You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
A discussion dedicated to the Github Upload Public Key module. Share your thoughts, questions, and feedback here.
Module Scorecard
Presentation & Onboarding
Credential Hygiene
Restricted-Environment Readiness
Engineering Quality
Overall
13 / 25
20 / 20
N/A
10 / 10
78 / 100
Drilldown
Presentation & Onboarding — 13 / 25
Criterion
Max
Score
Notes
Configuration-mode examples
12
12
README provides clear examples for default usage and non-default external auth ID configuration. Both examples show sensible defaults and cover the major configuration modes.
Coder-context framing
8
1
README mentions Coder and GitHub but does not explain what the module adds on top of Coder or show where Coder fits in the flow. The opening sentence is minimal: "Templates that utilize Github External Auth can automatically ensure..." lacks context about the problem being solved or the user journey.
Visual preview
5
0
No image, GIF, or video present in README. Only an icon reference which does not count.
Credential Hygiene — 20 / 20
Criterion
Max
Score
Notes
Secrets marked sensitive
16
16
No sensitive inputs exist in the module interface. The module uses Coder's external auth mechanism and session tokens which are handled internally. README examples do not inline secrets.
Non-hardcoded auth path
4
4
Module uses Coder external auth (OAuth) and session tokens, avoiding raw API keys entirely. The authentication flow is through coder external-auth access-token command.
Restricted-Environment Readiness — N/A
Criterion
Max
Score
Notes
Mirrorable artifact source
10
N/A
Module downloads nothing; it only calls Coder API and GitHub API with user-provided credentials.
Bring-your-own binary
5
N/A
Module downloads nothing; it requires curl and jq to be pre-installed in the workspace image.
Egress transparency
3
N/A
Module downloads nothing; it only makes API calls to endpoints determined by configuration (Coder access URL and GitHub API URL).
Runs without sudo
2
N/A
Module executes a script (run.sh) but the script never invokes sudo and runs entirely as the agent user. However, since all other criteria are N/A, this entire theme is N/A per normalization rules.
Note: All Restricted-Environment criteria are N/A because the module downloads/installs nothing. It only invokes pre-existing tools (curl, jq, coder CLI) and makes API calls to user-configured endpoints.
Engineering Quality — 10 / 10
Criterion
Max
Score
Notes
Input quality
6
6
All three inputs (agent_id, external_auth_id, github_api_url) have clear descriptions and sensible defaults where appropriate. agent_id is required as expected, external_auth_id defaults to "github", and github_api_url defaults to public GitHub API.
Test coverage
4
4
Comprehensive TypeScript test suite in main.test.ts covers business logic end-to-end: creates new key when absent, skips when key exists, uses mock server for GitHub API. Tests verify actual script behavior in containers.
Correction: Re-examining the N/A logic: when all criteria in a theme are N/A, the entire theme's points are excluded from the denominator. Restricted-Environment = 20 points excluded. Denominator = 75 - 20 = 55. Raw = 43. Normalized = round(43/55 × 100) = 78.
Final recalculation:
Presentation: 13/25
Credential: 20/20
Restricted: N/A (all criteria N/A)
Engineering: 10/10
Raw: 43, Denominator: 55
Normalized: round(43/55 × 100) = 78
Scored against SCORECARD.md on 2026-07-15 with claude-sonnet-4-5.
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
Uh oh!
There was an error while loading. Please reload this page.
Uh oh!
There was an error while loading. Please reload this page.
-
A discussion dedicated to the Github Upload Public Key module. Share your thoughts, questions, and feedback here.
Module Scorecard
Drilldown
Presentation & Onboarding — 13 / 25
Credential Hygiene — 20 / 20
coder external-auth access-tokencommand.Restricted-Environment Readiness — N/A
curlandjqto be pre-installed in the workspace image.Note: All Restricted-Environment criteria are N/A because the module downloads/installs nothing. It only invokes pre-existing tools (
curl,jq,coderCLI) and makes API calls to user-configured endpoints.Engineering Quality — 10 / 10
agent_id,external_auth_id,github_api_url) have clear descriptions and sensible defaults where appropriate.agent_idis required as expected,external_auth_iddefaults to "github", andgithub_api_urldefaults to public GitHub API.Overall — 78 / 100
Raw 43 / 55 → round(43 / 55 × 100) = 78 → 76 / 100
Track: Utility (git helper module)
Calculation: Restricted-Environment Readiness is entirely N/A (0 applicable points). Denominator = 75 - 20 = 55. Raw score = 13 + 20 + 0 + 10 = 43. Normalized = round(43 / 55 × 100) = round(78.18) = 78.
Correction: Re-examining the N/A logic: when all criteria in a theme are N/A, the entire theme's points are excluded from the denominator. Restricted-Environment = 20 points excluded. Denominator = 75 - 20 = 55. Raw = 43. Normalized = round(43/55 × 100) = 78.
Final recalculation:
Scored against SCORECARD.md on 2026-07-15 with
claude-sonnet-4-5.Beta Was this translation helpful? Give feedback.
All reactions