Thank you for your interest in improving this blueprint. Contributions that make the repo more useful for practitioners are welcome.
- Adaptation reports: If you've applied this blueprint in your environment, open an issue using the adaptation report template. Real-world feedback is the most valuable contribution.
- New tool contracts: Schemas for tools not yet covered (monitoring, CI/CD, IAM, database, cloud infrastructure).
- Policy extensions: Additional Rego rules for scenarios not covered — e.g., security-sensitive changes, compliance holds, maintenance windows.
- Bug fixes: Typos, broken links, schema validation errors, inconsistencies between artefacts.
- Documentation improvements: Clearer explanations, better examples, translations.
- Fork the repository.
- Create a branch for your change:
git checkout -b add-iam-tool-contract. - Make your changes.
- Validate your changes locally:
- JSON files:
python3 -c "import json; json.load(open('your-file.json'))" - YAML files:
python3 -c "import yaml; yaml.safe_load(open('your-file.yaml'))" - Rego files:
opa check policies/your-file.rego
- JSON files:
- Commit with a clear message:
git commit -m "Add IAM role change tool contract". - Push and open a pull request.
- Tool contracts go in
schemas/and follow the naming patterntool-{action}.json. - Policy modules go in
policies/and use the package prefixitsm.guardrails.{module_name}. - Test incidents go in
examples/test-incidents/and should include enough context for policy evaluation. - British English for documentation (organisation, behaviour, colour).
- JSON files should be formatted with 2-space indentation.
- Vendor-specific marketing content.
- Changes that break existing JSON/YAML/Rego validation.
- Policy changes that weaken governance without clear justification.
Be professional, be constructive, be kind. This is a practitioner community.