All Reports
GitHub CLI
Go
cli/cli
Pass Rate
48%
GitHub official command line tool
L1100%
L2100%
L340%
L40%
L50%
Strong Testing
GitHub CLI reaches Level 3 with 63% Testing pass rate. Currently becoming autonomous-capable with 31/64 criteria passing (48%). Key areas for improvement include the opportunities listed below.
Strengths
01
Dead Code Detection
'unused' linter enabled in .golangci.yml detects unused constants, variables, functions, and types
02
Formatter
gofmt enabled in .golangci.yml formatters section
03
Lint Config
.golangci.yml configured with multiple linters (govet, ineffassign, unused, gocritic, etc.)
Opportunities
01
Cyclomatic Complexity
No complexity analyzers (gocyclo, go-critic complexity rules) detected in linter configuration
02
Duplicate Code Detection
No duplicate code detection tools (jscpd, dupl for Go) configured in CI or pre-commit
03
Large File Detection
No Git LFS in .gitattributes, no file size hooks or CI checks detected for large file prevention
All Criteria
Style & Validation5/11 (45%)
—code_modularizationNo module boundary enforcement detected; not critical for CLI tool architecture
✗cyclomatic_complexityNo complexity analyzers (gocyclo, go-critic complexity rules) detected in linter configuration
✓dead_code_detection'unused' linter enabled in .golangci.yml detects unused constants, variables, functions, and types
✗duplicate_code_detectionNo duplicate code detection tools (jscpd, dupl for Go) configured in CI or pre-commit
✓formattergofmt enabled in .golangci.yml formatters section
✗large_file_detectionNo Git LFS in .gitattributes, no file size hooks or CI checks detected for large file prevention
✓lint_config.golangci.yml configured with multiple linters (govet, ineffassign, unused, gocritic, etc.)
—n_plus_one_detectionCLI tool without database/ORM usage; N+1 query detection not applicable
✗naming_consistencyNo naming convention enforcement in linter config; no golint or revive naming rules enabled
✗pre_commit_hooksNo pre-commit hooks (husky, .pre-commit-config.yaml) detected in repository
✓strict_typingGo enforces strict static typing by design; no optional type annotations
✗tech_debt_trackingTODO/FIXME comments exist but no automated scanner or enforcement (e.g., linter rules, CI jobs) to track them
✓type_checkGo is statically typed by default; go.mod requires go >= 1.25.0
Build System8/13 (62%)
✗agentic_developmentNo agent co-authorship in recent git log; no factory-droid[bot] or similar agent identifiers found
✗automated_pr_reviewNo automation generating review comments on PRs; only status checks run but no review content generation detected
✓build_cmd_docBuild commands documented in Makefile and CONTRIBUTING.md: 'make' for Unix, 'go run script/build.go' for Windows
✗build_performance_trackingNo build caching configuration (turbo, nx) or build metrics tracking detected in workflows
—dead_feature_flag_detectionPrerequisite failed: no feature flag infrastructure exists
✓deployment_frequencyReleases every 1-2 weeks: v2.85.0 (Jan 14), v2.83.2 (Dec 10), v2.83.1 (Nov 13) - multiple deploys per week average
✓deps_pinnedgo.sum exists with pinned dependency versions for reproducible builds
✗fast_ci_feedbackLatest CI run took ~11 minutes (00:47:53Z to 00:59:04Z), exceeding the 10-minute threshold
✗feature_flag_infrastructureNo feature flag system (LaunchDarkly, Statsig, Unleash) detected in dependencies or configuration
—heavy_dependency_detectionNot a bundled web application; bundle size analysis not applicable to CLI binary
—monorepo_toolingSingle-application repository; monorepo tooling not needed
—progressive_rolloutCLI tool distributed via package managers; progressive rollout not applicable to this distribution model
✓release_automationdeployment.yml workflow fully automates releases with GoReleaser, attestation generation, and artifact publishing
✓release_notes_automationGoReleaser configured in deployment.yml workflow automates release creation and changelog generation
—rollback_automationCLI tool without infrastructure deployment; rollback automation not applicable
✓single_command_setupCONTRIBUTING.md documents single command setup: 'make' (Unix) or 'go run script/build.go' (Windows)
✓unused_dependencies_detection'go mod tidy' verification in lint.yml workflow ensures no unused dependencies in go.mod
✓vcs_cli_toolsgh CLI installed and authenticated (verified with 'gh auth status')
—version_drift_detectionSingle-application repository; version drift detection not applicable
Testing5/8 (63%)
✗flaky_test_detectionNo test retry configuration (pytest-rerunfailures equivalent) or flaky test tracking tools detected
✓integration_tests_existacceptance/ directory with acceptance_test.go and integration tests with -tags=integration in CI
✗test_coverage_thresholdsNo coverage thresholds enforced; no --cov-fail-under or Codecov/Coveralls PR blocking detected
✓test_isolationTests run with -race flag in go.yml workflow, enabling parallel execution and race detection
✓test_naming_conventionsGo enforces *_test.go naming convention by design; all test files follow this pattern
✗test_performance_trackingNo test timing output (--verbose, --durations) or test analytics platform integration detected
✓unit_tests_exist300+ *_test.go files present throughout pkg/, internal/, and api/ directories
✓unit_tests_runnableTests runnable via 'go test ./...' documented in CONTRIBUTING.md; tests discoverable with -run=^$
Documentation3/7 (43%)
✗agents_mdNo AGENTS.md file exists at repository root to document setup for autonomous agents
✗agents_md_validationPrerequisite failed: AGENTS.md does not exist
—api_schema_docsCLI tool without HTTP API endpoints; OpenAPI/Swagger schema not applicable
✓automated_doc_generationcmd/gen-docs tool automatically generates manual pages from source code
✓documentation_freshnessREADME.md and docs/ directory updated within last 180 days (verified with git log)
✓readmeREADME.md exists with comprehensive installation, usage, and contribution instructions
✗service_flow_documentedNo architecture diagrams (.mermaid, .puml) or service dependency documentation found in docs/
✗skillsNo skills directories (.factory/skills/, .skills/, .claude/skills/) found in repository
Dev Environment1/2 (50%)
—database_schemaCLI tool without database usage; schema definition files not applicable
✓devcontainer.devcontainer/devcontainer.json configured with Go 1.25 image and golang.go extension
—devcontainer_runnabledevcontainer CLI not installed to verify container builds successfully
✗env_templateNo .env.example file exists and environment variables not documented in README or docs
—local_services_setupCLI tool without external service dependencies (Postgres, Redis, etc.); local services not needed
Debugging & Observability2/9 (22%)
✗alerting_configuredNo alerting systems (PagerDuty, OpsGenie) detected; CLI tool without production alerting
—circuit_breakersNo external service dependencies requiring circuit breaker pattern for CLI tool
—code_quality_metricsRequires GitHub admin API access to verify code quality metrics (skipped).
✗deployment_observabilityNo monitoring dashboard references (Datadog, Grafana links) in docs or code comments
✓distributed_tracinggithub.com/opentracing/opentracing-go v1.2.0 present in go.mod for trace propagation
✗error_tracking_contextualizedNo error tracking services (Sentry, Bugsnag, Rollbar) configured in dependencies
—health_checksCLI tool not deployed as a service; health check endpoints not applicable
✗metrics_collectionNo metrics instrumentation (Datadog, Prometheus, CloudWatch) detected in dependencies or code
✗profiling_instrumentationNo continuous profiling (Pyroscope, Parca) or APM profiling configured
✗runbooks_documentedNo runbooks directory or external runbook references found in README, AGENTS.md, or docs/
✓structured_logginggithub.com/sirupsen/logrus v1.9.3 present in go.mod dependencies
Security5/8 (63%)
✓automated_security_reviewCodeQL workflow generates security analysis reports with SARIF output filtered for third-party code
✓branch_protectionActive ruleset 'Copilot Code Review' detected via API enforcing branch protection rules
✓codeowners.github/CODEOWNERS exists with team assignments (@cli/code-reviewers, @cli/codespaces, @cli/package-security)
—dast_scanningCLI tool without web endpoints; DAST scanning not applicable
✓dependency_update_automationDependabot configured in .github/dependabot.yml for daily updates of go modules and GitHub Actions
✓gitignore_comprehensive.gitignore excludes .envrc, vendor/, dist/, .vscode, .idea, .DS_Store, and build artifacts
✗log_scrubbingNo log sanitization mechanisms (redact, mask patterns) detected in logging configuration
—pii_handlingCLI tool without personal data processing; PII handling tooling not applicable
—privacy_complianceCLI tool without end-user data collection; privacy compliance infrastructure not applicable
—secret_scanningRequires GitHub admin API access to verify secret scanning configuration (skipped).
✗secrets_managementNo cloud secrets manager integration detected; no .env.example template for secrets documentation
Task Discovery2/4 (50%)
✓backlog_healthAll 50 open issues have labels and descriptive titles >10 characters (100% pass rate)
✗issue_labeling_systemNo clear priority labels (P0-P3, critical/high/medium/low) or consistent area labels detected
✓issue_templatesMultiple issue templates in .github/ISSUE_TEMPLATE/ (bug_report.md, feedback.md, submit-a-request.md, etc.)
✗pr_templatesNo .github/pull_request_template.md found to guide PR descriptions
Product & Analytics0/2 (0%)
✗error_to_insight_pipelineNo error tracking integration with issue creation (Sentry-GitHub integration) detected
✗product_analytics_instrumentationNo product analytics (Mixpanel, Amplitude, PostHog) instrumentation detected