7593bfe1c1
8 workstreams scoped per OpenSpec standards: 1. HashiCorp Vault integration (secret management) 2. Python SDK (sentryagent-idp) 3. Go SDK (idp-sdk-go) 4. Java SDK (ai.sentryagent:idp-sdk) 5. OPA policy engine (dynamic ABAC, hot-reload Rego) 6. Web Dashboard UI (React 18 + TypeScript) 7. Prometheus + Grafana monitoring (7 metrics, pre-built dashboard) 8. Multi-region Terraform deployment (AWS + GCP) Status: proposed — awaiting CEO dependency approvals (A0.1–A0.5) before any implementation begins. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
1.4 KiB
1.4 KiB
Spec: Web Dashboard UI
Status: Pending CEO approval Workstream: 6 of 8
Scope
dashboard/directory at project root- React 18 + TypeScript strict, built with Vite 5
- TanStack Query v5 for server state
- shadcn/ui (Radix UI + Tailwind CSS) for components
- Four pages: Agents, Credentials, Audit Log, Health
- Client-side auth:
clientId+clientSecret→TokenManager - Served from AgentIdP server at
GET /dashboard(static build)
Pages
| Page | Route | Scope Required |
|---|---|---|
| Login | /dashboard/login |
None |
| Agents | /dashboard/agents |
agents:read |
| Agent Detail | /dashboard/agents/:id |
agents:read |
| Credentials | /dashboard/agents/:id/credentials |
agents:read |
| Audit Log | /dashboard/audit |
audit:read |
| Health | /dashboard/health |
None |
Acceptance Criteria
- TypeScript strict — zero
anyacross all dashboard files dashboard/tsconfig.jsonwithstrict: true- Login form stores token in
sessionStorageonly (notlocalStorage) - All write operations (suspend, revoke, rotate) require confirmation dialog
- OWASP Top 10 review: no XSS, no CSRF, no sensitive data in URL params
- Vite build outputs to
dashboard/dist/; AgentIdP serves it as static dashboard/README.md— how to build and serve- Responsive layout — functional on desktop and tablet