Ensure processing layer runs without optional dependencies#19
Closed
DevOpsMadDog wants to merge 1 commit into
Closed
Ensure processing layer runs without optional dependencies#19DevOpsMadDog wants to merge 1 commit into
DevOpsMadDog wants to merge 1 commit into
Conversation
DevOpsMadDog
added a commit
that referenced
this pull request
May 1, 2026
…orkloads — close type-a empty endpoint Adds CloudWorkloadProtectionEngine.list_workloads_with_container_fallback() which projects ContainerSecurityConnector scan history (trivy + grype + dockle TenantScanResults) into cwp_workloads shape when the org has zero registered workloads. Behaviour: - Org-registered rows take precedence (source="org_registered"). - Fallback projects each scanned tenant image as a derived workload (workload_type=container, cloud_provider=on_prem) tagged source= "container_oss" + scan_id + image + tenant for provenance. - Risk score = critical*10 + high*5 + medium*2, capped 0..100, mapped to risk_level (critical/high/medium/low). - protection_status derived from severity_breakdown (no findings=protected; high/critical present=unprotected; otherwise partial). - Multiple scans against the same image deduped by image — most-recent scan wins. - Filters (workload_type/cloud_provider/risk_level) apply against derived. - 3-state empty response: needs_credentials (no toolchain + no tenant repos), needs_scan (configured but no history), or needs_credentials on ImportError. NEVER mocks. Router cloud_workload_protection_router.list_workloads now delegates to the fallback method and returns the structured envelope. 8 new tests in tests/test_cwp_workloads_real_data.py (engine unit + router e2e via dependency_overrides). Beast Mode 753/753 hold. Closes triage doc row #19 (cwp/workloads) — DONE. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
DevOpsMadDog
added a commit
that referenced
this pull request
May 1, 2026
…se 3 cluster S27-Targets
Folds 3 outbound integration-target dashboards into a single tabbed hero
at /connect/targets per docs/UX_CONSOLIDATION_PLAN_2026-04-26.md §2.27.
tab | source page | endpoint
prowler | ProwlerDashboard | /api/v1/prowler/{findings,compliance,scan}
servicenow | ServiceNowDashboard | /api/v1/servicenow/{connections,incidents,cmdb,mappings}
siem | SIEMOutputDashboard | /api/v1/siem-output/{targets,events,stats}
- New: suite-ui/aldeci-ui-new/src/pages/IntegrationTargetsHub.tsx
- App.tsx: lazy-import hub; canonical /connect/targets route; old
/prowler, /servicenow, /siem-output routes now <Navigate replace> with
?tab= preserving deep links.
- Source pages annotated with FOLDED comment for git history; lazy-imported
by the hub so all behavior, API calls, and state preserved (no logic change).
- Plan doc updated with DONE marker (SHA backfilled in follow-up commit).
Persona target: DevOps Engineer (#18), SRE (#19), GRC Analyst (#12), SOC T2 (#6).
Zero functionality loss. Real-API only — no mocks introduced.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
DevOpsMadDog
added a commit
that referenced
this pull request
May 1, 2026
… S28 Air-Gap operational triad
Folds 3 air-gap operational pages into a single tabbed Hub at /connect/mcp/air-gap
per docs/UX_CONSOLIDATION_PLAN_2026-04-26.md §2.28 (S28 MCP Gateway — Air-Gap
operational sub-cluster).
Sources (preserved + lazy re-imported, FOLDED markers added):
- AirGapBundleConsole → tab "feed-status" GET /api/v1/air-gap/feed-status
- OfflineFeedRegistry → tab "feeds" GET /api/v1/air-gap/feeds
- OfflineUpdateStatus → tab "update-status" GET /api/v1/air-gap/update-status
Routes:
- canonical : /connect/mcp/air-gap
- redirects : /air-gap/feed-status → /connect/mcp/air-gap?tab=feed-status
/air-gap/feeds → /connect/mcp/air-gap?tab=feeds
/air-gap/update-status → /connect/mcp/air-gap?tab=update-status
Persona target: DevOps Engineer (#18), SRE (#19), Automation Engineer (#25) —
disconnected/regulated deployments. Surfaces CTEM+ air-gap moat in one screen
instead of three orphaned dashboards.
Verification (Playwright headless Chromium, 6 URLs):
- All 6 URLs resolve to canonical w/ correct tab
- Real /api/v1/air-gap/{feed-status,feeds,update-status} fires per active tab
- 0 mock signatures (Acme/John Doe/lorem ipsum/MOCK_)
- 0 console errors
- Screenshot: docs/ui-snapshots/ux-consolidation-air-gap-2026-05-02.png
Plan-doc paragraph added to §2.28 with SHA=PENDING (backfill in follow-up).
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
DevOpsMadDog
added a commit
that referenced
this pull request
May 1, 2026
… 3 cluster S27 Webhook+Ingestion Health Folds 3 standalone webhook + connector-pipeline pages into a single tabbed hero per docs/UX_CONSOLIDATION_PLAN_2026-04-26.md §2.27 (S27 Integrations Hub — Webhook & Integration Health sub-cluster). tab | source page | endpoint -----------|--------------------------------|---------------------------------------------- catalogue | WebhookEventCatalogExplorer | GET /api/v1/webhooks/event-catalogue retry | WebhookRetryConsole | GET /api/v1/webhooks/retry-queue dry-run | UniversalIngestionTester | POST /api/v1/connectors/mapping/dry-run Canonical route: /connect/webhook-ingestion Persona target: DevOps Engineer (#18), Automation Eng (#25), SRE (#19), Backend Eng (#16) Old routes redirected (replaces stale /admin?tab=webhooks redirects + the standalone /connectors/mapping/dry-run route): - /webhooks/event-catalogue → /connect/webhook-ingestion?tab=catalogue - /webhooks/retry-queue → /connect/webhook-ingestion?tab=retry - /connectors/mapping/dry-run → /connect/webhook-ingestion?tab=dry-run Source pages preserved with `// FOLDED` headers (git-history intact, lazy-imported into hub so all real /api/v1/* calls + 501-graceful handling continue working). Verified per CLAUDE.md NO MOCKS rule: - Vite dev server returns 200 for /connect/webhook-ingestion (port 5173) - Hub module compiles cleanly (no TS errors against tsconfig.app.json) - All 3 folded pages already use real apiFetch against /api/v1/* endpoints Multica: #3657 Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
DevOpsMadDog
added a commit
that referenced
this pull request
May 1, 2026
…ase 3 cluster S11 CNAPP Unified (combined)
Folds 4 cloud-native protection dashboards into a single tabbed hero at
/discover/cloud-posture per docs/UX_CONSOLIDATION_PLAN_2026-04-26.md §2.11
(S11 Cloud Posture — CNAPP Unified sub-cluster). Replaces fragmented
/cloud-security, /cwp, /cwpp, /cnapp routes with one Wiz/Apiiro-style
cohesive CSPM+CWP+CWPP+CNAPP console.
Tabs (all preserve original page behavior + real APIs via lazy + Suspense):
- posture → CloudSecurityDashboard (/api/v1/cloud/*, /api/v1/cloud-security-engine/*)
- workloads → CloudWorkloadProtectionDashboard (/api/v1/cwp/{stats,workloads,threats})
- platform → CWPPDashboard (/api/v1/cnapp/{workloads,threats,stats})
- unified → CNAPPDashboard (/api/v1/cnapp/{workloads,findings,stats})
Old routes redirect with ?tab= (4 Navigate redirects added). Source pages
get top-of-file FOLDED markers (preserves git history; lazy-imported into
hub). TypeScript clean.
THIRD 4-page combined hub after ThreatIntelOpsHub (cabb514) and
VulnLifecyclePipelineHub (e5c074c). Brings Phase 3 to 48 hubs.
Persona target: Cloud Security Architect (#19), DevSecOps (#14),
Platform Engineer (#15).
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
DevOpsMadDog
added a commit
that referenced
this pull request
May 2, 2026
…triage 248911b 18 FIX-IMPORT cases from suite-core/core triage (`docs/suite_core_silenced_imports_2026-05-03.md`). Each broken import was silently swallowed by a try/except wrapper, masking either a renamed/removed symbol or a never-implemented helper. Disposition was determined per-callsite — when both the import name AND the consumer-side method names had drifted, the safest correction is REMOVE (replace the unreachable try-arm with the same fallback the broad-except already produced) rather than RENAME (which would surface latent crashes through the new broad-except). Pattern matches Wave-A in 60a8ea9 and the top-9 commit 55adab9. Per-callsite dispositions (18 total): # 1 compliance_engine.py:958 get_latest_summary REMOVED — no canonical helper # 2 task_queue.py:269 MicroPentestEngine REMOVED — only Config/Result/Status # 3 task_queue.py:439 MicroPentestEngine REMOVED — same # 4 pipeline_orchestrator.py:655 compute_exploit_probability REMOVED — canonical compute_forecast has incompatible signature # 5 feed_correlator.py:293 abuseipdb get_by_cve REMOVED — never implemented # 6 feed_correlator.py:306 otx get_by_cve REMOVED — never implemented # 7 autofix_engine.py:1283 get_velocity_tracker/ REMOVED — only MaterialChangeDetector get_detector class exists; use class directly # 8 report_generator.py:337 ComplianceEngine REMOVED — renamed to ComplianceAutomationEngine, no .get_controls method # 9 unified_dashboard.py:163 ComplianceEngine REMOVED — same; no .get_summary #10 report_scheduler.py:526 ComplianceEngine REMOVED — same; no .get_compliance_status #11 unified_dashboard.py:262 AttackSurfaceAnalyzer REMOVED — renamed to AttackSurfaceMapper, returns Pydantic model not Dict #12 air_gap_bundle_engine.py:76 EmitEvent PRE-DONE in 55adab9 (verified) #13 brain_pipeline.py:881 blast_radius PRE-DONE in 55adab9 (verified) #14 graphql_schema.py:565 get_incident_manager REMOVED — only IncidentResponseManager #15 graphql_schema.py:593 get_compliance_automation RENAMED — use ComplianceAutomation class #16 graphql_schema.py:909 get_compliance_automation RENAMED — same #17 graphql_schema.py:874 get_incident_manager, REMOVED — neither symbol exists IncidentCreate #18 report_scheduler.py:499 CVEEnrichmentEngine REMOVED — renamed to CVEEnrichmentService, no .get_recent_cves method #19 aws_security_hub.py:422 SecurityHubNormalizer REMOVED — no AWS SH normalizer in scanner_parsers (33 vendor classes, none for SH) Files touched (per-file diff stats): - suite-core/core/autofix_engine.py (+10/-16) - suite-core/core/aws_security_hub.py (+ 8/-28) - suite-core/core/compliance_engine.py (+10/- 9) - suite-core/core/feed_correlator.py (+19/-24) - suite-core/core/graphql_schema.py (+38/-40) - suite-core/core/pipeline_orchestrator.py (+ 8/-15) - suite-core/core/report_generator.py (+ 9/- 7) - suite-core/core/report_scheduler.py (+15/-23) - suite-core/core/task_queue.py (+22/-20) - suite-core/core/unified_dashboard.py (+34/-32) Net delta: -21 LOC. Verified: - All 12 touched modules import clean (`importlib.import_module`). - py_compile clean on all 10 files. - 351/351 regression PASS on the 7 brief-specified suites (test_phase4/5/6/7/9 + test_pipeline_api + test_trustgraph) — identical to pre-edit baseline. Cumulative suite-core silenced-import cleanup: 27/47 (top-9 in 55adab9 + this batch of 18). Remaining: 20 INSTALL/RETIRE-DEP decisions (per-feature judgment — quantum_crypto, llm_guard, chromadb, celery, pomegranate/mchmm/ river, sentry_sdk, GCP/PKCS11/peft/llama_cpp). Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
DevOpsMadDog
added a commit
that referenced
this pull request
May 5, 2026
Suite 1 Beast Mode 13 files: 753/753 passed in 8.57s Suite 2 Perf -m perf: 194 passed, 2 skipped, 0 failed (44782 deselected) in 27.74s Suite 3 OWASP lockdown (test_no_unsafe_asyncio_run.py): 1/1 passed in 6.06s Commits validated since sweep #18: 48e6424 (CI ui-build-verification job), e3b2660 (HANDOFF v10). Both docs/CI-only — zero production Python changes. 0 regressions. 4 pre-existing broken collectors unchanged. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Testing
https://chatgpt.com/codex/tasks/task_e_68def504b34483298567af4be8dc6264