Skip to content

[codex] Add policy JSON example artifact#51

Merged
stacknil merged 1 commit intomainfrom
codex/add-policy-json-example
May 10, 2026
Merged

[codex] Add policy JSON example artifact#51
stacknil merged 1 commit intomainfrom
codex/add-policy-json-example

Conversation

@stacknil
Copy link
Copy Markdown
Owner

@stacknil stacknil commented May 10, 2026

Brief Design Summary

This PR adds a checked-in --policy-json example artifact for sbom-diff-and-risk.

examples/sample-policy.json is generated from the existing CycloneDX example pair with examples/policy-strict.yml. It shows the standalone policy sidecar shape: policy evaluation metadata, policy finding lists, rule_catalog, and summary.policy, without duplicating full report components or risks.

The sample is locked by a golden test that compares render_policy_json(report) against the checked-in artifact and confirms it matches the corresponding policy sections in sample-policy-fail-report.json.

Files Changed

  • tools/sbom-diff-and-risk/examples/sample-policy.json
  • tools/sbom-diff-and-risk/tests/test_reports.py
  • tools/sbom-diff-and-risk/README.md
  • tools/sbom-diff-and-risk/docs/report-schema.md
  • tools/sbom-diff-and-risk/docs/policy-decision-ci-cookbook.md

Tests Added/Updated

  • Added a policy sidecar golden test for sample-policy.json.
  • The test also verifies the sidecar equals the policy-related sections of the matching full policy-fail report.

Validation

cd tools/sbom-diff-and-risk
python -m pytest tests/test_reports.py tests/test_cli_policy_json.py
python -m pytest
python -m build
$files = Get-ChildItem dist -File | ForEach-Object { $_.FullName }
python -m twine check $files
git diff --check

Results:

  • focused tests: 22 passed
  • full test suite: 162 passed
  • build produced sbom_diff_and_risk-0.8.0.tar.gz and sbom_diff_and_risk-0.8.0-py3-none-any.whl
  • twine check passed for wheel and sdist
  • git diff --check passed
  • checked touched files for Unicode Cf/Cc control or format characters; no non-tab/newline matches found
  • confirmed relative link targets exist
  • package version remains 0.8.0
  • no workflow files changed

Out of Scope

  • No runtime behavior changes
  • No CLI flag changes
  • No JSON schema changes beyond the checked-in example artifact
  • No workflow changes
  • No package version bump
  • No tag or GitHub Release
  • No PyPI/TestPyPI publishing
  • No production PyPI workflow

@stacknil stacknil merged commit 7c42ba4 into main May 10, 2026
5 checks passed
@stacknil stacknil deleted the codex/add-policy-json-example branch May 10, 2026 01:03
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@stacknil