feat(cra): priority frontend — weights control, P0/P1 tier badges, quick wins
CRA tab now shows the priority layer: a weights control (5 business objectives, high/medium/low) that re-computes the assessment live; a Prio column with P0..P3 tier badges (P0 = non-negotiable floor, reason on hover); the table in backend priority order; and a Quick-Wins block (high impact, low effort). Demo flags the safety-cross-linked findings as safety_impact so the P0 floor shows. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
This commit is contained in:
Benjamin Admin
@@ -3,11 +3,13 @@
|
||||
import { useEffect, useState } from 'react'
|
||||
import { CRADemo, CRAFinding, Measure, DEMO_SCENARIO } from './useCRADemo'
|
||||
|
||||
// Live CRA assessment: POST the (demo) findings to the standalone backend
|
||||
// endpoint POST /api/v1/cra/assess and merge the live mapping (CRA requirement,
|
||||
// risk, measures, NIST/OWASP crosswalk) with the frontend scenario constants
|
||||
// (full measure texts + cyber->safety cross-links — until those move server-side
|
||||
// in step 2). Falls back to the static scenario if the backend is unreachable.
|
||||
// Live CRA assessment: POST the (demo) findings + the customer's priority weights
|
||||
// to POST /api/v1/cra/assess and merge the live, priority-sorted mapping (CRA
|
||||
// requirement, risk, measures, NIST/OWASP crosswalk, priority tier + reason +
|
||||
// quick-win) with the frontend scenario constants (full measure texts +
|
||||
// cyber->safety cross-links). Falls back to the static scenario if unreachable.
|
||||
|
||||
export type Weights = Record<string, string> // objective -> high|medium|low
|
||||
|
||||
function reqTitle(rationale: string): string {
|
||||
const i = rationale.indexOf(': ')
|
||||
@@ -15,14 +17,14 @@ function reqTitle(rationale: string): string {
|
||||
}
|
||||
|
||||
function merge(live: any): CRADemo {
|
||||
const mapped: Record<string, any> = {}
|
||||
for (const m of live.mapped || []) mapped[m.finding_id] = m
|
||||
const meta: Record<string, CRAFinding> = {}
|
||||
for (const f of DEMO_SCENARIO.findings) meta[f.id] = f
|
||||
|
||||
const findings: CRAFinding[] = DEMO_SCENARIO.findings.map((df) => {
|
||||
const m = mapped[df.id]
|
||||
if (!m) return df
|
||||
// iterate live.mapped to PRESERVE the backend priority order
|
||||
const findings: CRAFinding[] = (live.mapped || []).map((m: any) => {
|
||||
const base = meta[m.finding_id]
|
||||
return {
|
||||
...df,
|
||||
...(base || { id: m.finding_id, title: m.finding_id, location: '', scanner_severity: '', cwe: '' }),
|
||||
primary_requirement: m.primary_requirement,
|
||||
requirement_title: reqTitle(m.rationale || ''),
|
||||
requirement_ids: m.requirement_ids || [],
|
||||
@@ -30,9 +32,14 @@ function merge(live: any): CRADemo {
|
||||
iso27001_ref: m.iso27001_ref || [],
|
||||
nist_refs: m.nist_refs || [],
|
||||
owasp_refs: m.owasp_refs || [],
|
||||
risk_level: m.risk_level || df.risk_level,
|
||||
risk_level: m.risk_level || (base ? base.risk_level : 'LOW'),
|
||||
measures: m.measures || [],
|
||||
}
|
||||
priority_tier: m.priority_tier,
|
||||
priority_score: m.priority_score,
|
||||
quick_win: m.quick_win,
|
||||
priority_reason: m.priority_reason,
|
||||
objective: m.objective,
|
||||
} as CRAFinding
|
||||
})
|
||||
|
||||
const open_measures: Measure[] = (live.open_measures || []).map((om: any) => {
|
||||
@@ -49,19 +56,25 @@ function merge(live: any): CRADemo {
|
||||
open_measures,
|
||||
cross_links: DEMO_SCENARIO.cross_links,
|
||||
deadlines: live.deadlines || DEMO_SCENARIO.deadlines,
|
||||
quick_wins: live.quick_wins || [],
|
||||
objectives: live.objectives || [],
|
||||
}
|
||||
}
|
||||
|
||||
export function useCRA() {
|
||||
const [data, setData] = useState<CRADemo | null>(null)
|
||||
const [live, setLive] = useState(false)
|
||||
const [weights, setWeights] = useState<Weights>({})
|
||||
|
||||
useEffect(() => {
|
||||
let cancelled = false
|
||||
const payload = {
|
||||
findings: DEMO_SCENARIO.findings.map((f) => ({
|
||||
id: f.id, title: f.title, cwe: f.cwe, severity: f.scanner_severity, location: f.location,
|
||||
// demo: flag the two findings tied to a safety cross-link as safety_impact
|
||||
safety_impact: f.id === 'KH-CY-1' || f.id === 'KH-CY-2' || f.id === 'KH-CY-3',
|
||||
})),
|
||||
weights,
|
||||
}
|
||||
fetch('/api/v1/cra/assess', {
|
||||
method: 'POST',
|
||||
@@ -84,7 +97,7 @@ export function useCRA() {
|
||||
return () => {
|
||||
cancelled = true
|
||||
}
|
||||
}, [])
|
||||
}, [weights])
|
||||
|
||||
return { data, live }
|
||||
return { data, live, weights, setWeights }
|
||||
}
|
||||
|
||||
@@ -27,6 +27,12 @@ export interface CRAFinding {
|
||||
owasp_refs: OwaspRef[]
|
||||
risk_level: string
|
||||
measures: string[]
|
||||
// priority layer (set live by the backend prioritizer; optional in the static fallback)
|
||||
priority_tier?: string
|
||||
priority_score?: number
|
||||
quick_win?: boolean
|
||||
priority_reason?: string
|
||||
objective?: string
|
||||
}
|
||||
|
||||
export interface Measure {
|
||||
@@ -54,6 +60,8 @@ export interface CRADemo {
|
||||
open_measures: Measure[]
|
||||
cross_links: CrossLink[]
|
||||
deadlines: { date: string; label: string }[]
|
||||
quick_wins?: string[]
|
||||
objectives?: string[]
|
||||
}
|
||||
|
||||
const ow = (code: string, label: string): OwaspRef => ({ code, label })
|
||||
|
||||
Reference in New Issue
Block a user