feat: enterprise policy config, enhanced compliance report, and PR fix suggestions

[shenxianpeng]

Summary

Three major enhancements for enterprise adoption and developer experience.

---

1. Enterprise .ods.yaml Policy Configuration (P1)

Enterprises won't accept hardcoded rules. This adds a fully configurable policy system with three built-in profiles:

Profile	AI Disclosure	Commit Scope	Tickets	Best For
oss	Optional	Optional	No	Open-source projects
enterprise	Required	Required	No	Most teams (default)
regulated	Required	Required	Yes	Finance, healthcare, gov

New internal/policy package:

• Policy struct with Branch, PR, Commit, AIDisclosure, SeverityMap config
• Merge strategy: profile preset → .ods.yaml → CLI flags
• LoadPolicy() / LoadPolicyFromFile() / GetSeverity()

Policy-aware validators:

• ValidateBranchWithPolicy(name, *Policy) — uses allowed types, ticket requirement
• ValidateCommitMessageWithPolicy(msg, *Policy) — uses allowed types, scope requirement, subject length
• ValidatePRDescriptionWithPolicy(body, *Policy) — uses required sections, AI disclosure rules

CLI flags:

• --profile oss|enterprise|regulated — select compliance profile
• --policy <file> — explicit policy file path

Example:

ods validate branch feature/add-oauth --profile regulated
ods report --profile enterprise

---

2. Enhanced ODS Compliance Report (P2)

The HTML report now includes:

• 🎯 Compliance score gauge — color-coded bar (green ≥80, orange ≥50, red <50)
• 📊 4 summary cards — Status, Score, Policy, Fix Suggestions count
• 🎨 Professional styling — cards, color-coded results, responsive layout
• 🔧 Fix Suggestions section — with copy-paste templates and 📋 Copy button
• 📋 Policy info footer

The SVG badge now shows policy prefix (ODS-OSS/ENT/REG) and N/100 score.

The Markdown report includes policy info and auto-generated fix suggestions.

The JSON includes policy_profile and fix_suggestions arrays.

---

3. PR Auto-fix Suggestions (P3)

When validation fails, the tool now generates copy-paste fix templates:

• 14 distinct fix scenarios covering branch naming, commit message, and PR description failures
• Templates are policy-aware (e.g., commit scope required only for enterprise/regulated profiles)
• Fix suggestions appear in:
  • CLI output (ods validate)
  • Markdown report (shown in PR comments)
  • HTML dashboard (with copy buttons)
  • JSON evidence

Example PR comment snippet:

## 🔧 Fix Suggestions

### Branch naming
**1. Use a valid branch type**
Replace 'feat' with one of: feature, bugfix, hotfix, release, chore

feature/add-oauth-login

---

Files Changed

File	Change
internal/policy/policy.go	New: 368 lines — Policy struct, profiles, merge logic
internal/policy/policy_test.go	New: 191 lines — Comprehensive tests
internal/validator/validator.go	+281/-130 — Policy-aware validation, FixSuggestion struct
internal/report/report.go	+567 lines — Enhanced HTML, Markdown, SVG, JSON with fix suggestions
internal/cmd/root.go	Added --profile and --policy flags
internal/cmd/report.go	Policy loading integration
internal/cmd/validate.go	Policy-aware validate commands + fix suggestion output

Testing

go test ./...  — all packages pass

Includes new internal/policy test suite with 7 test functions covering profile presets, file loading, merging, severity defaults, and discovery.