Management summary
A four-lens self-review (frontend/UX · prompt library · repo engineering · product strategy) of the whole project surfaced 10 high-leverage, durable improvements — a mix of cheap integrity hardening, SEO/content leverage on already-built assets, and strategic distribution bets. The codebase is in genuinely strong shape (it dogfoods its own audits); these are the real levers, not nitpicks.
In progress now (autonomous): items 1–3 (the release/CI-automation cluster) are being implemented end-to-end → #128, #129, #130.
Tier A — Integrity & quality floor
| # |
Finding |
Effort |
Issue |
| 1 |
Automate checksum regeneration + CI-enforce it. Trust anchor rots on any manual miss (fired live this session). Fold regen into bump-version.mjs; add an un-gated CI diff check. |
M |
#128 |
| 2 |
Self-verifying releases. Tag-triggered gate asserting the 3 version pins (full-audit, llms.txt, content.ts VERSION) == git tag. |
M |
#129 |
| 3 |
ESLint + jsx-a11y gate in web CI. The one missing quality floor; dogfoods the project's own a11y/frontend audits. |
S |
#130 |
| 4 |
Kill silent i18n/detail drift. principleDe/proofRows are index-coupled to content.ts; audit-details.ts (57 KB) + i18n.ts untested. Re-key by stable id + invariant tests (every key has en+de; counts match). |
M |
todo |
| 5 |
Fix the front door. llms.txt:4-6 summary enumerates 12 audits and omits lean — the newest differentiating template is invisible in the first paragraph an agent reads. |
S |
todo |
Tier B — Distribution & SEO (compounds on the new per-audit subpages)
| # |
Finding |
Effort |
Issue |
| 6 |
Turn the 26 audit pages into ranking destinations. Add each audit's real domain checklist + standards-with-explanations as content; add TechArticle+BreadcrumbList JSON-LD (subpages currently have none). |
S–M |
todo |
| 7 |
Per-audit OG share images. All 13 detail pages share one site-wide OG image; renderOgImage already takes {title, subtitle}. |
M |
todo |
| 8 |
Make the output visible + prove the differentiator. A /reports gallery of full real audits on well-known OSS repos + a "why this isn't AI slop" exhibit (refuted findings; vs a naive single-prompt audit). Biggest activation + trust lever. |
M |
todo |
Tier C — Strategic bets
| # |
Finding |
Effort |
Issue |
| 9 |
Meet users where the agents live. Package as an MCP server / installable skill (@auditor run security); optionally a thin checksum-verifying npx/GitHub-Action runner for CI re-audits. |
M–L |
todo |
| 10 |
Harden the prompt contract + lower contribution friction. Normalize repo-audit to the canonical skeleton; extend check-prompts.mjs to enforce heading order + required finding-schema fields; document the trust root; English CONTRIBUTING + CODEOWNERS + Prettier. |
M |
todo |
Bonus micro-wins
optimizePackageImports: ["lucide-react"] in next.config — durable bundle hygiene.
title.template: "%s — auditor" in shell.tsx — stop hand-rolling the suffix per route.
Progress
Generated from a 4-agent self-review. Items 1–3 are being implemented autonomously; 4–10 are queued for prioritization.
Management summary
A four-lens self-review (frontend/UX · prompt library · repo engineering · product strategy) of the whole project surfaced 10 high-leverage, durable improvements — a mix of cheap integrity hardening, SEO/content leverage on already-built assets, and strategic distribution bets. The codebase is in genuinely strong shape (it dogfoods its own audits); these are the real levers, not nitpicks.
In progress now (autonomous): items 1–3 (the release/CI-automation cluster) are being implemented end-to-end → #128, #129, #130.
Tier A — Integrity & quality floor
bump-version.mjs; add an un-gated CI diff check.full-audit,llms.txt,content.ts VERSION) == git tag.principleDe/proofRowsare index-coupled tocontent.ts;audit-details.ts(57 KB) +i18n.tsuntested. Re-key by stable id + invariant tests (every key has en+de; counts match).llms.txt:4-6summary enumerates 12 audits and omitslean— the newest differentiating template is invisible in the first paragraph an agent reads.Tier B — Distribution & SEO (compounds on the new per-audit subpages)
TechArticle+BreadcrumbListJSON-LD (subpages currently have none).renderOgImagealready takes{title, subtitle}./reportsgallery of full real audits on well-known OSS repos + a "why this isn't AI slop" exhibit (refuted findings; vs a naive single-prompt audit). Biggest activation + trust lever.Tier C — Strategic bets
@auditor run security); optionally a thin checksum-verifyingnpx/GitHub-Action runner for CI re-audits.repo-auditto the canonical skeleton; extendcheck-prompts.mjsto enforce heading order + required finding-schema fields; document the trust root; EnglishCONTRIBUTING+CODEOWNERS+ Prettier.Bonus micro-wins
optimizePackageImports: ["lucide-react"]innext.config— durable bundle hygiene.title.template: "%s — auditor"inshell.tsx— stop hand-rolling the suffix per route.Progress
Generated from a 4-agent self-review. Items 1–3 are being implemented autonomously; 4–10 are queued for prioritization.