Skip to content

fix(compliance-cli): require earned checks for a conformance medal#62

Open
ucekmez wants to merge 1 commit into
mainfrom
fix/conformance-label-counts-skips
Open

fix(compliance-cli): require earned checks for a conformance medal#62
ucekmez wants to merge 1 commit into
mainfrom
fix/conformance-label-counts-skips

Conversation

@ucekmez

@ucekmez ucekmez commented Jun 21, 2026

Copy link
Copy Markdown
Contributor

Summary

Audit finding (conformance vertical): the compliance-CLI "trophy" label was
awarded whenever failed === 0, so a run with zero passing checks or one
where every check skipped still printed 🏆 Full EEP Compliant. A
near-empty run could claim conformance it never actually verified.

Change

conformanceLabel / conformance_label now award a medal only when the run
earned it — no failures, ≥1 passing check, and zero skipped checks:

  • failures → ❌ Not EEP Compliant (N failures) (unchanged)
  • no checks ran / all skipped → ❌ Not EEP Compliant (no checks verified)
  • skips but no failures → ⚠️ <Level> EEP: incomplete (N skipped, M passed)
  • fully passing → the 🥉/🥈/🏆 medal as before

Identical semantics in the TypeScript and Python CLIs. Exit codes are
intentionally unchanged (still keyed on failed > 0) to avoid breaking
existing CI pipelines; this PR only stops the label from overstating.

Tests

  • TS: 56 passed (added empty-run, all-skipped, partial-skip, unknown-level).
  • Python: 22 passed (parity cases mirror the TS suite).

Part of the EEP vertical-audit follow-up (Wave 1). No wire-format or schema
change; descriptive label only.

🤖 Generated with Claude Code

@ucekmez @claude
fix(compliance-cli): require earned checks for a conformance medal
3aa642e 
The conformance label was awarded whenever `failed === 0`, so a run with
zero passing checks or only skipped checks still printed "Full EEP
Compliant" — a near-empty run could claim conformance it never verified.

Now a medal requires no failures, at least one passing check, and zero
skipped checks. Runs with skips (but no failures) report
"<Level> EEP: incomplete (N skipped, M passed)"; runs that verified
nothing report "Not EEP Compliant (no checks verified)". Behavior is
identical across the TypeScript and Python CLIs. Exit codes are
unchanged (still keyed on failures) to avoid breaking existing CI.

Signed-off-by: Ugur Cekmez <ucekmez@gmail.com>
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@ucekmez