Orchestration: CI, tests, security, and governance improvements

[Ladas]

Current maturity score: 1/5

This repository has no .github/ directory, no CI, no tests (despite having pytest declared as a dev dependency), and no pre-commit config. Greenfield opportunity to establish patterns correctly from the start.

Top 5 gaps

1. No CI pipeline — No .github/ directory exists. No workflows for lint, test, build, or security.
2. Zero tests — pytest and pytest-mock are declared as dev dependencies, but there are 0 test files. Six modules with ~770 lines of logic are completely untested.
3. No pre-commit config — No .pre-commit-config.yaml. Dev dependencies include black and mypy but neither is configured to run on commit.
4. No security scanning — 0/4 applicable tools. The repo handles A2A protocol messages and OTEL telemetry data. Dependency updates needed for several packages.
5. No governance — No CODEOWNERS, SECURITY.md, or CONTRIBUTING.md. No root-level .gitignore.

Recommended phase order

1. orchestrate:precommit — Add .pre-commit-config.yaml with ruff, mypy, gitleaks
2. orchestrate:tests — Create tests/ directory with unit tests for all 6 modules; add pytest-cov
3. orchestrate:ci — Create lint, test, security scanning, dependabot, scorecard workflows
4. orchestrate:security — CODEOWNERS, SECURITY.md, CONTRIBUTING.md, root .gitignore
5. orchestrate:replicate — CLAUDE.md, .claude/settings.json, skills

Context

• Scan report generated by orchestrate:scan skill
• Umbrella issue: Org-wide orchestration: CI, tests, security, and governance across all repos kagenti#841
• Scan skill PR: Add orchestrate and onboard skill families with comprehensive CI blueprint kagenti#691