feat(report): findings report — Markdown + styled HTML#99
Open
aktasbatuhan wants to merge 3 commits into
Open
Conversation
aktasbatuhan
changed the title
This was referenced Jun 8, 2026
Collaborator
|
this one lgtm |
andthattoo
previously approved these changes
Jun 9, 2026
The no-browser companion to kai.viewer: same on-disk source (<run_dir>/exploits.json) rendered as a plain-text Markdown report you can pipe into CI, paste into a PR, or read over SSH. - render_markdown(): a sorted summary table (confirmed/critical first) plus per-finding sections -- facts, why-exploitable, exploit sketch, CVSS 3.1 breakdown table, fenced PoC, and the patch as a ```diff - render_run(): load a run dir's findings and render - python -m kai.report <run_dir> [-o OUT] (stdout by default) Reuses kai.viewer.findings.load_findings; no live state backend.
kai report --format html renders a self-contained, fully-expanded report document that shares the viewer's design system (kai.viewer.style) -- same palette, severity dots, CVSS tables, and +/- patch diff as kai view, so the two surfaces never drift. Markdown stays the default (-f md); --open opens the rendered file. Unlike the interactive viewer (master-detail + trace tabs), this is a linear document meant to be printed, attached, or shared. Static HTML with all dynamic values escaped server-side. --format scales to sarif/json later.
Match the viewer fix (#98): 'kai report -o some/new/dir/report.md' (and --format html) now mkdir the parent instead of raising FileNotFoundError.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Stacked on #98 (
kai/view) — reuseskai.viewer.findings+ the sharedkai.viewer.styledesign system. Retarget tomasteronce #98 merges.What this does
The deliverable surface for findings, in the format you need — the counterpart to the interactive
kai view:kai report <run>→ Markdown (default). Pipe into CI, paste in a PR, read in a terminal; renders in GitHub's style.kai report --format html <run> [-o OUT] [--open]→ a styled single-page HTML document, rendered with the viewer's own Tufte design tokens (kai.viewer.style) — same palette, severity dots, CVSS tables, and+/-patch diff askai view, so the surfaces never drift. Unlike the interactive viewer (master-detail + trace tabs), this is a linear, fully-expanded document meant to print / attach / share. Static HTML, all dynamic values escaped server-side.Both formats: sorted summary table (confirmed/critical first) + per-finding sections (facts, why-exploitable, exploit sketch, CVSS 3.1 breakdown, PoC, patch).
--formatscales tosarif/jsonlater (e.g. GitHub code-scanning).Verification
ty/ruffclean;pytest585 passed, 6 skipped (7 report tests, incl. HTML self-contained + shared-tokens assertions).Follow-up
Wire
kai report/kai report --format htmlas real subcommands in the packaging/CLI PR (alongsidekai view).