From bd791e797af9ede816a255286020cecd55fe96a1 Mon Sep 17 00:00:00 2001 From: Joseph Doherty Date: Thu, 18 Jun 2026 05:24:18 -0400 Subject: [PATCH] chore(plan): mark cert-actions tasks complete + live /run results --- ...6-06-18-adminui-cert-actions.md.tasks.json | 28 +++++++++++++------ 1 file changed, 19 insertions(+), 9 deletions(-) diff --git a/docs/plans/2026-06-18-adminui-cert-actions.md.tasks.json b/docs/plans/2026-06-18-adminui-cert-actions.md.tasks.json index b0c8fb45..048f08db 100644 --- a/docs/plans/2026-06-18-adminui-cert-actions.md.tasks.json +++ b/docs/plans/2026-06-18-adminui-cert-actions.md.tasks.json @@ -3,31 +3,41 @@ "designPath": "docs/plans/2026-06-18-adminui-cert-actions-design.md", "branch": "feat/adminui-cert-actions", "baseSha": "8480e301", - "executionState": "PENDING", + "executionState": "COMPLETE", "tasks": [ { "id": 1, "subject": "Task 1: CertificateStoreManager + tests", "classification": "standard", - "status": "pending", - "parallelizableWith": [] + "status": "completed", + "commits": ["b47fc10e", "e8769fd8"], + "review": "spec ✅ SPEC-COMPLIANT; code APPROVED + polish (char.IsAsciiHexDigit, filtered catch, TOCTOU note); reviewer null-NRE finding rejected (IsNullOrEmpty short-circuits)", + "tests": "9/9 CertificateStoreManagerTests pass" }, { "id": 2, "subject": "Task 2: Certificates.razor actions + DI registration", "classification": "standard", - "status": "pending", - "blockedBy": [1], - "parallelizableWith": [] + "status": "completed", + "commits": ["8c429c31", "2e231911"], + "review": "spec ✅ SPEC-COMPLIANT; code findings fixed — #1 server-side FleetAdmin re-check in ConfirmAction (honors view-for-all design), #2 explicit delete store switch, #3 alert CSS (border-color:var(--alert)); #4 empty-actions-column left (harmless, well-formed)", + "build": "AdminUI build 0 errors / 0 warnings" }, { "id": 3, "subject": "Task 3: docs + full build + AdminUI tests + live /run + finish", "classification": "small", - "status": "pending", - "blockedBy": [2], - "parallelizableWith": [] + "status": "completed", + "commits": ["72869c4f"], + "build": "full solution build 0 errors (359 pre-existing warnings)", + "tests": "AdminUI 486/486 pass (477 prior + 9 new)", + "liveRun": "PASS on docker-dev central-1 (central-2 stopped to pin :9200). Seeded self-signed DER (tp 0CB0DFB2C121CFC55609B5E648C14E73D01F3536) into /app/pki/rejected/certs. UI: FleetAdmin Trust/Delete render (Administrator role); Trust -> inline Blazor confirm (no JS dialog) -> Confirm -> cert moved rejected->trusted live, banner 'Trust ... succeeded', Rejected 0 / Trusted 2; Delete on the test cert -> confirm -> removed, Trusted 1 (own cert preserved). On-disk ls confirmed the file moved then deleted; rejected empty. central-2 restarted." } ], + "reviewFollowUps": [ + "DEFERRED: upload-to-trust action (file-upload plumbing + approval gate) — out of scope per the approved symmetric action set.", + "MINOR (left as-is): non-admin viewers see an empty 'Actions' column header on trusted/rejected tables (well-formed HTML, column counts match). Could double-gate the / with AuthorizeView if desired.", + "NOTE: PKI stores are per-node on disk; :9200 round-robins central-1/central-2 so a cert trusted on one node is not auto-trusted on the other. For multi-node fleets, trust must be applied per node (or the trusted store shared). Acceptable for the single-node-pinned verify; flag if fleet-wide trust sync is wanted later." + ], "lastUpdated": "2026-06-18" }