From 277079a7d8bfa59541b508f278504bebc2c2ed9d Mon Sep 17 00:00:00 2001 From: Marius Storhaug Date: Mon, 6 Jul 2026 15:44:33 +0200 Subject: [PATCH] Add organization and repository standards --- .../Ways-of-Working/Organization-Standard.md | 99 +++++++++++++ .../Ways-of-Working/Repository-Standard.md | 131 ++++++++++++++++++ src/docs/Ways-of-Working/index.md | 2 + src/zensical.toml | 2 + 4 files changed, 234 insertions(+) create mode 100644 src/docs/Ways-of-Working/Organization-Standard.md create mode 100644 src/docs/Ways-of-Working/Repository-Standard.md diff --git a/src/docs/Ways-of-Working/Organization-Standard.md b/src/docs/Ways-of-Working/Organization-Standard.md new file mode 100644 index 0000000..b7894f4 --- /dev/null +++ b/src/docs/Ways-of-Working/Organization-Standard.md @@ -0,0 +1,99 @@ +--- +title: Organization Standard +description: What every initiative organization must define centrally so humans and agents share the same expectations. +--- + +# Organization Standard + +An MSX initiative organization is a collection of repositories that share one way of working. The organization standard defines the shared contract: what every repository can expect from the organization, where the source of truth lives, and which files must be managed consistently. + +This page owns the **why** and **what**. Initiative repositories own the implementation design: how they distribute files, which automation enforces the contract, and how exceptions are handled. + +## Required organization docs + +Each initiative must have a central documentation repository that defines its implementation guidance. The central docs answer how the initiative applies MSX standards to its own repositories. + +The initiative docs must describe: + +- Repository types used by the initiative. +- Required files for each repository type. +- Managed-file source locations and update workflow. +- Required custom properties, labels, branch protection, and review rules. +- How humans and agents discover the relevant standards before making changes. +- How initiative-specific exceptions are requested and reviewed. + +The MSX docs remain the ecosystem-level source of truth. Initiative docs may specialize, but must not contradict this site. + +## Required organization file standards + +Every initiative organization must define standards for these shared file families: + +| File family | Standard owns | +| --- | --- | +| Community health files | Code of conduct, contribution guide, support policy, security policy, and license expectations. | +| Repository context | README defaults, documentation ownership, and repository metadata expectations. | +| Review workflow | Pull request template, review routing, CODEOWNERS, labels, and change-type conventions. | +| Supply chain | Dependabot configuration, dependency update labels, security update behavior, and review expectations. | +| Linters and enforcement | Linter configuration derived from the written standards. | +| Agent context | Instructions, prompts, hooks, and any repository-local agent guidance. | +| Release automation | Release notes, changelog categorization, and release workflow defaults where applicable. | + +These standards must be written down before broad alignment work starts. File alignment without a written standard only spreads local preference faster. + +## Repository-local files are the enforceable surface + +GitHub's special organization `.github` repository can provide fallback community files, but it is not the MSX enforcement model. Repository-local files are still required because they are what humans, agents, linters, Dependabot, CODEOWNERS, release workflows, and pull requests actually read and review. + +Use organization-level `.github` fallbacks only as a convenience, never as the only copy of a required standard file. + +## Managed files + +Shared files should be managed from a central source and delivered to repositories through pull requests. Direct pushes to repository default branches are not the standard path. + +A managed-file system must: + +- Keep source files in one central repository for the initiative. +- Preserve relative paths exactly as they should appear in target repositories. +- Create or update repository-local files by pull request. +- Make ownership clear in the pull request body. +- Avoid creating duplicate pull requests for the same managed branch. +- Log which repositories changed, which were already aligned, and which failed. +- Never silently delete previously distributed files without an explicit cleanup decision. + +PSModule currently explores this through `PSModule/Distributor`. That repository is an implementation example for the PSModule initiative, not the MSX-wide design. Other initiatives may build a different distributor as long as it satisfies this standard. + +## Mandatory and optional file sets + +Organizations must distinguish mandatory files from optional or type-specific files. + +| Kind | Meaning | +| --- | --- | +| Mandatory | Files that every applicable repository must carry, even without local subscription. | +| Global optional | Files available to all repository types, but still selected intentionally. | +| Type-specific | Files that apply only to a repository type, such as a PowerShell module, GitHub Action, Terraform module, or docs repo. | +| Repository-specific | Local files that are intentionally owned by one repository and not managed centrally. | + +Security, contribution, conduct, support, dependency update, and license files are candidates for mandatory file sets. Linter settings, agent instructions, and workflow defaults may be global or type-specific depending on the initiative. + +## Linter configuration ownership + +The written standard defines the rule. The linter configuration enforces the rule. + +Most linter configuration belongs under `.github/linters/`, because super-linter and similar workflow tooling read that path consistently. Examples include markdownlint, codespell, textlint, and PSScriptAnalyzer settings. + +Some tools require repository-root configuration because their own config discovery works that way. Examples include Prettier or language package-manager files. When a root config is required, document why in the initiative guidance. + +Do not change a linter config to make a warning disappear unless the written standard changes with it. + +## Agent and human alignment + +Humans and agents must read the same standards. Do not create a separate hidden agent process that contradicts the public docs. + +Agent files are allowed when they point to, summarize, or operationalize the central standard. They must not become a second source of truth. + +## Where this connects + +- [Repository Standard](Repository-Standard.md) — the repository-level contract every repository must satisfy. +- [Documentation Model](Documentation-Model.md) — why specs own why and what, while designs own implementation. +- [Dependency Updates](../Capabilities/dependency-updates/spec.md) — the supply-chain update capability every repository inherits. +- [GitHub Actions](../Coding-Standards/GitHub-Actions.md) — workflow authoring and enforcement rules. diff --git a/src/docs/Ways-of-Working/Repository-Standard.md b/src/docs/Ways-of-Working/Repository-Standard.md new file mode 100644 index 0000000..8884721 --- /dev/null +++ b/src/docs/Ways-of-Working/Repository-Standard.md @@ -0,0 +1,131 @@ +--- +title: Repository Standard +description: The baseline files and behaviours every repository must expose so it is understandable, secure, and maintainable. +--- + +# Repository Standard + +A repository is the smallest unit of ownership in the MSX ecosystem. It must explain what it is, how to contribute, how security is handled, how dependencies are kept current, and which standards govern its automation. + +This page defines the repository-level contract. Initiative documentation defines implementation details such as exact file templates, managed-file source paths, and rollout automation. + +## Required files + +Every repository must carry the files that make it understandable and governable on its own. + +| File | Requirement | +| --- | --- | +| `README.md` | Explains the repository purpose, current capabilities, and where to find deeper docs. | +| `LICENSE` | States the legal terms for reuse and redistribution. | +| `CONTRIBUTING.md` | Explains how to contribute or links to the initiative contribution guide. | +| `SECURITY.md` | Explains supported versions and private vulnerability reporting. | +| `SUPPORT.md` | Explains where users ask for help. | +| `CODE_OF_CONDUCT.md` | Defines expected community behaviour. | +| `.github/dependabot.yml` | Configures dependency and supply-chain update pull requests. | +| `.github/CODEOWNERS` | Routes reviews to responsible owners. | +| `.github/pull_request_template.md` | Guides contributors to provide change type, impact, validation, and links. | +| `.github/release.yml` | Defines release-note categories where GitHub releases are generated. | +| `.github/linters/*` | Stores linter configuration derived from the written standards. | +| `.gitattributes` | Defines Git file handling defaults. | +| `.gitignore` | Defines files that should not enter version control. | + +Repository types may require additional files. For example, a PowerShell module may require `.github/PSModule.yml`, while a GitHub Action may require `action.yml`. + +## README defaults + +The README is the repository front door. It must be short enough to stay current and specific enough that a human or agent can understand the repository before reading source code. + +A README should include: + +- What the repository is. +- What it currently does. +- How to install or use the artifact, if applicable. +- Where generated or detailed documentation lives. +- How to contribute or where to find contribution guidance. +- Status if the repository is a placeholder, archive, experiment, or in progress. + +Do not leave template placeholders such as `{{ NAME }}`, `{{ DESCRIPTION }}`, `YourModuleName`, or fake example commands in a repository README after the initial setup commit. + +## Dependency and supply-chain defaults + +Every repository that has external dependencies must configure automated update pull requests. Dependabot is the default GitHub-native mechanism unless the initiative documents a different implementation. + +At minimum, repositories with GitHub Actions must include a `github-actions` ecosystem entry. Repositories with language, package, container, or infrastructure dependencies must include the relevant ecosystems too. + +Dependency update pull requests must: + +- Use labels that identify the dependency category and ecosystem. +- Keep update-level labels separate from release-bump labels. +- Pass the same CI and review gates as human-authored changes. +- Keep SHA-pinned actions pinned to immutable commit SHAs with a version comment when possible. +- Be reviewed before merge, even when auto-merge is allowed for low-risk updates. + +See [Dependency Updates](../Capabilities/dependency-updates/spec.md) for the central requirements. + +## Linter configuration defaults + +Linter configuration must be repository-local when the CI job reads it from the repository. Most shared linter configs live under `.github/linters/`. + +Examples: + +| Config | Typical location | +| --- | --- | +| markdownlint | `.github/linters/.markdown-lint.yml` | +| codespell | `.github/linters/.codespellrc` | +| textlint | `.github/linters/.textlintrc` | +| PSScriptAnalyzer | `.github/linters/.powershell-psscriptanalyzer.psd1` | +| actionlint | `.github/linters/actionlint.yml` | +| zizmor | `.github/linters/zizmor.yaml` | + +When a tool only discovers config at the repository root, keep it there and document why. The written standard still owns the rule; the config is the derived enforcement. + +## Pull request defaults + +Repository pull requests must use the PR Manager style for title and description when a release note may be generated from the PR. + +Default title pattern: + +```text + []: +``` + +The description should lead with user-facing impact, then issue links when available, then user-facing change sections, with technical details at the bottom. + +Repository templates may be simpler than the full PR Manager body, but they must gather enough information to reconstruct it. + +## Managed files + +A repository must treat centrally managed files as owned by the initiative, not by local preference. If a managed file needs to change, update the managed source and let automation open repository pull requests. + +Local changes to managed files are allowed only as a temporary exception and should be reconciled back into the managed source. + +Managed-file pull requests should clearly say: + +- Which system produced the PR. +- Which files are managed. +- Where to propose changes to the source files. +- Whether files were created, overwritten, or left unmanaged. + +## Initiative implementation guidance + +The central standard deliberately stops at the requirement level. Initiative repositories own implementation design. + +An initiative should document: + +- Which repository types it uses. +- Which files are mandatory for each type. +- Which files are optional subscriptions. +- Which files are generated or managed. +- Which custom properties, labels, and teams are required. +- How the distributor or equivalent automation discovers repositories. +- How exceptions are approved. + +For example, PSModule can define its module-specific managed files in `PSModule/docs` and implement distribution in `PSModule/Distributor`. MSX only defines that such a standard and distribution path must exist. + +## Where this connects + +- [Organization Standard](Organization-Standard.md) — what an initiative organization must define centrally. +- [README-Driven Context](Readme-Driven-Context.md) — why the README is the front door. +- [PR Format](PR-Format.md) — the PR Manager-style title and description format. +- [GitHub Actions](../Coding-Standards/GitHub-Actions.md) — workflow and automation standards. +- [Dependency Updates](../Capabilities/dependency-updates/spec.md) — supply-chain update requirements. diff --git a/src/docs/Ways-of-Working/index.md b/src/docs/Ways-of-Working/index.md index d8870fb..9b401cb 100644 --- a/src/docs/Ways-of-Working/index.md +++ b/src/docs/Ways-of-Working/index.md @@ -21,6 +21,8 @@ This section documents the principles, processes, and norms that every contribut | [Spec-Driven Development](Spec-Driven-Development.md) | The specification is the source of truth — the spec (why and what), its design (how), and how a change moves from need to shipped. | | [Evolutionary Development](Evolutionary-Development.md) | Grow software as bets under selection — variation, feedback, and survival of the fittest, run as one tight loop. | | [Agentic Development](Agentic-Development.md) | How ways of working, standards, and documentation are authored once and consumed by both humans and agents. | +| [Organization Standard](Organization-Standard.md) | What every initiative organization must define centrally so humans and agents share the same expectations. | +| [Repository Standard](Repository-Standard.md) | The baseline files and behaviours every repository must expose so it is understandable, secure, and maintainable. | | [Principles](Principles/index.md) | The foundational beliefs and product mindset behind every decision. | | [Engineering Taste](Engineering-Taste.md) | The judgment that takes over when the standards run out. | | [Goal-Setting Framework](Goal-Setting.md) | Mission, OKRs, and initiatives — strategy connected to delivery. | diff --git a/src/zensical.toml b/src/zensical.toml index 523e078..3efc528 100644 --- a/src/zensical.toml +++ b/src/zensical.toml @@ -31,6 +31,8 @@ nav = [ {"Spec-Driven Development" = "Ways-of-Working/Spec-Driven-Development.md"}, {"Evolutionary Development" = "Ways-of-Working/Evolutionary-Development.md"}, {"Agentic Development" = "Ways-of-Working/Agentic-Development.md"}, + {"Organization Standard" = "Ways-of-Working/Organization-Standard.md"}, + {"Repository Standard" = "Ways-of-Working/Repository-Standard.md"}, {"Principles" = [ "Ways-of-Working/Principles/index.md", {"Purpose and Direction" = "Ways-of-Working/Principles/Purpose-and-Direction.md"},