Skip to content
TaskBounty
Workflow snippets

Add the TaskBounty check to your AI-build workflow

If you are building with Cursor, Claude, Codex, Lovable, Bolt, Replit, or v0, the easiest habit is simple: before launch, run the local check and then ask for a human review of anything the CLI cannot verify.

Local check

Check a repo from your terminal

No network by default
npx taskbounty-check@latest .

Runs locally and checks GitHub Actions + CI hygiene. It writes a local report and does not upload source code or workflow contents.

Want it inside your workflow? Copy the Cursor, Claude, Codex, and GitHub Actions snippets.

Cursor / AI editor rule

Before I ship this app, run a local CI hygiene check:

1. In the repo root, run `npx taskbounty-check@latest .`.
2. Do not upload source code, workflow contents, secrets, or generated reports anywhere.
3. Read the local report and summarize only: candidate count, categories, and whether manual review is recommended.
4. Separate what the CLI can check (GitHub Actions + dependency update hygiene) from what still needs manual review (secrets, auth, payments, webhooks, runtime behavior).
5. Ask me before changing any files.

Claude / Codex launch prompt

Act as my pre-launch safety reviewer. First run `npx taskbounty-check@latest .` locally from this repository. Treat the output as a CI/workflow hygiene signal only, not a full security audit.

Return:
- What was checked.
- What was not checked.
- The smallest safe fixes worth making before launch.
- Any items that need a human security review.

Do not transmit code or workflow contents. Do not open PRs or edit files until I approve the plan.

GitHub Actions optional pre-launch workflow

name: TaskBounty local CI hygiene check

on:
  workflow_dispatch:
  pull_request:
    paths:
      - '.github/workflows/**'
      - '.github/dependabot.yml'
      - 'renovate.json*'

permissions:
  contents: read

jobs:
  taskbounty-check:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - uses: actions/setup-node@v4
        with:
          node-version: '20'
      - name: Run TaskBounty check
        run: npx taskbounty-check@latest . --dry-run

README pre-launch checklist block

## Pre-launch safety check

Before sharing this app publicly, run:

```bash
npx taskbounty-check@latest .
```

This checks GitHub Actions and CI/update hygiene locally. It does not upload source code or workflow contents by default, and it is not a full app security audit. Secrets, auth, payments, webhooks, and runtime behavior still need manual review.

How to use these

  • Cursor: Paste the AI editor rule into project instructions or the chat before launch work.
  • Claude / Codex: Paste the launch prompt when asking the agent to review a local repo.
  • GitHub Actions: Use the workflow only if you want a manual or PR-triggered CI hygiene gate. Keep the workflow least-privilege.
  • README: Add the checklist block to AI-built apps where future contributors need a lightweight pre-launch habit.

The local CLI checks CI/workflow hygiene. For private repositories or broader app risks, request a confidential review. For the broader launch sequence, use the pre-launch checklist.