What is hardening in this skill?

Hardening is auditing and enforcing standardized quality gates across a repository, including hooks, templates, and scripts, to reach production-readiness.

How does it detect the project type?

It reads the project root and looks for signals like package.json (Node), requirements.txt/pyproject.toml (Python), Cargo.toml (Rust), and go.mod (Go) to classify the project.

What happens after generating a gap report?

If templates are available, the skill adapts them to the project (paths, commands, thresholds) and writes the changes into the repository, then makes scripts executable.

hardening

npx machina-cli add skill Roberdan/MyConvergio/hardening --openclaw

Files (1)

SKILL.md

6.3 KB

Repo Hardening Skill

Standardize quality gates across any repository. Detects project type, audits existing infrastructure, reports gaps, and applies hardening templates.

When to Use

Setting up a new repository
Auditing an existing project for quality gaps
Bringing a project to production-readiness standards
Periodic maintenance (quarterly hardening review)

Execution Steps

Step 0: Quick Check (optional)

For a fast pass/fail assessment without applying changes:

~/.claude/scripts/hardening-check.sh --project-root .

Returns JSON with status: "pass"|"gaps_found", score, and gaps[] with severity levels. Used by planner (step 1.7) to decide if Wave 0 hardening is needed.

Step 1: Detect Project Type

Read the project root and classify:

Signal	Type	Look For
`package.json`	Node/JS/TS	npm scripts, vitest/jest/playwright, eslint
`requirements.txt` / `pyproject.toml`	Python	pytest, ruff/flake8/black, mypy
`Cargo.toml`	Rust	cargo test, clippy
`go.mod`	Go	go test, golangci-lint
Mixed (multiple)	Hybrid	Both frontend and backend

Note the project root, source directories, and test framework.

Step 2: Audit Existing Infrastructure

Check each category and report status:

Git Hooks (.husky/, .githooks/, .pre-commit-config.yaml):

Pre-commit hook exists and has >1 check
Pre-push hook exists with quality gates
Commit message convention enforced (commitlint, etc.)

Secrets Scanning:

Pre-commit secrets scan (staged files)
detect-secrets baseline or equivalent

Testing:

Smart test on commit (only staged file tests)
Full test suite on push
Coverage thresholds configured

Debt Enforcement:

TODO/FIXME limits enforced
Type suppression limits (@ts-ignore, # noqa)
Large file detection

Environment Variables:

.env.example exists with all vars documented
Env-var audit script validates documentation

PR Template:

Structured template with verification evidence section
Workaround declaration section
Explicit scope boundaries (changes NOT made)

CI/CD:

ADR Structure (token-optimized for agent workflows):

docs/adr/ directory exists
ADR index file exists (docs/adr/INDEX.md)
ADRs follow compact format (Status/Date header, Context, Decision, Consequences, Files Changed, References)
No ADR exceeds 200 lines (compact = agent-friendly)

Step 3: Generate Gap Report

For each unchecked item, report:

Severity: critical (security/data loss risk), warning (quality risk), info (improvement)
Template available: yes/no (reference from ~/.claude/templates/repo-hardening/)
Effort: quick (copy template), medium (adapt template), custom (write from scratch)

Format as a markdown table.

Step 4: Apply Templates

For each gap with a template available, adapt and apply:

Read the template from ~/.claude/templates/repo-hardening/
Identify # ADAPT: comments in the template
Replace with project-specific values (paths, commands, thresholds)
Write to the project directory
Make scripts executable (chmod +x)

Template locations:

Template	Source
Pre-commit hook	`~/.claude/templates/repo-hardening/hooks/pre-commit.sh`
Pre-push hook	`~/.claude/templates/repo-hardening/hooks/pre-push.sh`
Smart test	`~/.claude/templates/repo-hardening/scripts/smart-test.sh`
Debt check	`~/.claude/templates/repo-hardening/scripts/debt-check.sh`
Env-var audit	`~/.claude/templates/repo-hardening/scripts/env-var-audit.sh`
Secrets scan	`~/.claude/templates/repo-hardening/scripts/secrets-scan.sh`
PR template	`~/.claude/templates/repo-hardening/github/pull_request_template.md`
ADR template	`~/.claude/templates/repo-hardening/docs/adr-template.md`
ADR index	`~/.claude/templates/repo-hardening/docs/adr-index-template.md`

Adaptation rules by project type:

Project Type	SRC_DIR	Test Runner	Env Pattern	Lint
Node/Vite	`src`	`npx vitest related`	`import.meta.env.VITE_*`	`eslint`
Node/CJS	`src`	`npx jest --findRelatedTests`	`process.env.*`	`eslint`
Python	`app`/`src`	`pytest --co -q`	`os.environ`/`os.getenv`	`ruff`
Hybrid	Both dirs	Both runners	Both patterns	Both

Step 5: Verify

After applying, run a quick verification:

git status — show new/modified files
Run each new script with --help or dry-run to confirm it works
Stage a test file and run bash .husky/pre-commit manually
Report what was applied and what remains manual

Output Format

# Hardening Report: {project_name}

## Project Type: {type}

## Audit Date: {date}

### Status: {X}/{total} checks passing

| Category   | Status                  | Action Taken |
| ---------- | ----------------------- | ------------ |
| Pre-commit | applied/existed/missing | ...          |
| Pre-push   | applied/existed/missing | ...          |
| ...        | ...                     | ...          |

### Applied

- {list of files created/modified}

### Manual Actions Required

- {list of items that need human decision}

Source

git clone https://github.com/Roberdan/MyConvergio/blob/master/.claude/skills/hardening/SKILL.mdView on GitHub

Overview

Hardening standardizes quality gates across any repository by auditing infrastructure, reporting gaps, and applying templates. It detects project type and uses reusable templates to bring projects up to production-readiness.

How This Skill Works

The skill reads the project root to classify the project type (Node/JS/TS, Python, Rust, Go, or Hybrid). It then audits configurable infrastructure across categories like Git hooks, secrets scanning, testing, debt enforcement, env vars, PR templates, CI/CD, and ADRs, producing a gap report; where templates exist, it adapts and applies them to the project.

When to Use It

Setting up a new repository
Auditing an existing project for quality gaps
Bringing a project to production-readiness standards
Periodic maintenance (quarterly hardening review)
Hybrid or multi-language projects needing cross-language hardening

Quick Start

Step 1: Run the quick check to assess current state: ~/.claude/scripts/hardening-check.sh --project-root .
Step 2: Detect project type by scanning root files (e.g., package.json, requirements.txt, pyproject.toml, Cargo.toml, go.mod)
Step 3: Generate gap report and apply available templates to fix gaps (adapt as needed)

Best Practices

Use standardized templates from ~/.claude/templates/repo-hardening/ and adapt only where needed
Run the quick check first to get a pass/fail baseline before applying changes
Keep a detailed gap report with severity, templates available, and estimated effort
Document changes in PRs with verification evidence sections
Maintain ADRs and ensure ADRs stay under compact, agent-friendly length

Example Use Cases

Setting up a new Node.js repository with pre-configured pre-commit hooks, test gating, and CI/CD steps
Auditing an existing Python project to enforce linting, type checks, and secret scanning
Bringing a Go project to production-readiness with proper ADRs and a verified PR template
Applying quarterly hardening to a hybrid frontend/backend repository
Standardizing governance across a multi-language repo with consistent quality gates

Frequently Asked Questions

Add this skill to your agents