Intent accountability for git
No consequential action without recorded intent. EPICON Guard is a GitHub Action that validates a structured Intent Publication in every pull request — who, why, within what scope, until when, and what would make you revert — and classifies the PR into a consequence tier before it can merge.
The protocol does not prevent actions. It makes divergence legible, attributable, and time-bound.
epicon_id: EPICON_C-367_CORE_payments_v1 ledger_id: kaizencycle scope: core issued_at: 2026-07-09T00:00:00Z expires_at: 2026-08-09T00:00:00Z # authority ends justification: REASONING: lower fees, stronger fraud detection ANCHORS: 2 independent COUNTERFACTUAL: fraud > 0.5% voids this counterfactuals: - if conversion drops in A/B, revert
EPICON-02 · §2
The Guard enforces the Intent Publication & Divergence Protocol directly — a failed check names the invariant it protects, so the gate teaches the protocol instead of just rejecting the contributor.
A pull request without a published intent block cannot merge into consequential surfaces. Authority is requested in writing, before the fact.
The Guard emits a SHA-256 justification_hash of the published block — a witness against quiet rewriting after the fact.
Every intent declares a scope envelope and an issued_at → expires_at window. Unbounded authority is a malformed intent.
Changed files outside the declared envelope are flagged as divergent — a state condition, not an accusation. Visibility, not prevention.
Past expires_at, authority terminates. No renewal without a new Intent Publication and a version bump. Zombie permissions fail the gate.
Structured justification — values, reasoning, anchors, boundaries, counterfactual — is required. Prose alone never passes the gate.
EPICON Tiering Spec v0.1 · §4–§8
The Guard computes the PR's tier from a declarative path registry — the proposer's own risk assessment is advisory only. The more consequential the action, the stronger the requirement, and the harder the failure.
Docs, comments, trivially reversible changes. Minimal intent; backfill permitted.
fails open — pass, honestly marked
Application code, configuration, staging deploys. Full intent, validated before merge, single attestor.
quarantines — check fails, remediable
Value, rights, safety, canon, workflows, ledger state. Full intent plus constitutional commitment.
fails closed — no intent, no merge
Paths matching no registry pattern classify EP-3 — deny-by-default,
because unknown ≠ harmless. A PR's tier is the maximum across its changed
files. Override the registry per-repo with .github/epicon-policy.json.
Quick start
Zero dependencies, one Node file, roughly two seconds of CI. The gate becomes binding when you mark Intent Publication Gate as a required status check in branch protection.
name: EPICON Guard on: pull_request: types: [opened, edited, synchronize, reopened] permissions: contents: read pull-requests: read jobs: epicon: runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 - uses: kaizencycle/epicon@v1
```intent epicon_id: EPICON_C-000_CORE_my-change_v1 ledger_id: your-github-username scope: core mode: normal issued_at: 2026-07-09T00:00:00Z expires_at: 2026-08-09T00:00:00Z justification: VALUES INVOKED: integrity, transparency REASONING: why this change makes sense ANCHORS: - independent support one - independent support two BOUNDARIES: where this does not apply COUNTERFACTUAL: what would void this counterfactuals: - if tests fail, do not merge ```
The Guard reports PASS · PASS_WITH_BACKFILL · QUARANTINE · FAIL_CLOSED with the tier, the divergent paths, and the justification hash — as annotations, a run summary, and workflow outputs your downstream steps can consume.
Source of truth
The specifications live in the Mobius Substrate monorepo, CC0 public domain — free for anyone to implement.
Status
Claims match reality — the same discipline the gate enforces.
| GitHub Action — Intent Publication Gate | ● LIVE · v1 |
| GitHub App — Checks API, intent immutability | ◐ ROADMAP |
| CPC ledger attestation for EP-3 merges | ◐ ROADMAP |
| Integrity dashboard / CII | ○ CONCEPT |
| GitLab · Jira · Slack integrations | ○ CONCEPT |
If it isn't marked live, it doesn't exist yet. This page does not sell futures.