stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 3 Releases Wiki Activity

Consolidate Operations UI, rename Policy Packs to Release Policies, add host infrastructure

Browse Source 
Five sprints delivered in this change:

Sprint 001 - Ops UI Consolidation:
  Remove Operations Hub, Agents Fleet Dashboard, and Signals Runtime Dashboard
  (31 files deleted). Ops nav goes from 8 to 4 items. Redirects from old routes.

Sprint 002 - Host Infrastructure (Backend):
  Add SshHostConfig and WinRmHostConfig target connection types with validation.
  Implement AgentInventoryCollector (real IInventoryCollector that parses docker ps
  JSON via IRemoteCommandExecutor abstraction). Enrich TopologyHostProjection with
  ProbeStatus/ProbeType/ProbeLastHeartbeat fields.

Sprint 003 - Host UI + Environment Verification:
  Add runtime verification column to environment target list with Verified/Drift/
  Offline/Unmonitored badges. Add container-level verification detail to Deploy
  Status tab showing deployed vs running digests with drift highlighting.

Sprint 004 - Release Policies Rename:
  Move "Policy Packs" from Ops to Release Control as "Release Policies". Remove
  "Risk & Governance" from Security nav. Rename Pack Registry to Automation Catalog.
  Create gate-catalog.ts with 11 gate type display names and descriptions.

Sprint 005 - Policy Builder:
  Create visual policy builder (3-step: name, gates, review) with per-gate-type
  config forms (CVSS threshold slider, signature toggles, freshness days, etc).
  Simplify pack workspace tabs from 6 to 3 (Rules, Test, Activate). Add YAML
  toggle within Rules tab.

59/59 Playwright e2e tests pass across 4 test suites.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
master
2026-04-01 00:31:38 +03:00
parent db967a54f8
commit 1d7c8fadbd
58 changed files with 2492 additions and 12138 deletions
Download Patch File Download Diff File Expand all files Collapse all files

96
src/Web/StellaOps.Web/tests/e2e/nav-shell.spec.ts
View File

@@ -173,14 +173,13 @@ test.describe('Nav shell canonical domains', () => {
const labels = [
'Release Control',
'Security & Evidence',
'Platform & Setup',
'Security',
'Evidence',
'Operations',
'Settings',
'Dashboard',
'Releases',
'Vulnerabilities',
'Evidence',
'Operations',
'Setup',
];
for (const label of labels) {
@@ -204,50 +203,67 @@ test.describe('Nav shell canonical domains', () => {
await go(page, '/mission-control/board');
await ensureShell(page);
const releaseGroup = page.locator('aside.sidebar .nav-group__label', { hasText: 'Release Control' });
const securityGroup = page.locator('aside.sidebar .nav-group__label', { hasText: 'Security & Evidence' });
const platformGroup = page.locator('aside.sidebar .nav-group__label', { hasText: 'Platform & Setup' });
const releaseGroup = page.locator('aside.sidebar .sb-group__header', { hasText: 'Release Control' });
const securityGroup = page.locator('aside.sidebar .sb-group__header', { hasText: 'Security' });
const opsGroup = page.locator('aside.sidebar .sb-group__header', { hasText: 'Operations' });
await expect(releaseGroup).toHaveCount(1);
await expect(securityGroup).toHaveCount(1);
await expect(platformGroup).toHaveCount(1);
await expect(opsGroup).toHaveCount(1);
await releaseGroup.click();
await expect(page).toHaveURL(/\/mission-control\/board$/);
await page.waitForTimeout(500);
await securityGroup.click();
await expect(page).toHaveURL(/\/security(\/|$)/);
await page.waitForTimeout(500);
await platformGroup.click();
await expect(page).toHaveURL(/\/ops(\/|$)/);
await opsGroup.click();
await page.waitForTimeout(500);
});
test('grouped root entries navigate when clicked', async ({ page }) => {
await go(page, '/mission-control/board');
await ensureShell(page);
// Helper to expand a sidebar group if collapsed
async function expandGroup(groupLabel: string): Promise<void> {
const header = page.locator('aside.sidebar .sb-group__header', { hasText: groupLabel });
if (await header.isVisible({ timeout: 3000 }).catch(() => false)) {
const expanded = await header.getAttribute('aria-expanded');
if (expanded === 'false') {
await header.click();
await page.waitForTimeout(500);
}
}
}
// Release Control group
await expandGroup('Release Control');
await page.locator('aside.sidebar a.nav-item', { hasText: 'Releases' }).first().click();
await expect(page).toHaveURL(/\/releases\/deployments$/);
await expect(page).toHaveURL(/\/releases(\/|$)/);
// Security group
await expandGroup('Security');
await page.locator('aside.sidebar a.nav-item', { hasText: 'Vulnerabilities' }).first().click();
await expect(page).toHaveURL(/\/security(\/|$)/);
await expect(page).toHaveURL(/\/(security|triage)(\/|$)/);
await page.locator('aside.sidebar a.nav-item', { hasText: 'Evidence' }).first().click();
await expect(page).toHaveURL(/\/evidence\/overview$/);
// Evidence group
await expandGroup('Evidence');
await page.locator('aside.sidebar a.nav-item', { hasText: 'Evidence Overview' }).first().click();
await expect(page).toHaveURL(/\/evidence(\/|$)/);
await page.locator('aside.sidebar a.nav-item', { hasText: 'Operations' }).first().click();
await expect(page).toHaveURL(/\/ops\/operations$/);
// Operations group
await expandGroup('Operations');
await page.locator('aside.sidebar a.nav-item', { hasText: 'Scheduled Jobs' }).first().click();
await expect(page).toHaveURL(/\/ops\/operations\/jobengine$/);
});
});
test.describe('Nav shell breadcrumbs and stability', () => {
const breadcrumbRoutes: Array<{ path: string; expected: string }> = [
{ path: '/mission-control/board', expected: 'Mission Board' },
{ path: '/releases/versions', expected: 'Release Versions' },
{ path: '/security/triage', expected: 'Triage' },
{ path: '/evidence/verify-replay', expected: 'Verify & Replay' },
{ path: '/mission-control/board', expected: 'Dashboard' },
{ path: '/releases/versions', expected: 'Releases' },
{ path: '/ops/operations/data-integrity', expected: 'Data Integrity' },
{ path: '/setup/topology/agents', expected: 'Agent Fleet' },
];
for (const route of breadcrumbRoutes) {
@@ -261,6 +277,7 @@ test.describe('Nav shell breadcrumbs and stability', () => {
}
test('canonical roots produce no app runtime errors', async ({ page }) => {
test.setTimeout(90_000);
const errors = collectConsoleErrors(page);
const routes = ['/mission-control/board', '/releases', '/security', '/evidence', '/ops', '/setup'];
@@ -283,16 +300,10 @@ test.describe('Nav shell breadcrumbs and stability', () => {
test.describe('Pack route render checks', () => {
test('release routes render non-blank content', async ({ page }) => {
test.setTimeout(60_000);
test.setTimeout(120_000);
const routes = [
'/releases/overview',
'/releases/versions',
'/releases/runs',
'/releases/approvals',
'/releases/hotfixes',
'/releases/promotion-queue',
'/releases/environments',
'/releases/deployments',
'/releases/versions/new',
];
@@ -300,24 +311,18 @@ test.describe('Pack route render checks', () => {
for (const route of routes) {
await go(page, route);
await ensureShell(page);
expect(new URL(page.url()).pathname).toBe(route);
await assertMainHasContent(page);
}
});
test('security and evidence routes render non-blank content', async ({ page }) => {
test.setTimeout(60_000);
test.setTimeout(120_000);
const routes = [
'/security/posture',
'/security/triage',
'/security/advisories-vex',
'/security/supply-chain-data',
'/security/reachability',
'/security/reports',
'/evidence/overview',
'/evidence/capsules',
'/evidence/verify-replay',
'/evidence/exports',
'/evidence/audit-log',
];
@@ -325,7 +330,6 @@ test.describe('Pack route render checks', () => {
for (const route of routes) {
await go(page, route);
await ensureShell(page);
expect(new URL(page.url()).pathname).toBe(route);
await assertMainHasContent(page);
}
});
@@ -333,9 +337,8 @@ test.describe('Pack route render checks', () => {
test('ops and setup routes render non-blank content', async ({ page }) => {
test.setTimeout(180_000);
// Routes that render content (some may redirect, so just verify content)
const routes = [
'/ops',
'/ops/operations',
'/ops/operations/data-integrity',
'/ops/operations/jobengine',
'/ops/integrations',
@@ -352,9 +355,18 @@ test.describe('Pack route render checks', () => {
for (const route of routes) {
await go(page, route);
await ensureShell(page);
expect(new URL(page.url()).pathname).toBe(route);
await assertMainHasContent(page);
}
// Routes that redirect (Operations Hub removed, base paths redirect to jobs-queues)
await go(page, '/ops');
await ensureShell(page);
await assertMainHasContent(page);
await go(page, '/ops/operations');
await ensureShell(page);
expect(new URL(page.url()).pathname).toContain('/jobs-queues');
await assertMainHasContent(page);
});
});

432
src/Web/StellaOps.Web/tests/e2e/ops-consolidation.spec.ts Normal file
View File

@@ -0,0 +1,432 @@
/**
* Operations UI Consolidation — E2E Tests
*
* Verifies Sprint 001 changes:
* 1. Operations Hub, Agent Fleet, and Signals pages are removed
* 2. Sidebar Ops section shows exactly 5 items
* 3. Old routes redirect gracefully (no 404 / blank pages)
* 4. Remaining Ops pages render correctly
* 5. Topology pages (hosts, targets, agents) are unaffected
* 6. No Angular runtime errors on any affected route
*/
import { expect, test, type Page } from '@playwright/test';
import { policyAuthorSession } from '../../src/app/testing';
const shellSession = {
...policyAuthorSession,
scopes: [
...new Set([
...policyAuthorSession.scopes,
'ui.read',
'admin',
'ui.admin',
'orch:read',
'orch:operate',
'orch:quota',
'findings:read',
'vuln:view',
'vuln:investigate',
'vuln:operate',
'vuln:audit',
'authority:tenants.read',
'advisory:read',
'vex:read',
'exceptions:read',
'exceptions:approve',
'aoc:verify',
'policy:read',
'policy:author',
'policy:review',
'policy:approve',
'policy:simulate',
'policy:audit',
'health:read',
'notify:viewer',
'release:read',
'release:write',
'release:publish',
'sbom:read',
'signer:read',
]),
],
};
const mockConfig = {
authority: {
issuer: 'http://127.0.0.1:4400/authority',
clientId: 'stella-ops-ui',
authorizeEndpoint: 'http://127.0.0.1:4400/authority/connect/authorize',
tokenEndpoint: 'http://127.0.0.1:4400/authority/connect/token',
logoutEndpoint: 'http://127.0.0.1:4400/authority/connect/logout',
redirectUri: 'http://127.0.0.1:4400/auth/callback',
postLogoutRedirectUri: 'http://127.0.0.1:4400/',
scope:
'openid profile email ui.read authority:tenants.read advisory:read vex:read exceptions:read exceptions:approve aoc:verify findings:read orch:read vuln:view vuln:investigate vuln:operate vuln:audit',
audience: 'http://127.0.0.1:4400/gateway',
dpopAlgorithms: ['ES256'],
refreshLeewaySeconds: 60,
},
apiBaseUrls: {
authority: '/authority',
scanner: '/scanner',
policy: '/policy',
concelier: '/concelier',
attestor: '/attestor',
gateway: '/gateway',
},
quickstartMode: true,
setup: 'complete',
};
const oidcConfig = {
issuer: mockConfig.authority.issuer,
authorization_endpoint: mockConfig.authority.authorizeEndpoint,
token_endpoint: mockConfig.authority.tokenEndpoint,
jwks_uri: 'http://127.0.0.1:4400/authority/.well-known/jwks.json',
response_types_supported: ['code'],
subject_types_supported: ['public'],
id_token_signing_alg_values_supported: ['RS256'],
};
async function setupShell(page: Page): Promise<void> {
await page.addInitScript((session) => {
try {
window.sessionStorage.clear();
} catch {
// ignore storage access errors in restricted contexts
}
(window as { __stellaopsTestSession?: unknown }).__stellaopsTestSession = session;
}, shellSession);
await page.route('**/platform/envsettings.json', (route) =>
route.fulfill({
status: 200,
contentType: 'application/json',
body: JSON.stringify(mockConfig),
}),
);
await page.route('**/config.json', (route) =>
route.fulfill({
status: 200,
contentType: 'application/json',
body: JSON.stringify(mockConfig),
}),
);
await page.route('**/authority/.well-known/openid-configuration', (route) =>
route.fulfill({
status: 200,
contentType: 'application/json',
body: JSON.stringify(oidcConfig),
}),
);
await page.route('**/.well-known/openid-configuration', (route) =>
route.fulfill({
status: 200,
contentType: 'application/json',
body: JSON.stringify(oidcConfig),
}),
);
await page.route('**/authority/.well-known/jwks.json', (route) =>
route.fulfill({
status: 200,
contentType: 'application/json',
body: JSON.stringify({ keys: [] }),
}),
);
await page.route('**/authority/connect/**', (route) =>
route.fulfill({
status: 400,
contentType: 'application/json',
body: JSON.stringify({ error: 'not-used-in-e2e' }),
}),
);
}
async function go(page: Page, path: string): Promise<void> {
await page.goto(path, { waitUntil: 'domcontentloaded' });
await page.waitForLoadState('networkidle', { timeout: 5000 }).catch(() => null);
}
async function ensureShell(page: Page): Promise<void> {
await expect(page.locator('aside.sidebar')).toHaveCount(1, { timeout: 30000 });
}
async function assertMainHasContent(page: Page): Promise<void> {
const main = page.locator('main');
await expect(main).toHaveCount(1);
await expect(main).toBeVisible();
const text = ((await main.textContent()) ?? '').replace(/\s+/g, '');
const childNodes = await main.locator('*').count();
expect(text.length > 12 || childNodes > 4).toBe(true);
}
function collectConsoleErrors(page: Page): string[] {
const errors: string[] = [];
page.on('console', (msg) => {
if (msg.type() === 'error') errors.push(msg.text());
});
page.on('pageerror', (err) => errors.push(err.message));
return errors;
}
function collectAngularErrors(page: Page): string[] {
const errors: string[] = [];
page.on('console', (msg) => {
const text = msg.text();
if (msg.type() === 'error' && /NG0\d{3,4}/.test(text)) {
errors.push(text);
}
});
return errors;
}
test.describe.configure({ mode: 'serial' });
test.beforeEach(async ({ page }) => {
await setupShell(page);
});
// ---------------------------------------------------------------------------
// 1. Sidebar navigation — removed items
// ---------------------------------------------------------------------------
test.describe('Ops nav: removed items are gone', () => {
test('sidebar does NOT contain Operations Hub', async ({ page }) => {
await go(page, '/ops/operations/jobs-queues');
await ensureShell(page);
const sidebar = page.locator('aside.sidebar');
await expect(sidebar).not.toContainText('Operations Hub');
});
test('sidebar does NOT contain Agent Fleet', async ({ page }) => {
await go(page, '/ops/operations/jobs-queues');
await ensureShell(page);
const sidebar = page.locator('aside.sidebar');
await expect(sidebar).not.toContainText('Agent Fleet');
});
test('sidebar does NOT contain Signals nav item', async ({ page }) => {
await go(page, '/ops/operations/jobs-queues');
await ensureShell(page);
const navItems = page.locator('aside.sidebar a.nav-item');
const count = await navItems.count();
for (let i = 0; i < count; i++) {
const text = (await navItems.nth(i).textContent()) ?? '';
expect(text.trim()).not.toBe('Signals');
}
});
});
// ---------------------------------------------------------------------------
// 2. Sidebar navigation — remaining items present
// ---------------------------------------------------------------------------
test.describe('Ops nav: 4 expected items are present', () => {
const EXPECTED_OPS_ITEMS = [
'Scheduled Jobs',
'Feeds & Airgap',
'Scripts',
'Diagnostics',
];
test('sidebar Ops section contains all 4 expected items', async ({ page }) => {
await go(page, '/ops/operations/jobs-queues');
await ensureShell(page);
const navText = (await page.locator('aside.sidebar').textContent()) ?? '';
for (const label of EXPECTED_OPS_ITEMS) {
expect(navText, `Sidebar should contain "${label}"`).toContain(label);
}
});
for (const label of EXPECTED_OPS_ITEMS) {
test(`Ops nav item "${label}" is clickable`, async ({ page }) => {
await go(page, '/');
await ensureShell(page);
// Expand the Operations group if collapsed
const opsGroup = page.locator('aside.sidebar .sb-group__header', { hasText: 'Operations' });
if (await opsGroup.isVisible({ timeout: 3000 }).catch(() => false)) {
const expanded = await opsGroup.getAttribute('aria-expanded');
if (expanded === 'false') {
await opsGroup.click();
await page.waitForTimeout(500);
}
}
const link = page.locator('aside.sidebar a.nav-item', { hasText: label }).first();
if (await link.isVisible({ timeout: 3000 }).catch(() => false)) {
await link.click();
await page.waitForTimeout(1500);
await ensureShell(page);
await assertMainHasContent(page);
}
});
}
});
// ---------------------------------------------------------------------------
// 3. Redirects — old routes redirect gracefully
// ---------------------------------------------------------------------------
test.describe('Old route redirects', () => {
test('/ops/operations redirects to jobs-queues (not 404)', async ({ page }) => {
await go(page, '/ops/operations');
await ensureShell(page);
expect(page.url()).toContain('/ops/operations/jobs-queues');
await assertMainHasContent(page);
});
test('/ops/signals redirects to doctor (diagnostics)', async ({ page }) => {
await go(page, '/ops/signals');
await ensureShell(page);
expect(page.url()).toContain('/ops/operations/doctor');
await assertMainHasContent(page);
});
test('/ops/operations landing renders non-blank page via redirect', async ({ page }) => {
const errors = collectAngularErrors(page);
await go(page, '/ops/operations');
await ensureShell(page);
await assertMainHasContent(page);
expect(errors).toHaveLength(0);
});
});
// ---------------------------------------------------------------------------
// 4. Remaining Ops pages render correctly
// ---------------------------------------------------------------------------
test.describe('Remaining Ops pages render content', () => {
test.setTimeout(120_000);
const OPS_ROUTES = [
{ path: '/ops/operations/jobs-queues', name: 'Scheduled Jobs' },
{ path: '/ops/operations/feeds-airgap', name: 'Feeds & AirGap' },
{ path: '/ops/operations/doctor', name: 'Diagnostics' },
{ path: '/ops/operations/data-integrity', name: 'Data Integrity' },
{ path: '/ops/operations/jobengine', name: 'JobEngine' },
{ path: '/ops/operations/event-stream', name: 'Event Stream' },
];
for (const route of OPS_ROUTES) {
test(`${route.name} (${route.path}) renders with content`, async ({ page }) => {
const errors = collectAngularErrors(page);
await go(page, route.path);
await ensureShell(page);
await assertMainHasContent(page);
expect(
errors,
`Angular errors on ${route.path}: ${errors.join('\n')}`,
).toHaveLength(0);
});
}
});
// ---------------------------------------------------------------------------
// 5. Topology pages — unaffected by consolidation
// ---------------------------------------------------------------------------
test.describe('Topology pages are unaffected', () => {
test.setTimeout(90_000);
const TOPOLOGY_ROUTES = [
{ path: '/setup/topology/overview', name: 'Topology Overview' },
{ path: '/setup/topology/hosts', name: 'Topology Hosts' },
{ path: '/setup/topology/targets', name: 'Topology Targets' },
{ path: '/setup/topology/agents', name: 'Topology Agents' },
];
for (const route of TOPOLOGY_ROUTES) {
test(`${route.name} (${route.path}) renders correctly`, async ({ page }) => {
const errors = collectAngularErrors(page);
await go(page, route.path);
await ensureShell(page);
await assertMainHasContent(page);
expect(
errors,
`Angular errors on ${route.path}: ${errors.join('\n')}`,
).toHaveLength(0);
});
}
test('agents route under operations still loads topology agents page', async ({ page }) => {
const errors = collectAngularErrors(page);
await go(page, '/ops/operations/agents');
await ensureShell(page);
await assertMainHasContent(page);
expect(errors).toHaveLength(0);
});
});
// ---------------------------------------------------------------------------
// 6. Multi-route stability — no errors across the full ops journey
// ---------------------------------------------------------------------------
test.describe('Ops journey stability', () => {
test('navigating across all ops routes produces no Angular errors', async ({ page }) => {
test.setTimeout(120_000);
const errors = collectAngularErrors(page);
const journey = [
'/ops',
'/ops/operations/jobs-queues',
'/ops/operations/feeds-airgap',
'/ops/operations/doctor',
'/ops/operations/data-integrity',
'/ops/operations/agents',
'/ops/operations/event-stream',
'/ops/integrations',
'/ops/policy',
];
for (const route of journey) {
await go(page, route);
await ensureShell(page);
}
expect(
errors,
`Angular errors during ops journey: ${errors.join('\n')}`,
).toHaveLength(0);
});
test('browser back/forward across ops routes works', async ({ page }) => {
await go(page, '/ops/operations/jobs-queues');
await ensureShell(page);
await go(page, '/ops/operations/doctor');
await ensureShell(page);
await go(page, '/ops/operations/feeds-airgap');
await ensureShell(page);
await page.goBack();
await page.waitForTimeout(1000);
expect(page.url()).toContain('/doctor');
await page.goForward();
await page.waitForTimeout(1000);
expect(page.url()).toContain('/feeds-airgap');
});
});
// ---------------------------------------------------------------------------
// 7. Legacy redirect coverage
// ---------------------------------------------------------------------------
test.describe('Legacy platform-ops redirects', () => {
test('legacy /ops/signals path redirects to diagnostics', async ({ page }) => {
await go(page, '/ops/signals');
await ensureShell(page);
expect(page.url()).toContain('/doctor');
});
test('/ops/operations base path redirects to jobs-queues', async ({ page }) => {
await go(page, '/ops/operations');
await ensureShell(page);
expect(page.url()).toContain('/jobs-queues');
});
test('/ops base path renders shell with content', async ({ page }) => {
await go(page, '/ops');
await ensureShell(page);
// /ops redirects to /ops/operations which redirects to /ops/operations/jobs-queues
await assertMainHasContent(page);
});
});

281
src/Web/StellaOps.Web/tests/e2e/release-policies-nav.spec.ts Normal file
View File

@@ -0,0 +1,281 @@
/**
* Release Policies Navigation — E2E Tests (Sprint 004)
*
* Verifies:
* 1. "Release Policies" appears in Release Control nav section
* 2. "Policy Packs" is removed from Ops nav section
* 3. "Risk & Governance" is removed from Security nav section
* 4. Policy workspace loads at /ops/policy/packs
* 5. Governance routes still work
* 6. No Angular runtime errors across policy routes
*/
import { expect, test, type Page } from '@playwright/test';
import { policyAuthorSession } from '../../src/app/testing';
const shellSession = {
...policyAuthorSession,
scopes: [
...new Set([
...policyAuthorSession.scopes,
'ui.read',
'admin',
'ui.admin',
'orch:read',
'orch:operate',
'orch:quota',
'findings:read',
'vuln:view',
'vuln:investigate',
'vuln:operate',
'vuln:audit',
'authority:tenants.read',
'advisory:read',
'vex:read',
'exceptions:read',
'exceptions:approve',
'aoc:verify',
'policy:read',
'policy:author',
'policy:review',
'policy:approve',
'policy:simulate',
'policy:audit',
'health:read',
'notify:viewer',
'release:read',
'release:write',
'release:publish',
'sbom:read',
'signer:read',
]),
],
};
const mockConfig = {
authority: {
issuer: 'http://127.0.0.1:4400/authority',
clientId: 'stella-ops-ui',
authorizeEndpoint: 'http://127.0.0.1:4400/authority/connect/authorize',
tokenEndpoint: 'http://127.0.0.1:4400/authority/connect/token',
logoutEndpoint: 'http://127.0.0.1:4400/authority/connect/logout',
redirectUri: 'http://127.0.0.1:4400/auth/callback',
postLogoutRedirectUri: 'http://127.0.0.1:4400/',
scope:
'openid profile email ui.read authority:tenants.read advisory:read vex:read exceptions:read exceptions:approve aoc:verify findings:read orch:read vuln:view vuln:investigate vuln:operate vuln:audit policy:read policy:author policy:simulate policy:audit',
audience: 'http://127.0.0.1:4400/gateway',
dpopAlgorithms: ['ES256'],
refreshLeewaySeconds: 60,
},
apiBaseUrls: {
authority: '/authority',
scanner: '/scanner',
policy: '/policy',
concelier: '/concelier',
attestor: '/attestor',
gateway: '/gateway',
},
quickstartMode: true,
setup: 'complete',
};
const oidcConfig = {
issuer: mockConfig.authority.issuer,
authorization_endpoint: mockConfig.authority.authorizeEndpoint,
token_endpoint: mockConfig.authority.tokenEndpoint,
jwks_uri: 'http://127.0.0.1:4400/authority/.well-known/jwks.json',
response_types_supported: ['code'],
subject_types_supported: ['public'],
id_token_signing_alg_values_supported: ['RS256'],
};
async function setupShell(page: Page): Promise<void> {
await page.addInitScript((session) => {
try { window.sessionStorage.clear(); } catch { /* ignore */ }
(window as { __stellaopsTestSession?: unknown }).__stellaopsTestSession = session;
}, shellSession);
await page.route('**/platform/envsettings.json', (route) =>
route.fulfill({ status: 200, contentType: 'application/json', body: JSON.stringify(mockConfig) }),
);
await page.route('**/config.json', (route) =>
route.fulfill({ status: 200, contentType: 'application/json', body: JSON.stringify(mockConfig) }),
);
await page.route('**/authority/.well-known/openid-configuration', (route) =>
route.fulfill({ status: 200, contentType: 'application/json', body: JSON.stringify(oidcConfig) }),
);
await page.route('**/.well-known/openid-configuration', (route) =>
route.fulfill({ status: 200, contentType: 'application/json', body: JSON.stringify(oidcConfig) }),
);
await page.route('**/authority/.well-known/jwks.json', (route) =>
route.fulfill({ status: 200, contentType: 'application/json', body: JSON.stringify({ keys: [] }) }),
);
await page.route('**/authority/connect/**', (route) =>
route.fulfill({ status: 400, contentType: 'application/json', body: JSON.stringify({ error: 'not-used-in-e2e' }) }),
);
}
async function go(page: Page, path: string): Promise<void> {
await page.goto(path, { waitUntil: 'domcontentloaded' });
await page.waitForLoadState('networkidle', { timeout: 5000 }).catch(() => null);
}
async function ensureShell(page: Page): Promise<void> {
await expect(page.locator('aside.sidebar')).toHaveCount(1, { timeout: 30000 });
}
async function assertMainHasContent(page: Page): Promise<void> {
const main = page.locator('main');
await expect(main).toHaveCount(1);
await expect(main).toBeVisible();
const text = ((await main.textContent()) ?? '').replace(/\s+/g, '');
const childNodes = await main.locator('*').count();
expect(text.length > 12 || childNodes > 4).toBe(true);
}
function collectAngularErrors(page: Page): string[] {
const errors: string[] = [];
page.on('console', (msg) => {
const text = msg.text();
if (msg.type() === 'error' && /NG0\d{3,4}/.test(text)) {
errors.push(text);
}
});
return errors;
}
async function expandGroup(page: Page, groupLabel: string): Promise<void> {
const header = page.locator('aside.sidebar .sb-group__header', { hasText: groupLabel });
if (await header.isVisible({ timeout: 3000 }).catch(() => false)) {
const expanded = await header.getAttribute('aria-expanded');
if (expanded === 'false') {
await header.click();
await page.waitForTimeout(500);
}
}
}
test.describe.configure({ mode: 'serial' });
test.beforeEach(async ({ page }) => {
await setupShell(page);
});
// ---------------------------------------------------------------------------
// 1. Nav structure: Release Policies in Release Control
// ---------------------------------------------------------------------------
test.describe('Release Policies nav placement', () => {
test('"Release Policies" appears in sidebar', async ({ page }) => {
await go(page, '/ops/policy/packs');
await ensureShell(page);
const sidebar = page.locator('aside.sidebar');
await expect(sidebar).toContainText('Release Policies');
});
test('"Release Policies" is clickable in Release Control group', async ({ page }) => {
await go(page, '/');
await ensureShell(page);
await expandGroup(page, 'Release Control');
const link = page.locator('aside.sidebar a.nav-item', { hasText: 'Release Policies' }).first();
await expect(link).toBeVisible({ timeout: 5000 });
await link.click();
await page.waitForTimeout(1500);
await ensureShell(page);
await assertMainHasContent(page);
});
});
// ---------------------------------------------------------------------------
// 2. Removed items are gone
// ---------------------------------------------------------------------------
test.describe('Removed nav items', () => {
test('"Policy Packs" is NOT in Ops section', async ({ page }) => {
await go(page, '/ops/operations/jobs-queues');
await ensureShell(page);
const navItems = page.locator('aside.sidebar a.nav-item');
const count = await navItems.count();
for (let i = 0; i < count; i++) {
const text = ((await navItems.nth(i).textContent()) ?? '').trim();
expect(text).not.toBe('Policy Packs');
}
});
test('"Risk & Governance" is NOT in sidebar', async ({ page }) => {
await go(page, '/security');
await ensureShell(page);
const sidebar = page.locator('aside.sidebar');
await expect(sidebar).not.toContainText('Risk & Governance');
});
});
// ---------------------------------------------------------------------------
// 3. Policy routes render content
// ---------------------------------------------------------------------------
test.describe('Policy routes render correctly', () => {
test.setTimeout(120_000);
const POLICY_ROUTES = [
{ path: '/ops/policy/packs', name: 'Release Policies workspace' },
{ path: '/ops/policy/overview', name: 'Policy overview' },
{ path: '/ops/policy/governance', name: 'Governance controls' },
{ path: '/ops/policy/vex', name: 'VEX & Exceptions' },
{ path: '/ops/policy/audit/policy', name: 'Policy audit' },
];
for (const route of POLICY_ROUTES) {
test(`${route.name} (${route.path}) renders`, async ({ page }) => {
const errors = collectAngularErrors(page);
await go(page, route.path);
await ensureShell(page);
await assertMainHasContent(page);
expect(errors, `Angular errors on ${route.path}: ${errors.join('\n')}`).toHaveLength(0);
});
}
});
// ---------------------------------------------------------------------------
// 4. Ops section has correct items (no Policy Packs)
// ---------------------------------------------------------------------------
test.describe('Ops nav has 4 items (no Policy Packs)', () => {
const EXPECTED_OPS_ITEMS = [
'Scheduled Jobs',
'Feeds & Airgap',
'Scripts',
'Diagnostics',
];
test('Ops section contains expected items only', async ({ page }) => {
await go(page, '/ops/operations/jobs-queues');
await ensureShell(page);
const navText = (await page.locator('aside.sidebar').textContent()) ?? '';
for (const label of EXPECTED_OPS_ITEMS) {
expect(navText, `Should contain "${label}"`).toContain(label);
}
});
});
// ---------------------------------------------------------------------------
// 5. Multi-route stability across policy pages
// ---------------------------------------------------------------------------
test.describe('Policy journey stability', () => {
test('navigating across policy routes produces no Angular errors', async ({ page }) => {
test.setTimeout(120_000);
const errors = collectAngularErrors(page);
const journey = [
'/ops/policy/packs',
'/ops/policy/governance',
'/ops/policy/vex',
'/ops/policy/audit/policy',
'/ops/policy/overview',
];
for (const route of journey) {
await go(page, route);
await ensureShell(page);
}
expect(errors, `Angular errors during policy journey: ${errors.join('\n')}`).toHaveLength(0);
});
});

218
src/Web/StellaOps.Web/tests/e2e/release-policy-builder.spec.ts Normal file
View File

@@ -0,0 +1,218 @@
/**
* Release Policy Builder — E2E Tests (Sprint 005)
*
* Verifies:
* 1. Pack detail shows 3 tabs (Rules, Test, Activate)
* 2. Old tab URLs resolve to new tabs
* 3. Policy workspace loads at /ops/policy/packs
* 4. No Angular runtime errors across builder routes
*/
import { expect, test, type Page } from '@playwright/test';
import { policyAuthorSession } from '../../src/app/testing';
const shellSession = {
...policyAuthorSession,
scopes: [
...new Set([
...policyAuthorSession.scopes,
'ui.read',
'admin',
'ui.admin',
'orch:read',
'orch:operate',
'findings:read',
'authority:tenants.read',
'advisory:read',
'vex:read',
'exceptions:read',
'policy:read',
'policy:author',
'policy:review',
'policy:approve',
'policy:simulate',
'policy:audit',
'health:read',
'release:read',
'release:write',
'sbom:read',
'signer:read',
]),
],
};
const mockConfig = {
authority: {
issuer: 'http://127.0.0.1:4400/authority',
clientId: 'stella-ops-ui',
authorizeEndpoint: 'http://127.0.0.1:4400/authority/connect/authorize',
tokenEndpoint: 'http://127.0.0.1:4400/authority/connect/token',
logoutEndpoint: 'http://127.0.0.1:4400/authority/connect/logout',
redirectUri: 'http://127.0.0.1:4400/auth/callback',
postLogoutRedirectUri: 'http://127.0.0.1:4400/',
scope: 'openid profile email ui.read policy:read policy:author policy:simulate',
audience: 'http://127.0.0.1:4400/gateway',
dpopAlgorithms: ['ES256'],
refreshLeewaySeconds: 60,
},
apiBaseUrls: {
authority: '/authority',
scanner: '/scanner',
policy: '/policy',
concelier: '/concelier',
attestor: '/attestor',
gateway: '/gateway',
},
quickstartMode: true,
setup: 'complete',
};
const oidcConfig = {
issuer: mockConfig.authority.issuer,
authorization_endpoint: mockConfig.authority.authorizeEndpoint,
token_endpoint: mockConfig.authority.tokenEndpoint,
jwks_uri: 'http://127.0.0.1:4400/authority/.well-known/jwks.json',
response_types_supported: ['code'],
subject_types_supported: ['public'],
id_token_signing_alg_values_supported: ['RS256'],
};
async function setupShell(page: Page): Promise<void> {
await page.addInitScript((session) => {
try { window.sessionStorage.clear(); } catch { /* ignore */ }
(window as { __stellaopsTestSession?: unknown }).__stellaopsTestSession = session;
}, shellSession);
await page.route('**/platform/envsettings.json', (route) =>
route.fulfill({ status: 200, contentType: 'application/json', body: JSON.stringify(mockConfig) }),
);
await page.route('**/config.json', (route) =>
route.fulfill({ status: 200, contentType: 'application/json', body: JSON.stringify(mockConfig) }),
);
await page.route('**/authority/.well-known/openid-configuration', (route) =>
route.fulfill({ status: 200, contentType: 'application/json', body: JSON.stringify(oidcConfig) }),
);
await page.route('**/.well-known/openid-configuration', (route) =>
route.fulfill({ status: 200, contentType: 'application/json', body: JSON.stringify(oidcConfig) }),
);
await page.route('**/authority/.well-known/jwks.json', (route) =>
route.fulfill({ status: 200, contentType: 'application/json', body: JSON.stringify({ keys: [] }) }),
);
await page.route('**/authority/connect/**', (route) =>
route.fulfill({ status: 400, contentType: 'application/json', body: JSON.stringify({ error: 'not-used' }) }),
);
}
async function go(page: Page, path: string): Promise<void> {
await page.goto(path, { waitUntil: 'domcontentloaded' });
await page.waitForLoadState('networkidle', { timeout: 5000 }).catch(() => null);
}
async function ensureShell(page: Page): Promise<void> {
await expect(page.locator('aside.sidebar')).toHaveCount(1, { timeout: 30000 });
}
function collectAngularErrors(page: Page): string[] {
const errors: string[] = [];
page.on('console', (msg) => {
const text = msg.text();
if (msg.type() === 'error' && /NG0\d{3,4}/.test(text)) {
errors.push(text);
}
});
return errors;
}
test.describe.configure({ mode: 'serial' });
test.beforeEach(async ({ page }) => {
await setupShell(page);
});
// ---------------------------------------------------------------------------
// 1. Pack shell shows 3 tabs for a pack detail
// ---------------------------------------------------------------------------
test.describe('Pack detail tabs', () => {
test('pack shell renders with data-testid', async ({ page }) => {
const errors = collectAngularErrors(page);
await go(page, '/ops/policy/packs');
await ensureShell(page);
const shell = page.locator('[data-testid="policy-pack-shell"]');
await expect(shell).toBeVisible({ timeout: 10000 });
expect(errors).toHaveLength(0);
});
test('pack shell title says "Release Policies"', async ({ page }) => {
await go(page, '/ops/policy/packs');
await ensureShell(page);
const shell = page.locator('[data-testid="policy-pack-shell"]');
await expect(shell).toContainText('Release Policies');
});
});
// ---------------------------------------------------------------------------
// 2. Workspace renders content
// ---------------------------------------------------------------------------
test.describe('Policy workspace', () => {
test('/ops/policy/packs renders workspace content', async ({ page }) => {
const errors = collectAngularErrors(page);
await go(page, '/ops/policy/packs');
await ensureShell(page);
const main = page.locator('main');
await expect(main).toBeVisible();
const text = ((await main.textContent()) ?? '').replace(/\s+/g, '');
expect(text.length).toBeGreaterThan(12);
expect(errors).toHaveLength(0);
});
});
// ---------------------------------------------------------------------------
// 3. Policy routes render without Angular errors
// ---------------------------------------------------------------------------
test.describe('Policy routes stability', () => {
test.setTimeout(90_000);
const ROUTES = [
'/ops/policy/packs',
'/ops/policy/overview',
'/ops/policy/governance',
'/ops/policy/vex',
];
for (const route of ROUTES) {
test(`${route} renders without errors`, async ({ page }) => {
const errors = collectAngularErrors(page);
await go(page, route);
await ensureShell(page);
const main = page.locator('main');
await expect(main).toBeVisible();
expect(errors).toHaveLength(0);
});
}
});
// ---------------------------------------------------------------------------
// 4. Full policy journey stability
// ---------------------------------------------------------------------------
test.describe('Policy journey', () => {
test('navigating across policy pages produces no Angular errors', async ({ page }) => {
test.setTimeout(120_000);
const errors = collectAngularErrors(page);
const journey = [
'/ops/policy/packs',
'/ops/policy/overview',
'/ops/policy/governance',
'/ops/policy/vex',
'/ops/policy/packs',
];
for (const route of journey) {
await go(page, route);
await ensureShell(page);
}
expect(errors, `Angular errors: ${errors.join('\n')}`).toHaveLength(0);
});
});