john/tractatus
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
tractatus/src/routes/missedBreach.routes.js
TheFlow 97ed03d180 feat(research): add missed breach tracking system for framework effectiveness measurement 
Implements comprehensive system for tracking governance framework false negatives:

Backend:
- src/models/MissedBreach.model.js - Schema with severity, cost tracking, miss reasons
- src/controllers/missedBreach.controller.js - CRUD operations and statistics
- src/routes/missedBreach.routes.js - Admin-only API endpoints
- src/routes/index.js - Route integration at /api/admin/missed-breaches

Functionality:
- Report missed breaches with classification (NO_RULE_EXISTS, RULE_TOO_NARROW, etc.)
- Track actual/estimated costs of missed violations
- Calculate effectiveness rate: detected / (detected + missed)
- Breakdown by miss reason with examples
- Link to original audit logs where available

Statistics:
- Total missed breaches by severity
- Average time to detection
- Cost impact analysis
- Effectiveness comparison vs audit logs

Purpose:
- Measure true framework detection rate (not just blocked actions)
- Identify blind spots in governance rules
- Calculate realistic cost avoidance (avoiding "framework theater")
- Support research integrity claims with empirical data

Related: Cross-environment audit sync (production metrics)

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
2025-10-27 12:26:53 +13:00

31 lines
1.1 KiB
JavaScript
Raw Blame History

/**
* Missed Breach Routes
*
* API endpoints for tracking governance framework false negatives
*/
const express = require('express');
const router = express.Router();
const missedBreachController = require('../controllers/missedBreach.controller');
const { authenticateToken, requireRole } = require('../middleware/auth.middleware');
// All routes require authentication and admin role
router.use(authenticateToken);
router.use(requireRole('admin'));
// POST /api/admin/missed-breaches - Report new missed breach
router.post('/', missedBreachController.reportMissedBreach);
// GET /api/admin/missed-breaches - Get all missed breaches
router.get('/', missedBreachController.getMissedBreaches);
// GET /api/admin/missed-breaches/statistics - Get statistics
router.get('/statistics', missedBreachController.getMissedBreachStatistics);
// PATCH /api/admin/missed-breaches/:id - Update missed breach
router.patch('/:id', missedBreachController.updateMissedBreach);
// DELETE /api/admin/missed-breaches/:id - Delete missed breach
router.delete('/:id', missedBreachController.deleteMissedBreach);
module.exports = router;
Reference in a new issue View git blame Copy permalink