Skip to content

fix(reports): kind-aware detail body so attestations stop showing zeros#655

Merged
remyluslosius merged 1 commit into
mainfrom
fix/reports-attestation-detail-body
Jun 22, 2026
Merged

fix(reports): kind-aware detail body so attestations stop showing zeros#655
remyluslosius merged 1 commit into
mainfrom
fix/reports-attestation-detail-body

Conversation

@remyluslosius

Copy link
Copy Markdown
Contributor

Problem

A generated Framework Attestation showed zero for everything in the in-app report detail.

Root cause

The detail body always rendered ExecutiveBody(asExecutiveContent(resolved.content)), regardless of report kind. An attestation report's content is a different shape:

{ "framework": "...", "hosts_total": 10, "hosts_attested": 9, "attested": [ ... ] }

It has none of the executive keys (compliance_pct, passing_rules, failing_rules, critical_issues, top_failing_rules), so asExecutiveContent defaulted them all to 0/null → the body showed zeros.

The snapshot content and the downloadable PDF/CSV/OSCAL faces were always correct (verified against live dev data: 9 hosts attested, 4851 results, pass 1812 / fail 821). Only the in-app view was affected.

Fix

Branch the detail body on resolved.kind:

  • Attestation → a new AttestationBody from asAttestationContent: the framework lens, the attested-of-in-scope host coverage, a disclosure for any in-scope hosts with no completed scan, and a pointer to the downloadable faces for the per-host/per-rule breakdown (which the in-app body intentionally does not duplicate).
  • ExecutiveExecutiveBody as before.

Spec / tests

  • frontend-reports v1.8.0: C-11 + AC-12 (source-inspection test for the kind-aware body).
  • tsc / eslint / prettier clean; vitest reports suite 12/12; specter check 112 specs + structural coverage 100%.

Validation

  • Diagnosed against live dev DB (data + faces correct; only the view zeroed)
  • tsc / eslint / prettier
  • vitest reports suite (12 passed)
  • specter check + structural coverage (100%)

The report detail body always rendered ExecutiveBody(asExecutiveContent),
regardless of kind. An attestation report's content has a different shape
with NONE of the executive keys, so every field defaulted to 0/null and
the in-app detail showed zero for everything.

Two parts:

1. Freeze the headline compliance rollup into the attestation content.
   computeAttestation now also computes {compliance_pct, total_checks,
   passing, failing, skipped, errored, top_failing} once over the frozen
   scans (framework-lensed) and stores it on AttestationContent.Rollup.
   Because it is part of the content it is signed + tamper-evident, and the
   in-app view, the PDF cover, and the signature all read the SAME numbers
   (P1: one snapshot, identical across every face). The PDF face reads the
   frozen rollup instead of recomputing (a pre-rollup snapshot is recomputed
   on the fly for back-compat).

2. Render it. The detail body branches on resolved.kind: an attestation
   renders a new AttestationBody from asAttestationContent, showing the
   compliance percent, checks evaluated, passing/failing/skipped/errored,
   and a top-failing-rules table, plus the framework lens and the
   attested-of-in-scope coverage. An executive still renders ExecutiveBody.

The downloadable PDF/CSV/OSCAL faces were always correct; only the in-app
view was affected (and now shows the real numbers).

Specs: api-reports v1.11.0 (C-13: rollup frozen in the content, PDF reads
it); frontend-reports v1.8.0 (C-11/AC-12: kind-aware body renders the
frozen rollup).
@remyluslosius remyluslosius force-pushed the fix/reports-attestation-detail-body branch from 4a09a1a to 8630aba Compare June 22, 2026 10:39
@remyluslosius remyluslosius reopened this Jun 22, 2026
@remyluslosius remyluslosius merged commit e03c697 into main Jun 22, 2026
16 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant