From 4ac785e352b7d2030f0cf3a3d7998f783d29d8db Mon Sep 17 00:00:00 2001
From: "Molecule AI Dev Engineer A (Kimi)"
 <dev-engineer-a-kimi@agents.moleculesai.app>
Date: Fri, 5 Jun 2026 01:25:48 +0000
Subject: [PATCH] feat(sop-checklist): add Owners to security-review N/A
 eligibility
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Widens who can declare security-review N/A on docs-only / pure-frontend /
dependency-only PRs from {security, managers, ceo} → {security, managers,
ceo, Owners}. This is a governance change requiring explicit security/CTO
review and sign-off.

Extracted from PR #1408 per CEO directive: changing WHO CAN WAIVE the
security gate is significant enough to warrant its own review thread.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
---
 .gitea/sop-checklist-config.yaml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/.gitea/sop-checklist-config.yaml b/.gitea/sop-checklist-config.yaml
index 3ede62cb5..0daf4f381 100644
--- a/.gitea/sop-checklist-config.yaml
+++ b/.gitea/sop-checklist-config.yaml
@@ -202,8 +202,8 @@ n/a_gates:
       must post /sop-n/a qa-review to activate.
 
   security-review:
-    required_teams: [security, managers, ceo]
+    required_teams: [security, managers, ceo, Owners]
     description: >-
       Security review N/A when this change has no security surface
-      (docs-only, pure-frontend, dependency-only). A security/owners
+      (docs-only, pure-frontend, dependency-only). A security/managers/ceo/owners
       member must post /sop-n/a security-review to activate.
-- 
2.52.0