Public repo scorecards

Skylos Judge

Deterministic public grades for security, quality, and dead code. Every scorecard is tied to a pinned commit, a scan date, and a scoring version.

No request-time scanningPinned commit snapshotsStatic score, not LLM-graded

Judge is wired, but no snapshots are imported yet.

Seed the first repos, scan them out of band, then POST the results into the Judge import route. Starting set:

psf/black
python
networkx/networkx
python
mitmproxy/mitmproxy
python

Suggest a repo for Judge

Users do not manually upload grades. They suggest a public GitHub repo, we queue it, and the Judge worker runs Skylos static first and optionally Skylos agent as a second pass.

Requested analyses
Queue model only. No public score is created until the worker runs.

How future libraries get added

Judge is not a manual upload tool. Future libraries enter through a queue: repo suggestion, review, worker execution, then immutable snapshot import.

The intended execution path is:
1. Suggest repo
2. Approve suggestion
3. Run Skylos static on a pinned commit
4. Optionally run Skylos agent
5. Import snapshots and publish the scorecard

Public grades are tied to the static snapshot. Agent output is tracked separately so it can deepen the analysis later without making the grade feel arbitrary.