✨ feat(security): add Security surfaces to install modal and mission detail#8210
Merged
clubanderson merged 1 commit intomainfrom Apr 16, 2026
Merged
✨ feat(security): add Security surfaces to install modal and mission detail#8210clubanderson merged 1 commit intomainfrom
clubanderson merged 1 commit intomainfrom
Conversation
…detail Makes the security picture visible in-context at the two moments users care about — installing the Console itself and installing a CNCF project via a guided mission. Both surfaces link to the SECURITY-MODEL.md doc merged in #8203. Setup install modal (SetupInstructionsDialog.tsx): - New expandable "Security posture" section next to the Dev Guide / K8s Deploy / OAuth sections - Four subsections covering kc-agent posture, AI key handling, what leaves your machine, and the air-gapped / local-LLM option (framed as a security posture, not a feature gap — deliberately scoped to NOT conflate with the separate broader local-LLM support work) - "Read the full security model" link to docs/security/SECURITY-MODEL.md Mission Detail view (MissionDetailView.tsx): - New 5th tab: install / uninstall / upgrade / troubleshooting / **security** - Renders mission.security steps via the existing StepCard component - When mission.security is populated, adds a footer link to the overall SECURITY-MODEL.md so users always have a path to the full doc - When mission.security is empty, shows a helpful fallback with the global doc link and an "Suggest security notes" button (reuses the existing onImprove flow) Schema (lib/missions/types.ts): - Adds optional `security?: MissionStep[]` to the MissionExport interface. Backwards-compatible. Locale (locales/en/common.json): - Adds `missions.detail.tabs.security` and `missions.detail.tabs.securityEmpty` strings Paired with kubestellar/console-kb#2027 which introduces the schema-side `mission.security` array and populates the first mission (install-kubevirt). Signed-off-by: Andrew Anderson <[email protected]>
kubestellar-prow
Bot
added
the
dco-signoff: yes
Contributor
|
[APPROVALNOTIFIER] This PR is NOT APPROVED This pull-request has been approved by: The full list of commands accepted by this bot can be found here. DetailsNeeds approval from an approver in each of these files:Approvers can indicate their approval by writing |
✅ Deploy Preview for kubestellarconsole ready!
To edit notification comments on pull requests, go to your Netlify project configuration. |
kubestellar-prow
Bot
added
the
size/L
Contributor
|
👋 Hey @clubanderson — thanks for opening this PR!
This is an automated message. |
Contributor
There was a problem hiding this comment.
Pull request overview
Adds in-context “Security” guidance to two key UI surfaces (local install modal and mission detail) and extends the mission schema/i18n to support mission-specific security steps, linking to docs/security/SECURITY-MODEL.md as the canonical reference.
Changes:
- Adds an expandable “Security posture” section to
SetupInstructionsDialogwith a link to the security model doc. - Adds a new “Security” tab to
MissionDetailViewthat rendersmission.securitysteps or a fallback CTA when empty. - Extends
MissionExportwith optionalsecurity?: MissionStep[]and adds the required EN locale strings.
Reviewed changes
Copilot reviewed 4 out of 4 changed files in this pull request and generated 2 comments.
| File | Description |
|---|---|
| web/src/components/setup/SetupInstructionsDialog.tsx | Adds an expandable “Security posture” guide with a doc link in the install modal. |
| web/src/components/missions/MissionDetailView.tsx | Adds a “Security” tab rendering mission.security steps plus doc link + fallback CTA. |
| web/src/lib/missions/types.ts | Extends MissionExport with optional security steps. |
| web/src/locales/en/common.json | Adds i18n strings for the new Security tab and empty state. |
Comment on lines
+241
to
+243
| <code className="font-mono text-foreground/70">0600</code>. The browser never holds the | ||
| keys; kc-agent calls the provider directly. No API key reaches the console's servers or | ||
| the hosted demo at console.kubestellar.io. |
Comment on lines
+228
to
+230
| kc-agent binds <code className="font-mono text-foreground/70">127.0.0.1:8585</code> only | ||
| (hardcoded loopback, not configurable). It reads{' '} | ||
| <code className="font-mono text-foreground/70">~/.kube/config</code> and executes every |
Contributor
|
Thank you for your contribution! Your PR has been merged. Check out what's new:
Stay connected: Slack #kubestellar-dev | Multi-Cluster Survey |
clubanderson
added a commit
that referenced
this pull request
Apr 16, 2026
…odel links Follow-up to #8210 which added the Security posture section to the install modal and a Security tab to the mission detail view. The original PR linked to the source-grounded repo version of SECURITY-MODEL.md — functional but less user-friendly than the rendered docs site, and missed the AI threat model entirely. Changes: SetupInstructionsDialog.tsx (Run KubeStellar Console Locally modal): - Primary security link now points at https://kubestellar.io/docs/console/main/console/security-model/ (rendered docs site, main version). - Added AI automation threat model link (SECURITY-AI.md from #8249) to surface prompt-injection / supply-chain / agent-drift concerns. - Kept the repo version as a secondary "source-grounded" link with smaller muted styling — useful for readers who want the exact file/line claims SECURITY-MODEL.md makes. MissionDetailView.tsx (mission security tab): - Same docs.kubestellar.io primary URL swap. - Added AI threat model link both to the populated-tab footer and the empty-state fallback. Three new URL constants replace the single hardcoded GH link: SECURITY_DOC_URL = docs.kubestellar.io (primary) SECURITY_DOC_REPO_URL = github.com/.../SECURITY-MODEL.md (secondary) SECURITY_AI_DOC_URL = github.com/.../SECURITY-AI.md Signed-off-by: Andrew Anderson <[email protected]>
Contributor
|
Post-merge build verification passed ✅ Both Go and frontend builds compiled successfully against merge commit |
4 tasks
Contributor
✅ Post-Merge Verification: passedCommit: |
clubanderson
added a commit
that referenced
this pull request
Apr 16, 2026
…odel links (#8348) Follow-up to #8210 which added the Security posture section to the install modal and a Security tab to the mission detail view. The original PR linked to the source-grounded repo version of SECURITY-MODEL.md — functional but less user-friendly than the rendered docs site, and missed the AI threat model entirely. Changes: SetupInstructionsDialog.tsx (Run KubeStellar Console Locally modal): - Primary security link now points at https://kubestellar.io/docs/console/main/console/security-model/ (rendered docs site, main version). - Added AI automation threat model link (SECURITY-AI.md from #8249) to surface prompt-injection / supply-chain / agent-drift concerns. - Kept the repo version as a secondary "source-grounded" link with smaller muted styling — useful for readers who want the exact file/line claims SECURITY-MODEL.md makes. MissionDetailView.tsx (mission security tab): - Same docs.kubestellar.io primary URL swap. - Added AI threat model link both to the populated-tab footer and the empty-state fallback. Three new URL constants replace the single hardcoded GH link: SECURITY_DOC_URL = docs.kubestellar.io (primary) SECURITY_DOC_REPO_URL = github.com/.../SECURITY-MODEL.md (secondary) SECURITY_AI_DOC_URL = github.com/.../SECURITY-AI.md Signed-off-by: Andrew Anderson <[email protected]>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Makes the security picture visible in-context at the two moments users care about — installing the Console itself and installing a CNCF project via a guided mission. Both surfaces link to `docs/security/SECURITY-MODEL.md` (merged in #8203) as the canonical reference.
This is the UI half of task 3 from the session todo — the docs half landed in #8203, the mermaid enhancement is in #8206, the schema side is in kubestellar/console-kb#2027.
What changes
Setup install modal — `SetupInstructionsDialog.tsx`
New expandable Security posture section alongside the existing Dev Guide / K8s Deploy / OAuth sections. Four subsections:
Framed deliberately to not conflate with broader local-LLM support work (tracked separately as Manuela's feedback).
Mission Detail view — `MissionDetailView.tsx`
Adds a 5th tab: `install | uninstall | upgrade | troubleshooting | security`. The tab:
Schema — `types.ts`
Adds optional `security?: MissionStep[]` to the `MissionExport` interface. Backwards-compatible.
Locale — `locales/en/common.json`
Adds `missions.detail.tabs.security` and `missions.detail.tabs.securityEmpty` strings.
Paired PRs
Test plan