Skip to content

Commit fa8f13c

Browse files
committed
feat: publish sanitized GithubRepoAuditor baseline
0 parents  commit fa8f13c

482 files changed

Lines changed: 187536 additions & 0 deletions

File tree

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

.codex/verify.commands

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,3 @@
1+
# codex-os-managed
2+
python3 -m pytest -q -p no:cacheprovider
3+
ruff check src/ tests/

.env.example

Lines changed: 20 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,20 @@
1+
# GitHub Repo Auditor environment configuration
2+
# Copy to .env and fill in values, then run:
3+
# audit <github-username> --doctor
4+
5+
# Recommended for private repos, higher rate limits, writeback previews, and governed actions.
6+
# Public-only audits can run without it, but diagnostics will warn about the reduced capability.
7+
GITHUB_TOKEN=
8+
9+
# Optional: enables AI narrative and other narrative helpers when requested.
10+
ANTHROPIC_API_KEY=
11+
12+
# Optional: required for Notion sync, Notion registry, and Notion-backed writeback paths.
13+
NOTION_TOKEN=
14+
15+
# Optional: override the default output directory if you do not want to use ./output
16+
# AUDIT_OUTPUT_DIR=output
17+
18+
# Optional: keep this around if you frequently use the flagship workbook path.
19+
# The committed default remains assets/excel/analyst-template.xlsx.
20+
# AUDIT_EXCEL_MODE=template
Lines changed: 26 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,26 @@
1+
---
2+
name: Bug report
3+
about: Report a problem with GithubRepoAuditor
4+
title: "[Bug] "
5+
labels: bug
6+
assignees: ""
7+
---
8+
9+
## Describe the bug
10+
A clear description of what the bug is.
11+
12+
## To reproduce
13+
Steps to reproduce:
14+
1. Run
15+
2. See error
16+
17+
## Expected behavior
18+
What you expected to happen.
19+
20+
## Actual behavior
21+
What actually happened. Include the full traceback if applicable.
22+
23+
## Environment
24+
- OS: [e.g. macOS 15, Ubuntu 24.04]
25+
- Python version: [e.g. 3.11.8]
26+
- Commit: [run edb00ee chore: add Makefile, pyproject.toml, CONTRIBUTING, CHANGELOG, docs]

.github/dependabot.yml

Lines changed: 11 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,11 @@
1+
version: 2
2+
updates:
3+
- package-ecosystem: "pip"
4+
directory: "/"
5+
schedule:
6+
interval: "weekly"
7+
open-pull-requests-limit: 5
8+
- package-ecosystem: "github-actions"
9+
directory: "/"
10+
schedule:
11+
interval: "weekly"

.github/pull_request_template.md

Lines changed: 31 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,31 @@
1+
## What
2+
3+
Brief description of the changes.
4+
5+
## Why
6+
7+
Why is this change needed?
8+
9+
## Review Of What Was Built
10+
11+
What shipped in this phase? List the user-visible or workflow-visible results.
12+
13+
## Cleanup Review
14+
15+
What did you remove, simplify, archive, or intentionally leave out?
16+
17+
## Verification Summary
18+
19+
Commands run, artifact checks performed, and the results.
20+
21+
## Shipped Summary
22+
23+
What is now true on the branch after this change?
24+
25+
## Next Phase
26+
27+
Detailed writeup for the next phase: objective, why it is next, and the main risks or dependencies.
28+
29+
## Remaining Roadmap
30+
31+
One-line summaries for the other phases still left in the roadmap.

.github/workflows/README.md

Lines changed: 39 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,39 @@
1+
# GitHub Actions Workflows
2+
3+
## `ci.yml` — Continuous Integration
4+
5+
Runs on code-bearing pushes and pull requests to `main`. Documentation-only changes are ignored to avoid spending private Actions minutes on non-code updates. Superseded runs are canceled automatically.
6+
7+
While this repository remains private during the GitHub Actions billing mitigation period, CI runs the canonical Python 3.11 lane only. Restore the broader Python version matrix after either making the repository public or explicitly accepting the private-runner cost.
8+
9+
Steps:
10+
1. Install dependencies via `pip install -e ".[dev]"`
11+
2. Run the full test suite with `pytest tests/ -v --tb=short`
12+
3. Lint with `ruff check src/ tests/`
13+
4. Type-check the extracted operator trend seams with scoped `mypy`
14+
15+
No secrets are required for CI.
16+
17+
## `audit.yml` — Manual Automated Audit
18+
19+
Runs manually via `workflow_dispatch`. The automatic weekly schedule is disabled while the repository remains private to avoid recurring GitHub Actions billing.
20+
21+
Steps:
22+
1. Install the package with config support.
23+
2. Restore cached audit history and incremental fingerprints.
24+
3. Run the audit in `standard` workbook mode, using incremental mode when a trustworthy cached baseline already exists.
25+
4. Run `audit <username> --control-center` to generate the read-only operator triage artifact.
26+
5. Inspect the canonical scheduled handoff issue state, then run `python3 -m src.scheduled_handoff --output-dir output ...` to build the scheduled handoff JSON + Markdown summary with the right lifecycle action.
27+
6. Upload `output/` as the primary artifact output.
28+
7. Open, update, close, or reopen one canonical `scheduled-audit-handoff` issue depending on whether the latest handoff is noisy or quiet.
29+
30+
The workflow does not commit generated runtime artifacts back into the repository.
31+
32+
### Required secrets
33+
34+
- `AUDIT_TOKEN`: GitHub Personal Access Token used by the audit itself when private-repo access or higher rate limits are needed.
35+
- `GITHUB_TOKEN`: GitHub Actions token used to create or update the optional scheduled handoff issue.
36+
37+
### Manual trigger
38+
39+
Go to **Actions → Scheduled Audit → Run workflow** and optionally override the username.

.github/workflows/audit.yml

Lines changed: 160 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,160 @@
1+
name: Scheduled Audit
2+
3+
on:
4+
workflow_dispatch:
5+
inputs:
6+
username:
7+
description: GitHub username to audit
8+
required: false
9+
default: saagpatel
10+
11+
permissions:
12+
contents: read
13+
issues: write
14+
15+
jobs:
16+
audit:
17+
runs-on: ubuntu-latest
18+
19+
steps:
20+
- uses: actions/checkout@v6
21+
22+
- uses: actions/setup-python@v6
23+
with:
24+
python-version: '3.11'
25+
26+
- name: Install dependencies
27+
run: |
28+
python -m pip install --upgrade pip
29+
pip install -e ".[config]"
30+
31+
- name: Restore previous audit history
32+
uses: actions/cache@v5
33+
with:
34+
path: |
35+
output/audit-report-*.json
36+
output/history
37+
output/.audit-fingerprints.json
38+
key: audit-history-${{ github.repository }}
39+
restore-keys: audit-history-
40+
41+
- name: Run audit
42+
env:
43+
GITHUB_TOKEN: ${{ secrets.AUDIT_TOKEN }}
44+
run: |
45+
mkdir -p output/history
46+
USERNAME="${{ github.event.inputs.username || 'saagpatel' }}"
47+
if ls output/audit-report-*.json >/dev/null 2>&1 && [ -f output/.audit-fingerprints.json ]; then
48+
audit "$USERNAME" --incremental --html --badges --diff --excel-mode standard
49+
else
50+
audit "$USERNAME" --html --badges --excel-mode standard
51+
fi
52+
53+
- name: Build control-center artifact
54+
run: |
55+
USERNAME="${{ github.event.inputs.username || 'saagpatel' }}"
56+
audit "$USERNAME" --control-center
57+
58+
- name: Inspect canonical scheduled handoff issue
59+
id: issue-state
60+
env:
61+
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
62+
run: |
63+
USERNAME="${{ github.event.inputs.username || 'saagpatel' }}"
64+
TITLE="Scheduled Audit Handoff: $USERNAME"
65+
python3 - <<'PY'
66+
import json
67+
import os
68+
import subprocess
69+
70+
title = os.environ["TITLE"]
71+
output_path = os.environ["GITHUB_OUTPUT"]
72+
items = json.loads(
73+
subprocess.check_output(
74+
["gh", "issue", "list", "--state", "all", "--limit", "100", "--json", "number,title,state,url"],
75+
text=True,
76+
)
77+
)
78+
match = next((item for item in items if item.get("title") == title), None)
79+
state = "absent"
80+
number = ""
81+
url = ""
82+
if match:
83+
state = (match.get("state") or "").lower()
84+
number = str(match.get("number", ""))
85+
url = match.get("url", "")
86+
with open(output_path, "a", encoding="utf-8") as fh:
87+
fh.write(f"issue_state={state}\n")
88+
fh.write(f"issue_number={number}\n")
89+
fh.write(f"issue_url={url}\n")
90+
PY
91+
92+
- name: Build scheduled handoff artifact
93+
run: |
94+
python3 -m src.scheduled_handoff \
95+
--output-dir output \
96+
--issue-state "${{ steps.issue-state.outputs.issue_state }}" \
97+
--issue-number "${{ steps.issue-state.outputs.issue_number }}" \
98+
--issue-url "${{ steps.issue-state.outputs.issue_url }}"
99+
100+
- name: Read scheduled handoff decision
101+
id: scheduled-handoff
102+
run: |
103+
python3 - <<'PY'
104+
import json
105+
import os
106+
from pathlib import Path
107+
108+
path = sorted(Path("output").glob("scheduled-handoff-*.json"))[-1]
109+
payload = json.loads(path.read_text())
110+
issue = payload.get("issue_candidate", {})
111+
with open(os.environ["GITHUB_OUTPUT"], "a", encoding="utf-8") as fh:
112+
fh.write(f"action={issue.get('action', 'quiet')}\n")
113+
fh.write(f"issue_title={issue.get('title', '')}\n")
114+
fh.write(f"issue_label={issue.get('label', '')}\n")
115+
fh.write(f"body_path={issue.get('body_path', '')}\n")
116+
fh.write(f"issue_number={issue.get('issue_number', '')}\n")
117+
fh.write(f"reopen_existing={'true' if issue.get('reopen_existing') else 'false'}\n")
118+
PY
119+
120+
- name: Apply scheduled handoff issue lifecycle
121+
if: steps.scheduled-handoff.outputs.action != 'quiet'
122+
env:
123+
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
124+
ACTION: ${{ steps.scheduled-handoff.outputs.action }}
125+
TITLE: ${{ steps.scheduled-handoff.outputs.issue_title }}
126+
LABEL: ${{ steps.scheduled-handoff.outputs.issue_label }}
127+
BODY_PATH: ${{ steps.scheduled-handoff.outputs.body_path }}
128+
ISSUE_NUMBER: ${{ steps.scheduled-handoff.outputs.issue_number }}
129+
REOPEN_EXISTING: ${{ steps.scheduled-handoff.outputs.reopen_existing }}
130+
run: |
131+
if ! gh label list --limit 200 --json name --jq '.[].name' | grep -qx "$LABEL"; then
132+
gh label create "$LABEL" --color "1D76DB" --description "Meaningful scheduled audit findings"
133+
fi
134+
if [ "$ACTION" = "open" ]; then
135+
gh issue create --title "$TITLE" --body-file "$BODY_PATH" --label "$LABEL"
136+
elif [ "$ACTION" = "update" ]; then
137+
if [ "$REOPEN_EXISTING" = "true" ] && [ -n "$ISSUE_NUMBER" ]; then
138+
gh issue reopen "$ISSUE_NUMBER"
139+
fi
140+
gh issue edit "$ISSUE_NUMBER" --body-file "$BODY_PATH" --add-label "$LABEL"
141+
elif [ "$ACTION" = "close" ]; then
142+
gh issue comment "$ISSUE_NUMBER" --body-file "$BODY_PATH"
143+
gh issue close "$ISSUE_NUMBER"
144+
fi
145+
146+
- name: Save audit history
147+
uses: actions/cache/save@v5
148+
with:
149+
path: |
150+
output/audit-report-*.json
151+
output/history
152+
output/.audit-fingerprints.json
153+
key: audit-history-${{ github.repository }}-${{ github.run_number }}
154+
155+
- name: Upload reports
156+
uses: actions/upload-artifact@v7
157+
with:
158+
name: audit-reports-${{ github.run_number }}
159+
path: output/
160+
retention-days: 90

.github/workflows/ci.yml

Lines changed: 41 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,41 @@
1+
name: CI
2+
on:
3+
push:
4+
branches: [main]
5+
paths-ignore:
6+
- "*.md"
7+
- "docs/**"
8+
- ".github/workflows/README.md"
9+
pull_request:
10+
branches: [main]
11+
paths-ignore:
12+
- "*.md"
13+
- "docs/**"
14+
- ".github/workflows/README.md"
15+
16+
concurrency:
17+
group: ${{ github.workflow }}-${{ github.ref }}
18+
cancel-in-progress: true
19+
20+
jobs:
21+
test:
22+
runs-on: ubuntu-latest
23+
strategy:
24+
matrix:
25+
python-version: ["3.11"]
26+
steps:
27+
- uses: actions/checkout@v6
28+
- name: Set up Python ${{ matrix.python-version }}
29+
uses: actions/setup-python@v6
30+
with:
31+
python-version: ${{ matrix.python-version }}
32+
- name: Install dependencies
33+
run: |
34+
python -m pip install --upgrade pip
35+
pip install -e ".[dev,serve,semantic]"
36+
- name: Run tests
37+
run: python -m pytest tests/ -v --tb=short
38+
- name: Lint with ruff
39+
run: ruff check src/ tests/
40+
- name: Type-check operator trend seams
41+
run: python -m mypy src/operator_resolution_trend.py src/operator_trend_support.py src/operator_trend_pending_text.py src/operator_trend_pending_debt.py src/operator_trend_transition_closure.py src/operator_trend_closure_forecast_events.py src/operator_trend_closure_forecast_history.py src/operator_trend_closure_forecast_reweighting.py src/operator_trend_closure_forecast_freshness.py src/operator_trend_closure_forecast_reacquisition.py src/operator_trend_closure_forecast_reacquisition_freshness.py src/operator_trend_closure_forecast_reset_refresh.py src/operator_trend_closure_forecast_reset_reentry_freshness.py src/operator_trend_closure_forecast_reset_reentry_rebuild.py src/operator_trend_closure_forecast_reset_reentry_rebuild_persistence.py src/operator_trend_closure_forecast_reset_reentry_rebuild_freshness.py src/operator_trend_closure_forecast_reset_reentry_rebuild_reentry_restore.py src/operator_trend_closure_forecast_reset_reentry_rebuild_reentry_restore_rererestore_freshness.py src/operator_trend_closure_forecast_reset_reentry_rebuild_reentry_restore_rererestore_persistence.py src/operator_trend_closure_forecast_reset_reentry_rebuild_reentry_restore_rerererestore_persistence.py src/operator_trend_closure_forecast_reset_reentry_rebuild_reentry_restore_rerererestore_recovery.py src/operator_trend_decision_memory.py src/operator_trend_recommendation_drift.py src/operator_trend_confidence_calibration.py src/operator_trend_trust_policy_history.py src/operator_trend_exception_recovery.py src/operator_trend_class_transitions.py src/operator_trend_run_context.py src/operator_trend_summary_context.py src/operator_trend_apply_chain.py src/operator_trend_topline_payload.py

.github/workflows/release.yml

Lines changed: 54 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,54 @@
1+
name: Release
2+
3+
on:
4+
push:
5+
tags:
6+
- "v*"
7+
8+
permissions:
9+
contents: write # required for softprops/action-gh-release
10+
11+
jobs:
12+
build-and-release:
13+
name: Build dist artifacts and create GitHub Release
14+
runs-on: ubuntu-latest
15+
16+
steps:
17+
- name: Checkout
18+
uses: actions/checkout@v4
19+
with:
20+
fetch-depth: 0 # full history so pip can detect installed version
21+
22+
- name: Set up Python
23+
uses: actions/setup-python@v5
24+
with:
25+
python-version: "3.11"
26+
27+
- name: Install build tools
28+
run: pip install build twine shiv
29+
30+
- name: Build wheel and sdist
31+
run: python -m build
32+
33+
- name: Twine check
34+
run: python -m twine check dist/*
35+
36+
- name: Install package for shiv bundling
37+
run: pip install -e ".[config]"
38+
39+
- name: Build shiv binary
40+
run: |
41+
shiv -c audit -o dist/audit.pyz . --python "/usr/bin/env python3"
42+
chmod +x dist/audit.pyz
43+
44+
- name: List dist artifacts
45+
run: ls -lh dist/
46+
47+
- name: Create GitHub Release
48+
uses: softprops/action-gh-release@v2
49+
with:
50+
files: |
51+
dist/*.whl
52+
dist/*.tar.gz
53+
dist/audit.pyz
54+
generate_release_notes: true

0 commit comments

Comments
 (0)