Stats
Actions
Tags
From gh
On-demand governance audit for repository maturity. Evaluates branch protection, project linkage, triage labels, CI/CD, releases, documentation, CODEOWNERS, security policy, license, dependency management (Dependabot/Renovate), and secrets scanning. Multi-repo aware — evaluates all repos in config catalog or a specific repo. Dismissals persist across sessions so resolved decisions are not raised again. Read-only evaluation; fix actions route through gh-operations. Trigger phrases: "healthcheck", "health check", "governance", "audit", "best practices", "repo health", "readiness", "maturity", "governance audit", "repo readiness", "check repo health", "run healthcheck", "security audit", "compliance check".
How this skill is triggered — by the user, by Claude, or both
Slash command
/gh:gh-healthcheckThe summary Claude sees in its skill listing — used to decide when to auto-load this skill
On-demand governance audit that evaluates repository maturity across security, governance,
On-demand governance audit that evaluates repository maturity across security, governance, automation, and documentation dimensions. Read-only — never mutates GitHub resources directly.
{PLUGIN_ROOT} = Plugin root directory (where plugin.json lives)
When this skill references files like {PLUGIN_ROOT}/lib/references/healthcheck-checks.md,
read from the plugin root, not relative to this skill folder.
| Does | Does NOT |
|---|---|
| Evaluate 11 governance checks per repo | Mutate GitHub resources |
| Support multi-repo evaluation from catalog | Run on every session (on-demand only) |
| Persist results and dismissals in healthcheck.yaml | Replace heartbeat polling |
| Offer fix actions via gh-operations delegation | Modify config.yaml or freshness.yaml |
| Score and grade repositories | Block operations based on score |
When invoked by the gateway command, expect:
.hiivmind/github/config.yaml must exist.hiivmind/github/healthcheck.yaml (created if missing)1. CONTEXT → 1.5 CHECK TOOLS → 2. EVALUATE → 3. PRESENT → 4. RESOLVE → 5. PERSIST
(scope) (gh/jq/yq) (run checks) (report) (fix/dismiss) (write)
│ │ │ │ │ │
STOP if STOP if skip grade STOP for —
not init gh missing dismissed + detail user choice
Goal: Load config, determine repo scope, load existing healthcheck state.
See: {PLUGIN_ROOT}/lib/patterns/config-parsing.md
.hiivmind/github/config.yaml (current and parent directories).hiivmind/github/healthcheck.yaml if it existsParse $ARGUMENTS to determine scope:
| Input | Scope |
|---|---|
/gh healthcheck (no args) | All repos in config catalog |
/gh healthcheck repo-name | Specific repo |
/gh healthcheck clear check-id | Clear dismissal (not evaluation) |
/gh healthcheck clear all | Clear all dismissals |
IF arguments contain "clear":
→ Handle dismissal clearing (Phase 4 shortcut)
→ Then STOP
IF arguments contain a repo name:
→ Verify repo exists in config catalog
→ REPOS = [repo-name]
ELIF only one repo in catalog:
→ REPOS = [that-repo]
ELSE:
→ REPOS = all repos in catalog
If not initialized:
Workspace not initialized.
Config file not found. Run: /gh init
If specified repo not in catalog:
Repository "{name}" not found in workspace catalog.
Available repositories:
- repo-a
- repo-b
Run: /gh refresh repositories to update the catalog.
Goal: Verify gh, jq, yq are available.
See: {PLUGIN_ROOT}/lib/patterns/tool-detection.md
gh CLI — STOP if missingjq, yq — WARN if missing (do not block)Goal: Run each check for each repo in scope. Skip dismissed checks (unless review_after passed).
See: {PLUGIN_ROOT}/lib/references/healthcheck-checks.md for check definitions
See: {PLUGIN_ROOT}/lib/patterns/healthcheck-evaluation.md for evaluation logic
For each repo in REPOS:
CURRENT_REPO=$(basename "$(git rev-parse --show-toplevel 2>/dev/null)")
If CURRENT_REPO matches the repo being evaluated → use filesystem checks where applicable.
Otherwise → use API for all checks.
Execute checks in catalog order. For each check:
FOR check IN healthcheck_catalog:
# 1. Check dismissal
IF is_dismissed(repo, check.id) AND NOT dismissal_expired(repo, check.id):
results[check.id] = {status: "dismissed", detail: "Dismissed: {reason}"}
CONTINUE
# 2. Evaluate
IF repo == current_repo AND check.has_local_source:
result = evaluate_local(check)
ELSE:
result = evaluate_api(check)
# 3. Record
results[check.id] = {
status: result.status, # pass | warn | fail | unknown
detail: result.detail,
last_evaluated: now(),
data: result.raw_data # optional structured data for future reference
}
Space API calls to avoid hitting GitHub rate limits, especially for multi-repo evaluations:
--silent flag on existence checks to minimize outputGoal: Display per-repo report cards and aggregate score for multi-repo evaluations.
## Healthcheck: {repo-name}
Grade: {grade} ({score}/{total})
| Check | Status | Detail |
|-------|--------|--------|
| Branch Protection | ✅ pass | main: 1 required review |
| Project Linkage | ✅ pass | Linked to 2 project(s) |
| Issue Triage | ⚠️ warn | Bug labels present, no priority labels |
| CI/CD | ✅ pass | 3 workflow(s) configured |
| Releases | ❌ fail | No releases or tags |
| Documentation | ⚠️ warn | README ✓, no CONTRIBUTING.md |
| CODEOWNERS | ❌ fail | No CODEOWNERS file |
| Security Policy | ❌ fail | No security policy |
| License | ✅ pass | MIT |
| Dependency Mgmt | ✅ pass | Renovate configured |
| Secrets Scanning | ✅ pass | Scanning: enabled, Push protection: enabled |
{dismissed_count} check(s) dismissed — not counted in score.
Status icons:
pass → ✅warn → ⚠️fail → ❌unknown → ❓dismissed → ⏭️Show aggregate first, then per-repo breakdown:
## Healthcheck Summary
| Repository | Grade | Score | Failing |
|------------|-------|-------|---------|
| repo-a | B | 9/11 | codeowners, security_policy |
| repo-b | C | 7/11 | ci_cd, releases, codeowners, documentation |
Aggregate: B (16/22)
---
[Per-repo details follow]
Goal: Offer fix or dismiss actions for failing checks.
After presenting the report, offer actions:
What would you like to do?
1. Fix a failing check — I'll help set it up via gh-operations
2. Dismiss a check — Record a team decision to skip it
3. Done — Save results and exit
If user chooses to fix:
hiivmind-pulse-gh:gh-operations with the fix commandIf user chooses to dismiss:
dismissals:
{repo-name}:
{check-id}:
dismissed_at: "2026-02-21T10:00:00Z"
dismissed_by: {current_user_login}
reason: "Pre-release project, no formal releases yet"
review_after: "2026-05-21" # null for "never"
If invoked with clear:
/gh healthcheck clear {check-id} — Clear dismissal for specific check (current repo or specified repo)/gh healthcheck clear all — Clear all dismissals for repoConfirm before clearing:
Clear dismissal for "{check-id}" on {repo-name}?
Dismissed by: alice
Reason: Pre-release project
Review after: 2026-05-21
This will re-evaluate the check on next healthcheck run. Proceed? [Y/n]
Goal: Write healthcheck.yaml with results and dismissals.
.hiivmind/github/healthcheck.yaml doesn't exist, create from templatelast_run section with timestamp, scope, aggregate score/graderepos.{name} section for each evaluated repoSee: {PLUGIN_ROOT}/templates/healthcheck.yaml.template for structure
.hiivmind/github/healthcheck.yaml
This file is committed to git (team-shared decisions). Dismissals represent team governance decisions that should persist across contributors.
| Skill | Use For |
|---|---|
| gh-operations | Fix failing checks (delegated from Phase 4) |
| gh-init | Offers healthcheck in Phase 5.7 for new workspaces |
| gh-refresh | Refresh stale config before healthcheck |
| Pattern | Purpose |
|---|---|
{PLUGIN_ROOT}/lib/patterns/config-parsing.md | Read/write YAML config files |
{PLUGIN_ROOT}/lib/patterns/healthcheck-evaluation.md | Evaluation logic per check |
{PLUGIN_ROOT}/lib/patterns/tool-detection.md | Check gh/jq/yq availability |
| Reference | Purpose |
|---|---|
{PLUGIN_ROOT}/lib/references/healthcheck-checks.md | Check catalog (extension point) |
{PLUGIN_ROOT}/lib/references/api-routing.md | API routing for fix actions |
npx claudepluginhub hiivmind/hiivmind-pulse-gh --plugin ghAudits a repository for baseline compliance across 9 categories including code quality, security, CI/CD, testing, and documentation. Emits Markdown report and JSON sidecar.
Evaluates GitHub repos for compliance using github-inspector checks on branch protection, secret scanning, Dependabot alerts, and code scanning; maps to SCF controls and interprets gh CLI output.
Audits a repo for AI-readiness, scoring ~20 dimensions across Foundation, Why, What, Hygiene, and Sync. Use when inheriting a legacy repo or asking "is this repo agent-ready?"