Skip to content

chore(hardening): coverage + lint + playbooks + changelog#83

Closed
DevOpsMadDog wants to merge 5 commits into
mainfrom
codex/add-architecture-inventory-and-task-plan-docs-obonkx
Closed

chore(hardening): coverage + lint + playbooks + changelog#83
DevOpsMadDog wants to merge 5 commits into
mainfrom
codex/add-architecture-inventory-and-task-plan-docs-obonkx

Conversation

@DevOpsMadDog
Copy link
Copy Markdown
Owner

@DevOpsMadDog DevOpsMadDog commented Oct 11, 2025

Summary

  • add a qa workflow that runs formatting, linting, mypy, targeted coverage, and uploads the xml/summary artefacts expected by phase 10 hardening
  • document the operating playbooks and security posture for engineering, security, and audit teams while updating the changelog and README documentation map for the completed phases
  • tighten coverage scoping and add regression tests covering telemetry fallbacks, the graph worker loop, evidence policy helpers, and risk heuristics
  • refresh the README architecture overview and documentation map so provenance, signing, SBOM quality, risk scoring, probabilistic forecasting, and LLM integrations are captured end-to-end
  • publish readme_updated.md as a deeply structured reference covering repository topology, features, CI/CD fit, and usage guidance across SBOM, risk, provenance, reproducible builds, graph, evidence bundles, observability, and AI-enhanced decisioning
  • expand readme_updated.md with mermaid architecture diagrams, sample artefact walkthroughs, and a verification matrix tying every feature to inputs, processing stages, outputs, and recommended commands
  • reorganize readme_updated.md with an executive summary, capability matrix, end-to-end data flow, and consistent “why/what/how/usage/artefacts” sections for every capability to remove ambiguity for reviewers

Testing

  • PYTHONPATH=$(pwd) pytest services/provenance/tests/test_attestation.py services/graph/tests/test_graph.py services/repro/tests/test_verifier.py tests/test_sbom_quality.py tests/test_risk_scoring.py tests/test_evidence_bundle.py tests/test_graph_worker.py tests/test_telemetry_runtime.py -q --override-ini testpaths='' --override-ini "addopts=--cov=services.provenance --cov=services.graph --cov=services.repro --cov=lib4sbom --cov=risk --cov=evidence --cov=telemetry --cov=scripts.graph_worker --cov-report=term-missing --cov-report=xml:reports/coverage/coverage.xml --cov-fail-under=70"

https://chatgpt.com/codex/tasks/task_e_68ea30ce8c688329b8cb1cd809e5ef2f

@devin-ai-integration
Copy link
Copy Markdown
Contributor

devin-ai-integration Bot commented Jan 22, 2026

Closing as part of PR consolidation. Useful changes have been cherry-picked into PR #240.

DevOpsMadDog added a commit that referenced this pull request May 5, 2026
@DevOpsMadDog @claude
log(qa): regression sweep #83 + nav consolidation smoke verify
9c56c30 
- test_phase4_integration.py: 23/23 PASS (0.48s)
- UI nav smoke: http://localhost:5173 → 200 OK
- Playwright unavailable in subagent context; curl fallback used (minified JS bundle, 0 grep tokens — expected)
- Sidebar state: live server confirmed, nav structure not extractable from minified bundle
- SHA: 53a6711

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

codex

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@DevOpsMadDog