Fix compliance-gap signaling: distinct reason for complete vs. partial source coverage

[Copilot]

The compliance_gap risk flag (no source returned SUCCESS) and partial source coverage (not source_results_complete) were collapsed into the same generic "Registry coverage incomplete" reason in route_review(), making them indistinguishable in review queue entries and audit traces.

Changes

• oracle/stages/review.py — Split the combined or condition into two branches: compliance_gap now emits "Compliance gap: no registry source returned a successful result"; partial coverage keeps "Registry coverage incomplete".

# Before
if not source_results_complete or "compliance_gap" in risk_flags:
    reasons.append("Registry coverage incomplete")

# After
if "compliance_gap" in risk_flags:
    reasons.append("Compliance gap: no registry source returned a successful result")
elif not source_results_complete:
    reasons.append("Registry coverage incomplete")

• tests/unit/test_observability_and_compliance_gap.py — Two new tests asserting the distinct reason strings for each branch and verifying no cross-contamination.

• docs/architecture/enterprise-gap-analysis.md — Marks Observability (structured logging), Receipt Lifecycle, Error Handling, and Compliance-gap Signaling as resolved; remaining open items are retry logic, metrics/tracing, durable storage, HMAC signatures, and CI/CD.

• docs/architecture/codex-handoff-summary.md — Updates the "What Codex Did Not Build" list to strike through items that have since been implemented; corrects the receipt generation row from Partial to Complete.

---

💬 Send tasks to Copilot coding agent from Slack and Teams to turn conversations into code. Copilot posts an update in your thread when it's finished.

[chrismaz11]

approved

[Copilot]

Pull request overview

This PR improves review-queue/audit-trace clarity by ensuring compliance-gap signaling (“no registry source returned SUCCESS”) is distinguishable from partial/incomplete source coverage during route_review().

Changes:

• Split route_review() logic so compliance_gap produces a distinct, specific reason string while incomplete coverage retains the generic message.
• Add unit tests to assert the two cases produce distinct reasons without overlap.
• Update architecture docs to mark several enterprise-hardening gaps as resolved and adjust the Codex handoff summary accordingly.

Reviewed changes

Copilot reviewed 4 out of 4 changed files in this pull request and generated 1 comment.

File	Description
src/trustagents/oracle/stages/review.py	Separates compliance-gap vs incomplete-coverage reason selection in review routing.
tests/unit/test_observability_and_compliance_gap.py	Adds tests validating distinct review-routing reasons for compliance gap vs incomplete coverage.
docs/architecture/enterprise-gap-analysis.md	Updates gap status tables/priority list to reflect implemented observability, receipts, errors, and compliance-gap signaling.
docs/architecture/codex-handoff-summary.md	Updates build status items to reflect implemented receipt lifecycle, logging, errors, and compliance-gap handling.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[chrismaz11]

@copilot apply changes based on the comments in this thread