[Issue]: Add OSSF-compliant governance documentation for roles and responsibilities

[WilliamBerryiii]

Issue Description

The project needs to meet the OpenSSF Best Practices Badge criterion for roles and responsibilities documentation:

The project MUST clearly define and publicly document the key roles in the project and their responsibilities, including any tasks those roles must perform. It MUST be clear who has which role(s), though this might not be documented in the same way.

Current State Assessment: Partially Met ⚠️

The project has foundational governance documentation but lacks explicit role definitions with named individuals or teams.

What IS Currently Documented

Document	Content
CODEOWNERS	Defines @microsoft/edge-ai-core-dev as code owner for all files
CONTRIBUTING.md	Describes contributor responsibilities, maintainer interactions
SUPPORT.md	Documents support SLOs and escalation paths
SECURITY.md	Assigns security handling to MSRC
CODE_OF_CONDUCT.md	References Microsoft Open Source Code of Conduct
Release Process	Describes maintainer vs contributor responsibilities

Gaps Identified

Gap	OSSF Expectation
No explicit role definitions	Document roles like "Maintainer", "Committer", "Contributor", "Reviewer" with specific responsibilities
No named individuals or team roster	List who holds each role, even if via team reference
No governance decision process	How decisions are made, who has final authority
No dedicated MAINTAINERS or GOVERNANCE file	Dedicated file defining project leadership structure

---

Proposed Work

1. Create GOVERNANCE.md

Document the following:

• Role Definitions

  • Maintainer: Full repository access, merge authority, release management, architectural decisions
  • Committer: Write access, code review authority, can approve PRs
  • Contributor: Submit PRs, report issues, participate in discussions
  • Reviewer: Designated reviewers for specific areas (maps to CODEOWNERS)

• Responsibilities Matrix

  Role	Code Review	Merge PRs	Release	Architecture Decisions	Issue Triage
  Maintainer	✅	✅	✅	✅	✅
  Committer	✅	✅	❌	Advise	✅
  Contributor	❌	❌	❌	Propose	❌

• Decision-Making Process

  • How consensus is reached
  • Escalation path for disagreements
  • RFC/ADR process for significant changes

• Succession and Changes

  • How new maintainers are added
  • Criteria for role changes
  • Emeritus status

2. Create MAINTAINERS.md or Add Team Section

List current project leadership:

## Current Maintainers

| Name | GitHub | Areas of Responsibility |
|------|--------|-------------------------|
| [Name] | @handle | Overall project, releases |
| [Name] | @handle | Documentation, agents |

## Teams

- **@microsoft/edge-ai-core-dev**: Core development team with full maintainer privileges

3. Update Existing Documentation

• CONTRIBUTING.md: Add cross-reference to GOVERNANCE.md
• README.md: Add "Governance" section in Documentation table
• CODEOWNERS: Add header comment explaining the team's role

---

Acceptance Criteria

• GOVERNANCE.md exists at repository root with role definitions
• Responsibilities for each role are explicitly documented
• Tasks each role must perform are listed
• Current role holders are identifiable (individuals or team)
• Decision-making process is documented
• CONTRIBUTING.md references GOVERNANCE.md
• README.md documentation table includes governance link

---

Additional Context

OSSF Best Practices Badge Reference

This work addresses the governance criterion from the OpenSSF Best Practices Badge:

• Criterion ID: roles_responsibilities
• Level: Passing
• Category: Governance

Related Standards

• GitHub Community Standards
• CNCF Governance Templates
• TODO Group OSPO Guides

Example Projects

Projects with exemplary governance documentation:

• Kubernetes GOVERNANCE.md
• Node.js GOVERNANCE.md
• Rust GOVERNANCE.md