# GOVERNANCE — talent radar

"We find builders by their taste." The talent radar scans **public** GitHub data,
read-only, to suggest *complementary* builders to the logged-in user. Public data is
not a license to do anything — the rules below are the product boundary, not optional.

## The bright line (GitHub AUP §7)
GitHub's Acceptable Use Policy forbids using information from the service (incl. via API)
"for spamming purposes… or selling personal information, such as to recruiters, headhunters,
and job boards." API **reads are explicitly not "scraping"** and are permitted. Therefore:

- ✅ **Allowed:** read-only API/clone collection + **in-product suggestion to the logged-in user**
  for their own collaboration decision.
- ❌ **Forbidden:** selling/exporting person-data to recruiters/headhunters/job boards; any
  **unsolicited outreach** (we never email/DM a surfaced builder); any write to GitHub.

## Hard guardrails (enforced in code)
1. **Read-only only.** `discover` = `gh search repos` (GET); `profileUser` = `gh api graphql` (GET);
   L2 = `git clone`. No `gh` write subcommand or `-X POST/PUT/PATCH/DELETE` is ever constructed.
   (Audited: `tests/talent.test.ts` asserts the actual argv against a forbidden-token set.)
2. **Match on technical signals only.** `mesh()` reads ONLY the 6 axes + taste tags. `location`,
   `name`, avatar, login, and timezone are **excluded from the matching model** (test-enforced:
   `tests/match.test.ts` proves identity fields don't change the score and never appear in `why[]`).
   We do not infer or use protected attributes.
3. **No PII persistence.** `.cache-profiles/<login>.json` stores ONLY the derived fingerprint +
   public repo URL. The GraphQL query deliberately omits bio/email/location/name; `toCacheable`
   strips any stray PII (test-enforced: `tests/talent.test.ts` checks no PII keys/values persist).
4. **Opt-out honored.** Logins in `talent-denylist.txt` (one per line) are never surfaced. A
   `no-talent-radar` profile topic is treated as an opt-out signal. (Add yourself any time.)
5. **No `hireable` ranking.** We never use GitHub's `hireable` flag — that tips toward recruiting.
6. **Rate-limit respect.** Bounded concurrency + backoff; staying well under limits is the
   good-faith signal that distinguishes a respectful tool from an abusive bot.

## Transparency
Every suggestion shows **why** (which axes complement, which taste tags are shared) via the
explainable cosine/Jaccard `why[]` — never a black-box score.

## Not legal advice
This is a good-faith reading of public policy. The collaboration-vs-recruiting line is where
real counsel is warranted before any commercial launch.