diff --git a/governance/GOVERNED_REPOS.txt b/governance/GOVERNED_REPOS.txt
new file mode 100644
index 0000000..4b1d8ab
--- /dev/null
+++ b/governance/GOVERNED_REPOS.txt
@@ -0,0 +1,22 @@
+.github
+ARCHITECTURE
+AUCTORISEAL
+CORPIFORM
+MAILSIEVE
+SPEEDKIT
+VERIFRAX
+VERIFRAX-DOCS
+VERIFRAX-PROFILES
+VERIFRAX-SAMPLES
+VERIFRAX-SPEC
+VERIFRAX-verify
+archicustos
+attestorium
+cicullis
+guillotine
+irrevocull
+kairoclasp
+limenward
+originseal
+validexor
+verifrax-marketplace-smoke
diff --git a/governance/NON_GOVERNED_REPOS.txt b/governance/NON_GOVERNED_REPOS.txt
new file mode 100644
index 0000000..f19a985
--- /dev/null
+++ b/governance/NON_GOVERNED_REPOS.txt
@@ -0,0 +1,4 @@
+# NON_GOVERNED repos (explicit):
+ADJUTORIX
+MK10-PRO
+SIGILLARIUM
diff --git a/governance/README.md b/governance/README.md
new file mode 100644
index 0000000..27ba69a
--- /dev/null
+++ b/governance/README.md
@@ -0,0 +1,10 @@
+# Governance Manifests
+
+This directory contains **authoritative manifests** that define the closed-world governance perimeter.
+
+- `GOVERNED_REPOS.txt` — repos that MUST be governed (rulesets + merge policy + required checks).
+- `NON_GOVERNED_REPOS.txt` — repos that are explicitly excluded (quarantined / legacy / experimental).
+  - Non-governed repos MUST still follow merge policy hardening (squash-only + delete branch).
+  - If rulesets are supported for that repo/plan, they SHOULD be applied; if not, merge-policy-only is enforced.
+
+Any repo not present in either list is a policy violation.