Skip to content

Add governance artifact validation suite, schemas, Rego policies and CI#63

Merged
OneFineStarstuff merged 4 commits into
mainfrom
codex/create-agi-governance-blueprint-for-2026-2030
Apr 27, 2026
Merged

Add governance artifact validation suite, schemas, Rego policies and CI#63
OneFineStarstuff merged 4 commits into
mainfrom
codex/create-agi-governance-blueprint-for-2026-2030

Merge branch 'main' into codex/create-agi-governance-blueprint-for-20…

4ec0ec2
Select commit
Loading
Failed to load commit list.
Codacy Production / Codacy Static Code Analysis required action Apr 27, 2026 in 0s

653 new issues (0 max.) of at least severity.

Codacy Here is an overview of what got changed by this pull request:

Issues
======
- Added 653
           

Complexity increasing per file
==============================
- docs/schemas/_validation_deps.py  2
- docs/schemas/check_dependencies.py  11
- docs/schemas/check_generated_artifacts.py  10
- docs/schemas/generate_evidence_bundle.py  7
- docs/schemas/governance_artifacts_validation.py  23
- docs/schemas/run_governance_checks.py  21
- docs/schemas/test_check_dependencies.py  9
- docs/schemas/test_check_generated_artifacts.py  3
- docs/schemas/test_generate_evidence_bundle.py  5
- docs/schemas/test_governance_artifacts_validation.py  5
- docs/schemas/test_run_governance_checks.py  8
- docs/schemas/test_validate_artifact_inventory.py  5
- docs/schemas/test_validate_evidence_manifest.py  4
- docs/schemas/test_validate_run_report.py  9
- docs/schemas/test_validation_deps.py  3
- docs/schemas/test_verify_evidence_bundle.py  2
- docs/schemas/validate_artifact_inventory.py  25
- docs/schemas/validate_evidence_manifest.py  12
- docs/schemas/validate_run_report.py  28
- docs/schemas/verify_evidence_bundle.py  10
         

Clones added
============
- docs/schemas/check_generated_artifacts.py  2
- docs/schemas/generate_evidence_bundle.py  2
- docs/schemas/test_run_governance_checks.py  2
- docs/schemas/test_validate_evidence_manifest.py  6
- docs/schemas/test_validate_run_report.py  38
- docs/schemas/test_verify_evidence_bundle.py  6
- docs/schemas/verify_evidence_bundle.py  2
         

See the complete overview on Codacy

Annotations

Check warning on line 22 in .github/workflows/governance-artifacts-ci.yml

See this annotation in the file changed.

@codacy-production codacy-production / Codacy Static Code Analysis

.github/workflows/governance-artifacts-ci.yml#L22

Ensure top-level permissions are not set to write-all

Check warning on line 3 in docs/schemas/_validation_deps.py

See this annotation in the file changed.

@codacy-production codacy-production / Codacy Static Code Analysis

docs/schemas/_validation_deps.py#L3

No name 'annotations' in module '__future__'

Check warning on line 11 in docs/schemas/_validation_deps.py

See this annotation in the file changed.

@codacy-production codacy-production / Codacy Static Code Analysis

docs/schemas/_validation_deps.py#L11

Import "jsonschema" could not be resolved from source (reportMissingModuleSource)

Check notice on line 15 in docs/schemas/check_dependencies.py

See this annotation in the file changed.

@codacy-production codacy-production / Codacy Static Code Analysis

docs/schemas/check_dependencies.py#L15

Missing function docstring

Check notice on line 39 in docs/schemas/check_dependencies.py

See this annotation in the file changed.

@codacy-production codacy-production / Codacy Static Code Analysis

docs/schemas/check_dependencies.py#L39

Missing function docstring

Check warning on line 48 in docs/schemas/check_dependencies.py

See this annotation in the file changed.

@codacy-production codacy-production / Codacy Static Code Analysis

docs/schemas/check_dependencies.py#L48

division w/o __future__ statement

Check notice on line 6 in docs/schemas/check_generated_artifacts.py

See this annotation in the file changed.

@codacy-production codacy-production / Codacy Static Code Analysis

docs/schemas/check_generated_artifacts.py#L6

Consider possible security implications associated with the subprocess module.

Check warning on line 6 in docs/schemas/check_generated_artifacts.py

See this annotation in the file changed.

@codacy-production codacy-production / Codacy Static Code Analysis

docs/schemas/check_generated_artifacts.py#L6

Consider possible security implications associated with the subprocess module. (B404)

Check warning on line 20 in docs/schemas/check_generated_artifacts.py

See this annotation in the file changed.

@codacy-production codacy-production / Codacy Static Code Analysis

docs/schemas/check_generated_artifacts.py#L20

Value 'list' is unsubscriptable

Check warning on line 21 in docs/schemas/check_generated_artifacts.py

See this annotation in the file changed.

@codacy-production codacy-production / Codacy Static Code Analysis

docs/schemas/check_generated_artifacts.py#L21

subprocess call - check for execution of untrusted input.

Check warning on line 21 in docs/schemas/check_generated_artifacts.py

See this annotation in the file changed.

@codacy-production codacy-production / Codacy Static Code Analysis

docs/schemas/check_generated_artifacts.py#L21

subprocess call - check for execution of untrusted input. (B603)

Check warning on line 60 in docs/schemas/generate_evidence_bundle.py

See this annotation in the file changed.

@codacy-production codacy-production / Codacy Static Code Analysis

docs/schemas/generate_evidence_bundle.py#L60

division w/o __future__ statement

Check warning on line 3 in docs/schemas/governance_artifacts_validation.py

See this annotation in the file changed.

@codacy-production codacy-production / Codacy Static Code Analysis

docs/schemas/governance_artifacts_validation.py#L3

No name 'annotations' in module '__future__'

Check warning on line 18 in docs/schemas/governance_artifacts_validation.py

See this annotation in the file changed.

@codacy-production codacy-production / Codacy Static Code Analysis

docs/schemas/governance_artifacts_validation.py#L18

division w/o __future__ statement

Check notice on line 44 in docs/schemas/governance_artifacts_validation.py

See this annotation in the file changed.

@codacy-production codacy-production / Codacy Static Code Analysis

docs/schemas/governance_artifacts_validation.py#L44

Missing function docstring

Check notice on line 49 in docs/schemas/governance_artifacts_validation.py

See this annotation in the file changed.

@codacy-production codacy-production / Codacy Static Code Analysis

docs/schemas/governance_artifacts_validation.py#L49

Missing function docstring

Check warning on line 59 in docs/schemas/governance_artifacts_validation.py

See this annotation in the file changed.

@codacy-production codacy-production / Codacy Static Code Analysis

docs/schemas/governance_artifacts_validation.py#L59

"Draft202012Validator" is possibly unbound (reportPossiblyUnboundVariable)

Check notice on line 8 in docs/schemas/run_governance_checks.py

See this annotation in the file changed.

@codacy-production codacy-production / Codacy Static Code Analysis

docs/schemas/run_governance_checks.py#L8

Consider possible security implications associated with the subprocess module.

Check warning on line 8 in docs/schemas/run_governance_checks.py

See this annotation in the file changed.

@codacy-production codacy-production / Codacy Static Code Analysis

docs/schemas/run_governance_checks.py#L8

Consider possible security implications associated with the subprocess module. (B404)

Check warning on line 78 in docs/schemas/run_governance_checks.py

See this annotation in the file changed.

@codacy-production codacy-production / Codacy Static Code Analysis

docs/schemas/run_governance_checks.py#L78

Value 'list' is unsubscriptable

Check warning on line 83 in docs/schemas/run_governance_checks.py

See this annotation in the file changed.

@codacy-production codacy-production / Codacy Static Code Analysis

docs/schemas/run_governance_checks.py#L83

subprocess call with shell=True identified, security issue.

Check warning on line 83 in docs/schemas/run_governance_checks.py

See this annotation in the file changed.

@codacy-production codacy-production / Codacy Static Code Analysis

docs/schemas/run_governance_checks.py#L83

subprocess call with shell=True identified, security issue. (B602)

Check warning on line 99 in docs/schemas/run_governance_checks.py

See this annotation in the file changed.

@codacy-production codacy-production / Codacy Static Code Analysis

docs/schemas/run_governance_checks.py#L99

Operator "+" not supported for types "bytes | Literal['']" and "str"
  Operator "+" not supported for types "bytes" and "str" (reportOperatorIssue)

Check warning on line 106 in docs/schemas/run_governance_checks.py

See this annotation in the file changed.

@codacy-production codacy-production / Codacy Static Code Analysis

docs/schemas/run_governance_checks.py#L106

Argument of type "str | bytes" cannot be assigned to parameter "text" of type "str" in function "tail_with_marker"
  Type "str | bytes" is not assignable to type "str"
    "bytes" is not assignable to "str" (reportArgumentType)

Check notice on line 1 in docs/schemas/test_check_dependencies.py

See this annotation in the file changed.

@codacy-production codacy-production / Codacy Static Code Analysis

docs/schemas/test_check_dependencies.py#L1

Consider possible security implications associated with the subprocess module.