feat(vulnerability): Added target remediation date to default ordering

[tsim-sap]

Description

Please include a summary of the changes and the related issue. Please also include relevant motivation and context. List any dependencies that are required for this change.

What type of PR is this? (check all applicable)

• 🍕 Feature
• ✅ Test

Related Tickets & Documents

Added tests?

• 👍 yes

Checklist

• My code follows the style guidelines of this project
• I have performed a self-review of my code
• I have commented my code, particularly in hard-to-understand areas
• I have made corresponding changes to the documentation
• My changes generate no new warnings
• I have added tests that prove my fix is effective or that my feature works
• New and existing unit tests pass locally with my changes

[Copilot]

Pull request overview

This PR updates the vulnerability list’s default ordering to include a remediation-date tie-breaker (to address issue #1124) and adds an e2e regression test to validate the new ordering behavior.

Changes:

• Introduces a new OrderByField (IssueEarliestTargetRemediationDate) and maps it to a DB column name for ordering.
• Updates issue query/cursor plumbing to carry an “earliest target remediation date” ordering component (MV-backed path).
• Adds an e2e regression test that seeds deterministic vulnerabilities and asserts ordering by severity desc → earliest remediation date asc → name asc.

Reviewed changes

Copilot reviewed 9 out of 9 changed files in this pull request and generated 2 comments.

Show a summary per file

File	Description
internal/entity/order.go	Adds a new order-by field enum for earliest remediation date (note: impacts cursor stability if inserted mid-iota).
internal/e2e/vulnerability_query_test.go	Adds regression test for ordering within equal severities using earliest remediation date and name tie-break.
internal/database/mariadb/order.go	Maps the new order-by field to its SQL column/alias name.
internal/database/mariadb/issue.go	Selects MV earliest remediation date as an extra column for ordering/cursor; plumbs into cursor creation.
internal/database/mariadb/issue_test.go	Updates pagination helper cursor construction to match new WithIssue signature.
internal/database/mariadb/entity.go	Adds scan target for issue_earliest_target_remediation_date into IssueVariantRow.
internal/database/mariadb/cursor.go	Extends WithIssue signature and adds cursor field support for earliest remediation date (currently only when non-NULL).
internal/app/issue/issue_handler_test.go	Updates cursor creation calls to match new WithIssue signature.
internal/api/graphql/graph/baseResolver/vulnerability.go	Changes default ordering to include remediation date (MV vs IssueMatch path).

Comments suppressed due to low confidence (2)

internal/entity/order.go:44

• Adding a new OrderByField in the middle of the iota block shifts the numeric values of all subsequent constants. Since OrderByField is JSON-encoded into pagination cursors (Field.Name in internal/database/mariadb/cursor.go), this can break cursor decoding across deployments (old cursors will map to the wrong fields). To keep existing values stable, append new fields at the end (or switch to explicit values).

	IssueEarliestTargetRemediationDate

	CriticalCount
	HighCount
	MediumCount

internal/database/mariadb/cursor.go:354

• WithIssue does not add a cursor field for entity.IssueMatchTargetRemediationDate, even though the vulnerability resolver now uses that field in the ORDER BY for non-MV (parent-scoped) queries. Cursor-based pagination will therefore ignore that ordering component and can return duplicates/skip rows.

Either extend cursor generation to include the remediation-date field when it’s part of the order sequence, or switch the resolver to an ordering field that is already supported and selected deterministically (e.g., an aggregated earliest remediation date).

func WithIssue(order []entity.Order, issue entity.Issue, ivRating int64, earliestTargetRemediation sql.NullTime) NewCursor {
	return func(cursors *cursors) error {
		order = GetDefaultOrder(order, entity.IssueId, entity.OrderDirectionAsc)
		for _, o := range order {
			switch o.By {

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.