diff --git a/.github/ISSUE_TEMPLATE/team-validation.yml b/.github/ISSUE_TEMPLATE/team-validation.yml index 9400ed7..6f1e777 100644 --- a/.github/ISSUE_TEMPLATE/team-validation.yml +++ b/.github/ISSUE_TEMPLATE/team-validation.yml @@ -90,10 +90,10 @@ body: validations: required: true - type: textarea - id: paid-layer-signal + id: team-workflow-gap attributes: - label: Paid-layer signal - description: What would make a paid team layer worth validating before any SaaS is built? + label: Team workflow gap + description: What team-level capability would help most that the single-repo Action doesn't cover today? placeholder: "Example: org-wide baseline files, cross-repo reporting, severity policy, audit exports, team exceptions, Slack summary." validations: required: true diff --git a/docs/TEAM_PILOT.md b/docs/TEAM_PILOT.md index 10beee7..4395b51 100644 --- a/docs/TEAM_PILOT.md +++ b/docs/TEAM_PILOT.md @@ -1,6 +1,6 @@ # PolicyMesh Team Pilot -Use this when a team wants to validate whether the free GitHub Action is enough before any paid team layer or hosted SaaS work is built. +Use this when a team wants to try PolicyMesh across multiple repositories and report back on whether the Action covers the team's real workflow needs. ## Pilot Setup @@ -38,18 +38,16 @@ For each repository, record: - Whether each warning is actionable, noisy, or missing important context. - Whether advisory mode is enough or a stricter `fail-on` threshold would be used after tuning. -## Paid-Layer Signals +## Team Workflow Gaps Worth Reporting -Do not treat a single warning as paid-layer validation. Paid-layer work needs repeated team needs that the free Action and repo-local workflow config cannot solve. - -Useful validation signals include: +Single warnings rarely tell the whole story. The shape of team feedback most worth surfacing: - shared baselines or defaults that multiple repositories should inherit; - central severity policy that cannot be managed in each repo workflow; - exception ownership, expiry, approval, or review history; -- cross-repo reports, audit exports, or dashboard/API needs; +- cross-repo reports or audit exports; - a blocker that prevents trying PolicyMesh in pull requests even with `fail-on: none`. ## Report Back -Open a [team validation signal](https://github.com/Conalh/PolicyMesh/issues/new?template=team-validation.yml) with the repository count, active surfaces, finding patterns, and any paid-layer need. The paid-layer tracker remains [issue #5](https://github.com/Conalh/PolicyMesh/issues/5). +Open a [team feedback form](https://github.com/Conalh/PolicyMesh/issues/new?template=team-validation.yml) with the repository count, active surfaces, finding patterns, and any team-workflow gap. diff --git a/test/workflow.test.mjs b/test/workflow.test.mjs index 76ca6fc..f420684 100644 --- a/test/workflow.test.mjs +++ b/test/workflow.test.mjs @@ -108,7 +108,7 @@ test('issue templates collect detector and team validation feedback', async () = assert.match(teamValidation, /Exception workflow need/); assert.match(teamValidation, /Reporting or export need/); assert.match(teamValidation, /Team workflow/); - assert.match(teamValidation, /Paid-layer signal/); + assert.match(teamValidation, /Team workflow gap/); assert.match(teamPilot, /Conalh\/PolicyMesh@v0\.1\.18/); assert.match(teamPilot, /Run across at least two repositories/); assert.match(teamPilot, /Finding counts by severity/);