Agent Readiness Report

containerd

containerd/containerd

Pass Rate

65%

An open and reliable container runtime

L1100%

L2100%

L3100%

L425%

L50%

Strong Testing

containerd reaches Level 4 with 86% Testing pass rate. Currently reaching production grade with 39/60 criteria passing (65%). Key areas for improvement include the opportunities listed below.

Strengths

Testing (86%)

Includes Integration Tests Exist, Test Coverage Thresholds, Test Isolation.

Code Modularization

✓ internal/ package directories enforce Go's compiler-enforced visibility boundaries

Dead Code Detection

✓ staticcheck and revive detect unused code; unused-parameter checks in golangci config

Opportunities

Cyclomatic Complexity

✗ No gocyclo or complexity rules found in golangci config; no complexity thresholds enforced

Large File Detection

✗ No git hooks, CI file size checks, or .gitattributes LFS configuration found

Pre Commit Hooks

✗ No .pre-commit-config.yaml or husky found; no git hooks configured

All Criteria

Style & Validation8/12 (67%)

✓code_modularization1/1✓ internal/ package directories enforce Go's compiler-enforced visibility boundaries

✗cyclomatic_complexity0/1✗ No gocyclo or complexity rules found in golangci config; no complexity thresholds enforced

✓dead_code_detection1/1✓ staticcheck and revive detect unused code; unused-parameter checks in golangci config

✓duplicate_code_detection1/1✓ dupword linter checks for duplicate words in source code

✓formatter1/1✓ gofmt and goimports configured in .golangci.yml formatters section

✗large_file_detection0/1✗ No git hooks, CI file size checks, or .gitattributes LFS configuration found

✓lint_config1/1✓ .golangci.yml configured with gosec, revive, misspell, depguard, and other linters

—n_plus_one_detection—/—Skipped - infrastructure library without visible ORM/database query patterns

✓naming_consistency1/1✓ revive linter with package-comments and naming convention rules enabled

✗pre_commit_hooks0/1✗ No .pre-commit-config.yaml or husky found; no git hooks configured

✓strict_typing1/1✓ Go compiler enforces strict typing by default; no dynamic typing escape hatches used

✗tech_debt_tracking0/1✗ No TODO/FIXME scanner in CI; no linter rules enforcing tech debt tracking

✓type_check1/1✓ Go is strongly typed by default; go.mod requires go >= 1.24.3

Build System8/11 (73%)

✗agentic_development0/1✗ No agent co-authorship found in recent 100 commits; no droid/factory/claude signatures

—automated_pr_review—/—Skipped - would require analyzing PR comments for bot/automation; insufficient clear evidence

✓build_cmd_doc1/1✓ BUILDING.md and README.md document 'make' and 'go build' commands clearly

✗build_performance_tracking0/1✗ No build caching (turbo/nx), metrics export, or deliberate build optimization tracking found

—dead_feature_flag_detection—/—Skipped - prerequisite fails (no feature flag infrastructure)

✓deployment_frequency1/1✓ High release cadence: 2.2.1 (Dec 18), 2.1.6 (Dec 18), 1.7.30 (Dec 18) - multiple per month

✓deps_pinned1/1✓ go.sum committed; Go modules provide cryptographic dependency locking

—fast_ci_feedback—/—Skipped - would require calculating CI duration from statusCheckRollup timestamps

✗feature_flag_infrastructure0/1✗ No LaunchDarkly, Statsig, Unleash, or custom feature flag system configured

—heavy_dependency_detection—/—Skipped - not a bundled/frontend application; no bundle size analysis needed

—monorepo_tooling—/—Skipped - single-application repository; no monorepo tooling needed

—progressive_rollout—/—Skipped - infrastructure library; progressive rollout managed by downstream users/operators

✓release_automation1/1✓ .github/workflows/release.yml automates binary builds and releases on tag push

✓release_notes_automation1/1✓ release.yml extracts release notes from git tag annotations automatically

—rollback_automation—/—Skipped - infrastructure library; rollback handled by package managers and orchestrators

✓single_command_setup1/1✓ BUILDING.md documents 'git clone && cd containerd && make' for dev setup

✓unused_dependencies_detection1/1✓ CI runs 'make verify-vendor' which includes go mod tidy to detect unused dependencies

✓vcs_cli_tools1/1✓ gh CLI available and authenticated to github.com (jonathan-factory account)

—version_drift_detection—/—Skipped - single-application repository; version drift not applicable

Testing6/7 (86%)

—flaky_test_detection—/—Skipped - would require analyzing PR statusCheckRollup for retry patterns; no clear evidence

✓integration_tests_exist1/1✓ integration/ directory with comprehensive integration tests; cri-integration tests

✓test_coverage_thresholds1/1✓ codecov.yml exists; Makefile has coverage, root-coverage, cri-integration-coverage targets

✓test_isolation1/1✓ Tests run with -parallel flag in Makefile; TESTFLAGS_PARALLEL variable configured

✓test_naming_conventions1/1✓ Go enforces *_test.go naming convention by default; test files follow this pattern

✓test_performance_tracking1/1✓ Makefile has coverage targets; CI workflows output test results and timing information

✓unit_tests_exist1/1✓ Extensive *_test.go files throughout codebase (cmd/, core/, pkg/, internal/)

—unit_tests_runnable—/—Requires local test execution environment to verify (skipped).

Documentation5/7 (71%)

✗agents_md0/1✗ AGENTS.md not found in repository root

—agents_md_validation—/—Skipped - prerequisite fails (AGENTS.md not found)

✓api_schema_docs1/1✓ Protobuf schemas in api/ directory define gRPC APIs (events.proto, version.proto, etc.)

✓automated_doc_generation1/1✓ Makefile has 'man' target generating man pages from markdown using go-md2man

✓documentation_freshness1/1✓ CONTRIBUTING.md updated in last 180 days (recent activity)

✓readme1/1✓ Comprehensive README.md with project overview, installation, and usage instructions

✓service_flow_documented1/1✓ Architecture diagrams exist: docs/historical/design/architecture.png, data-flow.png, cri/architecture.png

✗skills0/1✗ No .factory/skills/, .skills/, or .claude/skills/ directories found

Dev Environment1/2 (50%)

—database_schema—/—Skipped - infrastructure daemon without traditional database schema; uses bbolt for metadata

✓devcontainer1/1✓ .devcontainer/devcontainer.json configured with Go 1.24.11 and docker-in-docker

—devcontainer_runnable—/—Skipped - devcontainer CLI availability not verified

✗env_template0/1✗ No .env.example file; environment variables not documented in README/AGENTS.md

—local_services_setup—/—Skipped - infrastructure daemon; no external services (postgres/redis) required for local dev

Debugging & Observability5/8 (63%)

—alerting_configured—/—Skipped - infrastructure library/daemon; alerting typically configured by users/operators

—circuit_breakers—/—Skipped - infrastructure daemon; circuit breakers not typical for this type of system

✓code_quality_metrics1/1✓ codecov.yml configured for coverage tracking; CI generates coverage profiles

✗deployment_observability0/1✗ No monitoring dashboard links (Datadog, Grafana) found in documentation

✓distributed_tracing1/1✓ OpenTelemetry instrumentation: go.opentelemetry.io/otel packages with grpc/http instrumentation

✗error_tracking_contextualized0/1✗ No Sentry, Bugsnag, or Rollbar integration found for production error tracking

—health_checks—/—Skipped - daemon/runtime provides health via gRPC API; not a traditionally deployed web service

✓metrics_collection1/1✓ Prometheus client instrumented: github.com/prometheus/client_golang in dependencies

✓profiling_instrumentation1/1✓ internal/pprof directory exists for Go profiling support

✗runbooks_documented0/1✗ No runbooks or links to incident response procedures found in README/docs

✓structured_logging1/1✓ github.com/sirupsen/logrus and github.com/containerd/log in go.mod for structured logging

Security3/8 (38%)

✓automated_security_review1/1✓ CodeQL SAST configured in .github/workflows/codeql.yml; runs on PRs and pushes

✓branch_protection1/1✓ Active rulesets: tag create/delete protections enforced via GitHub rulesets

✗codeowners0/1✗ No CODEOWNERS file in repository root or .github/ directory

—dast_scanning—/—Skipped - not a web application; DAST not applicable to container runtime daemon

✓dependency_update_automation1/1✓ Dependabot configured for go modules and github-actions; weekly updates with grouping

✗gitignore_comprehensive0/1✗ .gitignore missing common patterns: no .env, .idea, .vscode, .DS_Store entries

✗log_scrubbing0/1✗ No log sanitization/redaction mechanism configured in logging setup

—pii_handling—/—Skipped - infrastructure daemon without user PII processing

—privacy_compliance—/—Skipped - infrastructure daemon without end-user data collection

—secret_scanning—/—Requires GitHub admin API access to verify secret scanning configuration (skipped).

✗secrets_management0/1✗ No cloud secrets manager integration or secrets management pattern evident

Task Discovery3/4 (75%)

✓backlog_health1/1✓ 49/50 open issues analyzed have descriptive titles (>10 chars) AND labels (98% health)

✓issue_labeling_system1/1✓ Comprehensive labels: area/* (cri,distribution,runtime), kind/* (bug,feature), priority/P1, platform/windows

✓issue_templates1/1✓ .github/ISSUE_TEMPLATE/ with bug_report.yaml, feature_request.yaml, cri_kep.yaml

✗pr_templates0/1✗ No .github/pull_request_template.md or PULL_REQUEST_TEMPLATE.md found

Product & Analytics0/1 (0%)

✗error_to_insight_pipeline0/1✗ No Sentry-GitHub integration or automated error-to-issue pipeline found

—product_analytics_instrumentation—/—Skipped - infrastructure project; no end-user product analytics needed

containerd

Strong Testing

Strengths

Opportunities

All Criteria

Ready to build the software of the future?