Skip to content

Skip fenced-code blocks in report validator and add Omni-Sentinel runbook docs#143

Merged
OneFineStarstuff merged 3 commits into
mainfrom
codex/maintain-devsecops-governance-roadmap
Jul 6, 2026
Merged

Skip fenced-code blocks in report validator and add Omni-Sentinel runbook docs#143
OneFineStarstuff merged 3 commits into
mainfrom
codex/maintain-devsecops-governance-roadmap

Conversation

@OneFineStarstuff

@OneFineStarstuff OneFineStarstuff commented Jul 6, 2026

Copy link
Copy Markdown
Owner

Motivation

  • Governance report validator should not treat example XML/markdown inside fenced code blocks as document-level wrapper tags or required headings.
  • Add daily operational runbook and regulator-ready report templates to the governance playbooks to capture OmnI-Sentinel DevSecOps controls and evidence patterns.

Description

  • Add markdown_without_fenced_code_blocks to tools/validate_governance_reports.py and update validate_file to run structural checks against the fence-stripped text so wrapper tags and headings inside fenced examples are ignored.
  • Extend tool_tests/test_validate_governance_reports.py with tests covering fenced-code fence variants, ignoring wrapper tags inside examples, and ensuring headings inside fences do not count toward required headings.
  • Add substantial content to three governance reports: docs/reports/ENGINEERING_IMPLEMENTATION_PLAYBOOK_AI_GOVERNANCE_2026_2030.md (Omni-Sentinel daily DevSecOps checks and runbook), docs/reports/INSTITUTIONAL_GRADE_AGI_ASI_GOVERNANCE_2026_2030.md (extension roadmap, reference architecture, ZK compliance model), and docs/reports/REGULATOR_EXAM_PACK_AI_GOVERNANCE_2026_2030.md (regulator-ready technical report structures and templates).

Testing

  • Ran the unit test suite with python3 -m unittest discover tool_tests, exercising the new test_markdown_without_fenced_code_blocks, test_validate_file_ignores_wrapper_tags_inside_fenced_code_blocks, and test_validate_file_does_not_accept_required_headings_inside_fenced_code_blocks tests, and all tests passed.
  • The updated validator has been exercised by the new tests to confirm it no longer miscounts tags and headings contained inside fenced code examples.

Codex Task

Summary by Sourcery

Adjust governance report validation to ignore XML tags and headings inside fenced code blocks and expand Omni-Sentinel governance documentation with operational and regulator-ready templates.

New Features:

  • Add a helper to strip fenced code blocks from governance report Markdown before structural validation.
  • Introduce new regulator-ready technical report and proof templates for Omni-Sentinel DevSecOps, systemic-risk proofs, and containment simulations.
  • Add detailed Omni-Sentinel daily DevSecOps runbook content and long-term ZK compliance roadmap and reference architecture to governance reports.

Enhancements:

  • Update governance report validation logic to base structural checks on fence-stripped Markdown instead of raw text.

Tests:

  • Extend governance report validator tests to cover fenced-code block variants and ensure wrapper tags and required headings inside fenced examples are ignored.

Summary by CodeRabbit

  • New Features

    • Added new governance and regulator-facing report templates for daily operational checks, compliance proofs, and containment simulation dossiers.
    • Expanded documentation with longer-term governance, assurance, and compliance guidance, including status tracking and evidence requirements.
  • Bug Fixes

    • Improved report validation so content inside fenced code blocks no longer triggers false positives or falsely satisfies required headings.
    • Strengthened handling of Markdown fence variants for more reliable document checks.

@vercel

vercel Bot commented Jul 6, 2026

Copy link
Copy Markdown

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Actions Updated (UTC)
v0-one-fine-starstuff-github-io Ready Ready Preview, Comment, Open in v0 Jul 6, 2026 10:47am

@code-genius-code-coverage

Copy link
Copy Markdown

The files' contents are under analysis for test generation.

@semanticdiff-com

semanticdiff-com Bot commented Jul 6, 2026

Copy link
Copy Markdown

Review changes with  SemanticDiff

Changed Files
File Status
  docs/reports/ENGINEERING_IMPLEMENTATION_PLAYBOOK_AI_GOVERNANCE_2026_2030.md Unsupported file format
  docs/reports/INSTITUTIONAL_GRADE_AGI_ASI_GOVERNANCE_2026_2030.md Unsupported file format
  docs/reports/REGULATOR_EXAM_PACK_AI_GOVERNANCE_2026_2030.md Unsupported file format
  tool_tests/test_validate_governance_reports.py  0% smaller
  tools/validate_governance_reports.py  0% smaller

@gitnotebooks

gitnotebooks Bot commented Jul 6, 2026

Copy link
Copy Markdown

@chatgpt-codex-connector

Copy link
Copy Markdown

You have reached your Codex usage limits for code reviews. You can see your limits in the Codex usage dashboard.

@difflens

difflens Bot commented Jul 6, 2026

Copy link
Copy Markdown

View changes in DiffLens

@sourcery-ai

sourcery-ai Bot commented Jul 6, 2026

Copy link
Copy Markdown

Reviewer's Guide

Validator now strips fenced code blocks before running structural checks, ensuring example XML/markdown doesn’t affect required tags/headings, and governance reports gain new Omni-Sentinel operational and regulator-ready ZK compliance content and templates.

Flow diagram for governance report validation with fenced-code stripping

flowchart TD
  A[validate_file path required_headings] --> B[Path.exists]
  B -->|missing| C[return missing file error]
  B -->|exists| D[Path.read_text]
  D --> E[markdown_without_fenced_code_blocks text]
  E --> F[check REQUIRED_TAGS in structural_text]
  F --> G[count title abstract content tags in structural_text]
  G --> H[validate <title> length in structural_text]
  H --> I[check required_headings present in structural_text]
  I --> J[return errors]
Loading

File-Level Changes

Change Details Files
Strip fenced code blocks from markdown before governance-report structural validation so examples do not affect tag or heading checks.
  • Introduce markdown_without_fenced_code_blocks helper that scans CommonMark-style backtick/tilde fences with optional indentation and info strings.
  • Track fence state (character and length) to skip all lines inside fences until a matching-length or longer closer is seen.
  • Update validate_file to derive structural_text from fence-stripped markdown and use it for required tag counts, block cardinality checks, and required heading presence.
tools/validate_governance_reports.py
Add unit tests to cover fenced-code handling and validator behavior with wrapper tags and headings inside examples.
  • Import markdown_without_fenced_code_blocks into the test module.
  • Test that markdown_without_fenced_code_blocks preserves non-fenced text while removing fenced content across mixed backtick/tilde fences and non-closer lines.
  • Verify validate_file ignores wrapper tags placed inside fenced code blocks while still accepting otherwise valid documents.
  • Verify validate_file does not treat required headings inside fenced code blocks as satisfying heading requirements.
tool_tests/test_validate_governance_reports.py
Extend governance documentation with Omni-Sentinel daily DevSecOps runbook details, systemic-risk ZK compliance roadmap and architecture, and regulator-ready report structures and templates.
  • Add a Daily DevSecOps operational checks section with evidence sources, thresholds, status template, deviation triage rules, and command/API transcript patterns for Omni-Sentinel.
  • Document a 2031–2035 extension roadmap plus reference architecture, safety/containment invariants, and ZK-proof compliance model for systemic risk and control assertions.
  • Provide regulator-ready XML report skeletons for daily attestation, G-SRI ZK proof packs, and Red Dawn containment simulation dossiers.
docs/reports/ENGINEERING_IMPLEMENTATION_PLAYBOOK_AI_GOVERNANCE_2026_2030.md
docs/reports/INSTITUTIONAL_GRADE_AGI_ASI_GOVERNANCE_2026_2030.md
docs/reports/REGULATOR_EXAM_PACK_AI_GOVERNANCE_2026_2030.md

Tips and commands

Interacting with Sourcery

  • Trigger a new review: Comment @sourcery-ai review on the pull request.
  • Continue discussions: Reply directly to Sourcery's review comments.
  • Generate a GitHub issue from a review comment: Ask Sourcery to create an
    issue from a review comment by replying to it. You can also reply to a
    review comment with @sourcery-ai issue to create an issue from it.
  • Generate a pull request title: Write @sourcery-ai anywhere in the pull
    request title to generate a title at any time. You can also comment
    @sourcery-ai title on the pull request to (re-)generate the title at any time.
  • Generate a pull request summary: Write @sourcery-ai summary anywhere in
    the pull request body to generate a PR summary at any time exactly where you
    want it. You can also comment @sourcery-ai summary on the pull request to
    (re-)generate the summary at any time.
  • Generate reviewer's guide: Comment @sourcery-ai guide on the pull
    request to (re-)generate the reviewer's guide at any time.
  • Resolve all Sourcery comments: Comment @sourcery-ai resolve on the
    pull request to resolve all Sourcery comments. Useful if you've already
    addressed all the comments and don't want to see them anymore.
  • Dismiss all Sourcery reviews: Comment @sourcery-ai dismiss on the pull
    request to dismiss all existing Sourcery reviews. Especially useful if you
    want to start fresh with a new review - don't forget to comment
    @sourcery-ai review to trigger a new review!

Customizing Your Experience

Access your dashboard to:

  • Enable or disable review features such as the Sourcery-generated pull request
    summary, the reviewer's guide, and others.
  • Change the review language.
  • Add, remove or edit custom review instructions.
  • Adjust other review settings.

Getting Help

@deepsource-io

deepsource-io Bot commented Jul 6, 2026

Copy link
Copy Markdown

DeepSource Code Review

We reviewed changes in 3110c11...b7865f7 on this pull request. Below is the summary for the review, and you can see the individual issues we found as inline review comments.

See full review on DeepSource ↗

PR Report Card

Overall Grade   Security  

Reliability  

Complexity  

Hygiene  

Code Review Summary

Analyzer Status Updated (UTC) Details
Python Jul 6, 2026 10:47a.m. Review ↗
JavaScript Jul 6, 2026 10:47a.m. Review ↗
Shell Jul 6, 2026 10:47a.m. Review ↗

Important

AI Review is run only on demand for your team. We're only showing results of static analysis review right now. To trigger AI Review, comment @deepsourcebot review on this thread.

@difflens

difflens Bot commented Jul 6, 2026

Copy link
Copy Markdown

View changes in DiffLens

@github-actions github-actions Bot added documentation Improvements or additions to documentation python Pull requests that update python code labels Jul 6, 2026
@coderabbitai

coderabbitai Bot commented Jul 6, 2026

Copy link
Copy Markdown
Contributor

Review Change Stack

📝 Walkthrough

Walkthrough

This PR expands three governance documentation reports with new sections (daily operational checks runbook, 2031-2035 extension roadmap/ZK compliance model, and regulator-ready XML report templates), and updates the report validator tool to strip fenced Markdown code blocks before checking required tags/headings, with accompanying unit tests.

Changes

Governance Documentation Additions

Layer / File(s) Summary
Daily DevSecOps operational checks
docs/reports/ENGINEERING_IMPLEMENTATION_PLAYBOOK_AI_GOVERNANCE_2026_2030.md
Adds a runbook section with evidence/threshold matrix, XML status template, deviation triage rules, and command/API transcript patterns.
Extension roadmap and ZK compliance model
docs/reports/INSTITUTIONAL_GRADE_AGI_ASI_GOVERNANCE_2026_2030.md
Adds a 2031–2035 roadmap table, reference architecture, core design requirements, formal safety invariants, and a ZK-proof compliance model.
Regulator-ready report templates
docs/reports/REGULATOR_EXAM_PACK_AI_GOVERNANCE_2026_2030.md
Adds a new section and three XML report templates for daily attestation, G-SRI ZK compliance proof, and Red Dawn simulation dossier.

Fenced-Code-Aware Validation Tool

Layer / File(s) Summary
Fenced code stripping and validation wiring
tools/validate_governance_reports.py
Adds markdown_without_fenced_code_blocks() and updates validate_file() to check tags/headings against fenced-code-stripped text.
Unit tests for fence-aware validation
tool_tests/test_validate_governance_reports.py
Adds tests confirming fenced regions are stripped and wrapper tags/headings inside fences are ignored during validation.

Estimated code review effort: 2 (Simple) | ~15 minutes

Suggested labels: size/XL

Suggested reviewers: gstraccini

🚥 Pre-merge checks | ✅ 5
✅ Passed checks (5 passed)
Check name Status Explanation
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Title check ✅ Passed The title clearly reflects the validator change and the added Omni-Sentinel documentation.
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.
✨ Finishing Touches
📝 Generate docstrings
  • Create stacked PR
  • Commit on current branch
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch codex/maintain-devsecops-governance-roadmap

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands.

@sourcery-ai sourcery-ai Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hey - I've left some high level feedback:

  • In markdown_without_fenced_code_blocks, if a fenced block is never closed the function currently drops the rest of the file, which could cause required tags/headings to be missed; consider treating EOF as an implicit fence closer so non-fenced content after a malformed block is preserved.
  • Inside markdown_without_fenced_code_blocks, the closing-fence regex is rebuilt on every line while in_fence is true; you could precompute it once when the opener is matched to avoid repeated string interpolation and compilation in the hot path.
Prompt for AI Agents
Please address the comments from this code review:

## Overall Comments
- In `markdown_without_fenced_code_blocks`, if a fenced block is never closed the function currently drops the rest of the file, which could cause required tags/headings to be missed; consider treating EOF as an implicit fence closer so non-fenced content after a malformed block is preserved.
- Inside `markdown_without_fenced_code_blocks`, the closing-fence regex is rebuilt on every line while `in_fence` is true; you could precompute it once when the opener is matched to avoid repeated string interpolation and compilation in the hot path.

Fix all in Cursor


Sourcery is free for open source - if you like our reviews please consider sharing them ✨
Help me be more useful! Please click 👍 or 👎 on each comment and I'll use the feedback to improve your reviews.

@codacy-production

Copy link
Copy Markdown

Not up to standards ⛔

🔴 Issues 44 minor

Alerts:
⚠ 44 issues (≤ 0 issues of at least minor severity)

Results:
44 new issues

Category Results
Documentation 4 minor
CodeStyle 40 minor

View in Codacy

🟢 Metrics 4 complexity · 0 duplication

Metric Results
Complexity 4
Duplication 0

View in Codacy

NEW Get contextual insights on your PRs based on Codacy's metrics, along with PR and Jira context, without leaving GitHub. Enable AI reviewer
TIP This summary will be updated as you push new changes.

@charliecreates charliecreates Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Blocking feedback

  1. Fenced-block closing currently fails on CRLF line endings, so the validator can treat the first fence as unclosed and drop the rest of the document from structural checks — tools/validate_governance_reports.py#L67 · inline thread

If you want me to apply a fix, reply with the item number (for example: please fix 1).

Comment thread tools/validate_governance_reports.py
@netlify

netlify Bot commented Jul 6, 2026

Copy link
Copy Markdown

Deploy Preview for onefinestarstuff canceled.

Name Link
🔨 Latest commit b7865f7
🔍 Latest deploy log https://app.netlify.com/projects/onefinestarstuff/deploys/6a4b87bd7579260008f0dfca

@difflens

difflens Bot commented Jul 6, 2026

Copy link
Copy Markdown

View changes in DiffLens

@difflens

difflens Bot commented Jul 6, 2026

Copy link
Copy Markdown

View changes in DiffLens

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@docs/reports/REGULATOR_EXAM_PACK_AI_GOVERNANCE_2026_2030.md`:
- Around line 53-97: The three XML templates in the report structure need the
mandatory metadata envelope that the section requires. Update each template
title/abstract/content block to include fields for immutable evidence URIs,
signer identity, control owner, regulator profile, and OSCAL control mapping so
generated submissions from these templates are compliant. Use the existing
template identifiers like Daily Omni-Sentinel DevSecOps and Containment
Attestation, G-SRI Privacy-Preserving Systemic Risk Compliance Proof, and Red
Dawn AGI/ASI Containment Simulation Technical Dossier to keep the metadata
consistent across all report types.
🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

  • Push a commit to this branch (recommended)
  • Create a new PR with the fixes

ℹ️ Review info
⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 80e70ec3-f381-4f80-bd70-3f5ddaae10ee

📥 Commits

Reviewing files that changed from the base of the PR and between 835ef34 and c8409b4.

📒 Files selected for processing (5)
  • docs/reports/ENGINEERING_IMPLEMENTATION_PLAYBOOK_AI_GOVERNANCE_2026_2030.md
  • docs/reports/INSTITUTIONAL_GRADE_AGI_ASI_GOVERNANCE_2026_2030.md
  • docs/reports/REGULATOR_EXAM_PACK_AI_GOVERNANCE_2026_2030.md
  • tool_tests/test_validate_governance_reports.py
  • tools/validate_governance_reports.py

Comment thread docs/reports/REGULATOR_EXAM_PACK_AI_GOVERNANCE_2026_2030.md
@difflens

difflens Bot commented Jul 6, 2026

Copy link
Copy Markdown

View changes in DiffLens

@OneFineStarstuff OneFineStarstuff merged commit a8c9a19 into main Jul 6, 2026
46 of 58 checks passed
@OneFineStarstuff OneFineStarstuff deleted the codex/maintain-devsecops-governance-roadmap branch July 6, 2026 19:23
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

codex documentation Improvements or additions to documentation python Pull requests that update python code size/L

Development

Successfully merging this pull request may close these issues.

3 participants