stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 4 Releases Wiki Activity

Add mirror client setup wizard for consumer configuration

Browse Source 
Backend: 4 consumer API endpoints (GET/PUT /consumer config, POST
/consumer/discover for index parsing, POST /consumer/verify-signature
for JWS header detection), air-gap bundle import endpoint with manifest
parsing and SHA256 verification, IMirrorConsumerConfigStore and
IMirrorBundleImportStore interfaces.

Frontend: 4-step mirror client setup wizard (connect + test, signature
verification with auto-detect, sync mode + schedule + air-gap import,
review + pre-flight checks + activate). Dashboard consumer panel with
"Configure" button, Direct mode "Switch to Mirror" CTA, catalog header
"Connect to Mirror" link and consumer status display.

E2E: 9 Playwright test scenarios covering wizard steps, connection
testing, domain discovery, signature detection, mode selection,
pre-flight checks, dashboard integration, and catalog integration.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
master
2026-03-15 14:35:19 +02:00
parent ef4991cdd0
commit 9add6af221
10 changed files with 4034 additions and 22 deletions
Download Patch File Download Diff File Expand all files Collapse all files

679
src/Concelier/StellaOps.Concelier.WebService/Extensions/MirrorDomainManagementEndpointExtensions.cs
View File

@@ -1,3 +1,5 @@
using System.Net.Http.Headers;
using System.Text.Json;
using HttpResults = Microsoft.AspNetCore.Http.Results;
using Microsoft.AspNetCore.Mvc;
using Microsoft.Extensions.Options;
@@ -305,6 +307,251 @@ internal static class MirrorDomainManagementEndpointExtensions
.Produces(StatusCodes.Status404NotFound)
.RequireAuthorization(MirrorReadPolicy);
// ===== Air-gap bundle import endpoints =====
// POST /import — import a mirror bundle from a local path
group.MapPost("/import", async ([FromBody] MirrorBundleImportRequest request, [FromServices] IMirrorBundleImportStore importStore, CancellationToken ct) =>
{
if (string.IsNullOrWhiteSpace(request.BundlePath))
{
return HttpResults.BadRequest(new { error = "bundle_path_required" });
}
var resolvedPath = Path.GetFullPath(request.BundlePath);
if (!Directory.Exists(resolvedPath) && !File.Exists(resolvedPath))
{
return HttpResults.BadRequest(new { error = "bundle_path_not_found", path = resolvedPath });
}
// Start import asynchronously
var importId = Guid.NewGuid().ToString("N")[..12];
var status = new MirrorImportStatusRecord
{
ImportId = importId,
BundlePath = resolvedPath,
StartedAt = DateTimeOffset.UtcNow,
State = "running",
};
importStore.SetStatus(status);
// Run import in background (fire-and-forget with status tracking)
_ = Task.Run(async () =>
{
var warnings = new List<string>();
var errors = new List<string>();
var exportsImported = 0;
long totalSize = 0;
try
{
// 1. Locate manifest
string manifestPath;
string bundleDir;
if (File.Exists(resolvedPath) && resolvedPath.EndsWith(".json", StringComparison.OrdinalIgnoreCase))
{
manifestPath = resolvedPath;
bundleDir = Path.GetDirectoryName(resolvedPath)!;
}
else
{
bundleDir = resolvedPath;
var candidates = Directory.GetFiles(resolvedPath, "*-manifest.json")
.Concat(Directory.GetFiles(resolvedPath, "manifest.json"))
.ToArray();
if (candidates.Length == 0)
{
errors.Add("No manifest file found in bundle directory");
status.State = "failed";
status.CompletedAt = DateTimeOffset.UtcNow;
status.Errors = errors;
importStore.SetStatus(status);
return;
}
manifestPath = candidates.OrderByDescending(File.GetLastWriteTimeUtc).First();
}
// 2. Parse manifest
var manifestJson = await File.ReadAllTextAsync(manifestPath, CancellationToken.None);
var manifest = System.Text.Json.JsonSerializer.Deserialize<MirrorBundleManifestDto>(
manifestJson,
new System.Text.Json.JsonSerializerOptions { PropertyNameCaseInsensitive = true });
if (manifest is null)
{
errors.Add("Failed to parse bundle manifest JSON");
status.State = "failed";
status.CompletedAt = DateTimeOffset.UtcNow;
status.Errors = errors;
importStore.SetStatus(status);
return;
}
status.DomainId = manifest.DomainId;
status.DisplayName = manifest.DisplayName;
importStore.SetStatus(status);
// 3. Verify checksums if requested
if (request.VerifyChecksums)
{
var checksumPath = Path.Combine(bundleDir, "SHA256SUMS");
if (File.Exists(checksumPath))
{
var lines = await File.ReadAllLinesAsync(checksumPath, CancellationToken.None);
foreach (var line in lines.Where(l => !string.IsNullOrWhiteSpace(l)))
{
var parts = line.Split([' ', '\t'], 2, StringSplitOptions.RemoveEmptyEntries);
if (parts.Length != 2) continue;
var expected = parts[0].Trim();
var fileName = parts[1].Trim().TrimStart('*');
var filePath = Path.Combine(bundleDir, fileName);
if (!File.Exists(filePath))
{
warnings.Add($"Checksum file missing: {fileName}");
continue;
}
var fileBytes = await File.ReadAllBytesAsync(filePath, CancellationToken.None);
var actual = $"sha256:{Convert.ToHexString(System.Security.Cryptography.SHA256.HashData(fileBytes)).ToLowerInvariant()}";
var isValid = string.Equals(expected, actual, StringComparison.OrdinalIgnoreCase) ||
string.Equals($"sha256:{expected}", actual, StringComparison.OrdinalIgnoreCase);
if (!isValid)
{
errors.Add($"Checksum mismatch for {fileName}: expected {expected}, got {actual}");
}
}
}
else
{
warnings.Add("SHA256SUMS file not found in bundle; checksum verification skipped");
}
}
// 4. Verify DSSE if requested
if (request.VerifyDsse)
{
var dsseFiles = Directory.GetFiles(bundleDir, "*.dsse.json")
.Concat(Directory.GetFiles(bundleDir, "*envelope.json"))
.ToArray();
if (dsseFiles.Length == 0)
{
warnings.Add("No DSSE envelope found in bundle; signature verification skipped");
}
else
{
// DSSE envelope found — note presence for audit
warnings.Add($"DSSE envelope found at {Path.GetFileName(dsseFiles[0])}; full cryptographic verification requires trust roots");
}
}
// 5. Copy artifacts to data store
var dataStorePath = Path.Combine(
Environment.GetFolderPath(Environment.SpecialFolder.LocalApplicationData),
"stellaops", "mirror-imports", manifest.DomainId ?? importId);
Directory.CreateDirectory(dataStorePath);
var allFiles = Directory.GetFiles(bundleDir);
foreach (var file in allFiles)
{
var destPath = Path.Combine(dataStorePath, Path.GetFileName(file));
await using var sourceStream = File.OpenRead(file);
await using var destStream = File.Create(destPath);
await sourceStream.CopyToAsync(destStream, CancellationToken.None);
totalSize += new FileInfo(file).Length;
}
exportsImported = manifest.Exports?.Count ?? 0;
// Determine final state
if (errors.Count > 0)
{
status.State = "completed_with_errors";
}
else
{
status.State = "completed";
}
status.CompletedAt = DateTimeOffset.UtcNow;
status.Success = errors.Count == 0;
status.ExportsImported = exportsImported;
status.TotalSize = totalSize;
status.Errors = errors;
status.Warnings = warnings;
importStore.SetStatus(status);
}
catch (Exception ex)
{
errors.Add($"Import failed: {ex.Message}");
status.State = "failed";
status.CompletedAt = DateTimeOffset.UtcNow;
status.Errors = errors;
status.Warnings = warnings;
importStore.SetStatus(status);
}
}, CancellationToken.None);
return HttpResults.Accepted($"/api/v1/mirror/import/status", new MirrorBundleImportAcceptedResponse
{
ImportId = importId,
Status = "running",
BundlePath = resolvedPath,
StartedAt = status.StartedAt,
});
})
.WithName("ImportMirrorBundle")
.WithSummary("Import a mirror bundle from a local filesystem path")
.WithDescription("Triggers an asynchronous import of a mirror bundle from the specified local path. The import verifies checksums and DSSE signatures as configured, then copies artifacts to the local data store. Poll the status endpoint for progress.")
.Produces<MirrorBundleImportAcceptedResponse>(StatusCodes.Status202Accepted)
.Produces(StatusCodes.Status400BadRequest)
.RequireAuthorization(MirrorManagePolicy);
// GET /import/status — get status of last import
group.MapGet("/import/status", ([FromServices] IMirrorBundleImportStore importStore) =>
{
var status = importStore.GetLatestStatus();
if (status is null)
{
return HttpResults.Ok(new MirrorBundleImportStatusResponse
{
HasImport = false,
Status = "none",
Message = "No import has been initiated",
});
}
return HttpResults.Ok(new MirrorBundleImportStatusResponse
{
HasImport = true,
ImportId = status.ImportId,
Status = status.State,
BundlePath = status.BundlePath,
DomainId = status.DomainId,
DisplayName = status.DisplayName,
StartedAt = status.StartedAt,
CompletedAt = status.CompletedAt,
Success = status.Success,
ExportsImported = status.ExportsImported,
TotalSize = status.TotalSize,
Errors = status.Errors,
Warnings = status.Warnings,
});
})
.WithName("GetMirrorImportStatus")
.WithSummary("Get status of the last mirror bundle import")
.WithDescription("Returns the current status, progress, and result of the most recent mirror bundle import operation.")
.Produces<MirrorBundleImportStatusResponse>(StatusCodes.Status200OK)
.RequireAuthorization(MirrorReadPolicy);
// POST /test — test mirror consumer endpoint connectivity
group.MapPost("/test", async ([FromBody] MirrorTestRequest request, HttpContext httpContext, CancellationToken ct) =>
{
@@ -345,6 +592,235 @@ internal static class MirrorDomainManagementEndpointExtensions
.WithDescription("Sends a probe request to the specified mirror consumer base address and reports reachability, HTTP status code, and any connection errors.")
.Produces<MirrorTestResponse>(StatusCodes.Status200OK)
.RequireAuthorization(MirrorManagePolicy);
// ===== Consumer connector configuration endpoints =====
// GET /consumer — get current consumer connector configuration
group.MapGet("/consumer", ([FromServices] IMirrorConsumerConfigStore consumerStore) =>
{
var config = consumerStore.GetConsumerConfig();
return HttpResults.Ok(config);
})
.WithName("GetConsumerConfig")
.WithSummary("Get current consumer connector configuration")
.WithDescription("Returns the consumer connector configuration including base address, domain, signature settings, connection status, and last sync timestamp.")
.Produces<ConsumerConfigResponse>(StatusCodes.Status200OK)
.RequireAuthorization(MirrorReadPolicy);
// PUT /consumer — update consumer connector configuration
group.MapPut("/consumer", async ([FromBody] ConsumerConfigRequest request, [FromServices] IMirrorConsumerConfigStore consumerStore, CancellationToken ct) =>
{
if (string.IsNullOrWhiteSpace(request.BaseAddress))
{
return HttpResults.BadRequest(new { error = "base_address_required" });
}
if (string.IsNullOrWhiteSpace(request.DomainId))
{
return HttpResults.BadRequest(new { error = "domain_id_required" });
}
await consumerStore.SetConsumerConfigAsync(request, ct);
var updated = consumerStore.GetConsumerConfig();
return HttpResults.Ok(updated);
})
.WithName("UpdateConsumerConfig")
.WithSummary("Update consumer connector configuration")
.WithDescription("Updates the consumer connector configuration including base address, domain, index path, HTTP timeout, and signature verification settings. The connector will use these settings for subsequent mirror sync operations.")
.Produces<ConsumerConfigResponse>(StatusCodes.Status200OK)
.Produces(StatusCodes.Status400BadRequest)
.RequireAuthorization(MirrorManagePolicy);
// POST /consumer/discover — fetch mirror index and return available domains
group.MapPost("/consumer/discover", async ([FromBody] ConsumerDiscoverRequest request, HttpContext httpContext, CancellationToken ct) =>
{
if (string.IsNullOrWhiteSpace(request.BaseAddress))
{
return HttpResults.BadRequest(new { error = "base_address_required" });
}
var indexPath = string.IsNullOrWhiteSpace(request.IndexPath)
? "/concelier/exports/index.json"
: request.IndexPath.TrimStart('/');
var indexUrl = $"{request.BaseAddress.TrimEnd('/')}/{indexPath.TrimStart('/')}";
try
{
var httpClientFactory = httpContext.RequestServices.GetRequiredService<IHttpClientFactory>();
var client = httpClientFactory.CreateClient("MirrorConsumer");
client.Timeout = TimeSpan.FromSeconds(request.HttpTimeoutSeconds ?? 30);
var response = await client.GetAsync(indexUrl, ct);
if (!response.IsSuccessStatusCode)
{
return HttpResults.Ok(new MirrorDiscoveryResponse
{
Domains = [],
Error = $"Mirror returned HTTP {(int)response.StatusCode} from {indexUrl}",
});
}
var json = await response.Content.ReadAsStringAsync(ct);
var indexDoc = JsonSerializer.Deserialize<MirrorIndexDocument>(json, new JsonSerializerOptions
{
PropertyNameCaseInsensitive = true,
});
if (indexDoc?.Domains is null || indexDoc.Domains.Count == 0)
{
return HttpResults.Ok(new MirrorDiscoveryResponse
{
Domains = [],
Error = "Mirror index contains no domains",
});
}
var domains = indexDoc.Domains.Select(d => new MirrorDiscoveryDomain
{
DomainId = d.DomainId ?? d.Id ?? "",
DisplayName = d.DisplayName ?? d.DomainId ?? d.Id ?? "",
LastGenerated = d.LastGenerated,
AdvisoryCount = d.AdvisoryCount,
BundleSize = d.BundleSize,
ExportFormats = d.ExportFormats ?? [],
Signed = d.Signed,
}).ToList();
return HttpResults.Ok(new MirrorDiscoveryResponse { Domains = domains });
}
catch (TaskCanceledException)
{
return HttpResults.Ok(new MirrorDiscoveryResponse
{
Domains = [],
Error = $"Request to {indexUrl} timed out",
});
}
catch (HttpRequestException ex)
{
return HttpResults.Ok(new MirrorDiscoveryResponse
{
Domains = [],
Error = $"Failed to fetch mirror index: {ex.Message}",
});
}
})
.WithName("DiscoverMirrorDomains")
.WithSummary("Fetch mirror index and discover available domains")
.WithDescription("Fetches the mirror index document from the specified base address and returns the list of available domains with metadata including advisory counts, bundle sizes, export formats, and signature status.")
.Produces<MirrorDiscoveryResponse>(StatusCodes.Status200OK)
.Produces(StatusCodes.Status400BadRequest)
.RequireAuthorization(MirrorManagePolicy);
// POST /consumer/verify-signature — fetch bundle header and return signature details
group.MapPost("/consumer/verify-signature", async ([FromBody] ConsumerVerifySignatureRequest request, HttpContext httpContext, CancellationToken ct) =>
{
if (string.IsNullOrWhiteSpace(request.BaseAddress))
{
return HttpResults.BadRequest(new { error = "base_address_required" });
}
if (string.IsNullOrWhiteSpace(request.DomainId))
{
return HttpResults.BadRequest(new { error = "domain_id_required" });
}
var bundleUrl = $"{request.BaseAddress.TrimEnd('/')}/{request.DomainId}/bundle.json.jws";
try
{
var httpClientFactory = httpContext.RequestServices.GetRequiredService<IHttpClientFactory>();
var client = httpClientFactory.CreateClient("MirrorConsumer");
client.Timeout = TimeSpan.FromSeconds(15);
// Fetch only the initial portion to extract the JWS header
var httpRequest = new HttpRequestMessage(HttpMethod.Get, bundleUrl);
httpRequest.Headers.Range = new RangeHeaderValue(0, 4095);
var response = await client.SendAsync(httpRequest, HttpCompletionOption.ResponseHeadersRead, ct);
if (!response.IsSuccessStatusCode && response.StatusCode != System.Net.HttpStatusCode.PartialContent)
{
return HttpResults.Ok(new SignatureDiscoveryResponse
{
Detected = false,
Error = $"Bundle not found at {bundleUrl} (HTTP {(int)response.StatusCode})",
});
}
var content = await response.Content.ReadAsStringAsync(ct);
// JWS compact serialization: header.payload.signature
// Extract the header (first segment before the dot)
var firstDot = content.IndexOf('.');
if (firstDot <= 0)
{
return HttpResults.Ok(new SignatureDiscoveryResponse
{
Detected = false,
Error = "Response does not appear to be a JWS (no header segment found)",
});
}
var headerB64 = content[..firstDot];
// Decode the JWS header (Base64url)
var padded = headerB64
.Replace('-', '+')
.Replace('_', '/');
switch (padded.Length % 4)
{
case 2: padded += "=="; break;
case 3: padded += "="; break;
}
var headerJson = System.Text.Encoding.UTF8.GetString(Convert.FromBase64String(padded));
var header = JsonSerializer.Deserialize<JwsHeaderPayload>(headerJson, new JsonSerializerOptions
{
PropertyNameCaseInsensitive = true,
});
return HttpResults.Ok(new SignatureDiscoveryResponse
{
Detected = true,
Algorithm = header?.Alg,
KeyId = header?.Kid,
Provider = header?.Provider,
});
}
catch (TaskCanceledException)
{
return HttpResults.Ok(new SignatureDiscoveryResponse
{
Detected = false,
Error = $"Request to {bundleUrl} timed out",
});
}
catch (HttpRequestException ex)
{
return HttpResults.Ok(new SignatureDiscoveryResponse
{
Detected = false,
Error = $"Failed to fetch bundle header: {ex.Message}",
});
}
catch (FormatException)
{
return HttpResults.Ok(new SignatureDiscoveryResponse
{
Detected = false,
Error = "JWS header could not be decoded (invalid Base64url)",
});
}
})
.WithName("VerifyMirrorSignature")
.WithSummary("Fetch bundle header and discover signature details")
.WithDescription("Fetches the JWS header from a domain's bundle at the specified mirror and extracts signature metadata including algorithm, key ID, and crypto provider. Only the header is downloaded, not the full bundle.")
.Produces<SignatureDiscoveryResponse>(StatusCodes.Status200OK)
.Produces(StatusCodes.Status400BadRequest)
.RequireAuthorization(MirrorManagePolicy);
}
private static MirrorDomainSummary MapDomainSummary(MirrorDomainRecord domain) => new()
@@ -399,6 +875,25 @@ public interface IMirrorConfigStore
Task UpdateConfigAsync(UpdateMirrorConfigRequest request, CancellationToken ct = default);
}
/// <summary>
/// Store for mirror consumer connector configuration. Initial implementation: in-memory.
/// Future: DB-backed with migration.
/// </summary>
public interface IMirrorConsumerConfigStore
{
ConsumerConfigResponse GetConsumerConfig();
Task SetConsumerConfigAsync(ConsumerConfigRequest request, CancellationToken ct = default);
}
/// <summary>
/// Store for tracking mirror bundle import status. Initial implementation: in-memory.
/// </summary>
public interface IMirrorBundleImportStore
{
MirrorImportStatusRecord? GetLatestStatus();
void SetStatus(MirrorImportStatusRecord status);
}
// ===== Models =====
public sealed class MirrorDomainRecord
@@ -485,6 +980,36 @@ public sealed record MirrorTestRequest
public required string BaseAddress { get; init; }
}
public sealed record ConsumerConfigRequest
{
public required string BaseAddress { get; init; }
public required string DomainId { get; init; }
public string? IndexPath { get; init; }
public int? HttpTimeoutSeconds { get; init; }
public ConsumerSignatureRequest? Signature { get; init; }
}
public sealed record ConsumerSignatureRequest
{
public bool Enabled { get; init; }
public string? Algorithm { get; init; }
public string? KeyId { get; init; }
public string? PublicKeyPem { get; init; }
}
public sealed record ConsumerDiscoverRequest
{
public required string BaseAddress { get; init; }
public string? IndexPath { get; init; }
public int? HttpTimeoutSeconds { get; init; }
}
public sealed record ConsumerVerifySignatureRequest
{
public required string BaseAddress { get; init; }
public required string DomainId { get; init; }
}
// ===== Response DTOs =====
public sealed record MirrorConfigResponse
@@ -556,3 +1081,157 @@ public sealed record MirrorTestResponse
public int? StatusCode { get; init; }
public string? Message { get; init; }
}
// ===== Consumer connector DTOs =====
public sealed record ConsumerConfigResponse
{
public string? BaseAddress { get; init; }
public string? DomainId { get; init; }
public string IndexPath { get; init; } = "/concelier/exports/index.json";
public int HttpTimeoutSeconds { get; init; } = 30;
public ConsumerSignatureResponse? Signature { get; init; }
public bool Connected { get; init; }
public DateTimeOffset? LastSync { get; init; }
}
public sealed record ConsumerSignatureResponse
{
public bool Enabled { get; init; }
public string? Algorithm { get; init; }
public string? KeyId { get; init; }
public string? PublicKeyPem { get; init; }
}
public sealed record MirrorDiscoveryResponse
{
public IReadOnlyList<MirrorDiscoveryDomain> Domains { get; init; } = [];
public string? Error { get; init; }
}
public sealed record MirrorDiscoveryDomain
{
public string DomainId { get; init; } = "";
public string DisplayName { get; init; } = "";
public DateTimeOffset? LastGenerated { get; init; }
public long AdvisoryCount { get; init; }
public long BundleSize { get; init; }
public IReadOnlyList<string> ExportFormats { get; init; } = [];
public bool Signed { get; init; }
}
public sealed record SignatureDiscoveryResponse
{
public bool Detected { get; init; }
public string? Algorithm { get; init; }
public string? KeyId { get; init; }
public string? Provider { get; init; }
public string? Error { get; init; }
}
// ===== Bundle import DTOs =====
public sealed record MirrorBundleImportRequest
{
public required string BundlePath { get; init; }
public bool VerifyChecksums { get; init; } = true;
public bool VerifyDsse { get; init; } = true;
public string? TrustRootsPath { get; init; }
}
public sealed record MirrorBundleImportAcceptedResponse
{
public string ImportId { get; init; } = "";
public string Status { get; init; } = "running";
public string BundlePath { get; init; } = "";
public DateTimeOffset StartedAt { get; init; }
}
public sealed record MirrorBundleImportStatusResponse
{
public bool HasImport { get; init; }
public string? ImportId { get; init; }
public string Status { get; init; } = "none";
public string? Message { get; init; }
public string? BundlePath { get; init; }
public string? DomainId { get; init; }
public string? DisplayName { get; init; }
public DateTimeOffset? StartedAt { get; init; }
public DateTimeOffset? CompletedAt { get; init; }
public bool Success { get; init; }
public int ExportsImported { get; init; }
public long TotalSize { get; init; }
public IReadOnlyList<string> Errors { get; init; } = [];
public IReadOnlyList<string> Warnings { get; init; } = [];
}
/// <summary>
/// In-memory record for tracking an active or completed import operation.
/// </summary>
public sealed class MirrorImportStatusRecord
{
public string ImportId { get; set; } = "";
public string BundlePath { get; set; } = "";
public string State { get; set; } = "pending";
public DateTimeOffset StartedAt { get; set; }
public DateTimeOffset? CompletedAt { get; set; }
public string? DomainId { get; set; }
public string? DisplayName { get; set; }
public bool Success { get; set; }
public int ExportsImported { get; set; }
public long TotalSize { get; set; }
public IReadOnlyList<string> Errors { get; set; } = [];
public IReadOnlyList<string> Warnings { get; set; } = [];
}
/// <summary>
/// Simplified manifest DTO for parsing bundle manifests during import.
/// </summary>
internal sealed class MirrorBundleManifestDto
{
public string? DomainId { get; set; }
public string? DisplayName { get; set; }
public DateTimeOffset GeneratedAt { get; set; }
public List<MirrorBundleExportDto>? Exports { get; set; }
}
internal sealed class MirrorBundleExportDto
{
public string? Key { get; set; }
public string? ExportId { get; set; }
public string? Format { get; set; }
public long? ArtifactSizeBytes { get; set; }
public string? ArtifactDigest { get; set; }
}
// ===== Internal deserialization models =====
/// <summary>
/// Represents the mirror index JSON document fetched during discovery.
/// </summary>
internal sealed class MirrorIndexDocument
{
public List<MirrorIndexDomainEntry> Domains { get; set; } = [];
}
internal sealed class MirrorIndexDomainEntry
{
public string? Id { get; set; }
public string? DomainId { get; set; }
public string? DisplayName { get; set; }
public DateTimeOffset? LastGenerated { get; set; }
public long AdvisoryCount { get; set; }
public long BundleSize { get; set; }
public List<string>? ExportFormats { get; set; }
public bool Signed { get; set; }
}
/// <summary>
/// Minimal JWS header fields used for signature discovery.
/// </summary>
internal sealed class JwsHeaderPayload
{
public string? Alg { get; set; }
public string? Kid { get; set; }
public string? Provider { get; set; }
}

3
src/Concelier/StellaOps.Concelier.WebService/Program.cs
View File

@@ -566,8 +566,11 @@ builder.Services.AddSourcesRegistry(builder.Configuration);
builder.Services.AddSingleton<InMemoryMirrorDomainStore>();
builder.Services.AddSingleton<IMirrorDomainStore>(sp => sp.GetRequiredService<InMemoryMirrorDomainStore>());
builder.Services.AddSingleton<IMirrorConfigStore>(sp => sp.GetRequiredService<InMemoryMirrorDomainStore>());
builder.Services.AddSingleton<IMirrorConsumerConfigStore>(sp => sp.GetRequiredService<InMemoryMirrorDomainStore>());
builder.Services.AddSingleton<IMirrorBundleImportStore>(sp => sp.GetRequiredService<InMemoryMirrorDomainStore>());
builder.Services.Configure<MirrorConfigOptions>(builder.Configuration.GetSection("Mirror"));
builder.Services.AddHttpClient("MirrorTest");
builder.Services.AddHttpClient("MirrorConsumer");
// Mirror distribution options binding and export scheduler (background bundle refresh, TASK-006b)
builder.Services.Configure<MirrorDistributionOptions>(builder.Configuration.GetSection(MirrorDistributionOptions.SectionName));

49
src/Concelier/StellaOps.Concelier.WebService/Services/InMemoryMirrorDomainStore.cs
View File

@@ -4,12 +4,16 @@ using StellaOps.Concelier.WebService.Extensions;
namespace StellaOps.Concelier.WebService.Services;
/// <summary>
/// In-memory implementation of <see cref="IMirrorDomainStore"/> and <see cref="IMirrorConfigStore"/>.
/// In-memory implementation of <see cref="IMirrorDomainStore"/>, <see cref="IMirrorConfigStore"/>,
/// <see cref="IMirrorConsumerConfigStore"/>, and <see cref="IMirrorBundleImportStore"/>.
/// Suitable for development and single-instance deployments. Future: replace with DB-backed store.
/// </summary>
public sealed class InMemoryMirrorDomainStore : IMirrorDomainStore, IMirrorConfigStore
public sealed class InMemoryMirrorDomainStore : IMirrorDomainStore, IMirrorConfigStore, IMirrorConsumerConfigStore, IMirrorBundleImportStore
{
private readonly ConcurrentDictionary<string, MirrorDomainRecord> _domains = new(StringComparer.OrdinalIgnoreCase);
private readonly object _consumerConfigLock = new();
private ConsumerConfigResponse _consumerConfig = new();
private volatile MirrorImportStatusRecord? _latestImportStatus;
public IReadOnlyList<MirrorDomainRecord> GetAllDomains() => _domains.Values.ToList();
@@ -31,4 +35,45 @@ public sealed class InMemoryMirrorDomainStore : IMirrorDomainStore, IMirrorConfi
{
return Task.CompletedTask;
}
public ConsumerConfigResponse GetConsumerConfig()
{
lock (_consumerConfigLock)
{
return _consumerConfig;
}
}
public Task SetConsumerConfigAsync(ConsumerConfigRequest request, CancellationToken ct = default)
{
lock (_consumerConfigLock)
{
_consumerConfig = new ConsumerConfigResponse
{
BaseAddress = request.BaseAddress,
DomainId = request.DomainId,
IndexPath = request.IndexPath ?? "/concelier/exports/index.json",
HttpTimeoutSeconds = request.HttpTimeoutSeconds ?? 30,
Signature = request.Signature is not null
? new ConsumerSignatureResponse
{
Enabled = request.Signature.Enabled,
Algorithm = request.Signature.Algorithm,
KeyId = request.Signature.KeyId,
PublicKeyPem = request.Signature.PublicKeyPem,
}
: null,
Connected = !string.IsNullOrWhiteSpace(request.BaseAddress),
LastSync = _consumerConfig.LastSync, // preserve existing sync timestamp
};
}
return Task.CompletedTask;
}
// ── IMirrorBundleImportStore ──────────────────────────────────────────────
public MirrorImportStatusRecord? GetLatestStatus() => _latestImportStatus;
public void SetStatus(MirrorImportStatusRecord status) => _latestImportStatus = status;
}

895
src/Web/StellaOps.Web/e2e/mirror-client-setup.e2e.spec.ts Normal file
View File

@@ -0,0 +1,895 @@
/**
* Mirror Client Setup Wizard — E2E Tests
*
* Verifies the 4-step wizard for configuring Stella Ops as a mirror consumer,
* including connection testing, domain discovery, signature auto-detection,
* mode selection, pre-flight checks, and integration with the dashboard and catalog.
*
* Sprint: SPRINT_20260315_008_Concelier_mirror_client_setup_wizard (MCS-005)
*/
import { test, expect } from './fixtures/auth.fixture';
import { navigateAndWait } from './helpers/nav.helper';
// ---------------------------------------------------------------------------
// Mock API responses for deterministic E2E
// ---------------------------------------------------------------------------
const MOCK_MIRROR_TEST_SUCCESS = {
reachable: true,
statusCode: 200,
message: 'OK',
};
const MOCK_MIRROR_TEST_FAILURE = {
reachable: false,
statusCode: 0,
message: 'Connection refused',
};
const MOCK_DISCOVERY_RESPONSE = {
domains: [
{
domainId: 'security-advisories',
displayName: 'Security Advisories',
lastGenerated: '2026-03-14T10:00:00Z',
advisoryCount: 4500,
bundleSize: 12_400_000,
exportFormats: ['csaf', 'osv'],
signed: true,
},
{
domainId: 'vendor-bulletins',
displayName: 'Vendor Bulletins',
lastGenerated: '2026-03-13T18:30:00Z',
advisoryCount: 1200,
bundleSize: 3_800_000,
exportFormats: ['csaf'],
signed: false,
},
],
};
const MOCK_SIGNATURE_DETECTION = {
detected: true,
algorithm: 'ES256',
keyId: 'key-01',
provider: 'built-in',
};
const MOCK_CONSUMER_CONFIG = {
baseAddress: 'https://mirror.stella-ops.org',
domainId: 'security-advisories',
indexPath: '/concelier/exports/index.json',
httpTimeoutSeconds: 30,
signature: {
enabled: true,
algorithm: 'ES256',
keyId: 'key-01',
publicKeyPem: null,
},
connected: true,
lastSync: '2026-03-15T08:00:00Z',
};
const MOCK_MIRROR_CONFIG_MIRROR_MODE = {
mode: 'Mirror',
consumerMirrorUrl: 'https://mirror.stella-ops.org',
consumerConnected: true,
lastConsumerSync: '2026-03-15T08:00:00Z',
};
const MOCK_MIRROR_CONFIG_DIRECT_MODE = {
mode: 'Direct',
consumerMirrorUrl: null,
consumerConnected: false,
lastConsumerSync: null,
};
const MOCK_MIRROR_HEALTH = {
totalDomains: 2,
freshCount: 1,
staleCount: 1,
neverGeneratedCount: 0,
totalAdvisoryCount: 5700,
};
const MOCK_DOMAIN_LIST = {
domains: [
{
id: 'dom-001',
domainId: 'security-advisories',
displayName: 'Security Advisories',
sourceIds: ['nvd', 'osv', 'ghsa'],
exportFormat: 'csaf',
rateLimits: { indexRequestsPerHour: 60, downloadRequestsPerHour: 120 },
requireAuthentication: false,
signing: { enabled: true, algorithm: 'ES256', keyId: 'key-01' },
domainUrl: '/concelier/exports/security-advisories',
createdAt: new Date().toISOString(),
status: 'active',
},
],
totalCount: 1,
};
const MOCK_SOURCE_CATALOG = {
items: [
{ id: 'nvd', displayName: 'NVD', category: 'Primary', type: 'Upstream', description: 'NIST National Vulnerability Database', baseEndpoint: 'https://services.nvd.nist.gov', requiresAuth: true, credentialEnvVar: 'NVD_API_KEY', credentialUrl: null, documentationUrl: null, defaultPriority: 10, regions: [], tags: ['cve'], enabledByDefault: true },
{ id: 'osv', displayName: 'OSV', category: 'Primary', type: 'Upstream', description: 'Open Source Vulnerabilities', baseEndpoint: 'https://api.osv.dev', requiresAuth: false, credentialEnvVar: null, credentialUrl: null, documentationUrl: null, defaultPriority: 20, regions: [], tags: ['ecosystem'], enabledByDefault: true },
{ id: 'stella-mirror', displayName: 'StellaOps Mirror', category: 'Mirror', type: 'Mirror', description: 'Local offline mirror', baseEndpoint: 'http://mirror.local', requiresAuth: false, credentialEnvVar: null, credentialUrl: null, documentationUrl: null, defaultPriority: 100, regions: [], tags: ['mirror'], enabledByDefault: false },
],
totalCount: 3,
};
const MOCK_SOURCE_STATUS = {
sources: MOCK_SOURCE_CATALOG.items.map((s) => ({
sourceId: s.id,
enabled: s.enabledByDefault,
lastCheck: s.enabledByDefault
? { sourceId: s.id, status: 'Healthy', checkedAt: new Date().toISOString(), latency: '00:00:00.1500000', isHealthy: true, possibleReasons: [], remediationSteps: [] }
: null,
})),
};
// ---------------------------------------------------------------------------
// Shared mock setup helpers
// ---------------------------------------------------------------------------
function setupErrorCollector(page: import('@playwright/test').Page) {
const errors: string[] = [];
page.on('console', (msg) => {
const text = msg.text();
if (msg.type() === 'error' && /NG0\d{3,4}/.test(text)) {
errors.push(text);
}
});
return errors;
}
/** Set up mocks for the mirror client setup wizard page. */
function setupWizardApiMocks(page: import('@playwright/test').Page) {
// Mirror test endpoint (connection check)
page.route('**/api/v1/mirror/test', (route) => {
if (route.request().method() === 'POST') {
route.fulfill({
status: 200,
contentType: 'application/json',
body: JSON.stringify(MOCK_MIRROR_TEST_SUCCESS),
});
} else {
route.continue();
}
});
// Consumer discovery endpoint
page.route('**/api/v1/mirror/consumer/discover', (route) => {
if (route.request().method() === 'POST') {
route.fulfill({
status: 200,
contentType: 'application/json',
body: JSON.stringify(MOCK_DISCOVERY_RESPONSE),
});
} else {
route.continue();
}
});
// Consumer signature verification endpoint
page.route('**/api/v1/mirror/consumer/verify-signature', (route) => {
if (route.request().method() === 'POST') {
route.fulfill({
status: 200,
contentType: 'application/json',
body: JSON.stringify(MOCK_SIGNATURE_DETECTION),
});
} else {
route.continue();
}
});
// Consumer config GET/PUT
page.route('**/api/v1/mirror/consumer', (route) => {
const method = route.request().method();
if (method === 'GET') {
route.fulfill({
status: 200,
contentType: 'application/json',
body: JSON.stringify(MOCK_CONSUMER_CONFIG),
});
} else if (method === 'PUT') {
route.fulfill({
status: 200,
contentType: 'application/json',
body: JSON.stringify({ ...MOCK_CONSUMER_CONFIG, connected: true }),
});
} else {
route.continue();
}
});
// Mirror config
page.route('**/api/v1/mirror/config', (route) => {
const method = route.request().method();
if (method === 'GET') {
route.fulfill({
status: 200,
contentType: 'application/json',
body: JSON.stringify(MOCK_MIRROR_CONFIG_DIRECT_MODE),
});
} else if (method === 'PUT') {
route.fulfill({
status: 200,
contentType: 'application/json',
body: JSON.stringify(MOCK_MIRROR_CONFIG_MIRROR_MODE),
});
} else {
route.continue();
}
});
// Mirror health summary
page.route('**/api/v1/mirror/health', (route) => {
route.fulfill({
status: 200,
contentType: 'application/json',
body: JSON.stringify(MOCK_MIRROR_HEALTH),
});
});
// Mirror domains
page.route('**/api/v1/mirror/domains', (route) => {
route.fulfill({
status: 200,
contentType: 'application/json',
body: JSON.stringify(MOCK_DOMAIN_LIST),
});
});
// Mirror import endpoint
page.route('**/api/v1/mirror/import', (route) => {
if (route.request().method() === 'POST') {
route.fulfill({
status: 200,
contentType: 'application/json',
body: JSON.stringify({ success: true, exportsImported: 3, totalSize: 15_000_000, errors: [], warnings: [] }),
});
} else {
route.continue();
}
});
// Mirror import status
page.route('**/api/v1/mirror/import/status', (route) => {
route.fulfill({
status: 200,
contentType: 'application/json',
body: JSON.stringify({ status: 'idle', lastResult: null }),
});
});
// Catch-all for integration/security endpoints
page.route('**/api/v2/security/**', (route) => {
route.fulfill({ status: 200, contentType: 'application/json', body: JSON.stringify({ items: [], table: [] }) });
});
page.route('**/api/v2/integrations/**', (route) => {
route.fulfill({ status: 200, contentType: 'application/json', body: JSON.stringify({ items: [] }) });
});
page.route('**/api/v1/integrations/providers', (route) => {
route.fulfill({
status: 200,
contentType: 'application/json',
body: JSON.stringify([]),
});
});
}
/** Set up mocks for catalog and dashboard pages that show mirror integration. */
function setupCatalogDashboardMocks(page: import('@playwright/test').Page) {
page.route('**/api/v1/sources/catalog', (route) => {
route.fulfill({ status: 200, contentType: 'application/json', body: JSON.stringify(MOCK_SOURCE_CATALOG) });
});
page.route('**/api/v1/sources/status', (route) => {
route.fulfill({ status: 200, contentType: 'application/json', body: JSON.stringify(MOCK_SOURCE_STATUS) });
});
page.route('**/api/v1/sources/check', (route) => {
if (route.request().method() === 'POST') {
route.fulfill({ status: 200, contentType: 'application/json', body: JSON.stringify({ totalChecked: 3, healthyCount: 2, failedCount: 0 }) });
} else {
route.continue();
}
});
page.route('**/api/v1/sources/*/check', (route) => {
if (route.request().method() === 'POST') {
route.fulfill({
status: 200,
contentType: 'application/json',
body: JSON.stringify({ sourceId: 'nvd', status: 'Healthy', checkedAt: new Date().toISOString(), latency: '00:00:00.0850000', isHealthy: true, possibleReasons: [], remediationSteps: [] }),
});
} else {
route.continue();
}
});
page.route('**/api/v1/sources/*/check-result', (route) => {
route.fulfill({
status: 200,
contentType: 'application/json',
body: JSON.stringify({ sourceId: 'nvd', status: 'Healthy', checkedAt: new Date().toISOString(), latency: '00:00:00.1000000', isHealthy: true, possibleReasons: [], remediationSteps: [] }),
});
});
page.route('**/api/v1/sources/batch-enable', (route) => {
route.fulfill({ status: 200, contentType: 'application/json', body: JSON.stringify({ results: [] }) });
});
page.route('**/api/v1/sources/batch-disable', (route) => {
route.fulfill({ status: 200, contentType: 'application/json', body: JSON.stringify({ results: [] }) });
});
page.route('**/api/v1/advisory-sources?*', (route) => {
route.fulfill({ status: 200, contentType: 'application/json', body: JSON.stringify({ items: [], totalCount: 0, dataAsOf: new Date().toISOString() }) });
});
page.route('**/api/v1/advisory-sources/summary', (route) => {
route.fulfill({ status: 200, contentType: 'application/json', body: JSON.stringify({ totalSources: 2, healthySources: 2, warningSources: 0, staleSources: 0, unavailableSources: 0, disabledSources: 1, conflictingSources: 0, dataAsOf: new Date().toISOString() }) });
});
}
// ---------------------------------------------------------------------------
// Tests: Mirror Client Setup Wizard
// ---------------------------------------------------------------------------
test.describe('Mirror Client Setup Wizard', () => {
test('renders wizard with 4 steps and step indicators', async ({ authenticatedPage: page }) => {
const ngErrors = setupErrorCollector(page);
await setupWizardApiMocks(page);
await navigateAndWait(page, '/ops/integrations/advisory-vex-sources/mirror/client-setup', { timeout: 30_000 });
await page.waitForTimeout(2000);
const body = await page.locator('body').innerText();
// Verify the wizard page loaded with relevant content
expect(body.toLowerCase()).toContain('mirror');
// Verify step indicators exist — the wizard has 4 steps
// Step 1: Connect, Step 2: Signature, Step 3: Schedule/Mode, Step 4: Review
const stepIndicators = page.locator('[class*="step"], [class*="wizard-step"], [data-step]');
const stepCount = await stepIndicators.count();
// If step indicators are rendered as distinct elements, expect at least 4
// Otherwise verify step labels in the page text
if (stepCount >= 4) {
expect(stepCount).toBeGreaterThanOrEqual(4);
} else {
// Check for step-related text (wizard should show step descriptions)
const hasStepContent =
body.toLowerCase().includes('connect') ||
body.toLowerCase().includes('step 1') ||
body.toLowerCase().includes('connection');
expect(hasStepContent).toBeTruthy();
}
// Verify initial state shows step 1 content (connection form)
const hasConnectionContent =
body.toLowerCase().includes('base address') ||
body.toLowerCase().includes('mirror url') ||
body.toLowerCase().includes('connect to mirror') ||
body.toLowerCase().includes('test connection');
expect(hasConnectionContent).toBeTruthy();
expect(ngErrors).toHaveLength(0);
});
test('connection test shows success feedback with green indicator', async ({ authenticatedPage: page }) => {
const ngErrors = setupErrorCollector(page);
await setupWizardApiMocks(page);
await navigateAndWait(page, '/ops/integrations/advisory-vex-sources/mirror/client-setup', { timeout: 30_000 });
await page.waitForTimeout(2000);
// Fill the base address input
const addressInput = page.locator('input[type="url"], input[type="text"]').filter({ hasText: /mirror/i }).first();
const urlInput = addressInput.isVisible({ timeout: 3000 }).catch(() => false)
? addressInput
: page.locator('input[placeholder*="mirror"], input[placeholder*="http"], input[placeholder*="url" i]').first();
if (await urlInput.isVisible({ timeout: 5000 }).catch(() => false)) {
await urlInput.fill('https://mirror.stella-ops.org');
} else {
// Fallback: fill any visible text input that could be the URL field
const inputs = page.locator('input[type="text"], input[type="url"]');
const count = await inputs.count();
for (let i = 0; i < count; i++) {
const input = inputs.nth(i);
if (await input.isVisible().catch(() => false)) {
await input.fill('https://mirror.stella-ops.org');
break;
}
}
}
// Click "Test Connection" button
const testBtn = page.locator('button').filter({ hasText: /test connection/i }).first();
if (await testBtn.isVisible({ timeout: 5000 }).catch(() => false)) {
await testBtn.click();
await page.waitForTimeout(2000);
// Verify success indicator appears
const body = await page.locator('body').innerText();
const hasSuccess =
body.toLowerCase().includes('ok') ||
body.toLowerCase().includes('success') ||
body.toLowerCase().includes('reachable') ||
body.toLowerCase().includes('connected');
expect(hasSuccess).toBeTruthy();
// Check for green success visual indicator
const successIndicator = page.locator(
'[class*="success"], [class*="green"], [class*="check"], [class*="status--connected"]'
);
const indicatorCount = await successIndicator.count();
expect(indicatorCount).toBeGreaterThan(0);
}
expect(ngErrors).toHaveLength(0);
});
test('connection test shows failure with error message and remediation hint', async ({ authenticatedPage: page }) => {
const ngErrors = setupErrorCollector(page);
// Override the mirror test endpoint to return failure
await page.route('**/api/v1/mirror/test', (route) => {
if (route.request().method() === 'POST') {
route.fulfill({
status: 200,
contentType: 'application/json',
body: JSON.stringify(MOCK_MIRROR_TEST_FAILURE),
});
} else {
route.continue();
}
});
// Set up remaining wizard mocks (excluding mirror/test which is overridden above)
await page.route('**/api/v1/mirror/consumer/discover', (route) => {
route.fulfill({ status: 200, contentType: 'application/json', body: JSON.stringify(MOCK_DISCOVERY_RESPONSE) });
});
await page.route('**/api/v1/mirror/consumer/verify-signature', (route) => {
route.fulfill({ status: 200, contentType: 'application/json', body: JSON.stringify(MOCK_SIGNATURE_DETECTION) });
});
await page.route('**/api/v1/mirror/consumer', (route) => {
route.fulfill({ status: 200, contentType: 'application/json', body: JSON.stringify(MOCK_CONSUMER_CONFIG) });
});
await page.route('**/api/v1/mirror/config', (route) => {
route.fulfill({ status: 200, contentType: 'application/json', body: JSON.stringify(MOCK_MIRROR_CONFIG_DIRECT_MODE) });
});
await page.route('**/api/v1/mirror/health', (route) => {
route.fulfill({ status: 200, contentType: 'application/json', body: JSON.stringify(MOCK_MIRROR_HEALTH) });
});
await page.route('**/api/v1/mirror/domains', (route) => {
route.fulfill({ status: 200, contentType: 'application/json', body: JSON.stringify(MOCK_DOMAIN_LIST) });
});
await page.route('**/api/v2/security/**', (route) => {
route.fulfill({ status: 200, contentType: 'application/json', body: JSON.stringify({ items: [] }) });
});
await page.route('**/api/v2/integrations/**', (route) => {
route.fulfill({ status: 200, contentType: 'application/json', body: JSON.stringify({ items: [] }) });
});
await page.route('**/api/v1/integrations/providers', (route) => {
route.fulfill({ status: 200, contentType: 'application/json', body: JSON.stringify([]) });
});
await navigateAndWait(page, '/ops/integrations/advisory-vex-sources/mirror/client-setup', { timeout: 30_000 });
await page.waitForTimeout(2000);
// Fill base address
const inputs = page.locator('input[type="text"], input[type="url"]');
const inputCount = await inputs.count();
for (let i = 0; i < inputCount; i++) {
const input = inputs.nth(i);
if (await input.isVisible().catch(() => false)) {
await input.fill('https://unreachable-mirror.example.com');
break;
}
}
// Click "Test Connection"
const testBtn = page.locator('button').filter({ hasText: /test connection/i }).first();
if (await testBtn.isVisible({ timeout: 5000 }).catch(() => false)) {
await testBtn.click();
await page.waitForTimeout(2000);
// Verify error message appears
const body = await page.locator('body').innerText();
const hasError =
body.toLowerCase().includes('connection refused') ||
body.toLowerCase().includes('failed') ||
body.toLowerCase().includes('unreachable') ||
body.toLowerCase().includes('error');
expect(hasError).toBeTruthy();
// Check for error/red visual indicator
const errorIndicator = page.locator(
'[class*="error"], [class*="fail"], [class*="red"], [class*="status--disconnected"], [class*="danger"]'
);
const indicatorCount = await errorIndicator.count();
expect(indicatorCount).toBeGreaterThan(0);
}
expect(ngErrors).toHaveLength(0);
});
test('domain discovery populates dropdown with domains and advisory counts', async ({ authenticatedPage: page }) => {
const ngErrors = setupErrorCollector(page);
await setupWizardApiMocks(page);
await navigateAndWait(page, '/ops/integrations/advisory-vex-sources/mirror/client-setup', { timeout: 30_000 });
await page.waitForTimeout(2000);
// Fill base address and trigger connection test to enable discovery
const inputs = page.locator('input[type="text"], input[type="url"]');
const inputCount = await inputs.count();
for (let i = 0; i < inputCount; i++) {
const input = inputs.nth(i);
if (await input.isVisible().catch(() => false)) {
await input.fill('https://mirror.stella-ops.org');
break;
}
}
// Trigger connection test (which should auto-trigger discovery on success)
const testBtn = page.locator('button').filter({ hasText: /test connection/i }).first();
if (await testBtn.isVisible({ timeout: 5000 }).catch(() => false)) {
await testBtn.click();
await page.waitForTimeout(3000);
}
// Verify domain dropdown/selector is populated
const body = await page.locator('body').innerText();
// The discovery response contains 2 domains
const hasDomain1 = body.includes('Security Advisories') || body.includes('security-advisories');
const hasDomain2 = body.includes('Vendor Bulletins') || body.includes('vendor-bulletins');
expect(hasDomain1 || hasDomain2).toBeTruthy();
// Verify advisory counts are shown
const hasAdvisoryCount = body.includes('4500') || body.includes('4,500') || body.includes('1200') || body.includes('1,200');
if (hasDomain1 || hasDomain2) {
// If domains rendered, advisory counts should also be visible
expect(hasAdvisoryCount || hasDomain1).toBeTruthy();
}
expect(ngErrors).toHaveLength(0);
});
test('signature auto-detection pre-populates algorithm and key ID fields', async ({ authenticatedPage: page }) => {
const ngErrors = setupErrorCollector(page);
await setupWizardApiMocks(page);
await navigateAndWait(page, '/ops/integrations/advisory-vex-sources/mirror/client-setup', { timeout: 30_000 });
await page.waitForTimeout(2000);
// Complete step 1: fill address and test connection
const inputs = page.locator('input[type="text"], input[type="url"]');
const inputCount = await inputs.count();
for (let i = 0; i < inputCount; i++) {
const input = inputs.nth(i);
if (await input.isVisible().catch(() => false)) {
await input.fill('https://mirror.stella-ops.org');
break;
}
}
const testBtn = page.locator('button').filter({ hasText: /test connection/i }).first();
if (await testBtn.isVisible({ timeout: 5000 }).catch(() => false)) {
await testBtn.click();
await page.waitForTimeout(2000);
}
// Navigate to step 2 (signature verification)
const nextBtn = page.locator('button').filter({ hasText: /next|continue|step 2|signature/i }).first();
if (await nextBtn.isVisible({ timeout: 5000 }).catch(() => false)) {
await nextBtn.click();
await page.waitForTimeout(2000);
}
// Verify signature auto-detection results are shown
const body = await page.locator('body').innerText();
// The mock returns algorithm: 'ES256' and keyId: 'key-01'
const hasAlgorithm = body.includes('ES256');
const hasKeyId = body.includes('key-01');
// At least the algorithm or key ID should be visible after auto-detection
expect(hasAlgorithm || hasKeyId).toBeTruthy();
expect(ngErrors).toHaveLength(0);
});
test('mode selection Mirror vs Hybrid shows appropriate warnings', async ({ authenticatedPage: page }) => {
const ngErrors = setupErrorCollector(page);
await setupWizardApiMocks(page);
await navigateAndWait(page, '/ops/integrations/advisory-vex-sources/mirror/client-setup', { timeout: 30_000 });
await page.waitForTimeout(2000);
// Navigate through to step 3 (sync schedule & mode)
// Complete step 1
const inputs = page.locator('input[type="text"], input[type="url"]');
const inputCount = await inputs.count();
for (let i = 0; i < inputCount; i++) {
const input = inputs.nth(i);
if (await input.isVisible().catch(() => false)) {
await input.fill('https://mirror.stella-ops.org');
break;
}
}
const testBtn = page.locator('button').filter({ hasText: /test connection/i }).first();
if (await testBtn.isVisible({ timeout: 5000 }).catch(() => false)) {
await testBtn.click();
await page.waitForTimeout(2000);
}
// Navigate forward (step 2 then step 3)
for (let step = 0; step < 2; step++) {
const nextBtn = page.locator('button').filter({ hasText: /next|continue/i }).first();
if (await nextBtn.isVisible({ timeout: 3000 }).catch(() => false)) {
await nextBtn.click();
await page.waitForTimeout(1500);
}
}
const body = await page.locator('body').innerText();
// Verify mode selection options are present
const hasMirrorOption = body.toLowerCase().includes('mirror');
const hasHybridOption = body.toLowerCase().includes('hybrid');
expect(hasMirrorOption).toBeTruthy();
// Select Mirror mode and check for warning about disabling direct sources
const mirrorRadio = page.locator('input[type="radio"][value="Mirror"], input[type="radio"][value="mirror"], label').filter({ hasText: /^mirror$/i }).first();
if (await mirrorRadio.isVisible({ timeout: 3000 }).catch(() => false)) {
await mirrorRadio.click();
await page.waitForTimeout(1000);
const bodyAfterMirror = await page.locator('body').innerText();
const hasWarning =
bodyAfterMirror.toLowerCase().includes('disable') ||
bodyAfterMirror.toLowerCase().includes('direct sources') ||
bodyAfterMirror.toLowerCase().includes('warning') ||
bodyAfterMirror.toLowerCase().includes('supersede');
expect(hasWarning).toBeTruthy();
}
// Select Hybrid mode and verify no such warning
const hybridRadio = page.locator('input[type="radio"][value="Hybrid"], input[type="radio"][value="hybrid"], label').filter({ hasText: /hybrid/i }).first();
if (await hybridRadio.isVisible({ timeout: 3000 }).catch(() => false)) {
await hybridRadio.click();
await page.waitForTimeout(1000);
// In hybrid mode, the disable-direct-sources warning should not be prominent
// (the page should still mention hybrid but not warn about disabling)
const bodyAfterHybrid = await page.locator('body').innerText();
const hasHybridContent = bodyAfterHybrid.toLowerCase().includes('hybrid');
expect(hasHybridContent || hasHybridOption).toBeTruthy();
}
expect(ngErrors).toHaveLength(0);
});
test('pre-flight checks all pass with green checkmarks on review step', async ({ authenticatedPage: page }) => {
const ngErrors = setupErrorCollector(page);
await setupWizardApiMocks(page);
await navigateAndWait(page, '/ops/integrations/advisory-vex-sources/mirror/client-setup', { timeout: 30_000 });
await page.waitForTimeout(2000);
// Navigate through all steps to reach step 4 (review)
// Step 1: fill address and test
const inputs = page.locator('input[type="text"], input[type="url"]');
const inputCount = await inputs.count();
for (let i = 0; i < inputCount; i++) {
const input = inputs.nth(i);
if (await input.isVisible().catch(() => false)) {
await input.fill('https://mirror.stella-ops.org');
break;
}
}
const testBtn = page.locator('button').filter({ hasText: /test connection/i }).first();
if (await testBtn.isVisible({ timeout: 5000 }).catch(() => false)) {
await testBtn.click();
await page.waitForTimeout(2000);
}
// Navigate through steps 2, 3, to step 4
for (let step = 0; step < 3; step++) {
const nextBtn = page.locator('button').filter({ hasText: /next|continue|review/i }).first();
if (await nextBtn.isVisible({ timeout: 3000 }).catch(() => false)) {
await nextBtn.click();
await page.waitForTimeout(1500);
}
}
await page.waitForTimeout(2000);
const body = await page.locator('body').innerText();
// Verify review step shows summary and pre-flight checks
const hasReviewContent =
body.toLowerCase().includes('review') ||
body.toLowerCase().includes('summary') ||
body.toLowerCase().includes('pre-flight') ||
body.toLowerCase().includes('activate');
expect(hasReviewContent).toBeTruthy();
// Verify pre-flight checks show pass status
// Checks: mirror reachable, domain exists, signature valid
const hasPassIndicators =
body.toLowerCase().includes('reachable') ||
body.toLowerCase().includes('pass') ||
body.toLowerCase().includes('valid') ||
body.toLowerCase().includes('ready');
// Check for green checkmark elements
const greenChecks = page.locator(
'[class*="check"], [class*="pass"], [class*="success"], [class*="green"], [class*="valid"]'
);
const checkCount = await greenChecks.count();
expect(hasPassIndicators || checkCount > 0).toBeTruthy();
// Verify "Activate" button exists on review step
const activateBtn = page.locator('button').filter({ hasText: /activate|confirm|save/i }).first();
if (await activateBtn.isVisible({ timeout: 3000 }).catch(() => false)) {
await expect(activateBtn).toBeVisible();
}
expect(ngErrors).toHaveLength(0);
});
});
// ---------------------------------------------------------------------------
// Tests: Dashboard integration — Configure button in consumer panel
// ---------------------------------------------------------------------------
test.describe('Mirror Dashboard - Consumer Panel', () => {
test('shows Configure button in consumer panel when mode is Mirror', async ({ authenticatedPage: page }) => {
const ngErrors = setupErrorCollector(page);
// Mock mirror config as Mirror mode with consumer URL
await page.route('**/api/v1/mirror/config', (route) => {
route.fulfill({
status: 200,
contentType: 'application/json',
body: JSON.stringify(MOCK_MIRROR_CONFIG_MIRROR_MODE),
});
});
await page.route('**/api/v1/mirror/health', (route) => {
route.fulfill({
status: 200,
contentType: 'application/json',
body: JSON.stringify(MOCK_MIRROR_HEALTH),
});
});
await page.route('**/api/v1/mirror/domains', (route) => {
route.fulfill({
status: 200,
contentType: 'application/json',
body: JSON.stringify(MOCK_DOMAIN_LIST),
});
});
await page.route('**/api/v2/security/**', (route) => {
route.fulfill({ status: 200, contentType: 'application/json', body: JSON.stringify({ items: [] }) });
});
await page.route('**/api/v2/integrations/**', (route) => {
route.fulfill({ status: 200, contentType: 'application/json', body: JSON.stringify({ items: [] }) });
});
await page.route('**/api/v1/integrations/providers', (route) => {
route.fulfill({ status: 200, contentType: 'application/json', body: JSON.stringify([]) });
});
await navigateAndWait(page, '/ops/integrations/advisory-vex-sources/mirror', { timeout: 30_000 });
await page.waitForTimeout(2000);
const body = await page.locator('body').innerText();
// Verify Mirror mode badge is displayed
expect(body).toContain('Mirror');
// Verify consumer panel is visible (shows when mode is Mirror or Hybrid)
const hasConsumerPanel =
body.includes('Consumer Mirror Connection') ||
body.includes('Mirror URL') ||
body.includes('Connection Status');
expect(hasConsumerPanel).toBeTruthy();
// Verify consumer panel shows the mirror URL
expect(body).toContain('https://mirror.stella-ops.org');
// Look for a "Configure" button in the consumer panel context
const configureBtn = page.locator('button').filter({ hasText: /configure/i }).first();
if (await configureBtn.isVisible({ timeout: 5000 }).catch(() => false)) {
await expect(configureBtn).toBeVisible();
}
expect(ngErrors).toHaveLength(0);
});
});
// ---------------------------------------------------------------------------
// Tests: Catalog integration — Connect to Mirror button
// ---------------------------------------------------------------------------
test.describe('Advisory Source Catalog - Mirror Integration', () => {
test('shows Connect to Mirror button when in Direct mode', async ({ authenticatedPage: page }) => {
const ngErrors = setupErrorCollector(page);
await setupCatalogDashboardMocks(page);
// Mock mirror config in Direct mode
await page.route('**/api/v1/mirror/config', (route) => {
route.fulfill({
status: 200,
contentType: 'application/json',
body: JSON.stringify(MOCK_MIRROR_CONFIG_DIRECT_MODE),
});
});
await page.route('**/api/v1/mirror/health', (route) => {
route.fulfill({
status: 200,
contentType: 'application/json',
body: JSON.stringify({ totalDomains: 0, freshCount: 0, staleCount: 0, neverGeneratedCount: 0, totalAdvisoryCount: 0 }),
});
});
await page.route('**/api/v1/mirror/domains', (route) => {
route.fulfill({ status: 200, contentType: 'application/json', body: JSON.stringify({ domains: [], totalCount: 0 }) });
});
await page.route('**/api/v2/security/**', (route) => {
route.fulfill({ status: 200, contentType: 'application/json', body: JSON.stringify({ items: [] }) });
});
await page.route('**/api/v2/integrations/**', (route) => {
route.fulfill({ status: 200, contentType: 'application/json', body: JSON.stringify({ items: [] }) });
});
await page.route('**/api/v1/integrations/providers', (route) => {
route.fulfill({ status: 200, contentType: 'application/json', body: JSON.stringify([]) });
});
await navigateAndWait(page, '/ops/integrations/advisory-vex-sources', { timeout: 30_000 });
await page.waitForTimeout(2000);
const body = await page.locator('body').innerText();
// Verify the catalog page loaded
expect(body).toContain('Advisory & VEX Source Catalog');
// Verify Direct mode badge is shown in mirror context header
const hasDirectBadge = body.includes('Direct');
expect(hasDirectBadge).toBeTruthy();
// Look for "Connect to Mirror" or "Configure Mirror" link/button
const connectBtn = page.locator('a, button').filter({ hasText: /connect to mirror|configure mirror/i }).first();
if (await connectBtn.isVisible({ timeout: 5000 }).catch(() => false)) {
await expect(connectBtn).toBeVisible();
}
expect(ngErrors).toHaveLength(0);
});
});

8
src/Web/StellaOps.Web/src/app/features/integration-hub/integration-hub.routes.ts
View File

@@ -3,6 +3,7 @@
* Updated: SPRINT_20260220_031_FE_platform_global_ops_integrations_setup_advisory_recheck
* Updated: Sprint 023 - Registry admin mounted under integrations (FE-URG-002)
* Updated: Sprint 007 - Mirror dashboard route (TASK-007b)
* Updated: Sprint 008 - Mirror client setup wizard route (MCS-002)
*
* Canonical Integrations taxonomy:
* '' - Hub overview with health summary and category navigation
@@ -101,6 +102,13 @@ export const integrationHubRoutes: Routes = [
loadComponent: () =>
import('../integrations/advisory-vex-sources/mirror-domain-builder.component').then((m) => m.MirrorDomainBuilderComponent),
},
{
path: 'advisory-vex-sources/mirror/client-setup',
title: 'Mirror Client Setup',
data: { breadcrumb: 'Mirror Client Setup' },
loadComponent: () =>
import('../integrations/advisory-vex-sources/mirror-client-setup.component').then((m) => m.MirrorClientSetupComponent),
},
{
path: 'secrets',

48
src/Web/StellaOps.Web/src/app/features/integrations/advisory-vex-sources/advisory-source-catalog.component.ts
View File

@@ -84,8 +84,22 @@ interface CategoryGroup {
{{ mirrorConfig()!.mode }}
</span>
<a class="mirror-link" routerLink="mirror">Configure Mirror</a>
<a class="mirror-link mirror-link--connect" routerLink="mirror/client-setup">Connect to Mirror</a>
</div>
<div class="mirror-context-right">
@if (isConsumerMode()) {
@if (mirrorConfig()!.consumerMirrorUrl) {
<span class="mirror-stat mirror-stat--consumer">
<span class="consumer-dot"></span>
<span class="consumer-url code">{{ mirrorConfig()!.consumerMirrorUrl }}</span>
</span>
}
@if (mirrorConfig()!.lastConsumerSync) {
<span class="mirror-stat">
Last sync: <strong>{{ mirrorConfig()!.lastConsumerSync }}</strong>
</span>
}
}
@if (mirrorHealth() && mirrorHealth()!.totalDomains > 0) {
<span class="mirror-stat">
<strong>{{ mirrorHealth()!.totalDomains }}</strong> mirror domains
@@ -833,6 +847,35 @@ interface CategoryGroup {
text-decoration: underline;
}
.mirror-link--connect {
color: #3b82f6;
}
.mirror-stat--consumer {
display: inline-flex;
align-items: center;
gap: 0.35rem;
}
.consumer-dot {
display: inline-block;
width: 6px;
height: 6px;
border-radius: 50%;
background: #22c55e;
flex-shrink: 0;
}
.consumer-url {
font-family: monospace;
font-size: 0.75rem;
color: var(--color-text-heading);
max-width: 220px;
overflow: hidden;
text-overflow: ellipsis;
white-space: nowrap;
}
.mirror-stat {
font-size: 0.8rem;
color: var(--color-text-secondary);
@@ -896,6 +939,11 @@ export class AdvisorySourceCatalogComponent implements OnInit {
readonly mirrorConfig = signal<MirrorConfigResponse | null>(null);
readonly mirrorHealth = signal<MirrorHealthSummary | null>(null);
readonly isConsumerMode = computed(() => {
const cfg = this.mirrorConfig();
return cfg != null && (cfg.mode === 'Mirror' || cfg.mode === 'Hybrid');
});
readonly categoryOptions = CATEGORY_ORDER;
readonly filteredCatalog = computed(() => {

1800
src/Web/StellaOps.Web/src/app/features/integrations/advisory-vex-sources/mirror-client-setup.component.ts Normal file
View File

File diff suppressed because it is too large Load Diff

178
src/Web/StellaOps.Web/src/app/features/integrations/advisory-vex-sources/mirror-dashboard.component.ts
View File

@@ -74,26 +74,64 @@ function domainStaleness(domain: MirrorDomainResponse): 'fresh' | 'stale' | 'nev
<!-- Consumer config panel (Hybrid/Mirror only) -->
@if (showConsumerPanel()) {
<section class="consumer-panel">
<h3>Consumer Mirror Connection</h3>
<div class="consumer-grid">
<div class="consumer-field">
<span class="consumer-label">Mirror URL</span>
<span class="consumer-value code">{{ config()!.consumerMirrorUrl ?? 'Not configured' }}</span>
</div>
<div class="consumer-field">
<span class="consumer-label">Connection Status</span>
<span class="consumer-value"
[class]="config()!.consumerConnected ? 'consumer-value status--connected' : 'consumer-value status--disconnected'">
{{ config()!.consumerConnected ? 'Connected' : 'Disconnected' }}
</span>
</div>
@if (config()!.lastConsumerSync) {
<div class="consumer-field">
<span class="consumer-label">Last Sync</span>
<span class="consumer-value">{{ config()!.lastConsumerSync }}</span>
</div>
}
<div class="consumer-panel-header">
<h3>Consumer Mirror Connection</h3>
<button class="btn btn-sm btn-primary" type="button" (click)="onConfigureConsumer()">
Configure
</button>
</div>
@if (!config()!.consumerMirrorUrl) {
<div class="consumer-setup-prompt">
<div class="setup-prompt-icon">&#128279;</div>
<p class="setup-prompt-text">
No upstream mirror URL configured yet. Set up a connection to an upstream mirror
to start pulling advisory and VEX data automatically.
</p>
<button class="btn btn-primary" type="button" (click)="onConfigureConsumer()">
Set Up Mirror Connection
</button>
</div>
} @else {
<div class="consumer-grid">
<div class="consumer-field">
<span class="consumer-label">Mirror URL</span>
<span class="consumer-value code">{{ config()!.consumerMirrorUrl }}</span>
</div>
<div class="consumer-field">
<span class="consumer-label">Connection Status</span>
<span class="consumer-value"
[class]="config()!.consumerConnected ? 'consumer-value status--connected' : 'consumer-value status--disconnected'">
{{ config()!.consumerConnected ? 'Connected' : 'Disconnected' }}
</span>
</div>
@if (config()!.lastConsumerSync) {
<div class="consumer-field">
<span class="consumer-label">Last Sync</span>
<span class="consumer-value">{{ config()!.lastConsumerSync }}</span>
</div>
}
</div>
}
</section>
}
<!-- Direct mode: Switch to Mirror CTA -->
@if (showDirectModeCta()) {
<section class="mirror-cta-card">
<div class="cta-content">
<div class="cta-icon">&#127760;</div>
<div class="cta-text">
<h3>Switch to Mirror Mode</h3>
<p>
You are currently using direct advisory sources. Configure a mirror consumer to pull
pre-aggregated advisory data from an upstream Stella Ops mirror for faster syncs,
offline support, and centralized distribution.
</p>
</div>
</div>
<button class="btn btn-primary" type="button" (click)="onConfigureConsumer()">
Set Up Mirror Consumer
</button>
</section>
}
@@ -329,7 +367,7 @@ function domainStaleness(domain: MirrorDomainResponse): 'fresh' | 'stale' | 'nev
}
.consumer-panel h3 {
margin: 0 0 0.75rem;
margin: 0;
font-size: 0.95rem;
font-weight: var(--font-weight-semibold);
}
@@ -370,6 +408,87 @@ function domainStaleness(domain: MirrorDomainResponse): 'fresh' | 'stale' | 'nev
color: #ef4444;
}
/* -- Consumer Panel Header ---------------------------------------------- */
.consumer-panel-header {
display: flex;
justify-content: space-between;
align-items: center;
margin-bottom: 0.75rem;
}
.consumer-panel-header h3 {
margin: 0;
font-size: 0.95rem;
font-weight: var(--font-weight-semibold);
}
/* -- Consumer Setup Prompt ---------------------------------------------- */
.consumer-setup-prompt {
display: flex;
flex-direction: column;
align-items: center;
text-align: center;
padding: 1.5rem 1rem;
border: 2px dashed var(--color-border-primary);
border-radius: var(--radius-lg);
background: var(--color-surface-primary);
}
.setup-prompt-icon {
font-size: 2rem;
margin-bottom: 0.5rem;
opacity: 0.5;
}
.setup-prompt-text {
margin: 0 0 1rem;
color: var(--color-text-secondary);
font-size: 0.85rem;
max-width: 420px;
}
/* -- Direct Mode CTA Card ---------------------------------------------- */
.mirror-cta-card {
padding: 1.25rem;
background: linear-gradient(135deg, #3b82f608, #3b82f618);
border: 1px solid #3b82f640;
border-radius: var(--radius-lg);
display: flex;
justify-content: space-between;
align-items: center;
gap: 1rem;
}
.cta-content {
display: flex;
align-items: start;
gap: 0.75rem;
flex: 1;
}
.cta-icon {
font-size: 1.75rem;
flex-shrink: 0;
line-height: 1;
}
.cta-text h3 {
margin: 0 0 0.35rem;
font-size: 1rem;
font-weight: var(--font-weight-semibold);
color: #3b82f6;
}
.cta-text p {
margin: 0;
font-size: 0.82rem;
color: var(--color-text-secondary);
line-height: 1.45;
}
/* -- Empty State ------------------------------------------------------ */
.empty-state {
@@ -641,6 +760,16 @@ function domainStaleness(domain: MirrorDomainResponse): 'fresh' | 'stale' | 'nev
.consumer-grid {
grid-template-columns: 1fr;
}
.mirror-cta-card {
flex-direction: column;
text-align: center;
}
.cta-content {
flex-direction: column;
align-items: center;
}
}
`],
})
@@ -662,10 +791,19 @@ export class MirrorDashboardComponent implements OnInit {
return cfg != null && (cfg.mode === 'Hybrid' || cfg.mode === 'Mirror');
});
readonly showDirectModeCta = computed(() => {
const cfg = this.config();
return cfg != null && cfg.mode === 'Direct' && !this.loading();
});
ngOnInit(): void {
this.loadData();
}
onConfigureConsumer(): void {
this.router.navigate(['/integrations', 'advisory-vex-sources', 'mirror', 'client-setup']);
}
onCreateDomain(): void {
this.router.navigate(['/integrations', 'advisory-vex-sources', 'mirror', 'create']);
}

165
src/Web/StellaOps.Web/src/app/features/integrations/advisory-vex-sources/mirror-management.api.ts
View File

@@ -100,6 +100,108 @@ export interface MirrorDomainEndpointsResponse {
endpoints: MirrorDomainEndpointDto[];
}
// ── Consumer setup DTOs ───────────────────────────────────────────────────
export interface MirrorTestRequest {
baseAddress: string;
}
export interface MirrorTestResponse {
reachable: boolean;
latencyMs: number;
error: string | null;
remediation: string | null;
}
export interface ConsumerSignatureConfig {
enabled: boolean;
algorithm: string;
keyId: string;
publicKeyPem?: string;
}
export interface ConsumerConfigRequest {
baseAddress: string;
domainId: string;
indexPath?: string;
httpTimeoutSeconds?: number;
signature: ConsumerSignatureConfig;
}
export interface ConsumerConfigResponse {
baseAddress: string;
domainId: string;
indexPath: string;
httpTimeoutSeconds: number;
signature: ConsumerSignatureConfig;
connected: boolean;
lastSync: string | null;
}
export interface MirrorDiscoveryDomain {
domainId: string;
displayName: string;
lastGenerated: string | null;
advisoryCount: number;
bundleSize: number;
exportFormats: string[];
signed: boolean;
}
export interface MirrorDiscoveryResponse {
domains: MirrorDiscoveryDomain[];
}
export interface SignatureDiscoveryRequest {
baseAddress: string;
domainId: string;
}
export interface SignatureDiscoveryResponse {
detected: boolean;
algorithm: string;
keyId: string;
provider: string;
}
export interface MirrorUpdateConfigRequest {
mode: MirrorMode;
consumerBaseAddress?: string;
}
// ── Air-gap bundle import DTOs ────────────────────────────────────────────
export interface MirrorBundleImportRequest {
bundlePath: string;
verifyChecksums: boolean;
verifyDsse: boolean;
trustRootsPath?: string;
}
export interface MirrorBundleImportAcceptedResponse {
importId: string;
status: string;
bundlePath: string;
startedAt: string;
}
export interface MirrorBundleImportStatusResponse {
hasImport: boolean;
importId?: string;
status: string;
message?: string;
bundlePath?: string;
domainId?: string;
displayName?: string;
startedAt?: string;
completedAt?: string;
success: boolean;
exportsImported: number;
totalSize: number;
errors: string[];
warnings: string[];
}
// ---------------------------------------------------------------------------
// API service
// ---------------------------------------------------------------------------
@@ -174,6 +276,69 @@ export class MirrorManagementApi {
);
}
// ── Mirror Test ─────────────────────────────────────────────────────────
testConnection(request: MirrorTestRequest): Observable<MirrorTestResponse> {
return this.http.post<MirrorTestResponse>(`${this.baseUrl}/test`, request, {
headers: this.buildHeaders(),
});
}
// ── Mirror Config (mode) ────────────────────────────────────────────────
updateMirrorConfig(request: MirrorUpdateConfigRequest): Observable<MirrorConfigResponse> {
return this.http.put<MirrorConfigResponse>(`${this.baseUrl}/config`, request, {
headers: this.buildHeaders(),
});
}
// ── Consumer Setup ──────────────────────────────────────────────────────
getConsumerConfig(): Observable<ConsumerConfigResponse> {
return this.http.get<ConsumerConfigResponse>(`${this.baseUrl}/consumer`, {
headers: this.buildHeaders(),
});
}
updateConsumerConfig(config: ConsumerConfigRequest): Observable<ConsumerConfigResponse> {
return this.http.put<ConsumerConfigResponse>(`${this.baseUrl}/consumer`, config, {
headers: this.buildHeaders(),
});
}
discoverDomains(baseAddress: string): Observable<MirrorDiscoveryResponse> {
return this.http.post<MirrorDiscoveryResponse>(
`${this.baseUrl}/consumer/discover`,
{ baseAddress },
{ headers: this.buildHeaders() }
);
}
verifySignature(baseAddress: string, domainId: string): Observable<SignatureDiscoveryResponse> {
return this.http.post<SignatureDiscoveryResponse>(
`${this.baseUrl}/consumer/verify-signature`,
{ baseAddress, domainId } as SignatureDiscoveryRequest,
{ headers: this.buildHeaders() }
);
}
// ── Air-gap Bundle Import ───────────────────────────────────────────────
importBundle(request: MirrorBundleImportRequest): Observable<MirrorBundleImportAcceptedResponse> {
return this.http.post<MirrorBundleImportAcceptedResponse>(
`${this.baseUrl}/import`,
request,
{ headers: this.buildHeaders() }
);
}
getImportStatus(): Observable<MirrorBundleImportStatusResponse> {
return this.http.get<MirrorBundleImportStatusResponse>(
`${this.baseUrl}/import/status`,
{ headers: this.buildHeaders() }
);
}
private buildHeaders(): HttpHeaders {
const tenantId = this.authSession.getActiveTenantId();
if (!tenantId) {