Context
The .github meta-repo has no CODEOWNERS file. This means:
- No automatic review requests are generated when PRs modify critical files
- No required reviewers enforced for workflows, Claude Code config, or policy files
- PRs can be merged without org-owner awareness of changes to security-critical automation
Implementation
Create .github/CODEOWNERS with the following structure:
# Default: org owner reviews everything
* @wcmchenry3
# GitHub Actions workflows — require explicit approval
.github/workflows/ @wcmchenry3
# Claude Code hooks and agents — security-critical, gated by hook scripts
.claude/ @wcmchenry3
# Community health files — org-wide impact
community-health/ @wcmchenry3
# Policy files — compliance-critical
.claude/policies/ @wcmchenry3
# Cloudflare worker — deployed infrastructure
cloudflare/ @wcmchenry3
Notes:
- Use the actual GitHub username of the org owner (currently
wcmchenry3)
- CODEOWNERS applies to this meta-repo only — each org repo needs its own project-specific CODEOWNERS (noted in plan as "What NOT to sync")
- Once branch protection rules are configured on
main, CODEOWNERS review becomes required
Acceptance Criteria
Dependencies
None — can be worked in parallel with all other Phase 2 issues.
Do NOT add CODEOWNERS to sync-community-health.yml FILE_MAP — each org repo needs its own project-specific CODEOWNERS.
Part of Epic
#77
Context
The
.githubmeta-repo has no CODEOWNERS file. This means:Implementation
Create
.github/CODEOWNERSwith the following structure:Notes:
wcmchenry3)main, CODEOWNERS review becomes requiredAcceptance Criteria
.github/CODEOWNERScreated with catch-all rule* @wcmchenry3.github/workflows/,.claude/,community-health/,.claude/policies/, andcloudflare/gh apior by opening a test PR and checking review requests)Dependencies
None — can be worked in parallel with all other Phase 2 issues.
Do NOT add CODEOWNERS to
sync-community-health.ymlFILE_MAP — each org repo needs its own project-specific CODEOWNERS.Part of Epic
#77