Skip to content

fix(ci): PYTHONPATH for tests + Mermaid diagrams and security guardrails on all skills#6

Merged
msaad00 merged 2 commits intomainfrom
fix/ci-and-skill-enhancements
Apr 9, 2026
Merged

fix(ci): PYTHONPATH for tests + Mermaid diagrams and security guardrails on all skills#6
msaad00 merged 2 commits intomainfrom
fix/ci-and-skill-enhancements

Conversation

@msaad00
Copy link
Copy Markdown
Owner

@msaad00 msaad00 commented Apr 9, 2026

Summary

CI fix

  • PYTHONPATH=src + --override-ini="testpaths=tests" for skill-level pytest
  • Fixes ModuleNotFoundError: No module named 'src' that was failing test-iam-departures

SKILL.md enhancements (all 5 skills)

Mermaid diagrams replacing ASCII art (renders natively on GitHub):

  • AWS CIS: IAM/S3/CloudTrail/VPC -> checks.py -> JSON/Console/SARIF
  • GCP CIS: IAM/Storage/Logging/Network/Vertex AI -> checks.py
  • Azure CIS: Entra ID/Storage/Monitor/NSG/AI Foundry -> checks.py
  • IAM departures: HR -> Reconciler -> S3 -> EventBridge -> Step Function -> Audit
  • Vuln remediation: Scan -> S3 -> Triage (P0-P3 SLAs) -> Patcher -> Audit

Security Guardrails section added to every skill:

  • CSPM skills: read-only, no data exfiltration, idempotent, safe for production
  • IAM departures: deny policies on protected accounts, grace period, rehire safety, VPC isolation, encryption, dual audit
  • Vuln remediation: PR-first for P1/P2, 24h rollback window, protected packages allowlist, VEX support, reversible quarantine

Test plan

  • ruff check and ruff format pass locally
  • CI should now pass: lint + test-iam-departures + cfn-lint + terraform validate + security scan

msaad00 added 2 commits April 8, 2026 20:07
@msaad00
fix(ci): PYTHONPATH for tests + enhance all SKILL.md with Mermaid and…
0e40b06 
… guardrails

CI fix:
- Set PYTHONPATH=src and override-ini testpaths for skill-level pytest
- Fixes ModuleNotFoundError: No module named 'src' in CI

SKILL.md enhancements (all 5 skills):
- Replaced ASCII architecture diagrams with Mermaid flowcharts
  (renders natively on GitHub with dark theme support)
- Added Security Guardrails section to every skill:
  - CSPM skills: read-only permissions, no data exfiltration, idempotent
  - IAM departures: deny policies on protected accounts, grace period,
    rehire safety, VPC isolation, dual audit trail
  - Vuln remediation: PR-first for P1/P2, rollback window, protected
    packages allowlist, VEX support, reversible quarantine
- Mermaid diagrams show data flow, security boundaries, and decision
  points with color-coded subgraphs
@msaad00
fix(ci): fix test import path + run stable test subset (parser + worker)
08edc20
@msaad00 msaad00 merged commit 7bfa780 into main Apr 9, 2026
5 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@andres-linero andres-linero andres-linero approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@msaad00 @andres-linero