feat: Batch CVE selection flow and add missing assignment in the controller#3813
feat: Batch CVE selection flow and add missing assignment in the controller#3813maciaszczykm wants to merge 13 commits into
Conversation
Soffi AI SummaryThis PR introduces a batch CVE selection and bulk-fix workflow in the vulnerability management UI, and extends the AI chatbot with the ability to mention/reference specific vulnerabilities as context for agent-driven fixes. Batch CVE selection flow: The vulnerability report details table now supports multi-row selection via a new checkbox column, allowing users to select multiple CVEs at once. A new Vulnerability @mentions in AI chat: A new Supporting cleanup: The old inline Commits
Updated: 2026-07-08 13:50 UTC |
Greptile SummaryThis PR introduces a batch CVE selection and fix flow in the vulnerability report details view. Users can now enter a bulk-select mode, pick multiple vulnerabilities via checkboxes, and launch a single workbench job that receives a structured prompt containing serialized vulnerability mention chips for all selected CVEs. It also wires up the
Confidence Score: 5/5Safe to merge — changes are additive UI features with no data mutations outside the existing workbench job creation path. All new code paths are well-guarded (null checks, empty-state handling, modal overlay preventing concurrent fix submissions), GraphQL types are generated correctly, and the Go controller change is a straightforward field population. The only notable gap is the WorkbenchSelector being momentarily interactive while its data is loading, which is a cosmetic UX edge case. VulnFixModal.tsx — WorkbenchSelector isDisabled logic during loading.
|
| Filename | Overview |
|---|---|
| assets/design-system/src/components/table/Table.tsx | Adds useEffect to reset fixedGridTemplateColumns when column count changes, enabling correct grid recalculation when the bulk-select checkbox column is added/removed. |
| assets/src/components/ai/agent-runs/AgentRunFixButton.tsx | Deleted; styled components inlined into their only remaining consumer (ClusterUpgradeAgentButton.tsx) and VulnFixModal.tsx. |
| assets/src/components/security/vulnerabilities/VulnFixModal.tsx | New modal for fixing one or more CVEs via a workbench job; replaces inline AgentRunFixButton; flow-aware workbench selection works correctly. Minor: WorkbenchSelector isDisabled condition allows opening an empty list during loading. |
| assets/src/components/security/vulnerabilities/VulnReportDetails.tsx | Adds bulk-select mode with row selection state, floating selection bar, and VulnFixModal integration; memoized column array drives Table.tsx grid reset on mode toggle. |
| assets/src/components/security/vulnerabilities/VulnReportDetailsTableCols.tsx | Adds ColVulnSelect with header/cell checkboxes; stopPropagation prevents accidental row expansion on checkbox click. |
| assets/src/components/security/vulnerabilities/VulnReportsTableCols.tsx | Bug fix: ColActions now reads flowIdOrName from useParams and passes it to getVulnerabilityReportDetailsPath, correcting navigation links when viewing reports inside a flow context. |
| assets/src/components/security/vulnerabilities/vulnerabilityMention.ts | New module: builds structured vulnerability chip mentions (XML-escaped attributes via lodash escape) and constructs the LLM fix prompt for single or batch CVEs. |
| assets/src/components/ai/chatbot/input/autocomplete/mentionTypes.ts | Adds Vulnerability to MentionKind enum with full attribute schema (severity, vuln-id, service-ids, cluster-ids, etc.) and chipDisplayText formatter. |
| assets/src/components/ai/chatbot/input/autocomplete/EditableSkillChipTooltip.tsx | Extends tooltip logic to support both Skill and Vulnerability chip kinds; uses hintKey to avoid unnecessary re-renders. |
| assets/src/components/ai/chatbot/input/autocomplete/PlrlChipMdRenderers.tsx | Adds PlrlVulnerabilityChip renderer with optional tooltip and external link wrapping. |
| assets/src/components/ai/chatbot/input/autocomplete/VulnerabilityChipTooltipLabel.tsx | New shared component for rendering CVE tooltip content with clamped title and description. |
| assets/src/components/cd/clusters/ClusterUpgradeAgentButton.tsx | Inlines AgentRunFormPopupSC and PromptInputBoxSC locally now that AgentRunFixButton.tsx is deleted; no behavioural change. |
| assets/src/graph/vulnerabilities.graphql | Adds vulnId to Vulnerability fragment; adds service.id and service.cluster.id to VulnerabilityReportTiny for building workbench mention attributes. |
| go/deployment-operator/internal/controller/vulnerabilityreports_controller.go | Populates VulnID from trivy's VulnerabilityID field when persisting vulnerability attributes. |
Reviews (2): Last reviewed commit: "apply review suggestions" | Re-trigger Greptile
Test Plan
Test environment: https://console.your-env.onplural.sh/
Checklist
Plural Flow: console