@neurcode/action 0.2.1 → 0.2.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +9 -3
- package/action.yml +36 -4
- package/dist/index.js +618 -9
- package/dist/index.js.map +1 -1
- package/dist/runtime-compat.js +125 -0
- package/dist/runtime-compat.js.map +1 -0
- package/dist/verify-mode.js +15 -0
- package/dist/verify-mode.js.map +1 -1
- package/package.json +9 -8
- package/src/index.ts +400 -9
- package/src/runtime-compat.ts +201 -0
- package/src/verify-mode.ts +32 -0
- package/tests/reliability-contract.test.ts +136 -0
- package/LICENSE +0 -201
package/README.md
CHANGED
|
@@ -30,7 +30,8 @@ jobs:
|
|
|
30
30
|
base_ref: 'HEAD~1'
|
|
31
31
|
threshold: 'C'
|
|
32
32
|
record: 'true'
|
|
33
|
-
|
|
33
|
+
enterprise_mode: 'true'
|
|
34
|
+
verify_policy_only: 'false'
|
|
34
35
|
changed_files_only: 'true'
|
|
35
36
|
auto_remediate: 'true'
|
|
36
37
|
remediation_commit: 'false'
|
|
@@ -47,9 +48,11 @@ jobs:
|
|
|
47
48
|
| `base_ref` | Override verify base ref (`origin/main`, `HEAD~1`, etc.) | `''` |
|
|
48
49
|
| `record` | Record verification to Neurcode cloud | `true` |
|
|
49
50
|
| `threshold` | Minimum acceptable grade (`A`/`B`/`C`/`D`/`F`) | `C` |
|
|
51
|
+
| `enterprise_mode` | Auto-enable enterprise-safe verify defaults unless explicitly overridden | `true` |
|
|
50
52
|
| `verify_policy_only` | Run `neurcode verify --policy-only` | `false` |
|
|
51
53
|
| `changed_files_only` | Enforce only violations from changed files in this PR/base diff | `false` |
|
|
52
|
-
| `
|
|
54
|
+
| `enforce_change_contract` | Treat contract drift as hard fail; set `true`/`false` to override enterprise auto mode | `''` (auto) |
|
|
55
|
+
| `enforce_strict_verification` | Treat tier-limited `INFO` as failure; set `true`/`false` to override enterprise auto mode | `''` (auto) |
|
|
53
56
|
| `auto_remediate` | Run `neurcode ship` when verify fails | `false` |
|
|
54
57
|
| `remediation_commit` | Create remediation commit on success | `false` |
|
|
55
58
|
| `remediation_push` | Push remediation commit to PR branch | `false` |
|
|
@@ -80,7 +83,10 @@ See `action.yml` for full advanced inputs (timeouts, retries, CLI source/version
|
|
|
80
83
|
|
|
81
84
|
## Safety Defaults
|
|
82
85
|
|
|
83
|
-
-
|
|
86
|
+
- Keep `enterprise_mode: true` for deterministic enforcement defaults in CI.
|
|
87
|
+
- In enterprise auto mode, change-contract hard-fail is enabled for plan-aware runs and relaxed for policy-only fallback runs.
|
|
88
|
+
- Use `verify_policy_only: true` only for intentional policy-only governance runs.
|
|
89
|
+
- The action detects `neurcode verify --help` capabilities and gracefully drops unsupported verify flags for older pinned CLI versions.
|
|
84
90
|
- Without explicit `plan_id`, the action runs plan-aware mode first and automatically retries in policy-only mode only when the verify failure is strictly "missing plan context".
|
|
85
91
|
- Use `changed_files_only: true` to avoid blocking on historical repository debt.
|
|
86
92
|
- Use `base_ref: HEAD~1` for incremental adoption on long-lived branches with legacy violations.
|
package/action.yml
CHANGED
|
@@ -62,10 +62,26 @@ inputs:
|
|
|
62
62
|
description: 'Timeout for neurcode verify command in minutes (Linux/macOS runners)'
|
|
63
63
|
required: false
|
|
64
64
|
default: '8'
|
|
65
|
+
enforce_compatibility_handshake:
|
|
66
|
+
description: 'Fail fast when CLI/Action/API runtime compatibility contract handshake fails'
|
|
67
|
+
required: false
|
|
68
|
+
default: 'true'
|
|
69
|
+
require_api_compatibility_handshake:
|
|
70
|
+
description: 'Require API health endpoint to publish compatibility metadata when API URL is configured'
|
|
71
|
+
required: false
|
|
72
|
+
default: 'true'
|
|
73
|
+
compatibility_probe_timeout_minutes:
|
|
74
|
+
description: 'Timeout for compat probes (CLI compat command and API health) in minutes'
|
|
75
|
+
required: false
|
|
76
|
+
default: '2'
|
|
65
77
|
verify_policy_only:
|
|
66
78
|
description: 'Run neurcode verify in policy-only mode (skip plan/scope enforcement)'
|
|
67
79
|
required: false
|
|
68
80
|
default: 'false'
|
|
81
|
+
enterprise_mode:
|
|
82
|
+
description: 'Enable enterprise-safe defaults (auto-enable strict verify + change-contract enforcement unless explicitly overridden)'
|
|
83
|
+
required: false
|
|
84
|
+
default: 'true'
|
|
69
85
|
compiled_policy_path:
|
|
70
86
|
description: 'Compiled policy artifact path passed to neurcode verify'
|
|
71
87
|
required: false
|
|
@@ -75,9 +91,9 @@ inputs:
|
|
|
75
91
|
required: false
|
|
76
92
|
default: '.neurcode/change-contract.json'
|
|
77
93
|
enforce_change_contract:
|
|
78
|
-
description: 'Treat change contract drift as hard verification failure'
|
|
94
|
+
description: 'Treat change contract drift as hard verification failure (set true/false to override enterprise auto behavior)'
|
|
79
95
|
required: false
|
|
80
|
-
default: '
|
|
96
|
+
default: ''
|
|
81
97
|
changed_files_only:
|
|
82
98
|
description: 'Only enforce violations detected in files changed by this PR/base diff'
|
|
83
99
|
required: false
|
|
@@ -87,9 +103,9 @@ inputs:
|
|
|
87
103
|
required: false
|
|
88
104
|
default: 'true'
|
|
89
105
|
enforce_strict_verification:
|
|
90
|
-
description: 'Treat tier-limited INFO verification results as failure (enterprise
|
|
106
|
+
description: 'Treat tier-limited INFO verification results as failure (set true/false to override enterprise auto behavior)'
|
|
91
107
|
required: false
|
|
92
|
-
default: '
|
|
108
|
+
default: ''
|
|
93
109
|
auto_remediate:
|
|
94
110
|
description: 'When verify fails, run neurcode ship auto-remediation flow'
|
|
95
111
|
required: false
|
|
@@ -172,12 +188,28 @@ inputs:
|
|
|
172
188
|
default: 'neurcode-bot@users.noreply.github.com'
|
|
173
189
|
|
|
174
190
|
outputs:
|
|
191
|
+
compatibility_handshake:
|
|
192
|
+
description: 'compatibility handshake status (passed|skipped)'
|
|
193
|
+
compatibility_contract_version:
|
|
194
|
+
description: 'runtime compatibility contract version enforced by this action'
|
|
195
|
+
compatibility_action_version:
|
|
196
|
+
description: 'resolved action version used in compatibility checks'
|
|
197
|
+
compatibility_cli_version:
|
|
198
|
+
description: 'resolved CLI version from neurcode compat handshake'
|
|
199
|
+
compatibility_api_version:
|
|
200
|
+
description: 'resolved API version from health compatibility payload'
|
|
175
201
|
verdict:
|
|
176
202
|
description: 'neurcode verify verdict'
|
|
177
203
|
verify_mode:
|
|
178
204
|
description: 'verification mode used by action (plan_aware|plan_enforced_explicit|policy_only|policy_only_fallback)'
|
|
179
205
|
policy_only_fallback_used:
|
|
180
206
|
description: 'true when action retried verify in policy-only mode due to missing plan context'
|
|
207
|
+
enterprise_mode_active:
|
|
208
|
+
description: 'true when enterprise_mode was enabled for this run'
|
|
209
|
+
enterprise_enforced_change_contract:
|
|
210
|
+
description: 'effective enforce_change_contract value after enterprise defaults were applied'
|
|
211
|
+
enterprise_enforced_strict_verification:
|
|
212
|
+
description: 'effective enforce_strict_verification value after enterprise defaults were applied'
|
|
181
213
|
grade:
|
|
182
214
|
description: 'neurcode verify grade'
|
|
183
215
|
score:
|