@openhands/extensions 0.1.0 → 0.2.0

package/plugins/onboarding/skills/agent-readiness-report/SKILL.md

@@ -0,0 +1,122 @@
+---
+name: agent-readiness-report
+description: Evaluate how well a codebase supports autonomous AI-assisted development. Analyzes repositories across five pillars (Agent Instructions, Feedback Loops, Workflows & Automation, Policy & Governance, Build & Dev Environment) covering 74 features. Use when users want to assess how agent-ready a repository is.
+triggers:
+- agent-readiness-report
+- readiness report
+---
+
+# Agent Readiness Report
+
+Evaluate how well a repository supports autonomous AI-assisted development.
+
+## What this does
+
+Assess a codebase across five pillars that determine whether an AI agent can
+work effectively in a repository.  The output is a structured report identifying
+what's present and what's missing.
+
+## Five Pillars
+
+| Pillar | Question | Features |
+|--------|----------|----------|
+| **Agent Instructions** | Does the agent know what to do? | 18 |
+| **Feedback Loops** | Does the agent know if it's right? | 16 |
+| **Workflows & Automation** | Does the process support agent work? | 15 |
+| **Policy & Governance** | Does the agent know the rules? | 13 |
+| **Build & Dev Environment** | Can the agent build and run the project? | 12 |
+
+74 features total.  See `references/criteria.md` for the full list with
+descriptions and evidence examples.
+
+## How to run
+
+### Step 1: Run the scanner scripts
+
+Five shell scripts gather filesystem signals — file existence, config patterns,
+directory structures.  They surface what's present so you don't have to run
+dozens of `find` commands manually.
+
+```bash
+bash scripts/scan_agent_instructions.sh /path/to/repo
+bash scripts/scan_feedback_loops.sh /path/to/repo
+bash scripts/scan_workflows.sh /path/to/repo
+bash scripts/scan_policy.sh /path/to/repo
+bash scripts/scan_build_env.sh /path/to/repo
+```
+
+Or scan all five at once:
+
+```bash
+for s in scripts/scan_*.sh; do bash "$s" /path/to/repo; echo; done
+```
+
+**Important**: The scripts are helpers, not scorers.  They find files and
+patterns but do not evaluate quality.  Many features require judgment that only
+reading the actual files can provide — for example, whether a README includes
+real build commands or just badges, whether inline documentation is systematic or
+scattered, whether an AI usage policy has meaningful boundaries.
+
+### Step 2: Evaluate each feature
+
+Walk through `references/criteria.md` pillar by pillar.  For each feature:
+
+1. Check the scanner output for relevant signals
+2. For features the scanner can't fully evaluate, inspect the files yourself
+3. Mark each feature: **✓** (present), **✗** (missing), or **—** (not applicable)
+
+Features that require judgment (not fully covered by scanners):
+- Does the README actually contain build/run/test commands? (not just that it exists)
+- Is inline documentation systematic across the public API?
+- Are examples actually runnable?
+- Does the contributing guide include code standards?
+- Is there a meaningful AI usage policy?
+- Is the architecture documentation current?
+- Are tests documented well enough for an agent to run them?
+
+### Step 3: Write the report
+
+Structure the output as:
+
+```
+# Agent Readiness Report: {repo name}
+
+## Summary
+- Features present: X / 74
+- Strongest pillar: {pillar}
+- Weakest pillar: {pillar}
+
+## Pillar 1 · Agent Instructions (X / 18)
+✓ Agent instruction file — AGENTS.md at root
+✓ AI IDE configuration — .cursor/rules/ with 3 rule files
+✗ Multi-model support — only Cursor configured
+...
+
+## Pillar 2 · Feedback Loops (X / 16)
+...
+
+## Pillar 3 · Workflows & Automation (X / 15)
+...
+
+## Pillar 4 · Policy & Governance (X / 13)
+...
+
+## Pillar 5 · Build & Dev Environment (X / 12)
+...
+
+```
+
+For each passing feature, briefly note what evidence you found.
+For each failing feature, note what's missing.
+
+## What makes these features useful
+
+Every feature answers: *if this is missing, what goes wrong for the AI agent?*
+Features like "agent instruction file" and "tool server configuration" exist
+because agents need them.  Features like "linter" and "CI pipeline" exist because
+agents need fast, clear feedback on whether their changes are correct — not
+because they're general best practices.
+
+The criteria were derived from analysis of 123 real repositories across five
+AI-readiness categories, then filtered for features that actually affect agent
+effectiveness.

package/plugins/onboarding/skills/agent-readiness-report/scripts/scan_agent_instructions.sh

@@ -0,0 +1,88 @@
+#!/usr/bin/env bash
+# Scan for Agent Instructions signals (Pillar 1)
+# Helps the agent find relevant files — not a substitute for judgment.
+
+REPO="${1:-.}"
+cd "$REPO" 2>/dev/null || { echo "Cannot access $REPO"; exit 1; }
+
+echo "=== Pillar 1: Agent Instructions ==="
+echo ""
+
+echo "-- Agent instruction files --"
+find . -maxdepth 3 -iname 'AGENTS.md' -o -iname 'CLAUDE.md' -o -iname 'COPILOT.md' \
+  -o -iname 'CONVENTIONS.md' -o -iname 'CODING_GUIDELINES.md' 2>/dev/null | sort
+
+echo ""
+echo "-- AI IDE configuration --"
+for f in .cursor .cursor/rules .cursorrules .github/copilot-instructions.md \
+         .github/instructions .claude .claude/settings.json; do
+  [ -e "$f" ] && echo "./$f"
+done
+
+echo ""
+echo "-- Agent skills --"
+for d in .claude/skills .factory/skills; do
+  [ -d "$d" ] && echo "./$d/ ($(find "$d" -type f | wc -l | tr -d ' ') files)"
+done
+find . -maxdepth 3 -iname 'skill.md' 2>/dev/null | sort
+
+echo ""
+echo "-- Tool server configuration --"
+find . -maxdepth 2 -name '.mcp.json' -o -name 'mcp.config.*' 2>/dev/null | sort
+
+echo ""
+echo "-- Agent prompt library --"
+for d in .github/prompts prompts; do
+  [ -d "$d" ] && echo "./$d/ ($(find "$d" -type f | wc -l | tr -d ' ') files)"
+done
+
+echo ""
+echo "-- README --"
+[ -f README.md ] && echo "./README.md ($(wc -l < README.md) lines)" || echo "(not found)"
+
+echo ""
+echo "-- Contributing guide --"
+find . -maxdepth 2 -iname 'CONTRIBUTING*' 2>/dev/null | sort
+
+echo ""
+echo "-- Architecture docs --"
+find . -maxdepth 3 -iname 'ARCHITECTURE*' -o -iname 'DESIGN*' 2>/dev/null | sort
+for d in doc/adr docs/adr decisions rfcs doc/design; do
+  [ -d "$d" ] && echo "./$d/ ($(find "$d" -type f | wc -l | tr -d ' ') files)"
+done
+
+echo ""
+echo "-- API documentation --"
+find . -maxdepth 3 -name 'openapi.yaml' -o -name 'openapi.json' -o -name 'swagger.yaml' \
+  -o -name 'swagger.json' 2>/dev/null | sort
+find . -maxdepth 2 -name 'doc.go' 2>/dev/null | head -5
+api_doc_count=$(find . -maxdepth 2 -name 'doc.go' 2>/dev/null | wc -l | tr -d ' ')
+[ "$api_doc_count" -gt 5 ] && echo "  ... and $((api_doc_count - 5)) more doc.go files"
+
+echo ""
+echo "-- Changelog --"
+find . -maxdepth 1 -iname 'CHANGELOG*' -o -iname 'CHANGES*' -o -iname 'HISTORY*' 2>/dev/null | sort
+
+echo ""
+echo "-- Environment variable docs --"
+find . -maxdepth 2 -name '.env.example' -o -name '.env.template' -o -name '.env.sample' 2>/dev/null | sort
+
+echo ""
+echo "-- Documentation site / directory --"
+[ -d docs ] && echo "./docs/ ($(find docs -type f | wc -l | tr -d ' ') files)"
+for f in docusaurus.config.* mkdocs.yml conf.py .vitepress/config.*; do
+  find . -maxdepth 2 -name "$(basename "$f")" 2>/dev/null
+done
+
+echo ""
+echo "-- Examples directory --"
+for d in examples _examples; do
+  [ -d "$d" ] && echo "./$d/ ($(find "$d" -type f | wc -l | tr -d ' ') files)"
+done
+
+echo ""
+echo "-- Module-level READMEs --"
+find . -mindepth 2 -maxdepth 3 -name 'README.md' 2>/dev/null | head -10
+readme_count=$(find . -mindepth 2 -maxdepth 3 -name 'README.md' 2>/dev/null | wc -l | tr -d ' ')
+[ "$readme_count" -gt 10 ] && echo "  ... and $((readme_count - 10)) more"
+echo "  Total: $readme_count module READMEs"

package/plugins/onboarding/skills/agent-readiness-report/scripts/scan_build_env.sh

@@ -0,0 +1,114 @@
+#!/usr/bin/env bash
+# Scan for Build & Dev Environment signals (Pillar 5)
+# Helps the agent find relevant files — not a substitute for judgment.
+
+REPO="${1:-.}"
+cd "$REPO" 2>/dev/null || { echo "Cannot access $REPO"; exit 1; }
+
+echo "=== Pillar 5: Build & Dev Environment ==="
+echo ""
+
+echo "-- Dependency lockfiles --"
+for f in package-lock.json yarn.lock pnpm-lock.yaml bun.lockb \
+         Cargo.lock go.sum Gemfile.lock poetry.lock uv.lock \
+         Pipfile.lock composer.lock pubspec.lock; do
+  [ -f "$f" ] && echo "./$f"
+done
+
+echo ""
+echo "-- Build commands --"
+# Check for documented build commands in common files
+for f in README.md AGENTS.md CONTRIBUTING.md Makefile Justfile; do
+  if [ -f "$f" ]; then
+    build_refs=$(grep -ci 'make build\|npm run build\|cargo build\|go build\|gradle build\|mvn.*package\|bundle exec' "$f" 2>/dev/null)
+    [ "$build_refs" -gt 0 ] && echo "  $build_refs build command references in $f"
+  fi
+done
+
+echo ""
+echo "-- Setup scripts --"
+for f in bin/setup script/setup scripts/setup.sh scripts/bootstrap.sh \
+         script/bootstrap Makefile Justfile; do
+  [ -f "$f" ] && echo "./$f"
+done
+
+echo ""
+echo "-- Dev container --"
+if [ -d .devcontainer ]; then
+  echo ".devcontainer/:"
+  ls -1 .devcontainer/ 2>/dev/null | while read f; do echo "  $f"; done
+elif [ -f devcontainer.json ]; then
+  echo "./devcontainer.json"
+else
+  echo "  (not found)"
+fi
+
+echo ""
+echo "-- Containerized services --"
+find . -maxdepth 2 -name 'Dockerfile*' -o -name 'docker-compose*.yml' \
+  -o -name 'docker-compose*.yaml' -o -name 'compose.yml' -o -name 'compose.yaml' 2>/dev/null | sort
+
+echo ""
+echo "-- Reproducible environment --"
+for f in flake.nix shell.nix default.nix devbox.json devbox.lock; do
+  [ -f "$f" ] && echo "./$f"
+done
+
+echo ""
+echo "-- Tool version pinning --"
+for f in .tool-versions mise.toml .mise.toml .node-version .nvmrc \
+         .python-version .ruby-version .go-version rust-toolchain.toml \
+         rust-toolchain .java-version .sdkmanrc; do
+  [ -f "$f" ] && echo "./$f"
+done
+
+echo ""
+echo "-- Monorepo orchestration --"
+# Check for workspace configs
+if [ -f package.json ]; then
+  grep -q '"workspaces"' package.json 2>/dev/null && echo "  workspaces in package.json"
+fi
+for f in pnpm-workspace.yaml lerna.json nx.json turbo.json rush.json; do
+  [ -f "$f" ] && echo "./$f"
+done
+if [ -f Cargo.toml ]; then
+  grep -q '\[workspace\]' Cargo.toml 2>/dev/null && echo "  Cargo workspace in Cargo.toml"
+fi
+if [ -f go.work ]; then
+  echo "./go.work"
+fi
+
+echo ""
+echo "-- Build caching --"
+if [ -d .github/workflows ]; then
+  cache_count=$(grep -rl 'actions/cache\|buildx.*cache\|turbo.*cache\|ccache\|sccache' .github/workflows/ 2>/dev/null | wc -l | tr -d ' ')
+  echo "  $cache_count workflows with cache configuration"
+fi
+[ -f turbo.json ] && grep -q 'cache' turbo.json 2>/dev/null && echo "  Turborepo cache config"
+
+echo ""
+echo "-- Cross-platform support --"
+if [ -d .github/workflows ]; then
+  for f in .github/workflows/*.yml .github/workflows/*.yaml; do
+    [ -f "$f" ] || continue
+    if grep -q 'matrix:' "$f" 2>/dev/null; then
+      os_line=$(grep -A10 'matrix:' "$f" | grep -i 'os:' | head -1 | tr -d ' ')
+      [ -n "$os_line" ] && echo "  $(basename "$f"): $os_line"
+    fi
+  done
+fi
+
+echo ""
+echo "-- Cloud dev environment --"
+[ -f .gitpod.yml ] && echo "./.gitpod.yml"
+if [ -d .devcontainer ]; then
+  grep -q 'codespaces\|ghcr.io' .devcontainer/devcontainer.json 2>/dev/null \
+    && echo "  Codespaces support in devcontainer.json"
+fi
+
+echo ""
+echo "-- Package manager configuration --"
+for f in .npmrc .yarnrc .yarnrc.yml .pnpmrc pip.conf .cargo/config.toml \
+         .cargo/config gradle.properties; do
+  [ -f "$f" ] && echo "./$f"
+done

package/plugins/onboarding/skills/agent-readiness-report/scripts/scan_feedback_loops.sh

@@ -0,0 +1,133 @@
+#!/usr/bin/env bash
+# Scan for Feedback Loops signals (Pillar 2)
+# Helps the agent find relevant files — not a substitute for judgment.
+
+REPO="${1:-.}"
+cd "$REPO" 2>/dev/null || { echo "Cannot access $REPO"; exit 1; }
+
+echo "=== Pillar 2: Feedback Loops ==="
+echo ""
+
+echo "-- Linter configuration --"
+find . -maxdepth 2 \( \
+  -name '.eslintrc*' -o -name 'eslint.config.*' \
+  -o -name 'ruff.toml' -o -name '.golangci.yml' -o -name '.golangci.yaml' \
+  -o -name 'clippy.toml' -o -name '.clippy.toml' \
+  -o -name '.pylintrc' -o -name 'pylintrc' \
+  -o -name 'biome.json' -o -name 'biome.jsonc' \
+  -o -name '.swiftlint.yml' -o -name '.ktlint*' \
+  \) 2>/dev/null | sort
+# Check pyproject.toml for ruff/pylint
+if [ -f pyproject.toml ]; then
+  grep -l -i '\[tool\.ruff\]\|\[tool\.pylint\]\|\[tool\.flake8\]' pyproject.toml 2>/dev/null \
+    && echo "  (also: linter config in pyproject.toml)"
+fi
+
+echo ""
+echo "-- Formatter configuration --"
+find . -maxdepth 2 \( \
+  -name '.prettierrc*' -o -name 'prettier.config.*' \
+  -o -name 'rustfmt.toml' -o -name '.rustfmt.toml' \
+  -o -name '.clang-format' \
+  -o -name '.editorconfig' \
+  \) 2>/dev/null | sort
+if [ -f pyproject.toml ]; then
+  grep -l -i '\[tool\.black\]\|\[tool\.ruff\.format\]\|\[tool\.isort\]' pyproject.toml 2>/dev/null \
+    && echo "  (also: formatter config in pyproject.toml)"
+fi
+
+echo ""
+echo "-- Type checking --"
+find . -maxdepth 2 -name 'tsconfig.json' -o -name 'tsconfig.*.json' 2>/dev/null | sort
+if [ -f tsconfig.json ]; then
+  grep -q '"strict"' tsconfig.json 2>/dev/null && echo "  (strict mode in tsconfig.json)"
+fi
+find . -maxdepth 2 -name 'mypy.ini' -o -name '.mypy.ini' 2>/dev/null | sort
+if [ -f pyproject.toml ]; then
+  grep -q '\[tool\.mypy\]\|\[tool\.pyright\]' pyproject.toml 2>/dev/null \
+    && echo "  (type checker config in pyproject.toml)"
+fi
+find . -maxdepth 1 -name 'py.typed' 2>/dev/null
+
+echo ""
+echo "-- Pre-commit hooks --"
+for f in .pre-commit-config.yaml .husky lefthook.yml .lefthook.yml; do
+  [ -e "$f" ] && echo "./$f"
+done
+if [ -f package.json ]; then
+  grep -q 'lint-staged' package.json 2>/dev/null && echo "  (lint-staged in package.json)"
+fi
+
+echo ""
+echo "-- Test directories --"
+for d in test tests __tests__ spec test/unit test/integration tests/unit tests/integration \
+         test/e2e tests/e2e e2e cypress playwright; do
+  [ -d "$d" ] && echo "./$d/ ($(find "$d" -maxdepth 1 -type f | wc -l | tr -d ' ') top-level files)"
+done
+
+echo ""
+echo "-- Test file count --"
+test_files=$(find . -maxdepth 5 \( \
+  -name '*_test.go' -o -name '*_test.py' -o -name 'test_*.py' \
+  -o -name '*.spec.ts' -o -name '*.test.ts' -o -name '*.spec.js' -o -name '*.test.js' \
+  -o -name '*_test.rb' -o -name '*_spec.rb' \
+  -o -name '*_test.rs' \
+  \) 2>/dev/null | wc -l | tr -d ' ')
+echo "  $test_files test files found"
+
+echo ""
+echo "-- Test coverage --"
+find . -maxdepth 2 \( \
+  -name '.codecov.yml' -o -name 'codecov.yml' \
+  -o -name '.coveragerc' -o -name 'coverage.config.*' \
+  -o -name 'jest.config.*' \
+  \) 2>/dev/null | sort
+if [ -f pyproject.toml ]; then
+  grep -q '\[tool\.coverage\]\|\[tool\.pytest\.ini_options\]' pyproject.toml 2>/dev/null \
+    && echo "  (coverage/pytest config in pyproject.toml)"
+fi
+if [ -f jest.config.js ] || [ -f jest.config.ts ]; then
+  grep -l 'coverageThreshold' jest.config.* 2>/dev/null
+fi
+
+echo ""
+echo "-- CI pipelines --"
+if [ -d .github/workflows ]; then
+  echo ".github/workflows/:"
+  ls -1 .github/workflows/*.yml .github/workflows/*.yaml 2>/dev/null | while read f; do
+    echo "  $(basename "$f")"
+  done
+fi
+for f in .circleci/config.yml .gitlab-ci.yml Jenkinsfile .travis.yml; do
+  [ -f "$f" ] && echo "./$f"
+done
+
+echo ""
+echo "-- Config/schema validation --"
+find . -maxdepth 2 -name '.yamllint*' -o -name 'taplo.toml' 2>/dev/null | sort
+if [ -d .github/workflows ]; then
+  grep -rl 'actionlint\|yamllint\|schema.*validate' .github/workflows/ 2>/dev/null | head -3
+fi
+
+echo ""
+echo "-- Snapshot tests --"
+snap_count=$(find . -maxdepth 5 -name '__snapshots__' -o -name '*.snap' 2>/dev/null | wc -l | tr -d ' ')
+golden_count=$(find . -maxdepth 4 -name 'testdata' -type d 2>/dev/null | wc -l | tr -d ' ')
+echo "  $snap_count snapshot dirs/files, $golden_count testdata dirs"
+
+echo ""
+echo "-- Benchmark suite --"
+for d in bench benchmarks benchmark; do
+  [ -d "$d" ] && echo "./$d/ ($(find "$d" -type f | wc -l | tr -d ' ') files)"
+done
+bench_files=$(find . -maxdepth 4 -name '*_bench_test.go' -o -name '*benchmark*' -type f 2>/dev/null | wc -l | tr -d ' ')
+echo "  $bench_files benchmark files found"
+
+echo ""
+echo "-- Spell checking --"
+find . -maxdepth 2 -name '.cspell.json' -o -name 'cspell.json' -o -name 'typos.toml' \
+  -o -name '.typos.toml' 2>/dev/null | sort
+if [ -f .pre-commit-config.yaml ]; then
+  grep -q 'codespell\|cspell\|typos' .pre-commit-config.yaml 2>/dev/null \
+    && echo "  (spell checker in pre-commit config)"
+fi

package/plugins/onboarding/skills/agent-readiness-report/scripts/scan_policy.sh

@@ -0,0 +1,113 @@
+#!/usr/bin/env bash
+# Scan for Policy & Governance signals (Pillar 4)
+# Helps the agent find relevant files — not a substitute for judgment.
+
+REPO="${1:-.}"
+cd "$REPO" 2>/dev/null || { echo "Cannot access $REPO"; exit 1; }
+
+echo "=== Pillar 4: Policy & Governance ==="
+echo ""
+
+echo "-- .gitignore --"
+if [ -f .gitignore ]; then
+  lines=$(wc -l < .gitignore | tr -d ' ')
+  echo "./.gitignore ($lines lines)"
+  # Check for agent-aware entries
+  agent_entries=$(grep -ci 'cursor\|claude\|copilot\|\.agent\|\.mcp' .gitignore 2>/dev/null)
+  [ "$agent_entries" -gt 0 ] && echo "  ($agent_entries agent-related ignore entries)"
+else
+  echo "  (not found)"
+fi
+
+echo ""
+echo "-- License --"
+find . -maxdepth 1 -iname 'LICENSE*' -o -iname 'COPYING*' -o -iname 'MIT-LICENSE' 2>/dev/null | sort
+
+echo ""
+echo "-- Code ownership --"
+find . -maxdepth 3 -name 'CODEOWNERS' 2>/dev/null | sort
+if [ -f CODEOWNERS ] || [ -f .github/CODEOWNERS ] || [ -f docs/CODEOWNERS ]; then
+  f=$(find . -maxdepth 3 -name 'CODEOWNERS' 2>/dev/null | head -1)
+  rules=$(grep -c '^[^#]' "$f" 2>/dev/null | tr -d ' ')
+  echo "  ($rules ownership rules)"
+fi
+
+echo ""
+echo "-- Security policy --"
+find . -maxdepth 3 -iname 'SECURITY*' 2>/dev/null | sort
+
+echo ""
+echo "-- Code of conduct --"
+find . -maxdepth 2 -iname 'CODE_OF_CONDUCT*' -o -iname 'CONDUCT*' 2>/dev/null | sort
+
+echo ""
+echo "-- AI usage policy --"
+# Check common locations for AI policy mentions
+for f in AGENTS.md CLAUDE.md CONTRIBUTING.md; do
+  if [ -f "$f" ]; then
+    ai_mentions=$(grep -ci 'ai policy\|ai usage\|agent boundar\|ai contribut\|llm\|copilot' "$f" 2>/dev/null)
+    [ "$ai_mentions" -gt 0 ] && echo "  $ai_mentions AI policy references in $f"
+  fi
+done
+
+echo ""
+echo "-- Secrets management --"
+if [ -d .github/workflows ]; then
+  secrets_refs=$(grep -roh '\${{ secrets\.[A-Z_]*' .github/workflows/ 2>/dev/null | sort -u | wc -l | tr -d ' ')
+  echo "  $secrets_refs distinct secrets referenced in CI"
+fi
+find . -maxdepth 2 -name '.env.example' -o -name '.env.template' 2>/dev/null | sort
+find . -maxdepth 2 -name 'vault.hcl' -o -name '.vault-token' 2>/dev/null | sort
+
+echo ""
+echo "-- Security scanning --"
+if [ -d .github/workflows ]; then
+  for scanner in codeql snyk trivy gosec semgrep; do
+    grep -ril "$scanner" .github/workflows/ 2>/dev/null | while read f; do
+      echo "  $scanner in $(basename "$f")"
+    done
+  done
+fi
+find . -maxdepth 2 -name '.snyk' -o -name '.trivyignore' 2>/dev/null | sort
+
+echo ""
+echo "-- Git attributes --"
+if [ -f .gitattributes ]; then
+  lines=$(wc -l < .gitattributes | tr -d ' ')
+  echo "./.gitattributes ($lines lines)"
+  linguist=$(grep -c 'linguist' .gitattributes 2>/dev/null)
+  [ "$linguist" -gt 0 ] && echo "  ($linguist linguist overrides)"
+  lfs=$(grep -c 'filter=lfs' .gitattributes 2>/dev/null)
+  [ "$lfs" -gt 0 ] && echo "  ($lfs LFS-tracked patterns)"
+else
+  echo "  (not found)"
+fi
+
+echo ""
+echo "-- Contributor agreement --"
+find . -maxdepth 2 -iname 'DCO*' -o -iname 'CLA*' 2>/dev/null | sort
+for f in CONTRIBUTING.md .github/workflows/*.yml; do
+  [ -f "$f" ] && grep -qi 'signed-off-by\|DCO\|CLA\|contributor license' "$f" 2>/dev/null \
+    && echo "  DCO/CLA reference in $(basename "$f")"
+done
+
+echo ""
+echo "-- Governance model --"
+find . -maxdepth 2 -iname 'GOVERNANCE*' -o -iname 'MAINTAINERS*' -o -iname 'OWNERS*' 2>/dev/null | sort
+
+echo ""
+echo "-- CI workflow validation --"
+if [ -d .github/workflows ]; then
+  grep -rl 'actionlint' .github/workflows/ 2>/dev/null | head -3
+fi
+if [ -f .pre-commit-config.yaml ]; then
+  grep -q 'actionlint' .pre-commit-config.yaml 2>/dev/null && echo "  actionlint in pre-commit"
+fi
+
+echo ""
+echo "-- Environment separation --"
+find . -maxdepth 2 -name '.env.test' -o -name '.env.production' -o -name '.env.staging' \
+  -o -name '.env.development' 2>/dev/null | sort
+for d in config/environments environments; do
+  [ -d "$d" ] && echo "./$d/ ($(ls "$d" | wc -l | tr -d ' ') environments)"
+done