luckypipewrench/pipelock: Grade A (98/100)

/ 100

GradeA

Polished and well engineered. Punching above its star count.

Open-source AI agent firewall for MCP security and agent egress. Scans mediated HTTP, MCP, A2A, and WebSocket traffic for exfiltration, SSRF, and prompt injection, and emits mediator-signed action receipts: verifiable audit evidence from outside the agent.

Documentation97

Engineering98

Health100

Go735Apache-2.0today

Outstanding. A score of 98/100 puts this repo in a very small tier of truly well-engineered projects.

Documentation

0 checks need work

Install and run instructions9pt

README documents how to install the project.

README12pt

100

README is present.

License6pt

100

Licensed under Apache-2.0.

Contributing guide5pt

100

Contributing guide is detailed and thorough.

Engineering

0 checks need work

Reproducibility6pt

Lockfile present (go.sum). Installs are reproducible.

Tests18pt

100

Test files detected (bench/egress/harness/memory_test.go).

CI/CD14pt

100

CI is configured (.github/workflows/ci.yaml).

Linting and formatting5pt

100

Formatting enforced (.golangci.yml).

Issue and PR templates6pt

100

Issue or PR templates present.

Project health

100

0 checks need work

Dependency manifest6pt

100

Dependency manifest found (go.mod).

Repository metadata5pt

100

Repository has a description.

Activity5pt

100

Actively maintained (pushed within the last month).

Housekeeping3pt

100

.gitignore present.

Repository health signals

Activity, community, and responsiveness at scan time

Activity

-
Commits (30d / 90d)
87
Forks
44
Releaseslatest 4mo ago

Community

-
Community health
-
authors own >50% of commits
735
Watchers

Responsiveness

20h
Median issue response
<1h
Median PR merge time
4
Open issues

Repository files49 root entries

.clusterfuzzlite
Good: Environment pinned via .clusterfuzzlite/Dockerfile.
.github
Good: CI is configured (.github/workflows/ci.yaml).
Good: Issue or PR templates present.
assets
bench
Good: Test files detected (bench/egress/harness/memory_test.go).
charts
cmd
configs
deploy
docs
enterprise
examples
internal
schemas
scripts
sdk
test
testdata
tests
tools
.coderabbit.yaml
.dockerignore
.gitattributes
.gitignore
Good: .gitignore present.
.gitleaks.toml
.golangci.yml
Good: Formatting enforced (.golangci.yml).
.goreleaser.yaml
.pre-commit-config.yaml
action.yml
AGENTS.md
CHANGELOG.md
CHARTER.md
CLAUDE.md
CODE_OF_CONDUCT.md
Good: Code of conduct present.
codecov.yml
CONTRIBUTING.md
Good: Contributing guide is detailed and thorough.
Good: Contributing guide includes setup/install instructions.
Good: Contributing guide describes code style expectations.
Good: Contributing guide explains how to run tests.
Good: Contributing guide describes the PR/review workflow.
Good: Contributing guide includes code examples.
Dockerfile
Dockerfile.goreleaser
Dockerfile.init
Dockerfile.license-service
go.mod
Good: Dependency manifest found (go.mod).
go.sum
Good: Lockfile present (go.sum). Installs are reproducible.
GOVERNANCE.md
LICENSE
Good: Licensed under Apache-2.0.
Makefile
PR-NOTES.md
README.md
Good: README is present.
Good: README is well structured with multiple sections.
Good: README includes screenshots or visuals. Great for first impressions.
Good: README has code examples.
Good: README links to a live demo or deployed app.
Good: README includes status badges.
Good: README documents how to install the project.
Good: README documents how to run the project.
renovate.json
SECURITY.md
Good: Security policy present.
SPONSORS.md