DOCUMENTATION HUB·LEVEL_2

Deep Review: Code State vs Last 30 Days

REF_PATH: deep_review_30_day_diffSOURCE: APP_DOCUMENTS_DB

Deep Review: Code State vs Last 30 Days

Comparison baseline: d3791e3 (2026-02-12 — initial clean commit)
Current state: HEAD (fix/grc-phi-masking branch, 2026-03-08)
Scope: 285 files changed, ~45.6k insertions, ~5.4k deletions.


1. Security & GRC

DifferenceBefore (30 days ago)Current
Tenant isolation (dashboard)GET /api/dashboard returned all companies/risksRequires x-tenant-id; returns 401 if missing; filters companies and active_risks by tenantId
Company–Tenant relationNo tenant FK on CompanyCompany.tenantIdTenant with onDelete: Cascade; migration + seed assign companies to tenants
PII/PHI in PDF exportThreatInvestigationPanel PDF used raw report/notesReport and notes run through maskSensitiveData() before export; UI state unchanged
maskSensitiveDataExisted in retentionPolicy.ts (SSN, email)Same utility; now used in PDF export path and covered by unit tests
RLS / SupabaseIsolation tests for Failed_Jobs (Supabase)Same; plus dashboard API and Prisma tenant scoping

2. API & Backend

DifferenceBeforeCurrent
Dashboard routeSingle GET, no tenant filterapp/api/dashboard/route.ts: tenant from header, 401 if missing, Prisma filter by tenantId; BigInt serialization for company in JSON
New/updated routes/api/alerts/dispatch, /api/audit/export, /api/evidence/autofetch, /api/ingest, /api/investigate, /api/regulations/sync, /api/remediate, tenant-scoped evidence, health, test-email, threats
Purge / simulationpurgeSimulation, simulationActions, upload-to-dmz, quarantine

3. Data & Schema (Prisma)

DifferenceBeforeCurrent
CompanyNo tenant linktenantId String @db.Uuid, tenant Tenant @relation(..., onDelete: Cascade)
Tenantcompanies Company[]
ThreatEventtenantCompanyId BigInt? (retained for RLS policy)
IronwatchLogNot in schemaIronwatchLog model with @@map("ironwatch_log") (id, event_type, actor_id, detail, severity, created_at)
Migrationscompany_tenant_id, threat_financial_risk_cents, is_simulation, etc.
SeedTenants with fixed UUIDs; companies created with tenantId; vendor tenant assignment

4. UI & Components

DifferenceBeforeCurrent
StrategicIntelSimpler or different layoutLarge sidebar: Control Room (wired to stores + Link), Industry Profile (5-sector), Risk Exposure (Option B ALE, pipeline-driven), Top Sector Threats, Agent grid, terminal input, TTL, Sentinel Sweep; single layout (no Dark Start branch)
Main page (dashboard)Plain fetch for /api/dashboardUses tenantFetch and x-tenant-id (or default medshield); error handling for 401
ThreatInvestigationPanelPDF from raw fullReportText / fullNotesTextPDF built from reportForPdf and notesForPdf (maskSensitiveData applied); import from retentionPolicy
ThreatDetailDrawerUses ThreatInvestigationPanel; GRC action chips (Save, Email, PDF)
OtherAuditIntelligence, ThreatPipeline, Header, DashboardWithDrawer, GlobalHealthSummaryCard, toasts, AlertBanners, TenantProvider, DebugPanel, many role/vendor/report pages

5. State & Stores

DifferenceBeforeCurrent
riskStorepipelineThreats, acceptedThreatImpacts, selectedIndustry, dashboard liabilities, riskOffset, etc.
kimbotStore / grcBotStoreenabled, setEnabled, companyCount, resetSimulationCounters, stop
systemConfigStoreexpertModeEnabled, setExpertModeEnabled
agentStore, regulatoryStore, evidenceStore, etc.Multiple stores for alerts, billing, permissions, remediation, reports

6. Tests

DifferenceBeforeCurrent
Dashboard tenant isolationtests/integration/dashboard.test.ts: no-tenant → 401, Vaultbank context → only Vaultbank data; Prisma mocked
PII masking for exporttests/unit/pdfExport.test.ts: maskSensitiveData replaces SSN/email in payload; 4 cases
E2E / Playwrightdashboard.spec, stage1-validation, vendors-audit, supabase-connection
Vitestorchestration, specialists, live-fire, isolation, ALE engine; vitest.config + setup
Strykermutation config

7. DevOps, Config & Docs

DifferenceBeforeCurrent
Branchmain (or prior)fix/grc-phi-masking (current work)
CI / GitHubci.yml, deploy.yml, playwright.yml; Supabase secrets, build hardening
Docker / GCPDockerfile, gcp-deploy.yaml
DocsTAS.md, competitive-landscape, completed-modules, testing, ui-schematic, ITERATION_LOG, backlog_review, CHANGES, COMPONENTS, validation reports
PrismaDual schema (main + prisma-dmz); scripts for verify-db, add-companies-tenant-id.sql

8. Recent Sprint (March 4 → March 8)

ChangeFile(s)
StrategicIntel restored and stabilizedapp/components/StrategicIntel.tsx (layout, Control Room, Industry Profile, Risk Exposure, threats, agents, terminal)
Control Room wired to routing and storesLink, useKimbotStore/useGrcBotStore/useSystemConfigStore, toggleKimbot/Grcbot/Expert, handlePurgeSimulation
Risk Exposure Option B ALEpipelineThreats → totalRiskMillions, currentRiskDisplay, potentialImpactDisplay; industry/grc baselines; bar widths
Dashboard tenant isolationapp/api/dashboard/route.ts (x-tenant-id, 401, filter); app/page.tsx (tenantFetch, default tenant)
Company.tenantId + Tenant cascadeprisma/schema.prisma, migration, seed, add-companies-tenant-id.sql
ironwatch_log + tenantCompanyId preservedIronwatchLog model; ThreatEvent.tenantCompanyId BigInt?
PII/PHI masking in PDFcomponents/ThreatInvestigationPanel.tsx (maskSensitiveData on reportForPdf, notesForPdf)
Integration test: dashboard isolationtests/integration/dashboard.test.ts
Unit test: PDF export maskingtests/unit/pdfExport.test.ts
Ops report routeapp/reports/ops/page.tsx

9. Summary List (Differences)

  1. Security: Tenant-scoped dashboard API; Company→Tenant with cascade; PII/PHI masking on PDF export; no raw SSN/email in exported PDFs.
  2. Schema: Company.tenantId, Tenant.companies, ThreatEvent.tenantCompanyId, IronwatchLog; migrations and seed aligned.
  3. API: Dashboard requires x-tenant-id and filters by tenant; multiple new routes (alerts, audit, evidence, ingest, investigate, regulations, etc.).
  4. UI: StrategicIntel is the main sidebar (Control Room, Industry Profile, Risk Exposure, threats, agents, terminal); main page uses tenantFetch; ThreatInvestigationPanel masks content only for PDF.
  5. State: riskStore, kimbotStore, grcBotStore, systemConfigStore (and others) drive Control Room and Risk Exposure.
  6. Tests: Dashboard tenant isolation (401 + isolated access); PII masking in export payload; existing Vitest/Playwright suites.
  7. Docs/ops: backlog_review, ITERATION_LOG, validation docs, Prisma scripts, CI/CD and Docker.

Generated from git diff d3791e3..HEAD and 6c72895..HEAD.