Skip to content

enhancement: group and reorder complyctl doctor output for readability #692

Description

@sonupreetam

Summary

The complyctl doctor output currently renders all check results as a flat
list of status lines. As the number of checks grows, the output becomes
harder to scan. This issue tracks grouping checks into labeled sections,
nesting related sub-checks under their parents, and fixing silent policy
skipping on registry failures.

Feedback

@marcusburghardt provided the following feedback that shaped the design:

  1. Section ordering: "I was thinking of a list of sequential
    requirements for performing a successful scan." Suggested order:
    Providers (with Variables) → Policies → Complypacks → Workspace.
  2. Variables with providers: "Since the variables are related to
    providers, wouldn't make sense to keep them together?"
  3. Named complypacks: "I was also thinking about the value of
    informing the number of complypacks without identifying the
    complypack. It is similar to say: 'You have 3 providers, but not
    saying which providers specifically.'"

Current behavior

✅ config: /path/to/.complytime/complytime.yaml valid
✅ provider/ampel: healthy (v0.1.0)
✅ provider/opa: healthy (v0.1.0)
✅ cache: 6 cached policy store(s)
✅ policy/ampel-bp: latest (pinned)
✅ policy/ampel-bp/active-period: no evaluation timeline defined
✅ variables/ampel: 0/0 global vars, 2/2 target vars
✅ variables/opa: 0/0 global vars, no target mapping for this evaluator
✅ complypacks: 1 complypack(s) cached
⏭️ registry/down.io: unreachable

Problems: flat list with no grouping, variables far from their provider,
active-period far from its policy, complypacks show only a count,
unreachable registry silently skips all affected policies.

Proposed behavior

Running workspace diagnostics...

Providers
  ✅ ampel: healthy (v0.1.0)
      ✅ variables: 0/0 global vars, 2/2 target vars
  ✅ opa: healthy (v0.1.0)

Policies
  ✅ ampel-bp: 0.2.0 (latest)
      ✅ active-period: no evaluation timeline defined
  ⏭️ cis: version check skipped (registry unreachable: down.io)
      ✅ active-period: evaluation active (2026-01-01 to 2027-01-01)

Cache
  ✅ cache: 6 cached policy store(s)

Complypacks
  ✅ ampel: cached
  ⏭️ opa: not cached — run complyctl get to download

Workspace
  ✅ config: .complytime/complytime.yaml valid

Verification
  ✅ verification: all 6 cached artifacts verified

9 checks: 7 passed, 0 failed, 2 warnings

Changes

  1. Grouped sections following scan prerequisite sequence (per Marcus):
    Providers → Policies → Cache → Complypacks → Workspace → Verification
  2. Variables nested under their parent provider (per Marcus)
  3. Active-period nested under their parent policy
  4. Per-policy registry warnings — each affected policy gets its own
    warning instead of one registry/ result that silently skips the rest
  5. Named complypacks individually by evaluator-id (per Marcus)
  6. Summary counts all rendered results — children are included so the
    count matches what the user sees on screen (failures are never hidden)
  7. Unmapped providers skip variable output — providers with no required
    variables and no policies referencing them show no variable child

Implementation

  • CheckResult gains Group and Children fields; Run() assembles
    the tree via attachment helpers
  • Renderer strips section prefixes from display names (provider/ampel
    renders as ampel) and uses short labels for children (variables,
    active-period); full qualified names preserved in data model
  • OpenSpec: openspec/changes/doctor-grouped-output/
  • Branch: opsx/doctor-grouped-output

References

Metadata

Metadata

Assignees

Labels

Type

No type

Fields

Priority

High

Effort

None yet

Projects

Status
In progress 📋

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions