fix(wayfinder): improve filter reliability and UI clarity (fixes #426)

[PRAteek-singHWY]

Maintainer Notes

• Fixes Create a Product Security Wayfinder component #426
• Stacked on top of feat: add Product Security Wayfinder with SDLC grouping and metadata filters (fixes #426) #780

Why this follow-up PR

#780 introduced the core Product Security Wayfinder API + UI. This follow-up tightens correctness and usability in places that showed up during real local testing:

• multi-select filters were not always applied correctly from the UI
• noisy/duplicate resource names reduced output quality
• selected filter chips and clear button readability needed polishing

What Changed in this PR

• Fixed frontend query serialization to send repeatable keys (sdlc=x&sdlc=y, etc.), which Flask correctly reads via request.args.getlist(...).
• Added canonicalization + noise filtering for resource names (for example CWE-22 -> CWE, CAPEC-111 -> CAPEC, and generic placeholders removal).
• Aggregated resources by canonical name in DB output and retained aliases for traceability.
• Improved selected filter chip readability (label text + close icon) and improved Clear filters contrast.
• Added unit tests for metadata normalization and fallback metadata behavior.

Data Source (OpenCRE Data Only)

• Resource inventory shown in Wayfinder is generated from existing non-CRE nodes already in the OpenCRE DB.
• No new runtime resource dataset was imported or seeded for this PR.
• Metadata enrichment uses a code-level static map + fallback defaults (the exact approach described in issue Create a Product Security Wayfinder component #426 as an initial step), but resource rows themselves come from OpenCRE DB records.

Relevant Files

• application/database/db.py
• application/utils/wayfinder_metadata.py
• application/tests/wayfinder_metadata_test.py
• application/frontend/src/pages/Wayfinder/Wayfinder.tsx
• application/frontend/src/pages/Wayfinder/wayfinder.scss

How I Tested Locally

1. Backend with local OpenCRE DB:
   • source venv/bin/activate
   • export DEV_DATABASE_URL="sqlite:////Users/prateeksingh/OpenCRE/standards_cache.sqlite"
   • NO_LOAD_GRAPH_DB=1 make dev-flask
2. Frontend:
   • cd application/frontend && yarn start
   • open http://localhost:9001/wayfinder
3. API sanity checks:
   • curl -s http://127.0.0.1:5000/rest/v1/wayfinder | jq '.stats'
   • curl -s "http://127.0.0.1:5000/rest/v1/wayfinder?sdlc=Operations" | jq '.stats'
   • verified filtered counts change and contradictory filter sets can return zero results as expected
4. UI checks:
   • selected multiple filters across SDLC/org/license/type
   • verified lane/resource counts and cards update immediately
   • verified selected chips and clear button readability

Automated Validation

• yarn build passes.
• venv/bin/python -m unittest application.tests.wayfinder_metadata_test passes.
• venv/bin/python -m unittest application.tests.web_main_test.TestMain.test_wayfinder_payload_shape application.tests.web_main_test.TestMain.test_wayfinder_filters passes.

Screenshots

[PRAteek-singHWY]

@northdpole quick update on #426:

#780 delivered the core Wayfinder:

• Added GET /rest/v1/wayfinder built from non-CRE OpenCRE DB nodes.
• Added metadata enrichment (SDLC, supporting org, license), SDLC grouping, facets, and filter support.
• Added the new /wayfinder UI page with search + metadata filters.
• Added API docs and backend tests.

#781 is a follow-up polish/fix on top of #780:

• Fixed multi-select filter parameter handling so filters apply correctly end-to-end.
• Improved resource quality with canonicalization/noise cleanup (for example CWE-22 -> CWE, CAPEC-111 -> CAPEC).
• Improved UI readability for selected filter chips and Clear filters.
• Added metadata normalization unit tests.

Data note:

• Displayed resources come from existing OpenCRE DB non-CRE nodes.
• Enrichment is phase-1 static map + fallback, as discussed in the issue.

PRs:

• feat: add Product Security Wayfinder with SDLC grouping and metadata filters (fixes #426) #780
• fix(wayfinder): improve filter reliability and UI clarity (fixes #426) #781

Looking forward to iterating based on any feedback or change requests.