Skip to content

feat(cli): expose contributor-check and credential-audit as pip CLI commands#1711

Merged
imran-siddique merged 1 commit intomainfrom
feat/cli-contributor-check
May 4, 2026
Merged

feat(cli): expose contributor-check and credential-audit as pip CLI commands#1711
imran-siddique merged 1 commit intomainfrom
feat/cli-contributor-check

Conversation

@imran-siddique
Copy link
Copy Markdown
Member

@imran-siddique imran-siddique commented May 4, 2026

Summary

Adds \�gt-contributor-check\ and \�gt-credential-audit\ as console_scripts entry points in the \�gent-governance-toolkit\ PyPI package. Consumers can now run these tools via \pip install agent-governance-toolkit\ instead of cloning the repo.

Changes

  • Copy \scripts/contributor_check.py\ and \scripts/credential_audit.py\ into \�gent_compliance.cli\ module
  • Add _entry()\ wrapper functions for console_scripts compatibility
  • Register entry points in \pyproject.toml:
    • \�gt-contributor-check\ -> \�gent_compliance.cli.contributor_check:_entry\
    • \�gt-credential-audit\ -> \�gent_compliance.cli.credential_audit:_entry\

Motivation

Addresses review feedback on github/awesome-copilot#1520: the contributor check workflow was cloning this repo at HEAD to access scripts, creating supply-chain risk and drift concerns. With pip-installable CLIs, consumers pin to a specific release version.

Usage

\\�ash
pip install agent-governance-toolkit==3.3.0
agt-contributor-check --username --json
agt-credential-audit --username --repo org/repo --json
\\

Co-authored-by: Copilot 223556219+Copilot@users.noreply.github.com

@imran-siddique
feat(cli): expose contributor-check and credential-audit as pip CLI c…
eb9cd81 
…ommands

Add agt-contributor-check and agt-credential-audit as console_scripts
entry points in the agent-governance-toolkit package. This allows
consumers to pip install instead of cloning the repo to access these
tools.

Addresses: github/awesome-copilot#1520 review feedback.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
@imran-siddique imran-siddique merged commit ca6851c into main May 4, 2026
31 checks passed
@github-actions github-actions Bot added the dependencies Pull requests that update a dependency file label May 4, 2026
@imran-siddique imran-siddique deleted the feat/cli-contributor-check branch May 4, 2026 01:49
@github-actions
Copy link
Copy Markdown

github-actions Bot commented May 4, 2026

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

Scanned Files

None

@github-actions github-actions Bot added the size/XL Extra large PR (500+ lines) label May 4, 2026
@github-actions
Copy link
Copy Markdown

github-actions Bot commented May 4, 2026

🤖 AI Agent: security-scanner — View details

No security issues found.

@github-actions
Copy link
Copy Markdown

github-actions Bot commented May 4, 2026

🤖 AI Agent: docs-sync-checker — Docs Sync

Docs Sync

  • contributor_check.py in agent_compliance.cli -- missing docstring for _entry() function
  • credential_audit.py in agent_compliance.cli -- missing docstring for _entry() function
  • README.md -- CLI usage section needs update to include agt-contributor-check and agt-credential-audit
  • CHANGELOG.md -- missing entry for new CLI commands agt-contributor-check and agt-credential-audit

@github-actions
Copy link
Copy Markdown

github-actions Bot commented May 4, 2026

🤖 AI Agent: breaking-change-detector — API Compatibility

API Compatibility

No breaking changes detected.

@github-actions
Copy link
Copy Markdown

github-actions Bot commented May 4, 2026

🤖 AI Agent: test-generator — `agent_compliance/cli/contributor_check.py`

agent_compliance/cli/contributor_check.py

  • test_entry_point_execution -- Validate that the _entry() function correctly invokes the contributor check logic.
  • test_api_error_handling -- Ensure _api() handles HTTP errors (e.g., 403, 404) gracefully.
  • test_signal_risk_computation -- Verify ReputationReport.compute_risk() calculates risk levels accurately based on signals.
  • test_check_account_shape_edge_cases -- Test check_account_shape() with edge cases like zero followers or extremely high repo velocity.
  • test_check_repo_themes_empty_response -- Confirm check_repo_themes() handles empty or malformed API responses without crashing.

agent_compliance/cli/credential_audit.py

  • test_entry_point_execution -- Validate that the _entry() function correctly invokes the credential audit logic.
  • test_invalid_credentials_handling -- Ensure the tool handles invalid or missing credentials gracefully.
  • test_audit_output_format -- Verify the audit output adheres to the expected JSON structure.
  • test_rate_limit_handling -- Confirm the tool respects GitHub API rate limits and retries appropriately.

pyproject.toml

  • test_console_scripts_registration -- Verify that the agt-contributor-check and agt-credential-audit entry points are correctly registered and executable.

@github-actions
Copy link
Copy Markdown

github-actions Bot commented May 4, 2026

🤖 AI Agent: code-reviewer — Action Items:

TL;DR: 1 blocker, 2 warnings. The PR introduces useful CLI commands but has a critical security issue and minor concerns.

# Sev Issue Where
1 🚨 Missing input validation for user-provided arguments, leading to potential security risks. contributor_check.py, credential_audit.py
2 ⚠️ Lack of unit tests for the new CLI commands. tests/
3 ⚠️ No explicit error handling for subprocess calls (e.g., gh auth token). contributor_check.py

Action Items:

  1. Add input validation for all user-provided arguments to prevent potential security vulnerabilities.

Warnings (fine as follow-up PRs):

# Issue Where
2 Add unit tests for agt-contributor-check and agt-credential-audit CLI commands. tests/
3 Add explicit error handling for subprocess calls to prevent unexpected crashes. contributor_check.py

@imran-siddique imran-siddique mentioned this pull request May 4, 2026
Merged
@github-actions
Copy link
Copy Markdown

github-actions Bot commented May 4, 2026

PR Review Summary

Check Status Details
🔍 Code Review ❌ Failed Issues detected
🛡️ Security Scan ✅ Passed No issues found
🔄 Breaking Changes ✅ Passed No issues found
📝 Docs Sync ✅ Completed Analysis complete
🧪 Test Coverage ✅ Completed Analysis complete

Verdict: ❌ Changes needed

imran-siddique added a commit to imran-siddique/agent-governance-toolkit that referenced this pull request May 4, 2026
@imran-siddique
feat(cli): expose contributor-check and credential-audit as pip CLI c…
b3c2091 
…ommands (microsoft#1711)

Add agt-contributor-check and agt-credential-audit as console_scripts
entry points in the agent-governance-toolkit package. This allows
consumers to pip install instead of cloning the repo to access these
tools.

Addresses: github/awesome-copilot#1520 review feedback.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file size/XL Extra large PR (500+ lines)

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@imran-siddique