complytime · sonupreetam · Feb 18, 2026 · Feb 26, 2026 · Feb 27, 2026 · hbraswelrh
diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
@@ -16,10 +16,14 @@ Please report unacceptable behavior to one of the Code of Conduct [Committee mem
 
 In addition to this repository, ComplyTime has several sub-projects:
 
-* **complyctl**: A command-line tool for interacting with ComplyTime services.
-* **complybeacon**: A service for continuous compliance monitoring.
-* **complyscribe**: A service for generating compliance documentation.
-* **cac-transpiler**: A tool for transpiling compliance-as-code artifacts.
+* **[complyctl](https://github.com/complytime/complyctl)**: A command-line tool for streamlining end-to-end compliance workflows on local systems.
+* **[complyscribe](https://github.com/complytime/complyscribe)**: A workflow automation tool for compliance content authoring.
+* **[complytime-collector-components](https://github.com/complytime/complytime-collector-components)** (ComplyBeacon): A policy-driven observability toolkit for compliance evidence collection, extending the OpenTelemetry standard.
+* **[complytime-policies](https://github.com/complytime/complytime-policies)**: Engineering policies expressed in [Gemara](https://github.com/ossf/gemara) for the ComplyTime project.
+* **[gemara-mcp-server](https://github.com/complytime/gemara-mcp-server)**: An MCP server for automating the authoring of GRC Risk Assessment documentation in Gemara.
+* **[website](https://github.com/complytime/website)**: The ComplyTime project website.
+
+For a complete list of all subprojects and their current status, see [SUBPROJECTS.md](./SUBPROJECTS.md).
 
 The following sections provide a general overview for contributing to any of the ComplyTime repositories.
 

diff --git a/SUBPROJECTS.md b/SUBPROJECTS.md
@@ -1,33 +1,154 @@
-# SubProjects: ComplyTime
+# ComplyTime Subprojects
 
-## `complyctl`
+This document outlines the subprojects under the ComplyTime umbrella, their status, and contribution guidelines. Each subproject has its own maintainers, roadmap, and contribution guidelines while adhering to the overall ComplyTime [governance](./GOVERNANCE.md) and [code of conduct](./CODE_OF_CONDUCT.md).
 
-A command-line tool for streamlining end-to-end compliance workflows on local systems.
+## Subproject Maturity Levels
 
-### In Scope Repositories
+| Status | Description |
+|--------|-------------|
+| **🟢 Active** | Production-ready, actively maintained with regular releases |
+| **🟡 Incubating** | Under active development, working toward stability |
+| **🔵 Supporting** | Foundational/utility project, stable but lower release cadence |
+| **⚪ Archived Or Empty** | Empty or no longer actively maintained, kept for historical reference |
 
-| Name                           | Function           |
-|--------------------------------|--------------------|
-| `complyctl`                    | The main CLI repo  |
-| `compliance-to-policy-plugins` | Plugins repository |
+## Current Subprojects
 
+### complyctl
 
-## `complyscribe`
+**Description**: A command-line tool for streamlining end-to-end compliance workflows on local systems.
 
-A workflow automation tool for compliance content authoring
+**Status**: 🟡 Incubating
+**Repository**: [complytime/complyctl](https://github.com/complytime/complyctl)
+**Language**: Go | **License**: Apache-2.0
 
-## In Scope Repositories
+---
 
-| Name           | Function      |
-|----------------|---------------|
-| `complyscribe` | The main repo |
+### complyscribe
 
-## `complybeacon`
+**Description**: A workflow automation tool for compliance content authoring.
 
-A policy-driven observability toolkit for compliance evidence collection
+**Status**: 🟡 Incubating
+**Repository**: [complytime/complyscribe](https://github.com/complytime/complyscribe)
+**Language**: Python | **License**: Apache-2.0
 
-## In Scope Repositories
+---
 
-| Name           | Function      |
-|----------------|---------------|
-| `complybeacon` | The main repo |
+### complytime-collector-components (ComplyBeacon)
+
+**Description**: A policy-driven observability toolkit for compliance evidence collection, extending the OpenTelemetry standard.
+
+**Status**: 🟡 Incubating
+**Repository**: [complytime/complytime-collector-components](https://github.com/complytime/complytime-collector-components)
+**Language**: Go | **License**: Apache-2.0
+
+---
+
+### complytime-collector-distro
+
+**Description**: Pre-built OpenTelemetry Collector distribution for ComplyBeacon releases.
+
+**Status**: ⚪ Empty
+**Repository**: [complytime/complytime-collector-distro](https://github.com/complytime/complytime-collector-distro)
+**License**: Apache-2.0
+
+---
+
+### org-infra
+
+**Description**: Reusable workflows, shared configurations, and templates for the ComplyTime organization.
+
+**Status**: 🟢 Active
+**Repository**: [complytime/org-infra](https://github.com/complytime/org-infra)
+**Language**: Python | **License**: Apache-2.0
+
+---
+
+### website
+
+**Description**: The ComplyTime project website.
+
+**Status**: 🟡 Incubating
+**Repository**: [complytime/website](https://github.com/complytime/website)
+
+---
+
+### .github
+
+**Description**: Organization management via [Peribolos](https://docs.prow.k8s.io/docs/components/cli-tools/peribolos/).
+
+**Status**: 🔵 Supporting
+**Repository**: [complytime/.github](https://github.com/complytime/.github)
+
+---
+
+### community
+
+**Description**: Community documentation including contributing guidelines, governance, and code of conduct.
+
+**Status**: 🔵 Supporting
+**Repository**: [complytime/community](https://github.com/complytime/community)
+**License**: Apache-2.0
+
+---
+
+### gemara-content-service
+
+**Description**: A content API service for [Gemara](https://github.com/ossf/gemara) — the GRC Engineering Model for Automated Risk Assessment. Naming not yet finalized.
+
+**Status**: 🟡 Incubating
+**Repository**: [complytime/gemara-content-service](https://github.com/complytime/gemara-content-service)
+**License**: Apache-2.0
+
+---
+
+### complytime-policies
+
+**Description**: Engineering policies expressed in [Gemara](https://github.com/ossf/gemara) for the ComplyTime project.
+
+**Status**: 🟡 Incubating
+**Repository**: [complytime/complytime-policies](https://github.com/complytime/complytime-policies)
+**License**: Apache-2.0
+
+### gemara-mcp-server
+
+**Description**: An MCP server for automating the authoring of GRC Risk Assessment documentation in [Gemara](https://github.com/ossf/gemara).
+
+**Status**: 🟡 Incubating
+**Repository**: [complytime/gemara-mcp-server](https://github.com/complytime/gemara-mcp-server)
+**Language**: Go | **License**: Apache-2.0
+
+---
+
+## Process for Adding New Subprojects
+
+1. **Open a Proposal Issue** in the [community repository](https://github.com/complytime/community/issues) with:
+   - Project name and description
+   - Problem statement and goals
+   - Proposed maintainers (minimum 2)
+   - Technical architecture overview
+   - Alignment with ComplyTime's mission
+
+2. **Community Review**: The proposal will be open for community discussion for at least 2 weeks.
+
+3. **TOC Approval**: The [Technical Oversight Committee](./GOVERNANCE.md) will vote on the proposal.
+
+## Subproject Requirements
+
+All subprojects must:
+
+- Follow the ComplyTime [Code of Conduct](./CODE_OF_CONDUCT.md)
+- Adhere to the [Contributing Guidelines](./CONTRIBUTING.md)
+- Have at least two maintainers
+- Maintain clear documentation
+- Follow ComplyTime's licensing guidelines (Apache-2.0 preferred)
+
+## Process for Archiving Subprojects
+
+Subprojects may be archived when:
+
+- No active maintainers remain after reasonable recruitment efforts
+- The project no longer aligns with ComplyTime's direction
+- The project has been superseded by another solution
+- A supermajority vote of the TOC approves archival
+
+Archived projects remain available for reference but no longer receive updates or support.