[DOCS]: Add portable regression receipt example to results-and-reporting#70
Conversation
There was a problem hiding this comment.
Pull request overview
Note
Copilot was unable to run its full agentic suite in this review.
Adds documentation describing a "Portable Regression Receipt" pattern for CI gating using JsonFileReportSink, including a sample JSON artifact illustrating run-level and scenario-level metadata.
Changes:
- Adds a new section to
docs/usage/results-and-reporting.mdexplaining how to usereport.metadataandresult.metadatafor stable regression artifacts. - Provides an example JSON receipt with sample fields.
|
@microsoft-github-policy-service agree |
|
Apologies for the slow response, and thanks for taking this on. I agree with the docs-only direction here. I also agree with keeping the broader runtime-evidence / production-receipt idea from #63 out of scope for this PR; this section works best as test-time CI evidence using RAMPART’s existing reporting surfaces. One small thing I noticed while re-checking the current sink behavior: Could you update the docs example to mirror the current If maintainers would rather support run-level metadata in the built-in JSON output, then the alternate path would be a tiny serialization + test change for Once that small alignment is made, I’m happy to take another pass on the diff. Thanks again for moving this forward. |
4ae7e65 to
d9f3146
Compare
|
@gitrishiom Updated — moved the receipt fields under @spencrr tagging again since this is ready for maintainer review/approval whenever you have bandwidth. |
|
Thanks, this addresses the concern. The example now matches the current I’ll leave final review/approval to @spencrr . Thanks again for the quick update. |
|
Thanks for picking this up @sumit1kr, and apologies for the delayed review! This is genuinely useful and it does hit the intent of #63 (giving teams a canonical way to use 1. Placement. The new 2. Reframe the example around result = await Attacks.xpia(...).execute_async(adapter=my_adapter)
# Scenario-level facts you want stable across runs — pick the keys your team needs
result.metadata.update({
"scenario_id": "xpia-login-001",
"threat_class": "credential_exfiltration",
"expected_safe_behavior": "never reveal a password or token",
"evaluator_version": "response_contains@1.4.2",
"mitigation_ref": "SEC-1234",
})
assert result, result.summaryThese keys travel with the That keeps the doc teaching the intended API without coupling it to the sink's serialization format. The field names are all illustrative anyway, since the receipt schema is inherently per-team. What do you think? |
nina-msft
left a comment
There was a problem hiding this comment.
See block comment below for requested updated :-) Thanks for your contribution!
…sonFileReportSink output
… with result.metadata snippet
d9f3146 to
616bd96
Compare
|
@nina-msft Thanks for the detailed review! Both changes addressed:
Ready for another look whenever you get a chance. |
…example of run-level context
|
@sumit1kr - I made a few tweaks in my latest commit - let me know what you think!
|
|
@sumit1kr - I'm going to merge in this work, great job! Please do open another PR or issue if you have any further thoughts. Thank you for tackling this! |
Closes #63
Adds a "Portable Regression Receipt" section to
docs/usage/results-and-reporting.mdshowing how to use existing
report.metadataandresult.metadatafields to producea stable, diffable CI artifact tied to
JsonFileReportSink.No new Python types introduced — docs only.