feat(security): automate governance review and access controls
Some checks failed
CD Pipeline / deploy (push) Has been cancelled

This commit is contained in:
ogt
2026-07-10 18:49:32 +08:00
parent c62ec7b504
commit c839ac3eff
27 changed files with 1985 additions and 107 deletions

View File

@@ -0,0 +1,57 @@
#!/usr/bin/env python3
"""Report the machine-readable EwoooC security/governance review."""
from __future__ import annotations
import argparse
import json
import sys
from pathlib import Path
ROOT = Path(__file__).resolve().parents[2]
if str(ROOT) not in sys.path:
sys.path.insert(0, str(ROOT))
from services.security_governance_review_service import ( # noqa: E402
build_security_governance_review,
)
def _parser() -> argparse.ArgumentParser:
parser = argparse.ArgumentParser()
parser.add_argument("--root", type=Path, default=ROOT)
parser.add_argument("--detail-limit", type=int, default=30)
parser.add_argument("--compact", action="store_true")
parser.add_argument(
"--strict",
action="store_true",
help="Exit non-zero only for release-blocking source governance failures.",
)
return parser
def main(argv: list[str] | None = None) -> int:
args = _parser().parse_args(argv)
report = build_security_governance_review(
root=args.root,
detail_limit=args.detail_limit,
)
if args.compact:
output = {
"policy": report["policy"],
"status": report["status"],
"completion": report["completion"],
"release_gate": report["release_gate"],
"next_machine_action": report["next_machine_action"],
}
else:
output = report
print(json.dumps(output, ensure_ascii=False, indent=2, sort_keys=True))
if args.strict and report["release_gate"]["status"] != "pass":
return 1
return 0
if __name__ == "__main__":
raise SystemExit(main())