Add db migration and DNS dmarc entries

2026-05-20 13:20:58 -03:00
parent 636d3b73cb
commit e57df39562
19 changed files with 850 additions and 12 deletions
@@ -25,6 +25,89 @@
  </article>
 </section>

+<section class="dw-domain-dns-section">
+  <div class="dw-section-heading">
+    <h2 class="dw-panel-title">DNS Policy</h2>
+    <form method="post" action="/domains/{{ domain }}/dns/refresh">
+      <button class="button-secondary" type="submit">
+        <span class="material-symbols-outlined text-[18px]">refresh</span>
+        Refresh
+      </button>
+    </form>
+  </div>
+  {% if dns_snapshot %}
+  <div class="dw-dns-grid">
+    <article class="dw-dns-panel">
+      <div class="dw-list-row">
+        <span>DMARC</span>
+        <span class="dw-chip {{ 'dw-chip-fail' if dns_snapshot.dmarc_policy_p == 'reject' else ('dw-chip-warning' if dns_snapshot.dmarc_policy_p == 'quarantine' else 'dw-chip-info') }}">p={{ dns_snapshot.dmarc_policy_p or "missing" }}</span>
+      </div>
+      <div class="dw-policy-chip-row">
+        <span class="status-chip chip-info">sp={{ dns_snapshot.dmarc_policy_sp or "inherit" }}</span>
+        <span class="status-chip chip-info">pct={{ dns_snapshot.dmarc_policy_pct if dns_snapshot.dmarc_policy_pct is not none else "unset" }}</span>
+        <span class="status-chip chip-info">adkim={{ dns_snapshot.dmarc_adkim or "r" }}</span>
+        <span class="status-chip chip-info">aspf={{ dns_snapshot.dmarc_aspf or "r" }}</span>
+      </div>
+      <code class="dw-dns-record">{{ dns_snapshot.dmarc_record or "No DMARC record found." }}</code>
+    </article>
+    <article class="dw-dns-panel">
+      <div class="dw-list-row">
+        <span>SPF</span>
+        <span class="dw-chip {{ 'dw-chip-pass' if dns_snapshot.spf_record else 'dw-chip-warning' }}">{{ dns_snapshot.spf_all or "missing" }}</span>
+      </div>
+      <div class="dw-policy-chip-row">
+        {% for include in dns_snapshot.spf_includes %}
+        <span class="status-chip chip-info">include:{{ include }}</span>
+        {% else %}
+        <span class="status-chip chip-info">no includes</span>
+        {% endfor %}
+      </div>
+      <code class="dw-dns-record">{{ dns_snapshot.spf_record or "No SPF record found." }}</code>
+    </article>
+    <article class="dw-dns-panel">
+      <div class="dw-list-row">
+        <span>DKIM</span>
+        <span class="dw-chip dw-chip-info">{{ dns_snapshot.dkim_records | length }} selectors</span>
+      </div>
+      <div class="dw-dns-record-list">
+        {% for item in dns_snapshot.dkim_records %}
+        <div>
+          <strong>{{ item.selector }}</strong>
+          <code>{{ item.record or item.error or "No DKIM record found." }}</code>
+        </div>
+        {% else %}
+        <code>No observed DKIM selectors yet.</code>
+        {% endfor %}
+      </div>
+    </article>
+    <article class="dw-dns-panel">
+      <div class="dw-list-row">
+        <span>MX</span>
+        <time>{{ dns_snapshot.checked_at | fmt_dt }}</time>
+      </div>
+      <div class="dw-dns-record-list">
+        {% for mx in dns_snapshot.mx_records %}
+        <code>{{ mx }}</code>
+        {% else %}
+        <code>No MX records found.</code>
+        {% endfor %}
+      </div>
+      {% if dns_snapshot.errors %}
+      <div class="dw-dns-errors">
+        {% for error in dns_snapshot.errors %}
+        <span>{{ error }}</span>
+        {% endfor %}
+      </div>
+      {% endif %}
+    </article>
+  </div>
+  {% else %}
+  <div class="dw-list-card">
+    <div class="dw-list-empty">No DNS snapshot yet.</div>
+  </div>
+  {% endif %}
+</section>
+
 <section class="dw-domain-summary-section">
  <h2 class="dw-sidebar-kicker">Latest LLM Posture Summary</h2>
  <article class="dw-summary-card dw-domain-summary-card">
@@ -106,6 +189,13 @@
          <time>{{ (alert.report_end or alert.report_start or alert.report_time) | fmt_dt }}</time>
        </span>
        <strong>{{ alert.title }}</strong>
+        {% if alert.published_policy_label or alert.receiver_action_label %}
+        <span class="dw-policy-chip-row">
+          {% if alert.published_policy_label %}<span class="status-chip chip-info">published {{ alert.published_policy_label }}</span>{% endif %}
+          {% if alert.receiver_action_label %}<span class="status-chip {{ 'chip-fail' if alert.receiver_action_label == 'receiver reject' else ('chip-warning' if alert.receiver_action_label == 'receiver quarantine' else 'chip-info') }}">{{ alert.receiver_action_label }}</span>{% endif %}
+          {% if alert.policy_override_label %}<span class="status-chip chip-warning">{{ alert.policy_override_label }}</span>{% endif %}
+        </span>
+        {% endif %}
        <p>{{ alert.llm_summary or alert.summary }}</p>
      </a>
      {% else %}