A batteries-included starter for autonomous-feeling development with AI agents (Codex, Copilot Agents). It is polyglot (TypeScript/Node, Python, Go) and only runs language-specific CI jobs when those stacks are detected.
What you get
- CI: lint, type-check, tests, coverage (Cobertura) with a sticky PR coverage summary
- CodeQL: security-extended + quality queries per language
- Dependabot: actions + ecosystem updates
- Pre-commit hooks: format, lint, secrets checks
- Dev container: reproducible dev with core tools preinstalled
- Contributor hygiene: PR/issue templates, CODEOWNERS, CoC, SECURITY
- Auto-merge on label: optional “automerge” label to finish the loop
Quick start
- Node/TS:
- Install: npm ci (or pnpm/yarn)
- Scripts: npm run lint, npm run typecheck, npm test
- Python:
- Install: python -m venv .venv && source .venv/bin/activate
- pip install -e . || pip install .; pip install -r requirements-dev.txt (if any)
- Run: ruff/black/mypy/pytest (see pyproject config)
- Go:
- go test ./...
AI-usage tips
- Keep functions small; co-locate tests
- Start with tests or acceptance criteria; ask the agent for minimal diffs
- Use labels “ai-generated” and “automerge” (if you want the bot to finish after required checks)
- Never put secrets in code; use GitHub Secrets and OIDC for cloud creds
Branch protection recommendations
- Protect main: require
- All CI checks
- CodeQL for languages you use
- 1+ approving review (2+ for critical dirs via CODEOWNERS)
- Linear history (optional)
- Enable secret scanning and push protection
Coverage thresholds
- By default we don’t fail below a minimum. To enforce a gate:
- Edit CI coverage job to set fail_below_min: true and minimums
Monorepo notes
- The CI autodetects presence of package.json, pyproject, go.mod.
- Add more language sections similarly (Java/.NET/etc.) if needed.
License
- MIT (see LICENSE)