The missing piece for me is a repo contract, not just repo metadata.
Something explicit that says:
That turns a repo from 'maybe safe' into something an agent can operate against without folklore. That's a big part of the direction we've been taking with MartinLoop.