Skip to main content
AI/MLjmagly

committer-2fa-audit

Audit source-control organization settings for strong 2FA/MFA requirements across all committers

Stars
141
Source
jmagly/aiwg
Updated
2026-05-31
Slug
jmagly--aiwg--committer-2fa-audit
View on GitHubRaw SKILL.md

// install — copy + paste into any project

mkdir -p .claude/skills && curl -fsSL https://raw.githubusercontent.com/jmagly/aiwg/HEAD/agentic/code/frameworks/security-engineering/skills/committer-2fa-audit/SKILL.md -o .claude/skills/committer-2fa-audit.md

Drops the SKILL.md into .claude/skills/committer-2fa-audit.md. Works with Claude Code, Cursor, and any agent that loads SKILL.md files from .claude/skills/.

Committer 2FA Audit

Audit whether all committers are covered by strong two-factor authentication policy. This enforces committer-2fa-required and maps curl Practice 25 into source-control governance.

GitHub

Requires an org-admin token supplied outside the prompt context. Query the org member endpoint with the 2FA-disabled filter and report non-compliant users.

Gitea

Gitea support is instance-dependent. When the API exposes 2FA status, report non-compliant users. When it does not, report the configured organization/site policy and mark member-level visibility as unavailable.

Token Handling

Follow token-security: read tokens from a secure environment or secret manager, do not echo them, do not paste them into issue comments, and do not persist audit responses containing token material.

References

  • agentic/code/frameworks/security-engineering/rules/committer-2fa-required.md
  • agentic/code/addons/aiwg-utils/rules/token-security.md