[Feature] Fully UI-managed configuration with safety controls #218

Closed
opened 2026-07-07 21:16:26 +02:00 by zemion · 3 comments
Owner

Make normal platform operation configurable through the UI, while adding the safety measures needed for powerful configuration changes.

Source: docs/GOVERNMENT_OPERATIONS_VISION.md

Acceptance criteria:

  • identify remaining file/env-only settings and classify what can safely move into UI-managed configuration
  • provide dry-run plans, field validation, policy explanations, and audit events for high-impact settings
  • support two-person approval or equivalent guardrails for destructive changes
  • preserve rollback/version history for UI-managed configuration
  • keep secrets as references/placeholders, not plain UI-visible values
  • maintenance-mode and RBAC checks protect dangerous operations
Make normal platform operation configurable through the UI, while adding the safety measures needed for powerful configuration changes. Source: `docs/GOVERNMENT_OPERATIONS_VISION.md` Acceptance criteria: - identify remaining file/env-only settings and classify what can safely move into UI-managed configuration - provide dry-run plans, field validation, policy explanations, and audit events for high-impact settings - support two-person approval or equivalent guardrails for destructive changes - preserve rollback/version history for UI-managed configuration - keep secrets as references/placeholders, not plain UI-visible values - maintenance-mode and RBAC checks protect dangerous operations
Author
Owner

First safety-control foundation slice landed. Added govoplan_core.core.configuration_safety with a typed configuration safety catalog that classifies UI-managed vs deployment-managed settings, risk level, secret handling, required scopes, dry-run/validation/policy-explanation requirements, audit events, maintenance-mode guards, two-person approval requirements, and rollback-history requirements. Covered module management, package install plans, maintenance mode, privacy retention policy, governance templates, mail credentials, file connector profiles, and env-only trust/database/encryption roots. Updated docs/GOVERNMENT_OPERATIONS_VISION.md to point UI editors at this metadata. Verification: py_compile for configuration_safety.py and tests/test_policy_contracts.py; unittest tests.test_policy_contracts.PolicyContractTests plus adjacent configuration package tests; git diff --check. Keeping #218 open for the UI editors, approval workflow, versioned history persistence, and end-to-end audit wiring.

First safety-control foundation slice landed. Added govoplan_core.core.configuration_safety with a typed configuration safety catalog that classifies UI-managed vs deployment-managed settings, risk level, secret handling, required scopes, dry-run/validation/policy-explanation requirements, audit events, maintenance-mode guards, two-person approval requirements, and rollback-history requirements. Covered module management, package install plans, maintenance mode, privacy retention policy, governance templates, mail credentials, file connector profiles, and env-only trust/database/encryption roots. Updated docs/GOVERNMENT_OPERATIONS_VISION.md to point UI editors at this metadata. Verification: py_compile for configuration_safety.py and tests/test_policy_contracts.py; unittest tests.test_policy_contracts.PolicyContractTests plus adjacent configuration package tests; git diff --check. Keeping #218 open for the UI editors, approval workflow, versioned history persistence, and end-to-end audit wiring.
zemion added the
module/access
module/core
labels 2026-07-07 23:40:44 +02:00
Author
Owner

Progress update: implemented the executable safety planner and admin safety endpoints. govoplan_core.core.configuration_safety now exposes plan_configuration_change, which validates UI-managed vs deployment-managed fields, RBAC scopes, dry-run requirements, maintenance-mode requirements, two-person approval counts, secret-reference handling, rollback-history requirements, policy explanations, and audit event names. Admin endpoints /api/v1/admin/configuration-safety and /api/v1/admin/configuration-safety/plan plus WebUI API helpers are covered by smoke tests. Leaving this issue open because concrete UI editors and persisted configuration version/rollback history are still broader product work.

Progress update: implemented the executable safety planner and admin safety endpoints. govoplan_core.core.configuration_safety now exposes plan_configuration_change, which validates UI-managed vs deployment-managed fields, RBAC scopes, dry-run requirements, maintenance-mode requirements, two-person approval counts, secret-reference handling, rollback-history requirements, policy explanations, and audit event names. Admin endpoints /api/v1/admin/configuration-safety and /api/v1/admin/configuration-safety/plan plus WebUI API helpers are covered by smoke tests. Leaving this issue open because concrete UI editors and persisted configuration version/rollback history are still broader product work.
zemion added the
priority
p2
status
triage
labels 2026-07-08 02:09:48 +02:00
Author
Owner

Implemented the end-to-end safety-control slice for UI-managed configuration. Added a JSON-backed configuration control ledger in system settings with durable change requests, two-person approvals, applied version history, rollback values, and sanitized value previews. Exposed list/create/approve endpoints plus WebUI API bindings and an Admin > System > Changes panel. Guarded high-impact applies for configuration packages, system privacy retention, module desired state/install plan, and governance templates; successful applies now write audit events and history.\n\nVerification:\n- python -m py_compile on touched core/access/admin/policy route and schema files\n- python -m unittest tests.test_api_smoke.ApiSmokeTests.test_access_configuration_provider_round_trips_roles_groups_and_assignments tests.test_api_smoke.ApiSmokeTests.test_configuration_safety_admin_endpoints_explain_guardrails tests.test_api_smoke.ApiSmokeTests.test_system_governance_defaults_templates_and_central_accounts tests.test_api_smoke.ApiSmokeTests.test_admin_audit_supports_lazy_pagination_sorting_and_filters\n- python -m unittest tests.test_policy_contracts\n- core webui: tsc --noEmit\n- core webui: npm run test:module-capabilities\n- git diff --check across core/access/admin/policy

Implemented the end-to-end safety-control slice for UI-managed configuration. Added a JSON-backed configuration control ledger in system settings with durable change requests, two-person approvals, applied version history, rollback values, and sanitized value previews. Exposed list/create/approve endpoints plus WebUI API bindings and an Admin > System > Changes panel. Guarded high-impact applies for configuration packages, system privacy retention, module desired state/install plan, and governance templates; successful applies now write audit events and history.\n\nVerification:\n- python -m py_compile on touched core/access/admin/policy route and schema files\n- python -m unittest tests.test_api_smoke.ApiSmokeTests.test_access_configuration_provider_round_trips_roles_groups_and_assignments tests.test_api_smoke.ApiSmokeTests.test_configuration_safety_admin_endpoints_explain_guardrails tests.test_api_smoke.ApiSmokeTests.test_system_governance_defaults_templates_and_central_accounts tests.test_api_smoke.ApiSmokeTests.test_admin_audit_supports_lazy_pagination_sorting_and_filters\n- python -m unittest tests.test_policy_contracts\n- core webui: tsc --noEmit\n- core webui: npm run test:module-capabilities\n- git diff --check across core/access/admin/policy
Sign in to join this conversation.
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: add-ideas/govoplan-core#218
No description provided.