Skip to content

refactor(scripts): consolidate duplicate logging into shared SecurityHelpers module#655

Merged
WilliamBerryiii merged 3 commits intomainfrom
refactor/321-consolidate-logging
Feb 19, 2026
Merged

refactor(scripts): consolidate duplicate logging into shared SecurityHelpers module#655
WilliamBerryiii merged 3 commits intomainfrom
refactor/321-consolidate-logging

Conversation

@WilliamBerryiii
Copy link
Member

Summary

Consolidates duplicate logging functions into the shared SecurityHelpers.psm1 module, eliminating code duplication across security scripts.

Closes #321

Changes

SecurityHelpers.psm1

  • Import CIHelpers.psm1 for CI annotation support
  • Add -CIAnnotation switch parameter to Write-SecurityLog for opt-in CI annotation forwarding (Warning/Error levels)
  • Change Info color from White to Cyan to match script conventions

Test-DependencyPinning.ps1

  • Import SecurityHelpers.psm1
  • Remove local Write-PinningLog function (32 lines)
  • Replace all ~25 Write-PinningLog call sites with Write-SecurityLog -CIAnnotation

Test-SHAStaleness.ps1

  • Import SecurityHelpers.psm1
  • Remove local Write-SecurityLog function (33 lines)
  • Add $PSDefaultParameterValues to route OutputFormat and LogPath parameters transparently

Test files

  • Update Test-DependencyPinning.Tests.ps1 mocks and context names from Write-PinningLog to Write-SecurityLog
  • Add 4 CI annotation forwarding tests to SecurityHelpers.Tests.ps1

Validation

  • Tests: 900 passed, 0 failed, 0 skipped
  • Lint: 52 files analyzed, 0 issues

♻️ - Generated by Copilot

…Helpers module

- remove Write-PinningLog from Test-DependencyPinning.ps1, use Write-SecurityLog -CIAnnotation
- remove local Write-SecurityLog from Test-SHAStaleness.ps1, import shared module
- add -CIAnnotation switch to shared Write-SecurityLog for opt-in CI annotation forwarding
- add CI annotation tests to SecurityHelpers.Tests.ps1

♻️ - Generated by Copilot
Copilot AI review requested due to automatic review settings February 18, 2026 01:55
@WilliamBerryiii WilliamBerryiii requested a review from a team as a code owner February 18, 2026 01:55
@github-actions
Copy link
Contributor

github-actions bot commented Feb 18, 2026

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

Scanned Files

None
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR successfully consolidates duplicate logging functions from multiple security scripts into a shared SecurityHelpers.psm1 module, eliminating code duplication and establishing a consistent logging pattern across the security tooling. The refactoring removes 65+ lines of duplicate code while maintaining backward compatibility through the use of $PSDefaultParameterValues for scripts that don't need CI annotation support.

Changes:

  • Consolidated duplicate Write-PinningLog and Write-SecurityLog functions into a single shared implementation in SecurityHelpers.psm1 with opt-in CI annotation forwarding
  • Updated Test-DependencyPinning.ps1 to use the shared function with -CIAnnotation switch for all ~25 call sites
  • Updated Test-SHAStaleness.ps1 to use the shared function via $PSDefaultParameterValues for transparent parameter routing
  • Updated test mocks and added 4 new tests validating CI annotation forwarding behavior

Reviewed changes

Copilot reviewed 5 out of 5 changed files in this pull request and generated no comments.

Show a summary per file
File Description
scripts/security/Modules/SecurityHelpers.psm1 Added CIHelpers import, -CIAnnotation switch parameter for opt-in CI annotation forwarding, and changed Info color from White to Cyan
scripts/security/Test-DependencyPinning.ps1 Removed 32-line local Write-PinningLog function, imported SecurityHelpers module, and updated ~25 call sites to use Write-SecurityLog -CIAnnotation
scripts/security/Test-SHAStaleness.ps1 Removed 33-line local Write-SecurityLog function, imported SecurityHelpers module, and added $PSDefaultParameterValues for transparent parameter routing
scripts/tests/security/Test-DependencyPinning.Tests.ps1 Updated mock function names from Write-PinningLog to Write-SecurityLog and updated context descriptions
scripts/tests/security/SecurityHelpers.Tests.ps1 Added 4 new tests validating CI annotation forwarding behavior for Warning, Error, and Info levels
- remove -Force from CIHelpers nested import in SecurityHelpers.psm1
- add -ModuleName SecurityHelpers to mocks and assertions in SecurityHelpers.Tests.ps1
- add CIHelpers re-import and module-scoped mocks in Test-DependencyPinning.Tests.ps1
- add CIHelpers re-import in Test-SHAStaleness.Tests.ps1

🔧 - Generated by Copilot
@codecov-commenter
Copy link

codecov-commenter commented Feb 18, 2026

Codecov Report

❌ Patch coverage is 76.47059% with 8 lines in your changes missing coverage. Please review.
✅ Project coverage is 85.39%. Comparing base (cc92ef9) to head (56e8ff3).
⚠️ Report is 2 commits behind head on main.

Files with missing lines Patch % Lines
scripts/security/Test-DependencyPinning.ps1 70.37% 8 Missing ⚠️
Additional details and impacted files

Impacted file tree graph

@@            Coverage Diff             @@
##             main     #655      +/-   ##
==========================================
+ Coverage   85.37%   85.39%   +0.01%     
==========================================
  Files          23       23              
  Lines        4657     4641      -16     
==========================================
- Hits         3976     3963      -13     
+ Misses        681      678       -3     
Flag Coverage Δ
pester 85.39% <76.47%> (+0.01%) ⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

Files with missing lines Coverage Δ
scripts/security/Modules/SecurityHelpers.psm1 95.88% <100.00%> (+0.07%) ⬆️
scripts/security/Test-SHAStaleness.ps1 67.93% <100.00%> (-0.23%) ⬇️
scripts/security/Test-DependencyPinning.ps1 82.70% <70.37%> (-0.49%) ⬇️

... and 2 files with indirect coverage changes

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
@WilliamBerryiii WilliamBerryiii modified the milestone: v2.4.0 Feb 18, 2026
@WilliamBerryiii WilliamBerryiii merged commit 627a877 into main Feb 19, 2026
19 checks passed
WilliamBerryiii pushed a commit that referenced this pull request Feb 20, 2026
🤖 I have created a release *beep* *boop*
---


##
[3.0.0](hve-core-v2.3.10...hve-core-v3.0.0)
(2026-02-20)


### ⚠ BREAKING CHANGES

* **skills:** migrate PR reference generation to self-contained skill
([#669](#669))
* restructure RPI collection to HVE Core naming convention
([#668](#668))

### ✨ Features

* **agents:** add agile-coach agent
([#562](#562))
([de8d86c](de8d86c))
* **agents:** add DT coach agent with tiered instruction loading
([#656](#656))
([206d3a7](206d3a7))
* **agents:** add product manager advisor and UX/UI designer agents
([#627](#627))
([539eb8a](539eb8a))
* **agents:** add system architecture reviewer for design trade-offs and
ADR creation ([#626](#626))
([de5cfd6](de5cfd6))
* **build:** pin devcontainer image and align tool parity
([#704](#704))
([6258b1c](6258b1c))
* **design-thinking:** add manufacturing industry context template
([#682](#682))
([ce864bf](ce864bf))
* **instructions:** add DT coaching state protocol for session
persistence ([#654](#654))
([5a5be4e](5a5be4e))
* **instructions:** add dt-coaching-identity ambient instruction
([#642](#642))
([6209a0d](6209a0d))
* **instructions:** add dt-method-01-deep for advanced scope
conversation techniques
([#673](#673))
([cc92ef9](cc92ef9))
* **instructions:** add dt-method-03-deep for advanced input synthesis
techniques ([#676](#676))
([0079a4f](0079a4f))
* **instructions:** add dt-method-09-deep instructions for Method 9
advanced coaching
([#703](#703))
([150b2a6](150b2a6))
* **instructions:** add dt-method-sequencing ambient instruction
([#650](#650))
([e465b2f](e465b2f))
* **instructions:** add dt-quality-constraints and design-thinking
collection ([#645](#645))
([17002bd](17002bd))
* **instructions:** add DT-to-RPI handoff contract specification
([#679](#679))
([87f9962](87f9962))
* **instructions:** add energy industry context template
([#687](#687))
([41088d8](41088d8))
* **instructions:** add healthcare industry context template
([#686](#686))
([b2d5281](b2d5281))
* **instructions:** add Method 1 Scope Conversations coaching knowledge
([#651](#651))
([93e2d48](93e2d48))
* **instructions:** add Method 2 Design Research coaching knowledge
([#652](#652))
([30f7f3b](30f7f3b))
* **instructions:** add Method 3 Input Synthesis coaching knowledge
([#653](#653))
([1efdb7d](1efdb7d))
* **instructions:** add Method 7 High-Fidelity Prototypes coaching
instruction ([#666](#666))
([9233eab](9233eab))
* **instructions:** add pull request instructions for PR generation
workflow ([#706](#706))
([73d23eb](73d23eb))
* **instructions:** create DT curriculum content (9 modules)
([#690](#690))
([9f7378f](9f7378f)),
closes [#617](#617)
* **instructions:** create dt-method-02-deep.instructions.md
([#700](#700))
([4d4d0ca](4d4d0ca))
* **instructions:** create dt-method-06-lofi-prototypes.instructions.md
([#684](#684))
([4d5f757](4d5f757))
* **instructions:** create dt-method-07-deep.instructions.md
([#678](#678))
([d3ec70d](d3ec70d))
* **instructions:** Create dt-method-08-deep.instructions.md
([#683](#683))
([d9e1115](d9e1115))
* **instructions:** create dt-method-08-testing.instructions.md
([#681](#681))
([3008ad8](3008ad8))
* **instructions:** create dt-method-09-iteration.instructions.md
([#685](#685))
([9d7f4f5](9d7f4f5))
* **instructions:** create dt-rpi-research-context.instructions.md
([#689](#689))
([34c7b89](34c7b89))
* **instructions:** create manufacturing reference learning scenario
([#692](#692))
([1bd3994](1bd3994))
* **instructions:** Design Thinking Method 4 brainstorming instruction
file ([#664](#664))
([06f90b0](06f90b0))
* **prompts:** add DT start-project prompt for coaching initialization
([#657](#657))
([ce583d5](ce583d5))
* **prompts:** add dt-resume-coaching prompt for session recovery
([#665](#665))
([11b93cb](11b93cb))
* **prompts:** create dt-handoff-problem-space.prompt.md
([#688](#688))
([277963d](277963d))
* **scripts:** add collection-level maturity field with validation,
gating, and notices
([#697](#697))
([7b1c8e8](7b1c8e8))
* **scripts:** add per-violation CI annotations and colorized console
output ([#637](#637))
([bd7d512](bd7d512))
* **skills:** edit SKILL frontmatter schema, add CI validation, and
documentation ([#625](#625))
([0138a78](0138a78))
* **skills:** mandate unit testing and document language support
([#636](#636))
([9263617](9263617))
* **skills:** migrate PR reference generation to self-contained skill
([#669](#669))
([cf8805f](cf8805f))


### 🐛 Bug Fixes

* **collections:** migrate artifacts into collection-based
subdirectories
([#658](#658))
([dfa5261](dfa5261))
* **instructions:** optimize Phase 1 DT token budgets and close
[#564](https://github.com/microsoft/hve-core/issues/564)/[#565](https://github.com/microsoft/hve-core/issues/565)
gaps ([#675](#675))
([4f42f00](4f42f00))
* **scripts:** add CI annotations and step summary to copyright header
check ([#638](#638))
([5fa6328](5fa6328))
* **scripts:** add grouped link-lang console diagnostics and failure
summary ([#661](#661))
([4d6871f](4d6871f))
* **scripts:** add per-violation Write-Host and Write-CIAnnotation
output to Test-DependencyPinning
([#640](#640))
([9d3b71d](9d3b71d))
* **scripts:** align agent frontmatter schema with VS Code spec
([#469](#469))
([254d445](254d445))
* **scripts:** optimize PSScriptAnalyzer linting performance in WSL2
([#667](#667))
([f120b93](f120b93))
* **scripts:** stabilize YAML display key ordering in collection
manifest ([#701](#701))
([73c0d2c](73c0d2c))
* **scripts:** use text stubs for plugin links when symlinks unavailable
([#695](#695))
([d7650a3](d7650a3))
* **skills:** fix powershell test coverage in pr-reference skill
([#699](#699))
([408e6b7](408e6b7))


### 📚 Documentation

* **dt:** add Method 5 Concepts and Method 6 Lo-Fi Prototypes
instructions ([#693](#693))
([cfdcf11](cfdcf11))
* **hve-guide:** add role-based guides and project lifecycle
documentation ([#663](#663))
([17a85da](17a85da))


### ♻️ Refactoring

* restructure RPI collection to HVE Core naming convention
([#668](#668))
([120dde0](120dde0))
* **scripts:** consolidate duplicate logging into shared SecurityHelpers
module ([#655](#655))
([627a877](627a877))
* **scripts:** use shared SecurityHelpers and CIHelpers modules in
security scripts
([#705](#705))
([3a0baa7](3a0baa7))


### 🔧 Maintenance

* **deps-dev:** bump markdownlint-cli2 from 0.20.0 to 0.21.0 in the
npm-dependencies group
([#609](#609))
([1486dd7](1486dd7))

---
This PR was generated with [Release
Please](https://github.com/googleapis/release-please). See
[documentation](https://github.com/googleapis/release-please#release-please).

Co-authored-by: hve-core-release-please[bot] <254602402+hve-core-release-please[bot]@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

4 participants