All Reports
TiDB
Go
pingcap/tidb
Pass Rate
58%
TiDB is an open-source, cloud-native, distributed, MySQL-Compatible database
L1100%
L2100%
L390%
L40%
L50%
Strong Style & Validation
TiDB reaches Level 3 with 73% Style & Validation pass rate. Currently becoming autonomous-capable with 35/60 criteria passing (58%). Key areas for improvement include the opportunities listed below.
Strengths
01
Cyclomatic Complexity
revive cyclomatic rule configured in golangci.yml (threshold: 3) monitors code complexity
02
Dead Code Detection
staticcheck and unused linters enabled in golangci.yml detect dead/unused code
03
Formatter
gofmt configured in Makefile (make fmt) for code formatting across entire repository
Opportunities
01
Duplicate Code Detection
No CPD, jscpd, or duplication detection tools found in CI or pre-commit hooks
02
Large File Detection
No git-lfs, no pre-commit file size checks, no CI job checking file sizes detected
03
Tech Debt Tracking
No TODO/FIXME scanner in CI workflows or pre-commit hooks. No SonarQube/SonarCloud integration
All Criteria
Style & Validation8/11 (73%)
—code_modularizationGo projects use internal/ package pattern with compiler-enforced visibility boundaries (skipped per criteria)
✓cyclomatic_complexityrevive cyclomatic rule configured in golangci.yml (threshold: 3) monitors code complexity
✓dead_code_detectionstaticcheck and unused linters enabled in golangci.yml detect dead/unused code
✗duplicate_code_detectionNo CPD, jscpd, or duplication detection tools found in CI or pre-commit hooks
✓formattergofmt configured in Makefile (make fmt) for code formatting across entire repository
✗large_file_detectionNo git-lfs, no pre-commit file size checks, no CI job checking file sizes detected
✓lint_configgolangci.yml configured with comprehensive linters (staticcheck, revive, gosec, errcheck, etc.) covering all applications
—n_plus_one_detectionDatabase server itself, not ORM-based applications. N+1 detection not applicable (skipped)
✓naming_consistencyrevive linter in golangci.yml enforces naming conventions (exported, error-naming rules) across codebase
✓pre_commit_hooks.pre-commit-config.yaml exists with make precheck and go mod tidy hooks for all applications
✓strict_typingGo is statically typed by default with compile-time type checking for all applications
✗tech_debt_trackingNo TODO/FIXME scanner in CI workflows or pre-commit hooks. No SonarQube/SonarCloud integration
✓type_checkGo has built-in static type checking via compiler. All applications benefit from Go's type system
Build System6/10 (60%)
✗agentic_developmentNo agent co-authorship (factory-droid, Claude) found in recent 100 commits. No agent workflows detected
—automated_pr_reviewNo automated PR review generation tools (danger.js, droid reviews, AI bots) found in workflows (skippable, gh not auth)
✓build_cmd_docAGENTS.md comprehensively documents build commands: make bazel_prepare, make, make build_lightning, make build_dumpling
—build_performance_trackingNo build performance metrics, caching analytics, or duration tracking detected (skippable)
—dead_feature_flag_detectionPrerequisite failed: no feature flag infrastructure exists (skippable)
—deployment_frequencyCannot verify deployment frequency without authenticated gh CLI access (skippable)
✓deps_pinnedgo.sum committed with pinned dependency versions for reproducible builds
—fast_ci_feedbackCannot verify CI duration without authenticated gh CLI access (skippable)
✗feature_flag_infrastructureNo LaunchDarkly, Statsig, Unleash, or feature flag libraries found in dependencies or code
—heavy_dependency_detectionBackend services without bundling - bundle size analysis not applicable (skippable)
✓monorepo_toolingBazel configured with BUILD.bazel files throughout for monorepo build management and caching
—progressive_rolloutDatabase infrastructure project - progressive rollout not applicable (skippable)
✗release_automationNo automated CD pipeline, GitOps, or release automation workflows detected in .github/workflows/
✗release_notes_automationNo semantic-release, release-please, changesets, or automated changelog generation detected
—rollback_automationDatabase infrastructure project - one-click rollback not applicable (skippable)
✓single_command_setupAGENTS.md documents single-command setup: make bazel_prepare && make for building TiDB
✓unused_dependencies_detectiongo mod tidy in Makefile and pre-commit hooks ensures only used dependencies in go.mod
✓vcs_cli_toolsgh CLI available at /opt/homebrew/bin/gh (authentication status not verified)
—version_drift_detectionSingle Go module with Bazel - no multi-package version drift concerns (skippable)
Testing5/7 (71%)
—flaky_test_detectionCannot verify flaky test detection without authenticated gh CLI access (skippable)
✓integration_tests_existtests/integrationtest/ and tests/realtikvtest/ provide integration testing infrastructure documented in AGENTS.md
✗test_coverage_thresholdsNo coverage thresholds in CI, no codecov/coveralls with PR blocking, no quality gates configured
✓test_isolationGo test framework supports parallel execution (t.Parallel), tests designed for isolation and concurrency
✓test_naming_conventionsGo standard *_test.go naming convention enforced by compiler and followed throughout codebase
✗test_performance_trackingNo test timing output, test analytics platforms (BuildPulse, Datadog CI), or duration tracking found
✓unit_tests_existExtensive *_test.go files throughout pkg/, br/, lightning/, dumpling/ directories with thousands of tests
✓unit_tests_runnableAGENTS.md documents: go test -run <TestName> --tags=intest. Tests verified runnable via standard Go tooling
Documentation4/8 (50%)
✓agents_mdComprehensive AGENTS.md exists at repo root documenting package structure, testing, building, and PR instructions
✗agents_md_validationNo CI job validating AGENTS.md accuracy, no automated AGENTS.md updates or command verification
✗api_schema_docsLightning has OpenAPI spec (lightning/web/docs/api.yaml). Main TiDB/BR/Dumpling are CLI tools without REST APIs
✗automated_doc_generationNo automated doc generation tools (godoc publishing, Swagger gen, diagram generators) in CI
✓documentation_freshnessAGENTS.md modified within last 180 days (recent git log shows documentation updates)
✓readmeREADME.md exists with project description, key features, quick start, and architecture overview
✓service_flow_documentedArchitecture diagrams exist: docs/tidb-architecture.png and docs/architecture.png document system architecture
✗skillsNo .factory/skills/, .skills/, or .claude/skills/ directories found in repository
Dev Environment2/4 (50%)
✓database_schemaSchema definitions in pkg/meta/ including meta.go, meta_autoid.go for TiDB metadata and DDL
✗devcontainerNo .devcontainer/devcontainer.json or devcontainer configuration found
—devcontainer_runnableNo devcontainer exists to test (skippable)
✗env_templateNo .env.example, .env.template, or environment variable documentation in README/AGENTS.md
✓local_services_setupbr/docker-compose.yaml provides local service setup for backup/restore testing
Debugging & Observability5/10 (50%)
✗alerting_configuredNo PagerDuty, OpsGenie, or alerting system integrations found in dependencies or configuration
✗circuit_breakersNo circuit breaker libraries (opossum, resilience4j, polly) or resilience patterns found
—code_quality_metricsCannot verify code quality metrics tracking without authenticated gh CLI access (skippable)
✗deployment_observabilityNo dashboard links (Datadog, Grafana, New Relic) or deployment monitoring references in docs
✓distributed_tracingOpenTelemetry (otel v1.24.0) and Jaeger client integrated in go.mod for distributed tracing
✓error_tracking_contextualizedSentry (github.com/getsentry/sentry-go v0.27.0) in go.mod for error tracking with context
✓health_checksHealth check endpoints implemented in pkg/server/ (http_status.go, server.go) for TiDB server
✓metrics_collectionPrometheus client (github.com/prometheus/client_golang v1.23.0) instrumented for metrics collection
✗profiling_instrumentationNo continuous profiling tools (Pyroscope, Parca) or APM profiling configuration detected
✗runbooks_documentedNo runbook documentation or links to runbook systems found in README, AGENTS.md, or docs/
✓structured_logginggo.uber.org/zap v1.27.1 in go.mod provides structured logging for all applications
Security3/5 (60%)
—automated_security_reviewCannot verify security scanning (CodeQL, Semgrep, Snyk) without authenticated gh API access (skippable)
—branch_protectionCannot verify branch protection without authenticated gh API access (skippable)
✓codeowners.github/CODEOWNERS file exists with team assignments for code ownership
—dast_scanningDatabase and CLI tools without web interfaces - DAST scanning not applicable (skippable)
✓dependency_update_automationDependabot configured in .github/dependabot.yml for automated Go module updates
✓gitignore_comprehensive.gitignore excludes .DS_Store, .idea/, .vscode, build artifacts, and IDE files comprehensively
✗log_scrubbingNo log redaction/sanitization configuration found in zap logger setup or logging utilities
—pii_handlingDatabase infrastructure without direct end-user data collection - PII handling tools not applicable (skippable)
—privacy_complianceDatabase infrastructure without end-user data collection - privacy compliance tools not applicable (skippable)
—secret_scanningCannot verify GitHub secret scanning without authenticated gh API access (skippable)
✗secrets_managementNo secrets manager integration (AWS Secrets Manager, Vault, SOPS) found in code or configuration
Task Discovery2/3 (67%)
—backlog_healthCannot assess issue quality and labeling without authenticated gh CLI access (skippable)
✗issue_labeling_systemCannot verify consistent label system (priority, type, area) without gh CLI access
✓issue_templates.github/ISSUE_TEMPLATE/ contains bug-report.md, feature-request.md, and enhancement.md templates
✓pr_templates.github/pull_request_template.md exists with structured sections for description, testing, and release notes
Product & Analytics0/2 (0%)
✗error_to_insight_pipelineNo Sentry-GitHub integration, no error-to-issue automation, no PagerDuty issue creation configured
✗product_analytics_instrumentationNo product analytics SDKs (Mixpanel, Amplitude, PostHog, Heap) found in dependencies