stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity

feat(ui): ship unified audit surfaces

Browse Source
This commit is contained in:
master
2026-03-08 02:16:20 +02:00
parent 6e00a48e00
commit 484abe0039
27 changed files with 673 additions and 55 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
src/Web/StellaOps.Web/src/app/core/navigation/navigation.config.ts
View File

@@ -513,50 +513,50 @@ export const NAVIGATION_GROUPS: NavGroup[] = [
{
id: 'audit',
label: 'Unified Audit Log',
route: '/admin/audit',
route: '/evidence/audit-log',
icon: 'log',
tooltip: 'Cross-module audit trail and compliance reporting',
children: [
{
id: 'audit-dashboard',
label: 'Dashboard',
route: '/admin/audit',
route: '/evidence/audit-log',
tooltip: 'Audit log overview and stats',
},
{
id: 'audit-events',
label: 'All Events',
route: '/admin/audit/events',
route: '/evidence/audit-log/events',
tooltip: 'Browse all audit events with filters',
},
{
id: 'audit-policy',
label: 'Policy Audit',
route: '/admin/audit/policy',
route: '/evidence/audit-log/policy',
tooltip: 'Policy promotions and approvals',
},
{
id: 'audit-authority',
label: 'Authority Audit',
route: '/admin/audit/authority',
route: '/evidence/audit-log/authority',
tooltip: 'Token lifecycle and incidents',
},
{
id: 'audit-vex',
label: 'VEX Audit',
route: '/admin/audit/vex',
route: '/evidence/audit-log/vex',
tooltip: 'VEX decisions and consensus',
},
{
id: 'audit-integrations',
label: 'Integration Audit',
route: '/admin/audit/integrations',
route: '/evidence/audit-log/integrations',
tooltip: 'Integration configuration changes',
},
{
id: 'audit-export',
label: 'Export',
route: '/admin/audit/export',
route: '/evidence/audit-log/export',
tooltip: 'Export audit logs for compliance',
},
],

4
src/Web/StellaOps.Web/src/app/features/audit-log/audit-anomalies.component.ts
View File

@@ -13,7 +13,7 @@ import { AuditAnomalyAlert } from '../../core/api/audit-log.models';
<div class="anomalies-page">
<header class="page-header">
<div class="breadcrumb">
<a routerLink="/admin/audit">Audit Log</a> / Anomaly Alerts
<a routerLink="/evidence/audit-log">Audit Log</a> / Anomaly Alerts
</div>
<h1>Anomaly Detection Alerts</h1>
<p class="description">Unusual audit patterns detected by anomaly detection</p>
@@ -44,7 +44,7 @@ import { AuditAnomalyAlert } from '../../core/api/audit-log.models';
} @else {
<div class="alert-actions">
<button class="btn-primary" (click)="acknowledge(alert.id)">Acknowledge</button>
<a [routerLink]="['/admin/audit/events']" [queryParams]="{ids: alert.affectedEvents.join(',')}" class="btn-secondary">
<a [routerLink]="['/evidence/audit-log/events']" [queryParams]="{ids: alert.affectedEvents.join(',')}" class="btn-secondary">
View Events
</a>
</div>

4
src/Web/StellaOps.Web/src/app/features/audit-log/audit-authority.component.ts
View File

@@ -13,7 +13,7 @@ import { AuditEvent } from '../../core/api/audit-log.models';
<div class="authority-audit-page">
<header class="page-header">
<div class="breadcrumb">
<a routerLink="/admin/audit">Audit Log</a> / Authority Audit
<a routerLink="/evidence/audit-log">Audit Log</a> / Authority Audit
</div>
<h1>Authority Audit Events</h1>
<p class="description">Token lifecycle, revocations, air-gap events, and incidents</p>
@@ -39,7 +39,7 @@ import { AuditEvent } from '../../core/api/audit-log.models';
</thead>
<tbody>
@for (event of events(); track event.id) {
<tr [routerLink]="['/admin/audit/events', event.id]" class="clickable" [class]="event.severity">
<tr [routerLink]="['/evidence/audit-log/events', event.id]" class="clickable" [class]="event.severity">
<td class="mono">{{ formatTime(event.timestamp) }}</td>
<td><span class="badge action" [class]="event.action">{{ event.action }}</span></td>
<td class="mono token-id">{{ truncateId(getDetail(event, 'tokenId')) }}</td>

6
src/Web/StellaOps.Web/src/app/features/audit-log/audit-correlations.component.ts
View File

@@ -13,7 +13,7 @@ import { AuditCorrelationCluster } from '../../core/api/audit-log.models';
<div class="correlations-page">
<header class="page-header">
<div class="breadcrumb">
<a routerLink="/admin/audit">Audit Log</a> / Correlations
<a routerLink="/evidence/audit-log">Audit Log</a> / Correlations
</div>
<h1>Event Correlations</h1>
<p class="description">Events clustered by causality and correlation IDs</p>
@@ -32,7 +32,7 @@ import { AuditCorrelationCluster } from '../../core/api/audit-log.models';
</div>
<div class="root-event">
<h3>Root Event</h3>
<div class="event-card" [routerLink]="['/admin/audit/events', cluster.rootEvent.id]">
<div class="event-card" [routerLink]="['/evidence/audit-log/events', cluster.rootEvent.id]">
<span class="badge module" [class]="cluster.rootEvent.module">{{ cluster.rootEvent.module }}</span>
<span class="badge action" [class]="cluster.rootEvent.action">{{ cluster.rootEvent.action }}</span>
<span class="desc">{{ cluster.rootEvent.description }}</span>
@@ -42,7 +42,7 @@ import { AuditCorrelationCluster } from '../../core/api/audit-log.models';
<div class="related-events">
<h3>Related Events</h3>
@for (event of cluster.relatedEvents; track event.id) {
<div class="event-card" [routerLink]="['/admin/audit/events', event.id]">
<div class="event-card" [routerLink]="['/evidence/audit-log/events', event.id]">
<span class="badge module" [class]="event.module">{{ event.module }}</span>
<span class="badge action" [class]="event.action">{{ event.action }}</span>
<span class="desc">{{ event.description }}</span>

8
src/Web/StellaOps.Web/src/app/features/audit-log/audit-event-detail.component.ts
View File

@@ -13,8 +13,8 @@ import { AuditEvent, AuditCorrelationCluster } from '../../core/api/audit-log.mo
<div class="event-detail-page">
<header class="page-header">
<div class="breadcrumb">
<a routerLink="/admin/audit">Audit Log</a> /
<a routerLink="/admin/audit/events">Events</a> /
<a routerLink="/evidence/audit-log">Audit Log</a> /
<a routerLink="/evidence/audit-log/events">Events</a> /
{{ event()?.id?.slice(0, 8) }}...
</div>
<h1>Event Details</h1>
@@ -68,7 +68,7 @@ import { AuditEvent, AuditCorrelationCluster } from '../../core/api/audit-log.mo
@if (event()?.correlationId) {
<div class="detail-item">
<span class="label">Correlation ID</span>
<a class="value mono link" [routerLink]="['/admin/audit/correlations']" [queryParams]="{id: event()?.correlationId}">
<a class="value mono link" [routerLink]="['/evidence/audit-log/correlations']" [queryParams]="{id: event()?.correlationId}">
{{ event()?.correlationId }}
</a>
</div>
@@ -147,7 +147,7 @@ import { AuditEvent, AuditCorrelationCluster } from '../../core/api/audit-log.mo
</thead>
<tbody>
@for (related of correlation()?.relatedEvents; track related.id) {
<tr [routerLink]="['/admin/audit/events', related.id]" [class.current]="related.id === event()?.id">
<tr [routerLink]="['/evidence/audit-log/events', related.id]" [class.current]="related.id === event()?.id">
<td class="mono">{{ formatTimestamp(related.timestamp) }}</td>
<td><span class="badge module" [class]="related.module">{{ related.module }}</span></td>
<td><span class="badge action" [class]="related.action">{{ related.action }}</span></td>

2
src/Web/StellaOps.Web/src/app/features/audit-log/audit-export.component.ts
View File

@@ -14,7 +14,7 @@ import { AuditExportRequest, AuditExportResponse, AuditLogFilters, AuditModule,
<div class="export-page">
<header class="page-header">
<div class="breadcrumb">
<a routerLink="/admin/audit">Audit Log</a> / Export
<a routerLink="/evidence/audit-log">Audit Log</a> / Export
</div>
<h1>Export Audit Log</h1>
<p class="description">Export audit events for compliance reporting and archival</p>

2
src/Web/StellaOps.Web/src/app/features/audit-log/audit-integrations.component.ts
View File

@@ -13,7 +13,7 @@ import { AuditEvent } from '../../core/api/audit-log.models';
<div class="integrations-audit-page">
<header class="page-header">
<div class="breadcrumb">
<a routerLink="/admin/audit">Audit Log</a> / Integration Audit
<a routerLink="/evidence/audit-log">Audit Log</a> / Integration Audit
</div>
<h1>Integration Audit Events</h1>
<p class="description">Integration configuration changes, connections, and health events</p>

4
src/Web/StellaOps.Web/src/app/features/audit-log/audit-log-table.component.ts
View File

@@ -14,7 +14,7 @@ import { AuditEvent, AuditLogFilters, AuditModule, AuditAction, AuditSeverity }
<div class="audit-table-page">
<header class="page-header">
<div class="breadcrumb">
<a routerLink="/admin/audit">Audit Log</a> / All Events
<a routerLink="/evidence/audit-log">Audit Log</a> / All Events
</div>
<h1>Audit Events</h1>
</header>
@@ -177,7 +177,7 @@ import { AuditEvent, AuditLogFilters, AuditModule, AuditAction, AuditSeverity }
@if (selectedEvent()?.correlationId) {
<div class="detail-row">
<span class="label">Correlation ID:</span>
<a class="value mono link" [routerLink]="['/admin/audit/correlations']" [queryParams]="{id: selectedEvent()?.correlationId}">{{ selectedEvent()?.correlationId }}</a>
<a class="value mono link" [routerLink]="['/evidence/audit-log/correlations']" [queryParams]="{id: selectedEvent()?.correlationId}">{{ selectedEvent()?.correlationId }}</a>
</div>
}
@if (selectedEvent()?.tags?.length) {

4
src/Web/StellaOps.Web/src/app/features/audit-log/audit-policy.component.ts
View File

@@ -13,7 +13,7 @@ import { AuditEvent } from '../../core/api/audit-log.models';
<div class="policy-audit-page">
<header class="page-header">
<div class="breadcrumb">
<a routerLink="/admin/audit">Audit Log</a> / Policy Audit
<a routerLink="/evidence/audit-log">Audit Log</a> / Policy Audit
</div>
<h1>Policy Audit Events</h1>
<p class="description">Policy promotions, simulations, approvals, and lint events</p>
@@ -41,7 +41,7 @@ import { AuditEvent } from '../../core/api/audit-log.models';
</thead>
<tbody>
@for (event of events(); track event.id) {
<tr [routerLink]="['/admin/audit/events', event.id]" class="clickable">
<tr [routerLink]="['/evidence/audit-log/events', event.id]" class="clickable">
<td class="mono">{{ formatTime(event.timestamp) }}</td>
<td><span class="badge action" [class]="event.action">{{ event.action }}</span></td>
<td>{{ getDetail(event, 'packName') || getDetail(event, 'packId') || '-' }}</td>

4
src/Web/StellaOps.Web/src/app/features/audit-log/audit-timeline-search.component.ts
View File

@@ -14,7 +14,7 @@ import { AuditTimelineEntry } from '../../core/api/audit-log.models';
<div class="timeline-page">
<header class="page-header">
<div class="breadcrumb">
<a routerLink="/admin/audit">Audit Log</a> / Timeline Search
<a routerLink="/evidence/audit-log">Audit Log</a> / Timeline Search
</div>
<h1>Timeline Search</h1>
<p class="description">Search across all indexed audit events using TimelineIndexer</p>
@@ -47,7 +47,7 @@ import { AuditTimelineEntry } from '../../core/api/audit-log.models';
}
<div class="entry-events">
@for (event of entry.events; track event.id) {
<div class="event-item" [routerLink]="['/admin/audit/events', event.id]">
<div class="event-item" [routerLink]="['/evidence/audit-log/events', event.id]">
<span class="badge module" [class]="event.module">{{ event.module }}</span>
<span class="badge action" [class]="event.action">{{ event.action }}</span>
<span class="actor">{{ event.actor.name }}</span>

4
src/Web/StellaOps.Web/src/app/features/audit-log/audit-vex.component.ts
View File

@@ -13,7 +13,7 @@ import { AuditEvent } from '../../core/api/audit-log.models';
<div class="vex-audit-page">
<header class="page-header">
<div class="breadcrumb">
<a routerLink="/admin/audit">Audit Log</a> / VEX Audit
<a routerLink="/evidence/audit-log">Audit Log</a> / VEX Audit
</div>
<h1>VEX Audit Events</h1>
<p class="description">VEX decisions, consensus votes, and rejected claims</p>
@@ -33,7 +33,7 @@ import { AuditEvent } from '../../core/api/audit-log.models';
</thead>
<tbody>
@for (event of events(); track event.id) {
<tr [routerLink]="['/admin/audit/events', event.id]" class="clickable">
<tr [routerLink]="['/evidence/audit-log/events', event.id]" class="clickable">
<td class="mono">{{ formatTime(event.timestamp) }}</td>
<td><span class="badge action" [class]="event.action">{{ event.action }}</span></td>
<td class="mono">{{ truncateId(getDetail(event, 'vexId')) }}</td>

1
src/Web/StellaOps.Web/src/app/features/evidence-audit/evidence-audit-overview.component.ts
View File

@@ -116,6 +116,7 @@ type EvidenceHomeMode = 'normal' | 'degraded' | 'empty';
<section class="shortcuts-section" aria-label="Evidence home shortcuts">
<h2 class="section-title">Shortcuts</h2>
<div class="shortcut-links">
<a routerLink="/evidence/audit-log" class="shortcut-link">Audit Log</a>
<a routerLink="/evidence/exports" class="shortcut-link">Export Center</a>
<a routerLink="/releases/bundles" class="shortcut-link">Evidence Bundles</a>
<a routerLink="/evidence/verify-replay" class="shortcut-link">Replay &amp; Verify</a>

2
src/Web/StellaOps.Web/src/app/features/quota-dashboard/tenant-quota-detail.component.ts
View File

@@ -555,7 +555,7 @@ export class TenantQuotaDetailComponent implements OnInit, OnDestroy {
viewAuditLog(): void {
const tenantId = this.breakdown()?.tenantId;
if (tenantId) {
window.location.href = `/admin/audit?tenantId=${tenantId}`;
window.location.href = `/evidence/audit-log?tenantId=${encodeURIComponent(tenantId)}`;
}
}

45
src/Web/StellaOps.Web/src/app/routes/administration.routes.ts
View File

@@ -44,6 +44,30 @@ function redirectToDecisioning(path: string) {
};
}
function redirectToEvidence(path: string) {
return ({
params,
queryParams,
fragment,
}: {
params: Record<string, string>;
queryParams: Record<string, string>;
fragment?: string | null;
}) => {
const router = inject(Router);
let targetPath = path;
for (const [name, value] of Object.entries(params ?? {})) {
targetPath = targetPath.replaceAll(`:${name}`, encodeURIComponent(value));
}
const target = router.parseUrl(targetPath);
target.queryParams = { ...queryParams };
target.fragment = fragment ?? null;
return target;
};
}
export const ADMINISTRATION_ROUTES: Routes = [
// A0 — Administration overview
{
@@ -245,6 +269,27 @@ export const ADMINISTRATION_ROUTES: Routes = [
},
// A6 — Trust & Signing
{
path: 'audit',
title: 'Unified Audit Log',
data: { breadcrumb: 'Unified Audit Log' },
redirectTo: redirectToEvidence('/evidence/audit-log'),
pathMatch: 'full',
},
{
path: 'audit/:page',
title: 'Unified Audit Log',
data: { breadcrumb: 'Unified Audit Log' },
redirectTo: redirectToEvidence('/evidence/audit-log/:page'),
pathMatch: 'full',
},
{
path: 'audit/:page/:child',
title: 'Unified Audit Log',
data: { breadcrumb: 'Unified Audit Log' },
redirectTo: redirectToEvidence('/evidence/audit-log/:page/:child'),
pathMatch: 'full',
},
{
path: 'trust-signing',
title: 'Trust & Signing',

15
src/Web/StellaOps.Web/src/app/routes/legacy-redirects.routes.ts
View File

@@ -203,6 +203,21 @@ export const LEGACY_REDIRECT_ROUTE_TEMPLATES: readonly LegacyRedirectRouteTempla
redirectTo: '/ops/policy/simulation/:page',
pathMatch: 'full',
},
{
path: 'admin/audit',
redirectTo: '/evidence/audit-log',
pathMatch: 'full',
},
{
path: 'admin/audit/:page',
redirectTo: '/evidence/audit-log/:page',
pathMatch: 'full',
},
{
path: 'admin/audit/:page/:child',
redirectTo: '/evidence/audit-log/:page/:child',
pathMatch: 'full',
},
{
path: 'ops/health',
redirectTo: '/ops/operations/health-slo',

9
src/Web/StellaOps.Web/src/tests/administration/administration-routes.spec.ts
View File

@@ -60,6 +60,15 @@ describe('ADMINISTRATION_ROUTES (administration)', () => {
expect(typeof route?.redirectTo).toBe('function');
});
it('audit route is preserved as an Administration alias into the evidence-owned audit shell', () => {
const route = ADMINISTRATION_ROUTES.find((r) => r.path === 'audit');
const deepRoute = ADMINISTRATION_ROUTES.find((r) => r.path === 'audit/:page/:child');
expect(route).toBeDefined();
expect(typeof route?.redirectTo).toBe('function');
expect(deepRoute).toBeDefined();
expect(typeof deepRoute?.redirectTo).toBe('function');
});
it('policy-governance breadcrumb is canonical (no Release Control ownership)', () => {
const route = ADMINISTRATION_ROUTES.find((r) => r.path === 'policy-governance');
expect(route?.data?.['breadcrumb']).toBe('Policy Governance');

28
src/Web/StellaOps.Web/src/tests/audit_log/unified-audit-log-viewer.behavior.spec.ts
View File

@@ -4,6 +4,7 @@ import { of } from 'rxjs';
import { routes } from '../../app/app.routes';
import { AuditLogClient } from '../../app/core/api/audit-log.client';
import { NAVIGATION_GROUPS } from '../../app/core/navigation/navigation.config';
import type {
AuditAnomalyAlert,
AuditEvent,
@@ -11,6 +12,7 @@ import type {
AuditStatsSummary,
} from '../../app/core/api/audit-log.models';
import { auditLogRoutes } from '../../app/features/audit-log/audit-log.routes';
import { LEGACY_REDIRECT_ROUTE_TEMPLATES } from '../../app/routes/legacy-redirects.routes';
import { AuditLogDashboardComponent } from '../../app/features/audit-log/audit-log-dashboard.component';
import { AuditLogTableComponent } from '../../app/features/audit-log/audit-log-table.component';
@@ -99,10 +101,7 @@ const anomaliesFixture: AuditAnomalyAlert[] = [
];
describe('unified-audit-log-viewer behavior', () => {
it('declares canonical evidence route without legacy admin/audit alias', () => {
const legacyAlias = routes.find((route) => route.path === 'admin/audit');
expect(legacyAlias).toBeUndefined();
it('keeps evidence canonical while preserving admin audit aliases', () => {
const canonicalRoute = routes.find((route) => route.path === 'evidence');
expect(canonicalRoute).toBeDefined();
expect(typeof canonicalRoute?.loadChildren).toBe('function');
@@ -121,6 +120,27 @@ describe('unified-audit-log-viewer behavior', () => {
'vex',
'integrations',
]);
expect(LEGACY_REDIRECT_ROUTE_TEMPLATES).toEqual(
jasmine.arrayContaining([
jasmine.objectContaining({
path: 'admin/audit',
redirectTo: '/evidence/audit-log',
}),
jasmine.objectContaining({
path: 'admin/audit/:page',
redirectTo: '/evidence/audit-log/:page',
}),
jasmine.objectContaining({
path: 'admin/audit/:page/:child',
redirectTo: '/evidence/audit-log/:page/:child',
}),
]),
);
const adminGroup = NAVIGATION_GROUPS.find((group) => group.id === 'admin');
const auditItem = adminGroup?.items.find((item) => item.id === 'audit');
expect(auditItem?.route).toBe('/evidence/audit-log');
});
});

29
src/Web/StellaOps.Web/src/tests/evidence-audit/evidence-audit-overview.component.spec.ts
View File

@@ -28,32 +28,19 @@ describe('EvidenceAuditOverviewComponent (evidence-audit)', () => {
expect(text).toContain('Expiring trust/certs');
});
it('keeps the 5 required pack shortcuts including trust ownership deep-link', () => {
it('keeps the canonical audit and evidence shortcuts on the overview page', () => {
const fixture = TestBed.createComponent(EvidenceAuditOverviewComponent);
fixture.detectChanges();
const links = Array.from(fixture.nativeElement.querySelectorAll('a')) as HTMLAnchorElement[];
const trustLink = links.find((link) =>
link.getAttribute('href')?.includes('/evidence-audit/trust-signing')
);
const exportLink = links.find((link) =>
link.getAttribute('href')?.includes('/evidence-audit/evidence')
);
const bundlesLink = links.find((link) =>
link.getAttribute('href')?.includes('/evidence-audit/bundles')
);
const replayLink = links.find((link) =>
link.getAttribute('href')?.includes('/evidence-audit/replay')
);
const proofsLink = links.find((link) =>
link.getAttribute('href')?.includes('/evidence-audit/proofs')
);
const hrefs = links.map((link) => link.getAttribute('href') ?? '');
expect(trustLink).toBeTruthy();
expect(exportLink).toBeTruthy();
expect(bundlesLink).toBeTruthy();
expect(replayLink).toBeTruthy();
expect(proofsLink).toBeTruthy();
expect(hrefs).toContain('/evidence/audit-log');
expect(hrefs).toContain('/evidence/exports');
expect(hrefs).toContain('/releases/bundles');
expect(hrefs).toContain('/evidence/verify-replay');
expect(hrefs).toContain('/evidence/capsules');
expect(hrefs).toContain('/setup/trust-signing');
});
it('supports degraded state banner', () => {

1
src/Web/StellaOps.Web/src/tests/evidence-audit/evidence-audit-routes.spec.ts
View File

@@ -18,6 +18,7 @@ describe('EVIDENCE_ROUTES (pre-alpha)', () => {
'verify-replay',
'proofs',
'exports',
'proof-chain',
'audit-log',
]);
});

4
src/Web/StellaOps.Web/src/tests/navigation/legacy-redirects.spec.ts
View File

@@ -31,6 +31,10 @@ describe('Legacy redirect policy', () => {
path: 'admin/policy/governance',
redirectTo: '/ops/policy/governance',
}),
jasmine.objectContaining({
path: 'admin/audit',
redirectTo: '/evidence/audit-log',
}),
]),
);
});

245
src/Web/StellaOps.Web/tests/e2e/unified-audit-surfaces.spec.ts Normal file
View File

@@ -0,0 +1,245 @@
import { expect, test, type Page, type Route } from '@playwright/test';
import type { StubAuthSession } from '../../src/app/testing/auth-fixtures';
const auditSession: StubAuthSession = {
subjectId: 'audit-e2e-user',
tenant: 'tenant-default',
scopes: [
'ui.read',
'ui.admin',
'release:read',
'policy:audit',
'authority:audit.read',
'signer:read',
'vex:export',
],
};
const mockConfig = {
authority: {
issuer: '/authority',
clientId: 'stella-ops-ui',
authorizeEndpoint: '/authority/connect/authorize',
tokenEndpoint: '/authority/connect/token',
logoutEndpoint: '/authority/connect/logout',
redirectUri: 'https://127.0.0.1:4400/auth/callback',
postLogoutRedirectUri: 'https://127.0.0.1:4400/',
scope: 'openid profile email ui.read',
audience: '/gateway',
dpopAlgorithms: ['ES256'],
refreshLeewaySeconds: 60,
},
apiBaseUrls: {
authority: '/authority',
scanner: '/scanner',
policy: '/policy',
concelier: '/concelier',
attestor: '/attestor',
gateway: '/gateway',
},
quickstartMode: true,
setup: 'complete',
};
const auditEventsPage = {
items: [
{
id: 'evt-001',
timestamp: '2026-03-07T10:00:00Z',
module: 'policy',
action: 'update',
severity: 'warning',
actor: { id: 'actor-1', name: 'Audit Operator', type: 'user' },
resource: { type: 'policy-pack', id: 'pack-001', name: 'Core Policy Pack' },
description: 'Updated the production policy pack.',
details: { changedFields: ['riskBudget'] },
tags: ['policy', 'prod'],
correlationId: 'corr-001',
tenantId: 'tenant-default',
},
{
id: 'evt-002',
timestamp: '2026-03-07T09:45:00Z',
module: 'vex',
action: 'approve',
severity: 'info',
actor: { id: 'actor-2', name: 'Security Reviewer', type: 'user' },
resource: { type: 'vex-statement', id: 'stmt-002', name: 'CVE-2026-0002' },
description: 'Approved the VEX resolution.',
details: { outcome: 'approved' },
tags: ['vex'],
correlationId: 'corr-002',
tenantId: 'tenant-default',
},
],
cursor: 'cursor-next',
hasMore: true,
};
const auditStats = {
period: {
start: '2026-03-01T00:00:00Z',
end: '2026-03-07T23:59:59Z',
},
totalEvents: 24,
byModule: {
authority: 3,
policy: 9,
jobengine: 2,
integrations: 4,
vex: 6,
scanner: 0,
attestor: 0,
sbom: 0,
scheduler: 0,
},
byAction: {
create: 1,
update: 12,
delete: 0,
promote: 1,
demote: 0,
revoke: 0,
issue: 0,
refresh: 0,
test: 0,
fail: 0,
complete: 0,
start: 0,
submit: 0,
approve: 10,
reject: 0,
sign: 0,
verify: 0,
rotate: 0,
enable: 0,
disable: 0,
deadletter: 0,
replay: 0,
},
bySeverity: {
info: 8,
warning: 12,
error: 3,
critical: 1,
},
topActors: [],
topResources: [],
};
const auditAnomalies = [
{
id: 'anomaly-1',
detectedAt: '2026-03-07T11:00:00Z',
type: 'unusual_pattern',
severity: 'warning',
description: 'Burst of policy mutations in the last hour.',
affectedEvents: ['evt-001'],
acknowledged: false,
},
];
async function fulfillJson(route: Route, body: unknown): Promise<void> {
await route.fulfill({
status: 200,
contentType: 'application/json',
body: JSON.stringify(body),
});
}
async function setupHarness(page: Page): Promise<void> {
await page.addInitScript((session) => {
(window as { __stellaopsTestSession?: unknown }).__stellaopsTestSession = session;
}, auditSession);
await page.route('**/platform/envsettings.json', (route) => fulfillJson(route, mockConfig));
await page.route('**/config.json', (route) => fulfillJson(route, mockConfig));
await page.route('**/.well-known/openid-configuration', (route) =>
fulfillJson(route, {
issuer: 'https://127.0.0.1:4400/authority',
authorization_endpoint: 'https://127.0.0.1:4400/authority/connect/authorize',
token_endpoint: 'https://127.0.0.1:4400/authority/connect/token',
jwks_uri: 'https://127.0.0.1:4400/authority/.well-known/jwks.json',
response_types_supported: ['code'],
subject_types_supported: ['public'],
id_token_signing_alg_values_supported: ['RS256'],
}),
);
await page.route('**/authority/.well-known/jwks.json', (route) => fulfillJson(route, { keys: [] }));
await page.route('**/console/profile**', (route) =>
fulfillJson(route, {
subjectId: auditSession.subjectId,
username: 'audit-e2e',
displayName: 'Audit E2E',
tenant: auditSession.tenant,
roles: ['admin'],
scopes: auditSession.scopes,
}),
);
await page.route('**/console/token/introspect**', (route) =>
fulfillJson(route, {
active: true,
tenant: auditSession.tenant,
subject: auditSession.subjectId,
scopes: auditSession.scopes,
}),
);
await page.route('**/api/v2/context/regions', (route) =>
fulfillJson(route, [{ regionId: 'eu-west', displayName: 'EU West', sortOrder: 1, enabled: true }]),
);
await page.route('**/api/v2/context/environments**', (route) =>
fulfillJson(route, [
{
environmentId: 'prod-eu',
regionId: 'eu-west',
environmentType: 'prod',
displayName: 'Prod EU',
sortOrder: 1,
enabled: true,
},
]),
);
await page.route('**/api/v2/context/preferences', (route) =>
fulfillJson(route, {
tenantId: auditSession.tenant,
actorId: auditSession.subjectId,
regions: ['eu-west'],
environments: ['prod-eu'],
timeWindow: '24h',
stage: 'all',
updatedAt: '2026-03-07T12:00:00Z',
updatedBy: auditSession.subjectId,
}),
);
await page.route('**/api/v1/audit/stats**', (route) => fulfillJson(route, auditStats));
await page.route('**/api/v1/audit/events**', (route) => fulfillJson(route, auditEventsPage));
await page.route('**/api/v1/audit/anomalies**', (route) => fulfillJson(route, auditAnomalies));
}
test.beforeEach(async ({ page }) => {
await setupHarness(page);
});
test('renders the canonical evidence-owned audit dashboard and events journey', async ({ page }) => {
await page.goto('/evidence/audit-log', { waitUntil: 'networkidle' });
await expect(page.getByRole('heading', { name: 'Unified Audit Log' })).toBeVisible();
await expect(page.getByText('Cross-module audit trail visibility for compliance and governance')).toBeVisible();
await expect(page.getByRole('link', { name: 'View All Events' })).toBeVisible();
await page.getByRole('link', { name: 'View All Events' }).click();
await expect(page).toHaveURL(/\/evidence\/audit-log\/events$/);
await expect(page.getByText('All Events')).toBeVisible();
await expect(page.locator('table.events-table')).toBeVisible();
await expect(page.getByText('Updated the production policy pack.')).toBeVisible();
});
test('redirects old admin audit bookmarks into the canonical evidence route with query context', async ({ page }) => {
await page.goto('/admin/audit?tenantId=tenant-default', { waitUntil: 'networkidle' });
await expect(page).toHaveURL(/\/evidence\/audit-log\?.*tenantId=tenant-default/);
await expect(page.getByRole('heading', { name: 'Unified Audit Log' })).toBeVisible();
await expect(page.getByText('Total Events (7d)')).toBeVisible();
});