feat(auth): ScadaBridge TransportExport excludes inbound API keys (re-arch C4; methods-only, import ignores legacy key sections); keys re-issued per environment

tests/ZB.MOM.WW.ScadaBridge.CentralUI.Tests/Pages/Design/TransportExportPageTests.cs

@@ -118,7 +118,8 @@ public class TransportExportPageTests : BunitContext
         var db = new DatabaseConnectionDefinition("Hist", "Server=.;") { Id = 30 };
         var notifList = new NotificationList("Ops") { Id = 40 };
         var smtp = new SmtpConfiguration("smtp.example.com", "Basic", "no-reply@example.com") { Id = 50 };
-        var apiKey = new ApiKey("ext-system", "key-hash") { Id = 60 };
+        // Inbound API keys are not transported between environments (re-arch C4) — the
+        // export page no longer offers a keys selection list, only API methods.
         var apiMethod = new ApiMethod("CreateOrder", "// noop") { Id = 70 };
 
         _templateRepo.GetAllTemplatesAsync(Arg.Any<CancellationToken>())
@@ -135,15 +136,14 @@ public class TransportExportPageTests : BunitContext
             .Returns(Task.FromResult<IReadOnlyList<NotificationList>>(new List<NotificationList> { notifList }));
         _notificationRepo.GetAllSmtpConfigurationsAsync(Arg.Any<CancellationToken>())
             .Returns(Task.FromResult<IReadOnlyList<SmtpConfiguration>>(new List<SmtpConfiguration> { smtp }));
-        _inboundApiRepo.GetAllApiKeysAsync(Arg.Any<CancellationToken>())
-            .Returns(Task.FromResult<IReadOnlyList<ApiKey>>(new List<ApiKey> { apiKey }));
         _inboundApiRepo.GetAllApiMethodsAsync(Arg.Any<CancellationToken>())
             .Returns(Task.FromResult<IReadOnlyList<ApiMethod>>(new List<ApiMethod> { apiMethod }));
 
         var cut = Render<TransportExportPage>();
         cut.WaitForState(() => cut.Markup.Contains("Pump"));
 
-        // All six flat groups (plus templates) are present.
+        // All flat groups (plus templates) are present. There is intentionally NO
+        // API-keys group: inbound API keys are not transported (re-arch C4).
         foreach (var groupId in new[]
         {
             "group-templates",
@@ -152,20 +152,23 @@ public class TransportExportPageTests : BunitContext
             "group-db-connections",
             "group-notification-lists",
             "group-smtp-configs",
-            "group-api-keys",
             "group-api-methods",
         })
         {
             Assert.NotNull(cut.Find($"[data-testid='{groupId}']"));
         }
 
+        // The API-keys selection group is gone, replaced by an info note explaining
+        // that keys must be re-created per environment.
+        Assert.Empty(cut.FindAll("[data-testid='group-api-keys']"));
+        Assert.NotNull(cut.Find("[data-testid='api-keys-not-transported']"));
+
         // Sanity: each artifact shows its label.
         Assert.Contains("Helpers", cut.Markup);
         Assert.Contains("ERP", cut.Markup);
         Assert.Contains("Hist", cut.Markup);
         Assert.Contains("Ops", cut.Markup);
         Assert.Contains("smtp.example.com", cut.Markup);
-        Assert.Contains("ext-system", cut.Markup);
         Assert.Contains("CreateOrder", cut.Markup);
 
         // Next button is disabled while no selection exists.

tests/ZB.MOM.WW.ScadaBridge.CentralUI.Tests/Pages/Design/TransportImportPageTests.cs

@@ -92,7 +92,7 @@ public class TransportImportPageTests : BunitContext
                     Iterations: 600_000,
                     SaltB64: "abc",
                     IvB64: "def"),
-                Summary: new BundleSummary(0, 0, 0, 0, 0, 0, 0, 0, 0),
+                Summary: new BundleSummary(0, 0, 0, 0, 0, 0, 0, 0),
                 Contents: Array.Empty<ManifestContentEntry>()),
             DecryptedContent = Array.Empty<byte>(),
             ExpiresAt = DateTimeOffset.UtcNow.AddMinutes(30),