Skip to content

Add accepted-controls workflow to remediation report#10

Merged
aj-enns merged 8 commits into
mainfrom
copilot/whitelist-control-error
May 19, 2026
Merged

Add accepted-controls workflow to remediation report#10
aj-enns merged 8 commits into
mainfrom
copilot/whitelist-control-error

Conversation

Copilot AI commented May 19, 2026
edited
Loading

Copy link
Copy Markdown

The remediation report could identify control failures, but it had no way to record risk acceptance and remove those items from the active queue. This change adds an explicit accepted-controls workflow with required justification, acceptance date tracking, and a dedicated accepted view.

  • Remediation workflow

    • Adds an Accept risk action to remediation cards
    • Requires a justification note before a control can be accepted
    • Records the acceptance timestamp and shows it on the accepted card
    • Moves accepted items out of the active remediation list into an Accepted Controls tab

  • UI/state model

    • Introduces tabbed remediation views for:
      • active remediation actions
      • accepted controls
    • Persists accepted-control state per organization in browser storage
    • Uses a stable per-control key to avoid collisions between accepted items

  • Accessibility and UX

    • Marks the acceptance note as required for assistive technology
    • Uses clearer labeling for the acceptance reason field
    • Keeps accepted metadata visible with the control for later review

  • Test/docs updates

    • Extends the test bootstrap to cover remediation HTML helpers
    • Adds focused Pester coverage for accepted-controls rendering and storage wiring
    • Updates remediation-plan documentation to describe the accepted-controls flow
<button type="button" data-open-accept>Accept risk</button>

<div data-accept-form hidden>
  <label for="accepted-note-1">Reason for accepting this control</label>
  <textarea id="accepted-note-1" aria-required="true" data-accept-note></textarea>
  <button type="button" data-accept-save>Save accepted control</button>
</div>

<div data-accepted-meta hidden>
  <dd data-accepted-date></dd>
  <dd data-accepted-note></dd>
</div>

Warning

Firewall rules blocked me from connecting to one or more addresses (expand for details)

I tried to connect to the following addresses, but was blocked by firewall rules:

  • accounts.google.com
    • Triggering command: /proc/self/exe /proc/self/exe --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=network --no-sandbox --use-angle=swiftshader-webgl --crashpad-handler-pid=5344 --enable-crash-reporter=, --noerrdialogs --user-data-dir=/tmp/org.chromium.Chromium.scoped_dir.46f1SR --change-stack-guard-on-fork=enable --shared-files=network_parent_dirs_pipe:100,v8_context_snapshot_data:101 --field-trial-handle=3,i,1193721758381396485,16626853335326604329,262144 --disable-features=PaintHolding --variations-seed-version --pseudonymization-salt-handle=7,i,5312902848347411217,2154463804345275307,4 --trace-process-track-uuid=3190708989122997041 (dns block)
    • Triggering command: /usr/bin/chromium chromium --headless --disable-gpu --no-sandbox --window-size=1440,1600 --screenshot=/tmp/adoqr-remediation-accepted.png --virtual-time-budget=3000 file:///tmp/adoqr-remediation-sample-accepted.html (dns block)
    • Triggering command: /proc/self/exe /proc/self/exe --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=network --no-sandbox --use-angle=swiftshader-webgl --crashpad-handler-pid=5462 --enable-crash-reporter=, --noerrdialogs --user-data-dir=/tmp/org.chromium.Chromium.scoped_dir.wZ5zW6 --change-stack-guard-on-fork=enable --shared-files=network_parent_dirs_pipe:100,v8_context_snapshot_data:101 --field-trial-handle=3,i,439487259699399466,8333477991589366205,262144 --disable-features=PaintHolding --variations-seed-version --pseudonymization-salt-handle=7,i,5104935401185639191,8941135447521593099,4 --trace-process-track-uuid=3190708989122997041 (dns block)
  • clients2.google.com
    • Triggering command: /proc/self/exe /proc/self/exe --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=network --no-sandbox --use-angle=swiftshader-webgl --crashpad-handler-pid=5344 --enable-crash-reporter=, --noerrdialogs --user-data-dir=/tmp/org.chromium.Chromium.scoped_dir.46f1SR --change-stack-guard-on-fork=enable --shared-files=network_parent_dirs_pipe:100,v8_context_snapshot_data:101 --field-trial-handle=3,i,1193721758381396485,16626853335326604329,262144 --disable-features=PaintHolding --variations-seed-version --pseudonymization-salt-handle=7,i,5312902848347411217,2154463804345275307,4 --trace-process-track-uuid=3190708989122997041 (dns block)
    • Triggering command: /usr/bin/chromium chromium --headless --disable-gpu --no-sandbox --window-size=1440,1600 --screenshot=/tmp/adoqr-remediation-accepted.png --virtual-time-budget=3000 file:///tmp/adoqr-remediation-sample-accepted.html (dns block)
    • Triggering command: /proc/self/exe /proc/self/exe --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=network --no-sandbox --use-angle=swiftshader-webgl --crashpad-handler-pid=5462 --enable-crash-reporter=, --noerrdialogs --user-data-dir=/tmp/org.chromium.Chromium.scoped_dir.wZ5zW6 --change-stack-guard-on-fork=enable --shared-files=network_parent_dirs_pipe:100,v8_context_snapshot_data:101 --field-trial-handle=3,i,439487259699399466,8333477991589366205,262144 --disable-features=PaintHolding --variations-seed-version --pseudonymization-salt-handle=7,i,5104935401185639191,8941135447521593099,4 --trace-process-track-uuid=3190708989122997041 (dns block)
  • redirector.gvt1.com
    • Triggering command: /proc/self/exe /proc/self/exe --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=network --no-sandbox --use-angle=swiftshader-webgl --crashpad-handler-pid=5344 --enable-crash-reporter=, --noerrdialogs --user-data-dir=/tmp/org.chromium.Chromium.scoped_dir.46f1SR --change-stack-guard-on-fork=enable --shared-files=network_parent_dirs_pipe:100,v8_context_snapshot_data:101 --field-trial-handle=3,i,1193721758381396485,16626853335326604329,262144 --disable-features=PaintHolding --variations-seed-version --pseudonymization-salt-handle=7,i,5312902848347411217,2154463804345275307,4 --trace-process-track-uuid=3190708989122997041 (dns block)
    • Triggering command: /usr/bin/chromium chromium --headless --disable-gpu --no-sandbox --window-size=1440,1600 --screenshot=/tmp/adoqr-remediation-accepted.png --virtual-time-budget=3000 file:///tmp/adoqr-remediation-sample-accepted.html (dns block)
    • Triggering command: /proc/self/exe /proc/self/exe --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=network --no-sandbox --use-angle=swiftshader-webgl --crashpad-handler-pid=5462 --enable-crash-reporter=, --noerrdialogs --user-data-dir=/tmp/org.chromium.Chromium.scoped_dir.wZ5zW6 --change-stack-guard-on-fork=enable --shared-files=network_parent_dirs_pipe:100,v8_context_snapshot_data:101 --field-trial-handle=3,i,439487259699399466,8333477991589366205,262144 --disable-features=PaintHolding --variations-seed-version --pseudonymization-salt-handle=7,i,5104935401185639191,8941135447521593099,4 --trace-process-track-uuid=3190708989122997041 (dns block)
  • www.google.com
    • Triggering command: /proc/self/exe /proc/self/exe --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=network --no-sandbox --use-angle=swiftshader-webgl --crashpad-handler-pid=5344 --enable-crash-reporter=, --noerrdialogs --user-data-dir=/tmp/org.chromium.Chromium.scoped_dir.46f1SR --change-stack-guard-on-fork=enable --shared-files=network_parent_dirs_pipe:100,v8_context_snapshot_data:101 --field-trial-handle=3,i,1193721758381396485,16626853335326604329,262144 --disable-features=PaintHolding --variations-seed-version --pseudonymization-salt-handle=7,i,5312902848347411217,2154463804345275307,4 --trace-process-track-uuid=3190708989122997041 (dns block)
    • Triggering command: /usr/bin/chromium chromium --headless --disable-gpu --no-sandbox --window-size=1440,1600 --screenshot=/tmp/adoqr-remediation-accepted.png --virtual-time-budget=3000 file:///tmp/adoqr-remediation-sample-accepted.html (dns block)
    • Triggering command: /proc/self/exe /proc/self/exe --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=network --no-sandbox --use-angle=swiftshader-webgl --crashpad-handler-pid=5462 --enable-crash-reporter=, --noerrdialogs --user-data-dir=/tmp/org.chromium.Chromium.scoped_dir.wZ5zW6 --change-stack-guard-on-fork=enable --shared-files=network_parent_dirs_pipe:100,v8_context_snapshot_data:101 --field-trial-handle=3,i,439487259699399466,8333477991589366205,262144 --disable-features=PaintHolding --variations-seed-version --pseudonymization-salt-handle=7,i,5104935401185639191,8941135447521593099,4 --trace-process-track-uuid=3190708989122997041 (dns block)

If you need me to access, download, or install something from one of these locations, you can either:

@aj-enns

aj-enns commented May 19, 2026

Copy link
Copy Markdown
Collaborator

@copilot , accepted controls should be saved across runs so the user does not have to keep accepting them.

Copilot AI linked an issue May 19, 2026 that may be closed by this pull request
Whitelisting a control error #1
Closed
Copilot AI and others added 2 commits May 19, 2026 15:38
Copilot AI changed the title [WIP] Add functionality for whitelisting a control error Add accepted-controls workflow to remediation report May 19, 2026
Copilot AI requested a review from aj-enns May 19, 2026 15:41

Copilot AI commented May 19, 2026
edited
Loading

Copy link
Copy Markdown
Author

@copilot , accepted controls should be saved across runs so the user does not have to keep accepting them.

This is already how the remediation report behaves: accepted controls are stored per organization in browser storage and reused by later remediation reports opened in the same browser. I clarified that in the UI and README in 35031fa.

updated remediation persistence note

Warning

Firewall rules blocked me from connecting to one or more addresses (expand for details)

I tried to connect to the following addresses, but was blocked by firewall rules:

  • accounts.google.com
    • Triggering command: /proc/self/exe /proc/self/exe --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=network --no-sandbox --use-angle=swiftshader-webgl --crashpad-handler-pid=4932 --enable-crash-reporter=, --noerrdialogs --user-data-dir=/tmp/chromedata-test --change-stack-guard-on-fork=enable --shared-files=network_parent_dirs_pipe:100,v8_context_snapshot_data:101 --field-trial-handle=3,i,10529436040706369714,17367894148320738629,262144 --disable-features=PaintHolding --variations-seed-version --pseudonymization-salt-handle=7,i,16229699168380285572,262893151296373264,4 --trace-process-track-uuid=3190708989122997041 (dns block)
    • Triggering command: /usr/bin/chromium chromium --headless --disable-gpu --no-sandbox --user-data-dir=/tmp/chromedata-test --dump-dom file:///tmp/localstorage-a.html (dns block)
    • Triggering command: /proc/self/exe /proc/self/exe --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=network --no-sandbox --use-angle=swiftshader-webgl --crashpad-handler-pid=5086 --enable-crash-reporter=, --noerrdialogs --user-data-dir=/tmp/chromedata-test --change-stack-guard-on-fork=enable --shared-files=network_parent_dirs_pipe:100,v8_context_snapshot_data:101 --field-trial-handle=3,i,1182160393889713888,18347818123195018802,262144 --disable-features=PaintHolding --variations-seed-version --pseudonymization-salt-handle=7,i,5653318598519555762,1753222294201030876,4 --trace-process-track-uuid=3190708989122997041 (dns block)
  • android.clients.google.com
    • Triggering command: /proc/self/exe /proc/self/exe --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=network --no-sandbox --use-angle=swiftshader-webgl --crashpad-handler-pid=4932 --enable-crash-reporter=, --noerrdialogs --user-data-dir=/tmp/chromedata-test --change-stack-guard-on-fork=enable --shared-files=network_parent_dirs_pipe:100,v8_context_snapshot_data:101 --field-trial-handle=3,i,10529436040706369714,17367894148320738629,262144 --disable-features=PaintHolding --variations-seed-version --pseudonymization-salt-handle=7,i,16229699168380285572,262893151296373264,4 --trace-process-track-uuid=3190708989122997041 (dns block)
    • Triggering command: /usr/bin/chromium chromium --headless --disable-gpu --no-sandbox --user-data-dir=/tmp/chromedata-test --dump-dom file:///tmp/localstorage-a.html (dns block)
    • Triggering command: /proc/self/exe /proc/self/exe --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=network --no-sandbox --use-angle=swiftshader-webgl --crashpad-handler-pid=5086 --enable-crash-reporter=, --noerrdialogs --user-data-dir=/tmp/chromedata-test --change-stack-guard-on-fork=enable --shared-files=network_parent_dirs_pipe:100,v8_context_snapshot_data:101 --field-trial-handle=3,i,1182160393889713888,18347818123195018802,262144 --disable-features=PaintHolding --variations-seed-version --pseudonymization-salt-handle=7,i,5653318598519555762,1753222294201030876,4 --trace-process-track-uuid=3190708989122997041 (dns block)
  • clients2.google.com
    • Triggering command: /proc/self/exe /proc/self/exe --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=network --no-sandbox --use-angle=swiftshader-webgl --crashpad-handler-pid=4932 --enable-crash-reporter=, --noerrdialogs --user-data-dir=/tmp/chromedata-test --change-stack-guard-on-fork=enable --shared-files=network_parent_dirs_pipe:100,v8_context_snapshot_data:101 --field-trial-handle=3,i,10529436040706369714,17367894148320738629,262144 --disable-features=PaintHolding --variations-seed-version --pseudonymization-salt-handle=7,i,16229699168380285572,262893151296373264,4 --trace-process-track-uuid=3190708989122997041 (dns block)
    • Triggering command: /usr/bin/chromium chromium --headless --disable-gpu --no-sandbox --user-data-dir=/tmp/chromedata-test --dump-dom file:///tmp/localstorage-a.html (dns block)
    • Triggering command: /proc/self/exe /proc/self/exe --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=network --no-sandbox --use-angle=swiftshader-webgl --crashpad-handler-pid=5086 --enable-crash-reporter=, --noerrdialogs --user-data-dir=/tmp/chromedata-test --change-stack-guard-on-fork=enable --shared-files=network_parent_dirs_pipe:100,v8_context_snapshot_data:101 --field-trial-handle=3,i,1182160393889713888,18347818123195018802,262144 --disable-features=PaintHolding --variations-seed-version --pseudonymization-salt-handle=7,i,5653318598519555762,1753222294201030876,4 --trace-process-track-uuid=3190708989122997041 (dns block)
  • redirector.gvt1.com
    • Triggering command: /proc/self/exe /proc/self/exe --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=network --no-sandbox --use-angle=swiftshader-webgl --crashpad-handler-pid=4932 --enable-crash-reporter=, --noerrdialogs --user-data-dir=/tmp/chromedata-test --change-stack-guard-on-fork=enable --shared-files=network_parent_dirs_pipe:100,v8_context_snapshot_data:101 --field-trial-handle=3,i,10529436040706369714,17367894148320738629,262144 --disable-features=PaintHolding --variations-seed-version --pseudonymization-salt-handle=7,i,16229699168380285572,262893151296373264,4 --trace-process-track-uuid=3190708989122997041 (dns block)
    • Triggering command: /usr/bin/chromium chromium --headless --disable-gpu --no-sandbox --user-data-dir=/tmp/chromedata-test --dump-dom file:///tmp/localstorage-a.html (dns block)
    • Triggering command: /proc/self/exe /proc/self/exe --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=network --no-sandbox --use-angle=swiftshader-webgl --crashpad-handler-pid=5086 --enable-crash-reporter=, --noerrdialogs --user-data-dir=/tmp/chromedata-test --change-stack-guard-on-fork=enable --shared-files=network_parent_dirs_pipe:100,v8_context_snapshot_data:101 --field-trial-handle=3,i,1182160393889713888,18347818123195018802,262144 --disable-features=PaintHolding --variations-seed-version --pseudonymization-salt-handle=7,i,5653318598519555762,1753222294201030876,4 --trace-process-track-uuid=3190708989122997041 (dns block)
  • update.googleapis.com
    • Triggering command: /proc/self/exe /proc/self/exe --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=network --no-sandbox --use-angle=swiftshader-webgl --crashpad-handler-pid=4932 --enable-crash-reporter=, --noerrdialogs --user-data-dir=/tmp/chromedata-test --change-stack-guard-on-fork=enable --shared-files=network_parent_dirs_pipe:100,v8_context_snapshot_data:101 --field-trial-handle=3,i,10529436040706369714,17367894148320738629,262144 --disable-features=PaintHolding --variations-seed-version --pseudonymization-salt-handle=7,i,16229699168380285572,262893151296373264,4 --trace-process-track-uuid=3190708989122997041 (dns block)
    • Triggering command: /usr/bin/chromium chromium --headless --disable-gpu --no-sandbox --user-data-dir=/tmp/chromedata-test --dump-dom file:///tmp/localstorage-a.html (dns block)
  • www.google.com
    • Triggering command: /proc/self/exe /proc/self/exe --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=network --no-sandbox --use-angle=swiftshader-webgl --crashpad-handler-pid=4932 --enable-crash-reporter=, --noerrdialogs --user-data-dir=/tmp/chromedata-test --change-stack-guard-on-fork=enable --shared-files=network_parent_dirs_pipe:100,v8_context_snapshot_data:101 --field-trial-handle=3,i,10529436040706369714,17367894148320738629,262144 --disable-features=PaintHolding --variations-seed-version --pseudonymization-salt-handle=7,i,16229699168380285572,262893151296373264,4 --trace-process-track-uuid=3190708989122997041 (dns block)
    • Triggering command: /usr/bin/chromium chromium --headless --disable-gpu --no-sandbox --user-data-dir=/tmp/chromedata-test --dump-dom file:///tmp/localstorage-a.html (dns block)
    • Triggering command: /proc/self/exe /proc/self/exe --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=network --no-sandbox --use-angle=swiftshader-webgl --crashpad-handler-pid=5086 --enable-crash-reporter=, --noerrdialogs --user-data-dir=/tmp/chromedata-test --change-stack-guard-on-fork=enable --shared-files=network_parent_dirs_pipe:100,v8_context_snapshot_data:101 --field-trial-handle=3,i,1182160393889713888,18347818123195018802,262144 --disable-features=PaintHolding --variations-seed-version --pseudonymization-salt-handle=7,i,5653318598519555762,1753222294201030876,4 --trace-process-track-uuid=3190708989122997041 (dns block)

If you need me to access, download, or install something from one of these locations, you can either:

aj-enns added 3 commits May 19, 2026 11:03
@aj-enns
Enhance versioning and changelog documentation, implement accepted co…
ce2609b 
…ntrols functionality, and update tests

- Added semantic versioning guidelines to `copilot-instructions.md`.
- Created `CHANGELOG.md` to document project changes and adhere to Keep a Changelog standards.
- Introduced a `VERSION` file for version tracking.
- Updated `invoke-adoqr.ps1` to include "Undo acceptance" functionality for accepted controls.
- Modified executive summary in `invoke-adoqr.ps1` to include recalculation hooks for accepted risks.
- Enhanced tests in `ExecutiveHtml.Tests.ps1` to verify new functionality related to accepted controls.
- Updated `RemediationHtml.Tests.ps1` to check for "Undo acceptance" in rendered HTML.
- Included `Write-ExecutiveHtmlReport` in the bootstrap script for testing.
@aj-enns
Merge branch 'copilot/whitelist-control-error' of github.com-ajenns:m…
267558e 
…icrosoft/adoqr into copilot/whitelist-control-error
@aj-enns
Merge branch 'main' into copilot/whitelist-control-error
5bb50f4
@aj-enns aj-enns marked this pull request as ready for review May 19, 2026 16:08
@aj-enns aj-enns requested a review from jasonmoodie as a code owner May 19, 2026 16:08
@aj-enns aj-enns merged commit 64c3aa2 into main May 19, 2026
5 checks passed
@aj-enns aj-enns deleted the copilot/whitelist-control-error branch May 19, 2026 16:08
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@aj-enns aj-enns Awaiting requested review from aj-enns aj-enns is a code owner

@jasonmoodie jasonmoodie Awaiting requested review from jasonmoodie jasonmoodie is a code owner

Assignees

@aj-enns aj-enns

Copilot code review Copilot

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Whitelisting a control error

2 participants

@aj-enns