GitHub Community Health: 100% (description, documentation, code of conduct, contributing guidelines, PR template, license, README)
A comprehensive project template for building production-ready services with:
- Specification-Driven Development integration with example specs
- Comprehensive documentation covering entire software development lifecycle
- Security-first CI/CD with automated scanning and best practices
- Team governance with clear processes and standards
- Testing strategy with pyramid approach and security/performance testing
- Infrastructure guides with deployment, scaling, and disaster recovery
- Repository analyzer tool to check compliance with best practices
- Provides a consistent project layout so teams can start small and scale safely.
- Includes spec-driven development methodology with real examples and templates.
- Full documentation ecosystem covering feature lifecycle, releases, testing, governance, and operations.
- Includes placeholders for security scans, runbooks, and automation so security becomes part of the workflow.
- Includes a repository compliance analyzer to evaluate any project against these standards.
src/β source codetst/β unit, integration, and security-focused testsspecs/β specifications for features (specification-driven development)example/β example implementations and demonstrations
docs/β comprehensive documentation covering entire SDLCdocs/lifecycle/β feature, release, and deprecation processesdocs/governance/β code review, change management, onboarding, dependenciesdocs/testing/β testing pyramid, security testing, performance testingdocs/infrastructure-overview.mdβ architecture and infrastructure guidedocs/environment-strategy.mdβ dev/staging/prod environment managementdocs/runbooks/β operational runbooks (deploy, rollback, incident response, monitoring)docs/tools/β tools documentation (repository analyzer, AI integration)
_static/β diagrams, threat models, deployment documentationinfrastructure/β IaC (Terraform, etc.) and security policiesprompts/β AI prompts and project context for automated helpersartifacts/β build outputs, scan results, coverage reportsscripts/β utility scripts (repository analyzer, etc.)
codeowners/.github/CODEOWNERSβ ownership hints.github/workflows/β CI and security workflows (template-ready).github/dependabot.ymlβ dependency automation configuration.github/ai-guidance.mdβ AI contributor quick-start guidance
-
AGENTS.mdβ official agent instruction file (required) -
claude.md,codex.md,cursor.md,pilot.mdβ lightweight agent entrypoints -
.gitattributesβ consistent line endings and diffs -
.cursorignoreβ Cursor editor ignore list -
.aider.conf.ymlβ Aider integration config -
.gemini/settings.jsonβ Gemini CLI integration config -
docs/personas/β stakeholder personas for guidance and communication
Language and framework-agnostic with best practices for Node.js, Python, Go, Rust, Java, .NET, and more. Includes GitHub Actions workflows, infrastructure as code, security scanning, and observability tooling.
- Directory Structure
- Tech Stack
- Getting Started
- Key Features
- Specification-Driven Development
- Documentation
- Repository Analyzer
- Security
- CI/CD Workflows
- Personas
- Contributing
- Resources
- Complete integration with spec-kit
- Example specification with tasks, acceptance criteria, and contracts
- Guides for writing tickets, knowledge base entries, and architecture decisions
- Real-world examples: authentication, notifications, user profiles
- Feature Lifecycle β 8 phases from ideation to monitoring with gates and timelines
- Release Management β Semantic versioning, changelog, hotfix processes
- Testing Strategy β Unit, integration, E2E, security, and performance testing approaches
- Governance β Code review standards, change management, dependency handling
- Infrastructure β Architecture overview, environment strategy, scaling, and DR
- Monitoring β Observability, metrics, logs, traces, alerts, and on-call processes
- Onboarding β Structured team member onboarding (week 1-3 checklist)
Evaluate any GitHub repository against best practices:
# Analyze repository
./scripts/analyze-repo owner/repo
# Get compliance score (0-100%)
./scripts/analyze-repo facebook/react
# JSON output for automation
OUTPUT_FORMAT=json ./scripts/analyze-repo owner/repo > report.jsonChecks 8 categories: Documentation, Governance, Lifecycle, Infrastructure, Testing, Specifications, CI/CD, Examples
See Repository Analyzer Guide for details.
- CodeQL analysis for code security vulnerabilities
- Secret scanning to prevent credential leaks
- Dependency scanning and automated updates (Dependabot)
- Container scanning (Trivy) for image vulnerabilities
- Infrastructure as Code scanning (tfsec) for Terraform
- Penetration testing and DAST guidance included
- Repository analyzer produces JSON for AI processing
- Examples for Claude, ChatGPT, and other LLMs
- Automated issue creation from recommendations
- CI/CD integration patterns
- Batch processing multiple repositories
This template includes complete spec-kit integration:
- Authentication (
specs/001-example/) β Complete working example - Notifications (
specs/002-notifications/) β Real-world example - User Profile (
specs/003-user-profile/) β Multi-feature example
- Copy
specs/001-example/structure for new features - Follow the Spec Integration Guide
- Write tickets from specs using Tickets Guide
- Create knowledge base entries with KB Guide
| Topic | Location |
|---|---|
| Feature Lifecycle | docs/lifecycle/feature-lifecycle.md |
| Release Management | docs/lifecycle/release-management.md |
| Code Review Standards | docs/governance/code-review-standards.md |
| Change Management | docs/governance/change-management.md |
| Testing Strategy | docs/testing/test-pyramid.md |
| Security Testing | docs/testing/security-testing.md |
| Infrastructure Overview | docs/infrastructure-overview.md |
| Environment Strategy | docs/environment-strategy.md |
| First-Time Setup | docs/runbooks/first-time-setup.md |
| Monitoring & Observability | docs/runbooks/monitoring-observability.md |
See docs/ for complete documentation.
Check if any GitHub repository meets best practices standards:
# Make executable
chmod +x scripts/analyze-repo
# Analyze any repository
./scripts/analyze-repo owner/repo
# Examples
./scripts/analyze-repo facebook/react
./scripts/analyze-repo kubernetes/kubernetes
./scripts/analyze-repo google/go-cloudπ‘ Overall Compliance Score: 72/100
Category Breakdown:
documentation [ββββββββββββββββββ] 90/100
governance [ββββββββββββββββββ] 60/100
lifecycle [ββββββββββββββββββ] 40/100
...
Recommendations for Improvement:
π΄ HIGH PRIORITY:
1. Governance: Missing governance documentation
- β Compliance scoring (0-100%)
- β Category breakdown with weights
- β Quality checks for key files
- β Specific, actionable recommendations
- β JSON output for automation
- β Node.js or Python (no dependencies)
See docs/tools/QUICK-START.md for full guide.
# Clone this repository
git clone https://github.com/RockRunner007/template.git
# Or use as template on GitHub: "Use this template" button- Edit
prompts/project-context.mdwith your project details - Customize docs in
docs/lifecycle/,docs/governance/, etc. to match your team - Update workflows in
.github/workflows/for your tech stack - Add your code to
src/and tests totst/
- Create your first specification in
specs/using the template inspecs/001-example/ - Use spec-kit format for consistent feature documentation
- Link specs to GitHub issues and PRs for traceability
Workflows are manual by default. To enable automated CI, edit .github/workflows/*.yml:
# Change from:
on:
workflow_dispatch:
# To:
on:
push:
branches: [ main ]
pull_request:Review and customize:
- Spec-Driven Development β Build high-quality software faster using specifications and AI agents
- GitHub best practices β Repository configuration guidance
- Security best practices β GitHub security features and guidance
Workflows in .github/workflows/ are manual by default (workflow_dispatch). To enable automated triggers:
- Edit the workflow file
- Replace the
on: { workflow_dispatch: }block with desired triggers:
on:
push:
branches: [ main ]
pull_request:
schedule:
- cron: '0 0 * * 0' # Weekly- Reporting β Publish SECURITY.md to define vulnerability reporting process
- Automated Scanning β Include CodeQL, secret scanning, dependency scanning, container scanning
- Infrastructure Security β Use tfsec and similar tools for IaC validation
- Secrets Management β Store in GitHub Secrets, never commit credentials
- Access Control β Use CODEOWNERS for permission management
- Policy Enforcement β Branch protection rules, required reviews, status checks
See docs/testing/security-testing.md for comprehensive security testing guide.
- This template is meant to be adapted to your team's needs
- Open a PR or issue to suggest improvements
- See CONTRIBUTING.md for guidelines
- Help improve documentation and examples for other teams
This repo includes stakeholder personas for guided communication and AI prompts:
boss.mdβ Business/executive perspectiveburned.mdβ Burned-out team membercynic.mdβ Critical/skeptical perspectiveherd.mdβ Team/consensus perspectiveirrational.mdβ Emotional/reactive perspectivetime_crunched.mdβ Time-pressured perspectiveuninformed.mdβ Newcomer perspective
Use in AI prompts: You are the "boss" persona. Explain the business impact...
See docs/personas/ for details.
Documentation:
- Specification-Driven Development Integration
- Complete Documentation Index
- Repository Analyzer Guide
- AI Integration Examples
External:
- Spec-Kit β GitHub's spec-driven development format
- GitHub Best Practices
- GitHub Security
- 12-Factor App
- OWASP Threat Modeling
This template is licensed under the MIT License. See LICENSE for details.
Found a gap or have an improvement? Open an issue or submit a pull request.
Status: Production-ready template with specification-driven development, comprehensive governance, and automated tooling.
Last Updated: January 2026
