CS-367 [Feature] Ability to add comments directly to findings

apps/api/src/audit/audit-log.constants.ts

@@ -61,6 +61,7 @@ export const COMMENT_ENTITY_TYPE_MAP: Record<string, AuditLogEntityType> = {
   [CommentEntityType.vendor]: AuditLogEntityType.vendor,
   [CommentEntityType.risk]: AuditLogEntityType.risk,
   [CommentEntityType.policy]: AuditLogEntityType.policy,
+  [CommentEntityType.finding]: AuditLogEntityType.finding,
 };
 
 // Fields that reference the member table and should be resolved to user names.

apps/api/src/comments/comment-mention-notifier.service.ts

@@ -174,6 +174,27 @@ async function buildFallbackCommentContext(params: {
     };
   }
 
+  if (entityType === CommentEntityType.finding) {
+    const finding = await db.finding.findFirst({
+      where: { id: entityId, organizationId },
+      select: { content: true },
+    });
+
+    if (!finding) {
+      return null;
+    }
+
+    const url = new URL(`${appUrl}/${organizationId}/overview/findings`);
+    url.searchParams.set('open', entityId);
+
+    const snippet = finding.content?.trim().split('\n')[0]?.slice(0, 80);
+    return {
+      entityName: snippet || 'Finding',
+      entityRoutePath: 'overview/findings',
+      commentUrl: url.toString(),
+    };
+  }
+
   // CommentEntityType.policy
   const policy = await db.policy.findFirst({
     where: { id: entityId, organizationId },

apps/api/src/comments/comments.service.ts

@@ -120,6 +120,14 @@ export class CommentsService {
         break;
       }
 
+      case CommentEntityType.finding: {
+        const finding = await db.finding.findFirst({
+          where: { id: entityId, organizationId },
+        });
+        entityExists = !!finding;
+        break;
+      }
+
       default:
         throw new BadRequestException(`Unsupported entity type: ${entityType}`);
     }

apps/app/src/app/(app)/[orgId]/overview/components/FindingDetailSheet.tsx

@@ -12,6 +12,7 @@ import {
 function capitalize(s: string) {
   return s ? s.charAt(0).toUpperCase() + s.slice(1) : s;
 }
+import { Comments } from '@/components/comments/Comments';
 import { usePermissions } from '@/hooks/use-permissions';
 import { useSession } from '@/utils/auth-client';
 import { FindingSeverity, FindingStatus } from '@db';
@@ -409,6 +410,18 @@ export function FindingDetailSheet({
               </HStack>
             </HStack>
 
+            <Stack gap="xs">
+              <Text size="sm" weight="medium">
+                Comments
+              </Text>
+              <Comments
+                entityId={finding.id}
+                entityType="finding"
+                organizationId={organizationId}
+                readOnly={!canUpdate}
+              />
+            </Stack>
+
             <Stack gap="xs">
               <Text size="sm" weight="medium">
                 Activity

packages/db/prisma/migrations/20260512120000_add_finding_to_comment_entity_type/migration.sql

@@ -0,0 +1,2 @@
+-- AlterEnum
+ALTER TYPE "CommentEntityType" ADD VALUE 'finding';

packages/db/prisma/schema/comment.prisma

@@ -24,4 +24,5 @@ enum CommentEntityType {
   vendor
   risk
   policy
+  finding
 }