5 commits

Author	SHA1	Message	Date
rcourtman	92c150e979	feat(rbac): add OIDC group mapping tests and audit logging for RBAC actions	2026-01-09 19:25:33 +00:00
rcourtman	0b5cbbe335	test: Add ensureScope tests for API package ... Add comprehensive tests for the ensureScope function covering: - Empty scope parameter (always allows access) - No token in context (session-based request, allows access) - Token with matching scope (allows access) - Token with multiple scopes including required one (allows access) - Token missing required scope (rejects with 403) - Token with empty scopes (defaults to wildcard, allows access) - Rejection returns proper JSON response format Coverage: ensureScope 0% → 100% Coverage: API package 32.1% → 32.2%	2025-12-02 13:19:11 +00:00
rcourtman	7a1d3ec2e5	test: Add edge case for RequireScope empty scope ... Empty scope should allow all requests through without checking token. Coverage: 84.6% to 100%.	2025-12-01 23:33:11 +00:00
rcourtman	9e19ed45af	test: Add edge case tests for auth helper functions ... - respondMissingScope: nil writer handling (80% to 100%) - attachAPITokenRecord: nil record handling (80% to 100%) - getAPITokenRecordFromRequest: wrong type and missing value (87.5% to 100%)	2025-12-01 23:15:04 +00:00
rcourtman	5c54685f04	Add API token scopes and standalone host agent ... Introduces granular permission scopes for API tokens (docker:report, docker:manage, host-agent:report, monitoring:read/write, settings:read/write) allowing tokens to be restricted to minimum required access. Legacy tokens default to full access until scopes are explicitly configured. Adds standalone host agent for monitoring Linux, macOS, and Windows servers outside Proxmox/Docker estates. New Servers workspace in UI displays uptime, OS metadata, and capacity metrics from enrolled agents. Includes comprehensive token management UI overhaul with scope presets, inline editing, and visual scope indicators.	2025-10-23 11:40:31 +00:00