oss-signal 0.2.0 → 0.3.0

package/CHANGELOG.md

@@ -1,5 +1,10 @@
 # Changelog
 
+## 0.3.0
+
+- Added GitHub Actions step summary output for readable workflow reports.
+- Added a `summary` Action input for turning step summary output on or off.
+
 ## 0.2.0
 
 - Added direct GitHub repository audits for public repositories.

package/README.md

@@ -1,6 +1,7 @@
 # oss-signal
 
 [![CI](https://github.com/SalmonPlays/oss-signal/actions/workflows/ci.yml/badge.svg)](https://github.com/SalmonPlays/oss-signal/actions/workflows/ci.yml)
+[![Repository health](https://github.com/SalmonPlays/oss-signal/actions/workflows/repository-health.yml/badge.svg)](https://github.com/SalmonPlays/oss-signal/actions/workflows/repository-health.yml)
 [![npm version](https://img.shields.io/npm/v/oss-signal.svg)](https://www.npmjs.com/package/oss-signal)
 [![npm downloads](https://img.shields.io/npm/dm/oss-signal.svg)](https://www.npmjs.com/package/oss-signal)
 [![License: MIT](https://img.shields.io/badge/license-MIT-green.svg)](LICENSE)
@@ -21,7 +22,7 @@ Open-source projects often fail quietly because the maintainer workflow is undoc
 - Contributors can attach a report to a cleanup issue or pull request.
 - Teams can gate release readiness with `--fail-under`.
 - Foundations and working groups can compare repository hygiene across many projects.
-- CI maintainers can add it as a GitHub Action and publish the report as an artifact.
+- CI maintainers can add it as a GitHub Action, show the score in the workflow summary, and publish the report as an artifact.
 
 ## Install
 
@@ -137,14 +138,19 @@ oss-signal . --fail-under 80
 Add `oss-signal` directly to a GitHub Actions workflow:
 
 ```yaml
-- uses: SalmonPlays/oss-signal@v0.2.0
+- uses: SalmonPlays/oss-signal@v0.3.0
   id: oss-signal
   with:
     fail-under: "80"
     output: oss-signal-report.md
+    summary: "true"
 - run: echo "score ${{ steps.oss-signal.outputs.score }} (${{ steps.oss-signal.outputs.grade }})"
 ```
 
+The Action writes a concise GitHub Actions step summary by default, so reviewers can see the score and recommended next steps without downloading an artifact. Set `summary: "false"` to disable it.
+
+![oss-signal GitHub Actions summary](docs/assets/github-step-summary.svg)
+
 Full workflow example:
 
 ```yaml
@@ -160,11 +166,12 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v4
-      - uses: SalmonPlays/oss-signal@v0.2.0
+      - uses: SalmonPlays/oss-signal@v0.3.0
         id: oss-signal
         with:
           fail-under: "80"
           output: oss-signal-report.md
+          summary: "true"
       - uses: actions/upload-artifact@v4
         with:
           name: oss-signal-report
@@ -173,6 +180,8 @@ jobs:
 
 See [docs/examples/github-action-workflow.yml](docs/examples/github-action-workflow.yml) for a copyable workflow.
 
+This repository dogfoods the public Action tag in [Repository health](.github/workflows/repository-health.yml), which runs `SalmonPlays/oss-signal@v0.3.0` against the repository and uploads the Markdown report artifact.
+
 You can also run the CLI directly in CI:
 
 ```yaml

package/action.yml

@@ -17,6 +17,10 @@ inputs:
     description: Report file path.
     required: false
     default: oss-signal-report.md
+  summary:
+    description: Write a concise report to the GitHub Actions step summary.
+    required: false
+    default: "true"
   fail-under:
     description: Fail the action when the score is below this number.
     required: false

package/docs/adoption-evidence.md

@@ -6,11 +6,13 @@ This page collects the public evidence that `oss-signal` is built for real open-
 
 - Repository: https://github.com/SalmonPlays/oss-signal
 - npm package: https://www.npmjs.com/package/oss-signal
-- GitHub Action tag: https://github.com/SalmonPlays/oss-signal/tree/v0.2.0
+- GitHub Action tag: https://github.com/SalmonPlays/oss-signal/tree/v0.3.0
 - GitHub Action metadata: [action.yml](../action.yml)
+- Public dogfood workflow: [.github/workflows/repository-health.yml](../.github/workflows/repository-health.yml)
 - Self-audit report: [docs/self-audit.md](self-audit.md)
 - GitHub URL audit report: [docs/examples/github-url-report.md](examples/github-url-report.md)
 - GitHub Action workflow example: [docs/examples/github-action-workflow.yml](examples/github-action-workflow.yml)
+- Codex for Open Source application brief: [docs/codex-for-oss-application.md](codex-for-oss-application.md)
 - Rule reference: [docs/rules.md](rules.md)
 
 ## Maintainer Use Case
@@ -22,19 +24,19 @@ The CLI supports two practical modes:
 - Local repository audit for maintainers working in a clone.
 - Public GitHub repository audit for quick triage without cloning.
 
-It also ships as a GitHub Action, so maintainers can gate repository hygiene in CI and upload a Markdown report as a workflow artifact.
+It also ships as a GitHub Action, so maintainers can gate repository hygiene in CI, show the result in the GitHub Actions step summary, and upload a Markdown report as a workflow artifact. This repository dogfoods the public Action tag through the Repository health workflow.
 
-## Public Field Audits
+## Public Field Audits And PRs
 
 The tool has been used to generate maintainer-readiness reports for public repositories and convert them into respectful cleanup issues:
 
-| Repository | Report | Posted issue |
-| --- | --- | --- |
-| `platformatic/massimo` | [report](outreach/platformatic-massimo-report.md) | https://github.com/platformatic/massimo/issues/159 |
-| `supermarkt/checkjebon` | [report](outreach/supermarkt-checkjebon-report.md) | https://github.com/supermarkt/checkjebon/issues/22 |
-| `sammorrisdesign/interactive-feed` | [report](outreach/sammorrisdesign-interactive-feed-report.md) | https://github.com/sammorrisdesign/interactive-feed/issues/14 |
+| Repository | Report | Posted issue | Follow-up PR |
+| --- | --- | --- | --- |
+| `platformatic/massimo` | [report](outreach/platformatic-massimo-report.md) | https://github.com/platformatic/massimo/issues/159 | https://github.com/platformatic/massimo/pull/160 |
+| `supermarkt/checkjebon` | [report](outreach/supermarkt-checkjebon-report.md) | https://github.com/supermarkt/checkjebon/issues/22 | https://github.com/supermarkt/checkjebon/pull/23 |
+| `sammorrisdesign/interactive-feed` | [report](outreach/sammorrisdesign-interactive-feed-report.md) | https://github.com/sammorrisdesign/interactive-feed/issues/14 | https://github.com/sammorrisdesign/interactive-feed/pull/15 |
 
-These issues are evidence of the intended maintainer workflow: run a deterministic audit, explain the missing signals, and give maintainers a small set of actionable improvements.
+These issues and pull requests are evidence of the intended maintainer workflow: run a deterministic audit, explain the missing signals, and give maintainers a small set of actionable improvements. Each PR is intentionally limited to documentation or GitHub templates.
 
 ## Verification Commands
 
@@ -50,8 +52,9 @@ The current repository self-audit score is 100/100, the GitHub community profile
 
 Public CI evidence:
 
-- GitHub Action self-test job: https://github.com/SalmonPlays/oss-signal/actions/runs/26801682014/job/79009525705
-- CodeQL run: https://github.com/SalmonPlays/oss-signal/actions/runs/26801681976
+- CI workflow: https://github.com/SalmonPlays/oss-signal/actions/workflows/ci.yml
+- Repository health workflow: https://github.com/SalmonPlays/oss-signal/actions/workflows/repository-health.yml
+- CodeQL workflow: https://github.com/SalmonPlays/oss-signal/actions/workflows/codeql.yml
 
 ## Boundaries
 

package/docs/assets/github-step-summary.svg

@@ -0,0 +1,24 @@
+<svg xmlns="http://www.w3.org/2000/svg" width="920" height="470" viewBox="0 0 920 470" role="img" aria-labelledby="title desc">
+  <title id="title">oss-signal GitHub Actions step summary</title>
+  <desc id="desc">Example GitHub Actions step summary showing an oss-signal score of 100 out of 100.</desc>
+  <rect width="920" height="470" rx="18" fill="#ffffff"/>
+  <rect x="1" y="1" width="918" height="468" rx="18" fill="none" stroke="#d0d7de" stroke-width="2"/>
+  <rect x="0" y="0" width="920" height="58" rx="18" fill="#f6f8fa"/>
+  <text x="32" y="37" fill="#24292f" font-family="-apple-system, BlinkMacSystemFont, Segoe UI, sans-serif" font-size="18" font-weight="700">GitHub Actions step summary</text>
+  <text x="32" y="106" fill="#24292f" font-family="-apple-system, BlinkMacSystemFont, Segoe UI, sans-serif" font-size="30" font-weight="700">oss-signal</text>
+  <text x="32" y="154" fill="#24292f" font-family="-apple-system, BlinkMacSystemFont, Segoe UI, sans-serif" font-size="20">Score: </text>
+  <text x="94" y="154" fill="#1a7f37" font-family="-apple-system, BlinkMacSystemFont, Segoe UI, sans-serif" font-size="20" font-weight="700">100/100 (A)</text>
+  <rect x="32" y="190" width="520" height="152" rx="8" fill="#ffffff" stroke="#d0d7de"/>
+  <line x1="32" y1="238" x2="552" y2="238" stroke="#d0d7de"/>
+  <line x1="32" y1="286" x2="552" y2="286" stroke="#d0d7de"/>
+  <line x1="32" y1="342" x2="552" y2="342" stroke="#d0d7de"/>
+  <line x1="388" y1="190" x2="388" y2="342" stroke="#d0d7de"/>
+  <text x="54" y="222" fill="#57606a" font-family="-apple-system, BlinkMacSystemFont, Segoe UI, sans-serif" font-size="16" font-weight="700">Result</text>
+  <text x="444" y="222" fill="#57606a" font-family="-apple-system, BlinkMacSystemFont, Segoe UI, sans-serif" font-size="16" font-weight="700">Count</text>
+  <text x="54" y="270" fill="#24292f" font-family="-apple-system, BlinkMacSystemFont, Segoe UI, sans-serif" font-size="16">Passed</text>
+  <text x="478" y="270" fill="#24292f" font-family="-apple-system, BlinkMacSystemFont, Segoe UI, sans-serif" font-size="16">15</text>
+  <text x="54" y="318" fill="#24292f" font-family="-apple-system, BlinkMacSystemFont, Segoe UI, sans-serif" font-size="16">Failed</text>
+  <text x="486" y="318" fill="#24292f" font-family="-apple-system, BlinkMacSystemFont, Segoe UI, sans-serif" font-size="16">0</text>
+  <text x="32" y="390" fill="#24292f" font-family="-apple-system, BlinkMacSystemFont, Segoe UI, sans-serif" font-size="21" font-weight="700">Recommended next steps</text>
+  <text x="32" y="428" fill="#57606a" font-family="-apple-system, BlinkMacSystemFont, Segoe UI, sans-serif" font-size="17">No missing maintainer-readiness checks found.</text>
+</svg>

package/docs/codex-for-oss-application.md

@@ -0,0 +1,76 @@
+# Codex for Open Source Application Brief
+
+Snapshot: 2026-06-02T11:20:40Z
+
+This document summarizes why `oss-signal` is a fit for OpenAI's Codex for Open Source program. The official program page says open-source maintainers can apply, with emphasis on core maintainers, widely used public projects, and projects that play an important ecosystem role: https://developers.openai.com/community/codex-for-oss
+
+## Project
+
+- Repository: https://github.com/SalmonPlays/oss-signal
+- npm package: https://www.npmjs.com/package/oss-signal
+- GitHub Action tag: https://github.com/SalmonPlays/oss-signal/tree/v0.3.0
+- CI workflow: https://github.com/SalmonPlays/oss-signal/actions/workflows/ci.yml
+- Repository health workflow: https://github.com/SalmonPlays/oss-signal/actions/workflows/repository-health.yml
+- CodeQL workflow: https://github.com/SalmonPlays/oss-signal/actions/workflows/codeql.yml
+- Maintainer evidence: [adoption-evidence.md](adoption-evidence.md)
+
+## What `oss-signal` Does
+
+`oss-signal` is a dependency-light CLI and GitHub Action for OSS maintainers. It audits maintainer-readiness signals that lower recurring maintainer load:
+
+- README, license, contribution, support, security, code of conduct, and changelog files.
+- CI, tests, issue templates, pull request templates, Dependabot, and CodeQL-style security workflow.
+- Package metadata and lockfile hygiene.
+
+The output is a deterministic score plus actionable next steps in Markdown or JSON. The GitHub Action also writes a workflow step summary so maintainers and reviewers can see the result without downloading an artifact.
+
+## Why Codex Helps
+
+This project is designed around repeatable maintainer workflows where Codex is useful:
+
+- Run audits against public repositories without cloning.
+- Convert findings into focused cleanup issues or pull requests.
+- Keep repository hygiene visible in CI.
+- Generate small contributor-facing files that maintainers can review quickly.
+- Use Codex to turn audit findings into scoped documentation and workflow improvements.
+
+## Public Evidence
+
+The repository currently has:
+
+- A published npm package.
+- A reusable GitHub Action with `score`, `grade`, `failed`, and `report-path` outputs.
+- A v0.3.0 GitHub Action tag with step summary support.
+- A public dogfood workflow that runs `SalmonPlays/oss-signal@v0.3.0` against the repository.
+- CI and CodeQL workflows passing on `main`.
+- A local self-audit score of 100/100.
+- Public reports, issues, and PRs created from real repository audits.
+
+## Field Audits And Follow-Up PRs
+
+| Repository | Report | Issue | PR | Status |
+| --- | --- | --- | --- | --- |
+| `platformatic/massimo` | [report](outreach/platformatic-massimo-report.md) | https://github.com/platformatic/massimo/issues/159 | https://github.com/platformatic/massimo/pull/160 | open, mergeable |
+| `supermarkt/checkjebon` | [report](outreach/supermarkt-checkjebon-report.md) | https://github.com/supermarkt/checkjebon/issues/22 | https://github.com/supermarkt/checkjebon/pull/23 | open, mergeable |
+| `sammorrisdesign/interactive-feed` | [report](outreach/sammorrisdesign-interactive-feed-report.md) | https://github.com/sammorrisdesign/interactive-feed/issues/14 | https://github.com/sammorrisdesign/interactive-feed/pull/15 | open, mergeable |
+
+These PRs are intentionally small and maintainer-friendly. They add documentation or GitHub templates rather than changing product code.
+
+## Application Positioning
+
+Recommended application angle:
+
+`oss-signal` is not yet a widely adopted project, but it is a public OSS maintainer tool built specifically for repeatable Codex-assisted maintenance. The project already has a working CLI, npm distribution, GitHub Action, passing CI/CodeQL, self-audit evidence, and three public field-audit PRs. Codex support would be used to continue auditing repositories, prepare focused maintainer PRs, improve Action automation, and document repeatable OSS maintenance workflows.
+
+## Current Gaps
+
+- External PRs are open but not yet merged.
+- npm download metrics are still early because the package is newly published.
+- The project needs more real maintainers using the Action in their own repositories.
+
+## Next Evidence To Collect
+
+- One or more merged external PRs.
+- A GitHub Release for v0.3.0 with release notes.
+- A public workflow run in another repository using `SalmonPlays/oss-signal@v0.3.0`.
+- npm download data once the registry starts reporting weekly/monthly counts.

package/docs/examples/github-action-workflow.yml

@@ -10,11 +10,12 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v4
-      - uses: SalmonPlays/oss-signal@v0.2.0
+      - uses: SalmonPlays/oss-signal@v0.3.0
         id: oss-signal
         with:
           fail-under: "80"
           output: oss-signal-report.md
+          summary: "true"
       - uses: actions/upload-artifact@v4
         with:
           name: oss-signal-report

package/docs/examples/github-url-report.md

@@ -2,7 +2,7 @@
 
 Repository: `https://github.com/SalmonPlays/oss-signal`
 Source: GitHub (SalmonPlays/oss-signal@main)
-Generated: 2026-06-02T06:02:52.844Z
+Generated: 2026-06-02T08:09:34.957Z
 
 Score: **100/100** (A)
 

package/docs/outreach/README.md

@@ -13,8 +13,8 @@ Important notes:
 
 ## Audited Repositories
 
-| Repository | Local score | Draft | Posted issue |
-| --- | ---: | --- | --- |
-| `platformatic/massimo` | 58/100 | [issue draft](platformatic-massimo-issue-draft.md) | [#159](https://github.com/platformatic/massimo/issues/159) |
-| `supermarkt/checkjebon` | 21/100 | [issue draft](supermarkt-checkjebon-issue-draft.md) | [#22](https://github.com/supermarkt/checkjebon/issues/22) |
-| `sammorrisdesign/interactive-feed` | 31/100 | [issue draft](sammorrisdesign-interactive-feed-issue-draft.md) | [#14](https://github.com/sammorrisdesign/interactive-feed/issues/14) |
+| Repository | Local score | Draft | Posted issue | Follow-up PR |
+| --- | ---: | --- | --- | --- |
+| `platformatic/massimo` | 58/100 | [issue draft](platformatic-massimo-issue-draft.md) | [#159](https://github.com/platformatic/massimo/issues/159) | [#160](https://github.com/platformatic/massimo/pull/160) |
+| `supermarkt/checkjebon` | 21/100 | [issue draft](supermarkt-checkjebon-issue-draft.md) | [#22](https://github.com/supermarkt/checkjebon/issues/22) | [#23](https://github.com/supermarkt/checkjebon/pull/23) |
+| `sammorrisdesign/interactive-feed` | 31/100 | [issue draft](sammorrisdesign-interactive-feed-issue-draft.md) | [#14](https://github.com/sammorrisdesign/interactive-feed/issues/14) | [#15](https://github.com/sammorrisdesign/interactive-feed/pull/15) |

package/docs/self-audit.md

@@ -2,7 +2,7 @@
 
 Repository: `/Users/amon/Documents/Codex/2026-06-01/openai-s/outputs/oss-signal`
 Source: local
-Generated: 2026-06-02T06:02:50.825Z
+Generated: 2026-06-02T08:09:32.913Z
 
 Score: **100/100** (A)
 

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "oss-signal",
-  "version": "0.2.0",
+  "version": "0.3.0",
   "description": "A dependency-light CLI that audits open-source repository maintenance readiness.",
   "type": "module",
   "bin": {

package/src/action.js

@@ -28,6 +28,10 @@ export async function runAction(env = process.env, stdout = process.stdout, stde
     "report-path": options.output ?? ""
   });
 
+  if (options.summary) {
+    await writeGitHubStepSummary(env.GITHUB_STEP_SUMMARY, report);
+  }
+
   if (typeof options.failUnder === "number" && report.score < options.failUnder) {
     stderr.write(`oss-signal: score ${report.score} is below fail-under ${options.failUnder}\n`);
     process.exitCode = 1;
@@ -48,7 +52,8 @@ export function parseActionInputs(env = process.env) {
     output: emptyToUndefined(getInput(env, "output")) ?? "oss-signal-report.md",
     failUnder: parseOptionalNumber(getInput(env, "fail-under"), "fail-under"),
     maxFiles: parseOptionalNumber(getInput(env, "max-files"), "max-files") ?? 20000,
-    ref: emptyToUndefined(getInput(env, "ref"))
+    ref: emptyToUndefined(getInput(env, "ref")),
+    summary: parseOptionalBoolean(getInput(env, "summary"), "summary") ?? true
   };
 }
 
@@ -63,6 +68,36 @@ export async function writeGitHubOutput(outputFile, values) {
   await fs.appendFile(outputFile, `${body}\n`, "utf8");
 }
 
+export async function writeGitHubStepSummary(summaryFile, report) {
+  if (!summaryFile) {
+    return;
+  }
+
+  const failedChecks = report.checks.filter((check) => !check.passed);
+  const nextSteps = failedChecks.length > 0
+    ? failedChecks.map((check) => `- **${check.label}:** ${check.fix}`).join("\n")
+    : "- No missing maintainer-readiness checks found.";
+
+  const body = [
+    "# oss-signal",
+    "",
+    `Score: **${report.score}/100 (${report.grade})**`,
+    "",
+    "| Result | Count |",
+    "| --- | ---: |",
+    `| Passed | ${report.summary.passed} |`,
+    `| Failed | ${report.summary.failed} |`,
+    `| Total checks | ${report.summary.total} |`,
+    "",
+    "## Recommended next steps",
+    "",
+    nextSteps,
+    ""
+  ].join("\n");
+
+  await fs.appendFile(summaryFile, body, "utf8");
+}
+
 function getInput(env, name) {
   const directKey = `INPUT_${name.toUpperCase()}`;
   const normalizedKey = `INPUT_${name.toUpperCase().replaceAll("-", "_")}`;
@@ -82,6 +117,22 @@ function parseOptionalNumber(value, name) {
   return parsed;
 }
 
+function parseOptionalBoolean(value, name) {
+  const normalized = emptyToUndefined(value)?.toLowerCase();
+  if (normalized === undefined) {
+    return undefined;
+  }
+
+  if (["1", "true", "yes", "on"].includes(normalized)) {
+    return true;
+  }
+  if (["0", "false", "no", "off"].includes(normalized)) {
+    return false;
+  }
+
+  throw new Error(`${name} must be a boolean`);
+}
+
 function emptyToUndefined(value) {
   return value === undefined || value === "" ? undefined : value;
 }

package/src/index.js

@@ -2,7 +2,7 @@ import { promises as fs } from "node:fs";
 import https from "node:https";
 import path from "node:path";
 
-export const VERSION = "0.2.0";
+export const VERSION = "0.3.0";
 
 const COMMUNITY_FILES = [
   {