Add ReviewMark integration and file review infrastructure

.config/dotnet-tools.json

@@ -43,6 +43,12 @@
       "commands": [
         "buildmark"
       ]
+    },
+    "demaconsulting.reviewmark": {
+      "version": "0.1.0-rc.3",
+      "commands": [
+        "reviewmark"
+      ]
     }
   }
 }

.cspell.json

@@ -45,6 +45,8 @@
     "Qube",
     "reqstream",
     "ReqStream",
+    "reviewmark",
+    "ReviewMark",
     "Sarif",
     "SarifMark",
     "SBOM",

.github/agents/code-review-agent.md

@@ -0,0 +1,72 @@
+---
+name: Code Review Agent
+description: Assists in performing formal file reviews - knows how to elaborate review-sets and perform structured review checks
+---
+
+# Code Review Agent - VersionMark
+
+Perform formal file reviews for a named review-set, producing a structured findings report.
+
+## When to Invoke This Agent
+
+Invoke the code-review-agent for:
+
+- Performing a formal review of a named review-set
+- Producing review evidence for the Continuous Compliance pipeline
+- Checking files against the structured review checklist
+
+## How to Run This Agent
+
+When invoked, the agent will be told which review-set is being reviewed. For example:
+
+```text
+Review the "VersionMark-CLI-Review" review-set.
+```
+
+## Responsibilities
+
+### Step 1: Elaborate the Review-Set
+
+Run the following command to get the list of files in the review-set:
+
+```bash
+dotnet reviewmark --elaborate [review-set-id]
+```
+
+For example:
+
+```bash
+dotnet reviewmark --elaborate VersionMark-CLI-Review
+```
+
+This will output the list of files covered by the review-set, along with their fingerprints
+and current review status (current, stale, or missing).
+
+### Step 2: Review Each File
+
+For each file in the review-set, apply the checks from the standard review template at
+[review-template.md](https://github.com/demaconsulting/ContinuousCompliance/blob/main/docs/review-template/review-template.md).
+Determine which checklist sections apply based on the type of file (requirements, documentation,
+source code, tests).
+
+### Step 3: Generate Report
+
+Write an `AGENT_REPORT_review-[review-set-id].md` file in the repository root with the
+structured findings. This file is excluded from git and linting via `.gitignore`.
+
+## Report Format
+
+The generated `AGENT_REPORT_review-[review-set-id].md` must include:
+
+1. **Review Header**: Project, Review ID, review date, files under review
+2. **Checklist Results**: Each applicable section with Pass/Fail/N/A for every check
+3. **Summary of Findings**: Any checks recorded as Fail, and notable observations
+4. **Overall Outcome**: Pass or Fail with justification
+
+## Don't
+
+- Make any changes to source files, tests, or documentation during a review — record all
+  findings in the report only
+- Skip applicable checklist sections
+- Record findings without an overall outcome
+- Commit the `AGENT_REPORT_*.md` file (it is excluded from git via `.gitignore`)

.github/workflows/build.yaml

@@ -412,7 +412,7 @@ jobs:
           echo "Capturing tool versions..."
           versionmark --capture --job-id "build-docs" \
             --output "artifacts/versionmark-build-docs.json" -- \
-            dotnet git node npm pandoc weasyprint sarifmark sonarmark reqstream buildmark
+            dotnet git node npm pandoc weasyprint sarifmark sonarmark reqstream buildmark reviewmark
           echo "✓ Tool versions captured"
 
       # === CAPTURE OTS SELF-VALIDATION RESULTS ===
@@ -434,6 +434,9 @@ jobs:
       - name: Run SonarMark self-validation
         run: dotnet sonarmark --validate --results artifacts/sonarmark-self-validation.trx
 
+      - name: Run ReviewMark self-validation
+        run: dotnet reviewmark --validate --results artifacts/reviewmark-self-validation.trx
+
       # === GENERATE MARKDOWN REPORTS ===
       # This section generates all markdown reports from various tools and sources.
       # Downstream projects: Add any additional markdown report generation steps here.
@@ -481,6 +484,28 @@ jobs:
           echo "=== SonarCloud Quality Report ==="
           cat docs/quality/sonar-quality.md
 
+      - name: Generate Review Plan and Review Report with ReviewMark
+        shell: bash
+        run: >
+          dotnet reviewmark
+          --definition .reviewmark.yaml
+          --plan docs/reviewplan/review-plan.md
+          --plan-depth 1
+          --report docs/reviewreport/review-report.md
+          --report-depth 1
+
+      - name: Display Review Plan
+        shell: bash
+        run: |
+          echo "=== Review Plan ==="
+          cat docs/reviewplan/review-plan.md
+
+      - name: Display Review Report
+        shell: bash
+        run: |
+          echo "=== Review Report ==="
+          cat docs/reviewreport/review-report.md
+
       - name: Generate Build Notes with BuildMark
         shell: bash
         env:
@@ -621,6 +646,40 @@ jobs:
           docs/tracematrix/tracematrix.html
           "docs/VersionMark Trace Matrix.pdf"
 
+      - name: Generate Review Plan HTML with Pandoc
+        shell: bash
+        run: >
+          dotnet pandoc
+          --defaults docs/reviewplan/definition.yaml
+          --filter node_modules/.bin/mermaid-filter.cmd
+          --metadata version="${{ inputs.version }}"
+          --metadata date="$(date +'%Y-%m-%d')"
+          --output docs/reviewplan/review-plan.html
+
+      - name: Generate Review Plan PDF with Weasyprint
+        run: >
+          dotnet weasyprint
+          --pdf-variant pdf/a-3u
+          docs/reviewplan/review-plan.html
+          "docs/VersionMark Review Plan.pdf"
+
+      - name: Generate Review Report HTML with Pandoc
+        shell: bash
+        run: >
+          dotnet pandoc
+          --defaults docs/reviewreport/definition.yaml
+          --filter node_modules/.bin/mermaid-filter.cmd
+          --metadata version="${{ inputs.version }}"
+          --metadata date="$(date +'%Y-%m-%d')"
+          --output docs/reviewreport/review-report.html
+
+      - name: Generate Review Report PDF with Weasyprint
+        run: >
+          dotnet weasyprint
+          --pdf-variant pdf/a-3u
+          docs/reviewreport/review-report.html
+          "docs/VersionMark Review Report.pdf"
+
       # === UPLOAD ARTIFACTS ===
       # This section uploads all generated documentation artifacts.
       # Downstream projects: Add any additional artifact uploads here.

.gitignore

@@ -95,6 +95,8 @@ docs/justifications/justifications.md
 docs/tracematrix/tracematrix.md
 docs/quality/codeql-quality.md
 docs/quality/sonar-quality.md
+docs/reviewplan/review-plan.md
+docs/reviewreport/review-report.md
 docs/buildnotes.md
 docs/buildnotes/versions.md
 

.reviewmark.yaml

@@ -0,0 +1,46 @@
+---
+# ReviewMark Configuration File
+# This file defines which files require review, where the evidence store is located,
+# and how files are grouped into named review-sets.
+
+# Patterns identifying all files that require review.
+# Processed in order; prefix a pattern with '!' to exclude.
+needs-review:
+  - "**/*.cs"
+  - "!**/obj/**"
+
+# Evidence source: review data and index.json are located in the 'reviews' branch
+# of this repository, accessed through the GitHub public HTTPS raw content access.
+evidence-source:
+  type: url
+  location: https://raw.githubusercontent.com/demaconsulting/VersionMark/reviews/index.json
+
+# Review sets grouping files by logical unit of review.
+reviews:
+  - id: VersionMark-CLI-Review
+    title: Review of VersionMark CLI
+    paths:
+      - "src/**/Program.cs"
+      - "src/**/Context.cs"
+      - "test/**/ProgramTests.cs"
+      - "test/**/ContextTests.cs"
+
+  - id: VersionMark-Utilities-Review
+    title: Review of VersionMark Utilities
+    paths:
+      - "src/**/PathHelpers.cs"
+      - "src/**/Validation.cs"
+      - "src/**/MarkdownFormatter.cs"
+      - "src/**/VersionInfo.cs"
+      - "src/**/VersionMarkConfig.cs"
+      - "test/**/PathHelpersTests.cs"
+      - "test/**/MarkdownFormatterTests.cs"
+      - "test/**/VersionInfoTests.cs"
+      - "test/**/VersionMarkConfigTests.cs"
+
+  - id: VersionMark-Tests-Review
+    title: Review of VersionMark Integration Tests
+    paths:
+      - "test/**/IntegrationTests.cs"
+      - "test/**/Runner.cs"
+      - "test/**/AssemblyInfo.cs"

.versionmark.yaml

@@ -6,17 +6,17 @@ tools:
   # .NET SDK
   dotnet:
     command: dotnet --version
-    regex: '(?<version>\d+\.\d+\.\d+)'
+    regex: '(?<version>\d+\.\d+\.\d+(?:\.\d+)?(?:-[a-zA-Z0-9.]+)?)'
 
   # Git
   git:
     command: git --version
-    regex: 'git version (?<version>\d+\.\d+\.\d+)'
+    regex: '(?i)git version (?<version>\d+\.\d+\.\d+)'
 
   # Node.js
   node:
     command: node --version
-    regex: 'v(?<version>\d+\.\d+\.\d+)'
+    regex: '(?i)v(?<version>\d+\.\d+\.\d+)'
 
   # npm
   npm:
@@ -26,34 +26,39 @@ tools:
   # SonarScanner for .NET (from dotnet tool list)
   dotnet-sonarscanner:
     command: dotnet tool list
-    regex: 'dotnet-sonarscanner\s+(?<version>\d+\.\d+\.\d+)'
+    regex: '(?i)dotnet-sonarscanner\s+(?<version>\d+\.\d+\.\d+(?:-[a-zA-Z0-9.]+)?)'
 
   # Pandoc (DemaConsulting.PandocTool from dotnet tool list)
   pandoc:
     command: dotnet tool list
-    regex: 'demaconsulting\.pandoctool\s+(?<version>\d+\.\d+\.\d+)'
+    regex: '(?i)demaconsulting\.pandoctool\s+(?<version>\d+\.\d+\.\d+(?:-[a-zA-Z0-9.]+)?)'
 
   # WeasyPrint (DemaConsulting.WeasyPrintTool from dotnet tool list)
   weasyprint:
     command: dotnet tool list
-    regex: 'demaconsulting\.weasyprinttool\s+(?<version>\d+\.\d+\.\d+)'
+    regex: '(?i)demaconsulting\.weasyprinttool\s+(?<version>\d+\.\d+\.\d+(?:-[a-zA-Z0-9.]+)?)'
 
   # SarifMark (DemaConsulting.SarifMark from dotnet tool list)
   sarifmark:
     command: dotnet tool list
-    regex: 'demaconsulting\.sarifmark\s+(?<version>\d+\.\d+\.\d+)'
+    regex: '(?i)demaconsulting\.sarifmark\s+(?<version>\d+\.\d+\.\d+(?:-[a-zA-Z0-9.]+)?)'
 
   # SonarMark (DemaConsulting.SonarMark from dotnet tool list)
   sonarmark:
     command: dotnet tool list
-    regex: 'demaconsulting\.sonarmark\s+(?<version>\d+\.\d+\.\d+)'
+    regex: '(?i)demaconsulting\.sonarmark\s+(?<version>\d+\.\d+\.\d+(?:-[a-zA-Z0-9.]+)?)'
 
   # ReqStream (DemaConsulting.ReqStream from dotnet tool list)
   reqstream:
     command: dotnet tool list
-    regex: 'demaconsulting\.reqstream\s+(?<version>\d+\.\d+\.\d+)'
+    regex: '(?i)demaconsulting\.reqstream\s+(?<version>\d+\.\d+\.\d+(?:-[a-zA-Z0-9.]+)?)'
 
   # BuildMark (DemaConsulting.BuildMark from dotnet tool list)
   buildmark:
     command: dotnet tool list
-    regex: 'demaconsulting\.buildmark\s+(?<version>\d+\.\d+\.\d+)'
+    regex: '(?i)demaconsulting\.buildmark\s+(?<version>\d+\.\d+\.\d+(?:-[a-zA-Z0-9.]+)?)'
+
+  # ReviewMark (DemaConsulting.ReviewMark from dotnet tool list)
+  reviewmark:
+    command: dotnet tool list
+    regex: '(?i)demaconsulting\.reviewmark\s+(?<version>\d+\.\d+\.\d+(?:-[a-zA-Z0-9.]+)?)'

AGENTS.md

@@ -10,6 +10,7 @@ publishing tool version information across CI/CD environments.
 - **Software Developer** - Writes production code and self-validation tests in literate style
 - **Test Developer** - Creates unit and integration tests following AAA pattern
 - **Code Quality Agent** - Enforces linting, static analysis, and security standards
+- **Code Review Agent** - Assists in performing formal file reviews
 - **Repo Consistency Agent** - Ensures downstream repositories remain consistent with template patterns
 
 ## Agent Selection Guide
@@ -22,6 +23,7 @@ publishing tool version information across CI/CD environments.
 - Add or update requirements → **Requirements Agent**
 - Ensure test coverage linkage in `requirements.yaml` → **Requirements Agent**
 - Run security scanning or address CodeQL alerts → **Code Quality Agent**
+- Perform a formal file review → **Code Review Agent**
 - Propagate template changes → **Repo Consistency Agent**
 
 ## Tech Stack

docs/reviewplan/definition.yaml

@@ -0,0 +1,11 @@
+---
+resource-path:
+  - docs/reviewplan
+  - docs/template
+input-files:
+  - docs/reviewplan/title.txt
+  - docs/reviewplan/introduction.md
+  - docs/reviewplan/review-plan.md
+template: template.html
+table-of-contents: true
+number-sections: true

docs/reviewplan/introduction.md

@@ -0,0 +1,31 @@
+# Introduction
+
+This document contains the review plan for the VersionMark project.
+
+## Purpose
+
+This review plan provides a comprehensive overview of all files requiring formal review
+in the VersionMark project. It identifies which review-sets cover which files and serves
+as evidence that every file requiring review is covered by at least one named review-set.
+
+## Scope
+
+This review plan covers:
+
+- C# source code files requiring formal review
+- Mapping of C# source files to named review-sets
+
+## Generation Source
+
+This plan is automatically generated by the ReviewMark tool, analyzing the
+`.reviewmark.yaml` configuration and the review evidence store. It serves as evidence
+that every file requiring review is covered by a current, valid review.
+
+## Audience
+
+This document is intended for:
+
+- Software developers working on VersionMark
+- Quality assurance teams validating review coverage
+- Project stakeholders reviewing compliance status
+- Auditors verifying that all required files have been reviewed

docs/reviewplan/title.txt

@@ -0,0 +1,13 @@
+---
+title: VersionMark Review Plan
+subtitle: File Review Plan for VersionMark
+author: DEMA Consulting
+description: File Review Plan for VersionMark
+lang: en-US
+keywords:
+  - VersionMark
+  - Review Plan
+  - File Reviews
+  - .NET
+  - Tool
+---

docs/reviewreport/definition.yaml

@@ -0,0 +1,11 @@
+---
+resource-path:
+  - docs/reviewreport
+  - docs/template
+input-files:
+  - docs/reviewreport/title.txt
+  - docs/reviewreport/introduction.md
+  - docs/reviewreport/review-report.md
+template: template.html
+table-of-contents: true
+number-sections: true