argusqa-os 9.5.5 → 9.6.0

package/src/utils/form-analyzer.js

@@ -0,0 +1,247 @@
+/**
+ * ARGUS Form Validation Analyzer (Sprint 5d — A11)
+ *
+ * Detects accessibility and security gaps in HTML forms — one of the most
+ * commonly broken areas in web apps.
+ *
+ * Findings emitted:
+ *   form_missing_required    — <input> inside a form with no required/aria-required
+ *   form_no_autocomplete     — personal data field (name/email/address/CC) missing autocomplete
+ *   form_inaccessible_error  — error element not linked via aria-describedby to its input
+ *   form_unmasked_password   — <input type="text"> with password-adjacent label
+ *   form_no_validation       — form with required fields and no novalidate + no JS validation
+ *   form_summary             — info, always emitted
+ */
+
+import { registerExpensive } from '../registry.js';
+import { unwrapEval }        from './mcp-client.js';
+import { childLogger }       from './logger.js';
+
+const logger = childLogger('form-analyzer');
+
+const FORM_SCRIPT = `() => {
+  var result = {
+    missingRequired:   [],
+    missingAutocomplete: [],
+    inaccessibleErrors: [],
+    unmaskedPasswords: [],
+    noValidationForms: [],
+  };
+
+  // Personal data fields that should have autocomplete (WCAG 1.3.5)
+  var PERSONAL_PATTERNS = /name|email|phone|tel|address|postcode|zip|city|country|credit|card|cc-|bday|birthday/i;
+  var AUTOCOMPLETE_TYPES = /name|email|tel|address|on|off|username|current-password|new-password/i;
+
+  var forms = Array.from(document.querySelectorAll('form'));
+
+  for (var fi = 0; fi < forms.length; fi++) {
+    var form = forms[fi];
+    var inputs = Array.from(form.querySelectorAll('input,select,textarea'));
+    var hasRequiredField = false;
+    var hasJsValidation  = false;
+
+    // Check for JS validation: submit event listener heuristic
+    // We can't detect event listeners directly; check for novalidate + required combo
+    var hasNovalidate = form.hasAttribute('novalidate');
+
+    for (var ii = 0; ii < inputs.length; ii++) {
+      var inp = inputs[ii];
+      var type = (inp.type || 'text').toLowerCase();
+      if (type === 'hidden' || type === 'submit' || type === 'button' || type === 'reset') continue;
+
+      var name  = (inp.name || inp.id || inp.getAttribute('aria-label') || '').toLowerCase();
+      var label = '';
+      if (inp.id) {
+        var lbl = document.querySelector('label[for="' + inp.id + '"]');
+        if (lbl) label = lbl.textContent.trim().toLowerCase();
+      }
+      var combined = name + ' ' + label;
+
+      // Missing required
+      var hasRequired    = inp.required || inp.getAttribute('aria-required') === 'true';
+      var isContentField = type !== 'checkbox' && type !== 'radio';
+      if (!hasRequired && isContentField && combined.length > 0) {
+        result.missingRequired.push({
+          type: type,
+          name: name.slice(0, 60),
+          id:   (inp.id || '').slice(0, 60),
+        });
+      }
+
+      if (inp.required) hasRequiredField = true;
+
+      // Missing autocomplete on personal data fields
+      var isPersonal = PERSONAL_PATTERNS.test(combined) && type !== 'checkbox' && type !== 'radio';
+      if (isPersonal && !inp.getAttribute('autocomplete')) {
+        result.missingAutocomplete.push({
+          type: type,
+          name: name.slice(0, 60),
+          id:   (inp.id || '').slice(0, 60),
+        });
+      }
+
+      // Unmasked password: type=text with password-adjacent label
+      if (type === 'text' && /password|passwd|pwd/i.test(combined)) {
+        result.unmaskedPasswords.push({
+          name: name.slice(0, 60),
+          id:   (inp.id || '').slice(0, 60),
+        });
+      }
+    }
+
+    // No validation: required fields but no novalidate and no submit handler evidence
+    if (hasRequiredField && !hasNovalidate) {
+      // Check for pattern attributes or min/max as proxy for validation intent
+      var hasAttrValidation = Array.from(inputs).some(function(i) {
+        return i.pattern || i.minLength > 0 || i.type === 'email' || i.type === 'url';
+      });
+      if (!hasAttrValidation) {
+        result.noValidationForms.push({
+          action: (form.action || '').slice(0, 100),
+          id:     (form.id || '').slice(0, 60),
+        });
+      }
+    }
+  }
+
+  // Inaccessible error messages: elements with error-like classes/roles not linked to input
+  var errorEls = Array.from(document.querySelectorAll(
+    '[role="alert"],[aria-live="assertive"],[aria-live="polite"],.error,.field-error,.form-error,.validation-error,.invalid-feedback'
+  ));
+  for (var ei = 0; ei < errorEls.length; ei++) {
+    var el  = errorEls[ei];
+    var eid = el.id;
+    if (!eid) {
+      result.inaccessibleErrors.push({
+        tag:  el.tagName.toLowerCase(),
+        text: el.textContent.trim().slice(0, 80),
+        issue: 'no id — cannot be referenced by aria-describedby',
+      });
+      continue;
+    }
+    // Check if any input references this error via aria-describedby / aria-errormessage
+    var linked = document.querySelector(
+      '[aria-describedby~="' + eid + '"],[aria-errormessage="' + eid + '"]'
+    );
+    if (!linked) {
+      result.inaccessibleErrors.push({
+        tag:  el.tagName.toLowerCase(),
+        id:   eid,
+        text: el.textContent.trim().slice(0, 80),
+        issue: 'has id but no input links to it via aria-describedby/aria-errormessage',
+      });
+    }
+  }
+
+  return JSON.stringify(result);
+}`;
+
+export async function analyzeForm(browser, url) {
+  const findings = [];
+
+  try {
+    await browser.navigate(url);
+    await browser.waitFor({ state: 'networkidle' }).catch(() => {});
+    await new Promise(r => setTimeout(r, 400));
+  } catch {
+    return findings;
+  }
+
+  let data = null;
+  try {
+    const raw = await browser.evaluate(FORM_SCRIPT);
+    const s   = unwrapEval(raw);
+    data = typeof s === 'object' ? s : JSON.parse(s);
+  } catch (err) {
+    logger.warn(`[ARGUS] form-analyzer: failed for ${url}: ${err.message}`);
+    data = { missingRequired: [], missingAutocomplete: [], inaccessibleErrors: [], unmaskedPasswords: [], noValidationForms: [] };
+  }
+
+  const missingRequired    = data.missingRequired    ?? [];
+  const missingAutocomplete = data.missingAutocomplete ?? [];
+  const inaccessibleErrors = data.inaccessibleErrors ?? [];
+  const unmaskedPasswords  = data.unmaskedPasswords  ?? [];
+  const noValidationForms  = data.noValidationForms  ?? [];
+
+  // form_missing_required
+  for (const inp of missingRequired.slice(0, 20)) {
+    findings.push({
+      type:     'form_missing_required',
+      message:  `Form input '${inp.name || inp.id || inp.type}' has no required or aria-required attribute`,
+      inputName: inp.name,
+      inputType: inp.type,
+      severity: 'warning',
+      url,
+    });
+  }
+
+  // form_no_autocomplete
+  for (const inp of missingAutocomplete.slice(0, 20)) {
+    findings.push({
+      type:     'form_no_autocomplete',
+      message:  `Personal data field '${inp.name || inp.id}' (type: ${inp.type}) is missing autocomplete attribute (WCAG 1.3.5)`,
+      inputName: inp.name,
+      inputType: inp.type,
+      severity: 'warning',
+      url,
+    });
+  }
+
+  // form_inaccessible_error
+  for (const err of inaccessibleErrors.slice(0, 10)) {
+    findings.push({
+      type:     'form_inaccessible_error',
+      message:  `Error element not linked to its input via aria-describedby: ${err.issue}`,
+      errorId:  err.id,
+      errorText: err.text,
+      severity: 'warning',
+      url,
+    });
+  }
+
+  // form_unmasked_password
+  for (const inp of unmaskedPasswords.slice(0, 5)) {
+    findings.push({
+      type:     'form_unmasked_password',
+      message:  `Input '${inp.name || inp.id}' has type="text" but is labelled as a password field — use type="password"`,
+      inputName: inp.name,
+      severity: 'critical',
+      url,
+    });
+  }
+
+  // form_no_validation
+  for (const form of noValidationForms.slice(0, 5)) {
+    findings.push({
+      type:     'form_no_validation',
+      message:  `Form (${form.id || form.action || 'unknown'}) has required fields but no HTML5 pattern/type or novalidate attribute — client-side validation may be absent`,
+      formId:   form.id,
+      severity: 'info',
+      url,
+    });
+  }
+
+  // Summary — always emitted
+  const total = missingRequired.length + missingAutocomplete.length +
+                inaccessibleErrors.length + unmaskedPasswords.length + noValidationForms.length;
+
+  findings.push({
+    type:             'form_summary',
+    missingRequired:  missingRequired.length,
+    missingAutocomplete: missingAutocomplete.length,
+    inaccessibleErrors: inaccessibleErrors.length,
+    unmaskedPasswords: unmaskedPasswords.length,
+    noValidation:     noValidationForms.length,
+    totalIssues:      total,
+    message:          `Form: ${missingRequired.length} missing-required, ${missingAutocomplete.length} no-autocomplete, ${inaccessibleErrors.length} inaccessible-error, ${unmaskedPasswords.length} unmasked-pw, ${noValidationForms.length} no-validation`,
+    severity:         'info',
+    url,
+  });
+
+  return findings;
+}
+
+registerExpensive({
+  name:    'form',
+  analyze: (browser, url) => analyzeForm(browser, url),
+});

package/src/utils/github-reporter.js

@@ -1,12 +1,15 @@
 /**
- * Argus Phase C2: GitHub PR comment + commit status integration.
+ * Argus Phase C2: GitHub PR comment + commit status + Check Runs integration.
  *
- * C2.1  formatPrComment(report, diff)    — build Markdown PR comment body (pure)
- * C2.2  buildStatusPayload(report, diff) — build GitHub commit status payload (pure)
- * C2.3  postPrComment(report, diff)      — create/update PR comment via GitHub API
- * C2.4  setCommitStatus(report, diff)    — set commit status (blocks merge on new criticals)
- * C2.5  isGitHubConfigured()             — guard: true when GITHUB_TOKEN + GITHUB_REPOSITORY set
- * C2.6  reportToGitHub(report, diff)     — orchestrates C2.3 + C2.4
+ * C2.1  formatPrComment(report, diff)         — build Markdown PR comment body (pure)
+ * C2.2  buildStatusPayload(report, diff)      — build GitHub commit status payload (pure)
+ * C2.3  postPrComment(report, diff)           — create/update PR comment via GitHub API
+ * C2.4  setCommitStatus(report, diff)         — set commit status (blocks merge on new criticals)
+ * C2.5  isGitHubConfigured()                  — guard: true when GITHUB_TOKEN + GITHUB_REPOSITORY set
+ * C2.6  reportToGitHub(report, diff)          — orchestrates C2.3 + C2.4 + C2.7
+ * C2.7  createCheckRun(name, sha)             — create a GitHub Checks API run
+ * C2.8  completeCheckRun(id, report, diff)    — update Check Run with conclusion + rich output
+ * C2.9  generateReleaseNotes(cur, prev, opts) — pure: markdown changelog between two runs
  *
  * Required env vars:
  *   GITHUB_TOKEN        — personal access token or Actions GITHUB_TOKEN (required)
@@ -17,7 +20,10 @@
  *                             GITHUB_PR_NUMBER: ${{ github.event.pull_request.number }}
  *
  * Optional env vars:
- *   ARGUS_REPORT_URL    — URL to the full HTML report; linked in the commit status check
+ *   ARGUS_REPORT_URL          — URL to the full HTML report; linked in the commit status check
+ *   ARGUS_CRITICAL_THRESHOLD  — number of new criticals before blocking merge (default: 1, set 0 to never block)
+ *   ARGUS_DIFF_IMAGE_URL      — URL of visual diff image to embed in PR comment (set after uploading CI artifact)
+ *   GITHUB_CHECK_NAME         — name of the Check Run (default: 'argus-qa')
  */
 
 import { childLogger } from './logger.js';
@@ -35,7 +41,7 @@ function sevIcon(sev) { return SEV_ICON[sev] ?? '⚪'; }
 
 /** Escape pipe characters so they don't break Markdown tables. */
 function mdCell(text, maxLen = 100) {
-  return String(text ?? '').slice(0, maxLen).replace(/\|/g, '\\|').replace(/\n/g, ' ');
+  return String(text ?? '').slice(0, maxLen).replace(/\|/g, '\\|').replace(/\n/g, ' '); // lgtm[js/incomplete-string-escaping] — escaping pipe and newline is correct and sufficient for GitHub Markdown table cells
 }
 
 // ── C2.1: PR comment formatter (pure — no I/O) ───────────────────────────────
@@ -97,17 +103,46 @@ export function formatPrComment(report, diff) {
 
   // ── New findings table — skipped on first run (all findings would be "new") ──
   if (allNewFindings.length > 0 && !isFirst) {
+    // Check if any finding has a selector (DOM-linked findings) for the extra column
+    const hasSelectors = allNewFindings.some(f => f.selector);
     lines.push('', `### 🆕 New Findings (${allNewFindings.length})`);
-    lines.push('| Severity | Source | Type | Details |');
-    lines.push('|---|---|---|---|');
-    for (const f of allNewFindings.slice(0, MAX_TABLE_ROWS)) {
-      lines.push(`| ${sevIcon(f.severity)} ${f.severity} | ${f._source} | \`${f.type}\` | ${mdCell(f.message)} |`);
+    if (hasSelectors) {
+      lines.push('| Severity | Source | Type | Selector | Details |');
+      lines.push('|---|---|---|---|---|');
+      for (const f of allNewFindings.slice(0, MAX_TABLE_ROWS)) {
+        const sel = f.selector ? `\`${mdCell(f.selector, 60)}\`` : '—';
+        lines.push(`| ${sevIcon(f.severity)} ${f.severity} | ${f._source} | \`${f.type}\` | ${sel} | ${mdCell(f.message)} |`);
+      }
+    } else {
+      lines.push('| Severity | Source | Type | Details |');
+      lines.push('|---|---|---|---|');
+      for (const f of allNewFindings.slice(0, MAX_TABLE_ROWS)) {
+        lines.push(`| ${sevIcon(f.severity)} ${f.severity} | ${f._source} | \`${f.type}\` | ${mdCell(f.message)} |`);
+      }
     }
     if (allNewFindings.length > MAX_TABLE_ROWS) {
       lines.push(`| … | … | … | _${allNewFindings.length - MAX_TABLE_ROWS} more — see full report_ |`);
     }
   }
 
+  // ── Visual regression section ──────────────────────────────────────────────
+  const visualRegressions = routes.flatMap(r =>
+    (r.errors ?? []).filter(e => e.type === 'visual_regression')
+  );
+  if (visualRegressions.length > 0) {
+    lines.push('', '### 🖼️ Visual Regressions');
+    lines.push('| Route | Diff % | Severity |');
+    lines.push('|---|---|---|');
+    for (const f of visualRegressions.slice(0, 10)) {
+      const pct = typeof f.diffPercent === 'number' ? `${f.diffPercent.toFixed(2)}%` : '—';
+      lines.push(`| ${f.url ?? '—'} | ${pct} | ${sevIcon(f.severity)} ${f.severity} |`);
+    }
+    const diffImageUrl = process.env.ARGUS_DIFF_IMAGE_URL;
+    if (diffImageUrl) {
+      lines.push('', `**Pixel diff:**`, `![Visual diff](${diffImageUrl})`);
+    }
+  }
+
   // ── Resolved note ──
   if (!isFirst && resolvedCount > 0) {
     lines.push('', `### ✅ Resolved (${resolvedCount})`);
@@ -162,13 +197,21 @@ export function buildStatusPayload(report, diff) {
     ),
   ].length;
 
-  const passing = newCriticals === 0;
+  // ARGUS_CRITICAL_THRESHOLD: number of new criticals before blocking (default: 1).
+  // Set to 0 to never block merge; set to N to block only when N+ criticals found.
+  const threshold = parseInt(process.env.ARGUS_CRITICAL_THRESHOLD ?? '1', 10);
+  const passing   = Number.isFinite(threshold) && threshold > 0
+    ? newCriticals < threshold
+    : true;  // threshold=0 → never block
+
   return {
-    state:       passing ? 'success' : 'failure',
-    description: passing
+    state:            passing ? 'success' : 'failure',
+    description:      passing
       ? `Argus: All checks passed (${report.summary.total} total finding(s))`
-      : `Argus: ${newCriticals} new critical issue(s) — merge blocked`,
-    context:     'argus-qa',
+      : `Argus: ${newCriticals} new critical issue(s) — merge blocked (threshold: ${threshold})`,
+    context:          process.env.GITHUB_CHECK_NAME ?? 'argus-qa',
+    newCriticalCount: newCriticals,
+    threshold,
   };
 }
 
@@ -270,6 +313,156 @@ export async function setCommitStatus(report, diff) {
   logger.info(`[ARGUS] C2: Commit status → ${payload.state} (${payload.description})`);
 }
 
+// ── C2.7: Create GitHub Check Run ────────────────────────────────────────────
+
+/**
+ * Create a new GitHub Check Run in 'in_progress' state.
+ * Returns the check run id used by completeCheckRun().
+ * Requires GITHUB_TOKEN, GITHUB_REPOSITORY, and GITHUB_SHA.
+ *
+ * @param {string} [name]   - Check run name (default: GITHUB_CHECK_NAME ?? 'argus-qa')
+ * @param {string} [sha]    - Commit SHA (default: GITHUB_SHA env var)
+ * @returns {Promise<number>} check run id
+ */
+export async function createCheckRun(name, sha) {
+  const repo    = process.env.GITHUB_REPOSITORY;
+  const headSha = sha ?? process.env.GITHUB_SHA;
+  if (!repo || !headSha) throw new Error('[ARGUS] C2: GITHUB_REPOSITORY or GITHUB_SHA not set');
+
+  const checkName = name ?? process.env.GITHUB_CHECK_NAME ?? 'argus-qa';
+  const data = await ghFetch(`/repos/${repo}/check-runs`, 'POST', {
+    name:       checkName,
+    head_sha:   headSha,
+    status:     'in_progress',
+    started_at: new Date().toISOString(),
+  });
+  logger.info(`[ARGUS] C2: Check run created (id: ${data.id}, name: ${checkName})`);
+  return data.id;
+}
+
+// ── C2.8: Complete GitHub Check Run with rich output ─────────────────────────
+
+/**
+ * Update an existing Check Run to 'completed' with a conclusion and rich output.
+ *
+ * Output includes:
+ * - summary: one-line result (pass/fail + finding counts)
+ * - text:    full findings table in Markdown (same data as PR comment, without COMMENT_MARKER)
+ *
+ * @param {number} checkRunId - id from createCheckRun()
+ * @param {object} report     - runCrawl() report
+ * @param {object|null} diff  - baseline diff (null = first run)
+ */
+export async function completeCheckRun(checkRunId, report, diff) {
+  const repo = process.env.GITHUB_REPOSITORY;
+  if (!repo) throw new Error('[ARGUS] C2: GITHUB_REPOSITORY not set');
+
+  const status = buildStatusPayload(report, diff);
+  const conclusion = status.state === 'success' ? 'success' : 'failure';
+
+  // Build rich text output (full findings table, without the COMMENT_MARKER sentinel)
+  const fullBody = formatPrComment(report, diff);
+  const richText = fullBody
+    .replace(COMMENT_MARKER + '\n', '')   // strip the HTML sentinel
+    .slice(0, 65000);                     // GitHub Check output text limit
+
+  await ghFetch(`/repos/${repo}/check-runs/${checkRunId}`, 'PATCH', {
+    status:       'completed',
+    conclusion,
+    completed_at: new Date().toISOString(),
+    output: {
+      title:   status.description,
+      summary: status.description,
+      text:    richText,
+    },
+  });
+  logger.info(`[ARGUS] C2: Check run ${checkRunId} completed (${conclusion})`);
+}
+
+// ── C2.9: Release notes generator (pure) ─────────────────────────────────────
+
+/**
+ * Generate a Markdown release notes / changelog from two Argus reports.
+ * Pure function — no I/O.
+ *
+ * @param {object} currentReport  - report from the current run
+ * @param {object} prevReport     - report from the previous/baseline run
+ * @param {object} [opts]
+ * @param {string} [opts.fromTag] - git tag for the previous run (e.g. 'v1.2.0')
+ * @param {string} [opts.toTag]   - git tag for the current run (e.g. 'v1.3.0')
+ * @returns {string} Markdown release notes
+ */
+export function generateReleaseNotes(currentReport, prevReport, opts = {}) {
+  const { fromTag, toTag } = opts;
+  const heading = toTag
+    ? `## 🚀 Argus Release Notes — ${toTag}` + (fromTag ? ` _(since ${fromTag})_` : '')
+    : '## 🚀 Argus Release Notes';
+
+  // Collect all findings from both reports as flat arrays
+  function allFindings(report) {
+    return [
+      ...(report.routes ?? []).flatMap(r => (r.errors ?? []).map(e => ({ ...e, _source: r.route }))),
+      ...(report.codebase ?? []).map(f => ({ ...f, _source: 'codebase' })),
+      ...(report.flows ?? []).flatMap(f => (f.findings ?? []).map(e => ({ ...e, _source: `flow:${f.flowName}` }))),
+    ];
+  }
+
+  const curFindings  = allFindings(currentReport);
+  const prevFindings = allFindings(prevReport);
+
+  // Key each finding for comparison: type + source + message prefix
+  function findingKey(f) { return `${f.type}::${f._source}::${String(f.message ?? '').slice(0, 80)}`; }
+  const prevKeys = new Set(prevFindings.map(findingKey));
+  const curKeys  = new Set(curFindings.map(findingKey));
+
+  const fixed   = prevFindings.filter(f => !curKeys.has(findingKey(f)));
+  const newOnes = curFindings.filter(f => !prevKeys.has(findingKey(f)));
+
+  const lines = [heading, ''];
+
+  if (newOnes.length === 0 && fixed.length === 0) {
+    lines.push('_No changes detected since last run._');
+  } else {
+    lines.push(`**Run date**: ${new Date(currentReport.generatedAt ?? Date.now()).toUTCString()}  `);
+    lines.push(`**Total findings**: ${currentReport.summary?.total ?? 0} (was ${prevReport.summary?.total ?? 0})  `);
+    lines.push('');
+
+    if (newOnes.length > 0) {
+      const crits = newOnes.filter(f => f.severity === 'critical').length;
+      lines.push(`### 🆕 New Issues (${newOnes.length})`);
+      if (crits > 0) lines.push(`> ⚠️ ${crits} new critical issue(s) require attention`);
+      lines.push('');
+      lines.push('| Severity | Source | Type | Details |');
+      lines.push('|---|---|---|---|');
+      for (const f of newOnes.slice(0, MAX_TABLE_ROWS)) {
+        lines.push(`| ${sevIcon(f.severity)} ${f.severity} | ${f._source} | \`${f.type}\` | ${mdCell(f.message)} |`);
+      }
+      if (newOnes.length > MAX_TABLE_ROWS) {
+        lines.push(`| … | … | … | _${newOnes.length - MAX_TABLE_ROWS} more_ |`);
+      }
+      lines.push('');
+    }
+
+    if (fixed.length > 0) {
+      lines.push(`### ✅ Resolved Issues (${fixed.length})`);
+      lines.push('');
+      lines.push('| Severity | Source | Type | Details |');
+      lines.push('|---|---|---|---|');
+      for (const f of fixed.slice(0, MAX_TABLE_ROWS)) {
+        lines.push(`| ${sevIcon(f.severity)} ${f.severity} | ${f._source} | \`${f.type}\` | ${mdCell(f.message)} |`);
+      }
+      if (fixed.length > MAX_TABLE_ROWS) {
+        lines.push(`| … | … | … | _${fixed.length - MAX_TABLE_ROWS} more_ |`);
+      }
+      lines.push('');
+    }
+  }
+
+  lines.push('---');
+  lines.push(`_Generated by [Argus](https://github.com/ironclawdevs27/Argus)_`);
+  return lines.join('\n');
+}
+
 // ── C2.5: Configuration guard ─────────────────────────────────────────────────
 
 export function isGitHubConfigured() {
@@ -294,11 +487,21 @@ export async function reportToGitHub(report, diff) {
   }
 
   if (process.env.GITHUB_SHA) {
+    // Commit status (fast, minimal)
     tasks.push(
       setCommitStatus(report, diff).catch(err =>
         logger.warn(`[ARGUS] C2: Commit status failed — ${err.message}`)
       )
     );
+
+    // Check Run (rich output — created and completed in sequence)
+    tasks.push(
+      createCheckRun(undefined, process.env.GITHUB_SHA)
+        .then(id => completeCheckRun(id, report, diff))
+        .catch(err =>
+          logger.warn(`[ARGUS] C2: Check run failed — ${err.message}`)
+        )
+    );
   }
 
   if (tasks.length === 0) {