feat(reports): Exception Register kind (Phase C1)#657
Merged
Conversation
Add the 'exception' report kind: a point-in-time Compliance/GRC read-model
of compliance waivers, the first of the Phase C delivery-spine kinds.
- Migration 0044 admits kind='exception' on report_snapshots.
- computeExceptionRegister freezes an ExceptionContent {summary,
exceptions[]} over compliance_exceptions, scoped to the in-scope hosts:
the summary is an exact aggregate by state (total/active/requested/
approved/rejected/revoked/expired/expiring_soon; active = approved and
unexpired, expiring_soon = active within 30 days), and exceptions[] is
one capped row per waiver with requester/reviewer resolved to usernames.
- Faces: CSV is the full register (csvSafe-guarded), PDF is the bounded
one-page summary (counts + soonest-expiring sample), JSON is the signed
canonical content. pdf/csv are kind-dispatched; oscal_sar is invalid for
the kind.
- Frontend: kind selector gains 'Exception Register'; the generate body
sends kind for any non-executive selection; a kind-aware ExceptionBody
renders the waiver summary + soonest-expiring table; the kind is CSV-led
with a PDF-summary secondary.
Spec: api-reports v1.12.0 (C-17 / AC-23), frontend-reports v1.9.0
(C-12 / AC-13). Go DB test + frontend source-inspection test; full suites
green (report pkg, frontend 335, specter 112 + 100% structural).
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Phase C1 adds the
exceptionreport kind — a point-in-time Compliance/GRC read-model of compliance waivers, the first of the Phase C delivery-spine kinds. It follows the same kind pattern as the attestation work (kind + frozen content + faces + kind-aware body).What it does
kind='exception'onreport_snapshots.computeExceptionRegisterfreezes anExceptionContent {summary, exceptions[]}overcompliance_exceptions, scoped to the in-scope hosts:total / active / requested / approved / rejected / revoked / expired / expiring_soon), whereactive= approved and unexpired andexpiring_soon= active expiring within 30 days.csvSafe-guarded), PDF is the bounded one-page summary (counts + soonest-expiring sample), JSON is the signed canonical content.pdf/csvare kind-dispatched;oscal_saris invalid for the kind.kindfor any non-executive selection; a kind-awareExceptionBodyrenders the waiver summary + a soonest-expiring table; the kind is CSV-led with a PDF-summary secondary.Spec / tests
api-reportsv1.12.0 (C-17 / AC-23 — Go DB test over a 5-waiver fixture: summary counts, the CSV register, the %PDF face,oscal_sarErrInvalidFace).frontend-reportsv1.9.0 (C-12 / AC-13 — source-inspection over the selector +ExceptionBody).gofmt/vet/buildclean;go test ./internal/report/green;tsc/eslint/prettierclean; fullvitest335 passed;specter check112 specs + structural coverage 100%.Phase C sequencing
This is C1. C2 (Remediation Activity kind, over a period) and C3 (Scheduled dispatcher + email delivery) remain — C3 is the product-design-heavy slice I'll scope with you before building.
Validation