feat: divine fork scaffolding (CI, ownership, docs)

.github/CODEOWNERS

@@ -1,8 +1,8 @@
 # CODEOWNERS file for managing repository permissions
 # Format: path-pattern @username @org/team-name
 
-# Maintainers: Default owners for all files
-* @juanmrad @vinaysrao1 @pawiecz @cassidyjames @julietshen @dom-notion
+# Divine maintainers
+* @mbradley @notthatkindofdrliz
 
-# Docs contributors
-docs/ @roostorg/roosters
+# Upstream ROOST maintainers (for upstream sync PRs)
+# * @juanmrad @vinaysrao1 @pawiecz @cassidyjames @julietshen @dom-notion

.github/pull_request_template.md

@@ -14,3 +14,7 @@ Are there any special things that have to be done before this can be deployed
 to prod (e.g., other blocking PRs; manual load testing/validation that needs to
 be done on staging; etc.)? If so, please note them here.
  -->
+
+## Public Artifact Review
+
+- [ ] Titles, descriptions, branch names, screenshots, and linked artifacts avoid partner, customer, brand, campaign, or other sensitive external names unless explicitly approved

.github/workflows/build-and-push.yaml

@@ -0,0 +1,66 @@
+name: Build and Push Docker Images
+
+on:
+  push:
+    branches:
+      - main
+      - 'divine/*'
+    tags:
+      - 'v*'
+
+env:
+  REGISTRY: ghcr.io
+  ORG: divinevideo
+
+jobs:
+  build-and-push:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      packages: write
+
+    strategy:
+      matrix:
+        include:
+          - image: coop-server
+            context: .
+            dockerfile: Dockerfile
+            target: build_server
+          - image: coop-worker
+            context: .
+            dockerfile: Dockerfile
+            target: build_worker_runner
+          - image: coop-client
+            context: ./client
+            dockerfile: client/Dockerfile
+
+    steps:
+      - uses: actions/checkout@v4
+
+      - uses: docker/login-action@v3
+        with:
+          registry: ${{ env.REGISTRY }}
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - uses: docker/metadata-action@v5
+        id: meta
+        with:
+          images: ${{ env.REGISTRY }}/${{ env.ORG }}/${{ matrix.image }}
+          tags: |
+            type=ref,event=branch
+            type=sha,prefix=
+            type=raw,value=latest,enable=${{ github.ref == 'refs/heads/main' }}
+
+      - uses: docker/setup-buildx-action@v3
+
+      - uses: docker/build-push-action@v5
+        with:
+          context: ${{ matrix.context }}
+          file: ${{ matrix.dockerfile }}
+          target: ${{ matrix.target || '' }}
+          push: true
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}
+          cache-from: type=gha
+          cache-to: type=gha,mode=max

.github/workflows/semantic_pr.yml

@@ -0,0 +1,12 @@
+name: Semantic PR
+
+on:
+  pull_request_target:
+    types: [opened, edited, synchronize, reopened]
+
+permissions:
+  pull-requests: read
+
+jobs:
+  semantic-pull-request:
+    uses: VeryGoodOpenSource/very_good_workflows/.github/workflows/semantic_pull_request.yml@v1

CLAUDE.md

@@ -0,0 +1,50 @@
+# COOP (Content Operations & Oversight Platform)
+
+Divine's moderation review surface. Fork of [roostorg/coop](https://github.com/roostorg/coop).
+
+## Cross-Repo Coordination
+
+This repo is **Layer 4** (human review surface) in the moderation pipeline. Read the coordination doc at session start:
+`~/code/support-trust-safety/docs/moderation/auto-hide-evolution-plan.md`
+
+When you make decisions or discover constraints that affect other layers, update that doc and flag it for the user.
+
+## Architecture
+
+COOP receives flagged content from Osprey (rules engine) via REST API submission. Human moderators review items in the Manual Review Tool (MRT), then take actions (Ban User, Delete Content, Hide Content, Age Restrict) that fire webhooks to the relay-manager adapter.
+
+```
+Osprey verdict (flag_for_review) → COOP REST API → MRT queue
+Moderator decision → COOP webhook → adapter → relay-manager RPC
+```
+
+## Divine Integration Points
+
+- **Item Type:** "User Report" with fields for report metadata + media (VIDEO/IMAGE)
+- **Actions:** CUSTOM_ACTION webhooks to adapter service
+- **Adapter:** `support-trust-safety/scripts/coop-webhook-adapter.mjs` translates webhooks to relay-manager RPC
+- **Bridge import:** `support-trust-safety/scripts/coop-bridge-import.sh` pulls Kind 1984 reports from staging relay
+
+## Deployment
+
+Images build via GitHub Actions to `ghcr.io/divinevideo/coop-server`, `coop-worker`, `coop-client`.
+K8s manifests live in `divine-iac-coreconfig/k8s/applications/coop/`.
+
+## Staging Dependencies
+
+- **PostgreSQL:** shared CNPG cluster in `postgres-clusters` namespace
+- **Redis:** shared sentinel cluster in `redis-clusters` namespace
+- **ClickHouse:** ClickHouse operator available; needs a ClickHouseInstallation CR
+- **ScyllaDB:** not available on cluster; env vars stubbed with dummy values (MRT workflow does not require Scylla on the critical path)
+
+## Local Dev
+
+```bash
+docker compose up -d postgres redis clickhouse scylla
+docker compose run migrations
+# Then run server and client separately or via docker compose
+```
+
+## Upstream Sync
+
+Pull from `upstream` (roostorg/coop), push divine-specific changes to `origin` (divinevideo/coop).