feat(core): add table actions (edit, pause, delete confirmation) and global action log

- Add Edit and Pause/Resume actions to connections table
- Add delete confirmation modal to secrets table
- Add 'paused' status to connections with full backend support
- Skip paused connections in health checks and secrets scanning
- Add global ActionLog service with filesystem persistence
- Instrument all mutation handlers (connections, secrets, pipelines) with action logging
- Add Action Log view with entity type filtering to dashboard

ts/opsserver/handlers/actionlog.handler.ts

@@ -0,0 +1,30 @@
+import * as plugins from '../../plugins.ts';
+import type { OpsServer } from '../classes.opsserver.ts';
+import * as interfaces from '../../../ts_interfaces/index.ts';
+import { requireValidIdentity } from '../helpers/guards.ts';
+
+export class ActionLogHandler {
+  public typedrouter = new plugins.typedrequest.TypedRouter();
+
+  constructor(private opsServerRef: OpsServer) {
+    this.opsServerRef.typedrouter.addTypedRouter(this.typedrouter);
+    this.registerHandlers();
+  }
+
+  private registerHandlers(): void {
+    this.typedrouter.addTypedHandler(
+      new plugins.typedrequest.TypedHandler<interfaces.requests.IReq_GetActionLog>(
+        'getActionLog',
+        async (dataArg) => {
+          await requireValidIdentity(this.opsServerRef.adminHandler, dataArg);
+          const result = await this.opsServerRef.gitopsAppRef.actionLog.query({
+            limit: dataArg.limit,
+            offset: dataArg.offset,
+            entityType: dataArg.entityType,
+          });
+          return result;
+        },
+      ),
+    );
+  }
+}

ts/opsserver/handlers/connections.handler.ts

@@ -11,6 +11,10 @@ export class ConnectionsHandler {
     this.registerHandlers();
   }
 
+  private get actionLog() {
+    return this.opsServerRef.gitopsAppRef.actionLog;
+  }
+
   private registerHandlers(): void {
     // Get all connections
     this.typedrouter.addTypedHandler(
@@ -36,6 +40,14 @@ export class ConnectionsHandler {
             dataArg.baseUrl,
             dataArg.token,
           );
+          this.actionLog.append({
+            actionType: 'create',
+            entityType: 'connection',
+            entityId: connection.id,
+            entityName: connection.name,
+            details: `Created ${dataArg.providerType} connection "${dataArg.name}" (${dataArg.baseUrl})`,
+            username: dataArg.identity.username,
+          });
           return { connection };
         },
       ),
@@ -55,6 +67,42 @@ export class ConnectionsHandler {
               token: dataArg.token,
             },
           );
+          const fields = [
+            dataArg.name && 'name',
+            dataArg.baseUrl && 'baseUrl',
+            dataArg.token && 'token',
+          ].filter(Boolean).join(', ');
+          this.actionLog.append({
+            actionType: 'update',
+            entityType: 'connection',
+            entityId: dataArg.connectionId,
+            entityName: connection.name,
+            details: `Updated connection "${connection.name}" (fields: ${fields})`,
+            username: dataArg.identity.username,
+          });
+          return { connection };
+        },
+      ),
+    );
+
+    // Pause/resume connection
+    this.typedrouter.addTypedHandler(
+      new plugins.typedrequest.TypedHandler<interfaces.requests.IReq_PauseConnection>(
+        'pauseConnection',
+        async (dataArg) => {
+          await requireValidIdentity(this.opsServerRef.adminHandler, dataArg);
+          const connection = await this.opsServerRef.gitopsAppRef.connectionManager.pauseConnection(
+            dataArg.connectionId,
+            dataArg.paused,
+          );
+          this.actionLog.append({
+            actionType: dataArg.paused ? 'pause' : 'resume',
+            entityType: 'connection',
+            entityId: dataArg.connectionId,
+            entityName: connection.name,
+            details: `${dataArg.paused ? 'Paused' : 'Resumed'} connection "${connection.name}"`,
+            username: dataArg.identity.username,
+          });
           return { connection };
         },
       ),
@@ -69,6 +117,16 @@ export class ConnectionsHandler {
           const result = await this.opsServerRef.gitopsAppRef.connectionManager.testConnection(
             dataArg.connectionId,
           );
+          const conn = this.opsServerRef.gitopsAppRef.connectionManager.getConnections()
+            .find((c) => c.id === dataArg.connectionId);
+          this.actionLog.append({
+            actionType: 'test',
+            entityType: 'connection',
+            entityId: dataArg.connectionId,
+            entityName: conn?.name || dataArg.connectionId,
+            details: `Tested connection: ${result.ok ? 'success' : `failed — ${result.error || 'unknown error'}`}`,
+            username: dataArg.identity.username,
+          });
           return result;
         },
       ),
@@ -80,9 +138,19 @@ export class ConnectionsHandler {
         'deleteConnection',
         async (dataArg) => {
           await requireValidIdentity(this.opsServerRef.adminHandler, dataArg);
+          const conn = this.opsServerRef.gitopsAppRef.connectionManager.getConnections()
+            .find((c) => c.id === dataArg.connectionId);
           await this.opsServerRef.gitopsAppRef.connectionManager.deleteConnection(
             dataArg.connectionId,
           );
+          this.actionLog.append({
+            actionType: 'delete',
+            entityType: 'connection',
+            entityId: dataArg.connectionId,
+            entityName: conn?.name || dataArg.connectionId,
+            details: `Deleted connection "${conn?.name || dataArg.connectionId}"`,
+            username: dataArg.identity.username,
+          });
           return { ok: true };
         },
       ),

ts/opsserver/handlers/index.ts

@@ -7,3 +7,4 @@ export { PipelinesHandler } from './pipelines.handler.ts';
 export { LogsHandler } from './logs.handler.ts';
 export { WebhookHandler } from './webhook.handler.ts';
 export { ActionsHandler } from './actions.handler.ts';
+export { ActionLogHandler } from './actionlog.handler.ts';

ts/opsserver/handlers/pipelines.handler.ts

@@ -11,6 +11,10 @@ export class PipelinesHandler {
     this.registerHandlers();
   }
 
+  private get actionLog() {
+    return this.opsServerRef.gitopsAppRef.actionLog;
+  }
+
   private registerHandlers(): void {
     // Get pipelines
     this.typedrouter.addTypedHandler(
@@ -54,6 +58,14 @@ export class PipelinesHandler {
             dataArg.connectionId,
           );
           await provider.retryPipeline(dataArg.projectId, dataArg.pipelineId);
+          this.actionLog.append({
+            actionType: 'update',
+            entityType: 'pipeline',
+            entityId: dataArg.pipelineId,
+            entityName: `Pipeline #${dataArg.pipelineId}`,
+            details: `Retried pipeline #${dataArg.pipelineId} in project ${dataArg.projectId}`,
+            username: dataArg.identity.username,
+          });
           return { ok: true };
         },
       ),
@@ -69,6 +81,14 @@ export class PipelinesHandler {
             dataArg.connectionId,
           );
           await provider.cancelPipeline(dataArg.projectId, dataArg.pipelineId);
+          this.actionLog.append({
+            actionType: 'delete',
+            entityType: 'pipeline',
+            entityId: dataArg.pipelineId,
+            entityName: `Pipeline #${dataArg.pipelineId}`,
+            details: `Cancelled pipeline #${dataArg.pipelineId} in project ${dataArg.projectId}`,
+            username: dataArg.identity.username,
+          });
           return { ok: true };
         },
       ),

ts/opsserver/handlers/secrets.handler.ts

@@ -11,6 +11,10 @@ export class SecretsHandler {
     this.registerHandlers();
   }
 
+  private get actionLog() {
+    return this.opsServerRef.gitopsAppRef.actionLog;
+  }
+
   private registerHandlers(): void {
     // Get all secrets (cache-first, falls back to live fetch)
     this.typedrouter.addTypedHandler(
@@ -146,6 +150,14 @@ export class SecretsHandler {
           // Refresh cache for this entity
           const scanService = this.opsServerRef.gitopsAppRef.secretsScanService;
           scanService.scanEntity(dataArg.connectionId, dataArg.scope, dataArg.scopeId).catch(() => {});
+          this.actionLog.append({
+            actionType: 'create',
+            entityType: 'secret',
+            entityId: `${dataArg.scopeId}/${dataArg.key}`,
+            entityName: dataArg.key,
+            details: `Created ${dataArg.scope} secret "${dataArg.key}" in ${dataArg.scopeId}`,
+            username: dataArg.identity.username,
+          });
           return { secret };
         },
       ),
@@ -166,6 +178,14 @@ export class SecretsHandler {
           // Refresh cache for this entity
           const scanService = this.opsServerRef.gitopsAppRef.secretsScanService;
           scanService.scanEntity(dataArg.connectionId, dataArg.scope, dataArg.scopeId).catch(() => {});
+          this.actionLog.append({
+            actionType: 'update',
+            entityType: 'secret',
+            entityId: `${dataArg.scopeId}/${dataArg.key}`,
+            entityName: dataArg.key,
+            details: `Updated ${dataArg.scope} secret "${dataArg.key}" in ${dataArg.scopeId}`,
+            username: dataArg.identity.username,
+          });
           return { secret };
         },
       ),
@@ -188,6 +208,14 @@ export class SecretsHandler {
           // Refresh cache for this entity
           const scanService = this.opsServerRef.gitopsAppRef.secretsScanService;
           scanService.scanEntity(dataArg.connectionId, dataArg.scope, dataArg.scopeId).catch(() => {});
+          this.actionLog.append({
+            actionType: 'delete',
+            entityType: 'secret',
+            entityId: `${dataArg.scopeId}/${dataArg.key}`,
+            entityName: dataArg.key,
+            details: `Deleted ${dataArg.scope} secret "${dataArg.key}" from ${dataArg.scopeId}`,
+            username: dataArg.identity.username,
+          });
           return { ok: true };
         },
       ),