MR Sentinel

Audit log · ← dashboard

sgharlow/governance-demo-app!10

Verdict: block
Score: 0.0 / 10
Rubric: v2
Commit: 1fb25ad2
Scored: 2026-05-19 05:11:40 UTC

Rule outcomes (15)

Rule	Category	Outcome	Severity	Controls	Evidence
contract-has-spec-link	contract_spec	fail	warning	CDPD-§3, ISO-27001-A.14.2.1	MR description is empty or only contains 'small fix'.
no-secrets-in-diff	security	fail	blocker	SOC2-CC6.1, ISO-27001-A.9.4.3, OWASP-ASVS-V2	`DATABASE_URL`, `JWT_SECRET`, `STRIPE_API_KEY`, `STRIPE_WEBHOOK_SECRET`, `AWS_ACCESS_KEY_ID`, `AWS_SECRET_ACCESS_KEY` are all present in `.env.production`.
no-commented-out-code	quality	pass	info	SOC2-CC8.1	Comments in `.env.production` are descriptive, not commented-out code.
no-skipped-tests-introduced	quality	pass	error	SOC2-CC8.1	No test files in diff.
acceptance-criteria-testable	contract_spec	skip	warning	CDPD-§5, SOC2-CC8.1	No spec linked, no test diff.
auth-on-new-public-endpoints	security	skip	blocker	SOC2-CC6.1, OWASP-ASVS-V1	No new public endpoints added.
changed-method-coverage	quality	skip	error	SOC2-CC8.1, ISO-27001-A.14.2.8	No code changes, only a new configuration file.
dependency-advisory-check	security	skip	blocker	SOC2-CC7.1, ISO-27001-A.12.6.1, NIST-SA-11	No dependencies added or upgraded.
error-budget-impact-declared	operational	skip	warning	SOC2-CC4.1	The diff adds a configuration file, not code directly impacting service SLOs.
integration-boundaries-explicit	contract_spec	skip	warning	CDPD-§6, ISO-27001-A.14.2.5	The diff adds environment variables, not new API endpoints or message bus definitions that would require contract documentation in the diff.
kill-switch-path	contract_spec	skip	warning	CDPD-§9, SOC2-CC7.5	This MR adds configuration, not user-facing behavior.
mutation-resilience-critical-paths	quality	skip	warning	SOC2-CC8.1	No code changes, only a new configuration file.
observability-on-new-endpoints	operational	skip	warning	SOC2-CC7.2, ISO-27001-A.12.4.1	No new HTTP/gRPC endpoints added.
rollback-documented-for-migrations	operational	skip	error	SOC2-CC7.5, ISO-27001-A.14.2.2	No database migration files in diff.
spec-implementation-match	contract_spec	skip	error	CDPD-§7	No spec linked.

Audit log (2)

When	Actor	Action	Details
2026-05-19 05:11:42 UTC	mr-sentinel	skip_duplicate	{"sha": "1fb25ad2", "reason": "already_evaluated", "rubric_version": "v2"}
2026-05-19 05:11:42 UTC	mr-sentinel	evaluate	{"score": 0.0, "note_id": 3361770482, "verdict": "block", "tool_calls": 8, "rubric_source": "project_override", "comment_crea