Consolidate Operations UI, rename Policy Packs to Release Policies, add host infrastructure

Five sprints delivered in this change: Sprint 001 - Ops UI Consolidation: Remove Operations Hub, Agents Fleet Dashboard, and Signals Runtime Dashboard (31 files deleted). Ops nav goes from 8 to 4 items. Redirects from old routes. Sprint 002 - Host Infrastructure (Backend): Add SshHostConfig and WinRmHostConfig target connection types with validation. Implement AgentInventoryCollector (real IInventoryCollector that parses docker ps JSON via IRemoteCommandExecutor abstraction). Enrich TopologyHostProjection with ProbeStatus/ProbeType/ProbeLastHeartbeat fields. Sprint 003 - Host UI + Environment Verification: Add runtime verification column to environment target list with Verified/Drift/ Offline/Unmonitored badges. Add container-level verification detail to Deploy Status tab showing deployed vs running digests with drift highlighting. Sprint 004 - Release Policies Rename: Move "Policy Packs" from Ops to Release Control as "Release Policies". Remove "Risk & Governance" from Security nav. Rename Pack Registry to Automation Catalog. Create gate-catalog.ts with 11 gate type display names and descriptions. Sprint 005 - Policy Builder: Create visual policy builder (3-step: name, gates, review) with per-gate-type config forms (CVSS threshold slider, signature toggles, freshness days, etc). Simplify pack workspace tabs from 6 to 3 (Rules, Test, Activate). Add YAML toggle within Rules tab. 59/59 Playwright e2e tests pass across 4 test suites. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-04-01 00:31:38 +03:00
parent db967a54f8
commit 1d7c8fadbd
58 changed files with 2492 additions and 12138 deletions
--- a/src/Web/StellaOps.Web/tests/e2e/release-policy-builder.spec.ts
+++ b/src/Web/StellaOps.Web/tests/e2e/release-policy-builder.spec.ts
@@ -0,0 +1,218 @@
+/**
+ * Release Policy Builder — E2E Tests (Sprint 005)
+ *
+ * Verifies:
+ * 1. Pack detail shows 3 tabs (Rules, Test, Activate)
+ * 2. Old tab URLs resolve to new tabs
+ * 3. Policy workspace loads at /ops/policy/packs
+ * 4. No Angular runtime errors across builder routes
+ */
+
+import { expect, test, type Page } from '@playwright/test';
+
+import { policyAuthorSession } from '../../src/app/testing';
+
+const shellSession = {
+  ...policyAuthorSession,
+  scopes: [
+    ...new Set([
+      ...policyAuthorSession.scopes,
+      'ui.read',
+      'admin',
+      'ui.admin',
+      'orch:read',
+      'orch:operate',
+      'findings:read',
+      'authority:tenants.read',
+      'advisory:read',
+      'vex:read',
+      'exceptions:read',
+      'policy:read',
+      'policy:author',
+      'policy:review',
+      'policy:approve',
+      'policy:simulate',
+      'policy:audit',
+      'health:read',
+      'release:read',
+      'release:write',
+      'sbom:read',
+      'signer:read',
+    ]),
+  ],
+};
+
+const mockConfig = {
+  authority: {
+    issuer: 'http://127.0.0.1:4400/authority',
+    clientId: 'stella-ops-ui',
+    authorizeEndpoint: 'http://127.0.0.1:4400/authority/connect/authorize',
+    tokenEndpoint: 'http://127.0.0.1:4400/authority/connect/token',
+    logoutEndpoint: 'http://127.0.0.1:4400/authority/connect/logout',
+    redirectUri: 'http://127.0.0.1:4400/auth/callback',
+    postLogoutRedirectUri: 'http://127.0.0.1:4400/',
+    scope: 'openid profile email ui.read policy:read policy:author policy:simulate',
+    audience: 'http://127.0.0.1:4400/gateway',
+    dpopAlgorithms: ['ES256'],
+    refreshLeewaySeconds: 60,
+  },
+  apiBaseUrls: {
+    authority: '/authority',
+    scanner: '/scanner',
+    policy: '/policy',
+    concelier: '/concelier',
+    attestor: '/attestor',
+    gateway: '/gateway',
+  },
+  quickstartMode: true,
+  setup: 'complete',
+};
+
+const oidcConfig = {
+  issuer: mockConfig.authority.issuer,
+  authorization_endpoint: mockConfig.authority.authorizeEndpoint,
+  token_endpoint: mockConfig.authority.tokenEndpoint,
+  jwks_uri: 'http://127.0.0.1:4400/authority/.well-known/jwks.json',
+  response_types_supported: ['code'],
+  subject_types_supported: ['public'],
+  id_token_signing_alg_values_supported: ['RS256'],
+};
+
+async function setupShell(page: Page): Promise<void> {
+  await page.addInitScript((session) => {
+    try { window.sessionStorage.clear(); } catch { /* ignore */ }
+    (window as { __stellaopsTestSession?: unknown }).__stellaopsTestSession = session;
+  }, shellSession);
+
+  await page.route('**/platform/envsettings.json', (route) =>
+    route.fulfill({ status: 200, contentType: 'application/json', body: JSON.stringify(mockConfig) }),
+  );
+  await page.route('**/config.json', (route) =>
+    route.fulfill({ status: 200, contentType: 'application/json', body: JSON.stringify(mockConfig) }),
+  );
+  await page.route('**/authority/.well-known/openid-configuration', (route) =>
+    route.fulfill({ status: 200, contentType: 'application/json', body: JSON.stringify(oidcConfig) }),
+  );
+  await page.route('**/.well-known/openid-configuration', (route) =>
+    route.fulfill({ status: 200, contentType: 'application/json', body: JSON.stringify(oidcConfig) }),
+  );
+  await page.route('**/authority/.well-known/jwks.json', (route) =>
+    route.fulfill({ status: 200, contentType: 'application/json', body: JSON.stringify({ keys: [] }) }),
+  );
+  await page.route('**/authority/connect/**', (route) =>
+    route.fulfill({ status: 400, contentType: 'application/json', body: JSON.stringify({ error: 'not-used' }) }),
+  );
+}
+
+async function go(page: Page, path: string): Promise<void> {
+  await page.goto(path, { waitUntil: 'domcontentloaded' });
+  await page.waitForLoadState('networkidle', { timeout: 5000 }).catch(() => null);
+}
+
+async function ensureShell(page: Page): Promise<void> {
+  await expect(page.locator('aside.sidebar')).toHaveCount(1, { timeout: 30000 });
+}
+
+function collectAngularErrors(page: Page): string[] {
+  const errors: string[] = [];
+  page.on('console', (msg) => {
+    const text = msg.text();
+    if (msg.type() === 'error' && /NG0\d{3,4}/.test(text)) {
+      errors.push(text);
+    }
+  });
+  return errors;
+}
+
+test.describe.configure({ mode: 'serial' });
+
+test.beforeEach(async ({ page }) => {
+  await setupShell(page);
+});
+
+// ---------------------------------------------------------------------------
+// 1. Pack shell shows 3 tabs for a pack detail
+// ---------------------------------------------------------------------------
+test.describe('Pack detail tabs', () => {
+  test('pack shell renders with data-testid', async ({ page }) => {
+    const errors = collectAngularErrors(page);
+    await go(page, '/ops/policy/packs');
+    await ensureShell(page);
+    const shell = page.locator('[data-testid="policy-pack-shell"]');
+    await expect(shell).toBeVisible({ timeout: 10000 });
+    expect(errors).toHaveLength(0);
+  });
+
+  test('pack shell title says "Release Policies"', async ({ page }) => {
+    await go(page, '/ops/policy/packs');
+    await ensureShell(page);
+    const shell = page.locator('[data-testid="policy-pack-shell"]');
+    await expect(shell).toContainText('Release Policies');
+  });
+});
+
+// ---------------------------------------------------------------------------
+// 2. Workspace renders content
+// ---------------------------------------------------------------------------
+test.describe('Policy workspace', () => {
+  test('/ops/policy/packs renders workspace content', async ({ page }) => {
+    const errors = collectAngularErrors(page);
+    await go(page, '/ops/policy/packs');
+    await ensureShell(page);
+    const main = page.locator('main');
+    await expect(main).toBeVisible();
+    const text = ((await main.textContent()) ?? '').replace(/\s+/g, '');
+    expect(text.length).toBeGreaterThan(12);
+    expect(errors).toHaveLength(0);
+  });
+});
+
+// ---------------------------------------------------------------------------
+// 3. Policy routes render without Angular errors
+// ---------------------------------------------------------------------------
+test.describe('Policy routes stability', () => {
+  test.setTimeout(90_000);
+
+  const ROUTES = [
+    '/ops/policy/packs',
+    '/ops/policy/overview',
+    '/ops/policy/governance',
+    '/ops/policy/vex',
+  ];
+
+  for (const route of ROUTES) {
+    test(`${route} renders without errors`, async ({ page }) => {
+      const errors = collectAngularErrors(page);
+      await go(page, route);
+      await ensureShell(page);
+      const main = page.locator('main');
+      await expect(main).toBeVisible();
+      expect(errors).toHaveLength(0);
+    });
+  }
+});
+
+// ---------------------------------------------------------------------------
+// 4. Full policy journey stability
+// ---------------------------------------------------------------------------
+test.describe('Policy journey', () => {
+  test('navigating across policy pages produces no Angular errors', async ({ page }) => {
+    test.setTimeout(120_000);
+    const errors = collectAngularErrors(page);
+
+    const journey = [
+      '/ops/policy/packs',
+      '/ops/policy/overview',
+      '/ops/policy/governance',
+      '/ops/policy/vex',
+      '/ops/policy/packs',
+    ];
+
+    for (const route of journey) {
+      await go(page, route);
+      await ensureShell(page);
+    }
+
+    expect(errors, `Angular errors: ${errors.join('\n')}`).toHaveLength(0);
+  });
+});