Add CODEOWNERS defaults and governance guidance

[BreakableHoodie]

Summary

• keep the documentation refresh from PR docs/community doc refresh #2 in this branch so every handbook file matches what is already on main
• add a default reviewer list (GitHub's CODEOWNERS file) so organizers automatically review any repository that does not have its own maintainer list yet
• describe which project teams look after each repository today, who still needs a team, and the risks of leaving repos without active reviewers
• lay the groundwork for org-wide branch protection rules by explaining, in plain steps, how reviews and required checks will work

Testing

• not applicable (documentation-only)

Supersedes

• closes docs/community doc refresh #2

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[BreakableHoodie]

Thanks for the flag! GitHub does let us use a CODEOWNERS file in the .github repository as the fallback for repos without their own file. The docs call this out in the "Code owners and organization repositories" section: https://docs.github.com/en/repositories/managing-your-repositorys-settings-and-features/customizing-your-repository/about-code-owners#codeowners-and-organization-repositories. We verified that behaviour before drafting this guidance, so the default file here will apply org-wide unless a repo overrides it locally.

[Copilot]

Pull request overview

Adds organization-level reviewer defaults and governance documentation, while continuing the org-wide documentation/template refresh referenced in PR #2.

Changes:

• Introduces a default CODEOWNERS file to route reviews to organizers by default.
• Adds governance documentation describing CODEOWNERS usage and recommended branch protection defaults.
• Updates community health docs and GitHub templates to align language around CivicTechWR values and security processes.

Reviewed changes

Copilot reviewed 16 out of 16 changed files in this pull request and generated 7 comments.

Show a summary per file

File	Description
profile/README.md	Updates the org profile landing content and links.
docs/governance/codeowners-branch-protection.md	Adds guidance for CODEOWNERS strategy and branch protection defaults.
docs/gitleaks-response.md	Adds a maintainer runbook for responding to Gitleaks findings.
SECURITY.md	Updates security reporting instructions and best-practice guidance.
README.md	Refreshes repo overview and contact link formatting.
PULL_REQUEST_TEMPLATE.md	Replaces DVF framing with CivicTechWR values alignment prompts.
ISSUE_TEMPLATE/user_research.yml	Updates issue form language/fields to reflect CivicTechWR values.
ISSUE_TEMPLATE/quick_task.yml	Replaces DVF impact dropdown with an “Impact Focus” dropdown.
ISSUE_TEMPLATE/general_task.yml	Updates task template prompts to CivicTechWR values alignment.
ISSUE_TEMPLATE/feature_request.yml	Updates feature request prompts to CivicTechWR values alignment.
ISSUE_TEMPLATE/community_partnership.yml	Updates partnership template to CivicTechWR values alignment prompts.
ISSUE_TEMPLATE/bug_report.yml	Updates bug report prompts to reference community values instead of DVF.
ISSUE_TEMPLATE/accessibility_issue.yml	Updates accessibility issue prompts to reference community values instead of DVF.
CONTRIBUTING.md	Rewrites contributing guidance for org-wide, volunteer-friendly workflow.
CODE_OF_CONDUCT.md	Updates reporting contacts/resources and removes placeholders.
CODEOWNERS	Adds default owners (organizers) for repo content.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

This guide recommends adding patterns to gitleaks.toml, but this repository currently doesn't include a gitleaks.toml file and the Gitleaks workflow doesn't reference one. Either add the config file + wire it into the workflow, or update this guidance to match the current setup.

Suggested change

	- Add new patterns to the `gitleaks.toml` allowlist only after validating they are false positives.
	- Update the Gitleaks configuration in `.github/workflows/reusable-gitleaks.yml` (or a `gitleaks.toml` config file, if used) to add new allowlist patterns, and only after validating they are false positives.

[Copilot]

The referenced workflow file .github/workflows/reusable-gitleaks.yml does not exist in this repo (the workflow is .github/workflows/gitleaks.yml). Update the reference so maintainers can find the correct workflow quickly.

Suggested change

	- Repository workflow: `.github/workflows/reusable-gitleaks.yml`
	- Repository workflow: `.github/workflows/gitleaks.yml`

[Copilot]

This repository now includes a CODEOWNERS file, but it's not listed under "Community Health Files" here. Consider adding it to the Contents list so maintainers understand it is part of the org defaults/governance tooling.

Suggested change

	- **PULL_REQUEST_TEMPLATE.md** - Pull request template
	- **PULL_REQUEST_TEMPLATE.md** - Pull request template
	- **CODEOWNERS** - Default repository ownership and review responsibilities

[Copilot]

Minor grammar: "Please standby" is typically written as "Please stand by" in this context.

Suggested change

	Please standby—CTWR is coming back to life and taking over.
	Please stand by—CTWR is coming back to life and taking over.

[Copilot]

Line contains a stray control character in "project�s" (shows up as � or a broken apostrophe) which can render incorrectly in Markdown and makes copy/paste unreliable. Replace it with a normal apostrophe: "project's".

Suggested change

	4. **Status checks:** enable the projects primary CI build (e.g., `lint`, `test`, `deploy-preview`). Start with the checks that already exist; new projects should add them before their first release.
	4. **Status checks:** enable the project's primary CI build (e.g., `lint`, `test`, `deploy-preview`). Start with the checks that already exist; new projects should add them before their first release.

[Copilot]

This section instructs readers to create .github/CODEOWNERS, but this PR adds a CODEOWNERS file at the repository root. Please align the documentation and the actual file location (either update the text here, or move the file to .github/CODEOWNERS).

Suggested change

	Create `.github/CODEOWNERS` (this repository) so GitHub applies it to every CivicTechWR repo that does not define its own CODEOWNERS file.
	Create a repository-root `CODEOWNERS` file (this repository) so GitHub applies it to every CivicTechWR repo that does not define its own CODEOWNERS file.

[Copilot]

The guidance about CODEOWNERS ordering is internally inconsistent with the example above: it says evaluation is "top to bottom" and to "place broader matches last", but the sample puts the broad * entry first so more specific patterns can override it. Please clarify the precedence rules and adjust the sentence accordingly (and also capitalize "GitHub").

Suggested change

	- Github evaluates CODEOWNERS top to bottom; place broader matches last.
	- GitHub evaluates CODEOWNERS patterns from top to bottom and uses the last matching pattern. In the examples above, the broad `*` entry appears first so that later, more specific patterns can override it.

[BreakableHoodie]

@copilot open a new pull request to apply changes based on the comments in this thread

[Copilot]

@BreakableHoodie I've opened a new pull request, #5, to work on those changes. Once the pull request is ready, I'll request review from you.

[BreakableHoodie]

Consolidating into #6