Agent Readiness Report

containerd

containerd/containerd

Pass Rate

65%

An open and reliable container runtime

L1100%

L2100%

L3100%

L425%

L50%

Strong Testing

containerd reaches Level 4 with 86% Testing pass rate. Currently reaching production grade with 39/60 criteria passing (65%). Key areas for improvement include the opportunities listed below.

Strengths

Testing (86%)

Includes Integration Tests Exist, Test Coverage Thresholds, Test Isolation.

Code Modularization

✓ internal/ package directories enforce Go's compiler-enforced visibility boundaries

Dead Code Detection

✓ staticcheck and revive detect unused code; unused-parameter checks in golangci config

Opportunities

Cyclomatic Complexity

Add complexity analysis to identify and refactor overly complex functions.

Feature Flag Infrastructure

Add feature flags to enable safer deployments and gradual rollouts.

Skills

Create .factory/skills to give agents reusable, tested capabilities for common tasks.

All Criteria

Style & Validation8/12 (67%)

✓code_modularization1/1✓ internal/ package directories enforce Go's compiler-enforced visibility boundaries

✗cyclomatic_complexity0/1✗ No gocyclo or complexity rules found in golangci config; no complexity thresholds enforced

✓dead_code_detection1/1✓ staticcheck and revive detect unused code; unused-parameter checks in golangci config

✓duplicate_code_detection1/1✓ dupword linter checks for duplicate words in source code

✓formatter1/1✓ gofmt and goimports configured in .golangci.yml formatters section

✗large_file_detection0/1✗ No git hooks, CI file size checks, or .gitattributes LFS configuration found

✓lint_config1/1✓ .golangci.yml configured with gosec, revive, misspell, depguard, and other linters

—n_plus_one_detection—/—Skipped - infrastructure library without visible ORM/database query patterns

✓naming_consistency1/1✓ revive linter with package-comments and naming convention rules enabled

✗pre_commit_hooks0/1✗ No .pre-commit-config.yaml or husky found; no git hooks configured

✓strict_typing1/1✓ Go compiler enforces strict typing by default; no dynamic typing escape hatches used

✗tech_debt_tracking0/1✗ No TODO/FIXME scanner in CI; no linter rules enforcing tech debt tracking

✓type_check1/1✓ Go is strongly typed by default; go.mod requires go >= 1.24.3

Build System8/11 (73%)

✗agentic_development0/1✗ No agent co-authorship found in recent 100 commits; no droid/factory/claude signatures

—automated_pr_review—/—Skipped - would require analyzing PR comments for bot/automation; insufficient clear evidence

✓build_cmd_doc1/1✓ BUILDING.md and README.md document 'make' and 'go build' commands clearly

✗build_performance_tracking0/1✗ No build caching (turbo/nx), metrics export, or deliberate build optimization tracking found

—dead_feature_flag_detection—/—Skipped - prerequisite fails (no feature flag infrastructure)

✓deployment_frequency1/1✓ High release cadence: 2.2.1 (Dec 18), 2.1.6 (Dec 18), 1.7.30 (Dec 18) - multiple per month

✓deps_pinned1/1✓ go.sum committed; Go modules provide cryptographic dependency locking

—fast_ci_feedback—/—Skipped - would require calculating CI duration from statusCheckRollup timestamps

✗feature_flag_infrastructure0/1✗ No LaunchDarkly, Statsig, Unleash, or custom feature flag system configured

—heavy_dependency_detection—/—Skipped - not a bundled/frontend application; no bundle size analysis needed

—monorepo_tooling—/—Skipped - single-application repository; no monorepo tooling needed

—progressive_rollout—/—Skipped - infrastructure library; progressive rollout managed by downstream users/operators

✓release_automation1/1✓ .github/workflows/release.yml automates binary builds and releases on tag push

✓release_notes_automation1/1✓ release.yml extracts release notes from git tag annotations automatically

—rollback_automation—/—Skipped - infrastructure library; rollback handled by package managers and orchestrators

✓single_command_setup1/1✓ BUILDING.md documents 'git clone && cd containerd && make' for dev setup

✓unused_dependencies_detection1/1✓ CI runs 'make verify-vendor' which includes go mod tidy to detect unused dependencies

✓vcs_cli_tools1/1✓ gh CLI available and authenticated to github.com (jonathan-factory account)

—version_drift_detection—/—Skipped - single-application repository; version drift not applicable

Testing6/7 (86%)

—flaky_test_detection—/—Skipped - would require analyzing PR statusCheckRollup for retry patterns; no clear evidence

✓integration_tests_exist1/1✓ integration/ directory with comprehensive integration tests; cri-integration tests

✓test_coverage_thresholds1/1✓ codecov.yml exists; Makefile has coverage, root-coverage, cri-integration-coverage targets

✓test_isolation1/1✓ Tests run with -parallel flag in Makefile; TESTFLAGS_PARALLEL variable configured

✓test_naming_conventions1/1✓ Go enforces *_test.go naming convention by default; test files follow this pattern

✓test_performance_tracking1/1✓ Makefile has coverage targets; CI workflows output test results and timing information

✓unit_tests_exist1/1✓ Extensive *_test.go files throughout codebase (cmd/, core/, pkg/, internal/)

—unit_tests_runnable—/—Requires local test execution environment to verify (skipped).

Documentation5/7 (71%)

✗agents_md0/1✗ AGENTS.md not found in repository root

—agents_md_validation—/—Skipped - prerequisite fails (AGENTS.md not found)

✓api_schema_docs1/1✓ Protobuf schemas in api/ directory define gRPC APIs (events.proto, version.proto, etc.)

✓automated_doc_generation1/1✓ Makefile has 'man' target generating man pages from markdown using go-md2man

✓documentation_freshness1/1✓ CONTRIBUTING.md updated in last 180 days (recent activity)

✓readme1/1✓ Comprehensive README.md with project overview, installation, and usage instructions

✓service_flow_documented1/1✓ Architecture diagrams exist: docs/historical/design/architecture.png, data-flow.png, cri/architecture.png

✗skills0/1✗ No .factory/skills/, .skills/, or .claude/skills/ directories found

Dev Environment1/2 (50%)

—database_schema—/—Skipped - infrastructure daemon without traditional database schema; uses bbolt for metadata

✓devcontainer1/1✓ .devcontainer/devcontainer.json configured with Go 1.24.11 and docker-in-docker

—devcontainer_runnable—/—Skipped - devcontainer CLI availability not verified

✗env_template0/1✗ No .env.example file; environment variables not documented in README/AGENTS.md

—local_services_setup—/—Skipped - infrastructure daemon; no external services (postgres/redis) required for local dev

Debugging & Observability5/8 (63%)

—alerting_configured—/—Skipped - infrastructure library/daemon; alerting typically configured by users/operators

—circuit_breakers—/—Skipped - infrastructure daemon; circuit breakers not typical for this type of system

✓code_quality_metrics1/1✓ codecov.yml configured for coverage tracking; CI generates coverage profiles

✗deployment_observability0/1✗ No monitoring dashboard links (Datadog, Grafana) found in documentation

✓distributed_tracing1/1✓ OpenTelemetry instrumentation: go.opentelemetry.io/otel packages with grpc/http instrumentation

✗error_tracking_contextualized0/1✗ No Sentry, Bugsnag, or Rollbar integration found for production error tracking

—health_checks—/—Skipped - daemon/runtime provides health via gRPC API; not a traditionally deployed web service

✓metrics_collection1/1✓ Prometheus client instrumented: github.com/prometheus/client_golang in dependencies

✓profiling_instrumentation1/1✓ internal/pprof directory exists for Go profiling support

✗runbooks_documented0/1✗ No runbooks or links to incident response procedures found in README/docs

✓structured_logging1/1✓ github.com/sirupsen/logrus and github.com/containerd/log in go.mod for structured logging

Security3/8 (38%)

✓automated_security_review1/1✓ CodeQL SAST configured in .github/workflows/codeql.yml; runs on PRs and pushes

✓branch_protection1/1✓ Active rulesets: tag create/delete protections enforced via GitHub rulesets

✗codeowners0/1✗ No CODEOWNERS file in repository root or .github/ directory

—dast_scanning—/—Skipped - not a web application; DAST not applicable to container runtime daemon

✓dependency_update_automation1/1✓ Dependabot configured for go modules and github-actions; weekly updates with grouping

✗gitignore_comprehensive0/1✗ .gitignore missing common patterns: no .env, .idea, .vscode, .DS_Store entries

✗log_scrubbing0/1✗ No log sanitization/redaction mechanism configured in logging setup

—pii_handling—/—Skipped - infrastructure daemon without user PII processing

—privacy_compliance—/—Skipped - infrastructure daemon without end-user data collection

—secret_scanning—/—Requires GitHub admin API access to verify secret scanning configuration (skipped).

✗secrets_management0/1✗ No cloud secrets manager integration or secrets management pattern evident

Task Discovery3/4 (75%)

✓backlog_health1/1✓ 49/50 open issues analyzed have descriptive titles (>10 chars) AND labels (98% health)

✓issue_labeling_system1/1✓ Comprehensive labels: area/* (cri,distribution,runtime), kind/* (bug,feature), priority/P1, platform/windows

✓issue_templates1/1✓ .github/ISSUE_TEMPLATE/ with bug_report.yaml, feature_request.yaml, cri_kep.yaml

✗pr_templates0/1✗ No .github/pull_request_template.md or PULL_REQUEST_TEMPLATE.md found

Product & Analytics0/1 (0%)

✗error_to_insight_pipeline0/1✗ No Sentry-GitHub integration or automated error-to-issue pipeline found

—product_analytics_instrumentation—/—Skipped - infrastructure project; no end-user product analytics needed

containerd

Strong Testing

Strengths

Opportunities

All Criteria

Ready to build the software of the future?