feat(ui): ship evidence capsules cutover
This commit is contained in:
master
@@ -0,0 +1,477 @@
|
||||
import { expect, test, type Page, type Route } from '@playwright/test';
|
||||
|
||||
import type { StubAuthSession } from '../../src/app/testing/auth-fixtures';
|
||||
|
||||
const operatorSession: StubAuthSession = {
|
||||
subjectId: 'evidence-capsules-e2e-user',
|
||||
tenant: 'tenant-default',
|
||||
scopes: [
|
||||
'admin',
|
||||
'ui.read',
|
||||
'ui.admin',
|
||||
'release:read',
|
||||
'policy:read',
|
||||
'policy:audit',
|
||||
'signer:read',
|
||||
],
|
||||
};
|
||||
|
||||
const mockConfig = {
|
||||
authority: {
|
||||
issuer: '/authority',
|
||||
clientId: 'stella-ops-ui',
|
||||
authorizeEndpoint: '/authority/connect/authorize',
|
||||
tokenEndpoint: '/authority/connect/token',
|
||||
logoutEndpoint: '/authority/connect/logout',
|
||||
redirectUri: 'https://127.0.0.1:4400/auth/callback',
|
||||
postLogoutRedirectUri: 'https://127.0.0.1:4400/',
|
||||
scope: 'openid profile email ui.read',
|
||||
audience: '/gateway',
|
||||
dpopAlgorithms: ['ES256'],
|
||||
refreshLeewaySeconds: 60,
|
||||
},
|
||||
apiBaseUrls: {
|
||||
authority: '/authority',
|
||||
scanner: '/scanner',
|
||||
policy: '/policy',
|
||||
concelier: '/concelier',
|
||||
attestor: '/attestor',
|
||||
gateway: '/gateway',
|
||||
},
|
||||
quickstartMode: true,
|
||||
setup: 'complete',
|
||||
};
|
||||
|
||||
const aiRun = {
|
||||
runId: 'run-ai-001',
|
||||
tenantId: operatorSession.tenant,
|
||||
userId: 'operator@example.com',
|
||||
conversationId: 'conv-001',
|
||||
status: 'complete',
|
||||
createdAt: '2026-03-08T10:00:00Z',
|
||||
updatedAt: '2026-03-08T10:05:00Z',
|
||||
completedAt: '2026-03-08T10:05:00Z',
|
||||
timeline: [
|
||||
{
|
||||
eventId: 'event-001',
|
||||
type: 'evidence_pack_created',
|
||||
timestamp: '2026-03-08T10:02:00Z',
|
||||
content: {
|
||||
kind: 'evidence_pack',
|
||||
packId: 'cap-ai-001',
|
||||
claimCount: 3,
|
||||
evidenceCount: 5,
|
||||
contentDigest: 'sha256:cap-ai-001',
|
||||
},
|
||||
},
|
||||
],
|
||||
artifacts: [],
|
||||
};
|
||||
|
||||
const aiCapsule = {
|
||||
packId: 'cap-ai-001',
|
||||
version: '1.0.0',
|
||||
createdAt: '2026-03-08T10:02:30Z',
|
||||
tenantId: operatorSession.tenant,
|
||||
subject: {
|
||||
type: 'Cve',
|
||||
cveId: 'CVE-2026-2222',
|
||||
component: 'pkg:npm/example@1.2.3',
|
||||
},
|
||||
claims: [
|
||||
{
|
||||
claimId: 'claim-ai-001',
|
||||
text: 'The vulnerability is not exploitable in this conversation scope.',
|
||||
type: 'VulnerabilityStatus',
|
||||
status: 'not_affected',
|
||||
confidence: 0.91,
|
||||
evidenceIds: ['ev-ai-001'],
|
||||
source: 'ai',
|
||||
},
|
||||
],
|
||||
evidence: [
|
||||
{
|
||||
evidenceId: 'ev-ai-001',
|
||||
type: 'Attestation',
|
||||
uri: 'stella://attestor/cap-ai-001',
|
||||
digest: 'sha256:ev-ai-001',
|
||||
collectedAt: '2026-03-08T10:02:10Z',
|
||||
snapshot: {
|
||||
type: 'attestation',
|
||||
data: { signed: true },
|
||||
},
|
||||
},
|
||||
],
|
||||
context: {
|
||||
runId: 'run-ai-001',
|
||||
conversationId: 'conv-001',
|
||||
generatedBy: 'AdvisoryAI v2.1',
|
||||
},
|
||||
};
|
||||
|
||||
const releaseCapsule = {
|
||||
packId: 'cap-rel-001',
|
||||
version: '1.0.0',
|
||||
createdAt: '2026-03-08T10:03:00Z',
|
||||
tenantId: operatorSession.tenant,
|
||||
subject: {
|
||||
type: 'Finding',
|
||||
findingId: 'finding-rel-001',
|
||||
cveId: 'CVE-2026-1111',
|
||||
component: 'pkg:oci/payments@4.2.0',
|
||||
},
|
||||
claims: [
|
||||
{
|
||||
claimId: 'claim-rel-001',
|
||||
text: 'Release evidence is fully signed and replay matched.',
|
||||
type: 'Compliance',
|
||||
status: 'verified',
|
||||
confidence: 0.98,
|
||||
evidenceIds: ['ev-rel-001'],
|
||||
source: 'system',
|
||||
},
|
||||
],
|
||||
evidence: [
|
||||
{
|
||||
evidenceId: 'ev-rel-001',
|
||||
type: 'Policy',
|
||||
uri: 'stella://policy/run-rel-001',
|
||||
digest: 'sha256:ev-rel-001',
|
||||
collectedAt: '2026-03-08T10:02:45Z',
|
||||
snapshot: {
|
||||
type: 'policy',
|
||||
data: { verdict: 'pass' },
|
||||
},
|
||||
},
|
||||
],
|
||||
context: {
|
||||
runId: 'run-rel-001',
|
||||
generatedBy: 'Release Orchestrator',
|
||||
},
|
||||
};
|
||||
|
||||
const releaseRunDetail = {
|
||||
runId: 'run-rel-001',
|
||||
releaseId: 'rel-001',
|
||||
releaseName: 'Payments API',
|
||||
releaseSlug: 'payments-api',
|
||||
releaseType: 'standard',
|
||||
releaseVersionId: 'ver-001',
|
||||
releaseVersionNumber: 42,
|
||||
releaseVersionDigest: 'sha256:release-001',
|
||||
lane: 'standard',
|
||||
status: 'running',
|
||||
outcome: 'in_progress',
|
||||
targetEnvironment: 'prod',
|
||||
targetRegion: 'eu-west',
|
||||
scopeSummary: 'stage -> prod',
|
||||
requestedAt: '2026-03-08T09:58:00Z',
|
||||
updatedAt: '2026-03-08T10:04:00Z',
|
||||
needsApproval: false,
|
||||
blockedByDataIntegrity: false,
|
||||
correlationKey: 'corr-rel-001',
|
||||
statusRow: {
|
||||
runStatus: 'running',
|
||||
gateStatus: 'passed',
|
||||
approvalStatus: 'not-required',
|
||||
dataTrustStatus: 'healthy',
|
||||
},
|
||||
};
|
||||
|
||||
const releaseRunEvidence = {
|
||||
runId: 'run-rel-001',
|
||||
replayDeterminismVerdict: 'match',
|
||||
replayMismatch: false,
|
||||
signatureStatus: 'verified',
|
||||
};
|
||||
|
||||
const releaseRunTimeline = {
|
||||
runId: 'run-rel-001',
|
||||
events: [
|
||||
{
|
||||
eventId: 'timeline-001',
|
||||
eventClass: 'scan_completed',
|
||||
phase: 'ingest',
|
||||
status: 'completed',
|
||||
occurredAt: '2026-03-08T09:59:00Z',
|
||||
message: 'Ingest and scan completed for Payments API release.',
|
||||
},
|
||||
{
|
||||
eventId: 'timeline-002',
|
||||
eventClass: 'gate_passed',
|
||||
phase: 'gate',
|
||||
status: 'passed',
|
||||
occurredAt: '2026-03-08T10:00:30Z',
|
||||
message: 'Policy gate passed without blockers.',
|
||||
},
|
||||
{
|
||||
eventId: 'timeline-003',
|
||||
eventClass: 'evidence_verified',
|
||||
phase: 'evidence',
|
||||
status: 'completed',
|
||||
occurredAt: '2026-03-08T10:02:45Z',
|
||||
message: 'Evidence bundle signatures verified.',
|
||||
},
|
||||
{
|
||||
eventId: 'timeline-004',
|
||||
eventClass: 'deployment_running',
|
||||
phase: 'deployment',
|
||||
status: 'running',
|
||||
occurredAt: '2026-03-08T10:04:00Z',
|
||||
message: 'Production deployment is in progress.',
|
||||
},
|
||||
],
|
||||
};
|
||||
|
||||
const releaseRunGateDecision = {
|
||||
runId: 'run-rel-001',
|
||||
verdict: 'passed',
|
||||
blockers: [],
|
||||
riskBudgetDelta: 0,
|
||||
};
|
||||
|
||||
const releaseRunApprovals = {
|
||||
runId: 'run-rel-001',
|
||||
checkpoints: [],
|
||||
};
|
||||
|
||||
const releaseRunDeployments = {
|
||||
runId: 'run-rel-001',
|
||||
targets: [
|
||||
{
|
||||
targetId: 'target-001',
|
||||
targetName: 'payments-prod-eu-west',
|
||||
environment: 'prod',
|
||||
region: 'eu-west',
|
||||
status: 'running',
|
||||
},
|
||||
],
|
||||
};
|
||||
|
||||
const releaseRunSecurityInputs = {
|
||||
runId: 'run-rel-001',
|
||||
reachabilityCoveragePercent: 97,
|
||||
feedFreshnessStatus: 'fresh',
|
||||
vexStatementsApplied: 2,
|
||||
exceptionsApplied: 0,
|
||||
};
|
||||
|
||||
const releaseRunReplay = {
|
||||
runId: 'run-rel-001',
|
||||
verdict: 'match',
|
||||
};
|
||||
|
||||
const releaseRunAudit = {
|
||||
runId: 'run-rel-001',
|
||||
entries: [
|
||||
{
|
||||
auditId: 'audit-001',
|
||||
action: 'evidence_verified',
|
||||
actorId: 'release-orchestrator',
|
||||
occurredAt: '2026-03-08T10:02:45Z',
|
||||
correlationKey: 'corr-rel-001',
|
||||
},
|
||||
],
|
||||
};
|
||||
|
||||
async function fulfillJson(route: Route, body: unknown, status = 200): Promise<void> {
|
||||
await route.fulfill({
|
||||
status,
|
||||
contentType: 'application/json',
|
||||
body: JSON.stringify(body),
|
||||
});
|
||||
}
|
||||
|
||||
async function setupHarness(page: Page): Promise<void> {
|
||||
await page.addInitScript((session) => {
|
||||
(window as { __stellaopsTestSession?: unknown }).__stellaopsTestSession = session;
|
||||
}, operatorSession);
|
||||
|
||||
await page.route('**/platform/envsettings.json', (route) => fulfillJson(route, mockConfig));
|
||||
await page.route('**/platform/i18n/*.json', (route) => fulfillJson(route, {}));
|
||||
await page.route('**/config.json', (route) => fulfillJson(route, mockConfig));
|
||||
await page.route('**/.well-known/openid-configuration', (route) =>
|
||||
fulfillJson(route, {
|
||||
issuer: 'https://127.0.0.1:4400/authority',
|
||||
authorization_endpoint: 'https://127.0.0.1:4400/authority/connect/authorize',
|
||||
token_endpoint: 'https://127.0.0.1:4400/authority/connect/token',
|
||||
jwks_uri: 'https://127.0.0.1:4400/authority/.well-known/jwks.json',
|
||||
response_types_supported: ['code'],
|
||||
subject_types_supported: ['public'],
|
||||
id_token_signing_alg_values_supported: ['RS256'],
|
||||
}),
|
||||
);
|
||||
await page.route('**/authority/.well-known/jwks.json', (route) => fulfillJson(route, { keys: [] }));
|
||||
await page.route('**/console/branding**', (route) =>
|
||||
fulfillJson(route, {
|
||||
tenantId: operatorSession.tenant,
|
||||
appName: 'Stella Ops',
|
||||
logoUrl: null,
|
||||
cssVariables: {},
|
||||
}),
|
||||
);
|
||||
await page.route('**/console/profile**', (route) =>
|
||||
fulfillJson(route, {
|
||||
subjectId: operatorSession.subjectId,
|
||||
username: 'evidence-capsules-e2e',
|
||||
displayName: 'Evidence Capsules E2E',
|
||||
tenant: operatorSession.tenant,
|
||||
roles: ['operator'],
|
||||
scopes: operatorSession.scopes,
|
||||
}),
|
||||
);
|
||||
await page.route('**/console/token/introspect**', (route) =>
|
||||
fulfillJson(route, {
|
||||
active: true,
|
||||
tenant: operatorSession.tenant,
|
||||
subject: operatorSession.subjectId,
|
||||
scopes: operatorSession.scopes,
|
||||
}),
|
||||
);
|
||||
await page.route('**/authority/console/tenants**', (route) =>
|
||||
fulfillJson(route, {
|
||||
tenants: [
|
||||
{
|
||||
tenantId: operatorSession.tenant,
|
||||
displayName: 'Default Tenant',
|
||||
isDefault: true,
|
||||
isActive: true,
|
||||
},
|
||||
],
|
||||
}),
|
||||
);
|
||||
await page.route('**/console/tenants**', (route) =>
|
||||
fulfillJson(route, {
|
||||
tenants: [
|
||||
{
|
||||
id: operatorSession.tenant,
|
||||
displayName: 'Default Tenant',
|
||||
status: 'active',
|
||||
isolationMode: 'shared',
|
||||
defaultRoles: ['admin'],
|
||||
},
|
||||
],
|
||||
}),
|
||||
);
|
||||
await page.route('**/api/v2/context/regions**', (route) =>
|
||||
fulfillJson(route, [{ regionId: 'eu-west', displayName: 'EU West', sortOrder: 1, enabled: true }]),
|
||||
);
|
||||
await page.route('**/api/v2/context/environments**', (route) =>
|
||||
fulfillJson(route, [
|
||||
{
|
||||
environmentId: 'prod',
|
||||
regionId: 'eu-west',
|
||||
environmentType: 'prod',
|
||||
displayName: 'Production',
|
||||
sortOrder: 1,
|
||||
enabled: true,
|
||||
},
|
||||
]),
|
||||
);
|
||||
await page.route('**/api/v2/context/preferences**', (route) =>
|
||||
fulfillJson(route, {
|
||||
tenantId: operatorSession.tenant,
|
||||
actorId: operatorSession.subjectId,
|
||||
regions: ['eu-west'],
|
||||
environments: ['prod'],
|
||||
timeWindow: '24h',
|
||||
stage: 'all',
|
||||
updatedAt: '2026-03-08T09:30:00Z',
|
||||
updatedBy: operatorSession.subjectId,
|
||||
}),
|
||||
);
|
||||
|
||||
await page.route('**/v1/runs/run-ai-001**', (route) => fulfillJson(route, aiRun));
|
||||
await page.route('**/v1/evidence-packs/cap-ai-001**', (route) => fulfillJson(route, aiCapsule));
|
||||
await page.route('**/v1/evidence-packs/cap-rel-001**', (route) => fulfillJson(route, releaseCapsule));
|
||||
|
||||
await page.route('**/api/**', async (route) => {
|
||||
const requestUrl = route.request().url();
|
||||
if (requestUrl.includes('/api/v2/releases/runs/run-rel-001/timeline')) {
|
||||
return fulfillJson(route, releaseRunTimeline);
|
||||
}
|
||||
if (requestUrl.includes('/api/v2/releases/runs/run-rel-001/gate-decision')) {
|
||||
return fulfillJson(route, releaseRunGateDecision);
|
||||
}
|
||||
if (requestUrl.includes('/api/v2/releases/runs/run-rel-001/approvals')) {
|
||||
return fulfillJson(route, releaseRunApprovals);
|
||||
}
|
||||
if (requestUrl.includes('/api/v2/releases/runs/run-rel-001/deployments')) {
|
||||
return fulfillJson(route, releaseRunDeployments);
|
||||
}
|
||||
if (requestUrl.includes('/api/v2/releases/runs/run-rel-001/security-inputs')) {
|
||||
return fulfillJson(route, releaseRunSecurityInputs);
|
||||
}
|
||||
if (requestUrl.includes('/api/v2/releases/runs/run-rel-001/evidence')) {
|
||||
return fulfillJson(route, releaseRunEvidence);
|
||||
}
|
||||
if (requestUrl.includes('/api/v2/releases/runs/run-rel-001/replay')) {
|
||||
return fulfillJson(route, releaseRunReplay);
|
||||
}
|
||||
if (requestUrl.includes('/api/v2/releases/runs/run-rel-001/audit')) {
|
||||
return fulfillJson(route, releaseRunAudit);
|
||||
}
|
||||
if (requestUrl.includes('/api/v2/releases/runs/run-rel-001')) {
|
||||
return fulfillJson(route, releaseRunDetail);
|
||||
}
|
||||
if (requestUrl.includes('/api/v1/workflows/run-rel-001')) {
|
||||
return route.fulfill({
|
||||
status: 404,
|
||||
contentType: 'application/json',
|
||||
body: JSON.stringify({ message: 'not found' }),
|
||||
});
|
||||
}
|
||||
|
||||
return fulfillJson(route, {});
|
||||
});
|
||||
await page.route('**/gateway/**', (route) => {
|
||||
const requestUrl = route.request().url();
|
||||
if (requestUrl.includes('/v1/runs/run-ai-001')) {
|
||||
return fulfillJson(route, aiRun);
|
||||
}
|
||||
if (requestUrl.includes('/v1/evidence-packs/cap-ai-001')) {
|
||||
return fulfillJson(route, aiCapsule);
|
||||
}
|
||||
if (requestUrl.includes('/v1/evidence-packs/cap-rel-001')) {
|
||||
return fulfillJson(route, releaseCapsule);
|
||||
}
|
||||
|
||||
return fulfillJson(route, {});
|
||||
});
|
||||
await page.route('**/policy/**', (route) => fulfillJson(route, {}));
|
||||
await page.route('**/scanner/**', (route) => fulfillJson(route, {}));
|
||||
await page.route('**/concelier/**', (route) => fulfillJson(route, {}));
|
||||
await page.route('**/attestor/**', (route) => fulfillJson(route, {}));
|
||||
}
|
||||
|
||||
test.beforeEach(async ({ page }) => {
|
||||
await setupHarness(page);
|
||||
});
|
||||
|
||||
test('AI runs deep-link into canonical decision capsules and return to the live AI run context', async ({ page }) => {
|
||||
await page.goto('/ops/operations/ai-runs/run-ai-001', { waitUntil: 'networkidle' });
|
||||
|
||||
await expect(page.getByRole('heading', { name: 'AI Run' })).toBeVisible();
|
||||
await page.getByRole('button', { name: 'cap-ai-001' }).click();
|
||||
|
||||
await expect(page).toHaveURL(/\/evidence\/capsules\/cap-ai-001\?returnTo=/);
|
||||
await expect(page.getByRole('heading', { name: 'Decision Capsule' })).toBeVisible();
|
||||
|
||||
await page.getByRole('button', { name: /Back to Previous Context/i }).click();
|
||||
|
||||
await expect(page).toHaveURL(/\/ops\/operations\/ai-runs\/run-ai-001$/);
|
||||
await expect(page.getByRole('heading', { name: 'AI Run' })).toBeVisible();
|
||||
});
|
||||
|
||||
test('legacy evidence-pack bookmarks land on canonical capsules and related runs open the live release workspace', async ({ page }) => {
|
||||
await page.goto('/evidence-packs/cap-rel-001?scope=release', { waitUntil: 'networkidle' });
|
||||
|
||||
await expect(page).toHaveURL(/\/evidence\/capsules\/cap-rel-001\?scope=release$/);
|
||||
await expect(page.getByRole('heading', { name: 'Decision Capsule' })).toBeVisible();
|
||||
|
||||
await page.getByRole('button', { name: 'run-rel-001' }).click();
|
||||
|
||||
await expect(page).toHaveURL(/\/releases\/runs\/run-rel-001\/evidence\?returnTo=/);
|
||||
await expect(page.getByRole('heading', { name: 'Payments API' })).toBeVisible();
|
||||
await expect(page.getByRole('heading', { name: 'Determinism', exact: true })).toBeVisible();
|
||||
});
|
||||
Reference in New Issue
Block a user