MANIFLIGHT / REPOSITORY PREFLIGHT

agrovr/maniflight

Repository preflight

All 24 evaluated checks passed. Review the evidence before using this snapshot in a release decision.

ready

100%
100%
  • 24 passed
  • 0 warnings
  • 0 failed
  • 0 unknown
  • 1 not applicable
  • 100% confidence
  • 0 high-severity findings

Changes from baseline

Compared with baseline Maniflight. Status changes are separated from added and removed checks.

Current score
100%±0 points from baseline
Current confidence
100%+1.5 points from baseline

No readiness regressions detected. Improvements and other changes remain listed for review.

Evidence changes

1
  • community/repository-metadata Repository metadata Community · Low severity Status changed from Unknown to Pass

Readiness domains

Choose a domain to narrow the evidence. Select the repository core to restore the complete view.

Checks and evidence

A score is a navigation aid, not a certification. Use the evidence and confidence to make the decision.

25 checks shown

Project manifest Architecture Medium severity Pass architecture/manifest-present

What was checked

A machine-readable project manifest makes the repository reproducible and navigable.

Evidence

  • package.json — npm manifest

Next action

Add the standard manifest for the repository's primary language or build system.

Source boundary Architecture Low severity Pass architecture/source-boundary

What was checked

Production code is grouped under a recognizable application, package, or source directory.

Evidence

  • src — Recognized source boundary

Next action

Group production code under src/, app/, packages/, cmd/, internal/, or lib/.

Test capability Architecture Medium severity Pass architecture/test-capability

What was checked

The repository includes tests and a discoverable way to run them.

Evidence

  • 11 test file(s) detected
  • A test command or test configuration was detected

Next action

Add focused tests and expose a standard test command in the project manifest.

TypeScript strictness Architecture Medium severity Pass architecture/typescript-strict

What was checked

TypeScript repositories explicitly enable strict type checking.

Read the check documentation

Evidence

  • tsconfig.json — strict mode is enabled

Next action

Add a tsconfig.json and enable compilerOptions.strict.

Package entrypoints Architecture Medium severity Pass architecture/package-entrypoints

What was checked

Declared npm entrypoints resolve to files in the inspected checkout.

Evidence

  • package.json — bin.maniflight points to dist/cli.js

Next action

Correct stale entrypoint paths or ensure required build outputs exist before publishing.

Automation workflow Automation Medium severity Pass automation/workflow-present

What was checked

At least one readable GitHub Actions workflow is present.

Evidence

  • .github/workflows/ci.yml — Readable workflow
  • .github/workflows/codeql.yml — Readable workflow
  • .github/workflows/dogfood.yml — Readable workflow
  • .github/workflows/pages.yml — Readable workflow

Next action

Add a minimal validation workflow that runs on pull requests.

Pull request validation Automation High severity Pass automation/pr-validation

What was checked

Pull requests run tests plus at least one additional quality gate.

Evidence

  • .github/workflows/ci.yml — Runs on pull_request
  • .github/workflows/codeql.yml — Runs on pull_request
  • .github/workflows/dogfood.yml — Runs on pull_request
  • Test gate detected
  • Additional quality gate detected

Next action

Run tests and lint, build, typecheck, or security checks for pull requests.

Job timeouts Automation Low severity Pass automation/job-timeout

What was checked

Workflow jobs have explicit timeout limits.

Evidence

  • 5 of 5 job(s) declare timeout-minutes

Next action

Set timeout-minutes on every workflow job to bound stalled runs.

Deployment safety Automation High severity Not applicable automation/deploy-safety

What was checked

Detected deployment jobs use an environment and workflow concurrency control.

Evidence

No repository evidence was recorded for this check.

Next action

Use a protected environment and concurrency group for every deployment workflow.

Security policy Security Medium severity Pass security/policy-present

What was checked

The repository publishes a responsible vulnerability reporting route.

Evidence

  • SECURITY.md — Security policy detected

Next action

Add SECURITY.md with supported versions and a private reporting channel.

Dependency lockfile Security High severity Pass security/lockfile-present

What was checked

Dependency-bearing projects commit a recognized lockfile.

Evidence

  • package-lock.json — Lockfile detected

Next action

Generate and commit the ecosystem's lockfile.

Dependency update automation Security Medium severity Pass security/dependency-updates

What was checked

A dependency update service is configured for repositories with manifests.

Evidence

  • .github/dependabot.yml — Update automation

Next action

Configure Dependabot or Renovate for the detected package ecosystems.

Workflow token permissions Security High severity Pass security/workflow-permissions

What was checked

Workflows explicitly scope the GITHUB_TOKEN and avoid write-all access.

Read the check documentation

Evidence

  • 0 workflow(s) rely on defaults

Next action

Declare only the permissions each workflow or job requires.

Immutable Action references Security High severity Pass security/action-reference-pinned

What was checked

External Actions and containers are pinned to immutable commit or digest references.

Read the check documentation

Evidence

  • .github/workflows/ci.yml — Immutable reference
  • .github/workflows/ci.yml — Immutable reference
  • .github/workflows/codeql.yml — Immutable reference
  • .github/workflows/codeql.yml — Immutable reference
  • .github/workflows/codeql.yml — Immutable reference
  • .github/workflows/dogfood.yml — Immutable reference
  • .github/workflows/dogfood.yml — Immutable reference
  • .github/workflows/dogfood.yml — Immutable reference
  • .github/workflows/pages.yml — Immutable reference
  • .github/workflows/pages.yml — Immutable reference
  • .github/workflows/pages.yml — Immutable reference
  • .github/workflows/pages.yml — Immutable reference
  • .github/workflows/pages.yml — Immutable reference

Next action

Pin third-party Actions to a full 40-character commit SHA and containers to a digest.

Privileged pull request checkout Security High severity Pass security/pull-request-target-checkout

What was checked

pull_request_target workflows do not combine privileged context with a source checkout.

Read the check documentation

Evidence

  • No pull_request_target checkout combination detected

Next action

Use pull_request for untrusted code, or avoid checking out pull request code in privileged jobs.

Untrusted context in shell Security High severity Pass security/untrusted-context-in-run

What was checked

Inline shell scripts do not interpolate attacker-controlled GitHub context directly.

Read the check documentation

Evidence

  • No direct untrusted shell interpolation detected

Next action

Pass untrusted values through an environment variable and quote them in the shell.

Sensitive filenames Security High severity Pass security/sensitive-filename

What was checked

The checkout does not contain common private-key, credential, secret, or environment filenames.

Evidence

  • No common sensitive filenames were detected

Next action

Remove sensitive files from version control, rotate exposed credentials, and add safe ignore rules.

README Community Medium severity Pass community/readme

What was checked

The repository explains its purpose and basic use.

Evidence

  • README.md — README detected

Next action

Add a concise README with purpose, setup, use, and support information.

License Community High severity Pass community/license

What was checked

The repository declares how others may use and contribute to the project.

Evidence

  • LICENSE — License detected

Next action

Add an OSI-approved license file appropriate for the project.

Contribution guide Community Low severity Pass community/contributing

What was checked

Contributors have a documented development and review path.

Evidence

  • CONTRIBUTING.md — Contribution guide detected

Next action

Add CONTRIBUTING.md with setup, test, and pull request expectations.

Code of conduct Community Low severity Pass community/code-of-conduct

What was checked

The repository defines expected community behavior.

Evidence

  • CODE_OF_CONDUCT.md — Code of conduct detected

Next action

Add a recognized code of conduct and enforcement contact.

Issue template Community Low severity Pass community/issue-template

What was checked

Issue forms or templates collect useful problem context.

Evidence

  • .github/ISSUE_TEMPLATE/bug_report.yml — Issue template
  • .github/ISSUE_TEMPLATE/feature_request.yml — Issue template
  • .github/ISSUE_TEMPLATE/rule_proposal.yml — Issue template
  • .github/ISSUE_TEMPLATE/support_question.yml — Issue template

Next action

Add focused issue forms under .github/ISSUE_TEMPLATE/.

Pull request template Community Low severity Pass community/pull-request-template

What was checked

Pull requests prompt contributors for validation and context.

Evidence

  • .github/pull_request_template.md — Pull request template

Next action

Add a pull request template with summary, validation, and risk prompts.

Support channel Community Medium severity Pass community/support-channel

What was checked

Users can find an appropriate public or private support route.

Evidence

  • SUPPORT.md — Support route detected

Next action

Add SUPPORT.md and direct sensitive reports to a private channel.

Repository metadata Community Low severity Pass community/repository-metadata

What was checked

The GitHub repository has a description and useful topics.

Evidence

  • Description is set
  • 7 topic(s) set

Next action

Set a concise repository description and relevant discovery topics on GitHub.