generated from coulomb/repo-seed
Add report fragments and export manifest
This commit is contained in:
@@ -83,6 +83,8 @@ The key runtime fields are:
|
||||
- `normalizers`: optional plug-ins that convert native runner output into the
|
||||
stable runner-result shape before evidence is written.
|
||||
- `mappings`: mapping set IDs under `mappings/<mapping-id>.json`.
|
||||
- `report_fragments`: optional Markdown file or Python module descriptors for
|
||||
extension-owned report content.
|
||||
- `certification_boundary`: explicit statement of what the extension does not
|
||||
certify.
|
||||
|
||||
@@ -209,6 +211,53 @@ to extension-owned mappings and writes normalized mapping records to:
|
||||
runs/<run-id>/normalized/mappings.json
|
||||
```
|
||||
|
||||
## Report Fragments
|
||||
|
||||
Extensions can contribute report fragments through `report_fragments`.
|
||||
|
||||
Static Markdown file:
|
||||
|
||||
```json
|
||||
{
|
||||
"id": "overview",
|
||||
"kind": "markdown_file",
|
||||
"path": "reports/overview.md",
|
||||
"title": "Overview"
|
||||
}
|
||||
```
|
||||
|
||||
Dynamic Python fragment:
|
||||
|
||||
```json
|
||||
{
|
||||
"id": "sdk-fixture-summary",
|
||||
"kind": "python_module",
|
||||
"module_path": "reports/sdk_fixture_summary.py",
|
||||
"callable": "build_fragment",
|
||||
"path": null,
|
||||
"title": "SDK Fixture Summary"
|
||||
}
|
||||
```
|
||||
|
||||
Fragment paths are resolved relative to the extension root and must stay inside
|
||||
that root. A Python fragment receives `root`, `run_dir`, `run_id`, `plan`,
|
||||
`evidence`, `findings`, `mappings`, `assessment_package`, `policy_summary`,
|
||||
`source_lock`, `extension_path`, and `report_fragment`.
|
||||
|
||||
It returns:
|
||||
|
||||
```python
|
||||
def build_fragment(context: dict) -> dict:
|
||||
return {
|
||||
"markdown": "### Extension Summary\n\n- evidence items: 2",
|
||||
"structured": {"evidence_count": 2},
|
||||
}
|
||||
```
|
||||
|
||||
Fragments are written to `reports/fragments.json`, embedded in the assessment
|
||||
package, rendered in `reports/report.md`, and summarized in
|
||||
`exports/export-manifest.json`.
|
||||
|
||||
## Evidence Request Sets
|
||||
|
||||
Procedural and hybrid compliance extensions may include evidence request sets
|
||||
@@ -402,9 +451,9 @@ profiles.
|
||||
|
||||
## Source Lock And Submission Package
|
||||
|
||||
Every new run writes `sources.lock.json` and
|
||||
`reports/submission-package.json`. Extension authors should treat source
|
||||
metadata as part of the evidence contract:
|
||||
Every new run writes `sources.lock.json`, `reports/submission-package.json`,
|
||||
and the generic portable export manifest at `exports/export-manifest.json`.
|
||||
Extension authors should treat source metadata as part of the evidence contract:
|
||||
|
||||
- declare extension, authority, framework, runner, and normalizer metadata in
|
||||
`extension.json` when it is static;
|
||||
|
||||
Reference in New Issue
Block a user