Skip to content

Add ecosystem admin system, content backbone, and unified design#12

Merged
dougdevitre merged 12 commits intomainfrom
claude/add-repo-sync-workflow-39W2r
Apr 7, 2026
Merged

Add ecosystem admin system, content backbone, and unified design#12
dougdevitre merged 12 commits intomainfrom
claude/add-repo-sync-workflow-39W2r

Conversation

@dougdevitre
Copy link
Copy Markdown
Owner

@dougdevitre dougdevitre commented Apr 7, 2026

Summary

Builds the complete admin and content infrastructure for the Access To ecosystem — turning the hub repo into the control plane for all 8 repos, all content formats, and all visual styling.

90 files changed, 7,780 insertions across 15 commits.

Admin System (Config-Driven Automation)

  • Config registry (repos.json): All 8 repos with pillar, scope, connections, audience, use cases, brand colors, and taglines
  • Label taxonomy (labels.json): 28 shared labels (pillar, type, priority, status) synced to all repos
  • JSON Schemas: Validation for repos.json, labels.json, and content.json
  • 7 scripts: sync-repos, sync-labels, sync-templates, health-check, validate-config, onboard-repo, generate-content — all using shared structured logging (lib-log.sh)
  • 8 workflows: Daily repo sync, label sync on config change, template sync, weekly health dashboard, config validation on PR, skill validation (reusable), issue auto-triage, content generation

Content Backbone (Config → All Formats)

  • content.json: Brand manifest with mission, colors, fonts, 6 format definitions, and 4 cross-pillar story arcs
  • 6 templates: Slide deck, video script, podcast outline, infographic data, Character AI persona, social media copy
  • 42 generated files: 6 formats × 7 pillars, all populated from config data
  • Auto-regeneration: Push to config or templates triggers generate-content.yml

Unified Design System

  • design-tokens.css: Shared CSS with --at- prefixed tokens, dark mode, components (cards, buttons, tags, grids), accessibility, and responsive breakpoints — child repos link to this one file
  • BRAND-GUIDE.md: Documents color palette, typography, components, spacing, dark mode, accessibility requirements
  • styles.css: Aligned hub site colors with config; added jobs, health, business pillar variables

Security Hardening

  • All workflows have explicit permissions: blocks (least privilege)
  • All sync workflows share concurrency: ecosystem-sync (prevents race conditions)
  • Issue triage uses actions/github-script (no shell injection)
  • lib-log.sh sanitizes secrets (PAT patterns, bearer tokens) from all log output
  • escape_md() prevents markdown injection in step summaries
  • All ((var++)) guarded with || true for set -e safety
  • Pre-validation in sync-labels prevents partial state on failure

Developer Experience

  • CLAUDE.md: Instructions for Claude Code sessions
  • copilot-instructions.md: Custom instructions for GitHub Copilot
  • SKILL-GUIDE.md: How to create Claude Skills with lifecycle diagrams
  • CONTRIBUTING.md: Cross-repo coordination guide, shared infrastructure docs
  • ARCHITECTURE.md: 11 Mermaid diagrams covering system overview, data flow, validation pipeline, onboarding, label taxonomy, connection map, AI tooling, content backbone, cross-pillar stories
  • dependabot.yml: Weekly GitHub Actions version updates

Cross-Pillar Story Arcs

Story Flow Persona
Survivor's Path Safety → Health → Housing → Services DV survivor rebuilding
Career Builder Education → Jobs → Services → Business Displaced worker retraining
Family Stabilizer Housing → Health → Services → Jobs Single parent stabilizing
Community Anchor Business → Jobs → Education → Services Local entrepreneur creating jobs

QA Results

Bash syntax:       8/8 scripts pass
YAML syntax:       8/8 workflows pass
JSON syntax:       5/5 config/schema files pass
Config validation: 8 repos, 0 errors
Content generation: 42 files, 0 errors
Unguarded ((++)):  0 remaining
Permissions:       All workflows scoped
Concurrency:       All sync workflows locked

Test Plan

  • Verify validate-config.sh passes: bash .github/scripts/validate-config.sh .github/config
  • Verify content generation: bash .github/scripts/generate-content.sh .github/config .github/content
  • Verify hub site renders correctly with updated styles.css (dark mode, pillar colors)
  • Verify design-tokens.css loads at https://dougdevitre.org/design-tokens.css after deploy
  • Review generated content samples (slide-deck-safety.md, character-persona-housing.md)
  • Test workflow triggers: push a label change, verify sync-labels fires

https://claude.ai/code/session_01KUugj6V4VWfhGomUtosyvv

claude added 12 commits April 6, 2026 23:29
@claude
Improve repo sync workflow reliability and usability
d528be2 
- Use PROJECT_PAT secret instead of GITHUB_TOKEN (projects API requires
  a PAT with project scope)
- Add workflow_dispatch inputs for project_number and owner
- Capture and display actual error messages instead of suppressing stderr
- Track added/skipped/failed counts and write a GitHub Actions job summary
- Properly quote all shell variables
- Fail the workflow if any repos fail to sync

https://claude.ai/code/session_01KUugj6V4VWfhGomUtosyvv
@claude
Restructure repo sync into config, script, and workflow
382be48 
Separate concerns for performance, scalability, and durability:

- .github/config/repos.json: Single source of truth for repo list,
  owner, and project number. Add repos without touching workflow logic.
- .github/scripts/sync-repos.sh: Standalone script with retry logic
  (exponential backoff), per-repo detail tracking, and safe defaults.
  Can be run locally or from any workflow.
- .github/workflows/sync-repos-to-project.yml: Thin orchestration
  layer that checks out the repo and runs the script.

https://claude.ai/code/session_01KUugj6V4VWfhGomUtosyvv
@claude
Add admin layer to unify Access To ecosystem
28ee7a9 
Introduces centralized administration across all repos:

- config/repos.json: Enriched with pillar metadata, scope, descriptions,
  and cross-repo connection maps per repo
- config/labels.json: Shared label taxonomy (pillar, type, priority,
  status, cross-repo) for consistent triage across all repos
- scripts/sync-labels.sh: Pushes the shared label set to all repos
- scripts/health-check.sh: Generates a weekly dashboard with open
  issues, PRs, stale repos, cross-repo issues, and a Mermaid
  connection graph
- workflows/sync-labels.yml: Runs on label config changes or manually
- workflows/health-check.yml: Runs weekly (Monday 8 AM UTC) or manually
- Updated sync-repos.sh to handle the new object-based repo config

https://claude.ai/code/session_01KUugj6V4VWfhGomUtosyvv
@claude
Add cross-repo coordination, onboarding, and reusable workflows
399e580 
Closes gaps in how the Access To repos operate as a unified system:

- Cross-repo issue template for coordinating work across pillars
- Onboarding script (onboard-repo.sh) automates new repo setup:
  label sync, project addition, and setup checklist issue
- Template sync workflow pushes shared issue templates to child repos
- Reusable skill validation workflow that child repos can call to
  validate SKILL.md files against hub standards
- Updated CONTRIBUTING.md with cross-repo development guide covering
  coordination patterns, shared infrastructure, and onboarding
- Fixed feature_request.md to match actual repos.json registry

https://claude.ai/code/session_01KUugj6V4VWfhGomUtosyvv
@claude
Add schemas, structured logging, validation, and architecture docs
4427dc4 
Technical protocol layer for the Access To admin system:

Schemas:
- repos.schema.json: JSON Schema for repo registry (required fields,
  valid pillars/scopes/roles, connects_to referential integrity)
- labels.schema.json: JSON Schema for label taxonomy (hex color
  format, required fields, namespace conventions)

Logging (lib-log.sh):
- Shared library sourced by all scripts
- Text and JSON output modes (LOG_FORMAT=text|json)
- Structured action logging with timestamps and correlation IDs
- Audit log support (AUDIT_LOG=/path/to/file.jsonl)
- Session summary with duration, action/warning/error counts

Validation (validate-config.sh + workflow):
- Required field checks for all config entries
- Enum validation (pillars, scopes, roles)
- Referential integrity (connects_to must reference existing repos)
- Duplicate detection, hub count verification
- Cross-file checks (every pillar has a matching label)
- Runs on PR and push to config/ or schemas/

Architecture docs (ARCHITECTURE.md):
- 8 Mermaid diagrams: system overview, data flow sequence, validation
  pipeline, onboarding flow, label taxonomy, connection map, file
  structure, and workflow schedule
- Logging protocol documentation with examples

Updated scripts:
- All scripts now use lib-log.sh for structured logging
- sync-labels.sh: fixed exit code (was 0 on errors, now exits 1)
- health-check.sh: captures API errors, adds ecosystem metrics table

https://claude.ai/code/session_01KUugj6V4VWfhGomUtosyvv
@claude
Add Copilot instructions, Claude Code config, and skill guide
285ccbb 
AI tooling integration for developers and CI:

- .github/copilot-instructions.md: Custom instructions for GitHub
  Copilot (code style, cross-repo awareness, PR review checklist,
  config conventions, what NOT to do)
- CLAUDE.md: Instructions for Claude Code sessions (repo structure,
  commands, rules for config editing and script writing)
- .github/dependabot.yml: Weekly GitHub Actions version updates
- .github/workflows/copilot-triage.yml: Auto-labels new issues by
  detecting pillar keywords, type keywords, and cross-repo mentions
- SKILL-GUIDE.md: Developer guide for creating Claude Skills with
  3 Mermaid diagrams (skill lifecycle, cross-pillar references,
  development flow), SKILL.md template, validation setup, best
  practices, and onboarding instructions
- Updated ARCHITECTURE.md with AI tooling integration diagrams
  showing how Claude, Copilot, and CI work together

https://claude.ai/code/session_01KUugj6V4VWfhGomUtosyvv
@claude
Harden security, accuracy, and durability across all workflows
e7a116b 
Security fixes:
- CRITICAL: Rewrote copilot-triage.yml to use actions/github-script
  instead of shell, eliminating injection via issue title/body
- HIGH: Added sanitize() to lib-log.sh that strips GitHub PAT patterns,
  bearer tokens, and control characters from all log output
- HIGH: Added escape_md() for safe markdown output in step summaries
- HIGH: Added _json_escape() for safe JSON value construction
- All log output now passes through sanitize() automatically
- All workflows now have explicit permissions: blocks (least privilege)
- Reusable skill check uses env vars instead of inline expressions

Data accuracy fixes:
- health-check.sh fetches repo data once and caches it (was fetching
  twice causing inconsistent dashboard data)
- health-check.sh validates date format with regex before comparison
- sync-labels.sh pre-validates all repos are reachable before syncing
  to prevent partial state on failure
- sync-templates.sh parses HTTP error codes (403, 404, 409, 422)
  instead of silently retrying on all failures
- validate-config.sh detects circular dependencies (3+ hops) using BFS
- validate-config.sh fixed all ((var++)) to use || true guard
  (bash arithmetic returns exit 1 when result is 0, killing set -e)
- Pillar label cross-check promoted from warning to error
- onboard-repo.sh validates pillar, scope, and repo name format

Durability fixes:
- All sync workflows share concurrency group 'ecosystem-sync' with
  cancel-in-progress: false (prevents race conditions)
- Health check uses separate concurrency group with cancel-in-progress
- sync-repos.sh escapes API output before writing to step summary
- All detail fields in log_action are sanitized and truncated to 500
  chars to prevent log injection and runaway output

https://claude.ai/code/session_01KUugj6V4VWfhGomUtosyvv
@claude
Fix QA audit findings: arithmetic guards, pillar assignments, skill c…
2d80ec5 
…heck

Fixes from comprehensive audit:

- repos.json: Fixed access-to-jobs pillar from 'services' to 'jobs'
  and access-to-business from 'services' to 'business'
- onboard-repo.sh: Added || true guard to ((SYNCED++))
- reusable-skill-check.yml: Added || true guard to all ((ERRORS++))

All 7 scripts pass bash -n, all 7 workflows pass YAML parse,
all 4 JSON configs pass jq validation, and validate-config.sh
completes with 0 errors.

https://claude.ai/code/session_01KUugj6V4VWfhGomUtosyvv
@claude
Guard all remaining ((var++)) arithmetic across all scripts
4743942 
Final sweep found 10 unguarded ((var++)) calls in sync-templates.sh,
health-check.sh, sync-labels.sh, and sync-repos.sh that could cause
set -e to exit on first increment from 0.

QA results: 7/7 bash syntax, 7/7 YAML syntax, 4/4 JSON syntax,
8/8 config validation, 0 unguarded arithmetic, all permissions and
concurrency blocks present, all scripts executable.

https://claude.ai/code/session_01KUugj6V4VWfhGomUtosyvv
@claude
Fix audit findings: template labels, onboard logging, diagram
0ec1ff4 
- bug_report.md: label 'bug' → 'type:bug, status:triage'
- feature_request.md: label 'enhancement' → 'type:feature, status:triage'
- new_pillar.md: label 'pillar-proposal' → 'type:feature, status:triage'
  All now use labels from the shared labels.json taxonomy
- onboard-repo.sh: now sources lib-log.sh for structured logging,
  consistent with all other scripts
- ARCHITECTURE.md: added missing copilot-triage.yml (W7) to file
  structure diagram

https://claude.ai/code/session_01KUugj6V4VWfhGomUtosyvv
@claude
Add content backbone: config-driven generation for all formats
63629a6 
Turns the admin system into a master content backbone that drives
slides, videos, podcasts, infographics, Character AI personas, and
social media — all from the same config files.

Config enrichment:
- repos.json: Added tagline, color, icon, audience, key_stats,
  use_cases, and cta to every pillar repo
- content.json: New manifest with brand identity (colors, fonts,
  mission, social proof), 6 format definitions, and 4 cross-pillar
  story arcs (Survivor's Path, Career Builder, Family Stabilizer,
  Community Anchor)

Content templates (6):
- slide-deck.md: 9-slide conference presentation
- video-script.md: 2-3 min explainer with hook/problem/solution/CTA
- podcast-outline.md: 20-30 min episode with 6 segments
- infographic-data.md: Structured data for designers
- character-persona.md: Character AI definition with greeting,
  persona, example conversations
- social-media.md: Twitter, LinkedIn, and Instagram copy blocks

Generator:
- generate-content.sh: Reads repos.json + content.json, applies
  templates with 40+ variable substitutions, generates 42 files
  (6 formats x 7 pillars) in ~3 seconds
- generate-content.yml: Auto-regenerates on config/template changes

Updated schemas:
- repos.schema.json: Added tagline, color, icon, audience, key_stats,
  use_cases, cta field definitions
- content.schema.json: New schema for content manifest

Updated ARCHITECTURE.md with 3 Mermaid diagrams:
- Config-to-content data flow
- Cross-pillar story arcs
- Content file structure

https://claude.ai/code/session_01KUugj6V4VWfhGomUtosyvv
@claude
Unify design system across ecosystem with shared tokens
3149478 
Creates a single source of truth for visual identity:

design-tokens.css:
- Shared CSS file child repos can link to directly
- All tokens prefixed --at- to avoid conflicts
- Includes: colors (light + dark), typography, spacing, shadows,
  transitions, and responsive breakpoints
- Shared components: .at-card, .at-btn, .at-tag, .at-grid, .at-container
- Accessibility: skip link, focus-visible, reduced-motion

styles.css:
- Aligned pillar colors to match repos.json canonical values
- Added missing pillars (jobs, health, business) as CSS variables
- Legacy aliases (justice → housing, peace → safety) for existing pages
- Added spacing scale tokens and accent color variable

content.json:
- Added base UI colors (background, border, card, dark variants)
  to match CSS exactly

BRAND-GUIDE.md:
- Documents color palette, typography, components, dark mode,
  spacing, accessibility requirements, responsive breakpoints
- Mermaid diagrams showing color flow from config to all outputs
- Code examples for child repo integration

Regenerated all 42 content files with aligned colors.

https://claude.ai/code/session_01KUugj6V4VWfhGomUtosyvv
@dougdevitre dougdevitre merged commit c612fc9 into main Apr 7, 2026
1 check passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@dougdevitre @claude