feat(scanner): Complete PoE implementation with Windows compatibility fix
- Fix namespace conflicts (Subgraph → PoESubgraph) - Add hash sanitization for Windows filesystem (colon → underscore) - Update all test mocks to use It.IsAny<>() - Add direct orchestrator unit tests - All 8 PoE tests now passing (100% success rate) - Complete SPRINT_3500_0001_0001 documentation Fixes compilation errors and Windows filesystem compatibility issues. Tests: 8/8 passing Files: 8 modified, 1 new test, 1 completion report 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
This commit is contained in:
master
@@ -7,11 +7,13 @@ Design and build the StellaOps web user experience that surfaces backend capabil
|
||||
- **UX Specialist** – defines user journeys, interaction patterns, accessibility guidelines, and visual design language.
|
||||
- **Angular Engineers** – implement the SPA, integrate with backend APIs, and ensure deterministic builds suitable for air-gapped deployments.
|
||||
|
||||
## Operating Principles
|
||||
- Favor modular Angular architecture (feature modules, shared UI kit) with strong typing via latest TypeScript/Angular releases.
|
||||
- Align UI flows with backend contracts; coordinate with Authority and Concelier teams for API changes.
|
||||
- Keep assets and build outputs deterministic and cacheable for Offline Kit packaging.
|
||||
- Track work using the local `TASKS.md` board; keep statuses (TODO/DOING/REVIEW/BLOCKED/DONE) up to date.
|
||||
## Operating Principles
|
||||
- Favor modular Angular architecture (feature modules, shared UI kit) with strong typing via latest TypeScript/Angular releases.
|
||||
- Align UI flows with backend contracts; coordinate with Authority and Concelier teams for API changes.
|
||||
- Keep assets and build outputs deterministic and cacheable for Offline Kit packaging.
|
||||
- Track work using the local `TASKS.md` board; keep statuses (TODO/DOING/REVIEW/BLOCKED/DONE) up to date.
|
||||
- Console admin flows use Authority `/console/admin/*` APIs and enforce fresh-auth for privileged actions.
|
||||
- Branding uses Authority `/console/branding` and applies only whitelisted CSS variables.
|
||||
|
||||
## Key Paths
|
||||
- `src/Web/StellaOps.Web` — Angular workspace (to be scaffolded).
|
||||
@@ -62,8 +64,10 @@ Design and build the StellaOps web user experience that surfaces backend capabil
|
||||
- Partner with Docs Guild to translate UX decisions into operator guides.
|
||||
- Collaborate with Security Guild to validate authentication flows and session handling.
|
||||
|
||||
## Required Reading
|
||||
- `docs/modules/platform/architecture-overview.md`
|
||||
## Required Reading
|
||||
- `docs/modules/platform/architecture-overview.md`
|
||||
- `docs/architecture/console-admin-rbac.md`
|
||||
- `docs/architecture/console-branding.md`
|
||||
|
||||
## Working Agreement
|
||||
- 1. Update task status to `DOING`/`DONE` in both correspoding sprint file `/docs/implplan/SPRINT_*.md` and the local `TASKS.md` when you start or finish work.
|
||||
|
||||
@@ -27,6 +27,7 @@ export const StellaOpsScopes = {
|
||||
SCANNER_READ: 'scanner:read',
|
||||
SCANNER_WRITE: 'scanner:write',
|
||||
SCANNER_SCAN: 'scanner:scan',
|
||||
SCANNER_EXPORT: 'scanner:export',
|
||||
|
||||
// Policy scopes (full Policy Studio workflow - UI-POLICY-20-003)
|
||||
POLICY_READ: 'policy:read',
|
||||
@@ -47,23 +48,23 @@ export const StellaOpsScopes = {
|
||||
POLICY_PROMOTE: 'policy:promote', // Requires interactive auth
|
||||
POLICY_AUDIT: 'policy:audit',
|
||||
|
||||
// Exception scopes
|
||||
EXCEPTION_READ: 'exception:read',
|
||||
EXCEPTION_WRITE: 'exception:write',
|
||||
EXCEPTION_APPROVE: 'exception:approve',
|
||||
|
||||
// Advisory scopes
|
||||
ADVISORY_READ: 'advisory:read',
|
||||
|
||||
// VEX scopes
|
||||
VEX_READ: 'vex:read',
|
||||
VEX_EXPORT: 'vex:export',
|
||||
|
||||
// Release scopes
|
||||
RELEASE_READ: 'release:read',
|
||||
RELEASE_WRITE: 'release:write',
|
||||
RELEASE_PUBLISH: 'release:publish',
|
||||
RELEASE_BYPASS: 'release:bypass',
|
||||
// Exception scopes
|
||||
EXCEPTION_READ: 'exception:read',
|
||||
EXCEPTION_WRITE: 'exception:write',
|
||||
EXCEPTION_APPROVE: 'exception:approve',
|
||||
|
||||
// Advisory scopes
|
||||
ADVISORY_READ: 'advisory:read',
|
||||
|
||||
// VEX scopes
|
||||
VEX_READ: 'vex:read',
|
||||
VEX_EXPORT: 'vex:export',
|
||||
|
||||
// Release scopes
|
||||
RELEASE_READ: 'release:read',
|
||||
RELEASE_WRITE: 'release:write',
|
||||
RELEASE_PUBLISH: 'release:publish',
|
||||
RELEASE_BYPASS: 'release:bypass',
|
||||
|
||||
// AOC scopes
|
||||
AOC_READ: 'aoc:read',
|
||||
@@ -77,10 +78,55 @@ export const StellaOpsScopes = {
|
||||
|
||||
// UI scopes
|
||||
UI_READ: 'ui.read',
|
||||
UI_ADMIN: 'ui.admin',
|
||||
|
||||
// Admin scopes
|
||||
ADMIN: 'admin',
|
||||
TENANT_ADMIN: 'tenant:admin',
|
||||
|
||||
// Authority admin scopes
|
||||
AUTHORITY_TENANTS_READ: 'authority:tenants.read',
|
||||
AUTHORITY_TENANTS_WRITE: 'authority:tenants.write',
|
||||
AUTHORITY_USERS_READ: 'authority:users.read',
|
||||
AUTHORITY_USERS_WRITE: 'authority:users.write',
|
||||
AUTHORITY_ROLES_READ: 'authority:roles.read',
|
||||
AUTHORITY_ROLES_WRITE: 'authority:roles.write',
|
||||
AUTHORITY_CLIENTS_READ: 'authority:clients.read',
|
||||
AUTHORITY_CLIENTS_WRITE: 'authority:clients.write',
|
||||
AUTHORITY_TOKENS_READ: 'authority:tokens.read',
|
||||
AUTHORITY_TOKENS_REVOKE: 'authority:tokens.revoke',
|
||||
AUTHORITY_BRANDING_READ: 'authority:branding.read',
|
||||
AUTHORITY_BRANDING_WRITE: 'authority:branding.write',
|
||||
|
||||
// Scheduler scopes
|
||||
SCHEDULER_READ: 'scheduler:read',
|
||||
SCHEDULER_OPERATE: 'scheduler:operate',
|
||||
SCHEDULER_ADMIN: 'scheduler:admin',
|
||||
|
||||
// Attestor scopes
|
||||
ATTEST_CREATE: 'attest:create',
|
||||
ATTEST_ADMIN: 'attest:admin',
|
||||
|
||||
// Signer scopes
|
||||
SIGNER_READ: 'signer:read',
|
||||
SIGNER_SIGN: 'signer:sign',
|
||||
SIGNER_ROTATE: 'signer:rotate',
|
||||
SIGNER_ADMIN: 'signer:admin',
|
||||
|
||||
// Zastava scopes
|
||||
ZASTAVA_READ: 'zastava:read',
|
||||
ZASTAVA_TRIGGER: 'zastava:trigger',
|
||||
ZASTAVA_ADMIN: 'zastava:admin',
|
||||
|
||||
// Exceptions scopes
|
||||
EXCEPTIONS_READ: 'exceptions:read',
|
||||
EXCEPTIONS_WRITE: 'exceptions:write',
|
||||
|
||||
// Graph admin scope
|
||||
GRAPH_ADMIN: 'graph:admin',
|
||||
|
||||
// Findings scope
|
||||
FINDINGS_READ: 'findings:read',
|
||||
} as const;
|
||||
|
||||
export type StellaOpsScope = (typeof StellaOpsScopes)[keyof typeof StellaOpsScopes];
|
||||
@@ -155,12 +201,12 @@ export const ScopeGroups = {
|
||||
StellaOpsScopes.UI_READ,
|
||||
] as const,
|
||||
|
||||
POLICY_AUTHOR: [
|
||||
StellaOpsScopes.POLICY_READ,
|
||||
StellaOpsScopes.POLICY_AUTHOR,
|
||||
StellaOpsScopes.POLICY_SIMULATE,
|
||||
StellaOpsScopes.UI_READ,
|
||||
] as const,
|
||||
POLICY_AUTHOR: [
|
||||
StellaOpsScopes.POLICY_READ,
|
||||
StellaOpsScopes.POLICY_AUTHOR,
|
||||
StellaOpsScopes.POLICY_SIMULATE,
|
||||
StellaOpsScopes.UI_READ,
|
||||
] as const,
|
||||
|
||||
POLICY_REVIEWER: [
|
||||
StellaOpsScopes.POLICY_READ,
|
||||
@@ -177,24 +223,24 @@ export const ScopeGroups = {
|
||||
StellaOpsScopes.UI_READ,
|
||||
] as const,
|
||||
|
||||
POLICY_OPERATOR: [
|
||||
StellaOpsScopes.POLICY_READ,
|
||||
StellaOpsScopes.POLICY_OPERATE,
|
||||
StellaOpsScopes.POLICY_SIMULATE,
|
||||
StellaOpsScopes.UI_READ,
|
||||
] as const,
|
||||
POLICY_OPERATOR: [
|
||||
StellaOpsScopes.POLICY_READ,
|
||||
StellaOpsScopes.POLICY_OPERATE,
|
||||
StellaOpsScopes.POLICY_SIMULATE,
|
||||
StellaOpsScopes.UI_READ,
|
||||
] as const,
|
||||
|
||||
POLICY_ADMIN: [
|
||||
StellaOpsScopes.POLICY_READ,
|
||||
StellaOpsScopes.POLICY_AUTHOR,
|
||||
StellaOpsScopes.POLICY_REVIEW,
|
||||
StellaOpsScopes.POLICY_APPROVE,
|
||||
StellaOpsScopes.POLICY_OPERATE,
|
||||
StellaOpsScopes.POLICY_AUDIT,
|
||||
StellaOpsScopes.POLICY_SIMULATE,
|
||||
StellaOpsScopes.UI_READ,
|
||||
] as const,
|
||||
} as const;
|
||||
POLICY_ADMIN: [
|
||||
StellaOpsScopes.POLICY_READ,
|
||||
StellaOpsScopes.POLICY_AUTHOR,
|
||||
StellaOpsScopes.POLICY_REVIEW,
|
||||
StellaOpsScopes.POLICY_APPROVE,
|
||||
StellaOpsScopes.POLICY_OPERATE,
|
||||
StellaOpsScopes.POLICY_AUDIT,
|
||||
StellaOpsScopes.POLICY_SIMULATE,
|
||||
StellaOpsScopes.UI_READ,
|
||||
] as const,
|
||||
} as const;
|
||||
|
||||
/**
|
||||
* Human-readable labels for scopes.
|
||||
@@ -211,6 +257,7 @@ export const ScopeLabels: Record<StellaOpsScope, string> = {
|
||||
'scanner:read': 'View Scan Results',
|
||||
'scanner:write': 'Configure Scanner',
|
||||
'scanner:scan': 'Trigger Scans',
|
||||
'scanner:export': 'Export Scan Results',
|
||||
'policy:read': 'View Policies',
|
||||
'policy:write': 'Edit Policies',
|
||||
'policy:evaluate': 'Evaluate Policies',
|
||||
@@ -227,16 +274,16 @@ export const ScopeLabels: Record<StellaOpsScope, string> = {
|
||||
'policy:publish': 'Publish Policy Versions',
|
||||
'policy:promote': 'Promote Between Environments',
|
||||
'policy:audit': 'Audit Policy Activity',
|
||||
'exception:read': 'View Exceptions',
|
||||
'exception:write': 'Create Exceptions',
|
||||
'exception:approve': 'Approve Exceptions',
|
||||
'advisory:read': 'View Advisories',
|
||||
'vex:read': 'View VEX Evidence',
|
||||
'vex:export': 'Export VEX Evidence',
|
||||
'release:read': 'View Releases',
|
||||
'release:write': 'Create Releases',
|
||||
'release:publish': 'Publish Releases',
|
||||
'release:bypass': 'Bypass Release Gates',
|
||||
'exception:read': 'View Exceptions',
|
||||
'exception:write': 'Create Exceptions',
|
||||
'exception:approve': 'Approve Exceptions',
|
||||
'advisory:read': 'View Advisories',
|
||||
'vex:read': 'View VEX Evidence',
|
||||
'vex:export': 'Export VEX Evidence',
|
||||
'release:read': 'View Releases',
|
||||
'release:write': 'Create Releases',
|
||||
'release:publish': 'Publish Releases',
|
||||
'release:bypass': 'Bypass Release Gates',
|
||||
'aoc:read': 'View AOC Status',
|
||||
'aoc:verify': 'Trigger AOC Verification',
|
||||
// Orchestrator scope labels (UI-ORCH-32-001)
|
||||
@@ -246,9 +293,46 @@ export const ScopeLabels: Record<StellaOpsScope, string> = {
|
||||
'orch:backfill': 'Initiate Backfill Runs',
|
||||
// UI scope labels
|
||||
'ui.read': 'Console Access',
|
||||
'ui.admin': 'Console Admin Access',
|
||||
// Admin scope labels
|
||||
'admin': 'System Administrator',
|
||||
'tenant:admin': 'Tenant Administrator',
|
||||
// Authority admin scope labels
|
||||
'authority:tenants.read': 'View Tenants',
|
||||
'authority:tenants.write': 'Manage Tenants',
|
||||
'authority:users.read': 'View Users',
|
||||
'authority:users.write': 'Manage Users',
|
||||
'authority:roles.read': 'View Roles',
|
||||
'authority:roles.write': 'Manage Roles',
|
||||
'authority:clients.read': 'View Clients',
|
||||
'authority:clients.write': 'Manage Clients',
|
||||
'authority:tokens.read': 'View Tokens',
|
||||
'authority:tokens.revoke': 'Revoke Tokens',
|
||||
'authority:branding.read': 'View Branding',
|
||||
'authority:branding.write': 'Manage Branding',
|
||||
// Scheduler scope labels
|
||||
'scheduler:read': 'View Scheduler Jobs',
|
||||
'scheduler:operate': 'Operate Scheduler',
|
||||
'scheduler:admin': 'Administer Scheduler',
|
||||
// Attestor scope labels
|
||||
'attest:create': 'Create Attestations',
|
||||
'attest:admin': 'Administer Attestor',
|
||||
// Signer scope labels
|
||||
'signer:read': 'View Signer Configuration',
|
||||
'signer:sign': 'Create Signatures',
|
||||
'signer:rotate': 'Rotate Signing Keys',
|
||||
'signer:admin': 'Administer Signer',
|
||||
// Zastava scope labels
|
||||
'zastava:read': 'View Zastava State',
|
||||
'zastava:trigger': 'Trigger Zastava Processing',
|
||||
'zastava:admin': 'Administer Zastava',
|
||||
// Exception scope labels
|
||||
'exceptions:read': 'View Exceptions',
|
||||
'exceptions:write': 'Create Exceptions',
|
||||
// Graph admin scope label
|
||||
'graph:admin': 'Administer Graph',
|
||||
// Findings scope label
|
||||
'findings:read': 'View Policy Findings',
|
||||
};
|
||||
|
||||
/**
|
||||
|
||||
Reference in New Issue
Block a user