Skip to content

feat(vulnerabilities): filter to entries with AI assessment available#91

Merged
FrodeHus merged 2 commits into
mainfrom
feat/vulnerabilities-has-assessment-filter
May 21, 2026
Merged

feat(vulnerabilities): filter to entries with AI assessment available#91
FrodeHus merged 2 commits into
mainfrom
feat/vulnerabilities-has-assessment-filter

Conversation

@FrodeHus
Copy link
Copy Markdown
Owner

@FrodeHus FrodeHus commented May 21, 2026

Summary

Adds an AI assessment available filter to the vulnerabilities workbench so analysts can narrow the list to entries that already have a generated VulnerabilityPatchAssessment. Pairs naturally with the in-flight worker — once the timeout fix in #90 lands and the backlog is requeued, this filter lets users zero in on the vulnerabilities that have completed analysis.

Backend

  • VulnerabilityFilterQuery gains HasAssessmentOnly.
  • VulnerabilitiesController filters via VulnerabilityPatchAssessments.Any(a => a.VulnerabilityId == v.Id).

Frontend

  • API function schema, route search schema, list-state (search type + request builder + query key), VulnerabilityTable props.
  • New "AI Assessment" section in the filter drawer with a single checkbox.
  • Active-filter chip "AI assessment available" with one-click clear.
  • Structured-filter count and clear-filters reset updated.
  • Spillover: AnalystTriageWorkbench inline search={...} and list-state.test.ts fixtures updated.

Test plan

  • dotnet test — 866/866 passing
  • npm run typecheck, npm run lint, npm test — all clean
  • Open the vulnerabilities page, toggle the new filter, confirm the list narrows to vulns with at least one row in VulnerabilityPatchAssessments
  • Confirm the chip and structured-filter count update correctly, and "Clear all" resets the toggle

🤖 Generated with Claude Code

@FrodeHus @claude
feat(vulnerabilities): filter to vulnerabilities with AI assessment
0dea45a 
Adds a HasAssessmentOnly filter to the vulnerabilities list so analysts
can narrow the workbench to entries that already have an
AI-generated VulnerabilityPatchAssessment row.

Backend extends VulnerabilityFilterQuery and applies the filter via a
VulnerabilityPatchAssessments lookup in VulnerabilitiesController.

Frontend wires the field through the route search schema, list-state
request builder and query key, the table props, and the filter drawer.
A new "AI Assessment" section in the drawer exposes the toggle; an
"AI assessment available" chip appears in the active-filter row when
it is on, and the structured-filter count and clear-filters handler
both account for it.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
@FrodeHus FrodeHus requested a review from Copilot May 21, 2026 06:16
Copilot AI reviewed May 21, 2026
View reviewed changes
Copy link
Copy Markdown

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Adds a new “AI assessment available” filter to the vulnerabilities workbench, enabling analysts to restrict the list to vulnerabilities that already have a generated VulnerabilityPatchAssessment.

Changes:

  • Backend: VulnerabilityFilterQuery gains HasAssessmentOnly; VulnerabilitiesController applies an EXISTS-style filter against VulnerabilityPatchAssessments.
  • Frontend: wires hasAssessmentOnly through route search schema, API request builder, query keys, and VulnerabilityTable UI (drawer section + active-filter chip).
  • Updates related fixtures/usages (e.g., dashboard workbench link and list-state tests).

Reviewed changes

Copilot reviewed 8 out of 8 changed files in this pull request and generated 2 comments.

Show a summary per file
File Description
src/PatchHound.Api/Models/Vulnerabilities/VulnerabilityFilterQuery.cs Adds HasAssessmentOnly query parameter to the filter model.
src/PatchHound.Api/Controllers/VulnerabilitiesController.cs Filters vulnerabilities to those with a patch assessment when requested.
frontend/src/routes/_authed/vulnerabilities/index.tsx Adds hasAssessmentOnly to route search schema and wires it into the table + clear/apply behavior.
frontend/src/features/vulnerabilities/list-state.ts Includes hasAssessmentOnly in request building and React Query keys.
frontend/src/features/vulnerabilities/list-state.test.ts Updates fixtures to include hasAssessmentOnly in test inputs/expected keys.
frontend/src/components/features/vulnerabilities/VulnerabilityTable.tsx Adds filter drawer section + chip + structured-filter count support for the new filter.
frontend/src/components/features/dashboard/AnalystTriageWorkbench.tsx Updates link search payload to include hasAssessmentOnly.
frontend/src/api/vulnerabilities.functions.ts Extends API function input schema with hasAssessmentOnly.
Comments suppressed due to low confidence (1)

frontend/src/features/vulnerabilities/list-state.test.ts:28

  • The tests only cover hasAssessmentOnly: false. Add a case that sets hasAssessmentOnly: true and asserts buildVulnerabilitiesListRequest includes { hasAssessmentOnly: true } and that vulnerabilityQueryKeys.list(...) changes accordingly, so regressions in this new filter wiring are caught.
describe('buildVulnerabilitiesListRequest', () => {
  it('drops empty filters while preserving explicit booleans and paging', () => {
    expect(
      buildVulnerabilitiesListRequest({
        search: '',
        severity: '',
        status: 'Open',
        source: '',
        ageOperator: '',
        ageHours: '',
        publicExploitOnly: true,
        knownExploitedOnly: false,
        activeAlertOnly: true,
        presentOnly: false,
        hasAssessmentOnly: false,
        page: 2,
        pageSize: 50,
      }),
    ).toEqual({
      status: 'Open',
      publicExploitOnly: true,
      activeAlertOnly: true,
      page: 2,
      pageSize: 50,
    })

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment thread src/PatchHound.Api/Controllers/VulnerabilitiesController.cs
Comment thread frontend/src/components/features/vulnerabilities/VulnerabilityTable.tsx Outdated
@FrodeHus @claude
fix(vulnerabilities): cover HasAssessmentOnly filter + align drawer r…
03373b5 
…eset

Addresses PR #91 review feedback:

- Adds a VulnerabilitiesController test seeding both an assessed and
  unassessed vulnerability, verifying HasAssessmentOnly=true returns
  only the assessed one and the unfiltered call returns both.
- Adds a positive list-state test confirming
  buildVulnerabilitiesListRequest emits hasAssessmentOnly when enabled.
- Aligns the filter drawer's "Reset draft" to set presentOnly: true,
  matching the page-level clear and the route default
  (searchBooleanTrueSchema). Drawer reset and page-level clear now
  produce the same applied state.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
@FrodeHus FrodeHus merged commit 473f980 into main May 21, 2026
2 checks passed
@FrodeHus FrodeHus deleted the feat/vulnerabilities-has-assessment-filter branch May 21, 2026 06:24
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@FrodeHus