Requesting Access — runbook¶
Read in your language: English · Português · Español
Scope status (post-Scope-Freeze 2026-05-10) — See ARCHITECTURE.md for the canonical 37 MÓDULOs + 7 Test Kinds + DOM/CPOS/PIE-PA safety architecture. ADRs 0014, 0019-0025 cover post-Freeze additions.
Onboarding sequence: Access ← you are here → Clone → Install · alternate: Air-gap install · maintainer setup: Private Repo Setup This repository is private and licensed under PolyForm Noncommercial 1.0.0 + Appendix A. Access is restricted to Cisco employees and certified partners.
If you fit the audience policy, request access via the GitHub issue form below.
How to request access¶
- Navigate to the Issues tab → New Issue → choose 🔑 Request access to this repository
- Fill the form. Required fields:
- Affiliation email (must match a Cisco-controlled domain or your registered partner organization)
- Affiliation type (employee / certified partner / subsidiary / other)
- Partner ID (only if you selected "certified partner")
- Intended use case (a paragraph — what you'll do with the software)
- Your GitHub username
- Tick all five license-acknowledgement checkboxes
- Submit. An automated workflow validates your declared affiliation and posts a comment within ~30 seconds.
What happens next¶
| Step | Owner | SLA |
|---|---|---|
| 1. Automated affiliation check | GitHub Actions | ~30 seconds |
| 2. Maintainer review | Repository maintainer | 48 hours business |
3. Approval — maintainer comments /approve |
Maintainer | — |
4. Collaborator add — workflow grants pull permission |
GitHub Actions | ~5 seconds after /approve |
| 5. Invitation email | GitHub | immediate |
| 6. Acceptance — you click the invitation | You | — |
After acceptance you can git clone the repository normally with your existing GitHub credentials.
What you accept by requesting access¶
By submitting the request, you accept that:
- Use is restricted to Cisco employees and certified partners
- No commercial use is permitted
- No use in public or private RFP/tender against competing products is permitted
- Verbatim redistribution among authorized parties is permitted with the licensing notice intact
- The maintainer logs grants and revocations in
AUDIT_LOG.md - Access can be revoked at any time if the audience policy is violated
Read the full text in LICENSE, USAGE_POLICY.md, and the License Acceptance Modal flow that the dashboard surfaces on first login.
What gets logged¶
Per the privacy policy, the maintainer records, per access grant:
- Issue number
- GitHub username granted
- Affiliation declared (employee / partner / subsidiary)
- Email domain (not the full email)
- Maintainer who issued
/approve - ISO timestamp
This stays in the maintainer's audit trail (the closed-issue history is the public log; the dashboard's audit_license_acceptance table holds the structured entry once you accept the in-app modal at first login).
Denial¶
If your declared affiliation does not match Cisco-controlled domains or you cannot demonstrate partner certification, the maintainer issues /deny with a brief reason. The issue is closed and labeled denied. You may re-file with additional context.
Revocation¶
A maintainer can revoke access at any time using:
gh api -X DELETE repos/nollagluiz/AI_forSE/collaborators/{username}
Reasons for revocation include: - License violation (commercial use detected, RFP use detected) - End of employment / partner relationship at the declared organization - Inactivity beyond the maintainer's stale-access threshold (default: 365 days)
FAQ¶
Can I request access on behalf of a team? Each individual GitHub account needs its own access. File one issue per teammate. This keeps the audit trail clean.
My email is firstname.lastname@cisco.com but my GitHub email is personal — does that matter?
The affiliation email is what proves you are Cisco. Your GitHub username is what we add as a collaborator. Both can differ — that is normal. The maintainer cross-checks: GitHub-verified emails (visible to org admins via the API) should include at least one of your declared Cisco-controlled domains.
I'm a Cisco subsidiary employee (Meraki, Duo, ThousandEyes, Splunk, etc.) — am I eligible? Yes. Cisco-controlled domains are recognized in the auto-validator. If your subsidiary is not on the auto-list, declare it in the use-case field; the maintainer will add it manually.
Can a certified partner request access for non-Cisco-employee staff? Yes — that is the partner case. Provide your partner ID; the maintainer cross-checks against the Cisco partner database.
Maintainer commands (reference)¶
| Comment | Effect |
|---|---|
/approve |
Adds the requester as collaborator with pull permission, closes issue with approved label |
/deny <reason> |
Closes issue with denied label and reason |
Both commands are gated to maintainers (admin or maintain role) — running them as a non-maintainer fails the workflow.
Related¶
LICENSE— full text including Appendix AUSAGE_POLICY.md— audience and field-of-use restrictionsPRIVATE_REPO_SETUP.md— operational details (visibility, branch protection, Pages)AUDIT_LOG.md— what gets logged