Skip to content

docs(commercial): security layer v2 statuses#458

Merged
RaghavChamadiya merged 2 commits into
mainfrom
feat/security-mcp
Jun 12, 2026
Merged

docs(commercial): security layer v2 statuses#458
RaghavChamadiya merged 2 commits into
mainfrom
feat/security-mcp

Conversation

@RaghavChamadiya

@RaghavChamadiya RaghavChamadiya commented Jun 12, 2026

Copy link
Copy Markdown
Member

What

Documentation-only update to COMMERCIAL.md reflecting what is now live on the hosted platform:

  • Graph-aware security scanning: dev to GA on hosted (hotspot/centrality context on import sites, agent-facing get_security MCP tool and the get_risk security section).
  • Function-level reachability triage: planned to GA on hosted, with per-ecosystem coverage stated honestly (Go import-path-reliable; pypi/npm/cargo only when both the advisory and the code name symbols; others package-level).
  • SBOM row gains VEX export (CycloneDX 1.6, generated from current triage).
  • Compliance reporting (PCI-DSS 4.0 + SOC 2): planned to GA on hosted (Teams), framed as coverage signals, not an audit.
  • Slack / Teams alerting: rolling out to GA on hosted (Teams) as signed webhooks; section 5.2 prose updated to match.
  • Audit trail row gains the opt-in webhook stream; prose notes MCP reads by AI agents are audited too.

No code changes.

@RaghavChamadiya
fix(health): accept glob alias in health-rules and correct stale docs
8eba77a 
- config.py: accept "glob" (and keep "path_glob") as aliases for the
  canonical "path" key in .repowise/health-rules.json rules. Both doc
  examples showed "glob", which the parser silently ignored, so configs
  copied from the docs never applied; now they work, and the examples
  use the canonical key with the aliases documented. Test added.
- analysis/health/README.md: "twelve biomarkers" was stale; the registry
  holds 26, plus 3 additive governance findings.
- docs/architecture/code-health.md: add the 6 biomarker files missing
  from the layer file tree; drop the stale "no PR-mode delta in v1"
  non-goal (the change_risk package and repowise risk shipped).
- docs/CODE_HEALTH.md: hotspot health averages over files the git layer
  classifies as hotspots, not a fixed top-25% slice.

No behavior change other than the new key aliases.
@RaghavChamadiya
docs(commercial): security layer v2 statuses
5474763 
Graph-aware scanning, function-level reachability (per-ecosystem coverage), VEX export, PCI-DSS and SOC 2 compliance reporting, signed Slack-compatible security webhooks, and the audit-event stream are now live on the hosted platform; matrix rows and section 5 prose updated to match.
@repowise-bot

repowise-bot Bot commented Jun 12, 2026

Copy link
Copy Markdown

✅ Health: 7.6 (unchanged)
2 hotspots

⚠️ Change risk: moderate (riskier than 35% of this repo's commits · raw 7.7/10)
This change's risk is driven by:

  • large diff (many lines added)
  • scattered, high-entropy change
🔥 Hotspots touched (2)
  • .../health/config.py — 1 commits/90d, 5 dependents · primary owner: Raghav Chamadiya (100%)
  • .../health/test_health_config.py — 1 commits/90d, 0 dependents · primary owner: Raghav Chamadiya (100%)

📊 Full report · ⭐ Star Repowise · 📥 Install bot · Last updated 2026-06-12 04:19 UTC
Silence on a single PR with [skip repowise] in the title · Per-repo toggle on repowise.dev/settings?tab=bot

@RaghavChamadiya RaghavChamadiya mentioned this pull request Jun 12, 2026
Merged
@RaghavChamadiya RaghavChamadiya merged commit 0f07acd into main Jun 12, 2026
5 checks passed
@RaghavChamadiya RaghavChamadiya mentioned this pull request Jun 12, 2026
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@swati510 swati510 swati510 approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@RaghavChamadiya @swati510