Commit 9afb64d
committed
feat(policies): suppress hint on Violation skips the gate while keeping CAS data
Adds `bool suppress` on PolicyEvaluation.Violation. Policies opt in by
emitting `"suppress": true` on a structured finding (typically derived
from `assessment.effective_status == NOT_AFFECTED`). The engine reads
the bool generically; the gate filter excludes suppressed entries from
the count while the full violations list still flows to CAS and
ingestion (last_seen_at refreshes, audit trail preserved).
Touches: proto field, engine extraction in engineEvaluationsToAPIViolations,
gate filter in validatePolicyEnforcement, action-layer round-trip on
attestation_status, tests for all three.
Assisted-by: Claude Code
Signed-off-by: Miguel Martinez Trivino <miguel@chainloop.dev>1 parent 4ac0f57 commit 9afb64d
11 files changed
Lines changed: 193 additions & 12 deletions
File tree
- app
- cli
- cmd
- pkg/action
- controlplane/api/gen
- frontend/attestation/v1
- jsonschema
- pkg
- attestation/crafter/api/attestation/v1
- policies
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
186 | 186 | | |
187 | 187 | | |
188 | 188 | | |
| 189 | + | |
| 190 | + | |
| 191 | + | |
| 192 | + | |
| 193 | + | |
| 194 | + | |
| 195 | + | |
| 196 | + | |
| 197 | + | |
| 198 | + | |
| 199 | + | |
| 200 | + | |
189 | 201 | | |
190 | | - | |
| 202 | + | |
| 203 | + | |
| 204 | + | |
191 | 205 | | |
192 | 206 | | |
193 | | - | |
| 207 | + | |
194 | 208 | | |
195 | 209 | | |
196 | 210 | | |
| |||
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
88 | 88 | | |
89 | 89 | | |
90 | 90 | | |
| 91 | + | |
| 92 | + | |
| 93 | + | |
| 94 | + | |
| 95 | + | |
| 96 | + | |
| 97 | + | |
| 98 | + | |
| 99 | + | |
| 100 | + | |
| 101 | + | |
| 102 | + | |
| 103 | + | |
| 104 | + | |
| 105 | + | |
| 106 | + | |
| 107 | + | |
| 108 | + | |
| 109 | + | |
| 110 | + | |
| 111 | + | |
| 112 | + | |
| 113 | + | |
| 114 | + | |
| 115 | + | |
| 116 | + | |
| 117 | + | |
| 118 | + | |
| 119 | + | |
| 120 | + | |
| 121 | + | |
| 122 | + | |
| 123 | + | |
| 124 | + | |
| 125 | + | |
| 126 | + | |
| 127 | + | |
| 128 | + | |
| 129 | + | |
| 130 | + | |
| 131 | + | |
| 132 | + | |
| 133 | + | |
| 134 | + | |
| 135 | + | |
| 136 | + | |
| 137 | + | |
91 | 138 | | |
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
367 | 367 | | |
368 | 368 | | |
369 | 369 | | |
370 | | - | |
371 | | - | |
| 370 | + | |
| 371 | + | |
| 372 | + | |
372 | 373 | | |
373 | 374 | | |
374 | 375 | | |
| |||
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
115 | 115 | | |
116 | 116 | | |
117 | 117 | | |
| 118 | + | |
| 119 | + | |
| 120 | + | |
| 121 | + | |
118 | 122 | | |
119 | 123 | | |
120 | 124 | | |
| |||
Lines changed: 32 additions & 2 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.
Lines changed: 4 additions & 0 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.
Lines changed: 4 additions & 0 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.
Lines changed: 18 additions & 4 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.
Lines changed: 7 additions & 0 deletions
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
284 | 284 | | |
285 | 285 | | |
286 | 286 | | |
| 287 | + | |
| 288 | + | |
| 289 | + | |
| 290 | + | |
| 291 | + | |
| 292 | + | |
| 293 | + | |
287 | 294 | | |
288 | 295 | | |
289 | 296 | | |
| |||
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
808 | 808 | | |
809 | 809 | | |
810 | 810 | | |
| 811 | + | |
| 812 | + | |
| 813 | + | |
| 814 | + | |
| 815 | + | |
| 816 | + | |
| 817 | + | |
| 818 | + | |
| 819 | + | |
| 820 | + | |
811 | 821 | | |
812 | 822 | | |
813 | 823 | | |
| |||
817 | 827 | | |
818 | 828 | | |
819 | 829 | | |
820 | | - | |
821 | | - | |
| 830 | + | |
| 831 | + | |
| 832 | + | |
822 | 833 | | |
823 | 834 | | |
824 | 835 | | |
| |||
0 commit comments