Overview

Manage repository configurations as versioned, shareable packages.

Typeflows brings Configuration-as-Code to repository management. Instead of copying and pasting YAML files, config snippets, and setup scripts between projects, Typeflows turns repository configurations into versioned, shareable packages with automated dependency management.

This includes .gitignore patterns, CODEOWNERS rules, LLM instructions (eg. AGENTS.md), .java-version files, gradle configurations, dependabot settings, security policies, and any other files that live in your repository. These become managed dependencies you can share, version, and auto-update across projects.

A Different Approach to Configuration

Traditional repository management means:

• Copy-paste duplication: Duplicating configurations across repositories
• Configuration drift: Different projects slowly becoming inconsistent
• Manual updates: Spending hours updating the same change across 50 repos
• No validation: Discovering config errors only when they break something
• Knowledge silos: Best practices trapped in individual projects

Typeflows takes a different approach: Configuration-as-Code with Package Management.

Every configuration file becomes:

• ✅ Type-safe with full IDE support and validation
• ✅ Testable before deployment
• ✅ Versioned using semantic versioning
• ✅ Shareable as binary dependencies
• ✅ Auto-updatable using standard package managers

How it Works

1. Write configurations programmatically in your preferred language with full IDE support
2. Package them as binary dependencies with proper versioning
3. Share across projects using standard package management (Maven, Gradle, npm)
4. Auto-update configurations when dependencies are updated
5. Export to files when needed for GitHub, CI/CD, or other tools

The result? Configuration changes propagate across your entire organisation automatically, with proper dependency resolution, breaking change detection, and rollback capabilities.

What You Can Manage

Typeflows handles a wide range of repository configurations:

GitHub Repository Management

Write your entire .github/ folder programmatically:

• CI/CD as Real Code: Write GitHub Action workflows using proper functions, loops, and conditionals
  • Event simulation testing catches errors before they break your deployment pipelines
  • Visual workflow diagrams generated automatically
  • No more “push and pray” debugging
• Security by Design: Enforce organisation-wide security policies programmatically
  • Detect and prevent PR workflow vulnerabilities before deployment
  • Allowlist trusted actions across all repositories
  • Audit trail for every configuration change
• True Reusability: Share workflows and actions as versioned packages
  • No more copy-paste between repos
  • Compose complex workflows from tested building blocks
  • Roll out updates organisation-wide in minutes
• Governance at Scale: Consistent templates and policies across hundreds of repos
  • Issue & PR templates that evolve with your process
  • Dependabot configs that stay in sync
  • CODEOWNERS that update automatically

Your .github/ folder becomes versioned infrastructure that’s tested and shared like your application code.

Development Environment Configurations

Manage scattered config files as organised, shareable standards:

• Smart .gitignore Management: Compose ignore patterns from focused packages
  • java-standard + intellij-ide + macos-system + your-custom-rules
  • Never accidentally commit sensitive files again
  • Updates propagate when tools change their cache locations
• Automated Code Ownership: CODEOWNERS rules that adapt to your team structure
  • Define ownership by expertise, not just file paths
  • Automatically update when teams reorganise
  • Ensure the right reviewers every time
• Consistent Runtime Versions: Manage .java-version, .nvmrc, .python-version centrally
  • Coordinate version upgrades across all projects
  • Prevent “works on my machine” issues
  • Track which projects use which versions
• Build Configuration Standards: Share Gradle, Maven, npm configs as packages
  • Inherit company defaults while allowing project customisation
  • Security scanning and compliance built-in
  • Performance optimisations shared across teams

Every developer gets consistent environment setup automatically, updated continuously, with minimal manual configuration.

AI Assistant Configuration

Manage AI instructions as composable, versioned packages that teams can mix and match:

• Universal Support: Works with Claude Code (CLAUDE.md/.claude), Cursor (.cursor/rules), GitHub Copilot, Junie, AGENTS.md, and any text-based AI configuration
• Modular Instructions: Separate concerns into focused packages:
  • Language-specific best practices (Kotlin idioms, Python conventions)
  • Architectural patterns (Hexagonal, Clean Architecture, DDD)
  • Development methodologies (TDD, BDD, trunk-based development)
  • Security & compliance rules (OWASP guidelines, data handling)
• Powerful Composition: Mix and match instruction packages like LEGO blocks:
  • kotlin-best-practices + hexagonal-architecture + tdd-methodology
  • Teams inherit organisational standards while adding project-specific rules
• Version-Controlled Evolution: AI instructions improve over time through proper versioning
  • Roll out new best practices organisation-wide
  • Track changes and rollback if needed
  • A/B test different instruction sets across teams

Your AI assistant instructions become documentation that evolves with your codebase, shared across teams, and composed from tested building blocks.

Enterprise-Grade Package Management

Configuration management with the same rigor as your production code:

• Semantic Versioning: Every change tracked, documented, and reversible
  • Major versions for breaking changes
  • Minor versions for new features
  • Patch versions for fixes
• Controlled Rollouts: Deploy configuration changes with confidence
  • Test changes on pilot projects first
  • Gradual rollout with automatic rollback
  • Full audit trail for compliance
• Automated Updates: Keep hundreds of repos in sync automatically
  • Security patches propagate immediately
  • Best practices spread organically
  • Technical debt reduced continuously

Configuration management becomes as mature and reliable as your software delivery pipeline.

Key Benefits

Catch Configuration Errors Early: Type safety and testing help catch issues in development, not production.

Faster Updates: Roll out changes across multiple repos more efficiently than manual updates.

Reduce Configuration Drift: Keep repos consistent with shared configuration packages.

Streamlined Onboarding: New developers get consistent environment setup through shared configurations.

Improved Security Management: Manage security policies as versioned, testable packages.

Self-Updating Documentation: Configurations serve as documentation that evolves with your code.

Knowledge Sharing: Best practices spread through shared packages rather than being trapped in individual projects.

Configuration management becomes as reliable, testable, and maintainable as your application code.

Example

A GitHub repository configuration for a JVM service, composed from packages released by different teams:

class JvmProjectRepo : Builder<TypeflowsGitHubRepo> {
	override fun build() = TypeflowsGitHubRepo {

		dotGithub = DotGitHub {
			copilotInstructions = CopilotInstructions {
				content += markdown("kotlin.md") + markdown("hexagonal.md") + markdown("tdd.md")
			}

			codeOwners = CodeOwners {
				owners += mapOf(".github/workflows" to "@workflow-team")
			}

			dependabot = Dependabot {
				updates += Update(Gradle) {
					schedule = DepdendabotSchedule(Weekly) {
					    day = MONDAY
					    time = LocalTime.of(12, 0)
					}
				}
			}

			workflows += Workflow("build") {
				displayName = "Build and Test"
				jobs += Build("./gradlew check")
			}

			workflows += Deploy("my-app")
		}

		gitIgnore = GitIgnore {
			sections += Section("Gradle") {
				entries += listOf(
					Ignore.of("**/build/"),
					Ignore.of("**/.gradle/")
				)
			}
			sections += IntelliGitIgnore()
		}

		license = CompanyLicense()
		security = StandardSecurity()
		contributing = CompanyContributing()
	}
}

This repository configuration is composed from multiple team packages:

• DevOps Team: jvm-workflows package with GitHub workflows for building, testing, and deploying JVM apps
• Security Team: security-standards package with policies, action allow-lists, and Dependabot configuration
• Developer Experience Team: copilot-instructions package with AI assistant configurations for Kotlin best practices
• Architecture Team: copilot-instructions package with AI assistant configurations for TDD and Hexagonal Architecture
• Engineering Management: code-ownership package with standardised CODEOWNERS patterns
• Legal Team: company-files package with LICENSE, SECURITY, and CONTRIBUTING.md templates
• Platform Team: jvm-conventions package with .gitignore patterns and environment files

Each team owns, tests, and releases their domain expertise as separate versioned packages. Users compose these together to build their complete repository setup, while retaining the ability to override or customise any part for project-specific needs.

For example, a team might use the standard DevOps workflows but override the deployment configuration for their specific environment, or adopt the Security team’s Dependabot settings but adjust the update schedule for their release cycle.

When any team updates their package (e.g., Security publishes security-standards v2.1.0), projects can adopt the update through standard dependency management, with proper testing and approval workflows.