# Code ownership → reviewer routing. Maps repo paths to the harness specialist that should
# review them (and, once collaborators exist, to GitHub handles). Until handles are added, this
# documents the intended review owner; pair it with the agent of the same role in agents/.

# Make-or-break path — conflict detection on Assert. Always run /bench (eval-guardian).
/context_vault/conflict/        # owner: conflict-engine-specialist + eval-guardian
/eval/                          # owner: eval-guardian

# Bitemporal store + retrieval.
/context_vault/store/           # owner: bitemporal-store-reviewer
/context_vault/resolve*.py      # owner: bitemporal-store-reviewer

# Tenant isolation / ACL — deny-by-default (a prior cross-tenant leak lived here).
/context_vault/policy/          # owner: security-reviewer + bitemporal-store-reviewer

# Tamper-evident audit (D1–D4).
/context_vault/audit/           # owner: audit-crypto-reviewer

# Interfaces.
/frontend/                      # owner: typescript-reviewer
/sdk-ts/                        # owner: typescript-reviewer

# The harness itself.
/agents/                        # owner: architect
/commands/                      # owner: architect
/skills/                        # owner: architect
/hooks/                         # owner: architect
/scripts/hooks/                 # owner: architect
/rules/                         # owner: architect

# Pilot kit + framework adapters (Sprint 1–2).
/context_vault/telemetry/       # owner: security-reviewer  (privacy: content-free rollup)
/context_vault/sandbox/         # owner: bitemporal-store-reviewer
/context_vault/integrations/    # owner: architect

# CI / supply chain — a workflow edit can reintroduce the pwn-request hole; require security sign-off.
/.github/workflows/             # owner: security-reviewer
