Project governance and sustainability¶
What enterprise evaluators can determine from published documentation and repository policy. This is not a commercial vendor statement.
Project model¶
| Aspect | Status |
|---|---|
| Product | Open-source OntoCode (VS Code) + OntoIndex (Rust engine) |
| License | MIT OR Apache-2.0 (application crates); third-party licenses in LICENSES.md |
| Distribution | GitHub Releases (VSIX, CLI, LSP), VS Code Marketplace, crates.io |
| Commercial support | Not offered — community via GitHub issues |
| Vendor / company | Not documented as a separate legal entity |
Fortune 500 teams should plan internal OSS adoption with their own escalation path and pinned versions.
Release cadence (observed)¶
Recent documented releases (see changelog):
| Version | Date (changelog) |
|---|---|
| 0.8.0 | 2026-06-26 |
| 0.7.0 | 2026-06-25 |
| 0.6.0 | 2026-06-24 |
Pre-1.0 releases may ship frequently. No committed future cadence is documented.
Maintainers follow releasing.md: version bump, CHANGELOG, SHIPPED matrix, mkdocs build --strict, ./scripts/check-doc-versions.sh, GitHub Release artifacts with SHA256SUMS and NOTICES.
Version support policy¶
| Stream | Security support (documented) |
|---|---|
| 0.8.x | Yes — security policy |
| 0.7.x | Best effort |
| ≤ 0.6.x | No |
Pin versions in CI and desktop rollouts; do not assume automatic long-term backports.
Security response¶
- Report via GitHub Security Advisories — not public issues
- Acknowledgment target: within a few business days (SECURITY.md)
- No published SLA for patch delivery
- Historical advisories: check the repository Security tab (not summarized in docs)
Supply chain: cargo audit in CI; release integrity via SHA256 — release integrity. Code signing: not shipped.
Quality gates (documented)¶
| Gate | Where documented |
|---|---|
| Rust CI (fmt, clippy, tests) | README, contributing.md |
| Extension tests + VS Code E2E | README, contributing |
| MkDocs strict build | releasing.md |
| Doc version sync | ./scripts/check-doc-versions.sh |
Roadmap governance¶
- Target specs live under Contributing → Design (may describe future behavior)
- Shipped behavior is canonical in SHIPPED.md
- v1.0 is a product goal, not a committed date — Release timeline (non-commitment)
Contributing¶
Community contributions welcome — contributing.md. No documented contributor license agreement beyond standard GitHub inbound licensing.
Enterprise implications¶
| Question | Documented answer |
|---|---|
| Bus factor / team size | Not documented |
| Funding model | Not documented |
| Paid enterprise tier | Not offered |
| Partner program | Not documented |
| SOC 2 / ISO | Not claimed — production readiness |