jramos/cve-dashboard
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
a61d254ff998e6243295bf5a413f75ab8e54c5d8
cve-dashboard/.kiro/specs/vcl-multi-vertical-upload/tasks.md
Jordan Ramos 8ebd7e4d5e Auto-sync .kiro/ from master (post-checkout hook)
2026-05-19 15:01:25 -06:00

6.5 KiB
Raw Blame History

Tasks: VCL Multi-Vertical Upload

Phase 1: Database & Backend Foundation

  • 1. Create migration script backend/migrations/add_vcl_multi_vertical.js

    • Add vertical column to compliance_items (TEXT, nullable, indexed)
    • Add vertical column to compliance_uploads (TEXT, nullable)
    • Create vcl_multi_vertical_summary table
    • Create indexes for vertical-based queries

  • 2. Add parseVerticalFilename() helper to backend/helpers/vclHelpers.js

    • Extract vertical code and report date from filename pattern
    • Handle edge cases (no match, single-word verticals like "SR")
    • Export for testing

  • 3. Implement vertical-scoped persistMultiVerticalUpload() in compliance route

    • Accept items + vertical + summary + metadata
    • Query active items filtered by WHERE vertical = $1
    • Upsert new/recurring items with vertical tag
    • Resolve only items within the same vertical
    • Create/update compliance_snapshots for the vertical
    • Store summary entries in vcl_multi_vertical_summary

  • 4. Implement POST /api/compliance/vcl-multi/preview endpoint

    • Accept multiple files via multer .array('files', 14)
    • Parse each file with existing Python parser
    • Extract vertical from filename for each
    • Compute per-vertical scoped diff
    • Store parsed data in temp files
    • Return batch preview response

  • 5. Implement POST /api/compliance/vcl-multi/commit endpoint

    • Read temp files for each file in batch
    • Commit all in a single transaction using persistMultiVerticalUpload()
    • Rollback entire batch on any failure
    • Clean up temp files
    • Audit log the batch commit

Phase 2: Reporting Endpoints

  • 6. Implement GET /api/compliance/vcl-multi/stats endpoint

    • Aggregate across all verticals where vertical IS NOT NULL
    • Compute total/compliant/non-compliant/compliance_pct
    • Compute donut (blocked vs in-progress)
    • Compute per-vertical breakdown with burndown
    • Return structured response

  • 7. Implement GET /api/compliance/vcl-multi/trend endpoint

    • Query compliance_snapshots for multi-vertical data
    • Aggregate monthly compliance % across verticals
    • Compute linear regression forecast (3+ months)
    • Return monthly data points

  • 8. Implement GET /api/compliance/vcl-multi/vertical/:code/metrics endpoint

    • Query vcl_multi_vertical_summary for latest upload of that vertical
    • Group by category
    • Return per-metric breakdown

  • 9. Implement GET /api/compliance/vcl-multi/vertical/:code/metric/:metricId/devices endpoint

    • Query compliance_items filtered by vertical + metric_id + status = 'active'
    • Include resolution_date, remediation_plan, seen_count, first/last seen
    • Return device list

  • 10. Implement GET /api/compliance/vcl-multi/vertical/:code/burndown endpoint

    • Query non-compliant items for vertical
    • Compute monthly forecast from resolution_date values
    • Return burndown data with blocker count

Phase 3: Frontend — Upload Modal

  • 11. Create MultiVerticalUploadModal.js component

    • Multi-file drag-drop zone (accept .xlsx, max 14 files)
    • Filename parsing with vertical/date extraction on selection
    • Display file list with detected vertical, date, status
    • Allow removing individual files from batch
    • Handle unrecognized filenames (manual vertical assignment)

  • 12. Implement preview phase in upload modal

    • Call POST /preview with all files
    • Display batch preview table: filename, vertical, items, diff
    • Show totals row (total new, total recurring, total resolved)
    • Error display for files that failed parsing

  • 13. Implement commit phase in upload modal

    • Confirm button triggers POST /commit
    • Loading state during commit
    • Success state with summary of what was committed
    • Error state with rollback messaging

Phase 4: Frontend — Report Page

  • 14. Create VCLMultiVerticalPage.js page component (named CCPMetricsPage.js)

    • Add to NavDrawer with appropriate icon
    • Page layout: stats bar, charts row, vertical table
    • Fetch data from /vcl-multi/stats on mount
    • Loading and empty states

  • 15. Implement VCLMultiStatsBar component

    • Total Devices, Compliant, Non-Compliant, Current %, Target %
    • Match existing VCL stats bar styling

  • 16. Implement VCLMultiVerticalTable component

    • One row per vertical: name, compliance %, non-compliant, total, last upload date
    • Sortable columns
    • Click row to drill down
    • Burndown forecast columns (monthly)
    • Blockers column

  • 17. Implement VCLMultiTrendChart component (recharts)

    • Monthly bars for compliant count
    • Solid line for actual compliance %
    • Dashed line for forecast %
    • Reference line for target %
    • Match existing chart styling

  • 18. Implement VCLMultiDonutChart component (recharts)

    • Blocked vs In-Progress segments
    • Center label with total non-compliant
    • Match existing donut styling

Phase 5: Frontend — Drill-Down Views

  • 19. Implement VerticalDetailView component

    • Triggered when a vertical row is clicked
    • Fetch /vertical/:code/metrics
    • Display per-metric table grouped by category
    • Click metric to drill further
    • Back button to return to overview

  • 20. Implement MetricDeviceList component

    • Triggered when a metric row is clicked
    • Fetch /vertical/:code/metric/:metricId/devices
    • Display device table: hostname, IP, type, team, seen_count, dates
    • Resolution date inline editing
    • Back button to return to metric view

  • 21. Implement VerticalBurndownChart component

    • Displayed in VerticalDetailView
    • Fetch /vertical/:code/burndown
    • Bar chart: monthly remediation projections
    • Annotation for blockers count
    • Projected clear date label

Phase 6: Testing & Documentation

  • 22. Write property-based tests for new helpers

    • parseVerticalFilename — pattern matching correctness
    • Vertical-scoped resolution isolation
    • Aggregated stats consistency
    • Burndown forecast conservation

  • 23. Write unit tests for new endpoints

    • Preview with valid/invalid files
    • Commit with scoped resolution verification
    • Stats aggregation with multiple verticals
    • Drill-down queries

  • 24. Update README.md

    • Add VCL Multi-Vertical section to Features
    • Add new migration to Migrations list
    • Add new endpoints to API Reference
    • Add new env vars if any

  • 25. Create meeting-ready design brief document

    • Architectural choices and rationale
    • Drill-down hierarchy diagram
    • Burndown forecast explanation
    • Open questions for stakeholders
    • Timeline estimate
Reference in New Issue View Git Blame Copy Permalink