All Reports
Temporal
Go
temporalio/temporal
Pass Rate
74%
Workflow orchestration platform
L1100%
L2100%
L3100%
L470%
L50%
Strong Testing
Temporal reaches Level 4 with 100% Testing pass rate. Currently reaching production grade with 52/70 criteria passing (74%). Key areas for improvement include the opportunities listed below.
Strengths
01
Testing (100%)
Includes Flaky Test Detection, Integration Tests Exist, Test Coverage Thresholds.
02
Task Discovery (100%)
Includes Backlog Health, Issue Labeling System, Issue Templates.
03
Code Modularization
Go internal/ package pattern used for enforcing module boundaries. Proto has internal/ directories with compiler-enforced visibility
Opportunities
01
Pre Commit Hooks
Set up pre-commit hooks (Husky, pre-commit) to catch issues before they reach CI and speed up feedback loops.
02
Feature Flag Infrastructure
Add feature flags to enable safer deployments and gradual rollouts.
03
Skills
Create .factory/skills to give agents reusable, tested capabilities for common tasks.
All Criteria
Style & Validation9/12 (75%)
✓code_modularizationGo internal/ package pattern used for enforcing module boundaries. Proto has internal/ directories with compiler-enforced visibility
✓cyclomatic_complexitygolangci-lint includes gocyclo for cyclomatic complexity analysis. Also uses revive which has complexity rules
✓dead_code_detectionstaticcheck enabled in golangci-lint detects unused code, unreachable code, and dead stores
✗duplicate_code_detectionNo duplicate code detection tool (jscpd, PMD CPD, SonarQube) found in configuration or CI
✓formattergoimports and gci formatters configured. Makefile has fmt-imports target and CI workflow validates formatting
✗large_file_detectionNo git hooks, CI jobs checking file size, .gitattributes LFS, or linter rules for file size detected
✓lint_configgolangci-lint configured with comprehensive rules including errcheck, staticcheck, revive, forbidigo, exhaustive, godox, testifylint
—n_plus_one_detectionSkipped - temporal is a database-backed service but uses raw SQL and NoSQL clients without ORM, making N+1 detection tools not applicable
✓naming_consistencygolangci-lint revive rules enforce naming conventions. Documented naming patterns in AGENTS.md
✗pre_commit_hooksNo .pre-commit-config.yaml, husky, or similar pre-commit hook framework found
✓strict_typingGo is strictly typed by default with compile-time type checking enforced
✓tech_debt_trackinggodox linter in golangci-lint tracks FIXME keywords. Enforces technical debt tracking via linting
✓type_checkGo has built-in strict type checking enforced by the compiler. go.mod requires go >= 1.25.0
Build System10/13 (77%)
✗agentic_developmentNo evidence of agent co-authorship in git log. No factory-droid, Claude, or AI agent signatures found in recent 100 commits
✓automated_pr_reviewSemgrep automated security reviews visible in PR statusCheckRollup. Code scanning generates review comments
✓build_cmd_docREADME.md and AGENTS.md document build commands: make, make bins, make install. Clear instructions for building temporal-server
✗build_performance_trackingNo explicit build caching config, build metrics export, or build duration tracking visible. GitHub Actions cache not explicitly configured
—dead_feature_flag_detectionSkipped - prerequisite feature_flag_infrastructure failed. No feature flag system to detect stale flags
✓deployment_frequency20 releases in gh release list with v1.28.2, v1.27.4, v1.29.2 on 2025-12-30. Multiple releases per month showing frequent deployment
✓deps_pinnedgo.sum committed with exact dependency versions and checksums. Go modules provide deterministic builds
✓fast_ci_feedbackCI checks complete in ~4 minutes based on PR statusCheckRollup (e.g., 23:03:35 to 23:04:05, 18:44:08 to 18:47:49). Well under 10 minute threshold
✗feature_flag_infrastructureNo LaunchDarkly, Statsig, Unleash, GrowthBook, or custom feature flag system found. Dynamic config exists but not feature flags
—heavy_dependency_detectionSkipped - backend Go service without bundle size concerns. Not applicable for server-side applications
—monorepo_toolingSkipped - single Go module with go.mod at root. Not a monorepo requiring Turborepo/Nx/Lerna
—progressive_rolloutSkipped - no evidence of canary deployments or percentage-based rollouts. Infrastructure repository focus
✓release_automationrelease.yml workflow triggers on release published. goreleaser automates binary builds for multiple platforms
✓release_notes_automationgoreleaser.yml configured for automated release builds and artifact generation. GitHub releases workflow automates releases
—rollback_automationSkipped - no rollback automation documentation or scripts found. Infrastructure repository focus
✓single_command_setupREADME.md documents brew install temporal && temporal server start-dev. CONTRIBUTING.md shows make start for local development
✓unused_dependencies_detectiongo mod tidy in Makefile and CI (ci-build-misc target calls gomodtidy) ensures unused dependencies are detected
✓vcs_cli_toolsgh CLI v2.52.0 installed and authenticated to github.com with repo, workflow, read:org scopes
—version_drift_detectionSkipped - single application repo with unified go.mod. No package version drift concerns
Testing8/8 (100%)
✓flaky_test_detectionDedicated flaky-tests-report.yml workflow using tringa tool to detect and report flaky tests, runs weekly on Wednesdays
✓integration_tests_existIntegration tests in common/persistence/tests/, tools/tests/, and temporaltest/ directories. Makefile has integration-test target
✓test_coverage_thresholdscodecov.yml configured with coverage tracking. Makefile has coverage targets with MAX_TEST_ATTEMPTS retry logic
✓test_isolationTests run with -race flag enabling parallel execution and race detection. TEST_SHUFFLE_FLAG=on for randomized test order
✓test_naming_conventionsGo built-in *_test.go convention enforced. All test files follow TestXxx pattern with testify framework
✓test_performance_trackingTests run with -timeout flag tracking. CI outputs test timing. Makefile defines TEST_TIMEOUT=35m for performance monitoring
✓unit_tests_existExtensive *_test.go files throughout codebase. Tests in client/, common/, service/, chasm/, tools/ directories
✓unit_tests_runnablemake unit-test command successfully executes test suite with CGO_ENABLED=0 go test with race detector and shuffle
Documentation6/8 (75%)
✓agents_mdAGENTS.md exists at root with 8185 bytes. Documents development workflow, commands, best practices, project structure
✗agents_md_validationNo CI validation of AGENTS.md commands found. No automated testing that AGENTS.md instructions remain accurate
✓api_schema_docsExtensive proto definitions in proto/internal/temporal/server/api/ covering all services. 60+ .proto files documenting gRPC APIs
✓automated_doc_generationProtobuf API documentation auto-generated from .proto files. make proto generates API docs. 60+ proto files with comprehensive documentation
✓documentation_freshnessAGENTS.md modified within last 180 days. git log shows recent documentation updates
✓readmeREADME.md exists with comprehensive introduction, getting started guide, setup instructions, and contribution guidelines
✓service_flow_documentedExtensive architecture docs in docs/architecture/ including README.md, history-service.md, matching-service.md, workflow-lifecycle.md, nexus.md
✗skillsNo .factory/skills/, .skills/, or .claude/skills/ directories found in repository
Dev Environment2/4 (50%)
✓database_schemaComprehensive database schemas in schema/ directory for Cassandra, MySQL, PostgreSQL, SQLite, and Elasticsearch
✗devcontainerNo .devcontainer/devcontainer.json or .devcontainer.json found in repository
—devcontainer_runnableSkipped - prerequisite devcontainer check failed. No devcontainer configuration to validate
✗env_templateNo .env.example or .env.template file found. Environment variables not explicitly documented in template form
✓local_services_setupdocker-compose.yml in develop/docker-compose/ and develop/github/ with MySQL, Cassandra, PostgreSQL, Elasticsearch, Prometheus, Grafana
Debugging & Observability8/11 (73%)
✗alerting_configuredNo PagerDuty, OpsGenie, or alerting configuration found in repository. Prometheus/Grafana present but no alert rules visible
✓circuit_breakersgithub.com/sony/gobreaker circuit breaker library in go.mod. Used in service/history/circuitbreakerpool/
✓code_quality_metricsCodecov integration via .codecov.yml. Coverage reports in CI. Semgrep code scanning visible in PR checks
✓deployment_observabilityDocumentation references Grafana Tempo and dashboards in docs/development/testing.md and tracing.md. Docker compose includes Grafana
✓distributed_tracingOpenTelemetry instrumentation via go.opentelemetry.io packages. OTEL exporters for traces and metrics configured in go.mod
✗error_tracking_contextualizedNo Sentry, Bugsnag, or Rollbar integration found. No error tracking service configured
✓health_checksHealth check implementation in service/frontend/health_check.go with HealthChecker interface and membership monitoring
✓metrics_collectionPrometheus client in go.mod. Extensive metrics in common/metrics. Docker compose includes Prometheus and Grafana services
✓profiling_instrumentationOpenTelemetry SDK with profiling capabilities. Go pprof available via net/http/pprof. OTEL environment variables documented
✗runbooks_documentedNo references to runbooks, playbooks, or incident response documentation found in README, AGENTS.md, or docs/
✓structured_logginggo.uber.org/zap structured logging library used throughout. common/log package with tag-based logging
Security5/8 (63%)
✓automated_security_reviewSemgrep code scanning in PR checks (semgrep-cloud-platform/scan). Security analysis generates automated reports
✓branch_protectionThree active rulesets found via gh API: 'Check for CODEOWNERS' (org-level), 'main' branch, and 'release' branch protection
✓codeowners.github/CODEOWNERS exists assigning * to @temporalio/server and @temporalio/cgs teams
—dast_scanningSkipped - no evidence of DAST tools (OWASP ZAP, Burp, Nuclei) in CI workflows
✗dependency_update_automationNo .github/dependabot.yml, renovate.json, or similar dependency automation configuration found
✓gitignore_comprehensive.gitignore properly excludes .idea/, .vscode/, .DS_Store, *.out, *.test artifacts, build outputs, .envrc, and generated files
✗log_scrubbingNo explicit log scrubbing/redaction configuration found. Zap logger lacks visible redaction middleware
—pii_handlingSkipped - while temporal processes workflow data, no explicit PII detection/handling tooling found in repository
—privacy_complianceSkipped - Temporal is infrastructure/platform without direct end-user data collection. No consent management or GDPR handling needed
—secret_scanningRequires GitHub admin API access to verify secret scanning configuration (skipped).
✓secrets_managementGitHub Actions uses secrets.* pattern. .envrc gitignored. Config supports environment variables for sensitive values
Task Discovery4/4 (100%)
✓backlog_healthOpen issues have descriptive titles >10 chars and labels. Recent issues from 2026-01-14, 2026-01-13, 2026-01-12 show active maintenance
✓issue_labeling_systemConsistent labels in use: enhancement, potential-bug, bug, feature-request, schedules. Priority and type categorization visible
✓issue_templates.github/ISSUE_TEMPLATE/ directory exists with bug_report.md and feature_request.md templates
✓pr_templates.github/PULL_REQUEST_TEMPLATE.md exists with sections for 'What changed?', 'Why?', 'How did you test it?', 'Potential risks'
Product & Analytics0/2 (0%)
✗error_to_insight_pipelineNo Sentry-GitHub integration or error-to-issue automation found. No error tracking service configured
✗product_analytics_instrumentationNo Mixpanel, Amplitude, PostHog, Heap, or GA4 found. This is server infrastructure, not end-user application