DEMA Consulting tool for automated file-review evidence management in regulated environments.
- π Cryptographic Fingerprinting - SHA256 fingerprints detect content changes automatically
- π Evidence Querying - Queries URL or file-share evidence stores via an
index.jsoncatalogue - π Coverage Reporting - Review plan shows which files are covered and flags uncovered files
- π Status Reporting - Review report shows whether each review-set is Current, Stale, Missing, or Failed
- π Review Elaboration -
--elaborateprints the ID, fingerprint, and file list for a review set - π¦ Enforcement -
--enforceexits non-zero if any review-set is stale or missing, or any file is uncovered - π Re-indexing -
--indexscans PDF evidence files and writes an up-to-dateindex.json - β Self-Validation - Built-in validation tests with TRX and JUnit output
- π Multi-Platform - Builds and runs on Windows, Linux, and macOS
- π― Multi-Runtime - Targets .NET 8, 9, and 10
- π CI/CD Integration - Automate review evidence generation in your pipelines
- π Continuous Compliance - Proves file coverage and currency (Continuous Compliance)
In the Continuous Compliance methodology, every compliance artifact is generated automatically on each CI/CD run. ReviewMark fills the file-review evidence role:
| Artifact | Description |
|---|---|
| Review Plan | Proves every file requiring review is covered by at least one named review-set |
| Review Report | Proves each review-set is current β the review evidence matches the current file-set fingerprint |
These Markdown documents are published as PDF/A-3u release artifacts alongside the requirements trace matrix and code quality report, giving auditors a complete, automatically-maintained evidence package on every release.
Reviews are configured in a .reviewmark.yaml file at the repository root. This file defines
which files require review, where to find the evidence store, and how to group files into
named review-sets:
# .reviewmark.yaml
# Patterns identifying all files in the repository that require review.
# Processed in order; prefix a pattern with '!' to exclude.
needs-review:
- "**/*.cs"
- "**/*.yaml"
- "!**/obj/**" # exclude build output
- "!src/Generated/**" # exclude auto-generated files
evidence-source:
type: url # 'url' or 'fileshare'
location: https://reviews.example.com/evidence/index.json
reviews:
- id: Core-Logic
title: Review of core business logic
paths:
- "src/Core/**/*.cs"
- "src/Core/**/*.yaml"
- "!src/Core/Generated/**"
- id: Security-Layer
title: Review of authentication and authorization
paths:
- "src/Auth/**/*.cs"See THEORY-OF-OPERATIONS.md for the theory of operations including fingerprinting, evidence indexing, and compliance report formats.
Install the tool globally using the .NET CLI:
dotnet tool install -g DemaConsulting.ReviewMark# Display version
reviewmark --version
# Display help
reviewmark --help
# Run self-validation
reviewmark --validate
# Save validation results
reviewmark --validate --results results.trx
# Silent mode with logging
reviewmark --silent --log output.log| Option | Description |
|---|---|
-v, --version |
Display version information |
-?, -h, --help |
Display help message |
--silent |
Suppress console output |
--validate |
Run self-validation |
--results <file> |
Write validation results to file (TRX or JUnit format) |
--log <file> |
Write output to log file |
--definition <file> |
Specify the definition YAML file (default: .reviewmark.yaml) |
--plan <file> |
Write review plan to the specified Markdown file |
--plan-depth <#> |
Set the heading depth for the review plan (default: 1) |
--report <file> |
Write review report to the specified Markdown file |
--report-depth <#> |
Set the heading depth for the review report (default: 1) |
--index <glob-path> |
Index PDF evidence files matching the glob path |
--dir <directory> |
Set the working directory for file operations |
--enforce |
Exit with non-zero code if there are review issues |
--elaborate <id> |
Print a Markdown elaboration of the specified review set |
Running self-validation produces a report containing the following information:
# DEMA Consulting ReviewMark
| Information | Value |
| :------------------ | :------------------------------------------------- |
| Tool Version | <version> |
| Machine Name | <machine-name> |
| OS Version | <os-version> |
| DotNet Runtime | <dotnet-runtime-version> |
| Time Stamp | <timestamp> UTC |
β ReviewMark_VersionDisplay - Passed
β ReviewMark_HelpDisplay - Passed
β ReviewMark_ReviewPlanGeneration - Passed
β ReviewMark_ReviewReportGeneration - Passed
β ReviewMark_IndexScan - Passed
β ReviewMark_WorkingDirectoryOverride - Passed
β ReviewMark_Enforce - Passed
β ReviewMark_Elaborate - Passed
Total Tests: 8
Passed: 8
Failed: 0
Each test in the report proves:
ReviewMark_VersionDisplay---versionoutputs a valid version string.ReviewMark_HelpDisplay---helpoutputs usage and options information.ReviewMark_ReviewPlanGeneration---definition+--plangenerates a review plan.ReviewMark_ReviewReportGeneration---definition+--reportgenerates a review report.ReviewMark_IndexScan---indexscans PDF evidence files and writesindex.json.ReviewMark_WorkingDirectoryOverride---diroverrides the working directory for file operations.ReviewMark_Enforce---enforceexits with non-zero code when reviews have issues.ReviewMark_Elaborate---elaborateprints a Markdown elaboration of a review set.
See the User Guide for more details on the self-validation tests.
On validation failure the tool will exit with a non-zero exit code.
Generated documentation includes:
- Build Notes: Release information and changes
- User Guide: Comprehensive usage documentation
- Code Quality Report: CodeQL and SonarCloud analysis results
- Requirements: Functional and non-functional requirements
- Requirements Justifications: Detailed requirement rationale
- Trace Matrix: Requirements to test traceability
Copyright (c) DEMA Consulting. Licensed under the MIT License. See LICENSE for details.
By contributing to this project, you agree that your contributions will be licensed under the MIT License.