feat: Implement console session management with tenant and profile handling

- Add ConsoleSessionStore for managing console session state including tenants, profile, and token information. - Create OperatorContextService to manage operator context for orchestrator actions. - Implement OperatorMetadataInterceptor to enrich HTTP requests with operator context metadata. - Develop ConsoleProfileComponent to display user profile and session details, including tenant information and access tokens. - Add corresponding HTML and SCSS for ConsoleProfileComponent to enhance UI presentation. - Write unit tests for ConsoleProfileComponent to ensure correct rendering and functionality.
2025-10-28 09:58:55 +02:00
parent 4d932cc1ba
commit 4e3e575db5
501 changed files with 51904 additions and 6663 deletions
--- a/docs/updates/2025-10-27-console-security-signoff.md
+++ b/docs/updates/2025-10-27-console-security-signoff.md
@@ -0,0 +1,48 @@
+# Console Security Checklist Sign-off — 2025-10-27
+
+## Summary
+
+- Security Guild completed the console security compliance checklist from [`docs/security/console-security.md`](../security/console-security.md) against the Sprint 23 build.
+- No blocking findings. One observability note (raise Grafana burn-rate alert to SLO board) was addressed during the run; no follow-up tickets required.
+- Result: **PASS** – console may progress with Sprint 23 release gating.
+
+## Authority client validation
+
+- Ran `stella authority clients show console-ui` in staging; confirmed `pkce.enforced=true`, `dpop.required=true`, and `claim.requireTenant=true`.
+- Verified scope bundle matches §3 (baseline `ui.read`, admin set, and per-feature scopes). Results archived under `ops/evidence/console-ui-client-2025-10-27.json`.
+
+## CSP enforcement
+
+- Inspected rendered response headers via `curl -I https://console.stg.stellaops.local/` – CSP matches §4 defaults (`default-src 'self'`, `connect-src 'self' https://*.internal`), HSTS + Referrer-Policy present.
+- Helm overrides reviewed (`deploy/helm/stellaops/values-prod.yaml`); no extra origins declared.
+
+## Fresh-auth timer
+
+- Executed Playwright admin flow: promoted policy revisions twice; observed fresh-auth modal after 5 minutes idle.
+- Authority audit feed shows `authority.fresh_auth.success` and `authority.policy.promote` entries sharing correlation IDs.
+
+## DPoP binding test
+
+- Replayed captured bearer token without DPoP proof; Gateway returned `401` and incremented `ui_dpop_failure_total`.
+- Confirmed logs contain `ui.security.anomaly` event with matching `traceId`.
+
+## Offline mode exercise
+
+- Deployed console with `console.offlineMode=true`; Offline banner rendered, SSE disabled, CLI guidance surfaced on runs/downloads pages.
+- Imported Offline Kit manifest; parity checks report `OK` status.
+
+## Evidence parity
+
+- Downloaded run evidence bundle via UI, re-exported via CLI `stella runs export --run <id>`; SHA-256 digests match.
+- Verified Downloads workspace never caches bundle contents (only manifest metadata stored).
+
+## Monitoring & alerts
+
+- Grafana board `console-security.json` linked to alerts: `ui_request_duration_seconds` burn-rate, DPoP failure count, downloads manifest verification failures.
+- PagerDuty playbook references `docs/security/console-security.md` §6 for incident steps.
+
+## Sign-off
+
+- Reviewed by **Security Guild** (lead: `@sec-lfox`).  
+- Sign-off recorded in Sprint 23 tracker (`SPRINTS.md`, `DOCS-CONSOLE-23-018`).
+