cameleer/cameleer-server
1
0
Fork 0
Code Issues 41 Pull Requests Actions Packages Projects Releases Wiki Activity
Files
891abbfcfdb67ad1fa4152b5a3a5a2fcc5542b65
cameleer-server/docs/superpowers/plans/2026-04-14-sensitive-keys-server.md

1390 lines
47 KiB
Markdown
Raw Normal View History

docs: add sensitive keys feature documentation - CLAUDE.md: add SensitiveKeysConfig, SensitiveKeysRepository, SensitiveKeysMerger to core admin classes; add SensitiveKeysAdminController endpoint; add PostgresSensitiveKeysRepository; add sensitive keys convention; add admin page to UI structure - Design spec and implementation plan for the feature Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-04-14 18:29:15 +02:00
# Sensitive Keys Server-Side Implementation Plan
> **For agentic workers:** REQUIRED SUB-SKILL: Use superpowers:subagent-driven-development (recommended) or superpowers:executing-plans to implement this plan task-by-task. Steps use checkbox (`- [ ]`) syntax for tracking.
**Goal:** Add server-side support for unified sensitive key masking — global admin baseline (enforced, additive-only), per-app additions, SSE push to agents, and admin UI.
**Architecture:** Global keys stored in `server_config` table (existing JSONB KV store). Per-app additions stored as part of `ApplicationConfig` JSONB. `SensitiveKeysMerger` computes `global per-app` for agent payloads. New admin endpoint follows existing ThresholdAdmin pattern. UI: new admin page + new section in existing AppConfigDetailPage.
**Tech Stack:** Java 17 (Spring Boot 3.4.3), PostgreSQL (JSONB), React + TypeScript (Vite), @cameleer/design-system, TanStack Query
---
## Task 1: Core — SensitiveKeysConfig Record
**Files:**
- Create: `cameleer3-server-core/src/main/java/com/cameleer3/server/core/admin/SensitiveKeysConfig.java`
- [ ] **Step 1: Create the config record**
```java
package com.cameleer3.server.core.admin;
import java.util.List;
public record SensitiveKeysConfig(List<String> keys) {
public SensitiveKeysConfig {
keys = keys != null ? List.copyOf(keys) : List.of();
}
}
```
- [ ] **Step 2: Commit**
```bash
git add cameleer3-server-core/src/main/java/com/cameleer3/server/core/admin/SensitiveKeysConfig.java
git commit -m "feat: add SensitiveKeysConfig record"
```
---
## Task 2: Core — SensitiveKeysRepository Interface
**Files:**
- Create: `cameleer3-server-core/src/main/java/com/cameleer3/server/core/admin/SensitiveKeysRepository.java`
- [ ] **Step 1: Create the repository interface**
Follow the `ThresholdRepository` pattern exactly.
```java
package com.cameleer3.server.core.admin;
import java.util.Optional;
public interface SensitiveKeysRepository {
Optional<SensitiveKeysConfig> find();
void save(SensitiveKeysConfig config, String updatedBy);
}
```
- [ ] **Step 2: Commit**
```bash
git add cameleer3-server-core/src/main/java/com/cameleer3/server/core/admin/SensitiveKeysRepository.java
git commit -m "feat: add SensitiveKeysRepository interface"
```
---
## Task 3: Core — SensitiveKeysMerger (TDD)
**Files:**
- Create: `cameleer3-server-core/src/main/java/com/cameleer3/server/core/admin/SensitiveKeysMerger.java`
- Create: `cameleer3-server-core/src/test/java/com/cameleer3/server/core/admin/SensitiveKeysMergerTest.java`
- [ ] **Step 1: Write failing tests**
```java
package com.cameleer3.server.core.admin;
import org.junit.jupiter.api.Test;
import java.util.List;
import static org.junit.jupiter.api.Assertions.*;
class SensitiveKeysMergerTest {
@Test
void bothNull_returnsNull() {
assertNull(SensitiveKeysMerger.merge(null, null));
}
@Test
void globalOnly_returnsGlobal() {
List<String> result = SensitiveKeysMerger.merge(
List.of("Authorization", "Cookie"), null);
assertEquals(List.of("Authorization", "Cookie"), result);
}
@Test
void perAppOnly_returnsPerApp() {
List<String> result = SensitiveKeysMerger.merge(
null, List.of("X-Internal-*"));
assertEquals(List.of("X-Internal-*"), result);
}
@Test
void union_mergesWithoutDuplicates() {
List<String> result = SensitiveKeysMerger.merge(
List.of("Authorization", "Cookie"),
List.of("Cookie", "X-Custom"));
assertEquals(List.of("Authorization", "Cookie", "X-Custom"), result);
}
@Test
void caseInsensitiveDedup_preservesFirstCasing() {
List<String> result = SensitiveKeysMerger.merge(
List.of("Authorization"),
List.of("authorization", "AUTHORIZATION"));
assertEquals(List.of("Authorization"), result);
}
@Test
void emptyGlobal_returnsEmptyList() {
// Explicit empty list = opt-out (agents mask nothing)
List<String> result = SensitiveKeysMerger.merge(List.of(), null);
assertEquals(List.of(), result);
}
@Test
void emptyGlobalWithPerApp_returnsPerApp() {
// Explicit empty global + per-app additions = just per-app
List<String> result = SensitiveKeysMerger.merge(
List.of(), List.of("X-Custom"));
assertEquals(List.of("X-Custom"), result);
}
@Test
void globPatterns_preserved() {
List<String> result = SensitiveKeysMerger.merge(
List.of("*password*", "*secret*"),
List.of("X-Internal-*"));
assertEquals(List.of("*password*", "*secret*", "X-Internal-*"), result);
}
}
```
- [ ] **Step 2: Run tests to verify they fail**
Run: `mvn test -pl cameleer3-server-core -Dtest=SensitiveKeysMergerTest -Dsurefire.failIfNoSpecifiedTests=false`
Expected: compilation error — `SensitiveKeysMerger` does not exist
- [ ] **Step 3: Write implementation**
```java
package com.cameleer3.server.core.admin;
import java.util.ArrayList;
import java.util.List;
import java.util.TreeSet;
/**
* Merges global (enforced) sensitive keys with per-app additions.
* Union-only: per-app can add keys, never remove global keys.
* Case-insensitive deduplication, preserves first-seen casing.
*/
public final class SensitiveKeysMerger {
private SensitiveKeysMerger() {}
/**
* @param global enforced global keys (null = not configured)
* @param perApp per-app additional keys (null = none)
* @return merged list, or null if both inputs are null
*/
public static List<String> merge(List<String> global, List<String> perApp) {
if (global == null && perApp == null) {
return null;
}
TreeSet<String> seen = new TreeSet<>(String.CASE_INSENSITIVE_ORDER);
List<String> result = new ArrayList<>();
if (global != null) {
for (String key : global) {
if (seen.add(key)) {
result.add(key);
}
}
}
if (perApp != null) {
for (String key : perApp) {
if (seen.add(key)) {
result.add(key);
}
}
}
return result;
}
}
```
- [ ] **Step 4: Run tests to verify they pass**
Run: `mvn test -pl cameleer3-server-core -Dtest=SensitiveKeysMergerTest`
Expected: all 8 tests PASS
- [ ] **Step 5: Commit**
```bash
git add cameleer3-server-core/src/main/java/com/cameleer3/server/core/admin/SensitiveKeysMerger.java
git add cameleer3-server-core/src/test/java/com/cameleer3/server/core/admin/SensitiveKeysMergerTest.java
git commit -m "feat: add SensitiveKeysMerger with case-insensitive union dedup"
```
---
## Task 4: App — PostgresSensitiveKeysRepository
**Files:**
- Create: `cameleer3-server-app/src/main/java/com/cameleer3/server/app/storage/PostgresSensitiveKeysRepository.java`
- [ ] **Step 1: Create the repository**
Follow `PostgresThresholdRepository` pattern exactly.
```java
package com.cameleer3.server.app.storage;
import com.cameleer3.server.core.admin.SensitiveKeysConfig;
import com.cameleer3.server.core.admin.SensitiveKeysRepository;
import com.fasterxml.jackson.core.JsonProcessingException;
import com.fasterxml.jackson.databind.ObjectMapper;
import org.springframework.jdbc.core.JdbcTemplate;
import org.springframework.stereotype.Repository;
import java.util.List;
import java.util.Optional;
@Repository
public class PostgresSensitiveKeysRepository implements SensitiveKeysRepository {
private final JdbcTemplate jdbc;
private final ObjectMapper objectMapper;
public PostgresSensitiveKeysRepository(JdbcTemplate jdbc, ObjectMapper objectMapper) {
this.jdbc = jdbc;
this.objectMapper = objectMapper;
}
@Override
public Optional<SensitiveKeysConfig> find() {
List<SensitiveKeysConfig> results = jdbc.query(
"SELECT config_val FROM server_config WHERE config_key = 'sensitive_keys'",
(rs, rowNum) -> {
String json = rs.getString("config_val");
try {
return objectMapper.readValue(json, SensitiveKeysConfig.class);
} catch (JsonProcessingException e) {
throw new RuntimeException("Failed to deserialize sensitive keys config", e);
}
});
return results.isEmpty() ? Optional.empty() : Optional.of(results.get(0));
}
@Override
public void save(SensitiveKeysConfig config, String updatedBy) {
String json;
try {
json = objectMapper.writeValueAsString(config);
} catch (JsonProcessingException e) {
throw new RuntimeException("Failed to serialize sensitive keys config", e);
}
jdbc.update("""
INSERT INTO server_config (config_key, config_val, updated_by, updated_at)
VALUES ('sensitive_keys', ?::jsonb, ?, now())
ON CONFLICT (config_key) DO UPDATE SET
config_val = EXCLUDED.config_val,
updated_by = EXCLUDED.updated_by,
updated_at = now()
""",
json, updatedBy);
}
}
```
- [ ] **Step 2: Commit**
```bash
git add cameleer3-server-app/src/main/java/com/cameleer3/server/app/storage/PostgresSensitiveKeysRepository.java
git commit -m "feat: add PostgresSensitiveKeysRepository"
```
---
## Task 5: App — SensitiveKeysAdminController
**Files:**
- Create: `cameleer3-server-app/src/main/java/com/cameleer3/server/app/controller/SensitiveKeysAdminController.java`
- Create: `cameleer3-server-app/src/main/java/com/cameleer3/server/app/dto/SensitiveKeysRequest.java`
- Create: `cameleer3-server-app/src/main/java/com/cameleer3/server/app/dto/SensitiveKeysResponse.java`
- [ ] **Step 1: Create the request DTO**
```java
package com.cameleer3.server.app.dto;
import io.swagger.v3.oas.annotations.media.Schema;
import jakarta.validation.constraints.NotNull;
import java.util.List;
@Schema(description = "Global sensitive keys configuration")
public record SensitiveKeysRequest(
@NotNull
@Schema(description = "List of key names or glob patterns to mask")
List<String> keys
) {}
```
- [ ] **Step 2: Create the response DTO**
```java
package com.cameleer3.server.app.dto;
import java.util.List;
public record SensitiveKeysResponse(
List<String> keys,
CommandGroupResponse pushResult
) {}
```
- [ ] **Step 3: Create the controller**
```java
package com.cameleer3.server.app.controller;
import com.cameleer3.common.model.ApplicationConfig;
import com.cameleer3.server.app.dto.CommandGroupResponse;
import com.cameleer3.server.app.dto.SensitiveKeysRequest;
import com.cameleer3.server.app.dto.SensitiveKeysResponse;
import com.cameleer3.server.app.storage.PostgresApplicationConfigRepository;
import com.cameleer3.server.core.admin.AuditCategory;
import com.cameleer3.server.core.admin.AuditResult;
import com.cameleer3.server.core.admin.AuditService;
import com.cameleer3.server.core.admin.SensitiveKeysConfig;
import com.cameleer3.server.core.admin.SensitiveKeysMerger;
import com.cameleer3.server.core.admin.SensitiveKeysRepository;
import com.cameleer3.server.core.agent.AgentInfo;
import com.cameleer3.server.core.agent.AgentRegistryService;
import com.cameleer3.server.core.agent.AgentState;
import com.cameleer3.server.core.agent.CommandReply;
import com.cameleer3.server.core.agent.CommandType;
import com.fasterxml.jackson.core.JsonProcessingException;
import com.fasterxml.jackson.databind.ObjectMapper;
import io.swagger.v3.oas.annotations.Operation;
import io.swagger.v3.oas.annotations.responses.ApiResponse;
import io.swagger.v3.oas.annotations.tags.Tag;
import jakarta.servlet.http.HttpServletRequest;
import jakarta.validation.Valid;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.http.HttpStatus;
import org.springframework.http.ResponseEntity;
import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.web.bind.annotation.*;
import java.util.ArrayList;
import java.util.HashSet;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.concurrent.CompletableFuture;
import java.util.concurrent.TimeUnit;
import java.util.concurrent.TimeoutException;
@RestController
@RequestMapping("/api/v1/admin/sensitive-keys")
@PreAuthorize("hasRole('ADMIN')")
@Tag(name = "Sensitive Keys Admin", description = "Global sensitive key masking configuration (ADMIN only)")
public class SensitiveKeysAdminController {
private static final Logger log = LoggerFactory.getLogger(SensitiveKeysAdminController.class);
private final SensitiveKeysRepository sensitiveKeysRepository;
private final PostgresApplicationConfigRepository configRepository;
private final AgentRegistryService registryService;
private final ObjectMapper objectMapper;
private final AuditService auditService;
public SensitiveKeysAdminController(SensitiveKeysRepository sensitiveKeysRepository,
PostgresApplicationConfigRepository configRepository,
AgentRegistryService registryService,
ObjectMapper objectMapper,
AuditService auditService) {
this.sensitiveKeysRepository = sensitiveKeysRepository;
this.configRepository = configRepository;
this.registryService = registryService;
this.objectMapper = objectMapper;
this.auditService = auditService;
}
@GetMapping
@Operation(summary = "Get global sensitive keys configuration")
@ApiResponse(responseCode = "200", description = "Config returned")
@ApiResponse(responseCode = "204", description = "Not configured")
public ResponseEntity<SensitiveKeysConfig> getSensitiveKeys(HttpServletRequest httpRequest) {
auditService.log("view_sensitive_keys", AuditCategory.CONFIG, "sensitive_keys",
null, AuditResult.SUCCESS, httpRequest);
return sensitiveKeysRepository.find()
.map(ResponseEntity::ok)
.orElse(ResponseEntity.noContent().build());
}
@PutMapping
@Operation(summary = "Update global sensitive keys",
description = "Saves global keys. Set pushToAgents=true to push merged config to all LIVE agents.")
@ApiResponse(responseCode = "200", description = "Config saved")
public ResponseEntity<SensitiveKeysResponse> updateSensitiveKeys(
@Valid @RequestBody SensitiveKeysRequest request,
@RequestParam(defaultValue = "false") boolean pushToAgents,
HttpServletRequest httpRequest) {
SensitiveKeysConfig config = new SensitiveKeysConfig(request.keys());
sensitiveKeysRepository.save(config, null);
CommandGroupResponse pushResult = null;
int appsPushed = 0;
int totalAgents = 0;
if (pushToAgents) {
var fanOutResult = fanOutToAllAgents(config.keys());
pushResult = fanOutResult.aggregated;
appsPushed = fanOutResult.appCount;
totalAgents = fanOutResult.aggregated.total();
}
auditService.log("update_sensitive_keys", AuditCategory.CONFIG, "sensitive_keys",
Map.of("keys", config.keys(),
"pushToAgents", pushToAgents,
"appsPushed", appsPushed,
"totalAgents", totalAgents),
AuditResult.SUCCESS, httpRequest);
log.info("Global sensitive keys updated ({} keys), pushToAgents={}, apps={}, agents={}",
config.keys().size(), pushToAgents, appsPushed, totalAgents);
return ResponseEntity.ok(new SensitiveKeysResponse(config.keys(), pushResult));
}
private record FanOutResult(CommandGroupResponse aggregated, int appCount) {}
private FanOutResult fanOutToAllAgents(List<String> globalKeys) {
// Collect distinct applications from stored configs + live agents
Set<String> applications = new HashSet<>();
for (ApplicationConfig cfg : configRepository.findAll()) {
applications.add(cfg.getApplication());
}
for (AgentInfo agent : registryService.findAll()) {
if (agent.state() == AgentState.LIVE) {
applications.add(agent.applicationId());
}
}
List<CommandGroupResponse.AgentResponse> allResponses = new ArrayList<>();
List<String> allTimedOut = new ArrayList<>();
int totalAgents = 0;
for (String application : applications) {
ApplicationConfig appConfig = configRepository.findByApplication(application)
.orElse(null);
List<String> perAppKeys = appConfig != null ? appConfig.getSensitiveKeys() : null;
List<String> merged = SensitiveKeysMerger.merge(globalKeys, perAppKeys);
// Build a config with the merged keys for the SSE payload
ApplicationConfig pushConfig = appConfig != null ? appConfig : new ApplicationConfig();
pushConfig.setApplication(application);
pushConfig.setSensitiveKeys(merged);
String payloadJson;
try {
payloadJson = objectMapper.writeValueAsString(pushConfig);
} catch (JsonProcessingException e) {
log.error("Failed to serialize config for {}", application, e);
continue;
}
Map<String, CompletableFuture<CommandReply>> futures =
registryService.addGroupCommandWithReplies(application, null, CommandType.CONFIG_UPDATE, payloadJson);
totalAgents += futures.size();
long deadline = System.currentTimeMillis() + 10_000;
for (var entry : futures.entrySet()) {
long remaining = deadline - System.currentTimeMillis();
if (remaining <= 0) {
allTimedOut.add(entry.getKey());
entry.getValue().cancel(false);
continue;
}
try {
CommandReply reply = entry.getValue().get(remaining, TimeUnit.MILLISECONDS);
allResponses.add(new CommandGroupResponse.AgentResponse(
entry.getKey(), reply.status(), reply.message()));
} catch (TimeoutException e) {
allTimedOut.add(entry.getKey());
entry.getValue().cancel(false);
} catch (Exception e) {
allResponses.add(new CommandGroupResponse.AgentResponse(
entry.getKey(), "ERROR", e.getMessage()));
}
}
}
boolean allSuccess = allTimedOut.isEmpty() &&
allResponses.stream().allMatch(r -> "SUCCESS".equals(r.status()));
return new FanOutResult(
new CommandGroupResponse(allSuccess, totalAgents, allResponses.size(), allResponses, allTimedOut),
applications.size());
}
}
```
- [ ] **Step 4: Verify compilation**
Run: `mvn clean compile -pl cameleer3-server-core,cameleer3-server-app`
Expected: BUILD SUCCESS
- [ ] **Step 5: Commit**
```bash
git add cameleer3-server-app/src/main/java/com/cameleer3/server/app/dto/SensitiveKeysRequest.java
git add cameleer3-server-app/src/main/java/com/cameleer3/server/app/dto/SensitiveKeysResponse.java
git add cameleer3-server-app/src/main/java/com/cameleer3/server/app/controller/SensitiveKeysAdminController.java
git commit -m "feat: add SensitiveKeysAdminController with fan-out support"
```
---
## Task 6: Enhance ApplicationConfigController — Merge Global Keys
**Files:**
- Modify: `cameleer3-server-app/src/main/java/com/cameleer3/server/app/controller/ApplicationConfigController.java`
The GET endpoint must return `globalSensitiveKeys` and `mergedSensitiveKeys` so the UI can render read-only global pills. The PUT push must merge before sending to agents. Since `ApplicationConfig` lives in `cameleer3-common`, we cannot add fields to it directly. Instead, we wrap the response.
- [ ] **Step 1: Create AppConfigResponse DTO**
Create `cameleer3-server-app/src/main/java/com/cameleer3/server/app/dto/AppConfigResponse.java`:
```java
package com.cameleer3.server.app.dto;
import com.cameleer3.common.model.ApplicationConfig;
import java.util.List;
/**
* Wraps ApplicationConfig with additional server-computed fields for the UI.
*/
public record AppConfigResponse(
ApplicationConfig config,
List<String> globalSensitiveKeys,
List<String> mergedSensitiveKeys
) {}
```
- [ ] **Step 2: Modify ApplicationConfigController**
Add `SensitiveKeysRepository` to the constructor. Modify `getConfig()` to return `AppConfigResponse`. Modify `pushConfigToAgents()` to merge keys before sending.
In `ApplicationConfigController.java`:
**Constructor** — add parameter:
```java
private final SensitiveKeysRepository sensitiveKeysRepository;
public ApplicationConfigController(PostgresApplicationConfigRepository configRepository,
AgentRegistryService registryService,
ObjectMapper objectMapper,
AuditService auditService,
DiagramStore diagramStore,
SensitiveKeysRepository sensitiveKeysRepository) {
this.configRepository = configRepository;
this.registryService = registryService;
this.objectMapper = objectMapper;
this.auditService = auditService;
this.diagramStore = diagramStore;
this.sensitiveKeysRepository = sensitiveKeysRepository;
}
```
**getConfig()** — return wrapped response:
```java
@GetMapping("/{application}")
@Operation(summary = "Get application config",
description = "Returns the current configuration for an application with merged sensitive keys.")
@ApiResponse(responseCode = "200", description = "Config returned")
public ResponseEntity<AppConfigResponse> getConfig(@PathVariable String application,
HttpServletRequest httpRequest) {
auditService.log("view_app_config", AuditCategory.CONFIG, application, null, AuditResult.SUCCESS, httpRequest);
ApplicationConfig config = configRepository.findByApplication(application)
.orElse(defaultConfig(application));
List<String> globalKeys = sensitiveKeysRepository.find()
.map(SensitiveKeysConfig::keys)
.orElse(null);
List<String> merged = SensitiveKeysMerger.merge(globalKeys, config.getSensitiveKeys());
return ResponseEntity.ok(new AppConfigResponse(config, globalKeys, merged));
}
```
**updateConfig()** — merge before push:
In the `updateConfig` method, after `ApplicationConfig saved = configRepository.save(...)`, merge the keys before pushing:
```java
// Merge global + per-app sensitive keys for the SSE payload
List<String> globalKeys = sensitiveKeysRepository.find()
.map(SensitiveKeysConfig::keys)
.orElse(null);
List<String> mergedKeys = SensitiveKeysMerger.merge(globalKeys, saved.getSensitiveKeys());
// Push with merged keys
ApplicationConfig pushConfig = cloneWithMergedKeys(saved, mergedKeys);
CommandGroupResponse pushResult = pushConfigToAgents(application, environment, pushConfig);
```
Add a private helper:
```java
private ApplicationConfig cloneWithMergedKeys(ApplicationConfig source, List<String> mergedKeys) {
String json;
try {
json = objectMapper.writeValueAsString(source);
ApplicationConfig clone = objectMapper.readValue(json, ApplicationConfig.class);
clone.setSensitiveKeys(mergedKeys);
return clone;
} catch (JsonProcessingException e) {
log.warn("Failed to clone config for key merge, pushing original", e);
return source;
}
}
```
Also add imports at the top of the file:
```java
import com.cameleer3.server.app.dto.AppConfigResponse;
import com.cameleer3.server.core.admin.SensitiveKeysConfig;
import com.cameleer3.server.core.admin.SensitiveKeysMerger;
import com.cameleer3.server.core.admin.SensitiveKeysRepository;
```
- [ ] **Step 3: Verify compilation**
Run: `mvn clean compile -pl cameleer3-server-core,cameleer3-server-app`
Expected: BUILD SUCCESS
- [ ] **Step 4: Commit**
```bash
git add cameleer3-server-app/src/main/java/com/cameleer3/server/app/dto/AppConfigResponse.java
git add cameleer3-server-app/src/main/java/com/cameleer3/server/app/controller/ApplicationConfigController.java
git commit -m "feat: merge global sensitive keys into app config GET and SSE push"
```
---
## Task 7: Integration Test — SensitiveKeysAdminController
**Files:**
- Create: `cameleer3-server-app/src/test/java/com/cameleer3/server/app/controller/SensitiveKeysAdminControllerIT.java`
- [ ] **Step 1: Write integration tests**
Follow the `ThresholdAdminControllerIT` pattern.
```java
package com.cameleer3.server.app.controller;
import com.cameleer3.server.app.AbstractPostgresIT;
import com.cameleer3.server.app.TestSecurityHelper;
import com.fasterxml.jackson.databind.JsonNode;
import com.fasterxml.jackson.databind.ObjectMapper;
import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.api.Test;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.boot.test.web.client.TestRestTemplate;
import org.springframework.http.HttpEntity;
import org.springframework.http.HttpMethod;
import org.springframework.http.HttpStatus;
import org.springframework.http.ResponseEntity;
import static org.assertj.core.api.Assertions.assertThat;
class SensitiveKeysAdminControllerIT extends AbstractPostgresIT {
@Autowired
private TestRestTemplate restTemplate;
@Autowired
private ObjectMapper objectMapper;
@Autowired
private TestSecurityHelper securityHelper;
private String adminJwt;
private String viewerJwt;
@BeforeEach
void setUp() {
adminJwt = securityHelper.adminToken();
viewerJwt = securityHelper.viewerToken();
jdbcTemplate.update("DELETE FROM server_config WHERE config_key = 'sensitive_keys'");
}
@Test
void get_notConfigured_returns204() {
ResponseEntity<String> response = restTemplate.exchange(
"/api/v1/admin/sensitive-keys", HttpMethod.GET,
new HttpEntity<>(securityHelper.authHeadersNoBody(adminJwt)),
String.class);
assertThat(response.getStatusCode()).isEqualTo(HttpStatus.NO_CONTENT);
}
@Test
void get_asViewer_returns403() {
ResponseEntity<String> response = restTemplate.exchange(
"/api/v1/admin/sensitive-keys", HttpMethod.GET,
new HttpEntity<>(securityHelper.authHeadersNoBody(viewerJwt)),
String.class);
assertThat(response.getStatusCode()).isEqualTo(HttpStatus.FORBIDDEN);
}
@Test
void put_savesAndReturnsKeys() throws Exception {
String json = """
{ "keys": ["Authorization", "Cookie", "*password*"] }
""";
ResponseEntity<String> response = restTemplate.exchange(
"/api/v1/admin/sensitive-keys", HttpMethod.PUT,
new HttpEntity<>(json, securityHelper.authHeaders(adminJwt)),
String.class);
assertThat(response.getStatusCode()).isEqualTo(HttpStatus.OK);
JsonNode body = objectMapper.readTree(response.getBody());
assertThat(body.path("keys").size()).isEqualTo(3);
assertThat(body.path("keys").get(0).asText()).isEqualTo("Authorization");
assertThat(body.path("pushResult").isNull()).isTrue();
}
@Test
void put_thenGet_returnsStoredKeys() throws Exception {
String json = """
{ "keys": ["Authorization", "*secret*"] }
""";
restTemplate.exchange(
"/api/v1/admin/sensitive-keys", HttpMethod.PUT,
new HttpEntity<>(json, securityHelper.authHeaders(adminJwt)),
String.class);
ResponseEntity<String> getResponse = restTemplate.exchange(
"/api/v1/admin/sensitive-keys", HttpMethod.GET,
new HttpEntity<>(securityHelper.authHeadersNoBody(adminJwt)),
String.class);
assertThat(getResponse.getStatusCode()).isEqualTo(HttpStatus.OK);
JsonNode body = objectMapper.readTree(getResponse.getBody());
assertThat(body.path("keys").size()).isEqualTo(2);
}
@Test
void put_withPushToAgents_returnsEmptyPushResult() throws Exception {
// No agents connected, but push should still succeed with 0 agents
String json = """
{ "keys": ["Authorization"] }
""";
ResponseEntity<String> response = restTemplate.exchange(
"/api/v1/admin/sensitive-keys?pushToAgents=true", HttpMethod.PUT,
new HttpEntity<>(json, securityHelper.authHeaders(adminJwt)),
String.class);
assertThat(response.getStatusCode()).isEqualTo(HttpStatus.OK);
JsonNode body = objectMapper.readTree(response.getBody());
assertThat(body.path("pushResult").path("total").asInt()).isEqualTo(0);
}
@Test
void put_asViewer_returns403() {
String json = """
{ "keys": ["Authorization"] }
""";
ResponseEntity<String> response = restTemplate.exchange(
"/api/v1/admin/sensitive-keys", HttpMethod.PUT,
new HttpEntity<>(json, securityHelper.authHeaders(viewerJwt)),
String.class);
assertThat(response.getStatusCode()).isEqualTo(HttpStatus.FORBIDDEN);
}
}
```
- [ ] **Step 2: Run tests**
Run: `mvn verify -pl cameleer3-server-app -Dit.test=SensitiveKeysAdminControllerIT -Dsurefire.skip=true`
Expected: all 5 tests PASS
- [ ] **Step 3: Commit**
```bash
git add cameleer3-server-app/src/test/java/com/cameleer3/server/app/controller/SensitiveKeysAdminControllerIT.java
git commit -m "test: add SensitiveKeysAdminController integration tests"
```
---
## Task 8: UI — Sensitive Keys API Query Hook
**Files:**
- Create: `ui/src/api/queries/admin/sensitive-keys.ts`
- [ ] **Step 1: Create the query hook file**
Follow the `thresholds.ts` pattern.
```typescript
import { useQuery, useMutation, useQueryClient } from '@tanstack/react-query';
import { adminFetch } from './admin-api';
// ── Types ──────────────────────────────────────────────────────────────
export interface SensitiveKeysConfig {
keys: string[];
}
export interface SensitiveKeysResponse {
keys: string[];
pushResult: {
success: boolean;
total: number;
responded: number;
responses: { agentId: string; status: string; message: string | null }[];
timedOut: string[];
} | null;
}
// ── Query Hooks ────────────────────────────────────────────────────────
export function useSensitiveKeys() {
return useQuery({
queryKey: ['admin', 'sensitive-keys'],
queryFn: () => adminFetch<SensitiveKeysConfig | null>('/sensitive-keys'),
});
}
// ── Mutation Hooks ─────────────────────────────────────────────────────
export function useUpdateSensitiveKeys() {
const qc = useQueryClient();
return useMutation({
mutationFn: ({ keys, pushToAgents }: { keys: string[]; pushToAgents: boolean }) =>
adminFetch<SensitiveKeysResponse>(`/sensitive-keys?pushToAgents=${pushToAgents}`, {
method: 'PUT',
body: JSON.stringify({ keys }),
}),
onSuccess: () => {
qc.invalidateQueries({ queryKey: ['admin', 'sensitive-keys'] });
},
});
}
```
- [ ] **Step 2: Commit**
```bash
git add ui/src/api/queries/admin/sensitive-keys.ts
git commit -m "feat: add sensitive keys API query hooks"
```
---
## Task 9: UI — SensitiveKeysPage Admin Page
**Files:**
- Create: `ui/src/pages/Admin/SensitiveKeysPage.tsx`
- Create: `ui/src/pages/Admin/SensitiveKeysPage.module.css`
- [ ] **Step 1: Create the CSS module**
```css
.page {
display: flex;
flex-direction: column;
gap: var(--space-lg);
max-width: 720px;
}
.infoBanner {
font-size: var(--font-size-sm);
color: var(--text-secondary);
background: var(--surface-secondary);
padding: var(--space-md);
border-radius: var(--radius-md);
line-height: 1.5;
}
.pillList {
display: flex;
flex-wrap: wrap;
gap: var(--space-xs);
min-height: 36px;
align-items: center;
}
.inputRow {
display: flex;
gap: var(--space-sm);
align-items: center;
}
.inputRow input {
flex: 1;
}
.footer {
display: flex;
gap: var(--space-sm);
align-items: center;
}
```
- [ ] **Step 2: Create the page component**
```tsx
import { useState, useEffect, useCallback } from 'react';
import { Button, SectionHeader, Tag, Input, Toggle, Label, useToast } from '@cameleer/design-system';
import { PageLoader } from '../../components/PageLoader';
import { useSensitiveKeys, useUpdateSensitiveKeys } from '../../api/queries/admin/sensitive-keys';
import styles from './SensitiveKeysPage.module.css';
import sectionStyles from '../../styles/section-card.module.css';
export default function SensitiveKeysPage() {
const { data, isLoading } = useSensitiveKeys();
const updateKeys = useUpdateSensitiveKeys();
const { toast } = useToast();
const [draft, setDraft] = useState<string[]>([]);
const [inputValue, setInputValue] = useState('');
const [pushToAgents, setPushToAgents] = useState(false);
const [initialized, setInitialized] = useState(false);
useEffect(() => {
if (data !== undefined && !initialized) {
setDraft(data?.keys ?? []);
setInitialized(true);
}
}, [data, initialized]);
const addKey = useCallback(() => {
const trimmed = inputValue.trim();
if (!trimmed) return;
if (draft.some((k) => k.toLowerCase() === trimmed.toLowerCase())) {
toast({ title: 'Duplicate key', description: `"${trimmed}" is already in the list`, variant: 'warning' });
return;
}
setDraft((prev) => [...prev, trimmed]);
setInputValue('');
}, [inputValue, draft, toast]);
const removeKey = useCallback((index: number) => {
setDraft((prev) => prev.filter((_, i) => i !== index));
}, []);
const handleKeyDown = useCallback((e: React.KeyboardEvent) => {
if (e.key === 'Enter') {
e.preventDefault();
addKey();
}
}, [addKey]);
function handleSave() {
updateKeys.mutate({ keys: draft, pushToAgents }, {
onSuccess: (result) => {
if (result.pushResult) {
toast({
title: 'Sensitive keys saved and pushed',
description: `${result.pushResult.total} agent(s) notified, ${result.pushResult.responded} responded`,
variant: result.pushResult.success ? 'success' : 'warning',
});
} else {
toast({ title: 'Sensitive keys saved', variant: 'success' });
}
},
onError: () => {
toast({ title: 'Failed to save sensitive keys', variant: 'error', duration: 86_400_000 });
},
});
}
if (isLoading) return <PageLoader />;
return (
<div className={styles.page}>
<SectionHeader>Sensitive Keys</SectionHeader>
<div className={styles.infoBanner}>
Agents ship with built-in defaults (Authorization, Cookie, Set-Cookie, X-API-Key,
X-Auth-Token, Proxy-Authorization). Configuring keys here replaces agent defaults for
all applications. Leave unconfigured to use agent defaults.
</div>
<div className={sectionStyles.section}>
<Label>Global sensitive keys</Label>
<div className={styles.pillList}>
{draft.map((key, i) => (
<Tag key={`${key}-${i}`} label={key} onRemove={() => removeKey(i)} />
))}
{draft.length === 0 && (
<span style={{ color: 'var(--text-tertiary)', fontSize: 'var(--font-size-sm)' }}>
No keys configured — agents use built-in defaults
</span>
)}
</div>
<div className={styles.inputRow}>
<Input
value={inputValue}
onChange={(e) => setInputValue(e.target.value)}
onKeyDown={handleKeyDown}
placeholder="Add key or glob pattern (e.g. *password*)"
/>
<Button variant="secondary" size="sm" onClick={addKey} disabled={!inputValue.trim()}>
Add
</Button>
</div>
</div>
<div className={styles.footer}>
<Toggle
checked={pushToAgents}
onChange={(e) => setPushToAgents((e.target as HTMLInputElement).checked)}
label="Push to all connected agents immediately"
/>
<Button variant="primary" onClick={handleSave} loading={updateKeys.isPending}>
Save
</Button>
</div>
</div>
);
}
```
- [ ] **Step 3: Commit**
```bash
git add ui/src/pages/Admin/SensitiveKeysPage.tsx ui/src/pages/Admin/SensitiveKeysPage.module.css
git commit -m "feat: add SensitiveKeysPage admin page"
```
---
## Task 10: UI — Wire Up Router and Sidebar
**Files:**
- Modify: `ui/src/router.tsx`
- Modify: `ui/src/components/sidebar-utils.ts`
- [ ] **Step 1: Add lazy import and route to router.tsx**
In `ui/src/router.tsx`, add the lazy import near the other admin page imports:
```typescript
const SensitiveKeysPage = lazy(() => import('./pages/Admin/SensitiveKeysPage'));
```
Add the route inside the admin children array, between `oidc` and `rbac` (alphabetical by path):
```typescript
{ path: 'sensitive-keys', element: <SuspenseWrapper><SensitiveKeysPage /></SuspenseWrapper> },
```
- [ ] **Step 2: Add sidebar node to sidebar-utils.ts**
In `ui/src/components/sidebar-utils.ts`, inside `buildAdminTreeNodes()`, add the node between the OIDC and Users & Roles entries:
```typescript
{ id: 'admin:sensitive-keys', label: 'Sensitive Keys', path: '/admin/sensitive-keys' },
```
The full `nodes` array should read:
```typescript
const nodes: SidebarTreeNode[] = [
{ id: 'admin:audit', label: 'Audit Log', path: '/admin/audit' },
...(showInfra ? [{ id: 'admin:clickhouse', label: 'ClickHouse', path: '/admin/clickhouse' }] : []),
...(showInfra ? [{ id: 'admin:database', label: 'Database', path: '/admin/database' }] : []),
{ id: 'admin:environments', label: 'Environments', path: '/admin/environments' },
{ id: 'admin:oidc', label: 'OIDC', path: '/admin/oidc' },
{ id: 'admin:sensitive-keys', label: 'Sensitive Keys', path: '/admin/sensitive-keys' },
{ id: 'admin:rbac', label: 'Users & Roles', path: '/admin/rbac' },
];
```
- [ ] **Step 3: Verify dev server starts**
Run: `cd ui && npm run dev`
Navigate to `/admin/sensitive-keys` in the browser. Verify:
- Page loads with info banner and empty pill editor
- Sidebar shows "Sensitive Keys" entry
- Adding/removing pills works
- Save calls the API
- [ ] **Step 4: Commit**
```bash
git add ui/src/router.tsx ui/src/components/sidebar-utils.ts
git commit -m "feat: wire SensitiveKeysPage into router and admin sidebar"
```
---
## Task 11: UI — Per-App Sensitive Keys in AppConfigDetailPage
**Files:**
- Modify: `ui/src/api/queries/commands.ts`
- Modify: `ui/src/pages/Admin/AppConfigDetailPage.tsx`
- [ ] **Step 1: Update ApplicationConfig TypeScript interface**
In `ui/src/api/queries/commands.ts`, add to the `ApplicationConfig` interface:
```typescript
sensitiveKeys?: string[];
globalSensitiveKeys?: string[];
mergedSensitiveKeys?: string[];
```
The interface should now look like:
```typescript
export interface ApplicationConfig {
application: string
version: number
updatedAt?: string
engineLevel?: string
payloadCaptureMode?: string
applicationLogLevel?: string
agentLogLevel?: string
metricsEnabled: boolean
samplingRate: number
tracedProcessors: Record<string, string>
taps: TapDefinition[]
tapVersion: number
routeRecording: Record<string, boolean>
compressSuccess: boolean
sensitiveKeys?: string[]
globalSensitiveKeys?: string[]
mergedSensitiveKeys?: string[]
}
```
Note: The GET endpoint now returns `AppConfigResponse` which wraps `config` + these extra fields. Update `useApplicationConfig` to unwrap the response. The query hook (in `commands.ts`) currently calls `GET /api/v1/config/{app}` — check its shape. Since the server response shape changed from `ApplicationConfig` to `AppConfigResponse`, the query hook needs to map the response:
Find the `useApplicationConfig` hook and update it. The response now has shape `{ config: ApplicationConfig, globalSensitiveKeys: [...], mergedSensitiveKeys: [...] }`. Flatten it so consumers still get an `ApplicationConfig` with the extra fields populated:
```typescript
export function useApplicationConfig(application?: string) {
return useQuery({
queryKey: ['config', application],
queryFn: async () => {
const res = await authFetch(`/config/${application}`)
if (!res.ok) throw new Error(`Failed to fetch config: ${res.status}`)
const data = await res.json()
// Server returns AppConfigResponse: { config, globalSensitiveKeys, mergedSensitiveKeys }
const cfg = data.config ?? data
cfg.globalSensitiveKeys = data.globalSensitiveKeys ?? null
cfg.mergedSensitiveKeys = data.mergedSensitiveKeys ?? null
return cfg as ApplicationConfig
},
enabled: !!application,
})
}
```
- [ ] **Step 2: Add sensitive keys section to AppConfigDetailPage**
In `ui/src/pages/Admin/AppConfigDetailPage.tsx`, add state for the sensitive keys draft:
```typescript
const [sensitiveKeysDraft, setSensitiveKeysDraft] = useState<string[]>([]);
const [sensitiveKeyInput, setSensitiveKeyInput] = useState('');
```
In the `useEffect` that initializes from config, add:
```typescript
setSensitiveKeysDraft([...(config.sensitiveKeys ?? [])]);
```
In `startEditing()`, add:
```typescript
setSensitiveKeysDraft([...(config.sensitiveKeys ?? [])]);
```
In `handleSave()`, include the keys in the updated config:
```typescript
const updated: ApplicationConfig = {
...config,
...form,
tracedProcessors: tracedDraft,
routeRecording: routeRecordingDraft,
sensitiveKeys: sensitiveKeysDraft.length > 0 ? sensitiveKeysDraft : undefined,
} as ApplicationConfig;
```
Add the UI section after the Route Recording section, before the closing `</div>`:
```tsx
{/* ── Sensitive Keys ──────────────────────────────────────────── */}
<div className={sectionStyles.section}>
<SectionHeader>Sensitive Keys</SectionHeader>
{config.globalSensitiveKeys && config.globalSensitiveKeys.length > 0 ? (
<span className={styles.sectionSummary}>
{config.globalSensitiveKeys.length} global (enforced) &middot; {(editing ? sensitiveKeysDraft : config.sensitiveKeys ?? []).length} app-specific
</span>
) : (
<span className={styles.sectionSummary}>
No global sensitive keys configured. Agents use their built-in defaults.
</span>
)}
{/* Global keys — read-only pills */}
{config.globalSensitiveKeys && config.globalSensitiveKeys.length > 0 && (
<div className={styles.sensitiveKeysRow}>
<Label>Global (enforced)</Label>
<div className={styles.pillList}>
{config.globalSensitiveKeys.map((key) => (
<Badge key={key} label={key} color="auto" variant="filled" />
))}
</div>
</div>
)}
{/* Per-app keys — editable */}
<div className={styles.sensitiveKeysRow}>
<Label>Application-specific</Label>
<div className={styles.pillList}>
{(editing ? sensitiveKeysDraft : config.sensitiveKeys ?? []).map((key, i) => (
editing ? (
<Tag key={`${key}-${i}`} label={key} onRemove={() => setSensitiveKeysDraft((prev) => prev.filter((_, idx) => idx !== i))} />
) : (
<Badge key={key} label={key} color="primary" variant="filled" />
)
))}
{(editing ? sensitiveKeysDraft : config.sensitiveKeys ?? []).length === 0 && (
<span className={styles.hint}>None</span>
)}
</div>
{editing && (
<div className={styles.sensitiveKeyInput}>
<input
className={styles.numberInput}
style={{ flex: 1 }}
value={sensitiveKeyInput}
onChange={(e) => setSensitiveKeyInput(e.target.value)}
onKeyDown={(e) => {
if (e.key === 'Enter') {
e.preventDefault();
const trimmed = sensitiveKeyInput.trim();
if (trimmed && !sensitiveKeysDraft.some((k) => k.toLowerCase() === trimmed.toLowerCase())) {
setSensitiveKeysDraft((prev) => [...prev, trimmed]);
setSensitiveKeyInput('');
}
}
}}
placeholder="Add key or glob pattern"
/>
</div>
)}
</div>
{config.globalSensitiveKeys && config.globalSensitiveKeys.length > 0 && (
<span className={styles.hint}>
Global keys are enforced by your administrator and cannot be removed per-app.
</span>
)}
</div>
```
- [ ] **Step 3: Add CSS for the new section**
In `ui/src/pages/Admin/AppConfigDetailPage.module.css`, add:
```css
.sensitiveKeysRow {
display: flex;
flex-direction: column;
gap: var(--space-xs);
}
.pillList {
display: flex;
flex-wrap: wrap;
gap: var(--space-xs);
min-height: 28px;
align-items: center;
}
.sensitiveKeyInput {
display: flex;
gap: var(--space-sm);
max-width: 400px;
}
```
- [ ] **Step 4: Add Tag import**
At the top of `AppConfigDetailPage.tsx`, add `Tag` to the design-system import:
```typescript
import {
Button, SectionHeader, MonoText, Badge, DataTable, Spinner, Toggle, Select, Label, Tag, useToast,
} from '@cameleer/design-system';
```
- [ ] **Step 5: Verify in browser**
Start the dev server, navigate to an app config page. Verify:
- Global keys appear as greyed-out badges
- Per-app keys appear as editable tags in edit mode
- Adding/removing per-app keys works
- Save includes sensitive keys in the payload
- [ ] **Step 6: Commit**
```bash
git add ui/src/api/queries/commands.ts ui/src/pages/Admin/AppConfigDetailPage.tsx ui/src/pages/Admin/AppConfigDetailPage.module.css
git commit -m "feat: add per-app sensitive keys section to AppConfigDetailPage"
```
---
## Task 12: Full Compilation and Test Verification
**Files:** None (verification only)
- [ ] **Step 1: Full backend build**
Run: `mvn clean compile test-compile`
Expected: BUILD SUCCESS
- [ ] **Step 2: Run unit tests**
Run: `mvn test -pl cameleer3-server-core`
Expected: all tests pass, including `SensitiveKeysMergerTest`
- [ ] **Step 3: Run frontend type check**
Run: `cd ui && npx tsc --noEmit`
Expected: no type errors
- [ ] **Step 4: Regenerate openapi.json**
Since backend REST API changed (new endpoint, modified response shapes), regenerate the OpenAPI spec:
Run the server and fetch the spec, or run `mvn verify` if the project generates it during build.
- [ ] **Step 5: Commit any remaining changes**
```bash
git add -A
git commit -m "chore: regenerate openapi.json after sensitive keys API changes"
```
Reference in New Issue Copy Permalink