearsal guard, or compute sandbox policy guard. It focuses specifically on component-owner approval quorum and approval freshness before merge.

Validation

Run from repository-component-owner-approval-guard/:

npm run check
npm test
npm run demo
npm run demo:video

Fresh validation passed after the latest reproducibility hardening commit.

Demo Video

• reports/demo.webm
• reports/demo.mp4

Reviewer Artifacts

• reports/summary.json
• reports/reviewer-packet.md
• reports/summary.svg
• reports/demo.webm
• reports/demo.mp4

Safety

All data is synthetic. The module does not call Git providers, repository hosting APIs, identity systems, storage systems, private repositories, or external services. It does not include private research data, credentials, real users, or live project mutations.