Skip to content

Commit abf8050

Browse files
committed
feat(web): surface opt-in deep scan; render deep-scan gaps as info
Spec 077 US3 Web UI: present deep scan as an opt-in affordance and render a failed/unavailable deep scanner as informational, never an error — the baseline verdict is authoritative. - Security.vue: info banner clarifying the deterministic baseline is always on and the Docker scanners are an opt-in deep scan that never blocks/degrades it. - ScanReport.vue: DeepScanDescriptor info block (alert-info) listing unavailable deep scanners with an explicit "does not affect the baseline verdict" note. - api.ts: DeepScanDescriptor type + optional deep_scan on the report. Related: Spec 077 (specs/077-scanner-simplification)
1 parent f5dfc3b commit abf8050

3 files changed

Lines changed: 51 additions & 0 deletions

File tree

frontend/src/types/api.ts

Lines changed: 13 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -89,6 +89,19 @@ export interface SecurityScanReport {
8989
pass1_complete?: boolean // Security scan (fast) done
9090
pass2_complete?: boolean // Supply chain audit done
9191
pass2_running?: boolean // Supply chain audit in progress
92+
// Opt-in deep-scan availability (Spec 077 US3). Informational only — a failed
93+
// or unavailable deep scanner never changes the baseline verdict/status.
94+
deep_scan?: DeepScanDescriptor
95+
}
96+
97+
// DeepScanDescriptor reports the informational status of the opt-in "deep scan"
98+
// layer (Docker-based scanners + source extraction) separately from the
99+
// baseline verdict (Spec 077 US3). Rendered as a quiet info note, never an error.
100+
export interface DeepScanDescriptor {
101+
enabled: boolean
102+
ran: boolean
103+
available: boolean
104+
scanners_failed?: { id: string; reason: string }[]
92105
}
93106

94107
// Scan job summary for history listing

frontend/src/views/ScanReport.vue

Lines changed: 18 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -130,6 +130,24 @@
130130
</span>
131131
</div>
132132

133+
<!-- Deep scan (opt-in) availability — Spec 077 US3. Informational ONLY:
134+
a failed or unavailable deep scanner NEVER changes the baseline
135+
verdict above, so it is rendered as info, never an error. -->
136+
<div v-if="report.deep_scan && report.deep_scan.enabled" class="alert alert-info">
137+
<svg class="w-5 h-5 shrink-0" fill="none" stroke="currentColor" viewBox="0 0 24 24">
138+
<path stroke-linecap="round" stroke-linejoin="round" stroke-width="2" d="M13 16h-1v-4h-1m1-4h.01M21 12a9 9 0 11-18 0 9 9 0 0118 0z" />
139+
</svg>
140+
<div>
141+
<div class="font-semibold">Deep scan (optional)</div>
142+
<span v-if="(report.deep_scan.scanners_failed?.length ?? 0) > 0" class="text-sm">
143+
{{ report.deep_scan.scanners_failed!.length }} deep scanner(s) were unavailable this run
144+
({{ report.deep_scan.scanners_failed!.map((f: { id: string; reason: string }) => f.id).join(', ') }}).
145+
This does not affect the baseline verdict shown above.
146+
</span>
147+
<span v-else class="text-sm">Deep scan ran. Its findings are merged into the report above.</span>
148+
</div>
149+
</div>
150+
133151
<!-- Scan incomplete warnings -->
134152
<div v-if="report.scan_complete === false && report.empty_scan" class="alert alert-warning">
135153
<svg class="w-6 h-6" fill="none" stroke="currentColor" viewBox="0 0 24 24">

frontend/src/views/Security.vue

Lines changed: 20 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -24,6 +24,26 @@
2424
</div>
2525
</div>
2626

27+
<!-- Baseline vs. deep scan (Spec 077 US3): the deterministic offline
28+
baseline runs for every server with zero setup; the Docker-based
29+
scanners below are an opt-in "deep scan" that enriches the report but
30+
never blocks or degrades the baseline verdict. -->
31+
<div class="alert alert-info shadow-sm">
32+
<svg class="w-5 h-5 shrink-0" fill="none" stroke="currentColor" viewBox="0 0 24 24">
33+
<path stroke-linecap="round" stroke-linejoin="round" stroke-width="2" d="M13 16h-1v-4h-1m1-4h.01M21 12a9 9 0 11-18 0 9 9 0 0118 0z" />
34+
</svg>
35+
<div>
36+
<div class="font-semibold">Deterministic baseline is always on</div>
37+
<span class="text-sm">
38+
Every server is scanned by the offline baseline engine with no Docker required.
39+
The scanners below are an opt-in <span class="font-medium">deep scan</span> — enable
40+
them (<code class="font-mono text-xs">security.deep_scan.enabled</code>) for extra
41+
source-level analysis. Deep-scan failures are informational and never change the
42+
baseline verdict.
43+
</span>
44+
</div>
45+
</div>
46+
2747
<!-- Scan All Progress Card -->
2848
<div v-if="queueProgress && queueProgress.status !== 'idle'" class="card bg-base-100 shadow-xl">
2949
<div class="card-body">

0 commit comments

Comments
 (0)