From 75b656192d0c0450dd62eff13a58e3c85ca82faa Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Fri, 13 Mar 2026 21:50:09 +0000 Subject: [PATCH 1/6] Initial plan From 6ab5027890313b0c6a5f35091c2d64f52d372cc1 Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Fri, 13 Mar 2026 21:57:30 +0000 Subject: [PATCH 2/6] feat: add ReviewMark integration and recent template updates Co-authored-by: Malcolmnixon <1863707+Malcolmnixon@users.noreply.github.com> --- .config/dotnet-tools.json | 6 +++ .cspell.json | 2 + .github/agents/code-review-agent.md | 72 +++++++++++++++++++++++++++++ .github/workflows/build.yaml | 61 +++++++++++++++++++++++- .gitignore | 2 + .reviewmark.yaml | 48 +++++++++++++++++++ .versionmark.yaml | 30 ++++++++---- AGENTS.md | 2 + docs/reviewplan/definition.yaml | 11 +++++ docs/reviewplan/introduction.md | 31 +++++++++++++ docs/reviewplan/title.txt | 13 ++++++ docs/reviewreport/definition.yaml | 11 +++++ docs/reviewreport/introduction.md | 32 +++++++++++++ docs/reviewreport/title.txt | 13 ++++++ requirements.yaml | 13 ++++++ 15 files changed, 336 insertions(+), 11 deletions(-) create mode 100644 .github/agents/code-review-agent.md create mode 100644 .reviewmark.yaml create mode 100644 docs/reviewplan/definition.yaml create mode 100644 docs/reviewplan/introduction.md create mode 100644 docs/reviewplan/title.txt create mode 100644 docs/reviewreport/definition.yaml create mode 100644 docs/reviewreport/introduction.md create mode 100644 docs/reviewreport/title.txt diff --git a/.config/dotnet-tools.json b/.config/dotnet-tools.json index 1f83a5e..dbc693e 100644 --- a/.config/dotnet-tools.json +++ b/.config/dotnet-tools.json @@ -43,6 +43,12 @@ "commands": [ "buildmark" ] + }, + "demaconsulting.reviewmark": { + "version": "0.1.0-rc.3", + "commands": [ + "reviewmark" + ] } } } \ No newline at end of file diff --git a/.cspell.json b/.cspell.json index 841ef80..2323c45 100644 --- a/.cspell.json +++ b/.cspell.json @@ -45,6 +45,8 @@ "Qube", "reqstream", "ReqStream", + "reviewmark", + "ReviewMark", "Sarif", "SarifMark", "SBOM", diff --git a/.github/agents/code-review-agent.md b/.github/agents/code-review-agent.md new file mode 100644 index 0000000..297d64f --- /dev/null +++ b/.github/agents/code-review-agent.md @@ -0,0 +1,72 @@ +--- +name: Code Review Agent +description: Assists in performing formal file reviews - knows how to elaborate review-sets and perform structured review checks +--- + +# Code Review Agent - VersionMark + +Perform formal file reviews for a named review-set, producing a structured findings report. + +## When to Invoke This Agent + +Invoke the code-review-agent for: + +- Performing a formal review of a named review-set +- Producing review evidence for the Continuous Compliance pipeline +- Checking files against the structured review checklist + +## How to Run This Agent + +When invoked, the agent will be told which review-set is being reviewed. For example: + +```text +Review the "VersionMark-CLI-Review" review-set. +``` + +## Responsibilities + +### Step 1: Elaborate the Review-Set + +Run the following command to get the list of files in the review-set: + +```bash +dotnet reviewmark --elaborate [review-set-id] +``` + +For example: + +```bash +dotnet reviewmark --elaborate VersionMark-CLI-Review +``` + +This will output the list of files covered by the review-set, along with their fingerprints +and current review status (current, stale, or missing). + +### Step 2: Review Each File + +For each file in the review-set, apply the checks from the standard review template at +[review-template.md](https://github.com/demaconsulting/ContinuousCompliance/blob/main/docs/review-template/review-template.md). +Determine which checklist sections apply based on the type of file (requirements, documentation, +source code, tests). + +### Step 3: Generate Report + +Write an `AGENT_REPORT_review-[review-set-id].md` file in the repository root with the +structured findings. This file is excluded from git and linting via `.gitignore`. + +## Report Format + +The generated `AGENT_REPORT_review-[review-set-id].md` must include: + +1. **Review Header**: Project, Review ID, review date, files under review +2. **Checklist Results**: Each applicable section with Pass/Fail/N/A for every check +3. **Summary of Findings**: Any checks recorded as Fail, and notable observations +4. **Overall Outcome**: Pass or Fail with justification + +## Don't + +- Make any changes to source files, tests, or documentation during a review — record all + findings in the report only +- Skip applicable checklist sections +- Record findings without an overall outcome +- Commit the `AGENT_REPORT_*.md` file (it is excluded from git via `.gitignore`) diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml index 8ecc2e0..da3b76e 100644 --- a/.github/workflows/build.yaml +++ b/.github/workflows/build.yaml @@ -412,7 +412,7 @@ jobs: echo "Capturing tool versions..." versionmark --capture --job-id "build-docs" \ --output "artifacts/versionmark-build-docs.json" -- \ - dotnet git node npm pandoc weasyprint sarifmark sonarmark reqstream buildmark + dotnet git node npm pandoc weasyprint sarifmark sonarmark reqstream buildmark versionmark reviewmark echo "✓ Tool versions captured" # === CAPTURE OTS SELF-VALIDATION RESULTS === @@ -434,6 +434,9 @@ jobs: - name: Run SonarMark self-validation run: dotnet sonarmark --validate --results artifacts/sonarmark-self-validation.trx + - name: Run ReviewMark self-validation + run: dotnet reviewmark --validate --results artifacts/reviewmark-self-validation.trx + # === GENERATE MARKDOWN REPORTS === # This section generates all markdown reports from various tools and sources. # Downstream projects: Add any additional markdown report generation steps here. @@ -481,6 +484,28 @@ jobs: echo "=== SonarCloud Quality Report ===" cat docs/quality/sonar-quality.md + - name: Generate Review Plan and Review Report with ReviewMark + shell: bash + run: > + dotnet reviewmark + --definition .reviewmark.yaml + --plan docs/reviewplan/review-plan.md + --plan-depth 1 + --report docs/reviewreport/review-report.md + --report-depth 1 + + - name: Display Review Plan + shell: bash + run: | + echo "=== Review Plan ===" + cat docs/reviewplan/review-plan.md + + - name: Display Review Report + shell: bash + run: | + echo "=== Review Report ===" + cat docs/reviewreport/review-report.md + - name: Generate Build Notes with BuildMark shell: bash env: @@ -621,6 +646,40 @@ jobs: docs/tracematrix/tracematrix.html "docs/VersionMark Trace Matrix.pdf" + - name: Generate Review Plan HTML with Pandoc + shell: bash + run: > + dotnet pandoc + --defaults docs/reviewplan/definition.yaml + --filter node_modules/.bin/mermaid-filter.cmd + --metadata version="${{ inputs.version }}" + --metadata date="$(date +'%Y-%m-%d')" + --output docs/reviewplan/review-plan.html + + - name: Generate Review Plan PDF with Weasyprint + run: > + dotnet weasyprint + --pdf-variant pdf/a-3u + docs/reviewplan/review-plan.html + "docs/VersionMark Review Plan.pdf" + + - name: Generate Review Report HTML with Pandoc + shell: bash + run: > + dotnet pandoc + --defaults docs/reviewreport/definition.yaml + --filter node_modules/.bin/mermaid-filter.cmd + --metadata version="${{ inputs.version }}" + --metadata date="$(date +'%Y-%m-%d')" + --output docs/reviewreport/review-report.html + + - name: Generate Review Report PDF with Weasyprint + run: > + dotnet weasyprint + --pdf-variant pdf/a-3u + docs/reviewreport/review-report.html + "docs/VersionMark Review Report.pdf" + # === UPLOAD ARTIFACTS === # This section uploads all generated documentation artifacts. # Downstream projects: Add any additional artifact uploads here. diff --git a/.gitignore b/.gitignore index 2367211..c3ccea8 100644 --- a/.gitignore +++ b/.gitignore @@ -95,6 +95,8 @@ docs/justifications/justifications.md docs/tracematrix/tracematrix.md docs/quality/codeql-quality.md docs/quality/sonar-quality.md +docs/reviewplan/review-plan.md +docs/reviewreport/review-report.md docs/buildnotes.md docs/buildnotes/versions.md diff --git a/.reviewmark.yaml b/.reviewmark.yaml new file mode 100644 index 0000000..732fa20 --- /dev/null +++ b/.reviewmark.yaml @@ -0,0 +1,48 @@ +--- +# ReviewMark Configuration File +# This file defines which files require review, where the evidence store is located, +# and how files are grouped into named review-sets. + +# Patterns identifying all files that require review. +# Processed in order; prefix a pattern with '!' to exclude. +needs-review: + - "**/*.cs" + - "!**/obj/**" + +# Evidence source: review data and index.json are located in the 'reviews' branch +# of this repository, accessed through the GitHub public HTTPS raw content access. +# Note: The 'reviews' branch must be created and populated with review evidence PDFs +# and an index.json before enforcement (--enforce flag) can be enabled in the pipeline. +evidence-source: + type: url + location: https://raw.githubusercontent.com/demaconsulting/VersionMark/reviews/index.json + +# Review sets grouping files by logical unit of review. +reviews: + - id: VersionMark-CLI-Review + title: Review of VersionMark CLI + paths: + - "src/**/Program.cs" + - "src/**/Context.cs" + - "test/**/ProgramTests.cs" + - "test/**/ContextTests.cs" + + - id: VersionMark-Utilities-Review + title: Review of VersionMark Utilities + paths: + - "src/**/PathHelpers.cs" + - "src/**/Validation.cs" + - "src/**/MarkdownFormatter.cs" + - "src/**/VersionInfo.cs" + - "src/**/VersionMarkConfig.cs" + - "test/**/PathHelpersTests.cs" + - "test/**/MarkdownFormatterTests.cs" + - "test/**/VersionInfoTests.cs" + - "test/**/VersionMarkConfigTests.cs" + + - id: VersionMark-Tests-Review + title: Review of VersionMark Integration Tests + paths: + - "test/**/IntegrationTests.cs" + - "test/**/Runner.cs" + - "test/**/AssemblyInfo.cs" diff --git a/.versionmark.yaml b/.versionmark.yaml index b7b3acc..6fa4e84 100644 --- a/.versionmark.yaml +++ b/.versionmark.yaml @@ -6,17 +6,17 @@ tools: # .NET SDK dotnet: command: dotnet --version - regex: '(?\d+\.\d+\.\d+)' + regex: '(?\d+\.\d+\.\d+(?:\.\d+)?)' # Git git: command: git --version - regex: 'git version (?\d+\.\d+\.\d+)' + regex: '(?i)git version (?\d+\.\d+\.\d+)' # Node.js node: command: node --version - regex: 'v(?\d+\.\d+\.\d+)' + regex: '(?i)v(?\d+\.\d+\.\d+)' # npm npm: @@ -26,34 +26,44 @@ tools: # SonarScanner for .NET (from dotnet tool list) dotnet-sonarscanner: command: dotnet tool list - regex: 'dotnet-sonarscanner\s+(?\d+\.\d+\.\d+)' + regex: '(?i)dotnet-sonarscanner\s+(?\d+\.\d+\.\d+(?:-[a-zA-Z0-9.]+)?)' # Pandoc (DemaConsulting.PandocTool from dotnet tool list) pandoc: command: dotnet tool list - regex: 'demaconsulting\.pandoctool\s+(?\d+\.\d+\.\d+)' + regex: '(?i)demaconsulting\.pandoctool\s+(?\d+\.\d+\.\d+(?:-[a-zA-Z0-9.]+)?)' # WeasyPrint (DemaConsulting.WeasyPrintTool from dotnet tool list) weasyprint: command: dotnet tool list - regex: 'demaconsulting\.weasyprinttool\s+(?\d+\.\d+\.\d+)' + regex: '(?i)demaconsulting\.weasyprinttool\s+(?\d+\.\d+\.\d+(?:-[a-zA-Z0-9.]+)?)' # SarifMark (DemaConsulting.SarifMark from dotnet tool list) sarifmark: command: dotnet tool list - regex: 'demaconsulting\.sarifmark\s+(?\d+\.\d+\.\d+)' + regex: '(?i)demaconsulting\.sarifmark\s+(?\d+\.\d+\.\d+(?:-[a-zA-Z0-9.]+)?)' # SonarMark (DemaConsulting.SonarMark from dotnet tool list) sonarmark: command: dotnet tool list - regex: 'demaconsulting\.sonarmark\s+(?\d+\.\d+\.\d+)' + regex: '(?i)demaconsulting\.sonarmark\s+(?\d+\.\d+\.\d+(?:-[a-zA-Z0-9.]+)?)' # ReqStream (DemaConsulting.ReqStream from dotnet tool list) reqstream: command: dotnet tool list - regex: 'demaconsulting\.reqstream\s+(?\d+\.\d+\.\d+)' + regex: '(?i)demaconsulting\.reqstream\s+(?\d+\.\d+\.\d+(?:-[a-zA-Z0-9.]+)?)' # BuildMark (DemaConsulting.BuildMark from dotnet tool list) buildmark: command: dotnet tool list - regex: 'demaconsulting\.buildmark\s+(?\d+\.\d+\.\d+)' + regex: '(?i)demaconsulting\.buildmark\s+(?\d+\.\d+\.\d+(?:-[a-zA-Z0-9.]+)?)' + + # VersionMark (DemaConsulting.VersionMark from dotnet tool list) + versionmark: + command: dotnet tool list + regex: '(?i)demaconsulting\.versionmark\s+(?\d+\.\d+\.\d+(?:-[a-zA-Z0-9.]+)?)' + + # ReviewMark (DemaConsulting.ReviewMark from dotnet tool list) + reviewmark: + command: dotnet tool list + regex: '(?i)demaconsulting\.reviewmark\s+(?\d+\.\d+\.\d+(?:-[a-zA-Z0-9.]+)?)' diff --git a/AGENTS.md b/AGENTS.md index 20e9339..6a63e9c 100644 --- a/AGENTS.md +++ b/AGENTS.md @@ -10,6 +10,7 @@ publishing tool version information across CI/CD environments. - **Software Developer** - Writes production code and self-validation tests in literate style - **Test Developer** - Creates unit and integration tests following AAA pattern - **Code Quality Agent** - Enforces linting, static analysis, and security standards +- **Code Review Agent** - Assists in performing formal file reviews - **Repo Consistency Agent** - Ensures downstream repositories remain consistent with template patterns ## Agent Selection Guide @@ -22,6 +23,7 @@ publishing tool version information across CI/CD environments. - Add or update requirements → **Requirements Agent** - Ensure test coverage linkage in `requirements.yaml` → **Requirements Agent** - Run security scanning or address CodeQL alerts → **Code Quality Agent** +- Perform a formal file review → **Code Review Agent** - Propagate template changes → **Repo Consistency Agent** ## Tech Stack diff --git a/docs/reviewplan/definition.yaml b/docs/reviewplan/definition.yaml new file mode 100644 index 0000000..362a390 --- /dev/null +++ b/docs/reviewplan/definition.yaml @@ -0,0 +1,11 @@ +--- +resource-path: + - docs/reviewplan + - docs/template +input-files: + - docs/reviewplan/title.txt + - docs/reviewplan/introduction.md + - docs/reviewplan/review-plan.md +template: template.html +table-of-contents: true +number-sections: true diff --git a/docs/reviewplan/introduction.md b/docs/reviewplan/introduction.md new file mode 100644 index 0000000..d5f3321 --- /dev/null +++ b/docs/reviewplan/introduction.md @@ -0,0 +1,31 @@ +# Introduction + +This document contains the review plan for the VersionMark project. + +## Purpose + +This review plan provides a comprehensive overview of all files requiring formal review +in the VersionMark project. It identifies which review-sets cover which files and serves +as evidence that every file requiring review is covered by at least one named review-set. + +## Scope + +This review plan covers: + +- C# source code files requiring formal review +- Mapping of C# source files to named review-sets + +## Generation Source + +This plan is automatically generated by the ReviewMark tool, analyzing the +`.reviewmark.yaml` configuration and the review evidence store. It serves as evidence +that every file requiring review is covered by a current, valid review. + +## Audience + +This document is intended for: + +- Software developers working on VersionMark +- Quality assurance teams validating review coverage +- Project stakeholders reviewing compliance status +- Auditors verifying that all required files have been reviewed diff --git a/docs/reviewplan/title.txt b/docs/reviewplan/title.txt new file mode 100644 index 0000000..6a3332d --- /dev/null +++ b/docs/reviewplan/title.txt @@ -0,0 +1,13 @@ +--- +title: VersionMark Review Plan +subtitle: File Review Plan for VersionMark +author: DEMA Consulting +description: File Review Plan for VersionMark +lang: en-US +keywords: + - VersionMark + - Review Plan + - File Reviews + - .NET + - Tool +--- diff --git a/docs/reviewreport/definition.yaml b/docs/reviewreport/definition.yaml new file mode 100644 index 0000000..671c73e --- /dev/null +++ b/docs/reviewreport/definition.yaml @@ -0,0 +1,11 @@ +--- +resource-path: + - docs/reviewreport + - docs/template +input-files: + - docs/reviewreport/title.txt + - docs/reviewreport/introduction.md + - docs/reviewreport/review-report.md +template: template.html +table-of-contents: true +number-sections: true diff --git a/docs/reviewreport/introduction.md b/docs/reviewreport/introduction.md new file mode 100644 index 0000000..24408fe --- /dev/null +++ b/docs/reviewreport/introduction.md @@ -0,0 +1,32 @@ +# Introduction + +This document contains the review report for the VersionMark project. + +## Purpose + +This review report provides evidence that each review-set is current — the review +evidence matches the current file fingerprints. It confirms that all formal reviews +conducted for VersionMark remain valid for the current state of the reviewed files. + +## Scope + +This review report covers: + +- Current review-set status (current, stale, or missing) +- File fingerprints and review evidence matching +- Review coverage verification + +## Generation Source + +This report is automatically generated by the ReviewMark tool, comparing the current +file fingerprints against the review evidence store. It serves as evidence that all +review-sets are current and no reviewed file has changed since its review was conducted. + +## Audience + +This document is intended for: + +- Software developers working on VersionMark +- Quality assurance teams validating review currency +- Project stakeholders reviewing compliance status +- Auditors verifying that all reviews remain valid for the current release diff --git a/docs/reviewreport/title.txt b/docs/reviewreport/title.txt new file mode 100644 index 0000000..eb6a451 --- /dev/null +++ b/docs/reviewreport/title.txt @@ -0,0 +1,13 @@ +--- +title: VersionMark Review Report +subtitle: File Review Report for VersionMark +author: DEMA Consulting +description: File Review Report for VersionMark +lang: en-US +keywords: + - VersionMark + - Review Report + - File Reviews + - .NET + - Tool +--- diff --git a/requirements.yaml b/requirements.yaml index 2b9bad7..088cb9b 100644 --- a/requirements.yaml +++ b/requirements.yaml @@ -603,3 +603,16 @@ sections: - SonarMark_IssuesRetrieval - SonarMark_HotSpotsRetrieval - SonarMark_MarkdownReportGeneration + + - id: VersionMark-OTS-ReviewMark + title: ReviewMark shall generate a review plan and review report from the review configuration. + justification: | + DemaConsulting.ReviewMark reads the .reviewmark.yaml configuration and the + review evidence store to produce a review plan and review report documenting + file review coverage and currency. It runs in the same CI pipeline that + produces the TRX test results, so a successful pipeline run is evidence that + ReviewMark executed without error. + tags: [ots] + tests: + - ReviewMark_ReviewPlanGeneration + - ReviewMark_ReviewReportGeneration From cb2155810d72f330ea1bb957b323d76ff6be5770 Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Fri, 13 Mar 2026 22:12:28 +0000 Subject: [PATCH 3/6] chore: remove stale note about reviews branch from .reviewmark.yaml Co-authored-by: Malcolmnixon <1863707+Malcolmnixon@users.noreply.github.com> --- .reviewmark.yaml | 2 -- 1 file changed, 2 deletions(-) diff --git a/.reviewmark.yaml b/.reviewmark.yaml index 732fa20..af26e3e 100644 --- a/.reviewmark.yaml +++ b/.reviewmark.yaml @@ -11,8 +11,6 @@ needs-review: # Evidence source: review data and index.json are located in the 'reviews' branch # of this repository, accessed through the GitHub public HTTPS raw content access. -# Note: The 'reviews' branch must be created and populated with review evidence PDFs -# and an index.json before enforcement (--enforce flag) can be enabled in the pipeline. evidence-source: type: url location: https://raw.githubusercontent.com/demaconsulting/VersionMark/reviews/index.json From 9d91641c33c481bda86e94b891c34a76298ab20b Mon Sep 17 00:00:00 2001 From: Malcolm Nixon Date: Fri, 13 Mar 2026 18:20:59 -0400 Subject: [PATCH 4/6] Potential fix for pull request finding Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com> --- .versionmark.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.versionmark.yaml b/.versionmark.yaml index 6fa4e84..45c096b 100644 --- a/.versionmark.yaml +++ b/.versionmark.yaml @@ -6,7 +6,7 @@ tools: # .NET SDK dotnet: command: dotnet --version - regex: '(?\d+\.\d+\.\d+(?:\.\d+)?)' + regex: '(?\d+\.\d+\.\d+(?:\.\d+)?(?:-[a-zA-Z0-9.]+)?)' # Git git: From 26ee9912255d2b3ede04c8bf023ae56377512faf Mon Sep 17 00:00:00 2001 From: Malcolm Nixon Date: Fri, 13 Mar 2026 18:21:32 -0400 Subject: [PATCH 5/6] Potential fix for pull request finding Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com> --- .github/workflows/build.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml index da3b76e..7595e60 100644 --- a/.github/workflows/build.yaml +++ b/.github/workflows/build.yaml @@ -412,7 +412,7 @@ jobs: echo "Capturing tool versions..." versionmark --capture --job-id "build-docs" \ --output "artifacts/versionmark-build-docs.json" -- \ - dotnet git node npm pandoc weasyprint sarifmark sonarmark reqstream buildmark versionmark reviewmark + dotnet git node npm pandoc weasyprint sarifmark sonarmark reqstream buildmark reviewmark echo "✓ Tool versions captured" # === CAPTURE OTS SELF-VALIDATION RESULTS === From 902cd310317bf4b14897eae94f6416a4c309caa6 Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Fri, 13 Mar 2026 22:24:29 +0000 Subject: [PATCH 6/6] chore: remove versionmark from .versionmark.yaml tool capture list Co-authored-by: Malcolmnixon <1863707+Malcolmnixon@users.noreply.github.com> --- .versionmark.yaml | 5 ----- 1 file changed, 5 deletions(-) diff --git a/.versionmark.yaml b/.versionmark.yaml index 45c096b..7bbfd17 100644 --- a/.versionmark.yaml +++ b/.versionmark.yaml @@ -58,11 +58,6 @@ tools: command: dotnet tool list regex: '(?i)demaconsulting\.buildmark\s+(?\d+\.\d+\.\d+(?:-[a-zA-Z0-9.]+)?)' - # VersionMark (DemaConsulting.VersionMark from dotnet tool list) - versionmark: - command: dotnet tool list - regex: '(?i)demaconsulting\.versionmark\s+(?\d+\.\d+\.\d+(?:-[a-zA-Z0-9.]+)?)' - # ReviewMark (DemaConsulting.ReviewMark from dotnet tool list) reviewmark: command: dotnet tool list