New section for org-level Claude Code governance — fills the gap
between individual dev security (security-hardening.md) and what
engineering managers actually need when deploying at scale.
New files:
- guide/security/enterprise-governance.md (1117 lines)
6 sections: local/shared split, usage charter, MCP approval
workflow, 4 guardrail tiers (Starter/Standard/Strict/Regulated),
policy enforcement at scale, SOC2/ISO27001 compliance guide
- examples/scripts/mcp-registry-template.yaml
Org-level MCP registry with approved/pending/denied tracking
- examples/hooks/bash/governance-enforcement-hook.sh
SessionStart hook validating MCPs against approved registry
- examples/scripts/ai-usage-charter-template.md
Full charter template with data classification, use case rules,
compliance mapping (SOC2/ISO27001/HIPAA/PCI DSS/GDPR)
Enriched sections:
- adoption-approaches.md: enterprise rollout (50+ devs) with
3-phase approach and common mistakes
- observability.md: manager audit checklist, compliance reporting
- ai-traceability.md: evidence collection table for auditors
- production-safety.md + security-hardening.md: cross-references
with explicit scope boundaries
Integration: guide/README.md, reference.yaml (22 new entries),
CHANGELOG.md
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
77b48db01b