mirror of
https://github.com/shankar0123/certctl.git
synced 2026-06-10 03:09:01 +00:00
shankar0123
1fcb05181d
Closes the Phase 6 batch from cowork/frontend-design-audit.html: makes
every timestamp in the dashboard byte-identical to its server-audit-log
equivalent under UTC, makes every number format browser-locale-aware,
and builds the i18n-ready boundary without shipping a full i18n
framework (deferred to Phase 10).
═════════════════════════ AUDIT VERIFICATION ═════════════════════════
• Q1 utils.ts hardcoded 'en-US' at lines 3 + 8 — confirmed
• Q2 raw new Date(x).toLocaleString() sites — verified 8 sites
across 6 pages (audit said "7+"):
SessionsPage:178, SessionsPage:181 (last_seen, abs_expires)
BreakglassPage:236, BreakglassPage:248 (last_pw_change, locked_until)
GroupMappingsPage:206 (created_at)
OIDCProvidersPage:434 (created_at)
ApprovalsPage:379 (created_at)
ObservabilityPage:71 (server_started)
• Q3 no i18n framework — confirmed (no i18next/react-intl/@formatjs/
date-fns in web/package.json)
• Q4 zero Intl.NumberFormat usage — confirmed (audit-accurate)
• Q5 Tooltip API — `<Tooltip content={…}>{singleChild}</Tooltip>`,
Floating-UI-backed, aria-describedby wired
• Q6 toFixed sites — 1 site in dashboard/charts.tsx (Recharts tooltip
rate formatter); audit was vague but actual is minimal
═════════════════════════════ CLOSURES ═══════════════════════════════
I18N-H1 — drop hardcoded en-US in utils.ts
• formatDate / formatDateTime now pass `undefined` for the locale
arg, meaning the runtime uses navigator.language. Output SHAPE
stable (month: 'short' etc.); LANGUAGE follows the browser.
• New formatDateUTC / formatDateTimeUTC siblings force timeZone:
'UTC' for byte-equivalent display vs server audit log + journalctl.
• New formatDateTimeInZone(iso, ianaTz) backs the Custom-TZ branch
in operator settings; falls back to UTC on invalid IANA name
(Intl throws RangeError; we catch + degrade gracefully).
• Existing tests in utils.test.ts already used locale-tolerant
assertions (.toContain('Jun')) so no test update needed.
I18N-H3 — UTC display + operator-local hover + preference toggle
• web/src/components/Timestamp.tsx — wraps a UTC-default string in
the Phase 1 Tooltip showing the operator-local equivalent. Three
modes:
utc — display UTC (default; screen ≡ logs).
local — display browser-local, hover shows UTC.
custom — display configured IANA tz, hover shows UTC.
• web/src/api/timestampPref.ts — typed localStorage helper with
`certctl:timestamp-pref-changed` CustomEvent so live <Timestamp>
components re-render without a page reload when the operator
flips the toggle.
• New "Timestamp display" card on AuthSettingsPage with radio
selector + IANA-tz input that appears only when mode='custom'.
I18N-H2 — migrate raw toLocaleString sites + CI guard
• 8/8 raw `new Date(x).toLocaleString()` / `.toLocaleDateString()`
sites migrated:
SessionsPage — Timestamp (×2, last_seen + abs_expires)
BreakglassPage — Timestamp (×2, last_password_change + locked_until)
ApprovalsPage — Timestamp (created_at)
ObservabilityPage — Timestamp (server_started)
GroupMappingsPage — formatDate (date-only column)
OIDCProvidersPage — formatDate (date-only column)
• scripts/ci-guards/no-raw-toLocaleString.sh fails CI on any new
raw new Date(x).toLocaleString[Date]Date call outside the
canonical utils.ts impls. Tests + utils.ts itself are excluded.
I18N-M2 — Intl.NumberFormat helpers
• New web/src/api/format.ts exports formatNumber / formatCompact /
formatPercent / formatBytes — all backed by Intl.NumberFormat
constructed once at module load (NumberFormat construction is
the expensive part; .format() is cheap).
• Locale-tolerant test fixtures assert format SHAPE (e.g.
"5[ .,]?432") not exact strings — so the CI runner's locale
doesn't break assertions.
• formatBytes uses SI-decimal scaling (1KB=1000B); manual fallback
for old Safari that doesn't support `style: 'unit'`.
═══════════════════════════ AUDIT-ACCURACY CALLOUTS ════════════════════
(1) Audit said "7+ pages with raw .toLocaleString" — verified 8 raw
SITES across 6 PAGES. Direction was right; counts were vague.
(2) Audit said "no i18n framework + no Intl.NumberFormat" — both
verified accurate (zero matches in production tsx).
(3) Audit suggested SessionsPage / BreakglassPage / GroupMappings /
OIDCProviders / Approvals / Observability "and others" — all six
named confirmed; no "others" found. List was complete.
═══════════════════════════ VERIFICATION ════════════════════════════
• npx tsc --noEmit — exits 0
• New tests: utils 18/18 (preserved) + format 14/14 + Timestamp 6/6
= 38 new test assertions
• Component suite (270/270 across api + Timestamp + Tooltip + sibs)
• 7 migrated page suites — 62/62 green (Sessions / Approvals /
Breakglass / GroupMappings / OIDCProviders / AuthSettings /
Observability)
• All 34 CI guards pass locally (new no-raw-toLocaleString.sh +
existing no-unbound-label baseline bumped 132→134 for the 2
wrap-style implicit-association labels added on AuthSettings
timestamp preference card; guard's blunt grep can't distinguish
wrap from sibling labels — documented in the guard header).
• npx vite build — ✓ in 2.69s
• grep "'en-US'" web/src/api/utils.ts → 0 matches
• grep "new Date.*\.toLocaleString\(\)" web/src --include='*.tsx'
--exclude='*.test.*' → 0 raw sites outside utils.ts
═══════════════════════════ RESIDUAL RISK ════════════════════════════
• UTC default may surprise non-engineering users who expect their
local timezone. Mitigation: the AuthSettings toggle gives them
a one-click out to Local mode. Default UTC is the right safe
default for an audit-log-paired tool.
• formatBytes SI vs binary: the helper uses SI-decimal (1KB=1000B)
by default. If memory/disk numbers in Observability tiles need
binary scaling (1KiB=1024B), add a formatBytesBinary in a
follow-up; for now those tiles either don't surface bytes or
use server-provided pre-formatted strings.
• i18n framework deferred: no react-i18next, no extraction pass.
Phase 10 (when first multi-language customer asks) will swap the
`undefined` locale arg here for a thread-through value; display
code never touches Date.prototype.toLocaleString directly thanks
to the no-raw-toLocaleString CI guard.
151 lines
5.7 KiB
TypeScript
151 lines
5.7 KiB
TypeScript
import { useQuery } from '@tanstack/react-query';
|
|
import { getMetrics, getPrometheusMetrics, getHealth } from '../api/client';
|
|
import PageHeader from '../components/PageHeader';
|
|
import Timestamp from '../components/Timestamp';
|
|
import ErrorState from '../components/ErrorState';
|
|
|
|
function MetricCard({ label, value, sub }: { label: string; value: string | number; sub?: string }) {
|
|
return (
|
|
<div className="bg-surface border border-surface-border rounded p-4 shadow-sm">
|
|
<div className="text-xs text-ink-muted mb-1">{label}</div>
|
|
<div className="text-2xl font-bold text-ink">{value}</div>
|
|
{sub && <div className="text-xs text-ink-faint mt-1">{sub}</div>}
|
|
</div>
|
|
);
|
|
}
|
|
|
|
function formatUptime(seconds: number): string {
|
|
const d = Math.floor(seconds / 86400);
|
|
const h = Math.floor((seconds % 86400) / 3600);
|
|
const m = Math.floor((seconds % 3600) / 60);
|
|
if (d > 0) return `${d}d ${h}h ${m}m`;
|
|
if (h > 0) return `${h}h ${m}m`;
|
|
return `${m}m`;
|
|
}
|
|
|
|
export default function ObservabilityPage() {
|
|
const { data: metrics, isLoading, error, refetch } = useQuery({
|
|
queryKey: ['metrics'],
|
|
queryFn: getMetrics,
|
|
refetchInterval: 15000,
|
|
});
|
|
|
|
const { data: health } = useQuery({
|
|
queryKey: ['health'],
|
|
queryFn: getHealth,
|
|
refetchInterval: 15000,
|
|
});
|
|
|
|
const { data: promText } = useQuery({
|
|
queryKey: ['prometheus-metrics'],
|
|
queryFn: getPrometheusMetrics,
|
|
refetchInterval: 30000,
|
|
retry: false,
|
|
});
|
|
|
|
if (error) {
|
|
return (
|
|
<>
|
|
<PageHeader title="Observability" />
|
|
<ErrorState error={error as Error} onRetry={() => refetch()} />
|
|
</>
|
|
);
|
|
}
|
|
|
|
return (
|
|
<>
|
|
<PageHeader
|
|
title="Observability"
|
|
subtitle={health ? `Server: ${health.status}` : undefined}
|
|
/>
|
|
|
|
<div className="flex-1 overflow-y-auto px-6 py-4 space-y-6">
|
|
{/* Health status */}
|
|
<div className="flex items-center gap-3">
|
|
<div className={`w-3 h-3 rounded-full ${health?.status === 'ok' ? 'bg-emerald-500' : 'bg-red-500'}`} />
|
|
<span className="text-sm text-ink font-medium">
|
|
Server {health?.status === 'ok' ? 'Healthy' : 'Unhealthy'}
|
|
</span>
|
|
{metrics && (
|
|
<span className="text-xs text-ink-faint ml-auto">
|
|
Uptime: {formatUptime(metrics.uptime.uptime_seconds)} | Started: <Timestamp iso={metrics.uptime.server_started} />
|
|
</span>
|
|
)}
|
|
</div>
|
|
|
|
{/* Gauge metrics */}
|
|
{isLoading && (
|
|
<div className="text-sm text-ink-muted py-10 text-center">Loading metrics...</div>
|
|
)}
|
|
|
|
{metrics && (
|
|
<>
|
|
<div>
|
|
<h3 className="text-sm font-semibold text-ink-muted mb-3">Certificate Gauges</h3>
|
|
<div className="grid grid-cols-2 md:grid-cols-5 gap-3">
|
|
<MetricCard label="Total" value={metrics.gauge.certificate_total} />
|
|
<MetricCard label="Active" value={metrics.gauge.certificate_active} />
|
|
<MetricCard label="Expiring Soon" value={metrics.gauge.certificate_expiring_soon} />
|
|
<MetricCard label="Expired" value={metrics.gauge.certificate_expired} />
|
|
<MetricCard label="Revoked" value={metrics.gauge.certificate_revoked} />
|
|
</div>
|
|
</div>
|
|
|
|
<div>
|
|
<h3 className="text-sm font-semibold text-ink-muted mb-3">Agent & Job Gauges</h3>
|
|
<div className="grid grid-cols-2 md:grid-cols-3 gap-3">
|
|
<MetricCard label="Total Agents" value={metrics.gauge.agent_total} />
|
|
<MetricCard label="Online Agents" value={metrics.gauge.agent_online} />
|
|
<MetricCard label="Pending Jobs" value={metrics.gauge.job_pending} />
|
|
</div>
|
|
</div>
|
|
|
|
<div>
|
|
<h3 className="text-sm font-semibold text-ink-muted mb-3">Counters</h3>
|
|
<div className="grid grid-cols-2 md:grid-cols-2 gap-3">
|
|
<MetricCard label="Jobs Completed (total)" value={metrics.counter.job_completed_total} />
|
|
<MetricCard label="Jobs Failed (total)" value={metrics.counter.job_failed_total} />
|
|
</div>
|
|
</div>
|
|
</>
|
|
)}
|
|
|
|
{/* Prometheus config */}
|
|
<div>
|
|
<h3 className="text-sm font-semibold text-ink-muted mb-3">Prometheus Integration</h3>
|
|
<div className="bg-surface border border-surface-border rounded p-4 shadow-sm">
|
|
<p className="text-sm text-ink mb-3">
|
|
Add this scrape target to your <code className="text-xs bg-surface-muted px-1 py-0.5 rounded">prometheus.yml</code>:
|
|
</p>
|
|
<pre className="bg-ink text-white rounded p-4 text-xs overflow-x-auto font-mono">
|
|
{`scrape_configs:
|
|
- job_name: 'certctl'
|
|
metrics_path: '/api/v1/metrics/prometheus'
|
|
scheme: 'https'
|
|
bearer_token: '<YOUR_API_KEY>'
|
|
static_configs:
|
|
- targets: ['<CERTCTL_HOST>:443']`}
|
|
</pre>
|
|
</div>
|
|
</div>
|
|
|
|
{/* Live Prometheus output */}
|
|
{promText && (
|
|
<div>
|
|
<h3 className="text-sm font-semibold text-ink-muted mb-3">Live Prometheus Output</h3>
|
|
<div className="bg-surface border border-surface-border rounded shadow-sm">
|
|
<div className="px-4 py-2 border-b border-surface-border flex items-center justify-between">
|
|
<span className="text-xs text-ink-faint font-mono">GET /api/v1/metrics/prometheus</span>
|
|
<span className="text-xs text-ink-faint">text/plain</span>
|
|
</div>
|
|
<pre className="p-4 text-xs text-ink-muted overflow-x-auto font-mono max-h-96 overflow-y-auto whitespace-pre">
|
|
{promText}
|
|
</pre>
|
|
</div>
|
|
</div>
|
|
)}
|
|
</div>
|
|
</>
|
|
);
|
|
}
|