Skip to content

docs: complyctl get — duplicate evaluator-id rejection and complypack cache self-healing #178

Description

@sonupreetam

What Changed

Two behavioral changes to complyctl get complypack handling:

1. Duplicate evaluator-id rejection (#647)

complyctl get now validates that no two complypack entries in complytime.yaml resolve to the same evaluator-id. When duplicates are detected, the command exits non-zero with a descriptive error:

Error: duplicate evaluator-id "opa" found in complypack entries:
  - ghcr.io/org-a/complypack-opa@v1
  - ghcr.io/org-b/complypack-opa@v2
remove one of the conflicting entries from complytime.yaml

Previously, duplicate evaluator-ids caused silent last-writer-wins behavior with non-deterministic results.

2. Complypack cache self-healing (#649)

complyctl get now detects when a complypack cache directory has been deleted but state.json still records a matching digest. Instead of permanently skipping the sync, it re-fetches the artifact automatically. This mirrors the existing policy sync pattern.

Pages to update

  • complyctl CLI reference (get command) — document the new validation error
  • complyctl workspace configuration guide — note that duplicate evaluator-ids across complypack entries are rejected
  • Troubleshooting guide (if exists) — add the duplicate evaluator-id error and resolution

Source

Branch: opsx/reject-duplicate-evaluator-id
Related issues: complytime/complyctl#647, complytime/complyctl#649

Metadata

Metadata

Assignees

No one assigned

    Labels

    docsDocumentation updates needed

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    Status
    No status

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions