feat(reports): bounded attestation PDF cover face (B3b)#644
Merged
Conversation
Make the pdf face KIND-DISPATCHED: an executive report still renders the executive summary PDF; an attestation report now renders a bounded one-page cover (renderAttestationPDF). The attestation cover is O(1) pages regardless of fleet size: - A methodology note (point-in-time, full evidence in the CSV/OSCAL faces). - Aggregate attestation coverage (hosts attested of in-scope) + a framework rollup (compliance %, checks evaluated, pass/fail/skipped/ error), computed by aggregate count(*) FILTER queries over the frozen scans, framework-lensed. - A SAMPLED top-failing list (rules failing on the most hosts, capped at 10) from a grouped distinct-host query. - A footer carrying the snapshot content hash + signing status as the pointer to the bulk faces. Never the per-(host, rule) rows. A host with no completed scan is disclosed as not attested. Rendered via the pure-Go go-pdf/fpdf core fonts (airgap-safe) and cached in report_faces (face pdf) like the other faces. Spec api-reports v1.9.0: C-15 + AC-21 (rollup correctness over a 2-host mix + the %PDF face + caching); C-10 updated (pdf is kind-dispatched, not executive-only); AC-19 wording updated (pdf valid for both kinds).
3 tasks
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Phase B3b makes the
pdfexport face kind-dispatched: an executive report still renders the executive summary PDF; an attestation report now renders a bounded one-page cover (renderAttestationPDF). This is the third attestation face (alongside the B1 CSV extract and the B2 OSCAL SAR) and the human-facing summary that points to the bulk machine-readable bundle.The attestation cover (O(1) pages, regardless of fleet size)
count(*) FILTERqueries over the frozen scans, framework-lensed.Rendered via the pure-Go
go-pdf/fpdfcore fonts (airgap-safe) and cached inreport_faces(facepdf) like the other faces.Spec / tests
api-reportsv1.9.0: new C-15 + AC-21 (rollup correctness over a 2-host pass/fail mix → total 4 / pass 1 / fail 3 / 25% + top-failing order; the%PDFface bytes + caching + framework-lens narrowing). C-10 updated (pdf is kind-dispatched, not executive-only); AC-19 wording updated (pdf valid for both kinds).gofmtsilent,go vetclean,go build ./...clean;specter check111 specs structural,specter check --test0 errors;go test ./internal/report/green.Phase B sequencing note
This ships B3b ahead of the rest of B3. B3a (async generation +
report.readyevent) and B3c (the notification-bell frontend) remain — B3c is the product-sensitive surface (what the bell shows, unread/persistence) and is held for a direction decision rather than guessed. Seedocs/engineering/reports_design.md§12.Validation