Skip to content

feat: add supply chain policies, semantic review, and AI change risk#8

Merged
alxxjohn merged 3 commits into
mainfrom
new-features
Jun 17, 2026
Merged

feat: add supply chain policies, semantic review, and AI change risk#8
alxxjohn merged 3 commits into
mainfrom
new-features

Conversation

@alxxjohn

Copy link
Copy Markdown
Contributor

Summary

This PR expands CodeGuard’s review surface in three areas:

  • adds a new supply_chain check family for lockfile, pinning, and license-policy enforcement
  • adds command-backed semantic AI review with framework-aware request enrichment
  • adds AI change-risk artifacts and findings to highlight higher-risk AI-shaped changes

What Changed

  • introduced supply_chain checks, artifacts, config, rule catalog entries, and tests
  • added semantic review support for contract drift, error-message mismatch, test coverage, and test adequacy
  • enriched semantic requests with framework/context hints for Express, React, and Next.js
  • added change_risk artifacts plus quality.ai.change-risk
  • surfaced semantic runtime failures as quality.ai.semantic-runtime instead of failing silently
  • restored documented snake_case YAML config support across config load/write paths
  • updated docs and examples to match current semantic runtime behavior and config schema

Validation

  • ran targeted semantic and config regression tests
  • ran full make ci
  • verified repo self-scan includes Supply Chain and passes with the updated snake_case config

Notes

  • semantic review can use a command-backed provider config or fall back to CODEGUARD_SEMANTIC_COMMAND
  • when semantic review is enabled but misconfigured or broken, CodeGuard now emits an explicit fail-level runtime finding

@alxxjohn alxxjohn merged commit 3ae9728 into main Jun 17, 2026
13 checks passed
alxxjohn added a commit that referenced this pull request Jun 17, 2026
🤖 I have created a release *beep* *boop*
---


##
[0.3.0](v0.2.0...v0.3.0)
(2026-06-17)


### Features

* add supply chain policies, semantic review, and AI change risk
([9b2dc1f](9b2dc1f))
* add supply chain policies, semantic review, and AI change risk
([#8](#8))
([3ae9728](3ae9728))

---
This PR was generated with [Release
Please](https://github.com/googleapis/release-please). See
[documentation](https://github.com/googleapis/release-please#release-please).
@alxxjohn alxxjohn deleted the new-features branch June 18, 2026 00:08
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant