Skip to content

Commit 94a90e9

Browse files
feat(cli): align bundle inspect and audit output
1 parent 196c3c6 commit 94a90e9

5 files changed

Lines changed: 65 additions & 2 deletions

File tree

.uselesskey/goals/active.toml

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -118,7 +118,7 @@ commands = [
118118

119119
[[work_item]]
120120
id = "inspect-audit-alignment"
121-
status = "ready"
121+
status = "done"
122122
proposal = "USELESSKEY-PROP-0001"
123123
spec = "USELESSKEY-SPEC-0014"
124124
plan = "plans/downstream-ci-polish/implementation-plan.md"
@@ -131,7 +131,7 @@ commands = [
131131

132132
[[work_item]]
133133
id = "downstream-ci-example"
134-
status = "planned"
134+
status = "ready"
135135
proposal = "USELESSKEY-PROP-0001"
136136
spec = "USELESSKEY-SPEC-0013"
137137
plan = "plans/downstream-ci-polish/implementation-plan.md"

crates/uselesskey-cli/src/main.rs

Lines changed: 7 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -807,6 +807,7 @@ fn render_bundle_inspection_summary(
807807
format!(
808808
concat!(
809809
"Bundle profile: {}\n",
810+
"Summary type: quick human bundle summary\n",
810811
"Purpose: {}\n",
811812
"Artifacts: {}\n",
812813
"Verified files: {}\n",
@@ -816,6 +817,7 @@ fn render_bundle_inspection_summary(
816817
"Runtime material artifacts: {}\n",
817818
"Verification: ok\n",
818819
"Receipts: {}\n",
820+
"Durable audit receipt: uselesskey audit-bundle --path <bundle-dir> --out <audit-dir>\n",
819821
"Proof/check path: {}\n",
820822
"Generated files:\n{}\n",
821823
"Artifact posture:\n{}\n",
@@ -964,6 +966,11 @@ fn render_bundle_audit_markdown(audit: &BundleAudit) -> String {
964966
out.push_str(&format!("- Status: {}\n", audit.status));
965967
out.push_str(&format!("- Bundle: {}\n", audit.bundle_path));
966968
out.push_str(&format!("- Profile: {}\n", audit.profile));
969+
out.push_str("- Receipt type: durable metadata-only reviewer/CI receipt\n");
970+
out.push_str("- Quick summary: uselesskey inspect-bundle --path <bundle-dir>\n");
971+
out.push_str(
972+
"- Payload posture: raw generated fixture payloads are not copied into this receipt\n",
973+
);
967974
out.push_str(&format!(
968975
"- Manifest: {} (version {})\n",
969976
audit.manifest_path, audit.manifest_version

crates/uselesskey-cli/tests/cli.rs

Lines changed: 13 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -675,6 +675,9 @@ fn inspect_bundle_summarizes_verified_scanner_safe_receipts() -> TestResult<()>
675675
.assert()
676676
.success()
677677
.stdout(predicate::str::contains("Bundle profile: scanner-safe"))
678+
.stdout(predicate::str::contains(
679+
"Summary type: quick human bundle summary",
680+
))
678681
.stdout(predicate::str::contains("Artifacts: 8"))
679682
.stdout(predicate::str::contains("Verified files: 10"))
680683
.stdout(predicate::str::contains("Scanner-safe: yes"))
@@ -685,6 +688,9 @@ fn inspect_bundle_summarizes_verified_scanner_safe_receipts() -> TestResult<()>
685688
.stdout(predicate::str::contains(
686689
"Receipts: materialization, audit-surface",
687690
))
691+
.stdout(predicate::str::contains(
692+
"Durable audit receipt: uselesskey audit-bundle --path <bundle-dir> --out <audit-dir>",
693+
))
688694
.stdout(predicate::str::contains(
689695
"Proof/check path: cargo xtask claim-proof --claim scanner-safe-fixtures",
690696
))
@@ -725,11 +731,15 @@ fn inspect_bundle_reports_runtime_material_without_printing_payloads() -> TestRe
725731
let summary = String::from_utf8(output).test_context("utf-8")?;
726732

727733
assert!(summary.contains("Bundle profile: runtime"));
734+
assert!(summary.contains("Summary type: quick human bundle summary"));
728735
assert!(summary.contains("Scanner-safe: no"));
729736
assert!(summary.contains("Private key material: yes"));
730737
assert!(summary.contains("Symmetric secret material: yes"));
731738
assert!(summary.contains("Runtime material artifacts: 5"));
732739
assert!(summary.contains("Verification: ok"));
740+
assert!(summary.contains(
741+
"Durable audit receipt: uselesskey audit-bundle --path <bundle-dir> --out <audit-dir>"
742+
));
733743
assert!(
734744
summary.contains(
735745
"Proof/check path: uselesskey verify-bundle --path target/uselesskey-runtime"
@@ -800,6 +810,9 @@ fn audit_bundle_writes_metadata_only_reviewer_receipts() -> TestResult<()> {
800810
let audit_md =
801811
fs::read_to_string(audit_dir.join("bundle-audit.md")).test_context("audit markdown")?;
802812
assert!(audit_md.contains("Bundle Audit"));
813+
assert!(audit_md.contains("durable metadata-only reviewer/CI receipt"));
814+
assert!(audit_md.contains("Quick summary: uselesskey inspect-bundle --path <bundle-dir>"));
815+
assert!(audit_md.contains("raw generated fixture payloads are not copied"));
803816
assert!(audit_md.contains("requests/negative-wrong-secret.json"));
804817
assert!(audit_md.contains("audit-bundle does not prove repo public claims"));
805818
assert!(audit_md.contains("provider compatibility"));

docs/README.md

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -98,6 +98,8 @@ Specifications and formal definitions.
9898

9999
- [dependency-economics.md](reference/dependency-economics.md) — Current lane cost receipts
100100
- [audit-surface.md](reference/audit-surface.md) — Current audit/island receipts
101+
- [bundle-audit-json.md](reference/bundle-audit-json.md) — Stable installed bundle audit JSON contract
102+
- [bundle-inspect-vs-audit.md](reference/bundle-inspect-vs-audit.md) — When to use quick bundle inspection versus durable audit receipts
101103
- [verification-badges.md](reference/verification-badges.md) — Generated README badge endpoint rules and boundaries
102104
- [requirements-v0.3.md](reference/requirements-v0.3.md) — v0.3 acceptance specification
103105
- [requirements-v0.4.md](reference/requirements-v0.4.md) — v0.4 RNG boundary refactor specification
Lines changed: 41 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,41 @@
1+
# Bundle Inspect vs Audit
2+
3+
`inspect-bundle` and `audit-bundle` both read an installed CLI bundle, but they
4+
serve different jobs.
5+
6+
## `inspect-bundle`
7+
8+
Use `inspect-bundle` when you want a quick terminal summary before debugging or
9+
reviewing generated files:
10+
11+
```bash
12+
uselesskey inspect-bundle --path target/uselesskey-webhook
13+
```
14+
15+
It verifies the manifest, prints the profile, lists generated files, summarizes
16+
scanner-safe and runtime-material posture, and points to the relevant proof or
17+
check path. It does not write a durable receipt.
18+
19+
## `audit-bundle`
20+
21+
Use `audit-bundle` when you need a metadata-only reviewer packet or a downstream
22+
CI gate:
23+
24+
```bash
25+
uselesskey audit-bundle --path target/uselesskey-webhook --out target/uselesskey-webhook-audit
26+
uselesskey audit-bundle --path target/uselesskey-webhook --ci
27+
```
28+
29+
It writes `bundle-audit.json` and `bundle-audit.md` when `--out` is provided.
30+
Those receipts contain bundle metadata, artifact classifications, stable failure
31+
classes, checks, and boundaries. They do not copy raw fixture payloads.
32+
33+
## Boundary
34+
35+
`inspect-bundle` is for a human's immediate read. `audit-bundle` is for durable
36+
reviewer and CI evidence.
37+
38+
Neither command proves repo public claims, release readiness, production
39+
security, provider compatibility, scanner evasion, or downstream verifier
40+
correctness. Use repo-local verification commands when you need public-claim or
41+
release evidence.

0 commit comments

Comments
 (0)