From 45c1a7f85a5b03832ac383bb316fad9a9c313845 Mon Sep 17 00:00:00 2001
From: Isaac Milarsky <imilarsky@gmail.com>
Date: Tue, 11 Feb 2025 15:19:40 -0600
Subject: [PATCH] changes based on repolinter output

---
 CODEOWNERS.md           |  17 +++++++
 CODE_OF_CONDUCT.md      |  10 ++++
 COMMUNITY_GUIDELINES.md |  29 +++++++++++
 CONTRIBUTING.md         | 107 ++++++++++++++++++++++++++++++++++++++++
 GOVERNANCE.md           |   3 ++
 MAINTAINERS.md          |  20 ++++++++
 README.md               |  77 +++++++++++++++++++++++++++++
 7 files changed, 263 insertions(+)
 create mode 100644 CODEOWNERS.md
 create mode 100644 CODE_OF_CONDUCT.md
 create mode 100644 COMMUNITY_GUIDELINES.md
 create mode 100644 CONTRIBUTING.md
 create mode 100644 GOVERNANCE.md
 create mode 100644 MAINTAINERS.md

diff --git a/CODEOWNERS.md b/CODEOWNERS.md
new file mode 100644
index 0000000..03bc4ba
--- /dev/null
+++ b/CODEOWNERS.md
@@ -0,0 +1,17 @@
+# Code Owners 
+<!-- TODO: Who are the points of contact in your project who are responsible/accountable for the project? This can often be an engineering or design manager or leader, who may or may not be the primary maintainers of the project. List them by GitHub Username--> 
+ 
+ ## Repository Domains
+ <!--
+The Repo Domains section of your CODEOWNERS.md file helps manage code review responsibilities efficiently. Each domain represents a different aspect of the repository, such as documentation, frontend, backend, DevOps, testing, etc. In this section, list each domain and assign the appropriate GitHub usernames or teams responsible for that domain. This ensures that pull requests (PRs) are reviewed by the right experts, maintaining high code quality and relevance.
+For example:
+/docs/ @doc-team @johnsmith @janedoe
+/frontend/ @frontend-team @alice @bob
+/backend/ @backend-team @charlie @dana
+Furthermore, GitHub teams are a good feature for managing groups of contributors who need to be notified about specific domains within a repository. By creating and using GitHub teams, you can allow contributors to ping multiple relevant experts simultaneously.
+To set up GitHub teams:
+- Navigate to your organization's settings and select 'Teams'.
+- Create a new team for each domain, such as @frontend-team, @backend-team, or @doc-team.
+- Add the relevant members to each team. Ensure that the team includes all the individuals who should be notified about PRs in their domain.
+- When filling out the Repo Domains section in your CODEOWNERS.md file, use the team handles instead of or alongside individual usernames. This way, when a contributor opens a PR affecting a specific domain, they can simply tag the team, and every member of that team will be notified.
+--> 
diff --git a/CODE_OF_CONDUCT.md b/CODE_OF_CONDUCT.md
new file mode 100644
index 0000000..724395c
--- /dev/null
+++ b/CODE_OF_CONDUCT.md
@@ -0,0 +1,10 @@
+## Contributor Code of Conduct 
+As contributors and maintainers of this project, we pledge to respect all people who contribute through reporting issues, posting feature requests, updating documentation, submitting pull requests or patches, and other activities. 
+ We are committed to making participation in this project a harassment-free experience for everyone, regardless of the level of experience, gender, gender identity, expression, sexual orientation, disability, personal appearance, body size, race, ethnicity, age, or religion. 
+ Examples of unacceptable behavior by participants include the use of sexual language or imagery, derogatory comments or personal attacks, trolling, public or private harassment, insults, or other unprofessional conduct. 
+ Project maintainers have the right and responsibility to remove, edit, or reject comments, commits, code, wiki edits, issues, and other contributions that are not aligned with this Code of Conduct. 
+ Instances of abusive, harassing, or otherwise unacceptable behavior may be reported by opening an issue or contacting one or more of the project maintainers at opensource@cms.hhs.gov. 
+ This Code of Conduct is adapted from the [Contributor Covenant](http://contributor-covenant.org), version 1.0.0, available at [http://contributor-covenant.org/version/1/0/0/](http://contributor-covenant.org/version/1/0/0/) 
+ 
+ ## Acknowledgements 
+This CODE_OF_CONDUCT.md was originally forked from the [United States Digital Service](https://usds.gov) [Justice40](https://thejustice40.com) open source [repository](https://github.com/usds/justice40-tool), and we would like to acknowledge and thank the community for their contributions. 
diff --git a/COMMUNITY_GUIDELINES.md b/COMMUNITY_GUIDELINES.md
new file mode 100644
index 0000000..b5afbcc
--- /dev/null
+++ b/COMMUNITY_GUIDELINES.md
@@ -0,0 +1,29 @@
+# {name_of_project_here} Open Source Community Guidelines 
+This document contains principles and guidelines for participating in the {name_of_project_here} open source community. 
+ 
+ ## Principles 
+These principles guide our data, product, and process decisions, architecture, and approach.
+- Open means transparent and participatory.
+- We take a modular and modern approach to software development.
+- We build open-source software and open-source process.
+- We value ease of implementation.
+- Fostering community includes building capacity and making our software and processes accessible to participants with diverse backgrounds and skillsets.
+- Data (and data science) is as important as software and process. We build open data sets where possible.
+- We strive for transparency for algorithms and places we might be introducing bias. 
+ 
+ ## Community Guidelines 
+All community members are expected to adhere to our [Code of Conduct](CODE_OF_CONDUCT.md).
+Information on contributing to this repository is available in our [Contributing file](CONTRIBUTING.md).
+When participating in {{ cookiecutter.project_name }} open source community conversations and spaces, we ask individuals to follow the following guidelines:
+- When joining a conversation for the first time, please introduce yourself by providing a brief intro that includes:
+ - your related organization (if applicable)
+ - your pronouns
+ - your superpower, and how you hope to use it for {{ cookiecutter.project_name }}
+- Embrace a culture of learning, and educate each other. We are all entering this conversation from different starting points and with different backgrounds. There are no dumb questions.
+- Take space and give space. We strive to create an equitable environment in which all are welcome and able to participate. We hope individuals feel comfortable voicing their opinions and providing contributions and will do our best to recognize and make space for individuals who may be struggling to find space here. Likewise, we expect individuals to recognize when they are taking up significant space and take a step back to allow room for others.
+<!-- TODO: Add if your repo has a community chat - Be present when joining synchronous conversations such as our community chat. Why be here if you're not going to *be here*? -->
+- Be respectful.
+- Default to positive. Assume others' contributions are legitimate and valuable and that they are made with good intention.
+ 
+ ## Acknowledgements 
+This COMMUNITY_GUIDELINES.md was originally forked from the [United States Digital Service](https://usds.gov) [Justice40](https://thejustice40.com) open source [repository](https://github.com/usds/justice40-tool), and we would like to acknowledge and thank the community for their contributions.
diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
new file mode 100644
index 0000000..410a717
--- /dev/null
+++ b/CONTRIBUTING.md
@@ -0,0 +1,107 @@
+# Contributing Guidelines 
+<!-- Basic instructions about where to send patches, check out source code, and get development support.--> 
+ 
+ We're so thankful you're considering contributing to an [open source project of the U.S. government](https://code.gov/)! If you're unsure about anything, just ask -- or submit the issue or pull request anyway. The worst that can happen is you'll be politely asked to change something. We appreciate all friendly contributions.
+ 
+ We encourage you to read this project's CONTRIBUTING policy (you are here), its [LICENSE](LICENSE.md), and its [README](README.md). 
+ 
+ ## Getting Started 
+<!--- TODO: If you have 'good-first-issue' or 'easy' labels for newcomers, mention them here.--> 
+ 
+ ### Team Specific Guidelines 
+<!-- TODO: This section helps contributors understand any team structure in the project (formal or informal.) Encouraged to point towards the MAINTAINERS.md file for further details.--> 
+ 
+ ### Building Dependencies 
+<!--- TODO: This step is often skipped, so don't forget to include the steps needed to install on your platform. If you project can be multi-platform, this is an excellent place for first time contributors to send patches!--> 
+ 
+ ### Building the Project 
+<!--- TODO: Be sure to include build scripts and instructions, not just the source code itself! -->
+ 
+ ### Workflow and Branching 
+<!--- TODO: Workflow Example
+We follow the [GitHub Flow Workflow](https://guides.github.com/introduction/flow/)
+1. Fork the project
+2. Check out the `main` branch
+3. Create a feature branch
+4. Write code and tests for your change
+5. From your branch, make a pull request against `{{ cookiecutter.project_org }}/{{ cookiecutter.project_repo_name }}/main`
+6. Work with repo maintainers to get your change reviewed
+7. Wait for your change to be pulled into `{{ cookiecutter.project_org }}/{{ cookiecutter.project_repo_name }}/main`
+8. Delete your feature branch
+-->
+ 
+ ### Testing Conventions 
+<!--- TODO: Discuss where tests can be found, how they are run, and what kind of tests/coverage strategy and goals the project has. --> 
+ 
+ ### Coding Style and Linters 
+<!--- TODO: HIGHLY ENCOURAGED. Specific tools will vary between different languages/frameworks (e.g. Black for python, eslint for JavaScript, etc...)
+1. Mention any style guides you adhere to (e.g. pep8, etc...)
+2. Mention any linters your project uses (e.g. flake8, jslint, etc...)
+3. Mention any naming conventions your project uses (e.g. Semantic Versioning, CamelCasing, etc...)
+4. Mention any other content guidelines the project adheres to (e.g. plainlanguage.gov, etc...)
+--> 
+ 
+ ### Writing Issues 
+<!--- TODO: Example Issue Guides
+ When creating an issue please try to adhere to the following format:
+ module-name: One line summary of the issue (less than 72 characters)
+ ### Expected behavior
+ As concisely as possible, describe the expected behavior.
+ ### Actual behavior
+ As concisely as possible, describe the observed behavior.
+ ### Steps to reproduce the behavior
+ List all relevant steps to reproduce the observed behavior.
+ see our .github/ISSUE_TEMPLATE.md for more examples.
+ -->
+ 
+ ### Writing Pull Requests 
+<!-- TODO: Make a brief statement about where to file pull/merge requests, and conventions for doing so. Link to PULL_REQUEST_TEMPLATE.md file.
+ Comments should be formatted to a width no greater than 80 columns.
+ Files should be exempt of trailing spaces.
+ We adhere to a specific format for commit messages. Please write your commit messages along these guidelines. Please keep the line width no greater than 80 columns (You can use `fmt -n -p -w 80` to accomplish this).
+ module-name: One line description of your change (less than 72 characters)
+ Problem
+ Explain the context and why you're making that change. What is the problem you're trying to solve? In some cases there is not a problem and this can be thought of being the motivation for your change.
+ Solution
+ Describe the modifications you've done.
+ Result
+ What will change as a result of your pull request? Note that sometimes this section is unnecessary because it is self-explanatory based on the solution.
+ Some important notes regarding the summary line:
+ workflows Describe what was done; not the result
+ workflows Use the active voice
+ workflows Use the present tense
+ workflows Capitalize properly
+ workflows Do not end in a period — this is a title/subject
+ workflows Prefix the subject with its scope
+ see our .github/PULL_REQUEST_TEMPLATE.md for more examples.
+ -->
+ 
+ ### Reviewing Pull Requests 
+<!--- TODO: Make a brief statement about how pull-requests are reviewed, and who is doing the reviewing. Linking to MAINTAINERS.md can help.
+ Code Review Example
+ The repository on GitHub is kept in sync with an internal repository at github.cms.gov. For the most part this process should be transparent to the project users, but it does have some implications for how pull requests are merged into the codebase.
+ When you submit a pull request on GitHub, it will be reviewed by the project community (both inside and outside of github.cms.gov), and once the changes are approved, your commits will be brought into github.cms.gov's internal system for additional testing. Once the changes are merged internally, they will be pushed back to GitHub with the next sync.
+ This process means that the pull request will not be merged in the usual way. Instead a member of the project team will post a message in the pull request thread when your changes have made their way back to GitHub, and the pull request will be closed.
+ The changes in the pull request will be collapsed into a single commit, but the authorship metadata will be preserved.
+ -->
+ 
+ ## Shipping Releases 
+<!-- TODO: What cadence does your project ship new releases? (e.g. one-time, ad-hoc, periodically, upon merge of new patches) Who does so? --> 
+ 
+ ## Documentation 
+<!-- TODO: Documentation Example 
+We also welcome improvements to the project documentation or to the existing docs. Please file an [issue](https://github.com/{{ cookiecutter.project_org }}/{{ cookiecutter.project_repo_name }}/issues).
+ --> 
+ 
+ ## Policies 
+ 
+ ### Open Source Policy 
+We adhere to the [CMS Open Source Policy](https://github.com/CMSGov/cms-open-source-policy). If you have any questions, just [shoot us an email](mailto:opensource@cms.hhs.gov).
+ 
+ ### Security and Responsible Disclosure Policy 
+*Submit a vulnerability:* Vulnerability reports can be submitted through [Bugcrowd](https://bugcrowd.com/cms-vdp). Reports may be submitted anonymously. If you share contact information, we will acknowledge receipt of your report within 3 business days.
+ For more information about our Security, Vulnerability, and Responsible Disclosure Policies, see [SECURITY.md](SECURITY.md).
+ 
+ ## Public Domain 
+This project is in the public domain within the United States, and copyright and related rights in the work worldwide are waived through the [CC0 1.0 Universal public domain dedication](https://creativecommons.org/publicdomain/zero/1.0/) as indicated in [LICENSE](LICENSE).
+ All contributions to this project will be released under the CC0 dedication. By submitting a pull request or issue, you are agreeing to comply with this waiver of copyright interest.
diff --git a/GOVERNANCE.md b/GOVERNANCE.md
new file mode 100644
index 0000000..59d2bad
--- /dev/null
+++ b/GOVERNANCE.md
@@ -0,0 +1,3 @@
+# Governance 
+<!-- TODO: Starting at Tier 3 GOVERNANCE.md has basic language about early community governance, how the project make decisions, and how contributors are elevated through the leadership process if any (e.g. joining teams, getting maintainer status, etc...)--> 
+ This project is governed by our [Community Guidelines](COMMUNITY_GUIDELINES.md) and [Code of Conduct](CODE_OF_CONDUCT.md). 
diff --git a/MAINTAINERS.md b/MAINTAINERS.md
new file mode 100644
index 0000000..83ccc16
--- /dev/null
+++ b/MAINTAINERS.md
@@ -0,0 +1,20 @@
+## Maintainers 
+<!-- TODO: Who are the points of contact in your project who are responsible/accountable for the project? This can often be an engineering or design manager or leader, who may or may not be the primary maintainers of the project. -->
+ This is a list of maintainers for this project. See [CODEOWNERS.md](./CODEOWNERS.md) for list of reviewers for different parts of the codebase. Team members include:
+ 
+ ## Maintainers List: 
+<!-- TODO: What groups/domains are maintainers a part of? Does your project have domains/areas that are maintained by specific people? List @USERNAMES directly, or any @ALIASES for groups/teams. -->
+ - 
+ 
+ ## Approvers:
+ - 
+ 
+ ## Reviewers:
+ - 
+
+| Roles | Responsibilities | Requirements | Defined by |
+| -------------|:-----------------------------------------|:-----------------------------------------------|:---------------------------------------|
+| member | active contributor in the community | multiple contributions to the project. | PROJECT GitHub org Committer Team |
+| reviewer | review contributions from other members | history of review and authorship in a sub-project | MAINTAINERS file reviewer entry, and GitHub Org Triage Team |
+| approver | approve accepting contributions | highly experienced and active reviewer + contributor to a sub-project | MAINTAINERS file approver entry and GitHub Triage Team |
+| lead | set direction and priorities for a sub-project | demonstrated responsibility and excellent technical judgement for the sub-project | MAINTAINERS file owner entry and GitHub Org Admin Team |
diff --git a/README.md b/README.md
index cb338d2..98a24e0 100644
--- a/README.md
+++ b/README.md
@@ -18,3 +18,80 @@ npm start
 ```
 
 [pat]: (https://github.com/settings/tokens)
+ 
+ ## About the Project 
+<!-- This should be a longer-form description of the project. It can include history, background, details, problem statements, links to design documents or other supporting materials, or any other information/context that a user or contributor might be interested in. --> 
+ 
+ ## Core Team 
+An up-to-date list of core team members can be found in [MAINTAINERS.md](MAINTAINERS.md). At this time, the project is still building the core team and defining roles and responsibilities. We are eagerly seeking individuals who would like to join the community and help us define and fill these roles. 
+ 
+ ## Documentation Index 
+<!-- TODO: This is a like a 'table of contents' for your documentation. Tier 0/1 projects with simple README.md files without many sections may or may not need this, but it is still extremely helpful to provide 'bookmark' or 'anchor' links to specific sections of your file to be referenced in tickets, docs, or other communication channels. --> 
+ **{list of .md at top directory and descriptions}** 
+ 
+ ## Repository Structure 
+<!-- TODO: Using the 'tree -d' command can be a helpful way to generate this information, but, be sure to update it as the project evolves and changes over time. --> 
+ <!--TREE START--><!--TREE END--> 
+ **{list directories and descriptions}** 
+ 
+ ## Development and Software Delivery Lifecycle 
+The following guide is for members of the project team who have access to the repository as well as code contributors. The main difference between internal and external contributions is that external contributors will need to fork the project and will not be able to merge their own pull requests. For more information on contributing, see: [CONTRIBUTING.md](./CONTRIBUTING.md). 
+ 
+ ## Local Development 
+<!--- TODO - with example below: 
+This project is monorepo with several apps. Please see the [api](./api/README.md) and [frontend](./frontend/README.md) READMEs for information on spinning up those projects locally. Also see the project [documentation](./documentation) for more info. --> 
+ 
+ ## Coding Style and Linters 
+<!-- TODO - Add the repo's linting and code style guidelines --> 
+ Each application has its own linting and testing guidelines. Lint and code tests are run on each commit, so linters and tests should be run locally before commiting. 
+ 
+ ## Branching Model 
+ <!-- TODO - with example below:
+ This project follows [trunk-based development](https://trunkbaseddevelopment.com/), which means:
+
+* Make small changes in [short-lived feature branches](https://trunkbaseddevelopment.com/short-lived-feature-branches/) and merge to `main` frequently.
+* Be open to submitting multiple small pull requests for a single ticket (i.e. reference the same ticket across multiple pull requests).
+* Treat each change you merge to `main` as immediately deployable to production. Do not merge changes that depend on subsequent changes you plan to make, even if you plan to make those changes shortly.
+* Ticket any unfinished or partially finished work.
+* Tests should be written for changes introduced, and adhere to the text percentage threshold determined by the project.
+
+This project uses **continuous deployment** using [Github Actions](https://github.com/features/actions) which is configured in the [./github/workflows](.github/workflows) directory.
+
+Pull-requests are merged to `main` and the changes are immediately deployed to the development environment. Releases are created to push changes to production.--> 
+ 
+ ## Contributing 
+Thank you for considering contributing to an Open Source project of the US Government! For more information about our contribution guidelines, see [CONTRIBUTING.md](CONTRIBUTING.md). 
+ 
+ ## Codeowners 
+The contents of this repository are managed by **{responsible organization(s)}**. Those responsible for the code and documentation in this repository can be found in [CODEOWNERS.md](CODEOWNERS.md). 
+ 
+ ## Community 
+The {name_of_project_here} team is taking a community-first and open source approach to the product development of this tool. We believe government software should be made in the open and be built and licensed such that anyone can download the code, run it themselves without paying money to third parties or using proprietary software, and use it as they will.
+
+We know that we can learn from a wide variety of communities, including those who will use or will be impacted by the tool, who are experts in technology, or who have experience with similar technologies deployed in other spaces. We are dedicated to creating forums for continuous conversation and feedback to help shape the design and development of the tool.
+
+We also recognize capacity building as a key part of involving a diverse open source community. We are doing our best to use accessible language, provide technical and process documents, and offer support to community members with a wide variety of backgrounds and skillsets. 
+ 
+ ## Community Guidelines 
+Principles and guidelines for participating in our open source community are can be found in [COMMUNITY_GUIDELINES.md](COMMUNITY_GUIDELINES.md). Please read them before joining or starting a conversation in this repo or one of the channels listed below. All community members and participants are expected to adhere to the community guidelines and code of conduct when participating in community spaces including: code repositories, communication channels and venues, and events. 
+ 
+ ## Feedback 
+If you have ideas for how we can improve or add to our capacity building efforts and methods for welcoming people into our community, please let us know at **{contact_email}**. If you would like to comment on the tool itself, please let us know by filing an **issue on our GitHub repository.** 
+ 
+ ## Policies 
+ 
+ ### Open Source Policy 
+We adhere to the [CMS Open Source Policy](https://github.com/CMSGov/cms-open-source-policy). If you have any questions, just [shoot us an email](mailto:opensource@cms.hhs.gov). 
+ 
+ ### Security and Responsible Disclosure Policy 
+*Submit a vulnerability:* Vulnerability reports can be submitted through [Bugcrowd](https://bugcrowd.com/cms-vdp). Reports may be submitted anonymously. If you share contact information, we will acknowledge receipt of your report within 3 business days.
+For more information about our Security, Vulnerability, and Responsible Disclosure Policies, see [SECURITY.md](SECURITY.md). 
+ 
+ ## Public Domain 
+This project is in the public domain within the United States, and copyright and related rights in the work worldwide are waived through the [CC0 1.0 Universal public domain dedication](https://creativecommons.org/publicdomain/zero/1.0/) as indicated in [LICENSE](LICENSE).
+All contributions to this project will be released under the CC0 dedication. By submitting a pull request or issue, you are agreeing to comply with this waiver of copyright interest.
+ 
+ ### Software Bill of Materials (SBOM) 
+A Software Bill of Materials (SBOM) is a formal record containing the details and supply chain relationships of various components used in building software.
+In the spirit of [Executive Order 14028 - Improving the Nation's Cyber Security](https://www.gsa.gov/technology/it-contract-vehicles-and-purchasing-programs/information-technology-category/it-security/executive-order-14028), a SBOM for this repository is provided here: https://github.com/{repo_org}/{repo_name}/network/dependencies.
+For more information and resources about SBOMs, visit: https://www.cisa.gov/sbom.
\ No newline at end of file