Scope Atlas sync and metrics to active BU teams

Problem 1: Atlas sync was querying ALL host_ids from ivanti_findings
regardless of BU, writing 'no plan' entries for ACCESS-OPS hosts that
Atlas doesn't cover. Now the sync respects the user's active teams scope
(passed via query param) and falls back to IVANTI_MANAGED_BUS when no
scope is provided.

Problem 2: Atlas /metrics and /status endpoints returned unscoped data
from the full cache, so changing scope didn't update the Atlas Coverage
donut or badge counts. Both endpoints now accept a teams query param and
JOIN against ivanti_findings to scope results by BU.

Frontend changes:
- fetchAtlasStatus and fetchAtlasMetrics now pass teams param
- Atlas sync button passes active teams to the sync endpoint
- Scope change (adminScope) triggers Atlas data refresh

Also purged 6,461 polluted cache entries for non-managed BU hosts.

frontend/src/components/pages/ReportingPage.js

@@ -6142,7 +6142,11 @@ export default function VulnerabilityTriagePage({ filterDate, filterEXC }) {
 
     const fetchAtlasStatus = useCallback(async () => {
         try {
-            const res = await fetch(`${API_BASE}/atlas/status`, { credentials: 'include' });
+            const teamsParam = getActiveTeamsParam();
+            const url = teamsParam
+                ? `${API_BASE}/atlas/status?teams=${encodeURIComponent(teamsParam)}`
+                : `${API_BASE}/atlas/status`;
+            const res = await fetch(url, { credentials: 'include' });
             if (res.ok) {
                 const data = await res.json();
                 const map = new Map();
@@ -6158,7 +6162,11 @@ export default function VulnerabilityTriagePage({ filterDate, filterEXC }) {
         setAtlasMetricsLoading(true);
         setAtlasMetricsError(null);
         try {
-            const res = await fetch(`${API_BASE}/atlas/metrics`, { credentials: 'include' });
+            const teamsParam = getActiveTeamsParam();
+            const url = teamsParam
+                ? `${API_BASE}/atlas/metrics?teams=${encodeURIComponent(teamsParam)}`
+                : `${API_BASE}/atlas/metrics`;
+            const res = await fetch(url, { credentials: 'include' });
             if (res.ok) {
                 const data = await res.json();
                 setAtlasMetrics(data);
@@ -6269,6 +6277,9 @@ export default function VulnerabilityTriagePage({ filterDate, filterEXC }) {
             .catch(() => {});
         // Also refresh FP workflow counts for the new scope
         fetchFPWorkflowCounts();
+        // Refresh Atlas data for the new scope
+        fetchAtlasStatus();
+        fetchAtlasMetrics();
     }, [adminScope]); // eslint-disable-line
 
     // Set/clear a single column filter
@@ -7185,7 +7196,11 @@ export default function VulnerabilityTriagePage({ filterDate, filterEXC }) {
                                 setAtlasSyncing(true);
                                 setAtlasError(null);
                                 try {
-                                    const res = await fetch(`${API_BASE}/atlas/sync`, { method: 'POST', credentials: 'include' });
+                                    const teamsParam = getActiveTeamsParam();
+                                    const syncUrl = teamsParam
+                                        ? `${API_BASE}/atlas/sync?teams=${encodeURIComponent(teamsParam)}`
+                                        : `${API_BASE}/atlas/sync`;
+                                    const res = await fetch(syncUrl, { method: 'POST', credentials: 'include' });
                                     if (!res.ok) {
                                         const data = await res.json().catch(() => ({}));
                                         throw new Error(data.error || 'Atlas sync failed');