Skip to content

feat(report): compliance reporting aggregator + report subcommand (#19)#30

Merged
lex00 merged 1 commit into
mainfrom
feat/compliance-report
Jun 19, 2026
Merged

feat(report): compliance reporting aggregator + report subcommand (#19)#30
lex00 merged 1 commit into
mainfrom
feat/compliance-report

Conversation

@lex00

@lex00 lex00 commented Jun 19, 2026

Copy link
Copy Markdown
Contributor

Closes #19.

Adds the compliance reporting aggregator — a unified posture snapshot across all cycles plus the audit engine. Unlike a reconcile cycle, this is detect-and-report only and never touches GitHub: it aggregates the structured results the cycles already produced.

Aggregator (src/report/compliance.ts) — pure, clock-free

buildComplianceReport(results: ReconcileResult[], audit?: PostureReport) folds in:

  • per-cycle drift counts (create/update/delete + total)
  • guardrail status (tripped guardrails + blocked)
  • applied/failed entry tallies
  • errored cycles + budget-deferred cycles
  • audit totals → mergeWorthy (quick-win + needs-review)
  • cross-cutting roll-ups + a clean flag (nothing needs attention)

Plus renderComplianceReport (human/check-run summary, mirroring the audit summary layout) and complianceArtifact (stable committable JSON). The aggregator is clock-free; the CLI stamps generatedAt.

report subcommand

github-warden report --config … <auth> runs all (or --cycles-selected) cycles in dry-run, optionally an audit pass (--audit), prints the snapshot, writes a JSON artifact (--out), and exits 4 when --fail-on attention and the report isn't clean.

Verification

  • npx tsc --noEmit clean
  • npm test green (390 tests; +17 aggregator tests with mock ReconcileResult/PostureReport, +5 parseReportArgs tests)
  • Smoke-tested the built CLI: --help lists report; report without auth exits 2
  • Action bundle rebuilt for the CI freshness check

🤖 Generated with Claude Code

@lex00 @claude
feat(report): compliance reporting aggregator + report subcommand (#19)
b317de3 
Pure aggregator (src/report/compliance.ts) folds ReconcileResult[] (drift
counts, guardrail trips/blocks, applied/failed, errored, deferred) plus an
optional audit PostureReport into a unified, clock-free compliance
snapshot, with human render + committable JSON artifact. Detect-only.

New `github-warden report` subcommand runs cycles in dry-run (+ optional
--audit), prints the snapshot, writes --out artifact, and exits 4 on
--fail-on attention. Unit-tested aggregation with mock run results.

Action bundle rebuilt.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
@lex00 lex00 merged commit b860e9c into main Jun 19, 2026
2 checks passed
@lex00 lex00 mentioned this pull request Jun 19, 2026
Open
1 task
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

cycle: compliance reporting (aggregator)

1 participant

@lex00