2.2.0 Reality Checks, Schema Export & CI Templates #3
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
add a new function gen_schema to src/nod/generator.py Output: It will output a standard JSON Schema draft-07 representation of the currently loaded rules. This allows GRC tools to validate their policy definitions against nod's expectations, or vice versa.
add a new function gen_schema to src/nod/generator.py and wire it up in src/nod/cli.py.
updated the Scanner to capture implementation files (like Dockerfile or requirements.txt) without treating them as specifications.
Modified gen_report (Text Output) to separate checks with type="contradiction". Added a new report section: "π POTENTIAL CODE CONTRADICTIONS (DRIFT)" to highlight mismatches between Spec and Reality. Updated gen_sarif (JSON Output) to tag reality check failures with drift and spec-contradiction tags for security dashboards.
Updated the test_profile fixture in setUp to include a mock Reality Check configuration. Added test_reality_check_pass: Verifies that matching content in Spec and Code results in a PASS. Added test_reality_check_fail: Verifies that a missing implementation detail triggers a FAIL with the correct contradiction type.
Update nod-gatekeeper.yml
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
π Major Features
π΅οΈ Code-to-Spec Verification (Drift Detection)
nod now goes beyond just checking your documentation. With Reality Checks, the scanner verifies that claims made in your spec (e.g., "Database: Postgres") are actually reflected in your implementation code (e.g., requirements.txt or Dockerfile).
π JSON Schema Export
Enable better integration with GRC tools and policy validators. You can now export your loaded ruleset as a standard JSON Schema (Draft-07).
π· Native CI/CD Templates
We've added a new templates/ directory containing drop-in configurations for major CI providers, expanding support beyond GitHub Actions:
π οΈ CLI & UX Improvements
π§Ή Maintenance & Quality