Skip to content

feat: add interactive setup prompts to github-health-check skill for unconfigured sections #149

Description

@markcallen

Summary

The github-health-check skill currently runs a comprehensive audit and reports what is missing or misconfigured. It should go further: when a section is not set up, the skill should offer to walk the user through fixing it interactively rather than just listing it as a recommendation.

Motivation

Right now the health check ends with a "Recommended Actions" list. Users then have to figure out on their own how to implement each item. The skill is in a perfect position to do this work — it already knows exactly what is missing per section.

Proposed Changes

After generating the health report, for each section that has a failing or missing configuration, the skill should:

  1. Ask the user if they want to set it up now (e.g. "Branch protection is not configured on main. Would you like me to set it up now?")
  2. Walk through setup if the user agrees, using gh CLI or the GitHub MCP tools
  3. Confirm completion and re-check that section before moving on

Sections that should get interactive setup prompts

Check What to prompt How to fix
Branch Protection (Check 7) No protection rules on default branch Use gh api to create branch protection rules: require PR reviews, status checks, block force pushes
Dependabot (Check 9) .github/dependabot.yml missing Generate a dependabot.yml appropriate for the repo's detected ecosystems (npm, go, python, github-actions)
Codecov (Check 4) Not configured in CI Add codecov/codecov-action step to the build workflow; create codecov.yml config
Snyk (Check 6) Not integrated Prompt for Snyk token, add SNYK_TOKEN secret via gh secret set, add Snyk scan step to CI workflow
Code Scanning / CodeQL (Check 5) Not enabled Create .github/workflows/codeql.yml with a default CodeQL analysis workflow
Secret Scanning (Check 5) Not enabled Enable via gh api repo settings update
SECURITY.md (Check 9) Missing Generate a minimal SECURITY.md with vulnerability disclosure policy
CODEOWNERS (Check 9) Missing Prompt for team/user and generate a basic CODEOWNERS file
Repo description / topics (Check 9) Empty description or no topics Prompt the user for a description and topics, then apply via gh repo edit
Stale secrets (Check 12) Secrets not rotated in 180+ days Remind user to rotate; offer to open the secrets settings page URL

Interaction model

After the report is printed, the skill should present unconfigured items one at a time (or grouped by priority), prompt for confirmation, and execute the fix. Example flow:

⚠️  Branch protection is not configured on `main`.
    Required PR reviews, status checks, and force-push blocking are all off.
    Would you like me to configure branch protection now? [y/n]

If yes → apply sensible defaults via gh api, then confirm:

✅  Branch protection applied to `main`:
    - Requires 1 approving review
    - Requires status checks to pass
    - Force pushes blocked
    - Branch deletion blocked

If no → skip and move to the next item.

Priority order for prompts

Present items in this order (critical first):

  1. CRITICAL: Secret scanning alerts (leaked secrets)
  2. HIGH: Branch protection missing
  3. HIGH: Code scanning (CodeQL) not enabled
  4. MEDIUM: Dependabot missing
  5. MEDIUM: Snyk not integrated
  6. MEDIUM: Codecov not configured
  7. LOW: SECURITY.md missing
  8. LOW: CODEOWNERS missing
  9. LOW: Repo description/topics missing

Acceptance Criteria

  • After the health report, the skill prompts the user interactively for each unconfigured section (high priority first)
  • Each prompt clearly states what is missing and what will be done if they say yes
  • Fixes are applied using gh CLI or GitHub MCP tools (no manual steps required from the user)
  • After applying a fix, the skill confirms success and optionally re-runs the relevant check
  • If the user says no to a prompt, the skill skips that item and continues
  • If a fix requires a token or credential the skill cannot supply (e.g. Snyk token), it tells the user exactly what to provide and how
  • The skill does not prompt for items that are already correctly configured

Metadata

Metadata

Assignees

No one assigned

    Labels

    enhancementNew feature or request

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions