- Add report_templates package (_renderer.py) with MD/HTML/PDF/DOCX
support using lazy optional imports (markdown, weasyprint, python-docx)
- Apply Wheels brand colors (#003865/#0066cc) to HTML and DOCX output
- Extend save_report MCP tool with `format` param (default: "md");
binary formats use write_bytes, text formats keep async writer
- Add [report] optional dep group to pyproject.toml for one-step install
- Fix ReportConfig.output_dir default: ./reports → ./output-reports
to align config.py with the codified REPORT_OUTPUT_DIR env setting
Ref: session 2026-04-15 — exec-friendly report output track
BREAKING CHANGE: ReportConfig.output_dir default changed from
./reports to ./output-reports. Environments without REPORT_OUTPUT_DIR
set in .env will write to a different path after this change.
- Created detailed reports for users Nathan Castaldi and Randy Novak.
- Reports include user summaries, directory object information, and raw normalized identity fields.
- Both reports generated from Active Directory on 2026-04-15.
- nexus-mcp/src/shards/reports.py: new async MCP tool that writes
markdown to documentation/output-reports/ with UTC-timestamped
filenames and a path-traversal safety guard
- nexus-mcp/src/main.py: register reports shard gated by ENABLE_REPORTS,
consistent with existing shard loader pattern
- Keeps chat context lightweight for large identity/audit payloads
expected during post-consent validation (ref: SESSION_SNAPSHOT_2026-04-15_2)
- document production-correct AD dual-account and privileged OU handling
- record policy-aware identity confidence implementation status
- capture explainability improvements in identity output semantics
- note Entra admin-consent as external blocker with clean handoff next steps
- ad_adapter.py: emit snake_case keys from PS queries and surface
email via the `mail` attribute in both get_user and search paths
- adapters.py: update ADUserAdapter.to_canonical to consume
normalized keys (e.g. `username`, `last_logon_utc`, `ou`) instead
of raw LDAP names (sAMAccountName, lastLogonTimestamp, dn)
- Resolves field-name alignment tech debt noted in SESSION_SNAPSHOT_2026-04-15
- Created `nexus-work-item-register.md` to establish a canonical registry for NEXUS-XXX work items, including shard assignments and a full work item backlog.
- Added `READ_ONLY_VERIFICATION.md` detailing the results of a security audit confirming zero write capabilities across integrated systems.
- Introduced `RESILIENCE.md` outlining the new enterprise system resilience feature, including automatic retry logic, circuit breaker pattern, and graceful degradation strategies.
- Developed `TEST_VALIDATION_REPORT.md` summarizing the successful rebuild of the Nexus MCP server with full audit shard functionality and comprehensive test results.
- Updated Nexus MCP Tool Inventory with new NEXUS references and improved tool descriptions.
- Added comprehensive README.md for Nexus MCP, detailing architecture, folder structure, and tool references.
- Introduced RESILIENCE.md to document the new enterprise system resilience features, including automatic retry logic and circuit breaker patterns.
- Created TEST_VALIDATION_REPORT.md summarizing test results and server capabilities post-rebuild.
- Established a canonical work item register (nexus-work-item-register.md) to track NEXUS-XXX work items and their statuses.
- Updated scripts to reflect changes in work item references from WIS to NEXUS.
- Update prompt model frontmatter in code-review and feature-add prompts to Claude Sonnet 4.6 (copilot)
- Add a save_report implementation plan prompt to support next-session delivery and clearer handoff context
- Update prompt model frontmatter in code-review and feature-add prompts to Claude Sonnet 4.6 (copilot)
- Add a save_report implementation plan prompt to support next-session delivery and clearer handoff context
- Move setup docs into documentation/ and remove legacy MCP troubleshooting content and ad hoc probe files
- Support the session goal of a cleaner, gated workflow with clearer restart context and less maintenance noise
- Add scripts/update_readme_status.py to generate a deterministic status block, enforce traffic-light shard tables, and validate/fix internal links
- Refactor nexus-mcp/README.md into a managed status layout with standardized WIS traceability and Discipline Drives Quality sections
- Aligns with session goals for operational readiness and disciplined documentation as Nexus-MCP scales
Ref: SESSION_SNAPSHOT_2026-04-13
- Remove generated package outputs from nexus-mcp/dist/*.whl and *.tar.gz
- Remove generated metadata from nexus-mcp/src/nexus_mcp.egg-info/*
- Keep repository source-only and rely on local/CI builds for artifacts
- Update nexus-mcp/pyproject.toml to register the integration pytest marker and keep test execution policy explicit
- Regenerate package metadata and distribution artifacts in nexus-mcp/src/nexus_mcp.egg-info/* and nexus-mcp/dist/*
Ref: Session Snapshot 2026-04-13 — close out pending pytest validation hygiene
- Add conftest.py to inject lib/ onto sys.path, fixing
ModuleNotFoundError on identity test collection
- Add pytest-asyncio to CI install step and pyproject.toml
test extras; set asyncio_mode=auto to resolve 31 async
test failures flagged in session tech debt backlog
- All 35 tests now pass; 8 skipped (live API, expected)
Ref: Session Snapshot 2026-04-13 — "Pytest validation incomplete"
- Implement 4 production-ready audit scan tools in src/shards/audit.py
- scan_status_reconciliation: detect terminated users still enabled in AD
- scan_job_title_drift: detect title mismatches between Workday and AD
- scan_department_mismatches: detect department/cost center drift
- scan_name_variance_mismatches: detect display name inconsistencies
- Add comprehensive integration test suite (tests/integration_test_audit_shard.py)
- Create demo client (test_client.py) and MCP protocol simulator (test_mcp_protocol.py)
- Add tool catalog generator (list_tools.py) for visibility across all 33 registered tools
- Fix Windows console encoding in src/main.py to support emoji in shard status output
- Add version management utility (scripts/bump_version.py) for release automation
- Update workday test imports to use new drift_detection module path
Completes session goal of establishing SOC 2-compliant cross-system drift detection
per SESSION_SNAPSHOT_2026-04-13.md. All audit tools validated against mock data
with expected mismatch scenarios (Bob Martinez, Carol Chen, David Kim cases).
Refs: WIS-014, WIS-015, WIS-016, WIS-017, WIS-018
