HMRHarden My Repo

Read-only repository review

An evidence-first AI agent repo audit

Before adding more autonomy, inspect what the repository actually tells an agent, what it mechanically enforces, and what nobody has verified yet.

This is a configuration audit, not a security assessment. It should produce evidence and next actions without editing the repository.

Copy this read-only audit prompt

Audit this repository's AI coding-agent setup.

Do not edit files, install packages, change configuration, or run commands
with side effects. Use read-only inspection only.

Inspect:
1. Durable project guidance and nested overrides
2. Documented build, test, lint, type-check, and development commands
3. Permission, sandbox, and sensitive-path policies
4. Hooks and their documented trigger tests
5. Skills, subagents, plugins, and MCP configuration
6. CI or unattended-agent configuration
7. Separation of shared configuration from credentials and local overrides
8. Evidence that configured behavior has actually been exercised

For every finding, report:
- status: present, partial, missing, conflicting, or unverified
- exact file and line evidence
- practical consequence
- smallest safe next action
- how to verify that action

Distinguish instructions from enforcement. Do not describe a prompt rule,
pattern matcher, or secret scan as a complete security boundary.
Report unknowns explicitly.

1. Inventory the active surfaces

Locate configuration before judging it. Relevant files may include CLAUDE.md, .claude/, AGENTS.md, .codex/, SKILL.md files, agent definitions, MCP configuration, and CI workflows that invoke an agent non-interactively.

Also identify user-level configuration that affects the current machine but is not reproducible for teammates.

2. Audit the instructions

Mark stale or unverifiable instructions as partial. A guidance file’s existence is not evidence that its contents are correct.

3. Separate guidance from controls

Create two columns: “the agent is asked to do this” and “the environment enforces this.” Enforcement may include permission rules, a sandbox, protected credentials, hooks, branch protection, CI checks, or repository tooling.

If instructions say “never edit production migrations,” but no permission rule or hook covers that path, record it as guidance rather than enforcement. That may be acceptable; accurate labeling is the point.

4. Inspect every automation dependency

Do not execute destructive trigger tests during the audit. Record the safe test that should later run in a disposable environment.

5. Check skills and specialized agents

For each workflow, ask whether its purpose is clear, whether referenced scripts and files exist, and whether the task has a measurable completion condition. Look for overlapping skills, broad tool access, stale placeholder commands, and descriptions too vague to select reliably.

6. Check team reproducibility

A simple evidence score

Score instructions, commands, permissions, hooks, workflows, and team reproducibility from zero to two:

ScoreMeaning
0 — MissingNo relevant configuration or evidence.
1 — Present but unverifiedA file or rule exists, but is generic, stale, conflicting, or not behaviorally tested.
2 — Specific and verifiedIt matches the repository and has a documented, reproducible check.
The total is a prioritization aid, not a security grade. A smaller, accurate setup can be better than a large unverified one.

Use an evidence-first report

AreaStatusEvidenceConsequenceNext actionVerification
InstructionsPartialExact path and linesWhat may go wrongSmallest useful changeObservable test
PermissionsUnverifiedExact rule or missing fileWhat remains possiblePolicy to reviewSafe allow/deny test

Prioritize contradictions and consequential unverified controls before adding new automation.

Run the free local Doctor

Run the dependency-free Node 20 CLI directly from GitHub with npm exec --yes --package=github:hardenmyrepo/doctor -- harden-my-repo . It inspects selected repository evidence locally, makes no network requests, executes no project code, and writes Markdown plus JSON reports.

Use Doctor on GitHubDownload ZIPBrowser auditDownload Lite

Audit FAQ

Is this a security audit?

No. It reviews coding-agent configuration and evidence. It does not establish that application code, infrastructure, credentials, or dependencies are secure.

Should the auditing agent fix problems as it finds them?

Not during the read-only pass. Separating diagnosis from implementation preserves evidence and makes proposed changes easier to review.

Can a repository score well without hooks or subagents?

Yes. Not every repository needs every extension. Accurate instructions, appropriate permissions, and reliable project checks matter more than file count.