Skip to content

bug: complyctl get invalidates extracted complypack but not generation cache #551

Open
Open
bug: complyctl get invalidates extracted complypack but not generation cache#551
Labels
bugSomething isn't working
@jpower432

Description

@jpower432
jpower432
opened on Jun 4, 2026

Describe the bug

complyctl get re-syncs a complypack via atomic directory replacement, destroying the previously-extracted content/ directory inside ~/.complytime/complypacks/<evaluator>/<version>/. The generation cache (.complytime/generation/) and provider artifacts (.complytime/opa/generated/scan-config.json) are not invalidated. The next complyctl scan skips Generate
("Reusing generated artifacts...") and Scan reads a dead bundle_dir path from the stale scan-config.json.

To Reproduce

  1. Run complyctl get — pulls complypack, stores content.tar.gz
  2. Run complyctl scan — Generate extracts content.tar.gz to content/, writes scan-config.json with bundle_dir: .../content
  3. Run complyctl get again — atomic rename replaces 0.1.0/ dir, content/ is gone
  4. Run complyctl scan — error: stat /home/user/.complytime/complypacks/opa/0.1.0/content: no such file or directory

Expected behavior

When complyctl get replaces a complypack, it should invalidate the generation cache for that evaluator so the next scan triggers a fresh Generate cycle.
Additional context
Workaround:

rm -rf .complytime/generation .complytime/opa
complyctl scan --policy-id <id> --format pretty

Metadata

Metadata

Assignees

No one assigned

    Labels

    bugSomething isn't working

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    ComplyTime planning
    Status
    Backlog

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions