{"id":51185809,"url":"https://github.com/datallmhub/claude-governance","last_synced_at":"2026-06-27T10:02:00.539Z","repository":{"id":362000159,"uuid":"1256587916","full_name":"datallmhub/claude-governance","owner":"datallmhub","description":"Claude Code governance templates by tech stack : CLAUDE.md, scoped rules, architecture docs, cost control \u0026 dev-level adaptation","archived":false,"fork":false,"pushed_at":"2026-06-14T09:33:50.000Z","size":139,"stargazers_count":19,"open_issues_count":9,"forks_count":3,"subscribers_count":0,"default_branch":"main","last_synced_at":"2026-06-14T10:20:20.216Z","etag":null,"topics":["agentflow4j","claude","claude-ai","claude-api","claude-code","copilot","finops","governance"],"latest_commit_sha":null,"homepage":"","language":"Java","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/datallmhub.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2026-06-01T23:21:31.000Z","updated_at":"2026-06-14T09:33:54.000Z","dependencies_parsed_at":null,"dependency_job_id":null,"html_url":"https://github.com/datallmhub/claude-governance","commit_stats":null,"previous_names":["datallmhub/claude-governance"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/datallmhub/claude-governance","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/datallmhub%2Fclaude-governance","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/datallmhub%2Fclaude-governance/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/datallmhub%2Fclaude-governance/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/datallmhub%2Fclaude-governance/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/datallmhub","download_url":"https://codeload.github.com/datallmhub/claude-governance/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/datallmhub%2Fclaude-governance/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":34848932,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-05-26T15:22:16.424Z","status":"online","status_checked_at":"2026-06-27T02:00:06.362Z","response_time":126,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["agentflow4j","claude","claude-ai","claude-api","claude-code","copilot","finops","governance"],"created_at":"2026-06-27T10:01:55.269Z","updated_at":"2026-06-27T10:02:00.528Z","avatar_url":"https://github.com/datallmhub.png","language":"Java","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Claude Code Governance Templates\n\nReady-to-use governance templates for Claude Code, organized by tech stack.\nRules load automatically on every session: no prompting required.\n\nIf this saves you time, consider giving it a ⭐: it helps others find the project.\n\n\u003cimg width=\"1536\" height=\"1024\" alt=\"image\" src=\"https://github.com/user-attachments/assets/f14ee7c0-07ca-42a9-9e08-6c011242dfa8\" /\u003e\n\n---\n\n## Why this exists\n\nWithout structure, Claude Code generates inconsistent code, ignores your conventions, and repeats the same mistakes across sessions. This project fixes that with a hierarchy of `CLAUDE.md` files that load automatically: no prompting required.\n\n**What you get:**\n- Consistent code that respects your architecture and naming conventions\n- Security rules enforced by default (no IDOR, no raw SQL, no hardcoded secrets)\n- Cost control: precise diffs instead of full rewrites, right model for the right task\n- Behavior adapted to the developer's experience level (Junior → Tech Lead)\n\n---\n\n## Installation\n\n**Via plugin marketplace (recommended):**\n\n```bash\n/plugin marketplace add datallmhub/claude-governance\n/plugin install claude-governance\n```\n\nThen run `/setup` in any project: select your stack, governance files are copied automatically, and rules inject at every session start.\n\n**Local / development:**\n\n```bash\ngit clone https://github.com/datallmhub/claude-governance.git\nclaude --plugin-dir /path/to/claude-governance\n```\n\n**Manual (no plugin):**\n\n1. Copy the stack folder into your project root\n2. Update `CLAUDE.md` with your project name and stack versions\n3. Copy `CLAUDE.local.md.example` → `CLAUDE.local.md` (do not commit)\n4. Set your experience level in `dev-level.md`\n\n---\n\n## Available stacks\n\n### Java\n| Stack | Folder | Status |\n|---|---|---|\n| Java (Spring Boot) + React (TypeScript) | [`java-react/`](./java-react/) | ✅ Ready |\n| Java (Spring Boot) + Angular | `java-angular/` | 🔜 Coming |\n| Java (Spring Boot) + Vue.js | `java-vue/` | 🔜 Coming |\n| Java (Spring Boot) API only | `java-only/` | 🔜 Coming |\n\n### JavaScript / TypeScript\n| Stack | Folder | Status |\n|---|---|---|\n| React / TypeScript only | [`react-only/`](./react-only/) | ✅ Ready |\n| Angular only | [`angular-only/`](./angular-only/) | ✅ Ready |\n| Vue.js only | [`vue-only/`](./vue-only/) | ✅ Ready |\n| Next.js (full-stack) | [`nextjs/`](./nextjs/) | ✅ Ready |\n| Node.js (Express) + React | `node-express-react/` | 🔜 Coming |\n| Node.js (NestJS) + React | [`nestjs-react/`](./nestjs-react/) | ✅ Ready |\n\n### Python\n| Stack | Folder | Status |\n|---|---|---|\n| Python (FastAPI) + React | [`python-fastapi-react/`](./python-fastapi-react/) | ✅ Ready |\n| Python (Django) + React | `python-django-react/` | 🔜 Coming |\n| Python (FastAPI) API only | `python-fastapi-only/` | 🔜 Coming |\n\n### .NET / Go / PHP\n| Stack | Folder | Status |\n|---|---|---|\n| .NET (ASP.NET Core) + React | `dotnet-react/` | 🔜 Coming |\n| Go (Gin / Echo) + React | `go-react/` | 🔜 Coming |\n| Laravel + React | `laravel-react/` | 🔜 Coming |\n| Symfony + React | `symfony-react/` | 🔜 Coming |\n\n---\n\n## What's inside each template\n\n```\n\u003cstack\u003e/\n├── CLAUDE.md                    # Project context: always loaded\n├── CLAUDE.local.md.example      # Personal overrides (copy locally, never commit)\n├── .claude/\n│   ├── settings.json            # SessionStart hook: injects rules at session start\n│   ├── rules/\n│   │   ├── backend.md           # Backend rules: scoped to backend files only\n│   │   ├── frontend.md          # Frontend rules: scoped to frontend files only\n│   │   ├── database.md          # DB / migration rules\n│   │   ├── testing.md           # Testing standards\n│   │   ├── security.md          # Security rules: loaded on every file\n│   │   ├── governance.md        # Git, PR, versioning, release process\n│   │   └── dev-level.md         # Behavior by experience level\n│   └── architecture/\n│       ├── overview.md          # System architecture + key decisions\n│       ├── api.md               # REST API contract\n│       └── data-model.md        # Database schema\n└── samples/                     # Code examples applying all the rules\n```\n\n---\n\n## Load order\n\n```\n~/.claude/CLAUDE.md       ← personal preferences (your machine)\n./CLAUDE.md               ← project rules (committed, shared)\n./CLAUDE.local.md         ← personal overrides (gitignored)\n.claude/rules/*.md        ← scoped rules (loaded per file path)\n```\n\n---\n\n## Security\n\n`security.md` loads on every file automatically. It enforces:\n\n- **No IDOR**: `public_id UUID` in all URLs, never internal sequential IDs\n- **No hardcoded secrets**: all credentials via environment variables\n- **Safe tokens**: JWT in memory, refresh token in `HttpOnly; Secure` cookie\n- **Injection prevention**: parameterized queries, input validated at system boundary\n- **CORS locked down**: explicit origin whitelist, never `allowedOrigins(\"*\")`\n\n---\n\n## Developer Experience Levels\n\nOne setting in `dev-level.md`: Claude adapts its verbosity automatically.\n\n| Level | Behavior |\n|---|---|\n| `JUNIOR` | Step-by-step, full context, pitfalls flagged |\n| `SENIOR` | Solution-first, 3 sentences max per concept |\n| `EXPERT` | Code only, no explanations unless asked |\n| `TECH_LEAD` | 1 sentence max, no prose, no fundamentals |\n\n---\n\n## GovEval: Validate your governance\n\n**GovEval is to governance rules what unit tests are to code.**\n\nIt does not test Claude in isolation. It tests Claude **as configured by this repo** — `CLAUDE.md` + `.claude/rules/` + dev-level + everything else loaded automatically.\n\nThe developer prompt never repeats the rules:\n\n```\nDeveloper request → Claude Code runtime (rules loaded silently) → Generated code → Judge → PASS / FAIL\n```\n\n**Example — `SEC-01`:**\n\n| Step | Result |\n|---|---|\n| Prompt | \"Create GET /tasks\" |\n| Generated | `organizationId` read from JWT, not the request |\n| Judge | Mistral Large — isolation verified |\n| Result | ✅ PASS — 100/100 |\n\nThe judge (Mistral Large) is a different model family than the generator (Claude), so it isn't grading its own work.\n\n```bash\n/gov-eval                          # all scenarios\n/gov-eval --category security      # one category\n/gov-eval --scenario SEC-01        # one scenario\n```\n\nRequires `MISTRAL_API_KEY`. See [`java-react/tests/`](./java-react/tests/) for full details.\n\n**Run it on a schedule, not just once.** A rule that passes today can silently break after a model update, even with no changes to `CLAUDE.md`. Re-run GovEval on every PR touching `.claude/rules/`, and periodically (e.g. every 2 weeks) to catch drift from model updates.\n\n---\n\n## Contributing\n\nSee [CONTRIBUTING.md](./CONTRIBUTING.md) for the full guide.\n\nPick an open [`new-stack`](https://github.com/datallmhub/claude-governance/labels/new-stack) issue: each one is a self-contained task with clear acceptance criteria.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdatallmhub%2Fclaude-governance","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fdatallmhub%2Fclaude-governance","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdatallmhub%2Fclaude-governance/lists"}