fix(reports): kind-aware detail body so attestations stop showing zeros#655
Merged
Merged
Conversation
The report detail body always rendered ExecutiveBody(asExecutiveContent),
regardless of kind. An attestation report's content has a different shape
with NONE of the executive keys, so every field defaulted to 0/null and
the in-app detail showed zero for everything.
Two parts:
1. Freeze the headline compliance rollup into the attestation content.
computeAttestation now also computes {compliance_pct, total_checks,
passing, failing, skipped, errored, top_failing} once over the frozen
scans (framework-lensed) and stores it on AttestationContent.Rollup.
Because it is part of the content it is signed + tamper-evident, and the
in-app view, the PDF cover, and the signature all read the SAME numbers
(P1: one snapshot, identical across every face). The PDF face reads the
frozen rollup instead of recomputing (a pre-rollup snapshot is recomputed
on the fly for back-compat).
2. Render it. The detail body branches on resolved.kind: an attestation
renders a new AttestationBody from asAttestationContent, showing the
compliance percent, checks evaluated, passing/failing/skipped/errored,
and a top-failing-rules table, plus the framework lens and the
attested-of-in-scope coverage. An executive still renders ExecutiveBody.
The downloadable PDF/CSV/OSCAL faces were always correct; only the in-app
view was affected (and now shows the real numbers).
Specs: api-reports v1.11.0 (C-13: rollup frozen in the content, PDF reads
it); frontend-reports v1.8.0 (C-11/AC-12: kind-aware body renders the
frozen rollup).
4a09a1a to
8630aba
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Problem
A generated Framework Attestation showed zero for everything in the in-app report detail.
Root cause
The detail body always rendered
ExecutiveBody(asExecutiveContent(resolved.content)), regardless of report kind. An attestation report's content is a different shape:{ "framework": "...", "hosts_total": 10, "hosts_attested": 9, "attested": [ ... ] }It has none of the executive keys (
compliance_pct,passing_rules,failing_rules,critical_issues,top_failing_rules), soasExecutiveContentdefaulted them all to0/null→ the body showed zeros.The snapshot content and the downloadable PDF/CSV/OSCAL faces were always correct (verified against live dev data: 9 hosts attested, 4851 results, pass 1812 / fail 821). Only the in-app view was affected.
Fix
Branch the detail body on
resolved.kind:AttestationBodyfromasAttestationContent: the framework lens, the attested-of-in-scope host coverage, a disclosure for any in-scope hosts with no completed scan, and a pointer to the downloadable faces for the per-host/per-rule breakdown (which the in-app body intentionally does not duplicate).ExecutiveBodyas before.Spec / tests
frontend-reportsv1.8.0: C-11 + AC-12 (source-inspection test for the kind-aware body).tsc/eslint/prettierclean;vitestreports suite 12/12;specter check112 specs + structural coverage 100%.Validation