CTO Watchdog is a proactive automation system embedded in every repository of the Dhaher Labs ecosystem. It acts as an always-on CTO that:
| Capability | Description |
|---|---|
| 🔍 Inspect | Detects every repository event — push, PR, branch, release |
| 📋 Audit | Runs comprehensive checks for code quality, branding, security, SEO |
| 🔧 Fix | Automatically applies safe, low-risk fixes without human intervention |
| 📊 Report | Generates detailed reports with health scores and next steps |
| 📧 Notify | Sends email reports to the right people at the right time |
| 🌿 Consolidate | Analyzes branches and recommends cleanup or merges |
GitHub Event (push/PR/release)
│
▼
┌─────────────────────┐
│ GitHub Actions │ ← Embedded in each repo
│ .github/workflows │
└──────────┬──────────┘
│
▼
┌─────────────────────┐
│ Event Classifier │ ← Classifies event type & risk
└──────────┬──────────┘
│
▼
┌─────────────────────┐
│ CTO Auditor │ ← Inspects, analyzes, scores
└──────────┬──────────┘
│
┌─────┴─────┐
│ │
▼ ▼
┌─────────┐ ┌──────────┐
│ Safe Fix │ │ Report │
│ Engine │ │ Generator │
└────┬────┘ └─────┬────┘
│ │
▼ ▼
┌─────────┐ ┌──────────┐
│ Git Ops │ │ Email │
│ (PR/Commit)│ │ Notifier │
└─────────┘ └──────────┘
cto-watchdog/
├── .github/
│ └── workflows/
│ ├── cto-watch.yml # Real-time event monitor
│ ├── cto-audit.yml # Weekly comprehensive audit
│ ├── report-mailer.yml # Email notification on events
│ └── cto-consolidate.yml # Branch consolidation
├── scripts/
│ ├── event-classifier.py # Classifies GitHub events
│ ├── cto-auditor.py # Main audit engine
│ ├── safe-fix.py # Safe auto-fix engine
│ ├── report-generator.py # Generates structured reports
│ ├── email-notifier.py # SMTP email notifications
│ ├── branch-analyzer.py # Branch health analysis
│ ├── repo-registry.py # Repository registry manager
│ └── deploy-workflows.py # Deploys workflows to repos
├── config/
│ └── repo-registry.json # Complete repo catalog with metadata
├── docs/
│ ├── automation.md # System documentation
│ ├── audit-policy.md # Audit checklist & severity levels
│ ├── safe-fix-policy.md # What can be auto-fixed
│ ├── branch-policy.md # Branch naming & lifecycle
│ ├── security.md # Secret management & safety
│ ├── brand-guidelines.md # Branding consistency rules
│ └── report-format.md # Report structure specification
└── README.md # This file
Add these secrets to your repository or organization:
| Secret | Description |
|---|---|
CTO_WATCHDOG_GITHUB_TOKEN |
GitHub PAT with repo & workflow scopes |
CTO_WATCHDOG_SMTP_SERVER |
SMTP server address |
CTO_WATCHDOG_SMTP_PORT |
SMTP port (e.g., 587) |
CTO_WATCHDOG_SMTP_USER |
SMTP username |
CTO_WATCHDOG_SMTP_PASS |
SMTP password |
CTO_WATCHDOG_SMTP_FROM |
Sender email address |
# Deploy to all dhaher-labs repos
python scripts/deploy-workflows.py \
--token $GITHUB_TOKEN \
--org dhaher-labs
# Deploy to personal repos
python scripts/deploy-workflows.py \
--token $GITHUB_TOKEN \
--user mulkymalikuldhaher
# Dry run first
python scripts/deploy-workflows.py \
--token $GITHUB_TOKEN \
--org dhaher-labs \
--dry-run# Audit a local repository
python scripts/cto-auditor.py /path/to/repo --owner dhaher-labs
# Apply safe fixes
python scripts/safe-fix.py /path/to/repo
# Dry run (preview fixes)
python scripts/safe-fix.py /path/to/repo --dry-run
# Analyze branches
python scripts/branch-analyzer.py /path/to/repo --owner dhaher-labs- Never store tokens or secrets in code — use GitHub Secrets
- Webhook signatures are verified using HMAC-SHA256
- All operations respect GitHub API rate limits
- Safe fixes are only applied for LOW-risk issues per the Safe Fix Policy
- HIGH-risk issues generate reports and PRs for human review
- CRITICAL security findings trigger immediate email alerts
See Security Policy for full details.
| Event Type | Risk Level | Action |
|---|---|---|
docs-only |
LOW | Audit + auto-fix formatting |
code-change |
MEDIUM | Audit + test + report |
config-change |
MEDIUM | Audit + report |
workflow-change |
HIGH | Audit + manual review |
branding-change |
LOW | Audit + auto-fix branding |
dependency-change |
MEDIUM | Audit + drift analysis |
branch-lifecycle |
LOW | Report + cleanup suggestion |
release |
MEDIUM | Validate + compatibility check |
Every audit generates scores across six dimensions:
| Dimension | What It Measures |
|---|---|
| Code Quality | Empty files, placeholders, debug code |
| Documentation | README quality, badges, instructions |
| Branding Consistency | Old account names, overclaim, correct references |
| Security | Committed secrets, CORS, vulnerabilities |
| Branch Health | Stale branches, consolidation opportunities |
| SEO & Discoverability | Meta descriptions, headings, keywords |
- Person: Mulky Malikul Dhaher
- Organization: Dhaher Labs
- Colors:
#1A1D20(dark),#D9A441(gold),#00D1C7(cyan) - No Overclaim: "AI Powered Grade" is prohibited without substantiation
See Brand Guidelines for full details.
| Repository Owner | |
|---|---|
mulkymalikuldhaher |
mulkymalikuldhr@mail.com |
dhaher-labs |
dhaher-labs@email.com |
This is an internal tool for the Dhaher Labs ecosystem. For contributions to our public projects, see contribute-to-our-projects.
MIT License — © 2026 Mulky Malikul Dhaher, Dhaher Labs
Built with 🤖 by CTO Watchdog
Dhaher Labs • Building Intelligent Systems