check

func NewCmd ¶

func NewCmd() *cobra.Command

NewCmd builds `aiwf check`: validate the consumer repo's planning state. Read-only; produces no commit. The pre-push git hook runs this verb — its findings + exit code are the framework's authoritative correctness gate.

func ParseUntrailedCommits ¶

func ParseUntrailedCommits(s string) []check.UntrailedCommit

ParseUntrailedCommits unpacks the multi-record stream produced by ReadUntrailedCommits. The format is:

<RS>{SHA}<US>{subject}<US>{trailers}<US>
{file1}
{file2}
...
<RS>{SHA}<US>...

Trailers and file lists are both newline-delimited. Subject is the commit's first line, used for the squash-merge specialization (G31). Empty input (no unpushed commits) returns nil.

func ReadUntrailedCommits ¶

func ReadUntrailedCommits(ctx context.Context, root, rangeArg string) ([]check.UntrailedCommit, error)

ReadUntrailedCommits returns the commits in rangeArg (e.g. `@{u}..HEAD`, or `<sha>..HEAD` from --since) along with their trailer set and the relative paths each commit touched.

The range is supplied by the caller (ResolveUntrailedRange); ReadUntrailedCommits is purely the git-log invocation + parsing. An empty range (HEAD == @{u}) returns no commits, no findings.

`-m --first-parent` walks the integration-branch view (G32): merge commits surface their introduced changes (against their first parent) so the audit pass sees entity-file paths brought in by `git merge`, while feature-branch commits not on first-parent ancestry are correctly excluded (those are the feature branch's own warning scope, not the integration branch's). Without `-m` the default is "show no diff for merge commits," which silently bypassed the audit for merges that absorbed entity-file changes from a feature branch.

func ResolveUntrailedRange ¶

func ResolveUntrailedRange(ctx context.Context, root, since string) (string, *check.Finding, error)

ResolveUntrailedRange picks the `git log` range for the step-7b untrailered-entity audit. Three branches:

1. since != "" — the operator's explicit choice wins. Validates the ref shape via `git rev-parse --verify`; an unrecognized ref returns a usage-error advisory finding so the audit is still skipped (rather than failing the whole check verb).
2. else, an upstream is configured — return `@{u}..HEAD`.
3. else — return ("", advisory) so the caller skips the scan and surfaces the undefined-scope warning.

func Run ¶

func Run(root, format string, pretty bool, since string, shapeOnly, verbose bool) int

Run is the check verb's body. Loads the tree, runs every rule (pure-tree + provenance + tests-metrics + contracts + tree discipline), applies aiwf.yaml-driven severity bumps, renders the findings in the chosen format, and returns the exit code.

func RunProvenanceCheck ¶

func RunProvenanceCheck(ctx context.Context, root string, t *tree.Tree, since string) ([]check.Finding, error)

RunProvenanceCheck walks every commit reachable from HEAD that carries any `aiwf-*` trailer and runs the I2.5 standing rules against the result. It also runs the step-7b untrailered-entity- commit warning, scoped per the rules in ResolveUntrailedRange:

• --since <ref> on the verb wins.
• Otherwise `@{u}..HEAD` when an upstream is configured.
• Otherwise the audit is SKIPPED with a single `provenance-untrailered-scope-undefined` advisory; the fallback used to be "all of HEAD," which on long-lived branches floods with warnings against commits already merged in from trunk. See issue #5 sub-item 2.

Returns a single concatenated finding slice; transport errors propagate.

Why grep on `^aiwf-` for the standing rules: every rule is keyed on at least one aiwf trailer (actor, principal, scope-ends, etc.). Untrailered commits are handled by the separate step-7b audit pass, which uses a different filter (range scoped per ResolveUntrailedRange, no trailer grep).

func RunTestsMetricsCheck ¶

func RunTestsMetricsCheck(ctx context.Context, root string, t *tree.Tree, require bool) ([]check.Finding, error)

RunTestsMetricsCheck emits an `acs-tdd-tests-missing` warning for every AC at `tdd_phase: done` under a `tdd: required` milestone whose `aiwf history` carries no `aiwf-tests:` trailer on any commit. Gated on require: when false (the default), returns nil without walking history — the trailer is informational metadata and absence is not a finding.

Why the check lives here rather than in package check: the rule requires git access (a history walk per qualifying AC) which the pure-tree check.Run intentionally does not have. Composing this pass in the check verb's package keeps the rule's runtime cost scoped to invocations that opt in via aiwf.yaml.