Skip to content

feat(sbom): version input and policy contracts#109

Merged
stacknil merged 1 commit into
mainfrom
codex/v1.1-input-policy-semantics
Jul 5, 2026
Merged

feat(sbom): version input and policy contracts#109
stacknil merged 1 commit into
mainfrom
codex/v1.1-input-policy-semantics

Conversation

@stacknil

@stacknil stacknil commented Jul 5, 2026

Copy link
Copy Markdown
Owner

Summary

  • document the real CycloneDX, SPDX, requirements, and pyproject parser subsets
  • add explicit policy/report schema identifiers with v1.0 policy compatibility
  • emit matched rule, exact evidence, decision reason, and confidence on policy findings
  • add report schema compatibility coverage across local, provenance, and Scorecard fixtures
  • fix the v1.1 component identity route while keeping the tool in the monorepo

Validation

  • python -m pytest (200 passed)
  • python scripts/regenerate-example-artifacts.py --check
  • python scripts/validate-reviewer-routes.py
  • git diff --check

Boundaries

  • no repository split
  • no production PyPI publication
  • component identity diagnostics remain the next implementation slice

@stacknil stacknil merged commit a398052 into main Jul 5, 2026
11 checks passed
@stacknil stacknil deleted the codex/v1.1-input-policy-semantics branch July 5, 2026 10:27
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant