feat(marketplace-auditor): Wire up the auditor to take actions

[prathameshkurunkar7]

Rework the marketplace audit flow

What this changes

Removes Code Screening entirely. The old static-analysis screener is gone — dashboard components (CodeReview.vue, NewComment.vue), API endpoints, the App Release Approval Code Comments child DocType, screening fields on App Release Approval Request, and the review_stage field on Marketplace App. The Auditor now owns that responsibility.

Makes the Auditor an active decision-maker. On audit completion with a Fail result (and when enable_audit_actions is on in Marketplace Settings - feature flag), it now:

• Yanks the release via the existing Yank mechanism — which blocks deployment and marks the release invalid, without introducing a new status.
• Auto-rejects any open approval requests for that same release with the audit summary as the rejection reason.

Prevents approval requests for already-yanked releases. New guard in AppReleaseApprovalRequest.before_insert avoids resurrecting bad releases into the review queue.

Adds a "Send Report to Publisher" action. Visible on the audit Desk form when result is Fail / Warn / Needs Improvement. Sends a structured Jinja email listing each failing check with severity, category, semgrep occurrences (file, line, rule-id, message), and remediation guidance. A CC option lets reviewers keep a copy(behind feature flag).

Simplifies status ownership. Status now lives in one place per concept — Marketplace App.status for listing lifecycle, App Release.status for release state, Marketplace App Audit.audit_result for audit outcome. No more duplicated/overlapping fields.

Data migration

Added cleanup_code_screening_data patch that nulls legacy screening fields and clears orphaned code-comment rows before bench trim-tables drops the unused columns/tables.

[codecov]

Codecov Report

❌ Patch coverage is 38.09524% with 39 lines in your changes missing coverage. Please review.
✅ Project coverage is 55.88%. Comparing base (499c7c7) to head (fb43a52).
⚠️ Report is 14 commits behind head on develop.

Files with missing lines	Patch %	Lines
...ype/marketplace_app_audit/marketplace_app_audit.py	21.42%	33 Missing ⚠️
press/press/doctype/app_release/app_release.py	0.00%	3 Missing ⚠️
...ctype/marketplace_settings/marketplace_settings.py	0.00%	1 Missing ⚠️
...e_approval_request/app_release_approval_request.py	80.00%	1 Missing ⚠️
...s/press/doctype/marketplace_app/marketplace_app.py	0.00%	1 Missing ⚠️

❌ Your patch status has failed because the patch coverage (38.09%) is below the target coverage (75.00%). You can increase the patch coverage or adjust the target coverage.

Additional details and impacted files

@@             Coverage Diff             @@
##           develop    #6161      +/-   ##
===========================================
- Coverage    55.89%   55.88%   -0.01%     
===========================================
  Files          908      908              
  Lines        75448    75450       +2     
  Branches       515      515              
===========================================
  Hits         42168    42168              
- Misses       33253    33255       +2     
  Partials        27       27              

Flag	Coverage Δ
dashboard	90.74% <100.00%> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[Aradhya-Tripathi]

Maybe auto send report if the app is marked as "Attention Required"

[prathameshkurunkar7]

Will add this later, need to first monitor whether the template being sent is correct or not. Will keep track for a week and then add this.