Skip to content

fix(trust-portal): restore soc3/pipeda/ccpa badge mappings (CS-688 follow-up)#3357

Merged
tofikwest merged 1 commit into
mainfrom
tofik/cs-688-restore-soc3-pipeda-ccpa
Jul 6, 2026
Merged

fix(trust-portal): restore soc3/pipeda/ccpa badge mappings (CS-688 follow-up)#3357
tofikwest merged 1 commit into
mainfrom
tofik/cs-688-restore-soc3-pipeda-ccpa

Conversation

@tofikwest

@tofikwest tofikwest commented Jul 6, 2026

Copy link
Copy Markdown
Contributor

Problem

The cubic review on the production-deploy PR (#3356) flagged a P1: consolidating the public + admin badge logic into the shared cert-badge-mapper (in #3355 / CS-688) dropped soc3, pipeda and ccpa.

Verified — real regression. The public portal's original extractBadgesFromRiskData mapped those three; the admin mapper (which the shared version was based on) never did. Since the shared mapper now governs both surfaces, vendors with a SOC 3 / PIPEDA / CCPA certification would lose that badge on the public Trust Centre.

Fix

Restore all three to the shared mapCertificationToBadgeType. Safe on both surfaces:

  • Public portal renders them as text chips — formatComplianceBadgeLabels already has the SOC 3 / PIPEDA / CCPA labels.
  • Admin UI (TrustPortalVendors.tsx) guards unknown types (if (!IconComponent) return null), so introducing these types shows no icon there but does not break — same as its current behavior.

pci_dss etc. use substring includes, so the three restored checks follow the same style (soc3, pipeda, ccpa), which is broader than the old exact-match CERT_MAP and therefore strictly no worse.

Testing

  • cert-badge-mapper.spec.ts: added a regression test asserting SOC 3 → soc3, PIPEDA → pipeda, CCPA → ccpa.
  • npx jest src/trust-portal → 33 passing. Typecheck clean for the changed file.

Note on the other cubic finding

The second cubic finding on #3356 (chunk the updateMany({ id: { in: deletedSourceIds }}) in run-linkage.ts) is stale — that code was introduced in an intermediate commit (70c393c8) and already removed in eb3c097a ("harden orphan task-vector prune"). deletedSourceIds / that updateMany exist nowhere on main; hash writes are now per-row db.task.update. No action needed.

Relates to CS-688.

🤖 Generated with Claude Code


Summary by cubic

Restores SOC 3, PIPEDA, and CCPA badge mappings in the shared cert-badge-mapper so these badges appear on the public Trust Centre again. Follow-up to CS-688 to keep public/admin mappings aligned; admin UI remains safe.

  • Bug Fixes
    • Added soc3, pipeda, and ccpa detections to mapCertificationToBadgeType in apps/api/src/trust-portal/cert-badge-mapper.ts.
    • Added regression tests in cert-badge-mapper.spec.ts to cover these mappings.

Written for commit 7b302a7. Summary will update on new commits.

Review in cubic

Consolidating the public and admin badge logic into the shared
cert-badge-mapper (CS-688) inadvertently dropped soc3, pipeda and ccpa — the
public portal's original mapper recognized them but the admin mapper (which the
shared version was based on) did not. Vendors with those certifications would
lose their public Trust Centre badges after release.

Restore all three to the shared mapper. Safe on both surfaces: the public
portal renders them via label text (formatComplianceBadgeLabels already has the
labels) and the admin UI skips badge types it has no icon for
(`if (!IconComponent) return null`), so nothing breaks there.

Addresses cubic P1 on the production-deploy PR.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Claude-Session: https://claude.ai/code/session_01RgkStnwws7zZL39mJ79PeN
@linear

linear Bot commented Jul 6, 2026

Copy link
Copy Markdown

CS-688

@vercel

vercel Bot commented Jul 6, 2026

Copy link
Copy Markdown

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Actions Updated (UTC)
comp-framework-editor Ready Ready Preview, Comment Jul 6, 2026 6:47pm
2 Skipped Deployments
Project Deployment Actions Updated (UTC)
app Skipped Skipped Jul 6, 2026 6:47pm
portal Skipped Skipped Jul 6, 2026 6:47pm

Request Review

@cubic-dev-ai cubic-dev-ai Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

No issues found across 2 files

Confidence score: 5/5

  • Automated review surfaced no issues in the provided summaries.
  • No files require special attention.

Re-trigger cubic

@tofikwest tofikwest merged commit e8cb123 into main Jul 6, 2026
10 checks passed
@tofikwest tofikwest deleted the tofik/cs-688-restore-soc3-pipeda-ccpa branch July 6, 2026 18:51
claudfuen pushed a commit that referenced this pull request Jul 6, 2026
# [3.98.0](v3.97.0...v3.98.0) (2026-07-06)

### Bug Fixes

* address follow-up ([70c393c](70c393c))
* **api:** add isActive filter to member query ([545bc74](545bc74))
* **api:** tie trust portal access link expiry to the grant duration ([cc493f0](cc493f0))
* **app:** sort assignee list alphabetically in assignee dropdown ([13aa3ef](13aa3ef))
* **cloud-security:** exclude per-task runs from latest scan selection ([c51b17c](c51b17c))
* **risk-treatment:** ensure live tasks filter before ranking in draft plan ([98401f4](98401f4))
* **risk-treatment:** harden orphan task-vector prune (CS-681 review) ([eb3c097](eb3c097))
* **trust-portal:** derive public vendor badges from cert data (CS-688) ([#3355](#3355)) ([dd2ea84](dd2ea84)), closes [3315/#3318](#3318)
* **trust-portal:** restore soc3/pipeda/ccpa badge mappings (CS-688) ([#3357](#3357)) ([e8cb123](e8cb123))
* **trust:** address cubic review on the questionnaire toggle ([6e71c3f](6e71c3f))

### Features

* **trust:** add setting to show/hide the Security Questionnaire on the public trust portal ([f89c323](f89c323))
@claudfuen

Copy link
Copy Markdown
Contributor

🎉 This PR is included in version 3.98.0 🎉

The release is available on GitHub release

Your semantic-release bot 📦🚀

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants