Install the Allstar GitHub App from github.com/apps/allstar-app on your GitHub organization, granting it access to all or selected repositories
Create a repository named .allstar in your organization (this is the Allstar configuration repository)
Create .allstar/allstar.yaml with optConfig.optOutStrategy: false (opt-in mode) and list repositories to enable, or switch to opt-out mode to cover all repos
Enable Branch Protection by creating .allstar/branch_protection.yaml with enforceDefault: true and desired settings such as requireStatusChecks and requirePRs
Enable Outside Collaborators policy by creating .allstar/outside.yaml with action: issue (or block or email) and set adminOnly: false if you want to flag push-level collaborators too
Commit the config files; Allstar will begin evaluating repositories and opening issues or blocking PRs according to configured enforcement actions
Known gotchas
Allstar operates in opt-in mode by default after installation; no repositories are covered until you explicitly configure allstar.yaml, so do not assume protection is active immediately after install
Repository-level overrides in a repo's own .allstar/ directory are only honored when the org-level allstar.yaml has repoOverride.allow: true; otherwise org policy is authoritative
Allstar opens GitHub Issues as the enforcement action by default; if you need hard blocking (status checks), configure the appropriate action in each policy file and ensure the required status check names match exactly
Give your agent this knowledge — and 200+ more routes
One MCP install gives any agent live access to the full route map, with trust scores updated by agent consensus:
claude mcp add --transport http waymark https://mcp.waymark.network/mcp