Compliance portal commitments#1492
Merged
Merged
Conversation
Contributor
There was a problem hiding this comment.
Review completed against the latest diff
Reply with feedback, questions, or to request a fix.
Re-trigger cubic
The compliance portal home page rendered security-commitment cards from a hardcoded placeholder POJO. Back them with real, per-organization data that admins configure in the console and the portal loads over the trust center GraphQL API. Model two entities under the trust center: a commitment group (title, description, rank) and a commitment card (icon, eyebrow, title, description, rank). The card icon is a curated enum mapped to a Phosphor icon in the portal. New entities adopt the compliance_portal_ prefix as the start of the broader rename away from trust_center_ naming. Expose the groups and cards read-only on the public trust API and with full CRUD on the console API, add a Commitments tab to the compliance page, and replace the placeholder section with a Relay-driven one. Signed-off-by: Émile Ré <emile@probo.com>
Let admins reorder commitment groups and the cards within each group from the console Commitments tab using up/down buttons, driven by the existing rank-aware update mutations. Make the (parent, rank) unique constraints on the commitment tables DEFERRABLE INITIALLY DEFERRED. Reordering shifts several rows in one UPDATE, which transiently duplicates a rank and tripped the immediately enforced constraint with a 23505 error. This matches the other rank-ordered tables (references, compliance frameworks). Signed-off-by: Émile Ré <emile@probo.com>
Groups with no cards render nothing, but the section still reserved its eyebrow slot for the first group by index and kept its padded wrapper, leaving a stray "Security Commitments" label misplacement and an empty gap when every group was empty. Filter out cardless groups before rendering so the eyebrow lands on the first visible group and the whole section collapses when nothing renders. Signed-off-by: Émile Ré <emile@probo.com>
Signed-off-by: Émile Ré <emile@probo.com>
codenem
force-pushed
the
compliance-portal-commitments
branch
from
July 16, 2026 13:07
95a84a0 to
828bd70
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Closes ENG-550
Summary by cubic
Adds configurable Security Commitments to the compliance portal. Admins manage groups and cards in the console; the portal renders them from the Trust Center API with rank-based ordering.
Coredata
+1232-0Service
+748-20CompliancePortalCommitmentGroupServiceandCompliancePortalCommitmentServicefor CRUD, counts, and rank updates; wired into actions andservice.go.pkg/trust.GraphQL API
+907``** **-20`TrustCenter, including icon enum.App: console
+1070-1Other
+292-134HomePage.Written for commit 828bd70. Summary will update on new commits.