The AI-first GitHub repository template. Six AI agents. Security by default. Production-ready in 2 minutes.
Stop wasting time on boilerplate. Start every project with CI/CD, security scanning, six AI agent configs, issue management, and compliance auditing already in place.
▶ Table of Contents
This template is built for:
- Solo developers tired of repetitive project setup
- Teams wanting consistent structure across repositories
- AI-first developers using Claude Code, GitHub Copilot, Codex, or similar tools
- Security-conscious developers who want sensible defaults without the research
If you create GitHub repositories regularly and want them production-ready from the start, this is for you.
| Traditional Setup | With This Template |
|---|---|
| 30+ minutes configuring | 2 minutes to start |
| Security gaps from forgetting steps | Secure by default |
| AI agents need context each session | AI agents productive immediately |
| Inconsistent structure across projects | Same patterns everywhere |
- 🤖 Six AI Agents — Claude Code, Copilot, Cursor, Codex, Gemini, Windsurf — all configured
- 🔒 Secure by Default — SHA-pinned Actions, CodeQL scanning, dependency review, prompt injection defense
- ⚡ Quick or Full Setup — 2-minute quick mode or comprehensive 8-step configuration
- 📋 Issue Management — 5 templates (agent/human/external/bug/feature), 25+ labels, project board sync
- 🔄 13 Workflows — CI, releases, stale management, auto-labeling, PR sizing, security scanning
- 🛡️ AI Security — CODEOWNERS on AI configs, PR injection scanner, defense documentation
- 📦 Dev Experience — Devcontainer, linting templates, pre-commit hooks, VS Code settings
- 📊 Compliance Audit — Score any repo against template standards with
scripts/audit-compliance.sh
┌─────────────────────────────────────────────────────────────┐
│ repo-template │
├─────────────────────────────────────────────────────────────┤
│ │
│ 📁 .github/ │
│ ├── workflows/ci.yml → CI pipeline (multi-stack) │
│ ├── workflows/sync-status → Label → Project board sync │
│ ├── ISSUE_TEMPLATE/ → 5 issue forms + config │
│ ├── PULL_REQUEST_TEMPLATE → PR checklist │
│ ├── dependabot.yml → Dependency updates │
│ └── copilot-instructions → GitHub Copilot config │
│ │
│ 📁 .claude/ │
│ └── commands/ → Custom slash commands │
│ │
│ 📁 scripts/ │
│ ├── labels.sh → Create/update labels │
│ ├── my-tasks.sh → Filtered issue views │
│ └── close-issue.sh → Close with status:done │
│ │
│ 📁 src/ → Your source code │
│ 📁 tests/ → Your tests │
│ 📁 docs/ → Documentation │
│ │
│ 📄 CLAUDE.md → Claude Code instructions │
│ 📄 AGENTS.md → Cross-agent compatibility │
│ 📄 CONTRIBUTING.md → Contribution guidelines │
│ 📄 SECURITY.md → Security policy │
│ 📄 .gitignore → Comprehensive patterns │
│ 📄 .editorconfig → Consistent formatting │
│ │
└─────────────────────────────────────────────────────────────┘
Choose the workflow that matches your situation:
▶ Workflow A: GitHub Template (Recommended for most users)
Best for: Quick start with GitHub's UI
- Click Use this template → Name your repo → Create
- Clone your new repository:
git clone https://github.com/YOUR_USERNAME/YOUR_REPO.git cd YOUR_REPO - Open with Claude Code and run:
/project:init-template - Answer the prompts — files update automatically
[!IMPORTANT] After creating from template, run
scripts/labels.shto create issue labels. Labels, branch protection, secrets, and Projects do not transfer from template repos. Seedocs/BRANCH-PROTECTION.mdfor protection setup.
flowchart LR
A[🎯 Use Template] --> B[📥 Clone Repo]
B --> C[🤖 Run /init-template]
C --> D[💬 Answer Questions]
D --> E[✨ Files Updated]
E --> F[🚀 Start Coding]
style A fill:#238636,color:#fff
style F fill:#238636,color:#fff
▶ Workflow B: Local-First (For pre-planned projects)
Best for: When you've already planned your project structure or have existing code
- Create a local directory for your project:
mkdir my-project && cd my-project git init
- Start Claude Code in this directory
- Run
/project:init-template— the agent will:- Ask about your project objectives and tech stack
- Generate customized template files
- Create the GitHub repository
- Push the initial commit
Advantage: Files are customized before the GitHub repo exists — no template placeholders to clean up.
Note: Requires GitHub CLI (gh) to be installed and authenticated.
▶ Workflow C: Spin-off from Existing Session
Best for: When working in Claude Code and you realize a component should be its own project
- While in an existing Claude Code session, describe the new project
- Ask Claude to create a new repository for it
- The agent will:
- Set up the new repo with template standards
- Move or generate relevant code
- Push to GitHub
- Return context to your original project
Example prompt: "Let's spin off the authentication module into its own repository called my-auth-service"
▶ Workflow D: Empty GitHub Repo + Manual Setup
Best for: Users who prefer full control or don't use Claude Code
- Create an empty repository on GitHub (no README, no .gitignore)
- Clone it locally
- Copy template files manually or download from this repo
- Find and update
TODOcomments:grep -r "TODO" --include="*.md" --include="*.yml"
| File | What to Change |
|---|---|
README.md |
Project name, description, badges |
CLAUDE.md |
Your tech stack and commands |
AGENTS.md |
Same as CLAUDE.md (for other AI tools) |
.github/workflows/ci.yml |
Uncomment your language section |
.github/dependabot.yml |
Uncomment your package ecosystem |
SECURITY.md |
Your security contact email |
▶ Workflow E: Retrofit an Existing Repository
Best for: Bringing an older repo up to template standards
- In your existing repo, run:
/project:init-template - The agent will:
- Analyze your current structure
- Add missing template files (CLAUDE.md, CI, etc.)
- Preserve your existing code and configuration
- Suggest improvements without overwriting your work
What gets added:
- AI configuration files (if missing)
- CI/CD workflow (if missing or outdated)
- Issue/PR templates (if missing)
- Security policy (if missing)
What's preserved:
- Your existing README (agent will suggest improvements)
- Your code and tests
- Your existing CI (agent will compare and recommend)
▶ Workflow F: Fork + Personal Standards
Best for: Contributing to others' projects with AI assistance
- Fork the upstream repository
- Add template files to your fork:
CLAUDE.md— Your personal AI instructions- Optionally:
.github/copilot-instructions.md
- Important: Add these to
.git/info/exclude(not.gitignore) to avoid polluting upstream PRs:# .git/info/exclude CLAUDE.md .github/copilot-instructions.md
This gives you AI assistance without affecting the upstream project.
▶ Workflow G: Create Organization Template
Best for: Teams wanting consistent standards across repos
- Fork or clone repo-template
- Customize for your organization:
- Add org-specific CI steps (internal registries, compliance checks)
- Update SECURITY.md with your security contact
- Add org branding to README template
- Create additional slash commands for team workflows
- Mark as a template repository in GitHub Settings
- Team members use your org template instead of this one
▶ Workflow H: Multi-Stack Projects
Best for: Projects with multiple languages (e.g., Python backend + TypeScript frontend)
-
Use Workflow A or B to create the repository
-
In
.github/workflows/ci.yml, uncomment multiple language sections -
In
.github/dependabot.yml, enable multiple ecosystems -
In
CLAUDE.md, document all stacks:## Commands ### Backend (Python) ```bash cd backend && pytest
cd frontend && npm test
▶ Workflow I: Monorepo
Best for: Multiple projects in a single repository
- Apply template at repository root
- Customize paths in CI and Dependabot:
# dependabot.yml - package-ecosystem: "npm" directory: "/packages/frontend" - package-ecosystem: "pip" directory: "/packages/backend"
- In
CLAUDE.md, document the monorepo structure and per-package commands
| Workflow | Starting Point | Best For | AI Required |
|---|---|---|---|
| A: GitHub Template | GitHub UI | Quick start | Recommended |
| B: Local-First | Empty directory | Pre-planned projects | Yes |
| C: Spin-off | Existing session | Breaking out components | Yes |
| D: Manual | Empty GitHub repo | Full control | No |
| E: Retrofit | Existing repo | Upgrading old projects | Recommended |
| F: Fork | Others' repos | Contributing with AI | No |
| G: Org Template | This template | Team standards | No |
| H: Multi-Stack | Any | Polyglot projects | No |
| I: Monorepo | Any | Multi-project repos | No |
After setup, here are some things to try:
| Action | How |
|---|---|
| Add your first feature | Ask Claude: "Create a basic Express server in src/" |
| Run CI locally | npm test or your stack's test command |
| Create an issue | Try the bug report form — see how structured it is |
| Enable security features | Settings → Security → Enable secret scanning |
- Add your source code to
src/ - Write your first test in
tests/ - Push a commit and watch CI run
- Invite collaborators (they'll see CONTRIBUTING.md)
- Enable GitHub security features (see Security)
This template includes instruction files for multiple AI coding assistants:
| File | AI Tool | What It Contains |
|---|---|---|
CLAUDE.md |
Claude Code | Project context, commands, code style, structure |
.github/copilot-instructions.md |
GitHub Copilot | Code generation guidelines, security rules |
AGENTS.md |
Codex, Gemini, Cursor, others | Cross-agent compatibility layer |
Why this matters: AI agents perform significantly better when they understand your project's conventions, tech stack, and workflows upfront. Instead of re-explaining your preferences each session, the agent reads these files automatically.
Custom commands: The .claude/commands/ folder contains slash commands like /project:init-template. You can add your own for repetitive tasks.
The included workflow (.github/workflows/ci.yml) supports multiple languages. Uncomment the section for your stack:
| Stack | What It Runs |
|---|---|
| Node.js/TypeScript | npm ci, lint, test, build |
| Python | pip install, pytest, ruff |
| Go | go build, go test, go vet |
| Rust | cargo build, cargo test, cargo clippy |
The CI workflow follows GitHub's security best practices:
- Actions pinned to SHA — Prevents supply chain attacks from compromised tags
- Explicit permissions — Least-privilege access, not default write-all
- 30-minute timeout — Prevents runaway jobs from consuming resources
- Concurrency controls — Cancels outdated runs when new commits push
This template includes a structured issue tracking system with labels, templates, and automation.
| Template | Auto-Labels | Use For |
|---|---|---|
| Agent Task | owner:agent, task |
Work an AI agent can complete autonomously |
| Human Task | owner:human, task |
ENV vars, accounts, credentials, DNS, decisions |
| External Blocker | owner:external, status:blocked |
Waiting on a client, vendor, or third party |
| Bug Report | bug |
Something is broken |
| Feature Request | enhancement |
Suggest a new feature |
| Category | Labels | Purpose |
|---|---|---|
| Status | status:planning, in-progress, done, blocked |
Drives automation |
| Owner | owner:human, agent, external |
Who does the work |
| Priority | priority:high, medium, low |
Urgency |
| Type | bug, enhancement, task, roadmap, idea, etc. |
Classification |
Run scripts/labels.sh to create all labels. Idempotent — safe to run multiple times.
scripts/my-tasks.sh # Your tasks + blocked issues
scripts/my-tasks.sh agent # Agent-completable tasks
scripts/my-tasks.sh high # High priority only
scripts/close-issue.sh 23 "Done" # Close with status:done + commentThe sync-status.yml workflow auto-syncs status:* labels to a GitHub Projects v2 board (and optionally Notion). Run /project:init-template to configure, or fill in the placeholder IDs manually.
▶ Adding a New Language
- Uncomment the relevant section in
.github/workflows/ci.yml - Uncomment the ecosystem in
.github/dependabot.yml - Update
CLAUDE.mdwith your specific commands - Add language-specific config files (package.json, pyproject.toml, etc.)
▶ Setting Up Pre-commit Hooks
See CONTRIBUTING.md for instructions on setting up Husky and lint-staged.
▶ Enabling GitHub Security Features
In your repository Settings → Security:
- Enable Secret scanning — Detects API keys in commits
- Enable Push protection — Blocks pushes containing secrets
- Enable Dependabot alerts — Notifies of vulnerable dependencies
- Enable Code scanning — Finds vulnerabilities via CodeQL (public repos)
▶ Creating Custom Slash Commands
Add Markdown files to .claude/commands/:
# .claude/commands/my-command.md
Instructions for Claude when this command is invoked...Then use with /project:my-command in Claude Code.
▶ I don't use Node.js. Will this work for me?
Yes. The template is language-agnostic. The CI workflow has commented sections for Python, Go, and Rust. Uncomment the one you need, or add your own. The directory structure (src/, tests/, etc.) works for any language.
▶ Do I need to use Claude Code?
No. The template works with any workflow. The AI configuration files (CLAUDE.md, AGENTS.md, copilot-instructions.md) are just text files — they won't affect anything if you don't use AI tools. But if you do use them, your agents will be more effective.
▶ The CI workflow failed. What do I do?
Common causes:
- No package.json/requirements.txt — The workflow expects dependencies. Comment out the install step or add your dependency file.
- No test script — Add a test script or comment out the test step.
- Wrong language section — Make sure you uncommented the right section.
Check the Actions tab for specific error messages.
▶ How do I update after the template improves?
Repositories created from templates don't auto-update. To get improvements:
- Check the template repo for changes
- Manually copy relevant updates to your project
- Or use the template again for new projects
▶ I used "Use this template" but also have local customizations. What now?
If you created a repo via GitHub's template button but also have locally customized files (e.g., from a previous session), you have divergent git histories. Options:
-
Force push local work (recommended if local is more complete):
git push --force origin main
This replaces the template files with your customized version.
-
Discard local and customize template: Clone the GitHub repo and run
/project:init-templateto customize interactively.
To avoid this: Use Workflow B (Local-First) when you have pre-planned customizations, or use Workflow A (GitHub Template) and customize afterward — don't mix both.
▶ Can I add template standards to someone else's repo I forked?
Yes! See Workflow F. Add your AI configuration files (CLAUDE.md, etc.) and exclude them from git tracking using .git/info/exclude so they don't pollute PRs to the upstream project.
▶ AI Security
This template includes prompt injection defenses — a first for GitHub templates:
- CODEOWNERS protects AI config files (CLAUDE.md, AGENTS.md, .cursorrules, etc.) — changes require owner review
- PR body scanner (opt-in workflow) detects common injection patterns in issue/PR text
- Hook templates validate inputs before AI agents process them
- Documentation in docs/AI-SECURITY.md covers attack vectors and best practices
See docs/AI-SECURITY.md for the full threat model.
If you created your repo with this template, add this badge to your README:
[](https://github.com/vbonk/repo-template)
Contributions to improve this template are welcome! See CONTRIBUTING.md.
Ideas for contributions:
- Language-specific add-on configs
- Additional CI/CD patterns
- Improved documentation
- New custom slash commands
See SECURITY.md for:
- How to report vulnerabilities
- Security features included in this template
- Recommended GitHub security settings
MIT — Use freely, attribution appreciated.
This template incorporates best practices from:
- Anthropic's Claude Code documentation
- GitHub Actions security best practices
- Community feedback and real-world usage
Built for developers who'd rather write code than configure repos.