stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity

save progress

Browse Source
This commit is contained in:
StellaOps Bot
2026-01-03 15:27:15 +02:00
parent d486d41a48
commit bc4dd4f377
70 changed files with 8531 additions and 653 deletions
Download Patch File Download Diff File Expand all files Collapse all files

57
docs/implplan/archived/2026-01-03-completed-sprints/COMPLETION_SUMMARY.md Normal file
View File

@@ -0,0 +1,57 @@
# Sprint Completion Summary - 2026-01-03
## SPRINT_20260103_001_FE - Filter Presets & Patch Map Explorer
**Status:** ✅ COMPLETE (All 11 tasks)
### Overview
Implemented two UX polish features for the vulnerability explorer:
1. **Filter Preset Pills** - Always-visible filter chips with URL synchronization for shareable filter states
2. **Patch Map Explorer** - Interactive heatmap showing vendor backport coverage across fleet
### Key Deliverables
#### Filter Presets (4 tasks)
- Extended `TriageFilters` with noise-gating fields (runtimeExecuted, environment, backportProved, semverMismatch)
- Created 7 standard presets: actionable, prod-runtime, backport-verified, critical-only, needs-review, vex-applied, all-findings
- `FilterUrlSyncService` for bidirectional URL synchronization
- `FilterPresetPillsComponent` with horizontal scrolling and copy URL
#### Patch Coverage Backend (3 tasks)
- Added 3 interface methods to `IDeltaSignatureRepository`
- Implemented PostgreSQL aggregation queries with CTEs
- Created `PatchCoverageController` with 3 REST endpoints:
- `GET /api/v1/stats/patch-coverage` - Aggregated coverage by CVE
- `GET /api/v1/stats/patch-coverage/{cveId}/details` - Function-level breakdown
- `GET /api/v1/stats/patch-coverage/{cveId}/matches` - Paginated affected images
#### Patch Map Frontend (4 tasks)
- Created `patch-coverage.models.ts` and `patch-coverage.client.ts`
- Created `PatchMapComponent` with heatmap, details, and matches views
- Added route `/analyze/patch-map` and navigation entry
- Linked from `binary-evidence-panel` header
### Files Created
| Location | Files |
|----------|-------|
| Frontend | `filter-preset.models.ts`, `filter-preset-pills.component.ts`, `filter-url-sync.service.ts`, `patch-coverage.models.ts`, `patch-coverage.client.ts`, `patch-map.component.ts` |
| Backend | `PatchCoverageController.cs` |
### Files Modified
| File | Change |
|------|--------|
| `evidence-subgraph.models.ts` | Added noise-gating fields |
| `app.routes.ts` | Added patch-map route |
| `navigation.config.ts` | Added Patch Map nav entry |
| `binary-evidence-panel.component.ts` | Added Patch Map link |
| `IDeltaSignatureRepository.cs` | Added 3 methods + 6 DTOs |
| `DeltaSignatureRepository.cs` | Implemented aggregation queries |
| `BinaryIndex.WebService.csproj` | Added Persistence project reference |
### Decisions
- CSS Grid for heatmap (accessibility compliance)
- Severity-based color coding (critical=red, high=orange, medium=yellow, low=blue, safe=green)
### Build Status
- Backend: ✅ Builds successfully (0 errors)
- Frontend: ⚠️ Pre-existing errors in other components (not sprint-related)

111
docs/implplan/archived/2026-01-03-completed-sprints/SPRINT_20260103_001_FE_preset_pills_patch_map.md Normal file
View File

@@ -0,0 +1,111 @@
# Sprint 20260103_001_FE_preset_pills_patch_map - Filter Presets & Patch Map Explorer
## Topic & Scope
- Implement two UX polish features identified from product advisory feedback:
1. **Filter Preset Pills**: Always-visible filter chips above triage results with URL synchronization for shareable filter states
2. **Patch Map Explorer**: Interactive heatmap showing vendor backport coverage across fleet with drill-down to function-level and affected images
- **Working directory:** `src/Web/StellaOps.Web` (Frontend), `src/BinaryIndex` (Backend)
## Dependencies & Concurrency
- Extends existing `TriageFilters` model in vuln-explorer feature
- Requires delta signature data in BinaryIndex for patch coverage queries
- Can run independently of other sprints
## Documentation Prerequisites
- `docs/modules/binary-index/architecture.md`
- `docs/modules/vuln-explorer/architecture.md`
## Delivery Tracker
| # | Task ID | Status | Key dependency / next step | Owners | Task Definition |
| --- | --- | --- | --- | --- | --- |
| 1 | FE-PRESET-001 | DONE | N/A | FE | Extend TriageFilters model with noise-gating fields |
| 2 | FE-PRESET-002 | DONE | FE-PRESET-001 | FE | Create filter-preset.models.ts with 7 presets |
| 3 | FE-PRESET-003 | DONE | FE-PRESET-002 | FE | Create FilterUrlSyncService for URL synchronization |
| 4 | FE-PRESET-004 | DONE | FE-PRESET-003 | FE | Create FilterPresetPillsComponent |
| 5 | BE-PATCH-001 | DONE | N/A | BE | Add interface methods to IDeltaSignatureRepository |
| 6 | BE-PATCH-002 | DONE | BE-PATCH-001 | BE | Implement aggregation queries in DeltaSignatureRepository |
| 7 | BE-PATCH-003 | DONE | BE-PATCH-002 | BE | Create PatchCoverageController with 3 endpoints |
| 8 | FE-PATCH-001 | DONE | BE-PATCH-003 | FE | Create patch-coverage.models.ts and HTTP client |
| 9 | FE-PATCH-002 | DONE | FE-PATCH-001 | FE | Create PatchMapComponent with heatmap view |
| 10 | FE-PATCH-003 | DONE | FE-PATCH-002 | FE | Add routing and navigation entry |
| 11 | INT-001 | DONE | FE-PATCH-003 | FE | Link from binary-evidence-panel to Patch Map |
## Execution Log
| Date (UTC) | Update | Owner |
| --- | --- | --- |
| 2026-01-03 | Sprint created; plan approved | Planning |
| 2026-01-03 | FE-PRESET-001: Extended TriageFilters with runtimeExecuted, environment, backportProved, semverMismatch | Implementer |
| 2026-01-03 | FE-PRESET-002: Created filter-preset.models.ts with 7 presets including prod-runtime and backport-verified | Implementer |
| 2026-01-03 | FE-PRESET-003: Created FilterUrlSyncService with signal-based URL sync | Implementer |
| 2026-01-03 | FE-PRESET-004: Created FilterPresetPillsComponent with horizontal scroll and copy URL | Implementer |
| 2026-01-03 | BE-PATCH-001: Added GetPatchCoverageAsync, GetPatchCoverageDetailsAsync, GetMatchingImagesAsync to IDeltaSignatureRepository | Implementer |
| 2026-01-03 | BE-PATCH-002: Implemented PostgreSQL aggregation queries with CTEs in DeltaSignatureRepository | Implementer |
| 2026-01-03 | BE-PATCH-003: Created PatchCoverageController with 3 REST endpoints | Implementer |
| 2026-01-03 | FE-PATCH-001: Created patch-coverage.models.ts and patch-coverage.client.ts | Implementer |
| 2026-01-03 | FE-PATCH-002: Created PatchMapComponent with heatmap, details, and matches views | Implementer |
| 2026-01-03 | FE-PATCH-003: Added route /analyze/patch-map and navigation entry under Analyze section | Implementer |
| 2026-01-03 | INT-001: Added Patch Map link in binary-evidence-panel header | Implementer |
| 2026-01-03 | Fixed missing Persistence project reference in BinaryIndex.WebService.csproj; backend build verified | Implementer |
## Decisions & Risks
- Decision: Use CSS Grid for heatmap instead of Canvas/SVG for accessibility compliance
- Decision: Color coding follows severity palette (critical=red, high=orange, medium=yellow, low=blue, safe=green)
- Risk: Large fleet datasets may require pagination optimization; mitigated with server-side aggregation and limits
## Files Created
### Frontend
| File | Purpose |
|------|---------|
| `src/Web/.../vuln-explorer/components/filter-preset-pills/filter-preset.models.ts` | Preset definitions and URL serialization |
| `src/Web/.../vuln-explorer/services/filter-url-sync.service.ts` | Bidirectional URL sync service |
| `src/Web/.../vuln-explorer/components/filter-preset-pills/filter-preset-pills.component.ts` | Preset pills UI component |
| `src/Web/.../core/api/patch-coverage.models.ts` | TypeScript models for patch coverage |
| `src/Web/.../core/api/patch-coverage.client.ts` | HTTP client for patch coverage API |
| `src/Web/.../features/binary-index/patch-map.component.ts` | Main heatmap component |
### Backend
| File | Purpose |
|------|---------|
| `src/BinaryIndex/.../Controllers/PatchCoverageController.cs` | REST endpoints for patch coverage |
## Files Modified
### Frontend
| File | Change |
|------|--------|
| `src/Web/.../vuln-explorer/models/evidence-subgraph.models.ts` | Added noise-gating fields to TriageFilters |
| `src/Web/.../app.routes.ts` | Added /analyze/patch-map route |
| `src/Web/.../core/navigation/navigation.config.ts` | Added Patch Map nav entry |
| `src/Web/.../features/scans/binary-evidence-panel.component.ts` | Added link to Patch Map |
### Backend
| File | Change |
|------|--------|
| `src/BinaryIndex/.../Repositories/IDeltaSignatureRepository.cs` | Added 3 interface methods and 6 DTO records |
| `src/BinaryIndex/.../Repositories/DeltaSignatureRepository.cs` | Implemented aggregation queries |
## API Endpoints
| Method | Endpoint | Purpose |
|--------|----------|---------|
| GET | `/api/v1/stats/patch-coverage` | Aggregated coverage by CVE (heatmap data) |
| GET | `/api/v1/stats/patch-coverage/{cveId}/details` | Function-level breakdown |
| GET | `/api/v1/stats/patch-coverage/{cveId}/matches` | Paginated affected images |
## Filter Presets
| Preset | Description | Filters Applied |
|--------|-------------|-----------------|
| `actionable` | High-priority actionable items | reachable, unpatched, critical/high |
| `prod-runtime` | Prod-only runtime executed | runtimeExecuted=true, environment=prod |
| `backport-verified` | Patched-but-unbumped backport | backportProved=true, semverMismatch=true |
| `critical-only` | Critical severity only | severity=critical |
| `needs-review` | Items needing VEX review | unvexed or conflicting |
| `vex-applied` | VEX decisions applied | vexed status |
| `all-findings` | All findings unfiltered | no filters |
## Next Checkpoints
- Integration testing with real fleet data
- Performance testing with large CVE datasets
- User acceptance testing for heatmap usability