{"id":49616160,"url":"https://github.com/sethcarney/mdm","last_synced_at":"2026-06-07T19:01:17.655Z","repository":{"id":353214980,"uuid":"1216078433","full_name":"sethcarney/mdm","owner":"sethcarney","description":"agentic markdown management CLI ","archived":false,"fork":false,"pushed_at":"2026-05-26T23:03:18.000Z","size":11944,"stargazers_count":3,"open_issues_count":0,"forks_count":1,"subscribers_count":1,"default_branch":"main","last_synced_at":"2026-06-03T18:04:04.661Z","etag":null,"topics":["ai-tools","cli","markdown"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/sethcarney.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":".github/CODEOWNERS","security":"SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":"AGENTS.md","dco":null,"cla":null}},"created_at":"2026-04-20T14:44:05.000Z","updated_at":"2026-05-26T23:03:20.000Z","dependencies_parsed_at":null,"dependency_job_id":null,"html_url":"https://github.com/sethcarney/mdm","commit_stats":null,"previous_names":["sethcarney/skl","sethcarney/mdm"],"tags_count":32,"template":false,"template_full_name":null,"purl":"pkg:github/sethcarney/mdm","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sethcarney%2Fmdm","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sethcarney%2Fmdm/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sethcarney%2Fmdm/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sethcarney%2Fmdm/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/sethcarney","download_url":"https://codeload.github.com/sethcarney/mdm/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sethcarney%2Fmdm/sbom","scorecard":{"id":1246905,"data":{"date":"2026-05-03T19:31:22Z","repo":{"name":"github.com/sethcarney/mdm","commit":"579ca305ce3b14279b6c8d77ff1a640cb75f3ba6"},"scorecard":{"version":"v5.3.0","commit":"c22063e786c11f9dd714d777a687ff7c4599b600"},"score":6.9,"checks":[{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/c22063e786c11f9dd714d777a687ff7c4599b600/docs/checks.md#packaging"}},{"name":"Dependency-Update-Tool","score":10,"reason":"update tool detected","details":["Info: detected update tool: Dependabot: .github/dependabot.yml:1"],"documentation":{"short":"Determines if the project uses a dependency update tool.","url":"https://github.com/ossf/scorecard/blob/c22063e786c11f9dd714d777a687ff7c4599b600/docs/checks.md#dependency-update-tool"}},{"name":"Security-Policy","score":10,"reason":"security policy file detected","details":["Info: security policy file detected: SECURITY.md:1","Info: Found linked content: SECURITY.md:1","Info: Found disclosure, vulnerability, and/or timelines in security policy: SECURITY.md:1","Info: Found text in security policy: SECURITY.md:1"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/c22063e786c11f9dd714d777a687ff7c4599b600/docs/checks.md#security-policy"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/c22063e786c11f9dd714d777a687ff7c4599b600/docs/checks.md#binary-artifacts"}},{"name":"Code-Review","score":0,"reason":"Found 0/8 approved changesets -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/c22063e786c11f9dd714d777a687ff7c4599b600/docs/checks.md#code-review"}},{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/c22063e786c11f9dd714d777a687ff7c4599b600/docs/checks.md#dangerous-workflow"}},{"name":"Pinned-Dependencies","score":7,"reason":"dependency not pinned by hash detected -- score normalized to 7","details":["Warn: goCommand not pinned by hash: .github/workflows/ci.yml:26","Info:  10 out of  10 GitHub-owned GitHubAction dependencies pinned","Info:   2 out of   2 third-party GitHubAction dependencies pinned","Info:   0 out of   1 goCommand dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/c22063e786c11f9dd714d777a687ff7c4599b600/docs/checks.md#pinned-dependencies"}},{"name":"Maintained","score":0,"reason":"project was created within the last 90 days. Please review its contents carefully","details":["Warn: Repository was created within the last 90 days."],"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/c22063e786c11f9dd714d777a687ff7c4599b600/docs/checks.md#maintained"}},{"name":"Token-Permissions","score":9,"reason":"detected GitHub workflow tokens with excessive permissions","details":["Info: jobLevel 'actions' permission set to 'read': .github/workflows/codeql.yml:17","Info: jobLevel 'contents' permission set to 'read': .github/workflows/codeql.yml:18","Warn: jobLevel 'contents' permission set to 'write': .github/workflows/release.yml:20","Info: jobLevel 'contents' permission set to 'read': .github/workflows/scorecard.yml:18","Info: jobLevel 'actions' permission set to 'read': .github/workflows/scorecard.yml:19","Info: topLevel permissions set to 'read-all': .github/workflows/ci.yml:8","Warn: no topLevel permission defined: .github/workflows/codeql.yml:1","Info: topLevel permissions set to 'read-all': .github/workflows/release.yml:14","Info: topLevel permissions set to 'read-all': .github/workflows/scorecard.yml:9"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/c22063e786c11f9dd714d777a687ff7c4599b600/docs/checks.md#token-permissions"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/c22063e786c11f9dd714d777a687ff7c4599b600/docs/checks.md#cii-best-practices"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Info: FSF or OSI recognized license: MIT License: LICENSE:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/c22063e786c11f9dd714d777a687ff7c4599b600/docs/checks.md#license"}},{"name":"Vulnerabilities","score":10,"reason":"0 existing vulnerabilities detected","details":null,"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/c22063e786c11f9dd714d777a687ff7c4599b600/docs/checks.md#vulnerabilities"}},{"name":"Signed-Releases","score":0,"reason":"Project has not signed or included provenance with any releases.","details":["Warn: release artifact v1.1.0 not signed: https://api.github.com/repos/sethcarney/mdm/releases/316909474","Warn: release artifact v1.1.0 does not have provenance: https://api.github.com/repos/sethcarney/mdm/releases/316909474"],"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/c22063e786c11f9dd714d777a687ff7c4599b600/docs/checks.md#signed-releases"}},{"name":"SAST","score":10,"reason":"SAST tool is run on all commits","details":["Info: SAST configuration detected: CodeQL","Info: all commits (14) are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/c22063e786c11f9dd714d777a687ff7c4599b600/docs/checks.md#sast"}},{"name":"Branch-Protection","score":8,"reason":"branch protection is not maximal on development and all release branches","details":["Info: 'allow deletion' disabled on branch 'main'","Info: 'force pushes' disabled on branch 'main'","Warn: 'branch protection settings apply to administrators' is disabled on branch 'main'","Warn: 'stale review dismissal' is disabled on branch 'main'","Warn: required approving review count is 1 on branch 'main'","Warn: codeowners review is not required on branch 'main'","Info: 'last push approval' is required to merge on branch 'main'","Info: 'up-to-date branches' is required to merge on branch 'main'","Info: status check found to merge onto on branch 'main'","Info: PRs are required in order to make changes on branch 'main'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/c22063e786c11f9dd714d777a687ff7c4599b600/docs/checks.md#branch-protection"}},{"name":"Fuzzing","score":10,"reason":"project is fuzzed","details":["Info: GoBuiltInFuzzer integration found: internal/skill/skill_fuzz_test.go:5","Info: GoBuiltInFuzzer integration found: internal/source/source_fuzz_test.go:5","Info: GoBuiltInFuzzer integration found: internal/source/source_fuzz_test.go:51","Info: GoBuiltInFuzzer integration found: internal/source/source_fuzz_test.go:66"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/c22063e786c11f9dd714d777a687ff7c4599b600/docs/checks.md#fuzzing"}},{"name":"Contributors","score":0,"reason":"project has 0 contributing companies or organizations -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project has a set of contributors from multiple organizations (e.g., companies).","url":"https://github.com/ossf/scorecard/blob/c22063e786c11f9dd714d777a687ff7c4599b600/docs/checks.md#contributors"}},{"name":"CI-Tests","score":10,"reason":"14 out of 14 merged PRs checked by a CI test -- score normalized to 10","details":null,"documentation":{"short":"Determines if the project runs tests before pull requests are merged.","url":"https://github.com/ossf/scorecard/blob/c22063e786c11f9dd714d777a687ff7c4599b600/docs/checks.md#ci-tests"}}]},"last_synced_at":"2026-05-03T19:38:58.770Z","repository_id":353214980,"created_at":"2026-05-03T19:38:58.770Z","updated_at":"2026-05-03T19:38:58.770Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":34034028,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-05-26T15:22:16.424Z","status":"online","status_checked_at":"2026-06-07T02:00:07.652Z","response_time":124,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["ai-tools","cli","markdown"],"created_at":"2026-05-04T22:01:40.179Z","updated_at":"2026-06-07T19:01:17.608Z","avatar_url":"https://github.com/sethcarney.png","language":"Go","funding_links":[],"categories":[],"sub_categories":[],"readme":"# mdm\n\n[![CI](https://github.com/sethcarney/mdm/actions/workflows/ci.yml/badge.svg)](https://github.com/sethcarney/mdm/actions/workflows/ci.yml)\n[![CodeQL](https://github.com/sethcarney/mdm/actions/workflows/codeql.yml/badge.svg)](https://github.com/sethcarney/mdm/actions/workflows/codeql.yml)\n[![OpenSSF Scorecard](https://api.securityscorecards.dev/projects/github.com/sethcarney/mdm/badge)](https://securityscorecards.dev/viewer/?uri=github.com/sethcarney/mdm)\n[![SLSA 3](https://slsa.dev/images/gh-badge-level3.svg)](https://slsa.dev)\n[![Go Report Card](https://goreportcard.com/badge/github.com/sethcarney/mdm)](https://goreportcard.com/report/github.com/sethcarney/mdm)\n[![GitHub Release](https://img.shields.io/github/v/release/sethcarney/mdm)](https://github.com/sethcarney/mdm/releases/latest)\n[![Ask DeepWiki](https://deepwiki.com/badge.svg)](https://deepwiki.com/sethcarney/mdm)\n\nThe markdown management CLI. No telemetry · Fully open source.\n\n## Install\n\n**macOS / Linux**\n\n```bash\ncurl -fsSL https://raw.githubusercontent.com/sethcarney/mdm/main/install.sh | bash\n```\n\n**Windows** (PowerShell)\n\n```powershell\nirm https://raw.githubusercontent.com/sethcarney/mdm/main/install.ps1 | iex\n```\n\nBoth installers place the binary in `~/.local/bin/mdm` and will warn if that directory isn't in your `PATH`.\n\nTo install to a different directory, set `INSTALL_DIR` before running:\n\n```bash\nINSTALL_DIR=/usr/local/bin curl -fsSL https://raw.githubusercontent.com/sethcarney/mdm/main/install.sh | bash\n```\n\n## Usage\n\n```\nmdm rules link             Set up AGENTS.md as source of truth and symlink agent files\nmdm rules status           Show the state of all agent instruction files\nmdm rules unlink           Remove symlinks created by mdm rules link\n\nmdm skills add \u003cpackage\u003e   Add a skill from GitHub or URL\nmdm skills remove          Remove installed skills\nmdm skills list            List installed skills\nmdm skills find [query]    Search the registry\nmdm skills update          Update installed skills\nmdm skills audit           Check installed skills for updates and security advisories\nmdm skills doctor          Check installed skills and project markdown for health issues\nmdm skills init \u003cname\u003e     Scaffold a new skill\nmdm skills install         Restore skills from skills-lock.json\nmdm skills sync            Sync skills from node_modules\nmdm upgrade                Upgrade the mdm CLI binary\n```\n\nRun `mdm --help` for the full command reference. See [docs/rules.md](docs/rules.md) for a detailed walkthrough of the `mdm rules` flow.\n\nSkill installs run a deterministic local hidden-character scan over markdown files before copying or symlinking content. See [docs/security/hidden-character-scan.md](docs/security/hidden-character-scan.md) for the exact checks and bypass policy.\n\n## Development\n\n```bash\nmake build    # compile to ./mdm\nmake test     # run all tests\nmake install  # install to $GOPATH/bin\ngo run . --help\n```\n\nSee [.vscode/launch.json](.vscode/launch.json) for VS Code debug configurations.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsethcarney%2Fmdm","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fsethcarney%2Fmdm","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsethcarney%2Fmdm/lists"}