Skip to content

feat: implement Fase 2 — new document types, validation engine, and compliance CI#27

Merged
montfort merged 1 commit into
mainfrom
feat/fase-2-new-types-and-validation
Mar 25, 2026
Merged

feat: implement Fase 2 — new document types, validation engine, and compliance CI#27
montfort merged 1 commit into
mainfrom
feat/fase-2-new-types-and-validation

Conversation

@montfort
Copy link
Copy Markdown
Contributor

@montfort montfort commented Mar 25, 2026

Summary

  • 4 new document types (SEC, MCARD, SBOM, DPIA) with bilingual templates (EN/ES), dedicated skills for Claude/Gemini/generic agents, and updated devtrail-new/devtrail-status for 12 types
  • devtrail validate [--fix] command with document parsing engine (document.rs), 13 validation rules (validation.rs), auto-fix support, and Lizard cyclomatic complexity integration (complexity.rs)
  • CI/CD compliance jobs (compliance-check, governance-metrics) in docs-validation.yml, plus related: reference validation and code-without-AILOG detection in pre-commit/PowerShell scripts
  • GitHub Actions upgraded v4 → v5 to resolve Node.js 20 deprecation warnings
  • Version bump: CLI 1.3.0 → 1.4.0, Framework 3.0.0 → 3.1.0

Test plan

  • 54 tests passing (19 unit + 35 integration)
  • All 13 validation rules tested (NAMING-001, META-001/002/003, CROSS-001/002/003, TYPE-001/002, REF-001, SEC-001, OBS-001)
  • --fix auto-correction tested (review_required enforcement)
  • New templates verified in dist/ (EN + ES, 8 files)
  • devtrail-new.sh verified for 12 types
  • cargo clippy clean (no new warnings)

🤖 Generated with Claude Code

@montfort @claude
feat: implement Fase 2 — new document types, validation engine, and c…
09d9a07 
…ompliance CI

Add 4 new document types (SEC, MCARD, SBOM, DPIA) with EN/ES templates,
dedicated skills for Claude/Gemini/generic agents, and a full `devtrail validate`
command with 13 validation rules, auto-fix support, and 54 passing tests.

Key changes:
- Templates: SEC (security assessment), MCARD (model card), SBOM (AI bill of
  materials), DPIA (data protection impact assessment) in EN and ES
- CLI: new `devtrail validate [--fix]` command with document parsing (document.rs),
  validation engine (validation.rs), and Lizard complexity integration (complexity.rs)
- Skills: devtrail-sec and devtrail-mcard skills (3 platforms each), updated
  devtrail-new and devtrail-status for 12 document types
- CI/CD: compliance-check and governance-metrics jobs in docs-validation.yml,
  related-ref validation and code-without-AILOG detection in pre-commit/PS1
- GitHub Actions upgraded from v4 to v5 (Node.js 20 → 24 compatibility)
- Version bump: CLI 1.3.0 → 1.4.0, Framework 3.0.0 → 3.1.0

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
@CLAassistant
Copy link
Copy Markdown

CLAassistant commented Mar 25, 2026
edited by cla-assistant Bot
Loading

CLA assistant check
All committers have signed the CLA.

@montfort montfort merged commit ac3e361 into main Mar 25, 2026
1 check was pending
@montfort montfort deleted the feat/fase-2-new-types-and-validation branch March 25, 2026 03:42
montfort added a commit that referenced this pull request Mar 27, 2026
@montfort @claude
feat: implement Fase 3 — compliance automation, metrics, and governan…
ea5e894 
…ce docs (#27)

Add `devtrail compliance` and `devtrail metrics` CLI commands, ISO 42001
governance documents, NIST AI RMF implementation guides, and OpenTelemetry
observability guide.

CLI (cli-2.0.0):
- New `devtrail compliance` command with EU AI Act, ISO 42001, and NIST AI
  RMF checkers, supporting text/markdown/json output
- New `devtrail metrics` command with period filtering, review compliance,
  risk distribution, agent activity, and trend analysis
- Compliance engine (compliance.rs) with 12 checks across 3 standards
- Metrics engine (metrics_engine.rs) with chrono-based date handling
- 16 new integration tests (9 compliance + 7 metrics)

Framework (fw-3.2.0):
- AI-RISK-CATALOG.md — risk registry mapped to NIST AI 600-1 + ISO 42001
- AI-LIFECYCLE-TRACKER.md — AI system lifecycle tracking (ISO 42001 A.6)
- AI-KPIS.md — governance KPIs aligned with ISO 42001 Clause 9
- MANAGEMENT-REVIEW-TEMPLATE.md — periodic reviews (ISO 42001 Clause 9.3)
- OBSERVABILITY-GUIDE.md — OpenTelemetry integration guide (10 sections)
- 5 NIST AI RMF guides (MAP, MEASURE, MANAGE, GOVERN, GenAI Risks 600-1)
- All documents available in EN + ES (20 new documents total)

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
montfort added a commit that referenced this pull request Mar 27, 2026
@montfort @claude
feat: implement Fase 4 — audit command, C4 Model guide, and ecosystem…
bd68265 
… docs (#27)

Add `devtrail audit` command with timeline, traceability map (BFS),
risk distribution, and compliance summary. Supports text, markdown,
json, and html (with SVG pie chart) output formats.

Framework additions: C4-DIAGRAM-GUIDE.md (EN+ES), api_changes/api_spec_path
fields in ADR/REQ templates, C4 and API tracking rules in AGENT-RULES.md.

Bump versions to fw-4.0.0 / cli-2.1.0. Add CHANGELOG.md covering all
4 phases. Update README, CLI-REFERENCE, and plan-implementacion.md.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@montfort @CLAassistant