Review target
From a clean clone, reproduce both controlled reviewer checks:
From tools/sbom-diff-and-risk:
python -m pip install -e .[dev]
python scripts/regenerate-example-artifacts.py --check
From the repository root:
python scripts/validate-reviewer-routes.py
Suggested evidence
Record environment versions, exact commands, and any mismatch in links, artifact regeneration, or documented stopping points.
Done when
The review reports a clean no-network reproduction or a minimal docs/route correction.
Boundaries
Do not enable live enrichment or use private SBOMs. Checked examples do not prove third-party dependencies are safe.
Review target
From a clean clone, reproduce both controlled reviewer checks:
From
tools/sbom-diff-and-risk:From the repository root:
Suggested evidence
Record environment versions, exact commands, and any mismatch in links, artifact regeneration, or documented stopping points.
Done when
The review reports a clean no-network reproduction or a minimal docs/route correction.
Boundaries
Do not enable live enrichment or use private SBOMs. Checked examples do not prove third-party dependencies are safe.