patchdrill 0.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (169) hide show
  1. package/.patchdrill.yml +33 -0
  2. package/CHANGELOG.md +150 -0
  3. package/CONTRIBUTING.md +59 -0
  4. package/LICENSE +21 -0
  5. package/README.md +601 -0
  6. package/SECURITY.md +28 -0
  7. package/action.yml +338 -0
  8. package/dist/baseline.d.ts +9 -0
  9. package/dist/baseline.js +38 -0
  10. package/dist/baseline.js.map +1 -0
  11. package/dist/cli.d.ts +19 -0
  12. package/dist/cli.js +662 -0
  13. package/dist/cli.js.map +1 -0
  14. package/dist/codeowners.d.ts +14 -0
  15. package/dist/codeowners.js +104 -0
  16. package/dist/codeowners.js.map +1 -0
  17. package/dist/command-plan.d.ts +3 -0
  18. package/dist/command-plan.js +26 -0
  19. package/dist/command-plan.js.map +1 -0
  20. package/dist/demo.d.ts +5 -0
  21. package/dist/demo.js +525 -0
  22. package/dist/demo.js.map +1 -0
  23. package/dist/dependency.d.ts +4 -0
  24. package/dist/dependency.js +1424 -0
  25. package/dist/dependency.js.map +1 -0
  26. package/dist/doctor.d.ts +26 -0
  27. package/dist/doctor.js +183 -0
  28. package/dist/doctor.js.map +1 -0
  29. package/dist/evidence.d.ts +64 -0
  30. package/dist/evidence.js +352 -0
  31. package/dist/evidence.js.map +1 -0
  32. package/dist/git.d.ts +16 -0
  33. package/dist/git.js +349 -0
  34. package/dist/git.js.map +1 -0
  35. package/dist/i18n-catalog.d.ts +8 -0
  36. package/dist/i18n-catalog.js +446 -0
  37. package/dist/i18n-catalog.js.map +1 -0
  38. package/dist/i18n.d.ts +20 -0
  39. package/dist/i18n.js +67 -0
  40. package/dist/i18n.js.map +1 -0
  41. package/dist/init.d.ts +13 -0
  42. package/dist/init.js +312 -0
  43. package/dist/init.js.map +1 -0
  44. package/dist/markdown-links.d.ts +18 -0
  45. package/dist/markdown-links.js +180 -0
  46. package/dist/markdown-links.js.map +1 -0
  47. package/dist/package-scripts.d.ts +3 -0
  48. package/dist/package-scripts.js +55 -0
  49. package/dist/package-scripts.js.map +1 -0
  50. package/dist/planner.d.ts +8 -0
  51. package/dist/planner.js +2351 -0
  52. package/dist/planner.js.map +1 -0
  53. package/dist/policy.d.ts +12 -0
  54. package/dist/policy.js +255 -0
  55. package/dist/policy.js.map +1 -0
  56. package/dist/project.d.ts +2 -0
  57. package/dist/project.js +1085 -0
  58. package/dist/project.js.map +1 -0
  59. package/dist/release-readiness.d.ts +25 -0
  60. package/dist/release-readiness.js +426 -0
  61. package/dist/release-readiness.js.map +1 -0
  62. package/dist/report-annotations.d.ts +3 -0
  63. package/dist/report-annotations.js +28 -0
  64. package/dist/report-annotations.js.map +1 -0
  65. package/dist/report-contract.d.ts +2 -0
  66. package/dist/report-contract.js +82 -0
  67. package/dist/report-contract.js.map +1 -0
  68. package/dist/report-html.d.ts +7 -0
  69. package/dist/report-html.js +706 -0
  70. package/dist/report-html.js.map +1 -0
  71. package/dist/report-sarif.d.ts +2 -0
  72. package/dist/report-sarif.js +90 -0
  73. package/dist/report-sarif.js.map +1 -0
  74. package/dist/report.d.ts +14 -0
  75. package/dist/report.js +310 -0
  76. package/dist/report.js.map +1 -0
  77. package/dist/risk.d.ts +19 -0
  78. package/dist/risk.js +1226 -0
  79. package/dist/risk.js.map +1 -0
  80. package/dist/runner.d.ts +8 -0
  81. package/dist/runner.js +113 -0
  82. package/dist/runner.js.map +1 -0
  83. package/dist/scan.d.ts +2 -0
  84. package/dist/scan.js +195 -0
  85. package/dist/scan.js.map +1 -0
  86. package/dist/schema.d.ts +12 -0
  87. package/dist/schema.js +30 -0
  88. package/dist/schema.js.map +1 -0
  89. package/dist/stack-coverage.d.ts +8 -0
  90. package/dist/stack-coverage.js +94 -0
  91. package/dist/stack-coverage.js.map +1 -0
  92. package/dist/types.d.ts +206 -0
  93. package/dist/types.js +2 -0
  94. package/dist/types.js.map +1 -0
  95. package/dist/verification.d.ts +11 -0
  96. package/dist/verification.js +108 -0
  97. package/dist/verification.js.map +1 -0
  98. package/docs/ANNOTATIONS.md +34 -0
  99. package/docs/ARCHITECTURE.md +79 -0
  100. package/docs/BASELINES.md +32 -0
  101. package/docs/CASE_STUDIES.md +106 -0
  102. package/docs/CODEOWNERS.md +23 -0
  103. package/docs/DASHBOARD.md +87 -0
  104. package/docs/EVIDENCE.md +55 -0
  105. package/docs/LAUNCH_PLAYBOOK.md +103 -0
  106. package/docs/MONOREPOS.md +74 -0
  107. package/docs/POLICY.md +98 -0
  108. package/docs/PROOF_PACKS.md +57 -0
  109. package/docs/PR_COMMENTS.md +56 -0
  110. package/docs/RELEASE.md +35 -0
  111. package/docs/ROADMAP.md +152 -0
  112. package/docs/RULE_CATALOG.md +90 -0
  113. package/docs/SARIF.md +74 -0
  114. package/docs/SCHEMAS.md +49 -0
  115. package/docs/SECURITY_POSTURE.md +32 -0
  116. package/docs/STACK_COVERAGE.md +20 -0
  117. package/docs/assets/patchdrill-demo.svg +21 -0
  118. package/docs/media/patchdrill-dashboard.png +0 -0
  119. package/docs/media/patchdrill-demo.gif +0 -0
  120. package/examples/case-studies/README.md +20 -0
  121. package/examples/demo/README.md +21 -0
  122. package/examples/demo/patchdrill-demo-summary.md +35 -0
  123. package/examples/demo/patchdrill-demo.html +623 -0
  124. package/examples/demo/patchdrill-demo.json +355 -0
  125. package/examples/demo/patchdrill-demo.md +120 -0
  126. package/examples/demo/patchdrill-demo.sarif +195 -0
  127. package/examples/report.md +128 -0
  128. package/examples/risky-agent-pr/README.md +15 -0
  129. package/examples/risky-agent-pr/patchdrill-demo-summary.md +41 -0
  130. package/examples/risky-agent-pr/patchdrill-demo.html +681 -0
  131. package/examples/risky-agent-pr/patchdrill-demo.json +483 -0
  132. package/examples/risky-agent-pr/patchdrill-demo.md +140 -0
  133. package/examples/risky-agent-pr/patchdrill-demo.sarif +398 -0
  134. package/fixtures/stacks/README.md +4 -0
  135. package/fixtures/stacks/android-gradle/fixture.json +33 -0
  136. package/fixtures/stacks/aspnet-core-service/fixture.json +36 -0
  137. package/fixtures/stacks/bazel-workspace/fixture.json +30 -0
  138. package/fixtures/stacks/buck2-workspace/fixture.json +30 -0
  139. package/fixtures/stacks/cargo-workspace/fixture.json +48 -0
  140. package/fixtures/stacks/django-app/fixture.json +25 -0
  141. package/fixtures/stacks/docker-compose/fixture.json +17 -0
  142. package/fixtures/stacks/dockerfile-service/fixture.json +17 -0
  143. package/fixtures/stacks/dotnet-service/fixture.json +36 -0
  144. package/fixtures/stacks/dotnet-solution-filter/fixture.json +62 -0
  145. package/fixtures/stacks/fastapi-app/fixture.json +29 -0
  146. package/fixtures/stacks/go-workspace/fixture.json +48 -0
  147. package/fixtures/stacks/java-gradle/fixture.json +29 -0
  148. package/fixtures/stacks/java-maven/fixture.json +32 -0
  149. package/fixtures/stacks/kubernetes-helm/fixture.json +25 -0
  150. package/fixtures/stacks/kubernetes-kustomize/fixture.json +21 -0
  151. package/fixtures/stacks/nested-go-workspace/fixture.json +51 -0
  152. package/fixtures/stacks/nextjs-app/fixture.json +34 -0
  153. package/fixtures/stacks/node-turbo-workspace/fixture.json +39 -0
  154. package/fixtures/stacks/pants-python/fixture.json +33 -0
  155. package/fixtures/stacks/php-composer/fixture.json +31 -0
  156. package/fixtures/stacks/python-service/fixture.json +21 -0
  157. package/fixtures/stacks/rails-app/fixture.json +25 -0
  158. package/fixtures/stacks/spring-boot-gradle/fixture.json +29 -0
  159. package/fixtures/stacks/spring-boot-maven/fixture.json +43 -0
  160. package/fixtures/stacks/swift-package/fixture.json +21 -0
  161. package/fixtures/stacks/terraform-module/fixture.json +17 -0
  162. package/fixtures/stacks/uv-python-service/fixture.json +47 -0
  163. package/fixtures/stacks/xcode-app/fixture.json +72 -0
  164. package/package.json +80 -0
  165. package/schemas/patchdrill-doctor.schema.json +171 -0
  166. package/schemas/patchdrill-evidence.schema.json +239 -0
  167. package/schemas/patchdrill-policy.schema.json +170 -0
  168. package/schemas/patchdrill-release-check.schema.json +78 -0
  169. package/schemas/patchdrill-report.schema.json +647 -0
package/examples/demo/patchdrill-demo.html ADDED
@@ -0,0 +1,623 @@
1
+ <!doctype html>
2
+ <html lang="en">
3
+ <head>
4
+ <meta charset="utf-8">
5
+ <meta name="viewport" content="width=device-width, initial-scale=1">
6
+ <link rel="icon" href="data:,">
7
+ <title>PatchDrill Dashboard</title>
8
+ <style>
9
+ :root {
10
+ color-scheme: light;
11
+ --bg: #f6f7f9;
12
+ --panel: #ffffff;
13
+ --text: #15181e;
14
+ --muted: #5c6470;
15
+ --border: #d9dee7;
16
+ --code-bg: #f0f3f7;
17
+ --pass: #0b6b43;
18
+ --pass-bg: #e5f5ed;
19
+ --warn: #9a5b00;
20
+ --warn-bg: #fff0d6;
21
+ --fail: #a12828;
22
+ --fail-bg: #fde7e7;
23
+ --info: #285da1;
24
+ --info-bg: #e7f0fb;
25
+ --shadow: 0 1px 2px rgb(16 24 40 / 8%);
26
+ font-family: Inter, ui-sans-serif, system-ui, -apple-system, BlinkMacSystemFont, "Segoe UI", sans-serif;
27
+ }
28
+
29
+ * {
30
+ box-sizing: border-box;
31
+ }
32
+
33
+ body {
34
+ margin: 0;
35
+ background: var(--bg);
36
+ color: var(--text);
37
+ line-height: 1.5;
38
+ }
39
+
40
+ main {
41
+ width: min(1180px, calc(100% - 32px));
42
+ margin: 0 auto;
43
+ padding: 32px 0 48px;
44
+ }
45
+
46
+ header {
47
+ display: grid;
48
+ gap: 18px;
49
+ margin-bottom: 22px;
50
+ }
51
+
52
+ h1,
53
+ h2,
54
+ h3,
55
+ p {
56
+ margin: 0;
57
+ }
58
+
59
+ h1 {
60
+ font-size: 32px;
61
+ line-height: 1.15;
62
+ letter-spacing: 0;
63
+ }
64
+
65
+ h2 {
66
+ font-size: 19px;
67
+ line-height: 1.25;
68
+ letter-spacing: 0;
69
+ }
70
+
71
+ h3 {
72
+ font-size: 15px;
73
+ line-height: 1.3;
74
+ letter-spacing: 0;
75
+ }
76
+
77
+ .eyebrow {
78
+ color: var(--muted);
79
+ font-size: 13px;
80
+ font-weight: 700;
81
+ letter-spacing: .08em;
82
+ text-transform: uppercase;
83
+ }
84
+
85
+ .header-row,
86
+ .section-heading,
87
+ .finding-head,
88
+ summary {
89
+ align-items: center;
90
+ display: flex;
91
+ gap: 12px;
92
+ justify-content: space-between;
93
+ }
94
+
95
+ .context {
96
+ color: var(--muted);
97
+ display: flex;
98
+ flex-wrap: wrap;
99
+ font-size: 13px;
100
+ gap: 8px 16px;
101
+ }
102
+
103
+ .grid {
104
+ display: grid;
105
+ gap: 12px;
106
+ }
107
+
108
+ .metrics {
109
+ grid-template-columns: repeat(5, minmax(0, 1fr));
110
+ }
111
+
112
+ .two-column {
113
+ grid-template-columns: repeat(2, minmax(0, 1fr));
114
+ }
115
+
116
+ .metric,
117
+ .finding,
118
+ .table-wrap,
119
+ details {
120
+ background: var(--panel);
121
+ border: 1px solid var(--border);
122
+ border-radius: 8px;
123
+ box-shadow: var(--shadow);
124
+ }
125
+
126
+ section {
127
+ display: grid;
128
+ gap: 14px;
129
+ margin-top: 24px;
130
+ padding: 0;
131
+ }
132
+
133
+ .metric {
134
+ min-width: 0;
135
+ padding: 14px;
136
+ }
137
+
138
+ .metric-label {
139
+ color: var(--muted);
140
+ font-size: 12px;
141
+ font-weight: 700;
142
+ text-transform: uppercase;
143
+ }
144
+
145
+ .metric-value {
146
+ font-size: 24px;
147
+ font-weight: 760;
148
+ line-height: 1.2;
149
+ margin-top: 6px;
150
+ overflow-wrap: anywhere;
151
+ }
152
+
153
+ .metric-detail {
154
+ color: var(--muted);
155
+ font-size: 12px;
156
+ margin-top: 4px;
157
+ overflow-wrap: anywhere;
158
+ }
159
+
160
+ .bar {
161
+ background: #e7ebf1;
162
+ border-radius: 999px;
163
+ height: 8px;
164
+ margin-top: 10px;
165
+ overflow: hidden;
166
+ }
167
+
168
+ .bar span {
169
+ display: block;
170
+ height: 100%;
171
+ }
172
+
173
+ .bar .pass {
174
+ background: var(--pass);
175
+ }
176
+
177
+ .bar .warn {
178
+ background: var(--warn);
179
+ }
180
+
181
+ .bar .fail {
182
+ background: var(--fail);
183
+ }
184
+
185
+ .trend-table td,
186
+ .trend-table th {
187
+ white-space: nowrap;
188
+ }
189
+
190
+ .trend-risk {
191
+ align-items: center;
192
+ display: grid;
193
+ gap: 8px;
194
+ grid-template-columns: 54px minmax(120px, 1fr);
195
+ }
196
+
197
+ .pill {
198
+ border-radius: 999px;
199
+ display: inline-flex;
200
+ font-size: 12px;
201
+ font-weight: 760;
202
+ gap: 6px;
203
+ line-height: 1;
204
+ padding: 7px 9px;
205
+ text-transform: uppercase;
206
+ white-space: nowrap;
207
+ }
208
+
209
+ .pass {
210
+ background: var(--pass-bg);
211
+ color: var(--pass);
212
+ }
213
+
214
+ .warn {
215
+ background: var(--warn-bg);
216
+ color: var(--warn);
217
+ }
218
+
219
+ .fail,
220
+ .critical,
221
+ .high {
222
+ background: var(--fail-bg);
223
+ color: var(--fail);
224
+ }
225
+
226
+ .medium {
227
+ background: var(--warn-bg);
228
+ color: var(--warn);
229
+ }
230
+
231
+ .low,
232
+ .info {
233
+ background: var(--info-bg);
234
+ color: var(--info);
235
+ }
236
+
237
+ .muted,
238
+ .empty {
239
+ color: var(--muted);
240
+ }
241
+
242
+ .table-wrap {
243
+ overflow-x: auto;
244
+ border-radius: 8px;
245
+ box-shadow: var(--shadow);
246
+ }
247
+
248
+ table {
249
+ border-collapse: collapse;
250
+ font-size: 13px;
251
+ min-width: 720px;
252
+ width: 100%;
253
+ }
254
+
255
+ th,
256
+ td {
257
+ border-bottom: 1px solid var(--border);
258
+ padding: 10px;
259
+ text-align: left;
260
+ vertical-align: top;
261
+ }
262
+
263
+ th {
264
+ color: var(--muted);
265
+ font-size: 12px;
266
+ text-transform: uppercase;
267
+ }
268
+
269
+ tr:last-child td {
270
+ border-bottom: 0;
271
+ }
272
+
273
+ code,
274
+ pre {
275
+ background: var(--code-bg);
276
+ border-radius: 6px;
277
+ font-family: "SFMono-Regular", Consolas, "Liberation Mono", monospace;
278
+ font-size: 12px;
279
+ }
280
+
281
+ code {
282
+ padding: 2px 5px;
283
+ }
284
+
285
+ pre {
286
+ margin: 10px 0 0;
287
+ max-height: 360px;
288
+ overflow: auto;
289
+ padding: 12px;
290
+ white-space: pre-wrap;
291
+ word-break: break-word;
292
+ }
293
+
294
+ .finding-list {
295
+ display: grid;
296
+ gap: 10px;
297
+ }
298
+
299
+ .finding {
300
+ display: grid;
301
+ gap: 8px;
302
+ padding: 14px;
303
+ }
304
+
305
+ .finding-title {
306
+ font-weight: 760;
307
+ overflow-wrap: anywhere;
308
+ }
309
+
310
+ .detail-list {
311
+ display: grid;
312
+ gap: 8px;
313
+ grid-template-columns: repeat(2, minmax(0, 1fr));
314
+ }
315
+
316
+ .detail-item {
317
+ border: 1px solid var(--border);
318
+ border-radius: 8px;
319
+ padding: 12px;
320
+ }
321
+
322
+ .detail-label {
323
+ color: var(--muted);
324
+ font-size: 12px;
325
+ font-weight: 700;
326
+ text-transform: uppercase;
327
+ }
328
+
329
+ .detail-value {
330
+ margin-top: 4px;
331
+ overflow-wrap: anywhere;
332
+ }
333
+
334
+ details {
335
+ padding: 0;
336
+ }
337
+
338
+ summary {
339
+ cursor: pointer;
340
+ font-weight: 700;
341
+ list-style: none;
342
+ padding: 14px;
343
+ }
344
+
345
+ summary::-webkit-details-marker {
346
+ display: none;
347
+ }
348
+
349
+ .command-body {
350
+ border-top: 1px solid var(--border);
351
+ padding: 0 14px 14px;
352
+ }
353
+
354
+ @media (max-width: 900px) {
355
+ .metrics,
356
+ .two-column,
357
+ .detail-list {
358
+ grid-template-columns: 1fr;
359
+ }
360
+
361
+ .header-row,
362
+ .section-heading,
363
+ .finding-head,
364
+ summary {
365
+ align-items: flex-start;
366
+ flex-direction: column;
367
+ }
368
+
369
+ main {
370
+ width: min(100% - 20px, 1180px);
371
+ padding-top: 20px;
372
+ }
373
+ }
374
+ </style>
375
+ </head>
376
+ <body>
377
+ <main>
378
+ <header>
379
+ <div class="header-row">
380
+ <div>
381
+ <p class="eyebrow">PatchDrill</p>
382
+ <h1>Verification Dashboard</h1>
383
+ </div>
384
+ <span class="pill warn">WARN</span>
385
+ </div>
386
+ <div class="context"><span>Base: origin/main</span><span>Head: feature/auth-session-hardening</span><span>Generated: 2026-06-01T00:00:00.000Z</span><span>Schema: 1</span></div>
387
+ </header>
388
+
389
+ <div class="grid metrics">
390
+ <div class="metric">
391
+ <div class="metric-label">Risk score</div>
392
+ <div class="metric-value">58/100</div>
393
+ <div class="metric-detail">Higher means more review proof is needed.</div>
394
+ <div class="bar" aria-hidden="true"><span class="warn" style="width: 58%;"></span></div>
395
+ </div>
396
+ <div class="metric">
397
+ <div class="metric-label">Confidence</div>
398
+ <div class="metric-value">82/100</div>
399
+ <div class="metric-detail">Higher means stronger verification evidence.</div>
400
+ <div class="bar" aria-hidden="true"><span class="pass" style="width: 82%;"></span></div>
401
+ </div>
402
+ <div class="metric">
403
+ <div class="metric-label">Changed files</div>
404
+ <div class="metric-value">5</div>
405
+ <div class="metric-detail">+186 / -42</div>
406
+ </div>
407
+ <div class="metric">
408
+ <div class="metric-label">Required checks</div>
409
+ <div class="metric-value">3</div>
410
+ <div class="metric-detail">3 passed, 0 failed, 0 missing</div>
411
+ </div>
412
+ <div class="metric">
413
+ <div class="metric-label">Added lines</div>
414
+ <div class="metric-value">186</div>
415
+ <div class="metric-detail">Diff lines scanned for risky content.</div>
416
+ </div>
417
+ </div>
418
+
419
+
420
+
421
+ <section>
422
+ <div class="section-heading">
423
+ <h2>Findings</h2>
424
+ <span class="pill warn">4 total</span>
425
+ </div>
426
+ <div class="finding-list">
427
+ <article class="finding">
428
+ <div class="finding-head">
429
+ <div>
430
+ <div class="finding-title">High-impact product area changed</div>
431
+ <div class="metric-detail">apps/api/src/auth/session.ts</div>
432
+ </div>
433
+ <span class="pill high">high</span>
434
+ </div>
435
+ <p>Authentication/session code changed and needs strong proof before merge.</p>
436
+ <p class="muted">Remediation: Require owner review and targeted session regression evidence.</p>
437
+ <p class="muted">Rule: <code>file.high-impact-area</code></p>
438
+ <p class="muted">Tags: security, auth</p>
439
+ </article><article class="finding">
440
+ <div class="finding-head">
441
+ <div>
442
+ <div class="finding-title">Data migration review required</div>
443
+ <div class="metric-detail">packages/db/migrations/20260601090000_add_session_rotation.sql</div>
444
+ </div>
445
+ <span class="pill high">high</span>
446
+ </div>
447
+ <p>A database migration can alter production session state.</p>
448
+ <p class="muted">Remediation: Attach dry-run, rollback, and data-owner approval notes.</p>
449
+ <p class="muted">Rule: <code>file.high-impact-area</code></p>
450
+ <p class="muted">Tags: data, migration</p>
451
+ </article><article class="finding">
452
+ <div class="finding-head">
453
+ <div>
454
+ <div class="finding-title">OIDC deployment job should use a protected environment</div>
455
+ <div class="metric-detail">.github/workflows/deploy.yml:34</div>
456
+ </div>
457
+ <span class="pill medium">medium</span>
458
+ </div>
459
+ <p>A deployment workflow can mint cloud credentials without an explicit GitHub environment gate.</p>
460
+ <p class="muted">Remediation: Attach a protected environment or document why this job cannot deploy.</p>
461
+ <p class="muted">Rule: <code>workflow.environment-oidc-token</code></p>
462
+ <p class="muted">Tags: ci, oidc, supply-chain</p>
463
+ </article><article class="finding">
464
+ <div class="finding-head">
465
+ <div>
466
+ <div class="finding-title">Dependency lockfile changed</div>
467
+ <div class="metric-detail">package-lock.json</div>
468
+ </div>
469
+ <span class="pill low">low</span>
470
+ </div>
471
+ <p>@acme/session-store changed from 1.8.2 to 1.9.0.</p>
472
+ <p class="muted">Remediation: Review release notes and verify transitive dependency impact.</p>
473
+ <p class="muted">Rule: <code>file.lockfile</code></p>
474
+ <p class="muted">Tags: dependencies</p>
475
+ </article>
476
+ </div>
477
+ </section>
478
+
479
+ <section>
480
+ <div class="section-heading">
481
+ <h2>Verification Plan</h2>
482
+ <span class="pill info">3 required, 1 optional</span>
483
+ </div>
484
+ <div class="table-wrap">
485
+ <table>
486
+ <thead>
487
+ <tr><th>Required</th><th>Package</th><th>Command</th><th>Result</th><th>Reason</th></tr>
488
+ </thead>
489
+ <tbody>
490
+ <tr><td><span class="pill warn">yes</span></td><td>@acme/api</td><td><code>pnpm exec turbo run typecheck --filter=@acme/api</code></td><td><span class="pill pass">passed</span></td><td>Auth source changed in @acme/api.</td></tr><tr><td><span class="pill warn">yes</span></td><td>@acme/api</td><td><code>pnpm exec turbo run test --filter=@acme/api</code></td><td><span class="pill pass">passed</span></td><td>Session behavior changed and matching tests exist.</td></tr><tr><td><span class="pill warn">yes</span></td><td></td><td><code>pnpm run test:contracts</code></td><td><span class="pill pass">passed</span></td><td>Repository policy requires contract tests for auth/session changes.</td></tr><tr><td><span class="pill info">no</span></td><td></td><td><code>pnpm run test:e2e</code></td><td><span class="pill info">skipped optional</span></td><td>Optional browser coverage is available for session rotation flows.</td></tr>
491
+ </tbody>
492
+ </table>
493
+ </div>
494
+ </section>
495
+
496
+ <section>
497
+ <div class="section-heading">
498
+ <h2>Command Results</h2>
499
+ <span class="pill pass">0 failed</span>
500
+ </div>
501
+ <div class="grid">
502
+ <details>
503
+ <summary>
504
+ <span><code>pnpm exec turbo run typecheck --filter=@acme/api</code></span>
505
+ <span class="pill pass">exit 0</span>
506
+ </summary>
507
+ <div class="command-body">
508
+ <p class="muted">Duration: 8421ms</p>
509
+ <h3>stdout</h3><pre>@acme/api:typecheck: cache miss, executing
510
+ @acme/api:typecheck: ok</pre>
511
+ </div>
512
+ </details><details>
513
+ <summary>
514
+ <span><code>pnpm exec turbo run test --filter=@acme/api</code></span>
515
+ <span class="pill pass">exit 0</span>
516
+ </summary>
517
+ <div class="command-body">
518
+ <p class="muted">Duration: 12544ms</p>
519
+ <h3>stdout</h3><pre>@acme/api:test: 42 tests passed</pre>
520
+ </div>
521
+ </details><details>
522
+ <summary>
523
+ <span><code>pnpm run test:contracts</code></span>
524
+ <span class="pill pass">exit 0</span>
525
+ </summary>
526
+ <div class="command-body">
527
+ <p class="muted">Duration: 15038ms</p>
528
+ <h3>stdout</h3><pre>contract auth-session passed
529
+ contract deployment-claims passed</pre>
530
+ </div>
531
+ </details>
532
+ </div>
533
+ </section>
534
+
535
+ <section>
536
+ <h2>Changed Files</h2>
537
+ <div class="table-wrap">
538
+ <table>
539
+ <thead>
540
+ <tr><th>File</th><th>Status</th><th>+/-</th><th>Owners</th></tr>
541
+ </thead>
542
+ <tbody>
543
+ <tr><td>apps/api/src/auth/session.ts</td><td>modified</td><td>+54 / -16</td><td>@acme/security</td></tr><tr><td>apps/api/src/auth/session.test.ts</td><td>modified</td><td>+48 / -4</td><td>@acme/security</td></tr><tr><td>packages/db/migrations/20260601090000_add_session_rotation.sql</td><td>added</td><td>+38 / -0</td><td>@acme/data</td></tr><tr><td>.github/workflows/deploy.yml</td><td>modified</td><td>+22 / -12</td><td>@acme/platform</td></tr><tr><td>package-lock.json</td><td>modified</td><td>+24 / -10</td><td></td></tr>
544
+ </tbody>
545
+ </table>
546
+ </div>
547
+ </section>
548
+
549
+ <div class="grid two-column">
550
+ <section>
551
+ <h2>Project Signals</h2>
552
+ <div class="table-wrap">
553
+ <table>
554
+ <thead>
555
+ <tr><th>Ecosystem</th><th>Framework</th><th>Entrypoint</th><th>Manifest</th><th>Package manager</th><th>Task runner</th></tr>
556
+ </thead>
557
+ <tbody>
558
+ <tr><td>node</td><td></td><td></td><td>package.json</td><td>pnpm</td><td>turbo</td></tr><tr><td>github-actions</td><td></td><td></td><td>.github/workflows/deploy.yml</td><td></td><td></td></tr>
559
+ </tbody>
560
+ </table>
561
+ </div>
562
+ </section>
563
+ <section>
564
+ <h2>Review Context</h2>
565
+ <div class="detail-list">
566
+ <div class="detail-item">
567
+ <div class="detail-label">Policy</div>
568
+ <div class="detail-value">.patchdrill.yml (2 rules)</div>
569
+ </div><div class="detail-item">
570
+ <div class="detail-label">Policy commands</div>
571
+ <div class="detail-value">1 required, 1 optional</div>
572
+ </div><div class="detail-item">
573
+ <div class="detail-label">Fail-on</div>
574
+ <div class="detail-value">high</div>
575
+ </div><div class="detail-item">
576
+ <div class="detail-label">Max risk</div>
577
+ <div class="detail-value">69</div>
578
+ </div><div class="detail-item">
579
+ <div class="detail-label">Code owners</div>
580
+ <div class="detail-value">.github/CODEOWNERS (3 rules)</div>
581
+ </div><div class="detail-item">
582
+ <div class="detail-label">Baseline</div>
583
+ <div class="detail-value">previous-patchdrill-report.json</div>
584
+ </div><div class="detail-item">
585
+ <div class="detail-label">Risk delta</div>
586
+ <div class="detail-value">+14</div>
587
+ </div><div class="detail-item">
588
+ <div class="detail-label">Findings delta</div>
589
+ <div class="detail-value">2 new, 1 resolved, 3 unchanged</div>
590
+ </div><div class="detail-item">
591
+ <div class="detail-label">Affected packages</div>
592
+ <div class="detail-value">@acme/api</div>
593
+ </div>
594
+ </div>
595
+ </section>
596
+ </div>
597
+
598
+ <section>
599
+ <h2>Dependency Changes</h2>
600
+ <div class="table-wrap">
601
+ <table>
602
+ <thead>
603
+ <tr><th>File</th><th>Type</th><th>Package</th><th>Path</th><th>Change</th><th>Before</th><th>After</th></tr>
604
+ </thead>
605
+ <tbody>
606
+ <tr><td>package-lock.json</td><td>lockfile</td><td>@acme/session-store</td><td>node_modules/@acme/session-store</td><td>updated</td><td>1.8.2</td><td>1.9.0</td></tr>
607
+ </tbody>
608
+ </table>
609
+ </div>
610
+ </section>
611
+
612
+ <section>
613
+ <h2>Package Script Changes</h2>
614
+ <p class="empty">No package script changes detected.</p>
615
+ </section>
616
+
617
+ <section>
618
+ <h2>Reviewer Notes</h2>
619
+ <p class="muted">Treat this dashboard as triage evidence, not a replacement for review. High-impact areas still need human sign-off even when automated commands pass.</p>
620
+ </section>
621
+ </main>
622
+ </body>
623
+ </html>