{"id":50454009,"url":"https://github.com/mizcausevic-dev/evidence-bundle-fleet-summary-action","last_synced_at":"2026-06-01T01:05:33.571Z","repository":{"id":360817249,"uuid":"1250878348","full_name":"mizcausevic-dev/evidence-bundle-fleet-summary-action","owner":"mizcausevic-dev","description":"GitHub Action wrapping evidence-bundle-fleet-summary. Flags bundle-expired, unsigned-regulated-bundle, cross-bundle-hash-collision, oversized-bundle. PR comment + fail-on-high. Completes the per-protocol fleet-summary action quartet.","archived":false,"fork":false,"pushed_at":"2026-05-28T00:50:07.000Z","size":251,"stargazers_count":0,"open_issues_count":7,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2026-05-28T02:22:47.962Z","etag":null,"topics":["actions","ai-governance","audit","compliance","evidence","fleet","github-action","kinetic-gain-suite","provenance","typescript"],"latest_commit_sha":null,"homepage":"https://suite.kineticgain.com/","language":"TypeScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"agpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/mizcausevic-dev.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":"SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2026-05-27T03:41:17.000Z","updated_at":"2026-05-28T00:50:11.000Z","dependencies_parsed_at":null,"dependency_job_id":null,"html_url":"https://github.com/mizcausevic-dev/evidence-bundle-fleet-summary-action","commit_stats":null,"previous_names":["mizcausevic-dev/evidence-bundle-fleet-summary-action"],"tags_count":1,"template":false,"template_full_name":null,"purl":"pkg:github/mizcausevic-dev/evidence-bundle-fleet-summary-action","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mizcausevic-dev%2Fevidence-bundle-fleet-summary-action","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mizcausevic-dev%2Fevidence-bundle-fleet-summary-action/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mizcausevic-dev%2Fevidence-bundle-fleet-summary-action/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mizcausevic-dev%2Fevidence-bundle-fleet-summary-action/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/mizcausevic-dev","download_url":"https://codeload.github.com/mizcausevic-dev/evidence-bundle-fleet-summary-action/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mizcausevic-dev%2Fevidence-bundle-fleet-summary-action/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":33755379,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-05-26T15:22:16.424Z","status":"online","status_checked_at":"2026-05-31T02:00:06.040Z","response_time":95,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["actions","ai-governance","audit","compliance","evidence","fleet","github-action","kinetic-gain-suite","provenance","typescript"],"created_at":"2026-06-01T01:05:33.024Z","updated_at":"2026-06-01T01:05:33.567Z","avatar_url":"https://github.com/mizcausevic-dev.png","language":"TypeScript","funding_links":[],"categories":[],"sub_categories":[],"readme":"# evidence-bundle-fleet-summary-action\n\n[![CI](https://github.com/mizcausevic-dev/evidence-bundle-fleet-summary-action/actions/workflows/ci.yml/badge.svg)](https://github.com/mizcausevic-dev/evidence-bundle-fleet-summary-action/actions/workflows/ci.yml)\n[![License: AGPL-3.0-or-later](https://img.shields.io/badge/License-AGPL--3.0--or--later-blue.svg)](LICENSE)\n\nGitHub Action that walks a directory of **evidence-bundle** `manifest.json` files, counts by purpose, surfaces governance gaps, posts a Markdown summary as a PR comment, and **fails the build** when any high-severity finding is present.\n\nWraps [`evidence-bundle-fleet-summary`](https://github.com/mizcausevic-dev/evidence-bundle-fleet-summary) — same finding logic, vendored into the action for self-contained execution.\n\n**Fourth in the action family — completes the per-protocol fleet-summary action quartet:**\n\n- [`agent-card-fleet-summary-action`](https://github.com/mizcausevic-dev/agent-card-fleet-summary-action) — A2A AgentCards\n- [`mcp-tool-card-fleet-summary-action`](https://github.com/mizcausevic-dev/mcp-tool-card-fleet-summary-action) — MCP Tool Cards\n- [`prompt-provenance-fleet-summary-action`](https://github.com/mizcausevic-dev/prompt-provenance-fleet-summary-action) — prompt-provenance docs\n- **`evidence-bundle-fleet-summary-action`** — evidence bundles\n\nPart of the [Kinetic Gain Suite](https://suite.kineticgain.com/).\n\n---\n\n## Usage\n\n```yaml\nname: Evidence bundle governance\non:\n  pull_request:\n    paths: [\"bundles/**\"]\n\njobs:\n  fleet-summary:\n    runs-on: ubuntu-latest\n    steps:\n      - uses: actions/checkout@v4\n      - uses: mizcausevic-dev/evidence-bundle-fleet-summary-action@v0.1-shipped\n        with:\n          bundles-dir: bundles/\n          oversized-mb: 100   # optional, default 100\n          fail-on-high: true\n```\n\n## Inputs\n\n| input            | required | default       | description |\n|---|---|---|---|\n| `bundles-dir`    | ✓        | —             | Directory containing `manifest.json` files (one per bundle). |\n| `comment-on-pr`  |          | `auto`        | `auto` posts only on `pull_request` events; `true`/`false` force the behavior. |\n| `fail-on-high`   |          | `true`        | Fail the run when any high-severity finding is present. |\n| `oversized-mb`   |          | `100`         | Bundles larger than this many MB trigger the `oversized-bundle` finding. |\n| `github-token`   |          | `${{ github.token }}` | Token used to post the PR comment. |\n\n## Outputs\n\n| output             | description |\n|---|---|\n| `total-bundles`    | Number of bundles analyzed. |\n| `high-findings`    | Count of high-severity findings. |\n| `signed-bundles`   | Number of bundles with a signature block. |\n| `expired-bundles`  | Number of bundles past their `expires_at`. |\n\n## What it flags\n\n| Code | Severity | Rule |\n|---|---|---|\n| `bundle-expired` | 🔴 | `bundle.expires_at` is in the past. |\n| `unsigned-regulated-bundle` | 🔴 | `bundle.purpose` ∈ {audit-evidence, compliance-disclosure, regulatory-submission} but no `signature` block. |\n| `cross-bundle-hash-collision` | 🔴 | Same `items[].sha256` appears in 2+ different bundles. |\n| `no-items` | 🔴 | Bundle declares no `items[]`. |\n| `oversized-bundle` | 🟠 | Total `items[].size_bytes` \u003e threshold (default 100 MB). |\n| `no-provenance` | 🟠 | No `provenance` block. |\n| `no-relationships` | 🟡 | No `relationships[]` declared. |\n| `no-labels` | ℹ️ | No `bundle.labels` declared. |\n\n## Composes with\n\n- [**`evidence-bundle-fleet-summary`**](https://github.com/mizcausevic-dev/evidence-bundle-fleet-summary) — the library this wraps.\n- [**`evidence-bundle-spec`**](https://github.com/mizcausevic-dev/evidence-bundle-spec) — the schema this reads.\n- [**`evidence-bundle-builder`**](https://github.com/mizcausevic-dev/evidence-bundle-builder) · [**`evidence-bundle-diff`**](https://github.com/mizcausevic-dev/evidence-bundle-diff) · [**`evidence-bundle-readme-generator`**](https://github.com/mizcausevic-dev/evidence-bundle-readme-generator) — full evidence-bundle tool family.\n- [**`agent-card-fleet-summary-action`**](https://github.com/mizcausevic-dev/agent-card-fleet-summary-action) · [**`mcp-tool-card-fleet-summary-action`**](https://github.com/mizcausevic-dev/mcp-tool-card-fleet-summary-action) · [**`prompt-provenance-fleet-summary-action`**](https://github.com/mizcausevic-dev/prompt-provenance-fleet-summary-action) — sibling Actions across the per-protocol fleet-summary quartet.\n\n## License\n\n[AGPL-3.0-or-later](LICENSE)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmizcausevic-dev%2Fevidence-bundle-fleet-summary-action","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fmizcausevic-dev%2Fevidence-bundle-fleet-summary-action","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmizcausevic-dev%2Fevidence-bundle-fleet-summary-action/lists"}