Skip to content

traverse-framework/.github

traverse-framework/.github

Shared governance for every repo under the traverse-framework GitHub organization: constitution, non-functional requirements, quality standards, ownership and trademark policy, contributor license agreement with automated enforcement, community health defaults, reusable CI gates, branch-protection rulesets, and an org-wide compliance audit.

What Lives Here

File Purpose
constitution.md Org-wide engineering/governance principles
GOVERNANCE.md Ownership model (single owner), decision process, transfer rights
CLA.md Contributor License Agreement (draft — see notice in the file)
TRADEMARK.md Trademark policy — the code license does not grant the name
NOTICE Apache-2.0 attribution notice
CODE_OF_CONDUCT.md, SECURITY.md, SUPPORT.md Org-wide community health defaults (inherited by every repo)
docs/quality-standards.md Merge-blocking quality gates
docs/antipatterns.md Common repo-governance mistakes to avoid
docs/compatibility-policy.md Semver/compatibility rules for versioned surfaces
docs/exception-process.md How to document and review an exception to a rule
docs/ai-agent-hardening.md Conventions every repo's CLAUDE.md/AGENTS.md should encode
docs/owner-setup.md Manual steps only the org owner can perform
docs/runbook.md Operations runbook: releases, repo onboarding, failure playbook
CHANGELOG.md Versioned governance releases (repos pin these)
.github/workflows/reusable-cla.yml Reusable CLA gate; signatures stored centrally on the cla-signatures branch
.github/workflows/reusable-governance.yml Reusable baseline gate: version pin, required files, spec-alignment
.github/workflows/reusable-dependabot-hygiene.yml Fills Dependabot PR bodies so body-section gates can evaluate them
.github/workflows/org-audit.yml Weekly org-wide compliance audit; opens an issue when drift is found
governance/rulesets/baseline-branch-ruleset.json Canonical branch ruleset applied to every repo
scripts/org/apply_rulesets.sh Applies the baseline ruleset to all org repos (idempotent)
scripts/org/rollout_governance.sh Opens PRs adding the shared gates/files to consuming repos
scripts/org/audit_compliance.sh The audit logic behind org-audit.yml; also runnable locally
scripts/ci/spec_alignment_check.sh Canonical spec-alignment CI gate script, vendored into consuming repos
workflow-templates/ Starter workflows offered in every org repo's Actions tab
.github/ISSUE_TEMPLATE/, PULL_REQUEST_TEMPLATE.md Default templates GitHub falls back to for any repo in this org that doesn't define its own

How Consuming Repos Use This

Each repo (traverse, registry, etc.) adopts governance three ways:

  1. Pinned version. A .governance-version file records which release of this repo (see CHANGELOG.md) the repo has adopted. Vendored content (constitution, docs, the spec-alignment script) comes from that release. Adopting a new version is a deliberate PR — never automatic or silent.
  2. Shared gates. Thin caller workflows (cla.yml, governance.yml) reference the reusable workflows here at this repo's default branch, so gate logic updates centrally the moment a governance PR merges.
  3. Enforced rulesets. Every repo carries the baseline branch ruleset (PRs required, no force-push, no deletion, linear history, conversation resolution). Repos may be stricter, never looser. The weekly org-audit catches drift.

New repos start from the repo-template template repository, which ships compliant.

This repo does not have its own GitHub Project board — governance work here is tracked via issues and PRs only.

About

Org-wide governance: constitution, NFRs, quality standards, CI gates, CLA, AI-agent hardening rules shared across traverse-framework repos

Resources

License

Code of conduct

Contributing

Security policy

Stars

0 stars

Watchers

0 watching

Forks

Packages

 
 
 

Contributors

Languages