GitHub Community Health: 100% (description, documentation, code of conduct, contributing guidelines, PR template, license, README)
A comprehensive project template for building production-ready services with:
- Specification-Driven Development integration with example specs
- Comprehensive documentation covering entire software development lifecycle
- Security-first CI/CD with automated scanning and best practices
- Team governance with clear processes and standards
- Testing strategy with pyramid approach and security/performance testing
- Infrastructure guides with deployment, scaling, and disaster recovery
- Repository analyzer tool to check compliance with best practices
- Provides a consistent project layout so teams can start small and scale safely.
- Includes spec-driven development methodology with real examples and templates.
- Full documentation ecosystem covering feature lifecycle, releases, testing, governance, and operations.
- Includes placeholders for security scans, runbooks, and automation so security becomes part of the workflow.
- Includes a repository compliance analyzer to evaluate any project against these standards.
src/โ source codetst/โ unit, integration, and security-focused testsspecs/โ specifications for features (specification-driven development)example/โ example implementations and demonstrations
docs/โ comprehensive documentation covering entire SDLCdocs/lifecycle/โ feature, release, and deprecation processesdocs/governance/โ code review, change management, onboarding, dependenciesdocs/testing/โ testing pyramid, security testing, performance testingdocs/infrastructure-overview.mdโ architecture and infrastructure guidedocs/environment-strategy.mdโ dev/staging/prod environment managementdocs/runbooks/โ operational runbooks (deploy, rollback, incident response, monitoring)docs/tools/โ tools documentation (repository analyzer, AI integration)
_static/โ diagrams, threat models, deployment documentationinfrastructure/โ IaC (Terraform, etc.) and security policiesprompts/โ AI prompts and project context for automated helpersartifacts/โ build outputs, scan results, coverage reportsscripts/โ utility scripts (repository analyzer, etc.)
codeowners/.github/CODEOWNERSโ ownership hints.github/workflows/โ CI and security workflows (template-ready).github/dependabot.ymlโ dependency automation configuration.github/ai-guidance.mdโ AI contributor quick-start guidance
-
AGENTS.mdโ official agent instruction file (required) -
claude.md,codex.md,cursor.md,pilot.mdโ lightweight agent entrypoints -
.gitattributesโ consistent line endings and diffs -
.cursorignoreโ Cursor editor ignore list -
.aider.conf.ymlโ Aider integration config -
.gemini/settings.jsonโ Gemini CLI integration config -
docs/personas/โ stakeholder personas for guidance and communication
Language and framework-agnostic with best practices for Node.js, Python, Go, Rust, Java, .NET, and more. Includes GitHub Actions workflows, infrastructure as code, security scanning, and observability tooling.
- Directory Structure
- Tech Stack
- Getting Started
- Key Features
- Specification-Driven Development
- Documentation
- Repository Analyzer
- Security
- CI/CD Workflows
- Personas
- Contributing
- Resources
- Complete integration with spec-kit
- Example specification with tasks, acceptance criteria, and contracts
- Guides for writing tickets, knowledge base entries, and architecture decisions
- Real-world examples: authentication, notifications, user profiles
- Feature Lifecycle โ 8 phases from ideation to monitoring with gates and timelines
- Release Management โ Semantic versioning, changelog, hotfix processes
- Testing Strategy โ Unit, integration, E2E, security, and performance testing approaches
- Governance โ Code review standards, change management, dependency handling
- Infrastructure โ Architecture overview, environment strategy, scaling, and DR
- Monitoring โ Observability, metrics, logs, traces, alerts, and on-call processes
- Onboarding โ Structured team member onboarding (week 1-3 checklist)
Evaluate any GitHub repository against best practices:
# Analyze repository
./scripts/analyze-repo owner/repo
# Get compliance score (0-100%)
./scripts/analyze-repo facebook/react
# JSON output for automation
OUTPUT_FORMAT=json ./scripts/analyze-repo owner/repo > report.jsonChecks 8 categories: Documentation, Governance, Lifecycle, Infrastructure, Testing, Specifications, CI/CD, Examples
See Repository Analyzer Guide for details.
- CodeQL analysis for code security vulnerabilities
- Secret scanning to prevent credential leaks
- Dependency scanning and automated updates (Dependabot)
- Container scanning (Trivy) for image vulnerabilities
- Infrastructure as Code scanning (tfsec) for Terraform
- Penetration testing and DAST guidance included
- Repository analyzer produces JSON for AI processing
- Examples for Claude, ChatGPT, and other LLMs
- Automated issue creation from recommendations
- CI/CD integration patterns
- Batch processing multiple repositories
This template includes complete spec-kit integration:
- Authentication (
specs/001-example/) โ Complete working example - Notifications (
specs/002-notifications/) โ Real-world example - User Profile (
specs/003-user-profile/) โ Multi-feature example
- Copy
specs/001-example/structure for new features - Follow the Spec Integration Guide
- Write tickets from specs using Tickets Guide
- Create knowledge base entries with KB Guide
| Topic | Location |
|---|---|
| Feature Lifecycle | docs/lifecycle/feature-lifecycle.md |
| Release Management | docs/lifecycle/release-management.md |
| Code Review Standards | docs/governance/code-review-standards.md |
| Change Management | docs/governance/change-management.md |
| Testing Strategy | docs/testing/test-pyramid.md |
| Security Testing | docs/testing/security-testing.md |
| Infrastructure Overview | docs/infrastructure-overview.md |
| Environment Strategy | docs/environment-strategy.md |
| First-Time Setup | docs/runbooks/first-time-setup.md |
| Monitoring & Observability | docs/runbooks/monitoring-observability.md |
See docs/ for complete documentation.
Check if any GitHub repository meets best practices standards:
# Make executable
chmod +x scripts/analyze-repo
# Analyze any repository
./scripts/analyze-repo owner/repo
# Examples
./scripts/analyze-repo facebook/react
./scripts/analyze-repo kubernetes/kubernetes
./scripts/analyze-repo google/go-cloud๐ก Overall Compliance Score: 72/100
Category Breakdown:
documentation [โโโโโโโโโโโโโโโโโโ] 90/100
governance [โโโโโโโโโโโโโโโโโโ] 60/100
lifecycle [โโโโโโโโโโโโโโโโโโ] 40/100
...
Recommendations for Improvement:
๐ด HIGH PRIORITY:
1. Governance: Missing governance documentation
- โ Compliance scoring (0-100%)
- โ Category breakdown with weights
- โ Quality checks for key files
- โ Specific, actionable recommendations
- โ JSON output for automation
- โ Node.js or Python (no dependencies)
See docs/tools/QUICK-START.md for full guide.
# Clone this repository
git clone https://github.com/RockRunner007/template.git
# Or use as template on GitHub: "Use this template" button- Edit
prompts/project-context.mdwith your project details - Customize docs in
docs/lifecycle/,docs/governance/, etc. to match your team - Update workflows in
.github/workflows/for your tech stack - Add your code to
src/and tests totst/
- Create your first specification in
specs/using the template inspecs/001-example/ - Use spec-kit format for consistent feature documentation
- Link specs to GitHub issues and PRs for traceability
Workflows are manual by default. To enable automated CI, edit .github/workflows/*.yml:
# Change from:
on:
workflow_dispatch:
# To:
on:
push:
branches: [ main ]
pull_request:Review and customize:
- Spec-Driven Development โ Build high-quality software faster using specifications and AI agents
- GitHub best practices โ Repository configuration guidance
- Security best practices โ GitHub security features and guidance
Workflows in .github/workflows/ are manual by default (workflow_dispatch). To enable automated triggers:
- Edit the workflow file
- Replace the
on: { workflow_dispatch: }block with desired triggers:
on:
push:
branches: [ main ]
pull_request:
schedule:
- cron: '0 0 * * 0' # Weekly- Reporting โ Publish SECURITY.md to define vulnerability reporting process
- Automated Scanning โ Include CodeQL, secret scanning, dependency scanning, container scanning
- Infrastructure Security โ Use tfsec and similar tools for IaC validation
- Secrets Management โ Store in GitHub Secrets, never commit credentials
- Access Control โ Use CODEOWNERS for permission management
- Policy Enforcement โ Branch protection rules, required reviews, status checks
See docs/testing/security-testing.md for comprehensive security testing guide.
- This template is meant to be adapted to your team's needs
- Open a PR or issue to suggest improvements
- See CONTRIBUTING.md for guidelines
- Help improve documentation and examples for other teams
This repo includes stakeholder personas for guided communication and AI prompts:
boss.mdโ Business/executive perspectiveburned.mdโ Burned-out team membercynic.mdโ Critical/skeptical perspectiveherd.mdโ Team/consensus perspectiveirrational.mdโ Emotional/reactive perspectivetime_crunched.mdโ Time-pressured perspectiveuninformed.mdโ Newcomer perspective
Use in AI prompts: You are the "boss" persona. Explain the business impact...
See docs/personas/ for details.
Documentation:
- Specification-Driven Development Integration
- Complete Documentation Index
- Repository Analyzer Guide
- AI Integration Examples
External:
- Spec-Kit โ GitHub's spec-driven development format
- GitHub Best Practices
- GitHub Security
- 12-Factor App
- OWASP Threat Modeling
This template is licensed under the MIT License. See LICENSE for details.
Found a gap or have an improvement? Open an issue or submit a pull request.
Status: Production-ready template with specification-driven development, comprehensive governance, and automated tooling.
Last Updated: January 2026
