This study addresses the challenges of open-source software governance, where ambiguously defined roles and permissions often lead to unclear accountability and excessive burdens on core maintainers. For the first time, it systematically analyzes governance documents such as GOVERNANCE.md in GitHub projects, applying institutional grammar to structurally dissect roles in terms of their scope, authority, obligations, and lifecycle. The research uncovers a phenomenon termed “role drift” and identifies the “maintainer paradox”: while core contributors foster community engagement, they frequently become bottlenecks in governance. Empirical findings reveal substantial variation in responsibilities among identically named roles across projects and demonstrate that a small number of individuals often concentrate technical, managerial, and community-facing functions. These insights provide critical foundations for improving role design and enhancing the sustainability of open-source communities.

Open source software (OSS) sustainability depends not only on code contributions but also on governance structures that define who decides, who acts, and how responsibility is distributed. We lack systematic empirical evidence of how projects formally codify roles and authority in written artifacts. This paper investigates how OSS projects define and structure governance through their GOVERNANCE.md files and related documents. We analyze governance as an institutional infrastructure, a set of explicit rules that shape participation, decision rights, and community memory. We used Institutional Grammar to extract and formalize role definitions from repositories hosted on GitHub. We decompose each role into scope, privileges, obligations, and life-cycle rules to compare role structures across communities. Our results show that although OSS projects use a stable set of titles, identical titles carry different responsibilities, and different labels describe similar functions, which we call role drift. Still, we observed that a few actors sometimes accumulate technical, managerial, and community duties. %This creates the Maintainer Paradox: those who enable broad participation simultaneously become governance bottlenecks. By understanding authority and responsibilities in OSS, our findings inform researchers and practitioners on the importance of designing clearer roles, distributing work, and reducing leadership overload to support healthier and more sustainable communities.