stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity
1,073 Commits 1 Branch 0 Tags
1d7c8fadbdd5bd589bb13d1d3777b4598a8d1cd1
Commit Graph

86 Commits

Author SHA1 Message Date
master
1d7c8fadbd Consolidate Operations UI, rename Policy Packs to Release Policies, add host infrastructure 
Five sprints delivered in this change:

Sprint 001 - Ops UI Consolidation:
  Remove Operations Hub, Agents Fleet Dashboard, and Signals Runtime Dashboard
  (31 files deleted). Ops nav goes from 8 to 4 items. Redirects from old routes.

Sprint 002 - Host Infrastructure (Backend):
  Add SshHostConfig and WinRmHostConfig target connection types with validation.
  Implement AgentInventoryCollector (real IInventoryCollector that parses docker ps
  JSON via IRemoteCommandExecutor abstraction). Enrich TopologyHostProjection with
  ProbeStatus/ProbeType/ProbeLastHeartbeat fields.

Sprint 003 - Host UI + Environment Verification:
  Add runtime verification column to environment target list with Verified/Drift/
  Offline/Unmonitored badges. Add container-level verification detail to Deploy
  Status tab showing deployed vs running digests with drift highlighting.

Sprint 004 - Release Policies Rename:
  Move "Policy Packs" from Ops to Release Control as "Release Policies". Remove
  "Risk & Governance" from Security nav. Rename Pack Registry to Automation Catalog.
  Create gate-catalog.ts with 11 gate type display names and descriptions.

Sprint 005 - Policy Builder:
  Create visual policy builder (3-step: name, gates, review) with per-gate-type
  config forms (CVSS threshold slider, signature toggles, freshness days, etc).
  Simplify pack workspace tabs from 6 to 3 (Rules, Test, Activate). Add YAML
  toggle within Rules tab.

59/59 Playwright e2e tests pass across 4 test suites.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
 2026-04-01 00:31:38 +03:00
master
5bb5596e2f Add advisory data aggregation e2e tests proving pipeline produces queryable data 
New test file verifying the full fetch→parse→map advisory pipeline:

Tier 1 (smoke, always runs):
- Source metrics: totalAdvisories > 0, lastSuccessAt populated, summary health
- Per-source freshness: syncCount, advisory counts
- Canonical API: paginated query, by-ID with source edges, CVE search
- Score distribution: endpoint works, counts sum correctly
- Cross-source: multiple distinct sources have data, multi-edge advisories

Tier 2 (gated behind E2E_ACTIVE_SYNC=1):
- Triggers KEV source sync, polls freshness until syncCount advances
- Verifies advisory count doesn't decrease, timestamp is recent

Resilience: All advisory-sources endpoints use getWithRetry() helper
that retries on 504/503 (gateway timeout during cold start). Tests
skip gracefully rather than fail when services are warming up.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
 2026-03-31 23:10:52 +03:00
master
513b0f7470 Fix flaky auth fixture and advisory-sync test timeouts 
Root cause: after 20+ minutes of serial test execution, the OIDC login
flow becomes slower and the 30s token acquisition timeout in
live-auth.fixture.ts gets exceeded, causing cascading failures in the
last few test files.

Fixes:
- live-auth.fixture.ts: increase token waitForFunction timeout from 30s
  to 60s, add retry loop (2 attempts with backoff), increase initial
  navigation timeout to 45s, extract helper functions for clarity
- advisory-sync.e2e.spec.ts: increase page.goto timeout from 30s to 45s
  for UI tests, add explicit toBeVisible wait on tab before clicking,
  add explicit timeout on connectivity check API call

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
 2026-03-31 20:07:26 +03:00
master
3f6fb501dd Add GitLab, pagination, activity timeline, and error resilience e2e tests 
Four new test suites expanding integration hub e2e coverage:

- gitlab-integration.e2e.spec.ts: Container health, direct probe, connector
  CRUD lifecycle (create/test/health/delete), SCM tab UI verification.
  Gracefully skips when GitLab container not running (heavy profile).

- pagination.e2e.spec.ts: API-level pagination (pageSize, page params,
  totalPages, sorting, last-page edge case, out-of-range page).
  UI pager rendering verification.

- activity-timeline.e2e.spec.ts: Page load, stats bar, activity items,
  event type filter dropdown, clear filters, back navigation.
  Tests against mock data rendered by the activity component.

- error-resilience.e2e.spec.ts: Unreachable endpoint returns failure/unhealthy,
  non-existent resource 404s, malformed input handling, duplicate name
  creation, UI empty tab rendering, deleted integration detail page.

Also adds GitLab config to shared helpers.ts INTEGRATION_CONFIGS.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
 2026-03-31 19:02:18 +03:00
master
2fef38b093 Add Vault, Consul, eBPF connector plugins and thorough integration e2e tests 
Backend:
- Add SecretsManager=9 type, Vault=550 and Consul=551 providers to IntegrationEnums
- Create VaultConnectorPlugin (GET /v1/sys/health), ConsulConnectorPlugin
  (GET /v1/status/leader), EbpfAgentConnectorPlugin (GET /api/v1/health)
- Register all 3 plugins in Program.cs and WebService.csproj
- Extend Concelier JobRegistrationExtensions with 20 additional advisory
  source connectors (ghsa, kev, epss, debian, ubuntu, alpine, suse, etc.)
- Add connector project references to Concelier WebService.csproj so
  Type.GetType() can resolve job classes at runtime
- Fix job kind names to match SourceDefinitions IDs (jpcert not jvn,
  oracle not vndr-oracle, etc.)

Infrastructure:
- Add Consul service to docker-compose.integrations.yml (127.1.2.8:8500)
- Add runtime-host nginx fixture to docker-compose.integration-fixtures.yml
  (127.1.1.9:80)

Frontend:
- Mirror SecretsManager/Vault/Consul enum additions in integration.models.ts
- Fix Secrets tab route type from RepoSource to SecretsManager
- Add SecretsManager to parseType() and TYPE_DISPLAY_NAMES

E2E tests (117/117 passing):
- vault-consul-secrets.e2e.spec.ts: compose health, probes, CRUD, UI
- runtime-hosts.e2e.spec.ts: fixture probe, CRUD, hosts tab
- advisory-sync.e2e.spec.ts: 21 sources sync accepted, catalog, management
- ui-onboarding-wizard.e2e.spec.ts: wizard steps for registry/scm/ci
- ui-integration-detail.e2e.spec.ts: detail tabs, health data
- ui-crud-operations.e2e.spec.ts: search, sort, delete
- helpers.ts: shared configs, API helpers, screenshot util
- Updated playwright.integrations.config.ts with reporter and CI retries

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
 2026-03-31 14:39:08 +03:00
master
89a075ea21 Add integration connector plugins and compose fixtures 
Scaffold connector plugins for DockerRegistry, GitLab, Gitea,
Jenkins, and Nexus. Wire plugin discovery in IntegrationService
and add compose fixtures for local integration testing.

- 5 new connector plugins under src/Integrations/__Plugins/
- docker-compose.integrations.yml for local fixture services
- Advisory source catalog and source management API updates
- Integration e2e test specs and Playwright config
- Integration hub docs under docs/integrations/

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
 2026-03-30 17:24:56 +03:00
master
95357ffbb9 Web UI: feature updates across all modules 
Broad UI improvements spanning auth, branding, notifications, agents, analytics,
approvals, audit-log, bundles, configuration, console-admin, dashboard,
deployments, doctor, environments, evidence, feed-mirror, graph, integration-hub,
issuer-trust, lineage, notify, offline-kit, policy, promotions, quota, registry,
release-orchestrator, releases, sbom, scans, secret-detection, security, settings,
setup-wizard, system-health, topology, triage, trust-admin, unknowns, vex-hub,
vulnerabilities, and watchlist features.

Adds new shared components (page-action-outlet, stella-action-card, stella-form-field),
scripts feature module, audit-trust component, e2e test helpers, and release page
e2e specs. Updates auth session model, branding service, color tokens, form styles,
and i18n translations.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
 2026-03-27 12:28:48 +02:00
master
da76d6e93e Add topology auth policies + journey findings notes 
Concelier:
- Register Topology.Read, Topology.Manage, Topology.Admin authorization
  policies mapped to OrchRead/OrchOperate/PlatformContextRead/IntegrationWrite
  scopes. Previously these policies were referenced by endpoints but never
  registered, causing System.InvalidOperationException on every topology
  API call.

Gateway routes:
- Simplified targets/environments routes (removed specific sub-path routes,
  use catch-all patterns instead)
- Changed environments base route to JobEngine (where CRUD lives)
- Changed to ReverseProxy type for all topology routes

KNOWN ISSUE (not yet fixed):
- ReverseProxy routes don't forward the gateway's identity envelope to
  Concelier. The regions/targets/bindings endpoints return 401 because
  hasPrincipal=False — the gateway authenticates the user but doesn't
  pass the identity to the backend via ReverseProxy. Microservice routes
  use Valkey transport which includes envelope headers. Topology endpoints
  need either: (a) Valkey transport registration in Concelier, or
  (b) Concelier configured to accept raw bearer tokens on ReverseProxy paths.
  This is an architecture-level fix.

Journey findings collected so far:
- Integration wizard (Harbor + GitHub App): works end-to-end
- Advisory Check All: fixed (parallel individual checks)
- Mirror domain creation: works, generate-immediately fails silently
- Topology wizard Step 1 (Region): blocked by auth passthrough issue
- Topology wizard Step 2 (Environment): POST to JobEngine needs verify
- User ID resolution: raw hashes shown everywhere

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
 2026-03-16 08:12:39 +02:00
master
c9a30331ce Close scratch iteration 008 and enforce full surface audits 2026-03-13 11:00:12 +02:00
master
310e9f84fe fix(web): unify API base URL resolution and repair frontend service clients 
- Introduce resolveApiBaseUrl() helper for consistent URL construction
- Fix evidence-pack queries to use public /v1/evidence-packs with runId param
- Resolve notify tenant from active context instead of hard-coded override
- Gate console run stream on concrete run ID (remove synthetic 'last' token)
- Remove unnecessary installed-pack probe from dashboard load
- Expand canonical route inventory with investigation and registry surfaces

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-03-09 07:53:46 +02:00
master
f24d49ddeb fix(web): ship degraded search readiness state 2026-03-08 16:27:51 +02:00
master
9f6fd0b4aa theme and search fixes 2026-03-08 16:21:09 +02:00
master
6be4a25d17 fix(web): ship findings compare baseline availability 2026-03-08 15:13:32 +02:00
master
b521b5bde8 feat(ui): ship evidence capsules cutover 2026-03-08 12:41:09 +02:00
master
e4779a430f feat(ui): ship release promotions cutover 2026-03-08 11:54:57 +02:00
master
abbfe64bd7 Render clarify search prompts as guidance only 2026-03-08 11:50:34 +02:00
master
e01a499df9 Standardize live search Playwright setup lane 2026-03-08 11:17:05 +02:00
master
6870649abf feat(ui): preserve platform setup canonical routes 2026-03-08 11:12:42 +02:00
master
d0f2cc3b2c Archive live search ingestion browser validation sprint 2026-03-08 10:47:19 +02:00
master
c797bd9f46 Preserve canonical policy and reachability QA routes 2026-03-08 10:23:34 +02:00
master
56143d12b7 feat(ui): ship topology and trust admin cutover 2026-03-08 10:12:13 +02:00
master
8b1fe49f35 feat(ui): ship execution operations cutover 2026-03-08 09:33:05 +02:00
master
80257a4538 Complete self-serve search rollout 2026-03-08 08:50:38 +02:00
master
ac22ee3ce2 feat(ui): ship quota health aoc operations cutover 2026-03-08 08:18:51 +02:00
master
ff9de893d5 feat(ui): ship offline operations cutover 2026-03-08 03:12:01 +02:00
master
93872e73ec Verify supported-route live search matrix 2026-03-08 02:23:58 +02:00
master
484abe0039 feat(ui): ship unified audit surfaces 2026-03-08 02:16:20 +02:00
master
6e00a48e00 feat(ui): ship policy decisioning studio 2026-03-08 01:35:18 +02:00
master
a6187c70b4 Consolidate search-first shell UX 2026-03-08 00:14:57 +02:00
master
f709d519ec feat(ui): ship contextual action primitives 2026-03-08 00:02:02 +02:00
master
c568e09a1d feat(ui): ship workflow visualization replay workspace 2026-03-07 23:25:13 +02:00
master
e11c0a6b59 Add live search readiness and telemetry-off e2e coverage 2026-03-07 21:49:41 +02:00
master
8f43378317 feat(ui): ship triage explainability workspace 2026-03-07 21:43:55 +02:00
master
437d26c47c Simplify the primary search surface 2026-03-07 20:58:52 +02:00
master
a3f532359b feat(ui): ship consolidated operations shell 2026-03-07 20:31:32 +02:00
master
f23ca585d4 Collapse search into zero-learning starters 2026-03-07 19:48:46 +02:00
master
1088ae1bc4 feat(ui): ship reachability witnessing shell 2026-03-07 19:44:25 +02:00
master
536d3fe6bd Unify search-first assistant drawer 2026-03-07 19:29:56 +02:00
master
820fb4ec25 Verify live search suggestions against ingested corpus 2026-03-07 18:52:18 +02:00
master
9d3bed1d0e feat(ui): ship trust-owned identity watchlist shell 2026-03-07 18:48:35 +02:00
master
e295768662 Consume weighted search answers and suppress dead chips 2026-03-07 18:38:02 +02:00
master
b689146785 Consolidate search into a primary entry experience 2026-03-07 17:44:54 +02:00
master
4b91527297 Search improvements 2026-03-07 17:15:53 +02:00
master
28932d4a85 Document local CLI setup and harden live search suggestions 2026-03-07 03:12:40 +02:00
master
5e15ab15b1 Fix setup integration navigation and failure states 2026-03-07 02:45:54 +02:00
master
803940bd36 Add answer-first self-serve search UX 2026-03-07 01:21:14 +02:00
master
107d38a3be Fix trust-signing setup workspace branding 2026-03-07 01:05:10 +02:00
master
9e73048bd5 Keep trust-signing flows under setup routes 2026-03-07 00:57:32 +02:00
master
bcf708d688 Fix mission board reachability navigation 2026-03-06 19:41:35 +02:00
master
2446e2c61d Fix web route regressions from Playwright QA 2026-03-06 19:34:55 +02:00