feat(report): add baseline, provenance, and runtime context#977
Merged
ben-ranford merged 12 commits intoJun 10, 2026
Merged
Conversation
Contributor
Feature flag enforcement
New feature flags in this PR
ResultPassed. This feature PR adds at least one new preview feature flag. |
Contributor
Memory BenchmarksThresholds: bytes/op <= +15.0%, allocs/op <= +10.0%
Result: memory benchmark gate passed. Approval: not required. |
Contributor
There was a problem hiding this comment.
Pull request overview
This PR expands Lopper’s report model so baseline snapshots/comparisons, policy provenance (merge trace), and richer runtime trace context are propagated through the CLI, dashboard/TUI, SARIF output, and documentation—addressing several feature gaps where downstream formatters previously only represented the current-run view.
Changes:
- Add baseline snapshot + compare support for
lopper dashboardand baseline-aware compare mode rendering in the TUI summary. - Add effective policy field-level provenance via
effectivePolicy.mergeTraceand surface it in table/JSON outputs. - Enrich runtime trace ingestion/annotation with
parentModules+entrypoints, and include runtime + provenance + baseline context in SARIF properties.
Reviewed changes
Copilot reviewed 48 out of 48 changed files in this pull request and generated no comments.
Show a summary per file
| File | Description |
|---|---|
| scripts/runtime/require-hook.cjs | Emit entrypoint for CommonJS runtime trace events. |
| scripts/runtime/loader.mjs | Emit entrypoint for ESM loader trace events. |
| README.md | Document TUI baseline compare usage + new runtime usage fields. |
| internal/ui/options.go | Add baseline inputs to TUI options. |
| internal/ui/summary.go | Load/apply baseline to summary report when baseline inputs are provided. |
| internal/ui/summary_test.go | Add coverage for baseline-aware TUI snapshot output. |
| internal/ui/view_model.go | Map new runtime usage fields into the UI view model. |
| internal/ui/detail.go | Render runtime parent modules + entrypoints in detail output. |
| internal/cli/usage.go | Update CLI help for dashboard/TUI baseline flags. |
| internal/cli/parse_tui.go | Parse TUI baseline flags into the request model. |
| internal/cli/parse_tui_test.go | Test TUI baseline flag parsing. |
| internal/cli/parse_dashboard.go | Parse dashboard baseline flags (store/key/label/save). |
| internal/cli/parse_dashboard_test.go | Test dashboard baseline flag parsing. |
| internal/cli/parse_analyse.go | Thread policy merge trace through analyse request building. |
| internal/cli/parse_analyse_test.go | Validate policy trace precedence for CLI overrides. |
| internal/cli/parse_analyse_overrides.go | Merge CLI-derived policy trace into resolved policy trace. |
| internal/app/types.go | Extend request types (analyse policy trace; TUI/dashboard baseline fields). |
| internal/app/app.go | Forward TUI baseline options from app layer. |
| internal/app/dashboard.go | Aggregate dashboard report, apply baseline compare, optionally save snapshot. |
| internal/app/dashboard_request.go | Resolve config-provided baseline store (relative to config dir). |
| internal/app/dashboard_request_options_test.go | Test baseline store resolution from config. |
| internal/app/dashboard_rendering_test.go | Validate dashboard JSON includes baseline_comparison when comparing. |
| internal/app/analyse_prepare.go | Include effectivePolicy.mergeTrace in analyse report decoration. |
| internal/thresholds/config.go | Add PolicyTrace to threshold load result (defaults + merged). |
| internal/thresholds/config_packs.go | Track field-level policy source per merged override; export as trace list. |
| internal/thresholds/config_cov_more_branches_test.go | Add tests for policy trace merge/source tracking. |
| internal/runtime/trace_types.go | Extend runtime event + trace aggregates for parent/entrypoint context. |
| internal/runtime/trace_load.go | Parse/store parent + entrypoint counts per dependency. |
| internal/runtime/trace_load_test.go | Test trace loading for parent + entrypoint fields. |
| internal/runtime/trace_annotate.go | Attach parentModules/entrypoints to report.RuntimeUsage. |
| internal/runtime/trace_annotate_test.go | Test runtime annotation includes new provenance fields. |
| internal/report/model/metadata.go | Add effectivePolicy.mergeTrace to report schema model. |
| internal/report/model/dependency.go | Add runtimeUsage.parentModules and runtimeUsage.entrypoints. |
| internal/report/model_aliases.go | Export PolicyMergeTrace alias from report package. |
| internal/report/format_table_sections.go | Print merge trace section in table formatter. |
| internal/report/format_table_values.go | Render parent/entrypoint runtime context in table runtime usage string. |
| internal/report/format_test.go | Add test ensuring table includes merge trace content. |
| internal/report/sarif.go | Add provenance/runtime/baseline context to SARIF result properties. |
| internal/report/sarif_test.go | Update SARIF tests for new function signatures/properties. |
| internal/dashboard/types.go | Add dashboard baseline comparison model. |
| internal/dashboard/baseline.go | Implement dashboard baseline snapshot storage + comparison computation. |
| internal/dashboard/format.go | Emit baseline comparison in dashboard CSV/HTML outputs. |
| internal/dashboard/dashboard_test.go | Add baseline snapshot + comparison coverage for dashboard package. |
| docs/threshold-tuning.md | Document effectivePolicy.mergeTrace and TUI baseline flags. |
| docs/sarif-code-scanning.md | Document SARIF provenance/runtime/baseline enrichment. |
| docs/report-schema.md | Update schema docs for mergeTrace + runtime + richer baselineComparison. |
| docs/report-schema.json | Add JSON schema definitions for mergeTrace + runtime parent/entrypoint fields. |
| docs/dashboard.md | Document dashboard baseline store/key/label/save semantics. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
…-20260610 # Conflicts: # internal/report/format_table_values.go # internal/thresholds/config_cov_more_branches_test.go
Contributor
Lopper (Delta)
No dependency-surface deltas detected. |
Contributor
SonarQube (PR)Open issues: 0 Duplication
IssuesOpen Sonar issues (0)
Source: SonarCloud PR view |
…20260610 # Conflicts: # internal/report/format_table_values.go # internal/runtime/capture_env.go # internal/runtime/capture_env_test.go # internal/thresholds/config_cov_more_branches_test.go
|
ben-ranford
deleted the
feat/issues-493-494-497-499-500-baseline-provenance-context
branch
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Adds baseline, provenance, and runtime context reporting for #493, #494, #497, #499, and #500.
Changes
Validation
Commands run locally by the worker:
go test ./internal/dashboard ./internal/ui ./internal/thresholds ./internal/report ./internal/runtime ./internal/cli ./internal/app git diff --checkCI follow-up is required for the unused dashboard materialization lint failure and Sonar findings.
Risk and compatibility
baselineComparison,effectivePolicy.mergeTrace, and runtime parent/entrypoint context.Closes #493
Closes #494
Closes #497
Closes #499
Closes #500
Checklist
memory-approvedrequested/applied if intentional memory benchmark regressions exceed CI thresholds