mirror of
https://github.com/shankar0123/certctl.git
synced 2026-06-08 04:08:52 +00:00
shankar0123
e37403edf1
Frontend design remediation, Phase 1 (Foundation Primitives + Toast).
Builds the six reusable UI primitives every later phase consumes;
migrates the audit-enumerated destructive-action callsites; humanises
the StatusBadge wire keys; and wraps the bulk-action bar in a
Transition with a post-action toast affordance.
Six new primitives + their .test.tsx siblings
=============================================
web/src/components/Toaster.tsx — Sonner wrapper, mounted
once at the root next to
QueryClientProvider. Pages
import { toast } from
"sonner" directly.
web/src/components/ConfirmDialog.tsx — Headless UI Dialog primitive
with optional typed-
confirmation friction for
the most-irreversible actions
(archive-certificate uses
typedConfirmation="archive").
web/src/components/Tooltip.tsx — Floating-UI tooltip with
hover + focus triggers,
aria-describedby wiring,
ESC-to-dismiss. Migrations
of the 103 native title=
sites stay in subsequent
per-page PRs per the audit
prompt's explicit "DO NOT"
on one-mega-PR sweeps.
web/src/components/EmptyState.tsx — Empty-state primitive with
optional icon / title /
description / primary +
secondary CTAs. DataTable
adds a new emptyState slot
(legacy emptyMessage string
prop preserved for backward
compat).
web/src/components/Combobox.tsx — Headless UI typeahead-
select primitive. Migrations
of the 53 native <select>
sites stay in subsequent
per-page PRs.
web/src/components/Banner.tsx — Severity-variant alert
banner with role="alert" on
error/warning, role="status"
on success/info. Migrating
the ~102 inline
bg-(red|amber|yellow)-50
sites stays as page-touch
rolling work.
Each primitive ships with a sibling .test.tsx asserting the
behavioural contract — render at rest, fire callbacks, ARIA wiring,
keyboard nav, variant styling. Total new test count: 109 assertions
across 7 files (6 primitives + extended StatusBadge).
UX-H5 closure — StatusBadge display strings
============================================
web/src/components/StatusBadge.tsx gets a statusDisplay map paired
with the existing statusStyles map. Wire keys stay byte-identical
to the Go enums per the D-1 closure comment block — only the
rendered text changes. PascalCase + snake_case + lowercase enums
now render as spaced sentence-case:
"RenewalInProgress" → "Renewal in progress"
"AwaitingCSR" → "Awaiting CSR"
"cert_mismatch" → "Certificate mismatch"
"dead" → "Dead-lettered"
Unmapped keys flow through a titleCase() helper that humanises
PascalCase / snake_case to lower-bound readability.
StatusBadge.test.tsx extends to 75 assertions: 38 D-1 + 5 dead-key
+ 31 UX-H5 display-string + 5 titleCase + 1 parity. All wire-keys
pinned byte-exact.
UX-H2 closure — window.confirm sites migrated to ConfirmDialog
==============================================================
Audit said 8 destructive-action sites. Live count was 24 across
17 files — the audit missed 11 files (auth/SessionsPage,
auth/UsersPage, auth/GroupMappingsPage, auth/OIDCProvidersPage,
auth/OIDCProviderDetailPage, auth/RolesPage, TeamsPage,
PoliciesPage, IssuersPage, ProfilesPage, RenewalPoliciesPage).
Phase 1 migrates the 7 audit-enumerated destructive sites in the
6 priority files:
- CertificateDetailPage archive (typedConfirmation="archive" —
most-irreversible action gets the
strongest friction)
- OwnersPage delete owner
- TargetsPage delete target
- AgentGroupsPage delete agent group
- auth/KeysPage revoke role grant
- auth/RoleDetailPage delete role
The remaining 11 confirm sites in audit-missed files stay open
and ship as a Phase 1 follow-up (mechanical pattern repeat — same
Edit shape × ~11 files).
UX-H3 closure — alert() → toast.error, top mutations wired
===========================================================
All 5 alert() sites migrated to toast.error:
- OwnersPage / CertificateDetailPage × 2 / TeamsPage /
RenewalPoliciesPage
Eight high-traffic mutations now fire toast.success on resolve +
toast.error on failure: deleteOwner, deleteTarget, deleteAgentGroup,
deleteTeam, deleteRenewalPolicy, archiveCertificate,
authRevokeKeyRole, authDeleteRole. The bulk-renew flow on
CertificatesPage gets a toast with a "View N jobs" action button
that deep-links to /jobs?certificate_ids=… (paired UX-L5 work).
Toaster mounted at web/src/main.tsx next to QueryClientProvider —
single import discipline. Sonner asserts at runtime if multiple
toasters are mounted; centralising the position + duration config
in Toaster.tsx avoids the mistake.
UX-M3 closure — DataTable empty-state slot
==========================================
web/src/components/DataTable.tsx gains an optional emptyState
ReactNode prop. The existing emptyMessage string prop is
preserved for backward compat — every ~18 list-page call site
that passes emptyMessage="…" keeps working unchanged. New CTAs:
pages pass <EmptyState ... /> for first-run experiences. Wiring
EmptyState on the top-5 list pages (Certificates, Issuers,
Targets, Owners, Agents) is per-page rolling work — primitive
+ slot ship in Phase 1; CTAs follow.
UX-L5 closure — Bulk-action bar transition + post-action toast
==============================================================
web/src/pages/CertificatesPage.tsx wraps the bulk-action bar
conditional render in Headless UI <Transition>. Slide-in/out
(200ms enter, 150ms leave, -translate-y-2 → 0). The
prefers-reduced-motion respect comes for free from the global
@media block landed in Phase 0.
Post-renewal toast.success fires with an action button "View N
jobs" that navigate()s to /jobs filtered to the certificate_ids
we just renewed. Closes the audit's "what just happened" gap.
Audit-accuracy callouts
=======================
* UX-H2 undercount — live 24 sites vs audit's 8. Phase 1 closes
the 7 audit-enumerated destructive confirms across 6 priority
files. The remaining 11 sites in audit-missed files stay open
for follow-up.
* UX-M2 title= count — live 103 (matches audit). Tooltip
primitive built; per-page migrations explicitly deferred per
the prompt's "DO NOT" sweep rule.
* UX-M4 native <select> sites — Combobox primitive built;
callsite migrations deferred to per-page rolling PRs.
* FE-M4 inline bg-(red|amber|yellow)-50 — Banner primitive
built; callsite migrations deferred to page-touch work.
Verification
============
$ npx tsc --noEmit
(exit 0, no type errors)
$ npx vitest run src/components/{Toaster,ConfirmDialog,EmptyState,Banner,Tooltip,Combobox}.test.tsx src/components/StatusBadge.test.tsx
Test Files 7 passed (7)
Tests 109 passed (109)
$ npx vitest run src/pages/{OwnersPage,AgentGroupsPage,TargetsPage,CertificatesPage,CertificateDetailPage,TeamsPage,RenewalPoliciesPage}.test.tsx src/pages/auth/{KeysPage,RoleDetailPage}.test.tsx
Test Files 9 passed (9)
Tests 52 passed (52)
(TargetsPage.test.tsx updated — the existing Delete confirm
test stubbed window.confirm; new test clicks the dialog's
destructive Delete button.)
$ npx vite build
✓ built in 2.89s
dist/assets/index-DZ1ZcRdP.js 1,110.61 kB (was 1,028.66 kB)
+82 KB / +26 KB gzipped from sonner + @headlessui + @floating-ui.
Bundle code-splitting is a separate phase (FE-M5).
Residual risks + follow-ups
============================
* 11 remaining window.confirm sites in audit-missed files. Phase 1
follow-up commit will sweep them with the same ConfirmDialog
pattern — mechanical work.
* The discard-unsaved-changes confirm in EditRoleModal (and 2
sibling modal sub-components) stays as window.confirm; treated
as a UX safety guardrail rather than a destructive-action
confirmation. Migrating to ConfirmDialog is fine but not
audit-priority.
* Tooltip + Combobox + Banner callsite migrations are explicit
per-page rolling work for subsequent phases — primitives
landed; per the audit prompt's "DO NOT" rule the migrations
don't sweep here.
* Optimistic-update wiring on the 5 priority mutations
(mark-notification-read, dismiss-discovery, archive-cert,
claim-discovered-cert, role-assignment) is staged for Phase 2
TQ-M3 per the prompt's explicit "DO NOT add new mutations to
the optimistic-update list beyond the 5 priority ones".
105 lines
3.5 KiB
TypeScript
105 lines
3.5 KiB
TypeScript
// Copyright 2026 certctl LLC. All rights reserved.
|
|
// SPDX-License-Identifier: BUSL-1.1
|
|
//
|
|
// Combobox — Headless UI-backed typeahead select primitive. Phase 1
|
|
// closure for UX-M4 (~53 native HTML <select> elements with no
|
|
// typeahead surface). Migrating callsites is per-page rolling work
|
|
// in subsequent PRs; Phase 1 builds the primitive.
|
|
//
|
|
// Compared with native <select>:
|
|
// - typeahead filter narrows options as the operator types
|
|
// - keyboard nav (Up/Down/Enter/Esc) handled by Headless UI
|
|
// - aria-expanded / aria-activedescendant / aria-labelledby wired
|
|
// for free
|
|
// - styled to match the certctl .input + .card token palette
|
|
//
|
|
// Generic on the option value type T (string IDs are typical; arbitrary
|
|
// objects work too — supply a `getKey` + `getLabel`).
|
|
|
|
import { useState, useMemo } from 'react';
|
|
import { Combobox as HeadlessCombobox } from '@headlessui/react';
|
|
|
|
export interface ComboboxProps<T> {
|
|
/** The currently-selected option, or null if none. */
|
|
value: T | null;
|
|
/** Fires when the operator picks an option. */
|
|
onChange: (next: T | null) => void;
|
|
/** Full options list — Combobox filters internally on typed query. */
|
|
options: T[];
|
|
/** Stable string key per option (used for React `key` + filter equality). */
|
|
getKey: (option: T) => string;
|
|
/** Human-readable label rendered in the input + dropdown row. */
|
|
getLabel: (option: T) => string;
|
|
/** Optional placeholder when no value is selected. */
|
|
placeholder?: string;
|
|
/** Optional `id` on the input element (label wiring). */
|
|
inputId?: string;
|
|
/** Disabled state. */
|
|
disabled?: boolean;
|
|
/** Extra className on the outer wrapper. */
|
|
className?: string;
|
|
}
|
|
|
|
export default function Combobox<T>({
|
|
value,
|
|
onChange,
|
|
options,
|
|
getKey,
|
|
getLabel,
|
|
placeholder,
|
|
inputId,
|
|
disabled,
|
|
className = '',
|
|
}: ComboboxProps<T>) {
|
|
const [query, setQuery] = useState('');
|
|
|
|
// Filter is local + case-insensitive substring against the label.
|
|
// For >1000-option lists this should move to server-side; not Phase
|
|
// 1's problem.
|
|
const filtered = useMemo(() => {
|
|
if (!query) return options;
|
|
const needle = query.toLowerCase();
|
|
return options.filter((o) => getLabel(o).toLowerCase().includes(needle));
|
|
}, [options, query, getLabel]);
|
|
|
|
return (
|
|
<HeadlessCombobox
|
|
value={value}
|
|
onChange={onChange}
|
|
disabled={disabled}
|
|
>
|
|
<div className={`relative ${className}`}>
|
|
<HeadlessCombobox.Input
|
|
id={inputId}
|
|
className="input w-full"
|
|
placeholder={placeholder}
|
|
displayValue={(o: T | null) => (o ? getLabel(o) : '')}
|
|
onChange={(e) => setQuery(e.target.value)}
|
|
/>
|
|
<HeadlessCombobox.Options
|
|
className="absolute z-30 mt-1 max-h-60 w-full overflow-auto rounded border border-surface-border bg-surface shadow-lg focus:outline-none"
|
|
>
|
|
{filtered.length === 0 && query !== '' && (
|
|
<div className="px-3 py-2 text-sm text-ink-faint">
|
|
No matches.
|
|
</div>
|
|
)}
|
|
{filtered.map((option) => (
|
|
<HeadlessCombobox.Option
|
|
key={getKey(option)}
|
|
value={option}
|
|
className={({ active, selected }) =>
|
|
`cursor-pointer px-3 py-2 text-sm ${
|
|
active ? 'bg-brand-50 text-brand-700' : 'text-ink'
|
|
} ${selected ? 'font-semibold' : ''}`
|
|
}
|
|
>
|
|
{getLabel(option)}
|
|
</HeadlessCombobox.Option>
|
|
))}
|
|
</HeadlessCombobox.Options>
|
|
</div>
|
|
</HeadlessCombobox>
|
|
);
|
|
}
|