Skip to content

feat(reports): Exception Register kind (Phase C1)#657

Merged
remyluslosius merged 1 commit into
mainfrom
feat/reports-c1-exception-register
Jun 22, 2026
Merged

feat(reports): Exception Register kind (Phase C1)#657
remyluslosius merged 1 commit into
mainfrom
feat/reports-c1-exception-register

Conversation

@remyluslosius

Copy link
Copy Markdown
Contributor

Summary

Phase C1 adds the exception report kind — a point-in-time Compliance/GRC read-model of compliance waivers, the first of the Phase C delivery-spine kinds. It follows the same kind pattern as the attestation work (kind + frozen content + faces + kind-aware body).

What it does

  • Migration 0044 admits kind='exception' on report_snapshots.
  • computeExceptionRegister freezes an ExceptionContent {summary, exceptions[]} over compliance_exceptions, scoped to the in-scope hosts:
    • summary is an exact aggregate by state (total / active / requested / approved / rejected / revoked / expired / expiring_soon), where active = approved and unexpired and expiring_soon = active expiring within 30 days.
    • exceptions[] is one capped row per waiver (host, rule, status, reason, requester + reviewer usernames, requested/reviewed/expires timestamps, active).
  • Faces: CSV is the full register (csvSafe-guarded), PDF is the bounded one-page summary (counts + soonest-expiring sample), JSON is the signed canonical content. pdf/csv are kind-dispatched; oscal_sar is invalid for the kind.
  • Frontend: the kind selector gains Exception Register; the generate body sends kind for any non-executive selection; a kind-aware ExceptionBody renders the waiver summary + a soonest-expiring table; the kind is CSV-led with a PDF-summary secondary.

Spec / tests

  • api-reports v1.12.0 (C-17 / AC-23 — Go DB test over a 5-waiver fixture: summary counts, the CSV register, the %PDF face, oscal_sar ErrInvalidFace).
  • frontend-reports v1.9.0 (C-12 / AC-13 — source-inspection over the selector + ExceptionBody).
  • gofmt/vet/build clean; go test ./internal/report/ green; tsc/eslint/prettier clean; full vitest 335 passed; specter check 112 specs + structural coverage 100%.

Phase C sequencing

This is C1. C2 (Remediation Activity kind, over a period) and C3 (Scheduled dispatcher + email delivery) remain — C3 is the product-design-heavy slice I'll scope with you before building.

Validation

  • gofmt / vet / build / go test
  • tsc / eslint / prettier / vitest (335)
  • specter check + structural coverage (100%)

Add the 'exception' report kind: a point-in-time Compliance/GRC read-model
of compliance waivers, the first of the Phase C delivery-spine kinds.

- Migration 0044 admits kind='exception' on report_snapshots.
- computeExceptionRegister freezes an ExceptionContent {summary,
  exceptions[]} over compliance_exceptions, scoped to the in-scope hosts:
  the summary is an exact aggregate by state (total/active/requested/
  approved/rejected/revoked/expired/expiring_soon; active = approved and
  unexpired, expiring_soon = active within 30 days), and exceptions[] is
  one capped row per waiver with requester/reviewer resolved to usernames.
- Faces: CSV is the full register (csvSafe-guarded), PDF is the bounded
  one-page summary (counts + soonest-expiring sample), JSON is the signed
  canonical content. pdf/csv are kind-dispatched; oscal_sar is invalid for
  the kind.
- Frontend: kind selector gains 'Exception Register'; the generate body
  sends kind for any non-executive selection; a kind-aware ExceptionBody
  renders the waiver summary + soonest-expiring table; the kind is CSV-led
  with a PDF-summary secondary.

Spec: api-reports v1.12.0 (C-17 / AC-23), frontend-reports v1.9.0
(C-12 / AC-13). Go DB test + frontend source-inspection test; full suites
green (report pkg, frontend 335, specter 112 + 100% structural).
@github-actions github-actions Bot added documentation Improvements or additions to documentation frontend tests size/XL labels Jun 22, 2026
@remyluslosius remyluslosius merged commit 802c037 into main Jun 22, 2026
13 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

documentation Improvements or additions to documentation frontend size/XL tests

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant