Team evidence

[vbakke]

DSOMM v3 had some support for evidence, but only by editing the YAML file directly.

In v4 we should make a way to:
A) display evidence
B) allow inputting evidence

---

Evidence is text written to "prove" that an activity has been done. An example from an earlier release:

 teamsEvidence:
   B: All team members completed OWASP Secure Coding Dojo training on 2025-01-11. 
   C: |
     The pentest report from 2025 has been split into Jira tasks under
     [TODO-123](https://jira.example.com/issues/TODO-123).
     
     _2025-04-01:_ All fixes of **critical** findings are deployed to production.

Some organisation require this. Some don't. Some require the evidence to be updated at defined intervals during the year.

Technically, one can view the evidence as a comment field. But an important one. One that has organisational value.

---

Evidence has a date, and often a responsible person.
I think that the same evidence text may apply to multiple teams for the same activity. It should be possible to mark which teams are appliable for the comment.

On should normally not change evidence, once it has been approved. (But this is a frontend application that stores some data ion the browser. There is no way we can implement a strict no-change policy.) But we can avoid encourage modifications. : )

[sawankshrma]

Hey @vbakke. Here's an approach to this

Adding Evidences

An "Add Evidence" button can be added near the progress sliders. This will open a modal for adding an evidence. This will have two fields (responsible person and mardown, date can be automatically saved).

The Activity interface from activity-store.ts file can be modified to change the evidence key from a Markdown to an another interface called Evidence.

export interface Evidence {
  date: string;          // ISO date recommended
  responsible?: string;
  description: MarkdownText;     
}

The final yaml file will then be something like the eg. yaml file below

progress:
  e7598ac4-b082-4e56-b7df-e2c6b426a5e2:  # Require a PR before merging
    Team A:
      'Started': 2026-02-16

      'Partly implemented':
        date: 2026-02-16
        evidence:
          date: 2026-02-17
          responsible: "Bob"
          description: |
            The pentest report from 2025 has been split into Jira tasks under
            [TODO-123](https://jira.example.com/issues/TODO-123).

      'Fully implemented':
        date: 2026-02-16
        evidence:
          date: 2026-02-20
          responsible: "Charlie"
          markdown: |
             All team members completed OWASP Secure Coding Dojo training on 2025-01-11. 

Viewing Evidences in the UI

In activity-description.component.html, there's already a "Teams Evidence" expansion panel, but it's wrapped in comments for now. We can display the evidences here.

Regarding different Organisations settings:

Types of Orgs can be configured in the settings page (preferabbly).

• For orgs who require it, there will not be any button and the modal will open after adjusting the slider. As right now a star (has been modified) already comes after the slider is moved in the UI, there already is a way of knowing if the configuration is changed. Progress won't be saved if evidence is not provided.

• For others, the evidence field can be optional and can be added by clicking on the button.

• Special ping feature can also be implemented later for orgs that require updating quaterly/yearly.

---

On should normally not change evidence, once it has been approved. (But this is a frontend application that stores some data ion the browser. There is no way we can implement a strict no-change policy.) But we can avoid encourage modifications. : )

This can be done by Adding "soft immutability" — discouraging editing approved evidence (e.g., visual lock icon, confirmation dialog)

[sawankshrma]

@vbakke
Plz Assign this issue to me.
As I am also working on the "Report" page, It'd best for me to work on this feature. I can also harmonize the "Evidence Viewing" there too.

The approach above is, of course, based on first-principles thinking and can be refined further as I work through the implementation.