stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity

Align live console and policy governance clients

Browse Source
This commit is contained in:
master
2026-03-10 01:37:42 +02:00
parent afb9711e61
commit 18246cd74c
14 changed files with 301 additions and 81 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
docs/modules/ui/console-architecture.md
View File

@@ -87,7 +87,7 @@ Key interactions:
- **Tenant switch:** Picker issues `Authority /fresh-auth` when required, then refreshes UI caches (`ui.tenant.switch` log). Gateway injects canonical `X-StellaOps-Tenant` headers downstream (legacy `X-Stella-Tenant`/`X-Tenant-Id` aliases are compatibility-only during migration).
- **Aggregation-only reads:** Gateway proxies `/console/advisories`, `/console/vex`, `/console/findings`, etc., without mutating Concelier or Policy data. Provenance badges and merge hashes come directly from upstream responses.
- **Downloads parity:** `/console/downloads` merges DevOps signed manifest and Offline Kit metadata; UI renders digest, signature, and CLI parity command.
- **Offline resilience:** Gateway exposes `/console/status` heartbeat. If unavailable, UI enters offline mode, disables SSE, and surfaces CLI fallbacks.
- **Offline resilience:** Gateway exposes `/api/console/status` heartbeat. If unavailable, UI enters offline mode, disables SSE, and surfaces CLI fallbacks.
---
@@ -97,9 +97,9 @@ Live surfaces use HTTP/1.1 SSE with heartbeat frames to keep operators informed
| Endpoint | Payload | Source | Behaviour |
|----------|---------|--------|-----------|
| `/console/status/stream` | `statusChanged`, `ingestionDelta`, `attestorQueue`, `offlineBanner` events | Concelier WebService, Excititor WebService, Attestor metrics | 5s heartbeat; gateway disables proxy buffering (`X-Accel-Buffering: no`) and sets `Cache-Control: no-store`. |
| `/console/runs/{id}/stream` | `stateChanged`, `segmentProgress`, `deltaSummary`, `log` | Scheduler WebService SSE fan-out | Event payloads carry `traceId`, `runId`, `tenant`; UI reconnects with exponential backoff and resumes using `Last-Event-ID`. |
| `/console/telemetry/stream` | `metricSample`, `alert`, `collectorStatus` | Observability aggregator | Gated by `ui.telemetry` scope; disabled when `CONSOLE_TELEMETRY_SSE_ENABLED=false`. |
| `/api/console/status/stream` | `statusChanged`, `ingestionDelta`, `attestorQueue`, `offlineBanner` events | Concelier WebService, Excititor WebService, Attestor metrics | 5s heartbeat; gateway disables proxy buffering (`X-Accel-Buffering: no`) and sets `Cache-Control: no-store`. |
| `/api/console/runs/{id}/stream` | `stateChanged`, `segmentProgress`, `deltaSummary`, `log` | Scheduler WebService SSE fan-out | Event payloads carry `traceId`, `runId`, `tenant`; UI reconnects with exponential backoff and resumes using `Last-Event-ID`. |
| `/api/console/telemetry/stream` | `metricSample`, `alert`, `collectorStatus` | Observability aggregator | Gated by `ui.telemetry` scope; disabled when `CONSOLE_TELEMETRY_SSE_ENABLED=false`. |
Sequence overview:
@@ -110,7 +110,7 @@ sequenceDiagram
participant GW as Console Gateway
participant SCHED as Scheduler WebService
UI->>GW: GET /console/runs/42/stream (Authorization + DPoP)
UI->>GW: GET /api/console/runs/42/stream (Authorization + DPoP)
GW->>SCHED: GET /runs/42/stream (X-Stella-Tenant)
SCHED-->>GW: event: stateChanged data: {...}
GW-->>UI: event: stateChanged data: {..., traceId}
@@ -122,7 +122,7 @@ sequenceDiagram
Offline behaviour:
- If SSE fails three times within 60s, UI falls back to polling (`/console/status`, `/console/runs/{id}`) every 30s and shows an amber banner.
- If SSE fails three times within 60s, UI falls back to polling (`/api/console/status`, `/api/console/runs/{id}`) every 30s and shows an amber banner.
- When `console.offlineMode=true`, SSE endpoints return `204` immediately; UI suppresses auto-reconnect to preserve resources.
---