All Reports
Temporal
Go
temporalio/temporal
Pass Rate
74%
Workflow orchestration platform
L1100%
L2100%
L3100%
L470%
L50%
Strong Testing
Temporal reaches Level 4 with 100% Testing pass rate. Currently reaching production grade with 52/70 criteria passing (74%). Key areas for improvement include the opportunities listed below.
Strengths
01
Testing (100%)
Includes Flaky Test Detection, Integration Tests Exist, Test Coverage Thresholds.
02
Task Discovery (100%)
Includes Backlog Health, Issue Labeling System, Issue Templates.
03
Code Modularization
Go internal/ package pattern used for enforcing module boundaries. Proto has internal/ directories with compiler-enforced visibility
Opportunities
01
Duplicate Code Detection
No duplicate code detection tool (jscpd, PMD CPD, SonarQube) found in configuration or CI
02
Large File Detection
No git hooks, CI jobs checking file size, .gitattributes LFS, or linter rules for file size detected
03
Pre Commit Hooks
No .pre-commit-config.yaml, husky, or similar pre-commit hook framework found
All Criteria
Style & Validation9/12 (75%)
✓code_modularizationGo internal/ package pattern used for enforcing module boundaries. Proto has internal/ directories with compiler-enforced visibility
✓cyclomatic_complexitygolangci-lint includes gocyclo for cyclomatic complexity analysis. Also uses revive which has complexity rules
✓dead_code_detectionstaticcheck enabled in golangci-lint detects unused code, unreachable code, and dead stores
✗duplicate_code_detectionNo duplicate code detection tool (jscpd, PMD CPD, SonarQube) found in configuration or CI
✓formattergoimports and gci formatters configured. Makefile has fmt-imports target and CI workflow validates formatting
✗large_file_detectionNo git hooks, CI jobs checking file size, .gitattributes LFS, or linter rules for file size detected
✓lint_configgolangci-lint configured with comprehensive rules including errcheck, staticcheck, revive, forbidigo, exhaustive, godox, testifylint
—n_plus_one_detectionSkipped - temporal is a database-backed service but uses raw SQL and NoSQL clients without ORM, making N+1 detection tools not applicable
✓naming_consistencygolangci-lint revive rules enforce naming conventions. Documented naming patterns in AGENTS.md
✗pre_commit_hooksNo .pre-commit-config.yaml, husky, or similar pre-commit hook framework found
✓strict_typingGo is strictly typed by default with compile-time type checking enforced
✓tech_debt_trackinggodox linter in golangci-lint tracks FIXME keywords. Enforces technical debt tracking via linting
✓type_checkGo has built-in strict type checking enforced by the compiler. go.mod requires go >= 1.25.0
Build System10/13 (77%)
✗agentic_developmentNo evidence of agent co-authorship in git log. No factory-droid, Claude, or AI agent signatures found in recent 100 commits
✓automated_pr_reviewSemgrep automated security reviews visible in PR statusCheckRollup. Code scanning generates review comments
✓build_cmd_docREADME.md and AGENTS.md document build commands: make, make bins, make install. Clear instructions for building temporal-server
✗build_performance_trackingNo explicit build caching config, build metrics export, or build duration tracking visible. GitHub Actions cache not explicitly configured
—dead_feature_flag_detectionSkipped - prerequisite feature_flag_infrastructure failed. No feature flag system to detect stale flags
✓deployment_frequency20 releases in gh release list with v1.28.2, v1.27.4, v1.29.2 on 2025-12-30. Multiple releases per month showing frequent deployment
✓deps_pinnedgo.sum committed with exact dependency versions and checksums. Go modules provide deterministic builds
✓fast_ci_feedbackCI checks complete in ~4 minutes based on PR statusCheckRollup (e.g., 23:03:35 to 23:04:05, 18:44:08 to 18:47:49). Well under 10 minute threshold
✗feature_flag_infrastructureNo LaunchDarkly, Statsig, Unleash, GrowthBook, or custom feature flag system found. Dynamic config exists but not feature flags
—heavy_dependency_detectionSkipped - backend Go service without bundle size concerns. Not applicable for server-side applications
—monorepo_toolingSkipped - single Go module with go.mod at root. Not a monorepo requiring Turborepo/Nx/Lerna
—progressive_rolloutSkipped - no evidence of canary deployments or percentage-based rollouts. Infrastructure repository focus
✓release_automationrelease.yml workflow triggers on release published. goreleaser automates binary builds for multiple platforms
✓release_notes_automationgoreleaser.yml configured for automated release builds and artifact generation. GitHub releases workflow automates releases
—rollback_automationSkipped - no rollback automation documentation or scripts found. Infrastructure repository focus
✓single_command_setupREADME.md documents brew install temporal && temporal server start-dev. CONTRIBUTING.md shows make start for local development
✓unused_dependencies_detectiongo mod tidy in Makefile and CI (ci-build-misc target calls gomodtidy) ensures unused dependencies are detected
✓vcs_cli_toolsgh CLI v2.52.0 installed and authenticated to github.com with repo, workflow, read:org scopes
—version_drift_detectionSkipped - single application repo with unified go.mod. No package version drift concerns
Testing8/8 (100%)
✓flaky_test_detectionDedicated flaky-tests-report.yml workflow using tringa tool to detect and report flaky tests, runs weekly on Wednesdays
✓integration_tests_existIntegration tests in common/persistence/tests/, tools/tests/, and temporaltest/ directories. Makefile has integration-test target
✓test_coverage_thresholdscodecov.yml configured with coverage tracking. Makefile has coverage targets with MAX_TEST_ATTEMPTS retry logic
✓test_isolationTests run with -race flag enabling parallel execution and race detection. TEST_SHUFFLE_FLAG=on for randomized test order
✓test_naming_conventionsGo built-in *_test.go convention enforced. All test files follow TestXxx pattern with testify framework
✓test_performance_trackingTests run with -timeout flag tracking. CI outputs test timing. Makefile defines TEST_TIMEOUT=35m for performance monitoring
✓unit_tests_existExtensive *_test.go files throughout codebase. Tests in client/, common/, service/, chasm/, tools/ directories
✓unit_tests_runnablemake unit-test command successfully executes test suite with CGO_ENABLED=0 go test with race detector and shuffle
Documentation6/8 (75%)
✓agents_mdAGENTS.md exists at root with 8185 bytes. Documents development workflow, commands, best practices, project structure
✗agents_md_validationNo CI validation of AGENTS.md commands found. No automated testing that AGENTS.md instructions remain accurate
✓api_schema_docsExtensive proto definitions in proto/internal/temporal/server/api/ covering all services. 60+ .proto files documenting gRPC APIs
✓automated_doc_generationProtobuf API documentation auto-generated from .proto files. make proto generates API docs. 60+ proto files with comprehensive documentation
✓documentation_freshnessAGENTS.md modified within last 180 days. git log shows recent documentation updates
✓readmeREADME.md exists with comprehensive introduction, getting started guide, setup instructions, and contribution guidelines
✓service_flow_documentedExtensive architecture docs in docs/architecture/ including README.md, history-service.md, matching-service.md, workflow-lifecycle.md, nexus.md
✗skillsNo .factory/skills/, .skills/, or .claude/skills/ directories found in repository
Dev Environment2/4 (50%)
✓database_schemaComprehensive database schemas in schema/ directory for Cassandra, MySQL, PostgreSQL, SQLite, and Elasticsearch
✗devcontainerNo .devcontainer/devcontainer.json or .devcontainer.json found in repository
—devcontainer_runnableSkipped - prerequisite devcontainer check failed. No devcontainer configuration to validate
✗env_templateNo .env.example or .env.template file found. Environment variables not explicitly documented in template form
✓local_services_setupdocker-compose.yml in develop/docker-compose/ and develop/github/ with MySQL, Cassandra, PostgreSQL, Elasticsearch, Prometheus, Grafana
Debugging & Observability8/11 (73%)
✗alerting_configuredNo PagerDuty, OpsGenie, or alerting configuration found in repository. Prometheus/Grafana present but no alert rules visible
✓circuit_breakersgithub.com/sony/gobreaker circuit breaker library in go.mod. Used in service/history/circuitbreakerpool/
✓code_quality_metricsCodecov integration via .codecov.yml. Coverage reports in CI. Semgrep code scanning visible in PR checks
✓deployment_observabilityDocumentation references Grafana Tempo and dashboards in docs/development/testing.md and tracing.md. Docker compose includes Grafana
✓distributed_tracingOpenTelemetry instrumentation via go.opentelemetry.io packages. OTEL exporters for traces and metrics configured in go.mod
✗error_tracking_contextualizedNo Sentry, Bugsnag, or Rollbar integration found. No error tracking service configured
✓health_checksHealth check implementation in service/frontend/health_check.go with HealthChecker interface and membership monitoring
✓metrics_collectionPrometheus client in go.mod. Extensive metrics in common/metrics. Docker compose includes Prometheus and Grafana services
✓profiling_instrumentationOpenTelemetry SDK with profiling capabilities. Go pprof available via net/http/pprof. OTEL environment variables documented
✗runbooks_documentedNo references to runbooks, playbooks, or incident response documentation found in README, AGENTS.md, or docs/
✓structured_logginggo.uber.org/zap structured logging library used throughout. common/log package with tag-based logging
Security5/8 (63%)
✓automated_security_reviewSemgrep code scanning in PR checks (semgrep-cloud-platform/scan). Security analysis generates automated reports
✓branch_protectionThree active rulesets found via gh API: 'Check for CODEOWNERS' (org-level), 'main' branch, and 'release' branch protection
✓codeowners.github/CODEOWNERS exists assigning * to @temporalio/server and @temporalio/cgs teams
—dast_scanningSkipped - no evidence of DAST tools (OWASP ZAP, Burp, Nuclei) in CI workflows
✗dependency_update_automationNo .github/dependabot.yml, renovate.json, or similar dependency automation configuration found
✓gitignore_comprehensive.gitignore properly excludes .idea/, .vscode/, .DS_Store, *.out, *.test artifacts, build outputs, .envrc, and generated files
✗log_scrubbingNo explicit log scrubbing/redaction configuration found. Zap logger lacks visible redaction middleware
—pii_handlingSkipped - while temporal processes workflow data, no explicit PII detection/handling tooling found in repository
—privacy_complianceSkipped - Temporal is infrastructure/platform without direct end-user data collection. No consent management or GDPR handling needed
—secret_scanningRequires GitHub admin API access to verify secret scanning configuration (skipped).
✓secrets_managementGitHub Actions uses secrets.* pattern. .envrc gitignored. Config supports environment variables for sensitive values
Task Discovery4/4 (100%)
✓backlog_healthOpen issues have descriptive titles >10 chars and labels. Recent issues from 2026-01-14, 2026-01-13, 2026-01-12 show active maintenance
✓issue_labeling_systemConsistent labels in use: enhancement, potential-bug, bug, feature-request, schedules. Priority and type categorization visible
✓issue_templates.github/ISSUE_TEMPLATE/ directory exists with bug_report.md and feature_request.md templates
✓pr_templates.github/PULL_REQUEST_TEMPLATE.md exists with sections for 'What changed?', 'Why?', 'How did you test it?', 'Potential risks'
Product & Analytics0/2 (0%)
✗error_to_insight_pipelineNo Sentry-GitHub integration or error-to-issue automation found. No error tracking service configured
✗product_analytics_instrumentationNo Mixpanel, Amplitude, PostHog, Heap, or GA4 found. This is server infrastructure, not end-user application