mirror of
https://github.com/shankar0123/certctl.git
synced 2026-06-07 14:01:36 +00:00
shankar0123
622c19cafe
Closes frontend-design-audit finding TEST-H3 (High):
Zero Storybook — 9 production components live without isolated
rendering or designer-handoff surface
Phase 8 originally shipped the scaffold (.storybook/main.ts +
preview.ts + 8 *.stories.tsx files) but couldn't land the deps:
• Storybook 8.6 peer-capped at Vite 6, project ships Vite 8
(Phase 4 manualChunks rewrite). Hotfix #9 ripped the deps.
• The .storybook/main.ts header speculated "Storybook 9 supports
Vite 7+8" — that was wrong. Verified at install time today:
Storybook 9.1.20's peer range is Vite 5/6/7. ERESOLVE'd again.
• Storybook 10.4.0 is the first release with explicit Vite 8 in
its peer range (^5.0.0 || ^6.0.0 || ^7.0.0 || ^8.0.0). Installed
cleanly via `npm install --save-dev`.
═══════════════════════════ CHANGES ═══════════════════════════════
package.json + package-lock.json:
• storybook ^10.4.0
• @storybook/react-vite ^10.4.0
• @storybook/addon-a11y ^10.4.0
All resolve without --legacy-peer-deps. 93 packages added.
Scripts: `npm run storybook` (dev server on :6006) and
`npm run storybook:build` (→ .storybook-static).
tsconfig.json:
Dropped the `src/**/*.stories.tsx` + `src/**/*.stories.ts`
exclusions. Storybook 10's @storybook/react types are stable;
the 8 committed story files typecheck cleanly inside the main
`npm run build` step. Phase 8's "stories excluded so build stays
green in the meantime" caveat is now retired.
web/src/components/Banner.stories.tsx:
Fixed stale prop name: stories used `severity: 'error'` but the
Banner primitive's prop is `type: 'error'` (BannerType union).
4-line edit, replace_all on `severity:` → `type:`. The Banner
component never had a `severity` prop — the story was authored
against a different draft of the API. Typecheck now passes.
web/.storybook/main.ts:
Replaced the "deps not installed" header block with a
version-selection history block documenting the 8 → 9 → 10
trail so the next operator who upgrades Vite doesn't re-walk
the same wall.
.gitignore:
Added `web/.storybook-static/` (Storybook build output, like
web/dist/).
═══════════════════════════ VERIFICATION ═══════════════════════════
• npm install — exit 0, 93 packages, no peer warnings, no
ERESOLVE.
• npx tsc --noEmit — exit 0 with stories included (was running
excluded; now they're in the typecheck graph).
• npx storybook build — built in 3.09s, 17 chunks emitted to
.storybook-static. All 8 stories rendered without errors.
• npx vitest run src/components — 16 files / 161 tests pass
(no regression from Storybook install / story-file fix).
• npx vite build — production build green in 3.35s.
• CI guards: no-raw-table 17/17, no-unbound-label 134/134,
no-raw-toLocaleString clean.
Operator follow-ups (none blocking):
• `npm run storybook` locally opens the dev server with hot-
reload + addon-a11y panel.
• `npm run storybook:build` for an immutable static deploy
(e.g. cert-ctl.io/storybook).
• New components SHOULD ship a sibling *.stories.tsx going
forward; can wire a CI guard if desired (fe-component-has-
story.sh — scaffold mentioned in the audit's executable
prompt for Phase 8 TEST-H3 but deferred).
Ground-truth: origin/master tip bc417fc (UX-M9 just pushed)
verified via GitHub API BEFORE commit.
106 lines
2.0 KiB
Plaintext
106 lines
2.0 KiB
Plaintext
# Binaries for programs and plugins
|
|
*.exe
|
|
*.exe~
|
|
*.dll
|
|
*.so
|
|
*.so.*
|
|
*.dylib
|
|
bin/
|
|
|
|
# Frontend
|
|
web/node_modules/
|
|
web/dist/
|
|
web/.storybook-static/
|
|
|
|
# Test binary, built with `go test -c`
|
|
*.test
|
|
|
|
# Output of the go coverage tool
|
|
*.out
|
|
coverage.out
|
|
coverage.html
|
|
|
|
# Go workspace file
|
|
go.work
|
|
|
|
# Dependency directories
|
|
vendor/
|
|
|
|
# Environment variables
|
|
.env
|
|
.env.local
|
|
.env.*.local
|
|
|
|
# IDE
|
|
.idea/
|
|
.vscode/
|
|
*.swp
|
|
*.swo
|
|
*~
|
|
.DS_Store
|
|
*.iml
|
|
|
|
# Temporary files
|
|
tmp/
|
|
temp/
|
|
*.log
|
|
*.bak
|
|
|
|
# Private keys (agent-generated, never commit)
|
|
cmd/agent/*.key
|
|
cmd/agent/*.pem
|
|
|
|
# Database
|
|
*.db
|
|
*.sqlite3
|
|
|
|
# Allow migration SQL files (don't ignore *.sql globally)
|
|
# SQL files in migrations/ are tracked
|
|
|
|
# Build artifacts
|
|
certctl-server
|
|
certctl-agent
|
|
certctl-cli
|
|
/server
|
|
/agent
|
|
/cli
|
|
/mcp-server
|
|
|
|
# Private strategy docs
|
|
SECURITY_REMEDIATION.md
|
|
|
|
# OS
|
|
.DS_Store
|
|
Thumbs.db
|
|
|
|
# Local Go build/module caches (session-scoped, never committed)
|
|
/.gocache/
|
|
/.gomodcache/
|
|
/.gopath/
|
|
/.gomodcache-gopath/
|
|
|
|
# Design scratch files (session-scoped)
|
|
/.i004-design.md
|
|
/.i005-design.md
|
|
|
|
# HTTPS-Everywhere (M-007) Phase 6: the docker-compose.test.yml tls-init
|
|
# container writes ca.crt / server.crt / server.key into this directory so
|
|
# the host-side integration_test.go binary can pin the CA via
|
|
# CERTCTL_TEST_CA_BUNDLE=./certs/ca.crt. Material is regenerated on every
|
|
# `docker compose up` and never belongs in git.
|
|
/deploy/test/certs/
|
|
|
|
# Phase 1 RED-1 closure (2026-05-13): the f5-mock-icontrol Dockerfile
|
|
# rebuilds from source via multi-stage build (deploy/test/f5-mock-icontrol/
|
|
# Dockerfile line 13). The compiled ELF must not be tracked.
|
|
deploy/test/f5-mock-icontrol/f5-mock-icontrol
|
|
|
|
# Phase 0 closure (2026-05-13): cowork/ holds the operator's internal
|
|
# legal / audit / strategy artifacts (counsel-signed AI-authorship
|
|
# declaration, filter-repo callback, pre-rewrite bundle, audit HTML
|
|
# scratch). It is private operator scratch space and must never
|
|
# accidentally land in the public repo. See
|
|
# docs/history-normalization.md for the public-facing description of
|
|
# the Phase 0 git-history rewrite.
|
|
cowork/
|