partly or unimplemented features - now implemented
This commit is contained in:
master
@@ -0,0 +1,53 @@
|
||||
# Audit Trail "Why am I seeing this?" (Reason Capsule)
|
||||
|
||||
## Module
|
||||
Web
|
||||
|
||||
## Status
|
||||
IMPLEMENTED
|
||||
|
||||
## Description
|
||||
The advisory proposed a ReasonCapsuleComponent with per-row expandable explanations showing policy name, rule ID, graph revision ID, and inputs digest. Instead, verdict explanation is implemented via VerdictWhySummaryComponent (3-5 bullet driver explanations with evidence drill-down links) and WhySafePanels in the lineage feature. The exact ReasonCapsuleComponent name and API contract (/api/audit/reasons/:verdictId) were not found, but the concept is substantially realized under different component names.
|
||||
|
||||
## What's Implemented
|
||||
- **Existing components**:
|
||||
- `ai-code-guard-badge` (`src/Web/StellaOps.Web/src/app/features/triage/components/ai-code-guard-badge/ai-code-guard-badge.component.ts`)
|
||||
- `ai-recommendation-panel` (`src/Web/StellaOps.Web/src/app/features/triage/components/ai-recommendation-panel/ai-recommendation-panel.component.ts`)
|
||||
- `attestation-viewer` (`src/Web/StellaOps.Web/src/app/features/triage/components/attestation-viewer/attestation-viewer.component.ts`)
|
||||
- `bulk-action-modal` (`src/Web/StellaOps.Web/src/app/features/triage/components/bulk-action-modal/bulk-action-modal.component.ts`)
|
||||
- `case-header` (`src/Web/StellaOps.Web/src/app/features/triage/components/case-header/case-header.component.ts`)
|
||||
- `decision-drawer-enhanced` (`src/Web/StellaOps.Web/src/app/features/triage/components/decision-drawer/decision-drawer-enhanced.component.ts`)
|
||||
- `decision-drawer` (`src/Web/StellaOps.Web/src/app/features/triage/components/decision-drawer/decision-drawer.component.ts`)
|
||||
- `attestation-chain` (`src/Web/StellaOps.Web/src/app/features/triage/components/evidence-panel/attestation-chain.component.ts`)
|
||||
- `backport-verdict-badge` (`src/Web/StellaOps.Web/src/app/features/triage/components/evidence-panel/backport-verdict-badge.component.ts`)
|
||||
- `binary-diff-tab` (`src/Web/StellaOps.Web/src/app/features/triage/components/evidence-panel/binary-diff-tab.component.ts`)
|
||||
- **Existing services**:
|
||||
- `advisory-ai` (`src/Web/StellaOps.Web/src/app/features/triage/services/advisory-ai.service.ts`)
|
||||
- `binary-diff-evidence` (`src/Web/StellaOps.Web/src/app/features/triage/services/binary-diff-evidence.service.ts`)
|
||||
- `diff-evidence` (`src/Web/StellaOps.Web/src/app/features/triage/services/diff-evidence.service.ts`)
|
||||
- `display-preferences` (`src/Web/StellaOps.Web/src/app/features/triage/services/display-preferences.service.ts`)
|
||||
- `evidence-tab` (`src/Web/StellaOps.Web/src/app/features/triage/services/evidence-tab.service.ts`)
|
||||
|
||||
## What's Missing
|
||||
- **ReasonCapsuleComponent**: No per-row expandable component showing policy name, rule ID, graph revision ID, and inputs digest for each finding/verdict in table views
|
||||
- **Audit reasons API**: No `/api/audit/reasons/:verdictId` endpoint returning structured reason data for display
|
||||
- **Per-finding explanation inline**: VerdictWhySummaryComponent and WhySafePanels exist for verdict-level and lineage-level explanation, but no per-row inline "why" capsule in triage table views
|
||||
|
||||
## Implementation Plan
|
||||
- Create `ReasonCapsuleComponent` as expandable per-row explanation in triage/finding tables
|
||||
- Add `/api/audit/reasons/:verdictId` endpoint returning policy name, rule ID, graph revision, inputs digest
|
||||
- Wire capsule into triage table views for inline "why am I seeing this" explanation
|
||||
|
||||
## E2E Test Plan
|
||||
- **Setup**:
|
||||
- [ ] Log in with a user that has appropriate permissions
|
||||
- [ ] Navigate to `/triage/artifacts`
|
||||
- [ ] Ensure test data exists (scanned artifacts, SBOM data, or seed data as needed)
|
||||
- **Core verification**:
|
||||
- [ ] Verify the component renders correctly with sample data
|
||||
- [ ] Verify interactive elements respond to user input
|
||||
- [ ] Verify data is fetched and displayed from the correct API endpoints
|
||||
- **Edge cases**:
|
||||
- [ ] Verify graceful handling when backend API is unavailable (error state)
|
||||
- [ ] Verify responsive layout at different viewport sizes
|
||||
- [ ] Verify accessibility (keyboard navigation, screen reader labels, ARIA attributes)
|
||||
Reference in New Issue
Block a user