feat(core): add table actions (edit, pause, delete confirmation) and global action log

- Add Edit and Pause/Resume actions to connections table - Add delete confirmation modal to secrets table - Add 'paused' status to connections with full backend support - Skip paused connections in health checks and secrets scanning - Add global ActionLog service with filesystem persistence - Instrument all mutation handlers (connections, secrets, pipelines) with action logging - Add Action Log view with entity type filtering to dashboard
2026-02-27 11:13:07 +00:00
parent 630b2502f3
commit 81ead52a72
22 changed files with 564 additions and 8 deletions
--- a/ts/cache/classes.secrets.scan.service.ts
+++ b/ts/cache/classes.secrets.scan.service.ts
@@ -84,6 +84,7 @@ export class SecretsScanService {
    try {
      const connections = this.connectionManager.getConnections();
      for (const conn of connections) {
+        if (conn.status === 'paused') continue;
        try {
          const provider = this.connectionManager.getProvider(conn.id);
          connectionsScanned++;
--- a/ts/classes/actionlog.ts
+++ b/ts/classes/actionlog.ts
@@ -0,0 +1,57 @@
+import { logger } from '../logging.ts';
+import type * as interfaces from '../../ts_interfaces/index.ts';
+import type { StorageManager } from '../storage/index.ts';
+
+const ACTIONLOG_PREFIX = '/actionlog/';
+
+/**
+ * Persists and queries action log entries via StorageManager.
+ * Entries are stored as individual JSON files keyed by timestamp-id.
+ */
+export class ActionLog {
+  private storageManager: StorageManager;
+
+  constructor(storageManager: StorageManager) {
+    this.storageManager = storageManager;
+  }
+
+  async append(entry: Omit<interfaces.data.IActionLogEntry, 'id' | 'timestamp'>): Promise<interfaces.data.IActionLogEntry> {
+    const full: interfaces.data.IActionLogEntry = {
+      id: crypto.randomUUID(),
+      timestamp: Date.now(),
+      ...entry,
+    };
+    const key = `${ACTIONLOG_PREFIX}${String(full.timestamp).padStart(16, '0')}-${full.id}.json`;
+    await this.storageManager.setJSON(key, full);
+    logger.debug(`Action logged: ${full.actionType} ${full.entityType} "${full.entityName}"`);
+    return full;
+  }
+
+  async query(opts: {
+    limit?: number;
+    offset?: number;
+    entityType?: interfaces.data.TActionEntity;
+  } = {}): Promise<{ entries: interfaces.data.IActionLogEntry[]; total: number }> {
+    const limit = opts.limit ?? 50;
+    const offset = opts.offset ?? 0;
+
+    const keys = await this.storageManager.list(ACTIONLOG_PREFIX);
+    // Sort by key descending (newest first — keys are timestamp-prefixed)
+    keys.sort((a, b) => b.localeCompare(a));
+
+    // Load all entries (or filter by entityType)
+    let entries: interfaces.data.IActionLogEntry[] = [];
+    for (const key of keys) {
+      const entry = await this.storageManager.getJSON<interfaces.data.IActionLogEntry>(key);
+      if (entry) {
+        if (opts.entityType && entry.entityType !== opts.entityType) continue;
+        entries.push(entry);
+      }
+    }
+
+    const total = entries.length;
+    entries = entries.slice(offset, offset + limit);
+
+    return { entries, total };
+  }
+}
--- a/ts/classes/connectionmanager.ts
+++ b/ts/classes/connectionmanager.ts
@@ -38,6 +38,7 @@ export class ConnectionManager {
   */
  private async testAllConnections(): Promise<void> {
    for (const conn of this.connections) {
+      if (conn.status === 'paused') continue;
      try {
        const provider = this.getProvider(conn.id);
        const result = await provider.testConnection();
@@ -178,10 +179,22 @@ export class ConnectionManager {
    logger.info(`Connection deleted: ${id}`);
  }

+  async pauseConnection(id: string, paused: boolean): Promise<interfaces.data.IProviderConnection> {
+    const conn = this.connections.find((c) => c.id === id);
+    if (!conn) throw new Error(`Connection not found: ${id}`);
+    conn.status = paused ? 'paused' : 'disconnected';
+    await this.persistConnection(conn);
+    logger.info(`Connection ${paused ? 'paused' : 'resumed'}: ${conn.name}`);
+    return { ...conn, token: '***' };
+  }
+
  async testConnection(id: string): Promise<{ ok: boolean; error?: string }> {
+    const conn = this.connections.find((c) => c.id === id)!;
+    if (conn.status === 'paused') {
+      return { ok: false, error: 'Connection is paused' };
+    }
    const provider = this.getProvider(id);
    const result = await provider.testConnection();
-    const conn = this.connections.find((c) => c.id === id)!;
    conn.status = result.ok ? 'connected' : 'error';
    await this.persistConnection(conn);
    return result;
--- a/ts/classes/gitopsapp.ts
+++ b/ts/classes/gitopsapp.ts
@@ -1,6 +1,7 @@
 import * as plugins from '../plugins.ts';
 import { logger } from '../logging.ts';
 import { ConnectionManager } from './connectionmanager.ts';
+import { ActionLog } from './actionlog.ts';
 import { OpsServer } from '../opsserver/index.ts';
 import { StorageManager } from '../storage/index.ts';
 import { CacheDb, CacheCleaner, CachedProject, CachedSecret, SecretsScanService } from '../cache/index.ts';
@@ -13,6 +14,7 @@ export class GitopsApp {
  public storageManager: StorageManager;
  public smartSecret: plugins.smartsecret.SmartSecret;
  public connectionManager: ConnectionManager;
+  public actionLog: ActionLog;
  public opsServer: OpsServer;
  public cacheDb: CacheDb;
  public cacheCleaner: CacheCleaner;
@@ -27,6 +29,7 @@ export class GitopsApp {
    });
    this.smartSecret = new plugins.smartsecret.SmartSecret({ service: 'gitops' });
    this.connectionManager = new ConnectionManager(this.storageManager, this.smartSecret);
+    this.actionLog = new ActionLog(this.storageManager);

    this.cacheDb = CacheDb.getInstance({
      storagePath: paths.defaultTsmDbPath,
--- a/ts/opsserver/classes.opsserver.ts
+++ b/ts/opsserver/classes.opsserver.ts
@@ -19,6 +19,7 @@ export class OpsServer {
  public logsHandler!: handlers.LogsHandler;
  public webhookHandler!: handlers.WebhookHandler;
  public actionsHandler!: handlers.ActionsHandler;
+  public actionLogHandler!: handlers.ActionLogHandler;

  constructor(gitopsAppRef: GitopsApp) {
    this.gitopsAppRef = gitopsAppRef;
@@ -61,6 +62,7 @@ export class OpsServer {
    this.pipelinesHandler = new handlers.PipelinesHandler(this);
    this.logsHandler = new handlers.LogsHandler(this);
    this.actionsHandler = new handlers.ActionsHandler(this);
+    this.actionLogHandler = new handlers.ActionLogHandler(this);

    logger.success('OpsServer TypedRequest handlers initialized');
  }
--- a/ts/opsserver/handlers/actionlog.handler.ts
+++ b/ts/opsserver/handlers/actionlog.handler.ts
@@ -0,0 +1,30 @@
+import * as plugins from '../../plugins.ts';
+import type { OpsServer } from '../classes.opsserver.ts';
+import * as interfaces from '../../../ts_interfaces/index.ts';
+import { requireValidIdentity } from '../helpers/guards.ts';
+
+export class ActionLogHandler {
+  public typedrouter = new plugins.typedrequest.TypedRouter();
+
+  constructor(private opsServerRef: OpsServer) {
+    this.opsServerRef.typedrouter.addTypedRouter(this.typedrouter);
+    this.registerHandlers();
+  }
+
+  private registerHandlers(): void {
+    this.typedrouter.addTypedHandler(
+      new plugins.typedrequest.TypedHandler<interfaces.requests.IReq_GetActionLog>(
+        'getActionLog',
+        async (dataArg) => {
+          await requireValidIdentity(this.opsServerRef.adminHandler, dataArg);
+          const result = await this.opsServerRef.gitopsAppRef.actionLog.query({
+            limit: dataArg.limit,
+            offset: dataArg.offset,
+            entityType: dataArg.entityType,
+          });
+          return result;
+        },
+      ),
+    );
+  }
+}
--- a/ts/opsserver/handlers/connections.handler.ts
+++ b/ts/opsserver/handlers/connections.handler.ts
@@ -11,6 +11,10 @@ export class ConnectionsHandler {
    this.registerHandlers();
  }

+  private get actionLog() {
+    return this.opsServerRef.gitopsAppRef.actionLog;
+  }
+
  private registerHandlers(): void {
    // Get all connections
    this.typedrouter.addTypedHandler(
@@ -36,6 +40,14 @@ export class ConnectionsHandler {
            dataArg.baseUrl,
            dataArg.token,
          );
+          this.actionLog.append({
+            actionType: 'create',
+            entityType: 'connection',
+            entityId: connection.id,
+            entityName: connection.name,
+            details: `Created ${dataArg.providerType} connection "${dataArg.name}" (${dataArg.baseUrl})`,
+            username: dataArg.identity.username,
+          });
          return { connection };
        },
      ),
@@ -55,6 +67,42 @@ export class ConnectionsHandler {
              token: dataArg.token,
            },
          );
+          const fields = [
+            dataArg.name && 'name',
+            dataArg.baseUrl && 'baseUrl',
+            dataArg.token && 'token',
+          ].filter(Boolean).join(', ');
+          this.actionLog.append({
+            actionType: 'update',
+            entityType: 'connection',
+            entityId: dataArg.connectionId,
+            entityName: connection.name,
+            details: `Updated connection "${connection.name}" (fields: ${fields})`,
+            username: dataArg.identity.username,
+          });
+          return { connection };
+        },
+      ),
+    );
+
+    // Pause/resume connection
+    this.typedrouter.addTypedHandler(
+      new plugins.typedrequest.TypedHandler<interfaces.requests.IReq_PauseConnection>(
+        'pauseConnection',
+        async (dataArg) => {
+          await requireValidIdentity(this.opsServerRef.adminHandler, dataArg);
+          const connection = await this.opsServerRef.gitopsAppRef.connectionManager.pauseConnection(
+            dataArg.connectionId,
+            dataArg.paused,
+          );
+          this.actionLog.append({
+            actionType: dataArg.paused ? 'pause' : 'resume',
+            entityType: 'connection',
+            entityId: dataArg.connectionId,
+            entityName: connection.name,
+            details: `${dataArg.paused ? 'Paused' : 'Resumed'} connection "${connection.name}"`,
+            username: dataArg.identity.username,
+          });
          return { connection };
        },
      ),
@@ -69,6 +117,16 @@ export class ConnectionsHandler {
          const result = await this.opsServerRef.gitopsAppRef.connectionManager.testConnection(
            dataArg.connectionId,
          );
+          const conn = this.opsServerRef.gitopsAppRef.connectionManager.getConnections()
+            .find((c) => c.id === dataArg.connectionId);
+          this.actionLog.append({
+            actionType: 'test',
+            entityType: 'connection',
+            entityId: dataArg.connectionId,
+            entityName: conn?.name || dataArg.connectionId,
+            details: `Tested connection: ${result.ok ? 'success' : `failed — ${result.error || 'unknown error'}`}`,
+            username: dataArg.identity.username,
+          });
          return result;
        },
      ),
@@ -80,9 +138,19 @@ export class ConnectionsHandler {
        'deleteConnection',
        async (dataArg) => {
          await requireValidIdentity(this.opsServerRef.adminHandler, dataArg);
+          const conn = this.opsServerRef.gitopsAppRef.connectionManager.getConnections()
+            .find((c) => c.id === dataArg.connectionId);
          await this.opsServerRef.gitopsAppRef.connectionManager.deleteConnection(
            dataArg.connectionId,
          );
+          this.actionLog.append({
+            actionType: 'delete',
+            entityType: 'connection',
+            entityId: dataArg.connectionId,
+            entityName: conn?.name || dataArg.connectionId,
+            details: `Deleted connection "${conn?.name || dataArg.connectionId}"`,
+            username: dataArg.identity.username,
+          });
          return { ok: true };
        },
      ),
--- a/ts/opsserver/handlers/index.ts
+++ b/ts/opsserver/handlers/index.ts
@@ -7,3 +7,4 @@ export { PipelinesHandler } from './pipelines.handler.ts';
 export { LogsHandler } from './logs.handler.ts';
 export { WebhookHandler } from './webhook.handler.ts';
 export { ActionsHandler } from './actions.handler.ts';
+export { ActionLogHandler } from './actionlog.handler.ts';
--- a/ts/opsserver/handlers/pipelines.handler.ts
+++ b/ts/opsserver/handlers/pipelines.handler.ts
@@ -11,6 +11,10 @@ export class PipelinesHandler {
    this.registerHandlers();
  }

+  private get actionLog() {
+    return this.opsServerRef.gitopsAppRef.actionLog;
+  }
+
  private registerHandlers(): void {
    // Get pipelines
    this.typedrouter.addTypedHandler(
@@ -54,6 +58,14 @@ export class PipelinesHandler {
            dataArg.connectionId,
          );
          await provider.retryPipeline(dataArg.projectId, dataArg.pipelineId);
+          this.actionLog.append({
+            actionType: 'update',
+            entityType: 'pipeline',
+            entityId: dataArg.pipelineId,
+            entityName: `Pipeline #${dataArg.pipelineId}`,
+            details: `Retried pipeline #${dataArg.pipelineId} in project ${dataArg.projectId}`,
+            username: dataArg.identity.username,
+          });
          return { ok: true };
        },
      ),
@@ -69,6 +81,14 @@ export class PipelinesHandler {
            dataArg.connectionId,
          );
          await provider.cancelPipeline(dataArg.projectId, dataArg.pipelineId);
+          this.actionLog.append({
+            actionType: 'delete',
+            entityType: 'pipeline',
+            entityId: dataArg.pipelineId,
+            entityName: `Pipeline #${dataArg.pipelineId}`,
+            details: `Cancelled pipeline #${dataArg.pipelineId} in project ${dataArg.projectId}`,
+            username: dataArg.identity.username,
+          });
          return { ok: true };
        },
      ),
--- a/ts/opsserver/handlers/secrets.handler.ts
+++ b/ts/opsserver/handlers/secrets.handler.ts
@@ -11,6 +11,10 @@ export class SecretsHandler {
    this.registerHandlers();
  }

+  private get actionLog() {
+    return this.opsServerRef.gitopsAppRef.actionLog;
+  }
+
  private registerHandlers(): void {
    // Get all secrets (cache-first, falls back to live fetch)
    this.typedrouter.addTypedHandler(
@@ -146,6 +150,14 @@ export class SecretsHandler {
          // Refresh cache for this entity
          const scanService = this.opsServerRef.gitopsAppRef.secretsScanService;
          scanService.scanEntity(dataArg.connectionId, dataArg.scope, dataArg.scopeId).catch(() => {});
+          this.actionLog.append({
+            actionType: 'create',
+            entityType: 'secret',
+            entityId: `${dataArg.scopeId}/${dataArg.key}`,
+            entityName: dataArg.key,
+            details: `Created ${dataArg.scope} secret "${dataArg.key}" in ${dataArg.scopeId}`,
+            username: dataArg.identity.username,
+          });
          return { secret };
        },
      ),
@@ -166,6 +178,14 @@ export class SecretsHandler {
          // Refresh cache for this entity
          const scanService = this.opsServerRef.gitopsAppRef.secretsScanService;
          scanService.scanEntity(dataArg.connectionId, dataArg.scope, dataArg.scopeId).catch(() => {});
+          this.actionLog.append({
+            actionType: 'update',
+            entityType: 'secret',
+            entityId: `${dataArg.scopeId}/${dataArg.key}`,
+            entityName: dataArg.key,
+            details: `Updated ${dataArg.scope} secret "${dataArg.key}" in ${dataArg.scopeId}`,
+            username: dataArg.identity.username,
+          });
          return { secret };
        },
      ),
@@ -188,6 +208,14 @@ export class SecretsHandler {
          // Refresh cache for this entity
          const scanService = this.opsServerRef.gitopsAppRef.secretsScanService;
          scanService.scanEntity(dataArg.connectionId, dataArg.scope, dataArg.scopeId).catch(() => {});
+          this.actionLog.append({
+            actionType: 'delete',
+            entityType: 'secret',
+            entityId: `${dataArg.scopeId}/${dataArg.key}`,
+            entityName: dataArg.key,
+            details: `Deleted ${dataArg.scope} secret "${dataArg.key}" from ${dataArg.scopeId}`,
+            username: dataArg.identity.username,
+          });
          return { ok: true };
        },
      ),