certctl

gsadmin/certctl

Fork 0

mirror of https://github.com/shankar0123/certctl.git synced 2026-06-07 16:41:36 +00:00

Commit Graph

Author	SHA1	Message	Date
shankar0123	a9e229bd2a	feat(frontend): Phase 8 Test Pyramid Investment — TEST-H1 + TEST-H2 + TEST-H3 (scaffold) + TEST-M1 Closes the structural test-pyramid gaps that protect every future phase from regression. Pragmatic-scope decision: Storybook deps were NOT installable in the sandbox (disk pressure on the shared 9.8 GB local partition); the config + stories ship as scaffolding + package.json deps so the operator's `npm install` on workstation materializes them. Everything else (E2E specs, visual regression, Vitest multi-page flows) runs in this session. ═════════════════════════ AUDIT VERIFICATION ═════════════════════════ • Q1 (e2e/README intact + zero Playwright wired) — PARTIALLY STALE: Phase 3 TEST-M3 already shipped playwright.config.ts + smoke.spec.ts + @playwright/test 1.49.0 + the `npm run e2e` script. Phase 8's TEST-H1 work LAYERS on top — adding the 3 priority flow specs the audit cited. • Q2 (no test-pyramid SaaS deps) — PARTIALLY STALE: @playwright/ test already installed; storybook + chromatic confirmed absent. • Q3 (9 shared components) — STALE: 22 production shared components today (Phase 1 + 4 + 5 + 6 added 13 more since the audit was written). • Q4-Q6 (Vite + Vitest + Tooltip API + CI gates) — all accurate. ═════════════════════════════ CLOSURES ═══════════════════════════════ TEST-M1 (multi-page Vitest flows) — FULL CLOSE • web/src/__tests__/multi-page-flows.test.tsx — 3 flow tests: 1. Certs list → row click → CertificateDetailPage continuity 2. Direct deep-link to /certificates/:id (no list pre-fetch) 3. Issuers list → row click → IssuerDetailPage continuity • Mocks api/client via vi.importActual + override pattern so the pages compile + run without listing every export (the per-page test pattern was whack-a-mole). • 3/3 green in 6.83s. TEST-H1 (Playwright priority flows) — REPRESENTATIVE COVERAGE • web/src/__tests__/e2e/01-login-redirect.spec.ts — login redirect + API-key form rendering + invalid-key error banner (Phase 1 UX-H3 Banner contract). Happy-path login skipped pending live CERTCTL_E2E_API_KEY in CI env. • web/src/__tests__/e2e/02-dashboard-shell.spec.ts — Phase 3 IA contract: 7 semantic sidebar groups + cmd+k palette open + search routing + breadcrumb trail. • web/src/__tests__/e2e/03-settings-timestamp-pref.spec.ts — Phase 6 I18N-H3 settings card: utc/local/custom mode + reload- persists + invalid-IANA-tz graceful fallback (the error case the audit's DO NOT rule mandates). • 2 audit-cited flows deferred (archive cert + bulk renew) — require live cert seed data; Phase 3 smoke.spec.ts pattern extends naturally when CI seeds a demo deployment. TEST-H2 (visual regression) — PLAYWRIGHT PATH (zero new SaaS) • web/src/__tests__/e2e/04-visual-regression.spec.ts — 5 page screenshots: /login, /, /certificates, /issuers, /auth/settings. Baselines regenerated via `--update-snapshots` on first run; operator commits the PNGs. Data-heavy regions (charts, table bodies, identity card) are masked to catch LAYOUT regressions not DATA differences. • Phase 6 default UTC mode is pinned via init-script so visible timestamps in the baselines are deterministic across CI runs + timezones. TEST-H3 (Storybook) — SCAFFOLD + 8 STORIES (full install deferred to operator workstation due to sandbox disk) • web/.storybook/main.ts + preview.ts — Vite-builder config, addon-a11y enabled (catches UX-H4 + UX-L4 + UX-M6 per-component). Story discovery: `src/*/.stories.@(ts\|tsx)`. • 8 stories shipped: StatusBadge (11 enum variants — the source- of-truth catalog), Skeleton (4 variants + custom-table), FormField (5 variants incl. error + textarea), ModalDialog (3 variants), Banner (4 severities), EmptyState (4 variants), Timestamp (3 modes), Tooltip (top/bottom placement). • 14 more stories deferred as rolling follow-up (DataTable, PageHeader, Breadcrumbs, ErrorBoundary, ErrorState, ExternalLink, AuthGate, Layout, Combobox, Toaster, ConfirmDialog, FormField expansions, CommandPalette, CommandPaletteHost). The lever (config + addon-a11y + first 8 stories) is in place; per-component follow-up is mechanical. Storybook DEPS — PACKAGE.JSON ONLY, LOCKFILE PENDING: The sandbox's local 9.8 GB partition is wedged at 100% (shared across 28 other sessions; can't free space). storybook + @storybook/react-vite + @storybook/addon-a11y are added to package.json devDependencies AND scripts (storybook + storybook: build), but `npm install` couldn't complete here. Operator: run `cd web && npm install` on your workstation before pushing — the lockfile updates atomically there, then push as one commit. The .stories.tsx files reference @storybook/react types which WILL fail typecheck until install completes; tsconfig.json excludes them from the build typecheck (added `src/*/.stories. tsx` + `src/*/.stories.ts` to the exclude list) so the existing `npm run build` stays green in the meantime. Wire-up (Makefile + CI workflow) • Makefile `e2e-test:` target ALREADY EXISTS from Phase 3 TEST-M3 (audit's request for this target was stale). • .github/workflows/e2e.yml — informational job (per the audit's DO NOT "promote to required-for-merge in this phase"). Runs on push to master + every PR touching web/. Uploads playwright- report + visual-regression diff artifacts on failure. Workflow- dispatch input lets the operator regenerate baselines via --update-snapshots without editing the workflow file. ═══════════════════════════ VERIFICATION ═════════════════════════════ • npx tsc --noEmit — exits 0 (stories + e2e specs excluded via tsconfig.json; both have their own type contexts: Storybook provides @storybook/react types after install, Playwright specs use @playwright/test). • New Vitest tests: multi-page-flows 3/3 + existing component suites unaffected (verified Skeleton 6/6 + FormField 7/7 + multi-page 3/3 = 16/16 green in 6.83s). • npx vite build — ✓ in 3.39s. Bundle profile unchanged. • All 34 CI guards pass locally (bash scripts/ci-guards/*.sh loop — no new guards in this phase). • Cleanup tasks: deleted dev/auditable-codebase-bundle branch + git gc --prune=now --aggressive (60M → 29M .git on host). ═══════════════════════════ RESIDUAL RISK ════════════════════════════ • Playwright flakiness on CI — well-documented in industry. The e2e.yml job is marked informational (continue-on-error: true) until 1-2 weeks of green runs accumulate. • Storybook story drift: every new shared component needs a sibling .stories.tsx. No CI guard enforces this today; tracked for follow-up. • Visual-regression baseline pollution: a careless --update- snapshots run rewrites baselines without review. The workflow- dispatch input is the controlled-update path; manual operator discipline is the failure mode. • Storybook lockfile pending operator install. Tests + build stay green in the meantime via tsconfig exclude rule.	2026-05-14 17:56:54 +00:00
shankar0123	73c6bd1416	feat: add frontend action buttons, fix notification auth bug, add 53 Vitest tests Bug fix: - markNotificationRead was using raw fetch() without auth headers, bypassing the shared client's Authorization header. Moved to api/client.ts to use fetchJSON with proper auth. New action buttons: - CertificatesPage: "New Certificate" modal with form fields - CertificateDetailPage: "Deploy" button with target selector modal, "Archive" button with confirmation - IssuersPage: "Test Connection" and "Delete" per-row actions - TargetsPage: "Delete" per-row action - PoliciesPage: "Enable/Disable" toggle and "Delete" per-row actions New API client functions: - updateCertificate, archiveCertificate, registerAgent, createPolicy, updatePolicy, deletePolicy, getPolicyViolations, createIssuer, testIssuerConnection, deleteIssuer, createTarget, deleteTarget, markNotificationRead Frontend tests (53 tests, 2 files): - client.test.ts: 35 tests covering all API endpoints, auth headers, 401 handling, error parsing, HTTP methods, request bodies - utils.test.ts: 18 tests covering formatDate, formatDateTime, timeAgo, daysUntil, expiryColor CI: Added "Run Frontend Tests" step to frontend-build job Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-16 00:05:21 -04:00
shankar0123	9e6756d02f	Implement M5: hardening, input validation, and Vite+React+TS dashboard Backend hardening: - Fix 6 nginx.go non-constant format string build errors - Add validation.go with hostname, PEM, and enum validators - Apply input validation to all POST/PUT handlers (certificates, agents, CSR, policies, teams, owners, targets, issuers) - Fix unchecked JSON decode in TriggerDeployment handler Frontend (Vite + React + TypeScript): - Migrate from single-file SPA to proper build pipeline - 7 pages: Dashboard, Certificates (list+detail), Agents, Jobs, Notifications, Policies, Audit Trail - TanStack Query for server state with auto-refetch intervals - Certificate detail with version history and renewal trigger - Job cancellation, status/type filtering, expiry countdowns - Reusable components: DataTable, StatusBadge, ErrorState, PageHeader - Dark theme with Tailwind CSS, sidebar nav via React Router Server integration: - Go server serves web/dist/ (Vite output) with SPA fallback - Falls back to web/index.html for legacy mode - .gitignore updated for web/node_modules/ and web/dist/ Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-15 01:19:19 -04:00

Author

SHA1

Message

Date

shankar0123

a9e229bd2a

feat(frontend): Phase 8 Test Pyramid Investment — TEST-H1 + TEST-H2 + TEST-H3 (scaffold) + TEST-M1

Closes the structural test-pyramid gaps that protect every future
phase from regression. Pragmatic-scope decision: Storybook deps were
NOT installable in the sandbox (disk pressure on the shared
9.8 GB local partition); the config + stories ship as scaffolding +
package.json deps so the operator's `npm install` on workstation
materializes them. Everything else (E2E specs, visual regression,
Vitest multi-page flows) runs in this session.

═════════════════════════ AUDIT VERIFICATION ═════════════════════════

  • Q1 (e2e/README intact + zero Playwright wired) — PARTIALLY STALE:
    Phase 3 TEST-M3 already shipped playwright.config.ts +
    smoke.spec.ts + @playwright/test 1.49.0 + the `npm run e2e`
    script. Phase 8's TEST-H1 work LAYERS on top — adding the 3
    priority flow specs the audit cited.
  • Q2 (no test-pyramid SaaS deps) — PARTIALLY STALE: @playwright/
    test already installed; storybook + chromatic confirmed absent.
  • Q3 (9 shared components) — STALE: 22 production shared
    components today (Phase 1 + 4 + 5 + 6 added 13 more since the
    audit was written).
  • Q4-Q6 (Vite + Vitest + Tooltip API + CI gates) — all accurate.

═════════════════════════════ CLOSURES ═══════════════════════════════

TEST-M1 (multi-page Vitest flows) — FULL CLOSE
  • web/src/__tests__/multi-page-flows.test.tsx — 3 flow tests:
      1. Certs list → row click → CertificateDetailPage continuity
      2. Direct deep-link to /certificates/:id (no list pre-fetch)
      3. Issuers list → row click → IssuerDetailPage continuity
  • Mocks api/client via vi.importActual + override pattern so the
    pages compile + run without listing every export (the per-page
    test pattern was whack-a-mole).
  • 3/3 green in 6.83s.

TEST-H1 (Playwright priority flows) — REPRESENTATIVE COVERAGE
  • web/src/__tests__/e2e/01-login-redirect.spec.ts — login redirect
    + API-key form rendering + invalid-key error banner (Phase 1
    UX-H3 Banner contract). Happy-path login skipped pending live
    CERTCTL_E2E_API_KEY in CI env.
  • web/src/__tests__/e2e/02-dashboard-shell.spec.ts — Phase 3 IA
    contract: 7 semantic sidebar groups + cmd+k palette open + search
    routing + breadcrumb trail.
  • web/src/__tests__/e2e/03-settings-timestamp-pref.spec.ts —
    Phase 6 I18N-H3 settings card: utc/local/custom mode + reload-
    persists + invalid-IANA-tz graceful fallback (the error case
    the audit's DO NOT rule mandates).
  • 2 audit-cited flows deferred (archive cert + bulk renew) —
    require live cert seed data; Phase 3 smoke.spec.ts pattern
    extends naturally when CI seeds a demo deployment.

TEST-H2 (visual regression) — PLAYWRIGHT PATH (zero new SaaS)
  • web/src/__tests__/e2e/04-visual-regression.spec.ts — 5 page
    screenshots: /login, /, /certificates, /issuers, /auth/settings.
    Baselines regenerated via `--update-snapshots` on first run;
    operator commits the PNGs. Data-heavy regions (charts, table
    bodies, identity card) are masked to catch LAYOUT regressions
    not DATA differences.
  • Phase 6 default UTC mode is pinned via init-script so visible
    timestamps in the baselines are deterministic across CI runs +
    timezones.

TEST-H3 (Storybook) — SCAFFOLD + 8 STORIES (full install deferred to
                       operator workstation due to sandbox disk)
  • web/.storybook/main.ts + preview.ts — Vite-builder config,
    addon-a11y enabled (catches UX-H4 + UX-L4 + UX-M6 per-component).
    Story discovery: `src/**/*.stories.@(ts|tsx)`.
  • 8 stories shipped: StatusBadge (11 enum variants — the source-
    of-truth catalog), Skeleton (4 variants + custom-table), FormField
    (5 variants incl. error + textarea), ModalDialog (3 variants),
    Banner (4 severities), EmptyState (4 variants), Timestamp (3
    modes), Tooltip (top/bottom placement).
  • 14 more stories deferred as rolling follow-up (DataTable,
    PageHeader, Breadcrumbs, ErrorBoundary, ErrorState, ExternalLink,
    AuthGate, Layout, Combobox, Toaster, ConfirmDialog, FormField
    expansions, CommandPalette, CommandPaletteHost). The lever
    (config + addon-a11y + first 8 stories) is in place; per-component
    follow-up is mechanical.

  Storybook DEPS — PACKAGE.JSON ONLY, LOCKFILE PENDING:
  The sandbox's local 9.8 GB partition is wedged at 100% (shared
  across 28 other sessions; can't free space). storybook +
  @storybook/react-vite + @storybook/addon-a11y are added to
  package.json devDependencies AND scripts (storybook + storybook:
  build), but `npm install` couldn't complete here. Operator: run
  `cd web && npm install` on your workstation before pushing — the
  lockfile updates atomically there, then push as one commit.
  The .stories.tsx files reference @storybook/react types which
  WILL fail typecheck until install completes; tsconfig.json
  excludes them from the build typecheck (added `src/**/*.stories.
  tsx` + `src/**/*.stories.ts` to the exclude list) so the existing
  `npm run build` stays green in the meantime.

Wire-up (Makefile + CI workflow)
  • Makefile `e2e-test:` target ALREADY EXISTS from Phase 3
    TEST-M3 (audit's request for this target was stale).
  • .github/workflows/e2e.yml — informational job (per the audit's
    DO NOT "promote to required-for-merge in this phase"). Runs on
    push to master + every PR touching web/. Uploads playwright-
    report + visual-regression diff artifacts on failure. Workflow-
    dispatch input lets the operator regenerate baselines via
    --update-snapshots without editing the workflow file.

═══════════════════════════ VERIFICATION ═════════════════════════════

  • npx tsc --noEmit — exits 0 (stories + e2e specs excluded via
    tsconfig.json; both have their own type contexts: Storybook
    provides @storybook/react types after install, Playwright specs
    use @playwright/test).
  • New Vitest tests: multi-page-flows 3/3 + existing component
    suites unaffected (verified Skeleton 6/6 + FormField 7/7 +
    multi-page 3/3 = 16/16 green in 6.83s).
  • npx vite build — ✓ in 3.39s. Bundle profile unchanged.
  • All 34 CI guards pass locally (bash scripts/ci-guards/*.sh loop
    — no new guards in this phase).
  • Cleanup tasks: deleted dev/auditable-codebase-bundle branch +
    git gc --prune=now --aggressive (60M → 29M .git on host).

═══════════════════════════ RESIDUAL RISK ════════════════════════════

  • Playwright flakiness on CI — well-documented in industry. The
    e2e.yml job is marked informational (continue-on-error: true)
    until 1-2 weeks of green runs accumulate.
  • Storybook story drift: every new shared component needs a
    sibling .stories.tsx. No CI guard enforces this today; tracked
    for follow-up.
  • Visual-regression baseline pollution: a careless --update-
    snapshots run rewrites baselines without review. The workflow-
    dispatch input is the controlled-update path; manual operator
    discipline is the failure mode.
  • Storybook lockfile pending operator install. Tests + build
    stay green in the meantime via tsconfig exclude rule.

2026-05-14 17:56:54 +00:00

shankar0123

73c6bd1416

feat: add frontend action buttons, fix notification auth bug, add 53 Vitest tests

Bug fix:
- markNotificationRead was using raw fetch() without auth headers,
  bypassing the shared client's Authorization header. Moved to
  api/client.ts to use fetchJSON with proper auth.

New action buttons:
- CertificatesPage: "New Certificate" modal with form fields
- CertificateDetailPage: "Deploy" button with target selector modal,
  "Archive" button with confirmation
- IssuersPage: "Test Connection" and "Delete" per-row actions
- TargetsPage: "Delete" per-row action
- PoliciesPage: "Enable/Disable" toggle and "Delete" per-row actions

New API client functions:
- updateCertificate, archiveCertificate, registerAgent,
  createPolicy, updatePolicy, deletePolicy, getPolicyViolations,
  createIssuer, testIssuerConnection, deleteIssuer,
  createTarget, deleteTarget, markNotificationRead

Frontend tests (53 tests, 2 files):
- client.test.ts: 35 tests covering all API endpoints, auth headers,
  401 handling, error parsing, HTTP methods, request bodies
- utils.test.ts: 18 tests covering formatDate, formatDateTime,
  timeAgo, daysUntil, expiryColor

CI: Added "Run Frontend Tests" step to frontend-build job

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

2026-03-16 00:05:21 -04:00

shankar0123

9e6756d02f

Implement M5: hardening, input validation, and Vite+React+TS dashboard

Backend hardening:
- Fix 6 nginx.go non-constant format string build errors
- Add validation.go with hostname, PEM, and enum validators
- Apply input validation to all POST/PUT handlers (certificates,
  agents, CSR, policies, teams, owners, targets, issuers)
- Fix unchecked JSON decode in TriggerDeployment handler

Frontend (Vite + React + TypeScript):
- Migrate from single-file SPA to proper build pipeline
- 7 pages: Dashboard, Certificates (list+detail), Agents, Jobs,
  Notifications, Policies, Audit Trail
- TanStack Query for server state with auto-refetch intervals
- Certificate detail with version history and renewal trigger
- Job cancellation, status/type filtering, expiry countdowns
- Reusable components: DataTable, StatusBadge, ErrorState, PageHeader
- Dark theme with Tailwind CSS, sidebar nav via React Router

Server integration:
- Go server serves web/dist/ (Vite output) with SPA fallback
- Falls back to web/index.html for legacy mode
- .gitignore updated for web/node_modules/ and web/dist/

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

2026-03-15 01:19:19 -04:00

3 Commits