feat: Implement console session management with tenant and profile handling

- Add ConsoleSessionStore for managing console session state including tenants, profile, and token information.
- Create OperatorContextService to manage operator context for orchestrator actions.
- Implement OperatorMetadataInterceptor to enrich HTTP requests with operator context metadata.
- Develop ConsoleProfileComponent to display user profile and session details, including tenant information and access tokens.
- Add corresponding HTML and SCSS for ConsoleProfileComponent to enhance UI presentation.
- Write unit tests for ConsoleProfileComponent to ensure correct rendering and functionality.

ops/devops/release/verify_release.py

@@ -238,6 +238,60 @@ def verify_debug_store(manifest: Mapping[str, Any], release_dir: pathlib.Path, e
                     f"(recorded {artefact_sha}, computed {actual_sha})"
                 )
 
+def verify_signature(signature: Mapping[str, Any], release_dir: pathlib.Path, label: str, component_name: str, errors: list[str]) -> None:
+    sig_path_value = signature.get("path")
+    if not sig_path_value:
+        errors.append(f"{component_name}: {label} signature missing path.")
+        return
+    sig_path = resolve_path(str(sig_path_value), release_dir)
+    if not sig_path.exists():
+        errors.append(f"{component_name}: {label} signature missing → {sig_path}")
+        return
+    recorded_sha = signature.get("sha256")
+    if recorded_sha:
+        actual_sha = compute_sha256(sig_path)
+        if actual_sha != recorded_sha:
+            errors.append(
+                f"{component_name}: {label} signature SHA mismatch for {sig_path} "
+                f"(recorded {recorded_sha}, computed {actual_sha})"
+            )
+
+
+def verify_cli_entries(manifest: Mapping[str, Any], release_dir: pathlib.Path, errors: list[str]) -> None:
+    cli_entries = manifest.get("cli")
+    if not cli_entries:
+        return
+    if not isinstance(cli_entries, list):
+        errors.append("CLI manifest section must be a list.")
+        return
+    for entry in cli_entries:
+        if not isinstance(entry, Mapping):
+            errors.append("CLI entry must be a mapping.")
+            continue
+        runtime = entry.get("runtime", "<unknown>")
+        component_name = f"cli[{runtime}]"
+        archive = entry.get("archive")
+        if not isinstance(archive, Mapping):
+            errors.append(f"{component_name}: archive metadata missing or invalid.")
+        else:
+            verify_artifact_entry(archive, release_dir, "archive", component_name, errors)
+            signature = archive.get("signature")
+            if isinstance(signature, Mapping):
+                verify_signature(signature, release_dir, "archive", component_name, errors)
+            elif signature is not None:
+                errors.append(f"{component_name}: archive signature must be an object.")
+        sbom = entry.get("sbom")
+        if sbom:
+            if not isinstance(sbom, Mapping):
+                errors.append(f"{component_name}: sbom entry must be a mapping.")
+            else:
+                verify_artifact_entry(sbom, release_dir, "sbom", component_name, errors)
+                signature = sbom.get("signature")
+                if isinstance(signature, Mapping):
+                    verify_signature(signature, release_dir, "sbom", component_name, errors)
+                elif signature is not None:
+                    errors.append(f"{component_name}: sbom signature must be an object.")
+
 
 def verify_release(release_dir: pathlib.Path) -> None:
     if not release_dir.exists():
@@ -246,6 +300,7 @@ def verify_release(release_dir: pathlib.Path) -> None:
     errors: list[str] = []
     verify_manifest_hashes(manifest, release_dir, errors)
     verify_components(manifest, release_dir, errors)
+    verify_cli_entries(manifest, release_dir, errors)
     verify_collections(manifest, release_dir, errors)
     verify_debug_store(manifest, release_dir, errors)
     if errors: