uinaf/agent-readiness
skills/agent-readiness/SKILL.md
Audit and build the infrastructure a repo needs so agents can work autonomously — boot scripts, smoke tests, CI/CD gates, dev environment setup, observability, and isolation. Use when a repo can't boot, tests are broken or missing, there's no dev environment, agents can't verify their work, or agents need human help to get anything done. Do not use for reviewing an existing diff or for documentation-only cleanup.
$ install --global
skillsauthnpx skillsauth add uinaf/skills agent-readinessInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: May 24, 2026, 2:09 AM385.5s12 files scanned
SKILL.md
- name:
- agent-readiness
- description:
- Audit and build the infrastructure a repo needs so agents can work autonomously — boot scripts, smoke tests, CI/CD gates, dev environment setup, observability, and isolation. Use when a repo can't boot, tests are broken or missing, there's no dev environment, agents can't verify their work, or agents need human help to get anything done. Do not use for reviewing an existing diff or for documentation-only cleanup.
Agent-Readiness
Make a repo ready for autonomous agent work by adding mechanical proof: boot scripts, smoke checks, CI/hooks, observable signals, and isolation where needed. Add the smallest useful layer first; stop once the repo is reliably verifiable.
Boundaries
- Existing code, diff, branch, or PR review is out of scope.
- Completed product changes need their own runtime proof pass.
- AGENTS.md, README.md, specs, or repo docs are documentation work unless they support readiness infrastructure.
- Mock-only tests, docs-only cleanup, and builder self-evaluation are not readiness proof.
The 7-Layer Stack
- Boot — single command starts the app
- Smoke — a fast proof the app is alive
- Interact — agent can exercise the real surface
- E2e — key user flows work end to end
- Enforce — one local gate plus hooks, CI gates, lint rules, or mechanical checks
- Observe — logs, health endpoints, traces, machine-readable signals
- Isolate — worktrees or containers do not collide
Concrete examples:
- Boot:
pnpm dev,cargo run, ordocker compose up - Smoke:
curl http://127.0.0.1:3000/health - Interact/E2e:
pnpm exec playwright test - Observe: structured logs or a machine-readable health endpoint
Workflow
1. Audit
Grade the repo across these dimensions:
- bootable
- testable
- observable
- verifiable
For each, report:
- status:
pass/partial/fail - evidence: file, check outcome, or runtime surface
- gap: what is missing
Use references/grading.md. Lowest dimension sets the overall grade.
Also scan unattended-run constraints: session independence, explicit artifact paths, resource bounds, infrastructure-enforced permissions, and direct CLI/HTTP/file interfaces for dashboard-only flows. If these are not needed for the current task, keep them as remaining gaps instead of expanding the scope.
Example output:
bootable: partial — `pnpm dev` starts the app after manual env setup
testable: fail — only mocked tests under test/
observable: partial — health endpoint exists, structured logs missing
verifiable: fail — no stable smoke or interaction script
overall grade: D
2. Setup
Build missing layers in this order:
Boot → Smoke → Interact → E2e → Enforce → Observe → Isolate
Each step should be independently useful. Stop once the repo is reliably verifiable.
Prioritize one canonical local gate (make verify, just verify, ./scripts/verify.sh, or equivalent) that agents can run before push. It should mirror meaningful CI checks enough to catch routine failures without opening a dashboard.
When readiness work includes agent entrypoints, keep AGENTS.md as the canonical authored guide and place CLAUDE.md beside it as a symlink to AGENTS.md rather than maintaining two separate guidance files.
See references/setup-patterns.md for local gates, boot scripts, e2e, observability, isolation, containerized stacks, and tooling-version ownership.
3. Improve
Tighten weak or flaky layers:
- remove mock-only confidence theater
- replace one-off checks with a canonical local gate, then reuse it from hooks and CI
- add dead-code or unused-symbol enforcement where the stack supports it
- add logs and health signals agents can query
- make parallel work safe when agent collisions are real
4. Stop
When the repo reaches C+ and can be judged honestly, stop readiness work and report the next natural phase. If changes created doc drift, report the documentation gap instead of expanding the scope.
Output
After readiness work, report in this compact bullet shape:
- grade:before → after- evidence:concise explanations of what readiness checks proved- files changed:changed readiness files- remaining gaps:highest-impact gaps only, ornone- next:runtime proof, independent review, documentation cleanup, human review, ornone
Keep details compact:
- Put dimension-by-dimension evidence in the audit table when useful, not again in the footer
- Name the command or file that proves the claim and summarize logs by signal
- Keep the footer to 5 labeled lines or fewer
- Omit unchanged dimensions unless they explain the final grade
- Summarize passing checks by intent and result; include full commands only when they failed, are needed for reproduction, or the user asks for them
References
- references/grading.md — agent-readiness grading scale with mechanical criteria
- references/setup-patterns.md — local gates, boot, smoke, e2e, observability, and isolation patterns
- references/industry-examples.md — external patterns and justification for readiness investment
Related Skills
uinaf/react-ban-use-effect
development
VerifiedTrustedCommunity
Ban direct `useEffect` in React code. Use when writing, refactoring, reviewing, or migrating React components or hooks that import, call, add, or replace direct `useEffect`; when an agent reaches for effects for derived state, fetching, event reactions, resets, or external sync; or when adding lint/agent rules for a no-direct-useEffect policy. Do not use for ordinary React work with no effect smell, non-React code, or legitimate effect architecture outside React.
2SKILL.mdUpdated May 29, 2026
uinaf/review-gang
development
VerifiedTrustedCommunity
Independently audit existing code, diffs, branches, or pull requests by spawning mandatory concern-specific reviewer subagents, then synthesizing their evidence into a ship decision. Use when triaging PR risk, deciding whether someone else's change is safe to ship, or following up after runtime proof. Produces a `ship it` / `needs review` / `blocked` verdict. Do not use to self-check a change you just authored.
2SKILL.mdUpdated May 24, 2026
uinaf/gh-setup
testing
VerifiedTrustedCommunity
Set up or align a repository's GitHub collaboration and delivery surface: repo settings, branch/ruleset policy, PR and security templates, Actions hardening, GitHub Environments, release workflows, and deploy workflows. Use when standardizing GitHub setup for repos, CI/CD, publishing versioned packages, or deploying running apps; route app deploy details to deploy references and package publish details to release references.
2SKILL.mdUpdated May 24, 2026
uinaf/autoreview
tools
VerifiedTrustedCommunity
Run structured Codex/Claude autoreview closeout for uncommitted changes, branch/PR diffs, or single commits: choose the target, run the bundled review helper, validate findings, and rerun focused tests until clean. Use when asked for autoreview, Codex review, Claude review, automated PR review, second-model review, or merge-readiness review.
2SKILL.mdUpdated May 24, 2026