Agent Readiness Report

Open Xtract

Python

mellow-artificial-intelligence/open-xtract

Pass Rate

40%

Open source extraction tool

L1100%

L2100%

L30%

L40%

L50%

Strong Security

Open Xtract reaches Level 3 with 60% Security pass rate. Currently becoming autonomous-capable with 23/57 criteria passing (40%). Key areas for improvement include the opportunities listed below.

Strengths

Formatter

Ruff format is configured in pyproject.toml and used in CI (ruff format --check)

Lint Config

Ruff is configured in pyproject.toml with linting rules (E, F, I, UP, B, SIM)

Build Cmd Doc

Build commands documented - README has 'uv add open-xtract', CONTRIBUTING.md has 'uv sync --dev'

Opportunities

Cyclomatic Complexity

Add complexity analysis to identify and refactor overly complex functions.

Feature Flag Infrastructure

Add feature flags to enable safer deployments and gradual rollouts.

Integration Tests Exist

Add integration tests to verify component interactions and catch issues unit tests miss.

All Criteria

Style & Validation2/11 (18%)

—code_modularization—/—Skipped: small library with only 454 lines of code where module boundaries are not meaningful

✗cyclomatic_complexity0/1No complexity analysis tools configured (no lizard, radon, or ruff complexity rules)

✗dead_code_detection0/1No dead code detection tools found (no vulture, dead, or similar tools)

✗duplicate_code_detection0/1No duplicate code detection tools configured (no jscpd, PMD CPD, or similar)

✓formatter1/1Ruff format is configured in pyproject.toml and used in CI (ruff format --check)

✗large_file_detection0/1No file size detection tools (no git hooks, CI jobs, or linter rules checking file size)

✓lint_config1/1Ruff is configured in pyproject.toml with linting rules (E, F, I, UP, B, SIM)

—n_plus_one_detection—/—Skipped: no database or ORM usage in this library

✗naming_consistency0/1No naming convention rules found in ruff config or documented in AGENTS.md/CONTRIBUTING.md

✗pre_commit_hooks0/1No .pre-commit-config.yaml or husky/lint-staged configuration found

✗strict_typing0/1No mypy strict mode configuration found (no mypy.ini or [tool.mypy] in pyproject.toml)

✗tech_debt_tracking0/1No tech debt tracking tools (no TODO scanner in CI, no SonarQube, no tech debt markers)

✗type_check0/1No mypy or type checker configuration found in pyproject.toml or separate config files

Build System7/12 (58%)

✗agentic_development0/1No agent co-authorship found in git log (no droid or agent identifiers in author/co-author fields)

✗automated_pr_review0/1No automated PR review generation found (gh pr list shows empty reviews and comments arrays)

✓build_cmd_doc1/1Build commands documented - README has 'uv add open-xtract', CONTRIBUTING.md has 'uv sync --dev'

—build_performance_tracking—/—Skipped: no build caching or performance tracking configured

—dead_feature_flag_detection—/—Skipped: prerequisite fails (no feature flag infrastructure)

✗deployment_frequency0/1Releases are monthly/bi-weekly (v0.2.0 Jan, v0.1.4 Dec, v0.1.3 Nov), not multiple per week

✓deps_pinned1/1Dependencies pinned - uv.lock lockfile is committed

✓fast_ci_feedback1/1CI feedback is fast - average CI duration ~9 seconds (well under 10 minute threshold)

✗feature_flag_infrastructure0/1No feature flag infrastructure (no LaunchDarkly, Statsig, or custom feature flags)

—heavy_dependency_detection—/—Skipped: Python library, not a bundled JavaScript application

—monorepo_tooling—/—Skipped: single application repository, not a monorepo

—progressive_rollout—/—Skipped: not an infrastructure repository, it's a library

✓release_automation1/1Release automation via GitHub release workflow that publishes to PyPI on version bumps

✓release_notes_automation1/1Automated release notes via GitHub release workflow (generate_release_notes: true in release.yml)

—rollback_automation—/—Skipped: not an infrastructure repository, it's a library

✓single_command_setup1/1Single command setup documented in CONTRIBUTING.md: 'uv sync --dev'

✗unused_dependencies_detection0/1No unused dependency detection tools found (no depcheck, deptry, or pip-extra-reqs)

✓vcs_cli_tools1/1GitHub CLI (gh) is installed and authenticated (verified with gh auth status)

—version_drift_detection—/—Skipped: single application repository, not a monorepo

Testing3/7 (43%)

—flaky_test_detection—/—Skipped: gh CLI available but no retry config or flaky test tracking tools found

✗integration_tests_exist0/1No integration tests directory or files found (no tests/integration/ or e2e tests)

✗test_coverage_thresholds0/1No coverage threshold enforcement (no coverageThreshold in pytest config or CI gates)

✗test_isolation0/1No parallel test execution configured (no pytest-xdist or parallelization)

✓test_naming_conventions1/1Pytest naming conventions configured in pyproject.toml with testpaths=['tests']

✗test_performance_tracking0/1No test timing output or test analytics platforms configured

✓unit_tests_exist1/1Unit tests exist in tests/test_extract.py and tests/test_temporal.py

✓unit_tests_runnable1/1Tests are runnable - pytest --collect-only successfully collected 43 test items

Documentation2/6 (33%)

✗agents_md0/1No AGENTS.md file exists at repository root

—agents_md_validation—/—Skipped: prerequisite fails (no AGENTS.md file)

—api_schema_docs—/—Skipped: this is a library, not an API service with endpoints

✗automated_doc_generation0/1No automated documentation generation tools or workflows found

✓documentation_freshness1/1CONTRIBUTING.md was modified in the last 180 days (git log shows recent updates)

✓readme1/1README.md exists with comprehensive setup, usage instructions, and examples

✗service_flow_documented0/1No architecture diagrams or service flow documentation found

✗skills0/1No skills directory found (.factory/skills/, .skills/, .claude/skills/)

Dev Environment1/3 (33%)

—database_schema—/—Skipped: no database usage (uses external Temporal for durable execution)

✗devcontainer0/1No .devcontainer directory or devcontainer.json configuration found

—devcontainer_runnable—/—Skipped: no devcontainer configuration exists

✗env_template0/1No .env.example file and no environment variables documented in README or AGENTS.md

✓local_services_setup1/1docker-compose.temporal.yml provides local Temporal, PostgreSQL, and UI services

Debugging & Observability3/7 (43%)

✗alerting_configured0/1No PagerDuty, OpsGenie, or alerting rules found

—circuit_breakers—/—Skipped: unclear if needed for this library's LLM API calls

—code_quality_metrics—/—Skipped: requires admin API access not available for OSS evaluation (403 on code scanning)

✗deployment_observability0/1No monitoring dashboard references found in docs (no Datadog, Grafana, New Relic links)

✓distributed_tracing1/1Logfire provides distributed tracing via instrument_pydantic_ai() and instrument_httpx()

✗error_tracking_contextualized0/1No Sentry, Bugsnag, or Rollbar configuration found

—health_checks—/—Skipped: library, not a deployed service with endpoints

✓metrics_collection1/1Logfire provides instrumentation for metrics collection via logfire.configure()

—profiling_instrumentation—/—Skipped: no profiling tools configured

✗runbooks_documented0/1No runbooks or references to runbooks found in documentation

✓structured_logging1/1Logfire logging library is used (imported in __init__.py, configured via configure_logging())

Security3/5 (60%)

—automated_security_review—/—Skipped: requires admin API access not available for OSS evaluation (403 on code scanning API)

—branch_protection—/—Skipped: requires admin API access not available for OSS evaluation (empty rulesets, 404 on branch protection)

✓codeowners1/1.github/CODEOWNERS file exists with valid team assignment (* @colesmcintosh)

—dast_scanning—/—Skipped: library, not a deployed web service

✗dependency_update_automation0/1No Dependabot or Renovate configuration found

✓gitignore_comprehensive1/1.gitignore properly excludes .env, __pycache__, .venv, build, dist, and Python artifacts

✗log_scrubbing0/1No log sanitization mechanisms found (no redaction, masking, or scrubbing patterns)

—pii_handling—/—Skipped: library that doesn't directly process user data

—privacy_compliance—/—Skipped: library, not an application that collects end-user data

—secret_scanning—/—Skipped: requires admin API access not available for OSS evaluation (404 on secret scanning API)

✓secrets_management1/1.env files properly gitignored, GitHub Actions secrets used, no hardcoded secrets found

Task Discovery2/4 (50%)

✗backlog_health0/1Only 1 open issue with descriptive title but no labels (0% meet both requirements)

✗issue_labeling_system0/1No consistent labeling system (1 open issue has no labels, no label schema documented)

✓issue_templates1/1.github/ISSUE_TEMPLATE/ exists with bug_report.yml and feature_request.yml templates

✓pr_templates1/1.github/PULL_REQUEST_TEMPLATE.md exists with sections for summary, changes, testing, and checklist

Product & Analytics0/2 (0%)

✗error_to_insight_pipeline0/1No error-to-issue automation (no Sentry-GitHub integration or error tracking with issue creation)

✗product_analytics_instrumentation0/1No product analytics platforms found (no Mixpanel, Amplitude, PostHog, etc.)

Open Xtract

Strong Security

Strengths

Opportunities

All Criteria

Ready to build the software of the future?