stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 1 Releases Wiki Activity

feat: Implement console session management with tenant and profile handling

Browse Source 
- Add ConsoleSessionStore for managing console session state including tenants, profile, and token information.
- Create OperatorContextService to manage operator context for orchestrator actions.
- Implement OperatorMetadataInterceptor to enrich HTTP requests with operator context metadata.
- Develop ConsoleProfileComponent to display user profile and session details, including tenant information and access tokens.
- Add corresponding HTML and SCSS for ConsoleProfileComponent to enhance UI presentation.
- Write unit tests for ConsoleProfileComponent to ensure correct rendering and functionality.
This commit is contained in:
master
2025-10-28 09:58:55 +02:00
parent 4d932cc1ba
commit 4e3e575db5
501 changed files with 51904 additions and 6663 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
docs/ui/policies.md
View File

@@ -13,12 +13,13 @@ The Policies workspace centralises authoring, simulation, review, and promotion
- `/console/policies` (list)
- `/console/policies/:policyId` (details)
- `/console/policies/:policyId/:revision` (editor, approvals, runs)
- **Scopes:**
- **Scopes / roles:**
- `policy:read` (list and details)
- `policy:write` (edit drafts, run lint/compile)
- `policy:submit`, `policy:review`, `policy:approve` (workflow actions)
- `policy:runs` (view run history)
- `policy:author` (edit drafts, run lint/compile)
- `policy:review`, `policy:approve` (workflow actions)
- `policy:operate` (promotions, run orchestration)
- `policy:simulate` (run simulations)
- `policy:audit` (download audit bundles)
- `effective:write` (promotion visibility only; actual write remains server-side)
- **Feature flags:** `policy.studio.enabled`, `policy.simulation.diff`, `policy.runCharts.enabled`, `policy.offline.bundleUpload`.
- **Dependencies:** Policy Engine v2 APIs (`/policies`, `/policy/runs`, `/policy/simulations`), Policy Studio Monaco assets, Authority fresh-auth flows for critical operations.
@@ -112,10 +113,11 @@ The editor view reuses the structure documented in `/docs/ui/policy-editor.md` a
| Role | Scopes | Capabilities |
|------|--------|--------------|
| **Author** | `policy:read`, `policy:write`, `policy:simulate` | Create drafts, run lint/simulations, comment. |
| **Author** | `policy:read`, `policy:author`, `policy:simulate` | Create drafts, run lint/simulations, comment. |
| **Reviewer** | `policy:read`, `policy:review`, `policy:simulate` | Leave review comments, request changes. |
| **Approver** | `policy:read`, `policy:approve`, `policy:runs`, `policy:simulate` | Approve/promote, trigger runs, view run history. |
| **Operator** | `policy:read`, `policy:runs`, `policy:simulate`, `effective:write` | Schedule promotions, monitor runs (no editing). |
| **Approver** | `policy:read`, `policy:approve`, `policy:operate`, `policy:simulate` | Approve/promote, trigger runs, view run history. |
| **Operator** | `policy:read`, `policy:operate`, `policy:simulate`, `effective:write` | Schedule promotions, monitor runs (no editing). |
| **Auditor** | `policy:read`, `policy:audit`, `policy:simulate` | View immutable history, export audit bundles. |
| **Admin** | Above plus Authority admin scopes | Manage roles, configure escalation chains. |
UI disables controls not allowed by current scope and surfaces tooltip with required scope names. Audit log captures denied attempts (`policy.ui.action_denied`).
@@ -188,4 +190,3 @@ UI disables controls not allowed by current scope and surfaces tooltip with requ
---
*Last updated: 2025-10-26 (Sprint 23).*