Skip to content

Compliance portal commitments#1492

Merged
codenem merged 4 commits into
mainfrom
compliance-portal-commitments
Jul 16, 2026
Merged

Compliance portal commitments#1492
codenem merged 4 commits into
mainfrom
compliance-portal-commitments

Conversation

@codenem

@codenem codenem commented Jul 16, 2026

Copy link
Copy Markdown
Contributor

Closes ENG-550

Summary by cubic

Adds configurable Security Commitments to the compliance portal. Admins manage groups and cards in the console; the portal renders them from the Trust Center API with rank-based ordering.

Coredata +1232 -0

  • Added commitment group and commitment entities with rank fields and an icon enum.
  • Added migrations; made (parent, rank) uniques DEFERRABLE to support reordering.
  • Registered new entity types.

Service +748 -20

  • Added CompliancePortalCommitmentGroupService and CompliancePortalCommitmentService for CRUD, counts, and rank updates; wired into actions and service.go.
  • Granted viewers list permissions; updated policies.
  • Added read-only list services in pkg/trust.

GraphQL API +907``** **-20`

  • Console API: types, queries, and mutations for groups/commitments with pagination, ordering, counts, and permission checks.
  • Trust (public) API: read-only commitment groups and cards on TrustCenter, including icon enum.
  • Implemented resolvers for listing and totals.

App: console +1070 -1

  • Added a Commitments tab under Compliance with pages/dialogs to create/edit groups and cards.
  • Implemented up/down controls to reorder groups and cards.
  • Mapped commitment icons and added route.

Other +292 -134

  • Compliance Portal: replaced placeholder data with a Relay-backed Security Commitments section; added group/card components and icon mapping, wired into HomePage.
  • Added i18n strings and removed the local placeholder module.
  • Hid empty commitment groups so the section collapses when there’s nothing to show.

Written for commit 828bd70. Summary will update on new commits.

Review in cubic

@cubic-dev-ai cubic-dev-ai Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Review completed against the latest diff

Reply with feedback, questions, or to request a fix.

Re-trigger cubic

codenem added 4 commits July 16, 2026 15:07
The compliance portal home page rendered security-commitment cards from
a hardcoded placeholder POJO. Back them with real, per-organization data
that admins configure in the console and the portal loads over the trust
center GraphQL API.

Model two entities under the trust center: a commitment group (title,
description, rank) and a commitment card (icon, eyebrow, title,
description, rank). The card icon is a curated enum mapped to a Phosphor
icon in the portal. New entities adopt the compliance_portal_ prefix as
the start of the broader rename away from trust_center_ naming.

Expose the groups and cards read-only on the public trust API and with
full CRUD on the console API, add a Commitments tab to the compliance
page, and replace the placeholder section with a Relay-driven one.

Signed-off-by: Émile Ré <emile@probo.com>
Let admins reorder commitment groups and the cards within each group from
the console Commitments tab using up/down buttons, driven by the existing
rank-aware update mutations.

Make the (parent, rank) unique constraints on the commitment tables
DEFERRABLE INITIALLY DEFERRED. Reordering shifts several rows in one
UPDATE, which transiently duplicates a rank and tripped the immediately
enforced constraint with a 23505 error. This matches the other
rank-ordered tables (references, compliance frameworks).

Signed-off-by: Émile Ré <emile@probo.com>
Groups with no cards render nothing, but the section still reserved its
eyebrow slot for the first group by index and kept its padded wrapper,
leaving a stray "Security Commitments" label misplacement and an empty
gap when every group was empty.

Filter out cardless groups before rendering so the eyebrow lands on the
first visible group and the whole section collapses when nothing renders.

Signed-off-by: Émile Ré <emile@probo.com>
Signed-off-by: Émile Ré <emile@probo.com>
@codenem
codenem force-pushed the compliance-portal-commitments branch from 95a84a0 to 828bd70 Compare July 16, 2026 13:07
@codenem
codenem requested a review from a team July 16, 2026 13:07
@codenem
codenem merged commit 828bd70 into main Jul 16, 2026
19 checks passed
@codenem
codenem deleted the compliance-portal-commitments branch July 16, 2026 15:04
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant