feat: make OSS license audit runnable locally

[msukkari]

Summary by CodeRabbit

• New Features
  • Enhanced open source license compliance auditing with improved detection and classification of weak versus strong copyleft licenses to better manage project dependency licensing risks.
  • Refined automated PR reporting that intelligently surfaces license audit findings, now only commenting when audit failures are detected or weak copyleft licenses are identified in dependencies.

[coderabbitai]

Caution

Review failed

Pull request was closed or merged during review

Walkthrough

The pull request introduces a complete license audit automation pipeline by externalizing the Claude prompt to a separate file, refactoring the GitHub Actions workflow to simplify comment generation logic, and adding orchestration scripts that fetch license data, summarize it, and invoke Claude for compliance auditing with comprehensive validation.

Changes

Cohort / File(s)	Summary
License Audit Workflow .github/workflows/license-audit.yml	Modified workflow triggers to include prompt and audit script files in path filters. Externalized inline prompt to scripts/licenseAuditPrompt.txt via a "Read audit prompt" step. Restructured PR comment generation with early-return gating and refined status icon logic: distinguishes between FAIL (:x:) and other outcomes (:warning:), and skips comments for PASS results with no weak copyleft violations.
License Audit Infrastructure scripts/licenseAuditPrompt.txt, scripts/runLicenseAudit.sh	Added new prompt file defining OSS license compliance audit procedure with instructions for detecting UNKNOWN/non-standard licenses, resolving them via npm/repository lookups, classifying copyleft licenses, and generating structured JSON output with failure reasons. Added executable Bash script that orchestrates end-to-end pipeline: verifies claude CLI and prompt file availability, executes Node scripts to fetch and summarize license data, invokes Claude with the prompt, validates output file generation, extracts audit results, and conditionally fails with human-readable error messages.

Sequence Diagram(s)

sequenceDiagram
    participant GHA as GitHub Actions
    participant Node as Node Scripts
    participant Claude as Claude CLI
    participant FS as File System

    GHA->>Node: Execute fetchLicenses.mjs
    Node->>FS: Read package.json
    Node->>FS: Write oss-licenses.json

    GHA->>Node: Execute summarizeLicenses.mjs
    Node->>FS: Read oss-licenses.json
    Node->>FS: Write summary output

    GHA->>FS: Read licenseAuditPrompt.txt
    FS-->>GHA: Prompt contents

    GHA->>Claude: Run audit with prompt + summary
    Claude->>Claude: Analyze licenses & classify copyleft
    Claude->>FS: Write license-audit-result.json

    GHA->>FS: Validate license-audit-result.json exists
    FS-->>GHA: Result file contents

    GHA->>GHA: Extract status & summary counts
    alt status == FAIL
        GHA->>GHA: Format failure reasons
        GHA-->>GHA: Exit with error
    else status == PASS
        GHA-->>GHA: Report success
    end

    GHA->>FS: Comment on PR (conditional)

Loading

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~25 minutes

Possibly related PRs

• PR #1003: Overlapping modifications to the license-audit workflow and related prompt/audit infrastructure setup.

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately and concisely summarizes the primary change: enabling the OSS license audit to run locally, not just in GitHub Actions. This is clearly reflected in the commit messages and file changes (new shell script, external prompt file, workflow refactoring).
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

📝 Generate docstrings

• Create stacked PR
• Commit on current branch

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch msukkari/oss_licenses

📝 Coding Plan

• Generate coding plan for human review comments

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[github-actions]

@msukkari your pull request is missing a changelog!

[github-actions]

License Audit

❌ Audit failed to produce results. Check the workflow logs for details.