Skip to content

Feat/impl v0.10#49

Open
BRAVO68WEB wants to merge 18 commits into
mainfrom
feat/impl-v0.10
Open

Feat/impl v0.10#49
BRAVO68WEB wants to merge 18 commits into
mainfrom
feat/impl-v0.10

Conversation

@BRAVO68WEB

Copy link
Copy Markdown
Contributor

No description provided.

Support GitHub Actions, GitLab CI, and Kubernetes service account
OIDC tokens for authentication without static API keys.

- Add oidc_providers table with org_id, issuer_url, audience
- Add OIDC token verification using jose library
- Add CRUD API for OIDC providers
- Update auth middleware to detect and verify OIDC tokens
- Register OIDC routes on management API
Add service tokens with app/env scope constraints for CI/CD
and automation use cases.

- Add service_tokens table with SHA-256 hashed tokens
- Support app_id and env_type_id scope constraints
- Add CRUD API for service tokens
- Update auth middleware to validate X-Service-Token header
- Token format: esv_<uuid>
Expand integration ecosystem from 5 to 19 providers.

CI/CD: CircleCI, Jenkins, Azure DevOps, Bitbucket, Travis CI
PaaS: Netlify, Railway, Fly.io, Render, Supabase, DigitalOcean
Cloud: Azure Key Vault, AWS Secrets Manager, Cloudflare Workers

Each provider includes:
- Connection auth fields
- Connection metadata fields
- Binding fields
- Mapping fields
- Sync implementation
…ding

Add four major enterprise features:

SAML SSO (8 providers):
- Okta, OneLogin, Azure AD, Google Workspace, Duo, Rippling, Oracle, Ping Identity
- SP-initiated and IdP-initiated SSO flows
- SAML metadata endpoint
- Real signature verification via Web Crypto API
- Automatic user provisioning with Keycloak identity

Secret Rotation (15 engines):
- PostgreSQL, MySQL, AWS IAM, Azure SP, GCP SQL/MySQL/Postgres, MongoDB
- Cloudflare Pages, SendGrid, Twilio
- Dual-credential window for zero-downtime rotation
- Real pg.Client connections for Postgres engine

Dynamic Secrets (4 engines):
- PostgreSQL, MySQL, AWS IAM, Azure SP
- Short-lived credentials with TTL
- Lease management and auto-revocation
- Real pg.Client connections for Postgres engine

Log Forwarding (3 targets):
- Datadog, Splunk, Sumo Logic
- Automatic forwarding of audit logs
Add CI/CD webhook triggers and enterprise runtime guards.

Webhook Triggers (8 targets):
- GitHub Actions, GitLab Pipeline, AWS CodePipeline
- GCP Cloud Build, CircleCI, Travis CI, Jenkins, Custom

Runtime Guards:
- Add assertEnterprise() helper for edition checks
- Add guards to all enterprise controllers
- Returns HTTP 403 with ENTERPRISE_FEATURE_REQUIRED
Redesign dashboard pages with clean, minimal Cloudflare-inspired UI.

Dashboard:
- 3-column grid: Projects, Security, Recent Activity
- Quick action buttons at top
- Stats overview at bottom

Projects:
- Convert card grid to list rows
- Clean hover states

Integrations:
- Tabbed layout: Connections, Syncs, Org Secrets
- Modal-based create flows
- Clean list tables

Manage Environments:
- Simplified list layout
- Removed verbose cards and sidebar

Landing Page:
- New hero with code snippet
- Unique features section (PiT rollback)
- Clean feature cards
- Rewrite README.md with badges, architecture diagram
- Fix Go version in CONTRIBUTING.md (1.21+ → 1.24+)
- Update AGENTS.md with new enterprise packages
- Bump all packages to 0.10.0
- Regenerate all 4 SDKs (TS + Go, core + management)
- Fix management API URL (localhost → manage-api.lvh.me)
- Fix cookie domain for cross-origin auth
- Remove console.log statements
- Fix E2E test assertions
- Add 5 new E2E test files for enterprise features
- Remove console.log from dashboard hooks (useInvitations, useUserSettings, useUsers)
- Add enterprise middleware for route-level guards
- Register service_token route in core modules
- Add SAML_SESSION_SECRET, SAML_SP_CERT, SAML_SP_KEY to env schema
- Fix landing page: remove framer-motion, add theme toggle, use React Router Link
- Fix landing vite.config: dedupe react/react-dom
- Bump management API package to 0.10.0
CLI Commands Added:
- service-token (create, list, get, delete)
- oidc (create, list, get, update, delete)
- saml (create, list, get, update, delete, metadata, sso)
- rotation (create, list, get, update, delete, trigger, states, revoke-expired)
- dynamic-secret (engine CRUD, lease CRUD, cleanup)
- log-forwarding (create, list, get, delete)

TUI Fixes:
- Replace bubbletea/huh TUI with simple stdin prompts
- init: numbered list selection instead of TUI form
- app list: table output instead of TUI list
- app delete: stdin confirmation instead of TUI select
- env switch: numbered list instead of TUI select

Management SDK:
- Regenerate Go SDK from v0.10.0 OpenAPI spec
- Add OIDC, SAML, Rotation, Dynamic Secrets, Log Forwarding clients

Unit Tests (315 tests):
- service_token: 25 tests (create, list, get, delete + errors)
- oidc: 45 tests (CRUD + validation)
- saml: 43 tests (CRUD + metadata + sso + validation)
- rotation: 35 tests (CRUD + trigger + states + revoke)
- dynamic_secret: 49 tests (engine CRUD + lease CRUD + cleanup)
- log_forwarding: 30 tests (CRUD + validation)
- formatters: 88 tests (all 6 formatters + base)

Coverage: 89-92% on new usecases (business logic)
- Update heading selectors to match new 'Environments' heading
- Update button/dialog selectors to use regex patterns for backward compatibility
- Add data-testid to environment type rows for E2E test selectors
- Fix smoke test to expect new dashboard sections instead of 'Quick Actions'
- Fix routes test to use regex for Manage Environments heading
- Add dynamic_secret_db service to docker-compose.yaml (port 5433)
- Update e2e-setup.ts to start dynamic_secret_db and write env vars
- Update dynamic-secret.e2e.test.ts to use real Postgres connection
- Update .env.example with DYNAMIC_SECRET_PG_* env vars
- Verified Postgres container starts and accepts connections
- Add data-testid='env-type-edit-{id}' to edit button in ManageEnvironment
- Fix project card selector to match actual class order (cursor-pointer group)
The edit sheet uses a Switch component instead of a checkbox. Added
data-testid='env-type-protected-checkbox' to match E2E test selector.
@BRAVO68WEB

Copy link
Copy Markdown
Contributor Author

@b68-pilot approve

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant