ENG-3578: Assessment Status dashboard card

[kruulik]

Ticket ENG-3578

Description Of Changes

Adds an Assessment Status card to the home dashboard so business users responsible for privacy assessments can see the health of their program at a glance. The card surfaces all four ticket bullets:

• Open / Pending / Completed counts — via a four-segment proportion bar (Completed → Pending → Open → Risk).
• High-risk vs. low-risk — high-risk gets its own dedicated segment in the bar (and pulled out of "Open" so it doesn't hide).
• Open for too long — surfaced inline in the "Owners with open work" and "Groups needing attention" rows as a stalled count (open & not updated in >14 days).
• Stakeholders / departments blocking progress — surfaced as two top-3 lists: owners (created_by) with the most open work, and data-use groups with the most attention signals.

Each row drills through to the assessments list with the appropriate filter applied. To make those filters real, this PR also wires ?status= and ?risk_level= query params on the privacy assessments index page (?risk_level= is filtered client-side post-fetch since the list endpoint does not yet accept it server-side).

Code Changes

• clients/admin-ui/src/home/AssessmentStatusCard.tsx — new card component; pure-function computeMetrics exported for unit tests; honest 4-bucket partition (each assessment counted once); isStale skips GENERATING and treats missing timestamps as not-stale.
• clients/admin-ui/src/home/AssessmentStatusCard.module.scss — new styles; uses Ant CSS variables for tokens.
• clients/admin-ui/src/home/AssessmentStatusCard.test.ts — Jest tests for computeMetrics (zero/empty input, segment partitioning, stale heuristic, stable-key aggregation, top-N + overflow ranking, owner aggregation rules).
• clients/admin-ui/src/home/HomeDashboard.tsx — slot the card into the dashboard.
• clients/admin-ui/src/pages/privacy-assessments/index.tsx — read & validate ?status= and ?risk_level= from the URL; pass status to the slice and apply risk_level as a client-side filter.
• clients/admin-ui/src/home/AstralisPanel.tsx, AstralisPanel.module.scss — deleted; the component was orphaned and the corresponding feature flag was removed.
• clients/admin-ui/src/flags.json — removed the unused alphaDashboardAstralisCard flag entry.

Steps to Confirm

1. Start the admin UI (cd clients/admin-ui && npm run dev) and navigate to the home dashboard.
2. Verify the Assessment Status card renders with the 4-segment proportion bar (green → blue → amber → red) and a legend below showing counts for Completed / Pending / Open / Risk that sum to the donut total.
3. Hover any segment of the bar and confirm a tooltip shows <count> <label>.
4. Click each legend chip and confirm:
   • Completed → list filters to ?status=completed.
   • Pending → list filters to ?status=generating.
   • Open → list filters to ?status=in_progress.
   • Risk → list filters to ?status=in_progress&risk_level=high and only high-risk rows are visible.
5. Below the bar, confirm two columns appear:
   • Owners with open work — top 3 created_by values by open count, with N open · M stalled when any are stalled, plus + K more owners if the underlying list is longer.
   • Groups needing attention — top 3 data-use groups with attention signals (N risk · M stalled per row), plus + K more groups.
6. Hover the "?" icon next to the title and confirm the help tooltip appears (cursor changes to help only over the icon, not the title text).
7. Click "View all" in the card header and confirm it navigates to the unfiltered assessments list.
8. Run unit tests: cd clients/admin-ui && npx jest src/home/AssessmentStatusCard.test.ts — all 6 should pass.

Known limitations (called out in the file comments):

• The risk_level filter is applied client-side post-fetch; once the backend list endpoint supports it, move the filter server-side.
• The card fetches the full assessments list to compute counts. There's a TODO marker pointing at a future /privacy-assessments/summary endpoint.

Pre-Merge Checklist

• Issue requirements met
• All CI pipelines succeeded
• `CHANGELOG.md` updated (via fragment `changelog/8134-assessment-status-dashboard-card.yaml`)
  • Add a db-migration This indicates that a change includes a database migration label to the entry if your change includes a DB migration
  • Add a high-risk This issue suggests changes that have a high-probability of breaking existing code label to the entry if your change includes a high-risk change (i.e. potential for performance impact or unexpected regression) that should be flagged
  • Updates unreleased work already in Changelog, no new entry necessary
• UX feedback:
  • All UX related changes have been reviewed by a designer
  • No UX review needed
• Followup issues:
  • Followup issues created — backend `risk_level` filter on the assessments list endpoint; `/privacy-assessments/summary` endpoint to replace the full-list fetch on the dashboard.
  • No followup issues
• Database migrations:
  • Ensure that your downrev is up to date with the latest revision on `main`
  • Ensure that your `downgrade()` migration is correct and works
    • If a downgrade migration is not possible for this change, please call this out in the PR description!
  • No migrations
• Documentation:
  • Documentation complete, PR opened in fidesdocs
  • Documentation issue created in fidesdocs
  • If there are any new client scopes created as part of the pull request, remember to update public-facing documentation that references our scope registry
  • No documentation updates required

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
fides-plus-nightly	Ready	Preview, Comment	May 8, 2026 4:03am

1 Skipped Deployment

Project	Deployment	Actions	Updated (UTC)
fides-privacy-center	Ignored		May 8, 2026 4:03am