StarForge provides an off-chain governance layer for Soroban contract upgrades. Proposals, voting, timelock delays, and audit trails are persisted locally under ~/.starforge/governance/.
~/.starforge/governance/
├── proposals.json # Active and historical governance proposals
├── audit.json # Governance-specific audit trail
└── config.json # Default timelock, thresholds, emergency guardians
starforge governance config set --timelock 86400 --threshold 2
starforge governance config set --guardian GALICE... --emergency-quorum 2starforge governance propose \
--contract-id C... \
--wasm target/wasm32v1-none/release/my_contract.wasm \
--description "Fix transfer validation bug" \
--threshold 2 \
--timelock 86400 \
--network testnetstarforge governance vote --proposal-id gov-abc123 --for --wallet alice
starforge governance vote --proposal-id gov-abc123 --for --wallet bobWhen the approval threshold is met, the proposal enters a timelock period. Execution is blocked until the timelock expires.
starforge governance list --network testnet
starforge governance show --proposal-id gov-abc123
starforge governance dashboardstarforge governance execute --proposal-id gov-abc123 --wallet aliceStarForge validates the timelock and threshold, records the execution in the audit trail, and prints the on-chain stellar contract commands.
For critical security patches, authorized guardians can bypass the timelock:
# Register guardians first
starforge governance config set --guardian GALICE...
starforge governance config set --guardian GBOB... --emergency-quorum 2
# Initiate emergency upgrade
starforge governance emergency \
--contract-id C... \
--wasm target/wasm32v1-none/release/patch.wasm \
--description "Critical reentrancy fix" \
--wallet alice \
--yesEmergency proposals are flagged in the audit trail and skip the timelock when the emergency quorum is met.
Every governance action (propose, vote, reject, execute, emergency) is recorded in audit.json and mirrored to the global StarForge audit log.
# Full governance audit log
starforge governance audit
# Per-proposal audit
starforge governance audit --proposal-id gov-abc123
# JSON export
starforge governance audit --jsonCreated (active)
│
├── votes reach threshold ──► passed (timelock running)
│ │
│ └── timelock elapsed ──► timelock-ready
│ │
│ └── execute ──► executed
│
└── reject ──► rejected
Emergency path: emergency ──► emergency-executed (timelock bypassed)
| Feature | upgrade |
governance |
|---|---|---|
| Multi-approver workflow | Approvals | Votes (for/against) |
| Timelock | No | Yes (configurable) |
| Audit trail | History only | Full action audit |
| Emergency bypass | No | Yes (guardian quorum) |
| Dashboard | List/status | Dashboard + audit summary |
Use starforge upgrade for simple single-signer flows. Use starforge governance for production deployments requiring timelock, voting transparency, and audit compliance.
- Set timelock to at least 24 hours on mainnet.
- Register emergency guardians before deployment.
- Require independent WASM hash verification by all voters.
- Export audit logs regularly:
starforge governance audit --json > audit-backup.json. - Test the full workflow on testnet before mainnet.