Grade: F (31.8/100) | No meaningful harness. AI output is essentially unaudited.
- Repository:
/home/runner/work/devbcn-nextjs/devbcn-nextjs - Languages: javascript, typescript
- Assessed: 2026-03-11 20:03 UTC
- Checks: 10/31 passed
| Category | Weight | Score | Checks |
|---|---|---|---|
| Architectural Documentation | 20% | 0% [----------] | 0/5 |
| Mechanical Constraints | 25% | 59% [######----] | 4/7 |
| Testing & Stability | 25% | 48% [#####-----] | 4/8 |
| Review & Drift Prevention | 15% | 33% [###-------] | 2/6 |
| AI-Specific Safeguards | 15% | 0% [----------] | 0/5 |
matklad ARCHITECTURE.md guide
Evidence: No architecture documentation found
Remediation: Create ARCHITECTURE.md at repo root following matklad's pattern: short, stable, focused on module boundaries and constraints.
OpenAI Harness Engineering (2026)
Evidence: No AI agent instruction files found
Remediation: Create CLAUDE.md or AGENTS.md with project context, code style, and constraints so AI agents produce consistent output.
DORA 2025 Report - AI-accessible documentation
Evidence: No Architecture Decision Records found
Remediation: Create docs/adr/ directory with numbered markdown decision records. Use adr-tools or a simple template.
matklad ARCHITECTURE.md - constraints as absences
Evidence: No module boundary constraints documented
Remediation: Document which modules must NOT depend on each other in ARCHITECTURE.md. Example: 'The fields crate never depends on any other workspace crate.'
DORA 2025 - AI-accessible documentation
Evidence: No API documentation generation or spec files found
Remediation: Add doc generation to CI (cargo doc, typedoc, sphinx) or maintain OpenAPI/Swagger specs.
DORA 2025 Report
Evidence: CI detected: github, github, github
OpenAI Harness Engineering - mechanical constraints
Evidence: Blocking linter found in CI: eslint
OpenAI Harness Engineering - mechanical constraints
Evidence: Formatter check found in CI: prettier\s+--check
SlopCodeBench - preventing subtle type errors
Evidence: TypeScript strict mode enabled
Blog: security infrastructure reliability
Evidence: No dependency auditing found
Remediation: Add cargo deny/audit, npm audit, pip-audit, or Snyk to CI as a blocking check.
DORA 2025 - working in small batches
Evidence: No conventional commit enforcement found
Remediation: Add commitlint or equivalent to CI to enforce consistent commit message format.
Blog: 80% problem in AI-generated code
Evidence: No explicit policy against unsafe code patterns
Remediation: Add unsafe_code = forbid (Rust), security linting (semgrep/bandit), or ESLint rules against dangerous patterns.
Kent Beck - tests define what correct means
Evidence: Tests present and executed in CI
DORA 2025 - stability through comprehensive testing
Evidence: Matrix/parallel testing strategy found in CI
DORA 2025 - stability feedback loops
Evidence: Coverage measurement in CI: coverage.py|pytest-cov|--cov
SlopCodeBench - code that 'appears correct but is unreliable'
Evidence: No mutation testing found
Remediation: Add cargo-mutants (Rust), Stryker (JS/TS), mutmut (Python), or PIT (Java). Mutation testing catches tests that pass without verifying behavior.
Blog: catching edge cases in AI-generated code
Evidence: No property-based testing found
Remediation: Add proptest (Rust), hypothesis (Python), fast-check (JS/TS), or jqwik (Java) for testing invariants with random structured inputs.
Blog: 80% problem - catching what AI misses
Evidence: No fuzz testing found
Remediation: Add fuzz targets for parsing-heavy and input-handling code paths.
OpenAI Harness Engineering - mechanical constraints
Evidence: No contract or compatibility tests found
Remediation: Add contract tests that verify external interface stability (golden fixtures, snapshot tests, wire-format checks).
DORA 2025 - stability metrics
Evidence: All test jobs are blocking: test
OpenAI Harness Engineering - author/reviewer separation
Evidence: Cannot verify branch protection without API access. Run with --github-token or --gitlab-token for full assessment.
Remediation: Enable required reviews in branch protection settings and add CODEOWNERS.
OpenAI Harness Engineering - garbage collection agents
Evidence: Scheduled CI pipeline found
OpenAI Harness Engineering - quality drift
Evidence: No stale documentation detection found
Remediation: Add TODO/FIXME scanning, link checking (lychee), or prose linting (vale) to CI.
DORA 2025 - working in small batches
Evidence: No PR/MR template found
Remediation: Add .github/PULL_REQUEST_TEMPLATE.md or .gitlab/merge_request_templates/Default.md with sections for description, testing, and impact.
OpenAI Harness Engineering - separate authoring and reviewing agents
Evidence: Automated review tool configured: .github/dependabot.yml
OpenAI Harness Engineering - curated knowledge base
Evidence: No documentation sync checks found in CI
Remediation: Add CI jobs that verify related docs stay in sync (e.g. diff AGENTS.md CLAUDE.md, golden fixture checks).
DORA 2025 - clear organizational stance on AI use
Evidence: No AI usage norms documented
Remediation: Document AI usage policies: review expectations for AI-generated code, when manual implementation is required, testing-before-implementation norms.
DORA 2025 - working in small batches
Evidence: No small batch enforcement found
Remediation: Add PR size checks (Danger, pr-size-labeler) or document size guidelines in CONTRIBUTING.md. Large AI-generated PRs are harder to review.
Blog: cognitive offloading guardrails
Evidence: No design-before-code process found
Remediation: Create docs/rfcs/ or docs/designs/ directory. Document a process where significant changes start with a design doc or plan before implementation.
Blog: AI agents deleting tests, using expect()
Evidence: No error handling policy found
Remediation: Add clippy lints (unwrap_used, expect_used) for Rust, ESLint rules for JS/TS, or document error handling patterns in agent instructions.
Blog: 80% problem in security infrastructure
Evidence: No security-critical path marking found
Remediation: Add CODEOWNERS for sensitive directories, SECURITY.md for vuln reporting, or SAST scanning in CI.
- Blog: 80% problem - catching what AI misses
- Blog: 80% problem in AI-generated code
- Blog: 80% problem in security infrastructure
- Blog: AI agents deleting tests, using expect()
- Blog: catching edge cases in AI-generated code
- Blog: cognitive offloading guardrails
- Blog: security infrastructure reliability
- DORA 2025 - AI-accessible documentation
- DORA 2025 - clear organizational stance on AI use
- DORA 2025 - stability feedback loops
- DORA 2025 - stability metrics
- DORA 2025 - stability through comprehensive testing
- DORA 2025 - working in small batches
- DORA 2025 Report
- DORA 2025 Report - AI-accessible documentation
- Kent Beck - tests define what correct means
- OpenAI Harness Engineering (2026)
- OpenAI Harness Engineering - author/reviewer separation
- OpenAI Harness Engineering - curated knowledge base
- OpenAI Harness Engineering - garbage collection agents
- OpenAI Harness Engineering - mechanical constraints
- OpenAI Harness Engineering - quality drift
- OpenAI Harness Engineering - separate authoring and reviewing agents
- SlopCodeBench - code that 'appears correct but is unreliable'
- SlopCodeBench - preventing subtle type errors
- matklad ARCHITECTURE.md - constraints as absences
- matklad ARCHITECTURE.md guide
Generated by ai-harness-scorecard