feat(ui): ThreatScore compliance views pillars, nav + charts

[pedrooot]

Summary

Fixes four UX issues across the ThreatScore compliance views reported.

1. ThreatScore pillars sometimes appeared in inconsistent order (or were
   missing entirely) across the badge, breakdown card, donut legend and
   accordion list.
2. Clicking a pillar on /compliance did nothing instead of jumping to the
   ThreatScore detail page filtered to that pillar.
3. The "Top Failed Sections" chart showed only 1–2 bars when most pillars
   were passing, producing a useless visualization.
4. The Requirements Status donut tooltip would only fire on the green/pass
   slice because tiny fail/manual segments were impossible to hover.

Changes

Canonical pillar ordering (issue 1)

• New lib/compliance/threatscore-pillars.ts exposes
  THREATSCORE_PILLARS, getOrderedPillars() and
  compareSectionsByCanonicalOrder(). Every ThreatScore view now consumes
  the same canonical list (1. IAM → 2. Attack Surface → 3. Logging and Monitoring → 4. Encryption); future pillars (e.g. 5. Data Protection)
  are appended in natural-numeric order.
• threatscore-badge.tsx and threatscore-breakdown-card.tsx always
  render the full pillar set, with — / 0 % when the API omits a pillar.
• lib/compliance/threat.tsx sorts categories canonically before counters
  are computed so the accordion mirrors the chart order.
• getOrderedPillars() defensively rejects NaN / null / non-numeric
  values so a future API regression cannot crash score.toFixed(...).

Pillar click → detail navigation (issue 2)

• threatscore-badge.tsx: each pillar is now a <button> that navigates
  to /compliance/ProwlerThreatScore?...&section=<pillar>. Pillars without
  data are disabled / aria-disabled and no-op.
• [compliancetitle]/page.tsx reads ?section= and resolves the accordion
  key by exact match (${framework.name}-${section}) — no suffix
  collisions across frameworks or category names.
• client-accordion-wrapper.tsx accepts scrollToKey and uses
  requestAnimationFrame + [data-accordion-key] to scroll the section
  into view after the HeroUI accordion finishes expanding.
• Accordion.tsx now stamps data-accordion-key={item.key} on each
  AccordionItem to provide a stable selector contract.

Top Failed Sections redesign (issue 3)

• New ThreatScore-specific getTopFailedSections (in
  lib/compliance/threat-helpers.ts, kept as a pure module so it can be
  unit-tested without dragging in the next-auth chain) returns every
  canonical pillar with zero-fill.
• top-failed-sections-card.tsx passes useSeverityEmptyState={false} to
  HorizontalBarChart when the caller pre-populated the categories, so
  zero-failure scans render four real bars at 0 instead of falling back to
  generic Critical / High / Medium / Low / Informational placeholders.

Donut tooltip on every segment (issue 4)

• donut-chart.tsx switched from per-<Cell> mouse handlers to the
  Recharts-idiomatic activeIndex + activeShape pattern. The hovered
  slice is rendered through <Sector> enlarged by ACTIVE_GROW (4 px) so
  tiny 1-2 % slices are easy to see and target.
• The resting outerRadius is reduced by ACTIVE_GROW so the enlarged
  active sector lands inside the original SVG viewport (consumers like
  RequirementsStatusCard use a fixed 172 × 172 wrapper).
• Tooltip cursor={false} prevents the default cursor overlay from
  swallowing pointer events on small slices.

Checklist

Community Checklist

• This feature/issue is listed in here or roadmap.prowler.com
• Is it assigned to me, if not, request it via the issue/feature in here or Prowler Community Slack

• Review if the code is being covered by tests.
• Review if code is being documented following this specification https://github.com/google/styleguide/blob/gh-pages/pyguide.md#38-comments-and-docstrings
• Review if backport is needed.
• Review if is needed to change the Readme.md
• Ensure new entries are added to CHANGELOG.md, if applicable.

SDK/CLI

• Are there new checks included in this PR? Yes / No
  • If so, do we need to update permissions for the provider? Please review this carefully.

UI

• All issue/task requirements work as expected on the UI
• Screenshots/Video of the functionality flow (if applicable) - Mobile (X < 640px)
• Screenshots/Video of the functionality flow (if applicable) - Table (640px > X < 1024px)
• Screenshots/Video of the functionality flow (if applicable) - Desktop (X > 1024px)
• Ensure new entries are added to CHANGELOG.md, if applicable.

API

• All issue/task requirements work as expected on the API
• Endpoint response output (if applicable)
• EXPLAIN ANALYZE output for new/modified queries or indexes (if applicable)
• Performance test results (if applicable)
• Any other relevant evidence of the implementation (if applicable)
• Verify if API specs need to be regenerated.
• Check if version updates are required (e.g., specs, Poetry, etc.).
• Ensure new entries are added to CHANGELOG.md, if applicable.

License

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

[github-actions]

✅ All necessary CHANGELOG.md files have been updated.

[github-actions]

✅ Conflict Markers Resolved

All conflict markers have been successfully resolved in this pull request.

[github-actions]

🔒 Container Security Scan

Image: prowler-ui:222dacb
Last scan: 2026-05-11 05:45:20 UTC

📊 Vulnerability Summary

Severity	Count
🔴 Critical	2
Total	2

2 package(s) affected

⚠️ Action Required

Critical severity vulnerabilities detected. These should be addressed before merging:

• Review the detailed scan results
• Update affected packages to patched versions
• Consider using a different base image if updates are unavailable

---

📋 Resources:

• Download full report (see artifacts)
• View in Security tab
• Scanned with Trivy

[alejandrobailo]

Hey, pushed a few small follow-ups on top of your branch, feel free to keep, tweak or revert any of them:

• Swapped the useEffect in client-accordion-wrapper for a container callback ref so the auto-scroll runs without an effect
• Typed Category.percentualScore properly and dropped the as any cast in threat.tsx
• Used Recharts' SectorProps for the donut active shape so we can ditch the local interface
• Made prepopulated an explicit prop on TopFailedSectionsCard instead of deriving it from dataType
• Trimmed the CHANGELOG so it only carries the feat(ui): ThreatScore compliance views pillars, nav + charts #10975 entry, under a fresh [1.25.3] UNRELEASED

Nice work!