WAF++ Logo WAF++
Governance

RFC Tracker

Every significant change to WAF++ starts with a public Request for Comments. This page tracks every RFC — draft through implementation — so decisions are always traceable.

GitHub Discussions → Governance model →
10
Total RFCs
2
Open for review
2
Draft
6
Implemented
0
Rejected
RFC-0001 Initial 7-pillar framework structure
implemented framework

Establishes the core seven-pillar model as the foundational structure of WAF++, covering Security, Reliability, Performance Efficiency, Cost Optimisation, Operational Excellence, Sustainability, and Developer Experience.

Author: sascha-lewandowski Opened: 2025-12-05Decided: 2025-12-05Implemented: 2025-12-05PR: #1
RFC-0002 Public 2026 roadmap and milestone planning
implemented governance

Defines the public roadmap for 2026 covering Q1–Q4 milestones, including v1.0 target, pilot programme, and foundation readiness goals.

Author: sascha-lewandowski Opened: 2025-12-06Decided: 2025-12-06Implemented: 2025-12-06PR: #2
RFC-0003 Pillar descriptions and key questions — all 7 pillars
implemented framework

Adds the initial content definition for each of the 7 pillars: scope, rationale, and key assessment questions. Serves as the baseline for the controls library.

Author: sascha-lewandowski Opened: 2025-12-07Decided: 2025-12-07Implemented: 2025-12-07PR: #3
RFC-0004 Documentation migration to AsciiDoc / Antora
implemented docs

Migrates all framework documentation from Markdown to AsciiDoc and establishes Antora as the documentation build system with component versioning (v1.0).

Author: t1murl Opened: 2026-02-20Decided: 2026-02-26Implemented: 2026-02-26PR: #4
RFC-0005 Contribution metadata: CONTRIBUTING, CODE_OF_CONDUCT, SECURITY
implemented governance

Adds the standard open-source health files to the framework repository: contribution guidelines, code of conduct (based on Contributor Covenant v2.1), and security policy.

Author: sascha-lewandowski Opened: 2026-02-06Decided: 2026-02-08Implemented: 2026-02-08PR: #6
RFC-0006 Sovereign pillar (Pillar 7) — initial controls
implemented framework

Introduces the Sovereign pillar as the 7th pillar of WAF++, covering data sovereignty, compliance, and jurisdictional control. Ships with 10 initial controls (WAF-SOV-010 through WAF-SOV-100).

Author: sascha-lewandowski Opened: 2026-02-14Decided: 2026-03-04Implemented: 2026-03-04
RFC-0008 Controls schema v1 — machine-readable YAML specification
open tooling

Defines a formal JSON Schema for WAF++ controls YAML files, enabling consistent validation, tooling integration, and third-party consumption of the controls library.

Author: sascha-lewandowski Opened: 2026-03-10Discussion: GitHub →
RFC-0009 PASS scoring model — formal specification for v1.0
open framework

Formalises the PASS scoring model as a normative specification: tier definitions, calculation rules, aggregation logic, and versioning contract. Required for v1.0 stability guarantee.

Author: t1murl Opened: 2026-03-08Discussion: GitHub →
RFC-0010 Assessment tooling — CLI and scorecard approach
draft tooling

Defines the approach for official WAF++ assessment tooling: a CLI tool and/or web scorecard that consumes the controls library and produces a PASS score report.

Author: sascha-lewandowski Opened: 2026-03-11
RFC-0011 CI/CD pipeline for framework repository
draft tooling

Introduces automated checks for the framework repository: Antora build validation, controls YAML linting, and link checking on every pull request.

Author: t1murl Opened: 2026-03-11
RFC-0008 Controls schema v1 — machine-readable YAML specification
open tooling

Defines a formal JSON Schema for WAF++ controls YAML files, enabling consistent validation, tooling integration, and third-party consumption of the controls library.

Author: sascha-lewandowski Opened: 2026-03-10Discussion: GitHub →
RFC-0009 PASS scoring model — formal specification for v1.0
open framework

Formalises the PASS scoring model as a normative specification: tier definitions, calculation rules, aggregation logic, and versioning contract. Required for v1.0 stability guarantee.

Author: t1murl Opened: 2026-03-08Discussion: GitHub →
RFC-0010 Assessment tooling — CLI and scorecard approach
draft tooling

Defines the approach for official WAF++ assessment tooling: a CLI tool and/or web scorecard that consumes the controls library and produces a PASS score report.

Author: sascha-lewandowski Opened: 2026-03-11
RFC-0011 CI/CD pipeline for framework repository
draft tooling

Introduces automated checks for the framework repository: Antora build validation, controls YAML linting, and link checking on every pull request.

Author: t1murl Opened: 2026-03-11
RFC-0001 Initial 7-pillar framework structure
implemented framework

Establishes the core seven-pillar model as the foundational structure of WAF++, covering Security, Reliability, Performance Efficiency, Cost Optimisation, Operational Excellence, Sustainability, and Developer Experience.

Author: sascha-lewandowski Opened: 2025-12-05Decided: 2025-12-05Implemented: 2025-12-05PR: #1
RFC-0002 Public 2026 roadmap and milestone planning
implemented governance

Defines the public roadmap for 2026 covering Q1–Q4 milestones, including v1.0 target, pilot programme, and foundation readiness goals.

Author: sascha-lewandowski Opened: 2025-12-06Decided: 2025-12-06Implemented: 2025-12-06PR: #2
RFC-0003 Pillar descriptions and key questions — all 7 pillars
implemented framework

Adds the initial content definition for each of the 7 pillars: scope, rationale, and key assessment questions. Serves as the baseline for the controls library.

Author: sascha-lewandowski Opened: 2025-12-07Decided: 2025-12-07Implemented: 2025-12-07PR: #3
RFC-0004 Documentation migration to AsciiDoc / Antora
implemented docs

Migrates all framework documentation from Markdown to AsciiDoc and establishes Antora as the documentation build system with component versioning (v1.0).

Author: t1murl Opened: 2026-02-20Decided: 2026-02-26Implemented: 2026-02-26PR: #4
RFC-0005 Contribution metadata: CONTRIBUTING, CODE_OF_CONDUCT, SECURITY
implemented governance

Adds the standard open-source health files to the framework repository: contribution guidelines, code of conduct (based on Contributor Covenant v2.1), and security policy.

Author: sascha-lewandowski Opened: 2026-02-06Decided: 2026-02-08Implemented: 2026-02-08PR: #6
RFC-0006 Sovereign pillar (Pillar 7) — initial controls
implemented framework

Introduces the Sovereign pillar as the 7th pillar of WAF++, covering data sovereignty, compliance, and jurisdictional control. Ships with 10 initial controls (WAF-SOV-010 through WAF-SOV-100).

Author: sascha-lewandowski Opened: 2026-02-14Decided: 2026-03-04Implemented: 2026-03-04

Want to propose a change?

Open a GitHub Discussion using the RFC template. The community reviews it, maintainers decide — everything is documented and traceable.

Open RFC → RFC process guide →
Process
What qualifies as an RFC?

Not every change needs an RFC — only significant ones. Use the table below to decide.

Change type RFC needed? Process
New pillar or removal of a pillar Yes RFC → TSC vote → PR
Scoring model changes (PASS tiers, weights) Yes RFC → TSC vote → PR
Breaking change to controls schema or IDs Yes RFC → TSC vote → PR
New Working Group proposal Yes RFC → lazy consensus → charter published
Governance or role changes Yes RFC → TSC supermajority
New control (non-breaking, additive) Recommended PR with discussion link · lazy consensus
Docs wording, typo fixes, translations No PR only
Website content, blog posts No PR only
Lifecycle
RFC status flow
📝
draft
Author writes the proposal in GitHub Discussions
💬
open
Minimum 5 business days open for community comment
accepted
TSC vote or lazy consensus — documented publicly
🚀
implemented
PR merged, changelog entry added, RFC closed

Alternative outcomes: rejected (not accepted after review) or withdrawn (pulled by author). Both are documented with reasons.