fix(web,ci): close orphan-CRUD GUI gaps + dead exportCertificatePEM (B-1 master)

Closes four 2026-04-24 audit findings via per-page Edit modals on five existing pages, a brand-new RenewalPoliciesPage for the rp-* CRUD surface, and removal of one dead duplicate so the public client surface stops growing without consumers. Anchored by a CI grep guardrail that fails the build if any of the eight previously-orphan client functions loses its non-test page consumer or if exportCertificatePEM is resurrected. Per-page Edit modals (mirroring existing CreateXModal scaffolding): - web/src/pages/OwnersPage.tsx — EditOwnerModal (name/email/team_id) - web/src/pages/TeamsPage.tsx — EditTeamModal (name/description) - web/src/pages/AgentGroupsPage.tsx — EditAgentGroupModal (full match-rule set: name/description/match_os/match_architecture/match_ip_cidr/ match_version/enabled) - web/src/pages/IssuersPage.tsx — EditIssuerModal (rename-only; type locked, config blob preserved untouched, footer note about delete+ recreate for credential rotation) - web/src/pages/ProfilesPage.tsx — EditProfileModal (rename + description only; policy fields preserved untouched, footer note about deferred policy editing) New page (closes cat-b-4631ca092bee — RenewalPolicy CRUD orphan): - web/src/pages/RenewalPoliciesPage.tsx — full CRUD page with shared PolicyFormModal for Create + Edit (form shape identical), 7-column DataTable (Policy/RenewalWindow/Auto/Retries/AlertThresholds/Created/ Actions), comma-separated alert_thresholds_days input parser, and alert() surfacing of repository.ErrRenewalPolicyInUse (409) on Delete so operators can re-target dependent certs before deletion. - web/src/main.tsx — adds /renewal-policies route. - web/src/components/Layout.tsx — adds sidebar nav item slotted between Policies and Profiles. Removed (closes cat-b-9b97ffb35ef7 — dead duplicate): - web/src/api/client.ts::exportCertificatePEM — zero consumers across web/, MCP, CLI, tests; downloadCertificatePEM is the actual call site in CertificateDetailPage. Test references in client.test.ts and client.error.test.ts also removed. CI regression guardrail: - .github/workflows/ci.yml — adds 'Forbidden orphan-CRUD client function regression guard (B-1)' step. Greps for all eight previously-orphan fns (updateOwner/updateTeam/updateAgentGroup/updateIssuer/updateProfile + createRenewalPolicy/updateRenewalPolicy/deleteRenewalPolicy) under web/src/pages/ and fails the build if any has zero non-test consumers. Also blocks resurrection of exportCertificatePEM. Verified locally (all 8 fns have ≥2 consumers; exportCertificatePEM is gone) and against synthetic regressions. Documentation: - CHANGELOG.md — new B-1 section above L-1 under [unreleased]. - docs/architecture.md — Web Dashboard section gains a new paragraph capturing the 'every backend CRUD must have a GUI consumer' rule with reference to the CI guardrail. - coverage-gap-audit-2026-04-24-v5/unified-audit.md — flips four findings to ✅ RESOLVED with detailed Status blocks; bumps Live Tracker score 16/47 → 20/47 (P1: 9→12, P3: 1→2); adds B-1 row to closed-bundle index. Verification: - cd web && tsc --noEmit — clean - cd web && vitest run — 9 test files, 294 tests, all passing - cd web && vite build — clean (no new warnings) - B-1 guardrail dry-run — all 8 client fns have ≥2 page consumers, exportCertificatePEM removed (good), FAIL=0 Audit findings closed: - cat-b-31ceb6aaa9f1 (P1, updateOwner/updateTeam/updateAgentGroup orphan) - cat-b-7a34f893a8f9 (P1, updateIssuer/updateProfile orphan, rename-only) - cat-b-4631ca092bee (P1, RenewalPolicy CRUD orphan) - cat-b-9b97ffb35ef7 (P3, exportCertificatePEM dead duplicate) Deferred follow-ups: - Fuller EditIssuerModal with credential-rotation flow (needs threat model: rotation reuse window, in-flight CSR cancellation, audit-trail granularity). - Fuller EditProfileModal with policy-field editing (max-TTL, allowed EKUs, allowed key algorithms — affect already-issued cert evaluation). - Per-page Vitest coverage for the new Edit modals (CI grep guardrail catches the same regression vector at lower cost).
2026-06-07 13:41:30 +00:00 · 2026-04-25 15:23:15 +00:00
parent 3fc1a2222f
commit 097995e503
14 changed files with 1026 additions and 52 deletions
@@ -163,6 +163,8 @@ The dashboard includes an **ErrorBoundary component** for graceful error recover
 - Light content area with branded dark teal sidebar, Inter + JetBrains Mono typography
 - SSE/WebSocket planned for real-time job status updates

+**Backend ↔ frontend round-trip rule (B-1 closure):** every backend CRUD operation must have at least one GUI consumer in `web/src/pages/`. Shipping a handler + repository method + OpenAPI operation + `client.ts` fetcher with no page that calls it leaves operators forced to `psql` directly — defeats the "every backend feature ships with its GUI surface" invariant and creates a destructive workflow when the missing path is `update*` (operators delete-and-recreate, losing FK history and audit-trail continuity). The CI guardrail in `.github/workflows/ci.yml` (`Forbidden orphan-CRUD client function regression guard (B-1)`) enforces this for the eight previously-orphan functions (`updateOwner`/`updateTeam`/`updateAgentGroup`/`updateIssuer`/`updateProfile` + `createRenewalPolicy`/`updateRenewalPolicy`/`deleteRenewalPolicy`); apply the same rule when adding any new write endpoint. If a fetcher is needed in `client.ts` before its consumer page exists, leave a TODO referencing this rule and ship them in the same commit.
+
 ### PostgreSQL Database

 All state is stored in PostgreSQL 16. The schema uses TEXT primary keys (not UUIDs) with human-readable prefixed IDs like `mc-api-prod`, `t-platform`, `o-alice`.