Skip to content

feat(cli): add score subcommand wiring score.Engine#10

Merged
hammadtq merged 1 commit intomainfrom
feat/score-cli-subcommand
May 8, 2026
Merged

feat(cli): add score subcommand wiring score.Engine#10
hammadtq merged 1 commit intomainfrom
feat/score-cli-subcommand

Conversation

@hammadtq
Copy link
Copy Markdown
Contributor

@hammadtq hammadtq commented May 7, 2026
edited by blacksmith-sh Bot
Loading

Summary

Adds the score CLI subcommand wiring pkg/score.Engine to the public CLI. Phase 1.3.

Behavior

  • attach-open-score score --input <path> — read normalized evidence JSON and emit a verdict.
  • --input - reads stdin.
  • --policy-profile <name> (default default).
  • Existing attach-open-score --root <path> fixture-validate behavior preserved as the no-subcommand default.

Smoke

$ echo '{"package":{"name":"example","version":"1.0.0","ecosystem":"npm","purl":"pkg:npm/example@1.0.0"},"evidence":[]}' | attach-open-score score --input -
{ "decision": "ASK", "score": 45, "confidence": "LOW", ... }

Verification

  • go vet ./... clean
  • go test ./... all packages pass (cmd, internal/fixtures, pkg/score)
  • git diff --check clean
  • credential-pattern scan clean
  • stdlib only, no new dependencies

Source/legal

  • Public Apache-2.0 only.
  • Tests use synthetic example.invalid source refs.
  • No proprietary vendor data.
  • OSV/GHSA/deps.dev/Scorecard attribution unchanged.

Kanban: t_756e46dd

View in Codesmith
Need help on this PR? Tag @codesmith with what you need.

  • Let Codesmith autofix CI failures and bot reviews

@hammadtq
feat(cli): add score subcommand wiring score.Engine
34f2bf3 
Adds 'attach-open-score score --input <path|->' subcommand that reads a
schema.Request as JSON, runs pkg/score.Engine.Evaluate, and prints the
resulting schema.Verdict as pretty JSON. Supports --policy-profile
(default "default"). Preserves existing --root fixture-validate default
behavior. Stdlib only.

Tests cover ALLOW/ASK/DENY happy paths, policy profile, missing file,
malformed JSON, and engine validation errors via inline schema.Request
literals (no fixture deps).

Card: t_756e46dd
@hammadtq hammadtq merged commit b6e51fb into main May 8, 2026
@hammadtq hammadtq deleted the feat/score-cli-subcommand branch May 8, 2026 02:52
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@hammadtq