Skip to content

Backlog/v12 compilance#2317

Open
AlexSanchez-bit wants to merge 8 commits into
release/v12.0.0from
backlog/v12_compilance
Open

Backlog/v12 compilance#2317
AlexSanchez-bit wants to merge 8 commits into
release/v12.0.0from
backlog/v12_compilance

Conversation

@AlexSanchez-bit

Copy link
Copy Markdown
Contributor

No description provided.

@github-actions

github-actions Bot commented Jul 2, 2026

Copy link
Copy Markdown

🛑 AI review — Engineer review required

This PR touches critical paths or introduces changes the model cannot judge with sufficient confidence. @Kbayero @osmontero please review.

🛑 architecture (gemini-3-flash-lite) — blocking — must fix before merge

Summary: Adds database migrations for compliance overrides/notes and modifies the core evaluation logic and API surface.

  • high backend/database/migrations.go:51 — Database migration added for new compliance tables. This requires a production roll-forward plan and verification of existing data integrity.
  • medium backend/modules/compliance/usecase/evaluator.go:150 — Evaluation logic now performs side-effecting lookups (overrides/notes) during report generation. Ensure this does not introduce performance bottlenecks on large frameworks.
  • medium backend/modules/compliance/routes.go:35 — New public API endpoints introduced for compliance status and notes. Ensure these are properly scoped to authorized users.

bugs (gemini-3-flash-lite) — clean

Summary: Added manual status overrides and user notes for compliance controls with associated backend repositories and frontend UI.

No findings.

🛑 security (gemini-3-flash-lite) — blocking — must fix before merge

Summary: Introduces new API endpoints for compliance status overrides and notes, touching security-critical authorization and data persistence paths.

  • medium backend/modules/compliance/handler/report.go:169 — New API endpoint 'SetStatusOverride' lacks explicit authorization checks (e.g., RBAC or ownership validation) to ensure only authorized users can modify compliance statuses.
  • medium backend/modules/compliance/handler/report.go:213 — New API endpoint 'SetControlNote' lacks explicit authorization checks to ensure only authorized users can modify compliance notes.

@utmstackprapprover utmstackprapprover Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Changes requested — AI review found blocking issues (high/critical, or engineer review required). See above.

@utmstackprapprover utmstackprapprover Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Changes requested — AI review found blocking issues (high/critical, or engineer review required). See above.

@utmstackprapprover utmstackprapprover Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Changes requested — AI review found blocking issues (high/critical, or engineer review required). See above.

@utmstackprapprover utmstackprapprover Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Changes requested — AI review found blocking issues (high/critical, or engineer review required). See above.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant