claude-governance

Name: claude-governance
Author: datallmhub

Pending

Claude Code governance templates by tech stack : CLAUDE.md, scoped rules, architecture docs, cost control & dev-level adaptation

54stars

5forks

Java

Installation

# Add to your Claude Code skills
git clone https://github.com/datallmhub/claude-governance

Getting Started

Guides for using ai agents skills like claude-governance.

Caveman: Cut Claude Token Use by 65%
How agent-side prompt compression works, when to use it, and when not to.
What is an AI Skills Marketplace?
Definitions, how marketplaces work, and how to choose between them in 2026.
Getting Started with AI Skills

README.md

Frequently Asked Questions

What is claude-governance?

claude-governance is an open-source ai agents skill for AI coding assistants such as Claude Code, Codex CLI, and ChatGPT, built by datallmhub. Claude Code governance templates by tech stack : CLAUDE.md, scoped rules, architecture docs, cost control & dev-level adaptation. It has 54 GitHub stars.

Is claude-governance safe to use?

claude-governance's catalog security scan is still queued. You can run an instant dependency and prompt-injection check now with the "Scan for vulnerabilities" button above.

How do I install claude-governance?

Clone the repository with "git clone https://github.com/datallmhub/claude-governance" and add it to your Claude Code skills directory (see the Installation section above).

What programming language is claude-governance written in?

claude-governance is primarily written in Java. It is open-source under datallmhub on GitHub, so you can review or fork the full source.

Are there alternatives to claude-governance?

Yes. SkillsLLM lists many other AI Agents skills you can browse and compare side by side. Open the AI Agents category from the badge at the top of this page, or use the Related Skills and comparison links further down to weigh claude-governance against similar tools.

Agentic AI for Beginners

Build your first AI agent from scratch - tool use, ReAct pattern, memory, deployment

41 minBeginner

Comments (0)

to leave a comment.

No comments yet. Be the first to share your thoughts!

Related Skills

superpowers

by obra

An agentic skills framework & software development methodology that works.

234,966

ultraswarm deepcloak

Claude Code Governance Templates

Ready-to-use governance templates for Claude Code, organized by tech stack. Rules load automatically on every session: no prompting required.

If this saves you time, consider giving it a ⭐: it helps others find the project.

Why this exists

Without structure, Claude Code generates inconsistent code, ignores your conventions, and repeats the same mistakes across sessions. This project fixes that with a hierarchy of CLAUDE.md files that load automatically: no prompting required.

What you get:

Consistent code that respects your architecture and naming conventions
Security rules enforced by default (no IDOR, no raw SQL, no hardcoded secrets)
Cost control: precise diffs instead of full rewrites, right model for the right task
Behavior adapted to the developer's experience level (Junior → Tech Lead)

Installation

Via plugin marketplace (recommended):

/plugin marketplace add datallmhub/claude-governance
/plugin install claude-governance

Then run /setup in any project: select your stack, governance files are copied automatically, and rules inject at every session start.

Local / development:

git clone https://github.com/datallmhub/claude-governance.git
claude --plugin-dir /path/to/claude-governance

Manual (no plugin):

Copy the stack folder into your project root
Update CLAUDE.md with your project name and stack versions
Copy CLAUDE.local.md.example → CLAUDE.local.md (do not commit)
Set your experience level in dev-level.md

Available stacks

Java

Stack	Folder	Status
Java (Spring Boot) + React (TypeScript)	`java-react/`	✅ Ready
Java (Spring Boot) + Angular	`java-angular/`	🔜 Coming
Java (Spring Boot) + Vue.js	`java-vue/`	🔜 Coming
Java (Spring Boot) API only	`java-only/`	🔜 Coming

JavaScript / TypeScript

Stack	Folder	Status
React / TypeScript only	`react-only/`	✅ Ready
Angular only	`angular-only/`	✅ Ready
Vue.js only	`vue-only/`	✅ Ready
Next.js (full-stack)	`nextjs/`	✅ Ready
Node.js (Express) + React	`node-express-react/`	🔜 Coming
Node.js (NestJS) + React	`nestjs-react/`	✅ Ready

Python

Stack	Folder	Status
Python (FastAPI) + React	`python-fastapi-react/`	✅ Ready
Python (Django) + React	`python-django-react/`	🔜 Coming
Python (FastAPI) API only	`python-fastapi-only/`	🔜 Coming

.NET / Go / PHP

Stack	Folder	Status
.NET (ASP.NET Core) + React	`dotnet-react/`	🔜 Coming
Go (Gin / Echo) + React	`go-react/`	🔜 Coming
Laravel + React	`laravel-react/`	🔜 Coming
Symfony + React	`symfony-react/`	🔜 Coming

What's inside each template

<stack>/
├── CLAUDE.md                    # Project context: always loaded
├── CLAUDE.local.md.example      # Personal overrides (copy locally, never commit)
├── .claude/
│   ├── settings.json            # SessionStart hook: injects rules at session start
│   ├── rules/
│   │   ├── backend.md           # Backend rules: scoped to backend files only
│   │   ├── frontend.md          # Frontend rules: scoped to frontend files only
│   │   ├── database.md          # DB / migration rules
│   │   ├── testing.md           # Testing standards
│   │   ├── security.md          # Security rules: loaded on every file
│   │   ├── governance.md        # Git, PR, versioning, release process
│   │   └── dev-level.md         # Behavior by experience level
│   └── architecture/
│       ├── overview.md          # System architecture + key decisions
│       ├── api.md               # REST API contract
│       └── data-model.md        # Database schema
└── samples/                     # Code examples applying all the rules

Load order

~/.claude/CLAUDE.md       ← personal preferences (your machine)
./CLAUDE.md               ← project rules (committed, shared)
./CLAUDE.local.md         ← personal overrides (gitignored)
.claude/rules/*.md        ← scoped rules (loaded per file path)

Security

security.md loads on every file automatically. It enforces:

No IDOR: public_id UUID in all URLs, never internal sequential IDs
No hardcoded secrets: all credentials via environment variables
Safe tokens: JWT in memory, refresh token in HttpOnly; Secure cookie
Injection prevention: parameterized queries, input validated at system boundary
CORS locked down: explicit origin whitelist, never allowedOrigins("*")

Developer Experience Levels

One setting in dev-level.md: Claude adapts its verbosity automatically.

Level	Behavior
`JUNIOR`	Step-by-step, full context, pitfalls flagged
`SENIOR`	Solution-first, 3 sentences max per concept
`EXPERT`	Code only, no explanations unless asked
`TECH_LEAD`	1 sentence max, no prose, no fundamentals

GovEval: Validate your governance

GovEval is to governance rules what unit tests are to code.

It does not test Claude in isolation. It tests Claude as configured by this repo — CLAUDE.md + .claude/rules/ + dev-level + everything else loaded automatically.

The developer prompt never repeats the rules:

Developer request → Claude Code runtime (rules loaded silently) → Generated code → Judge → PASS / FAIL

Example — SEC-01:

Step	Result
Prompt	"Create GET /tasks"
Generated	`organizationId` read from JWT, not the request
Judge	Mistral Large — isolation verified
Result	✅ PASS — 100/100

The judge (Mistral Large) is a different model family than the generator (Claude), so it isn't grading its own work.

/gov-eval                          # all scenarios
/gov-eval --category security      # one category
/gov-eval --scenario SEC-01        # one scenario

Requires MISTRAL_API_KEY. See java-react/tests/ for full details.

Run it on a schedule, not just once. A rule that passes today can silently break after a model update, even with no changes to CLAUDE.md. Re-run GovEval on every PR touching .claude/rules/, and periodically (e.g. every 2 weeks) to catch drift from model updates.

Contributing

See CONTRIBUTING.md for the full guide.

Pick an open new-stack issue: each one is a self-contained task with clear acceptance criteria.