📝 fix(security-links): point at docs.kubestellar.io + add AI threat model links#8348
📝 fix(security-links): point at docs.kubestellar.io + add AI threat model links#8348clubanderson merged 1 commit intomainfrom
Conversation
…odel links Follow-up to #8210 which added the Security posture section to the install modal and a Security tab to the mission detail view. The original PR linked to the source-grounded repo version of SECURITY-MODEL.md — functional but less user-friendly than the rendered docs site, and missed the AI threat model entirely. Changes: SetupInstructionsDialog.tsx (Run KubeStellar Console Locally modal): - Primary security link now points at https://kubestellar.io/docs/console/main/console/security-model/ (rendered docs site, main version). - Added AI automation threat model link (SECURITY-AI.md from #8249) to surface prompt-injection / supply-chain / agent-drift concerns. - Kept the repo version as a secondary "source-grounded" link with smaller muted styling — useful for readers who want the exact file/line claims SECURITY-MODEL.md makes. MissionDetailView.tsx (mission security tab): - Same docs.kubestellar.io primary URL swap. - Added AI threat model link both to the populated-tab footer and the empty-state fallback. Three new URL constants replace the single hardcoded GH link: SECURITY_DOC_URL = docs.kubestellar.io (primary) SECURITY_DOC_REPO_URL = github.com/.../SECURITY-MODEL.md (secondary) SECURITY_AI_DOC_URL = github.com/.../SECURITY-AI.md Signed-off-by: Andrew Anderson <[email protected]>
kubestellar-prow
Bot
added
the
dco-signoff: yes
|
[APPROVALNOTIFIER] This PR is NOT APPROVED This pull-request has been approved by: The full list of commands accepted by this bot can be found here. DetailsNeeds approval from an approver in each of these files:Approvers can indicate their approval by writing |
✅ Deploy Preview for kubestellarconsole ready!
To edit notification comments on pull requests, go to your Netlify project configuration. |
|
👋 Hey @clubanderson — thanks for opening this PR!
This is an automated message. |
kubestellar-prow
Bot
added
the
size/M
There was a problem hiding this comment.
Pull request overview
Updates the Console UI “security” links to point to the rendered docs site for the main security model and adds a link to the AI/automation threat model alongside it, in both the install modal and mission Security tab.
Changes:
- Swap primary security-model link from the repo markdown to the rendered docs-site URL.
- Add an “AI automation threat model” link (SECURITY-AI.md) in the install modal and mission Security tab footer/empty state.
- Keep the GitHub “source-grounded” SECURITY-MODEL.md link as a secondary option in the install modal.
Reviewed changes
Copilot reviewed 2 out of 2 changed files in this pull request and generated 4 comments.
| File | Description |
|---|---|
| web/src/components/setup/SetupInstructionsDialog.tsx | Adds 3 security URL constants and renders 3 security links (docs primary, AI threat model, repo source link) in the setup modal. |
| web/src/components/missions/MissionDetailView.tsx | Updates the Security tab footer to use the docs-site URL and adds an AI threat-model link in both populated and empty states. |
| // Primary (user-friendly) security doc link — rendered docs site. Falls | ||
| // back to the source-grounded repo version + AI-specific threat model | ||
| // for readers who want the ground truth. |
There was a problem hiding this comment.
The inline comment implies a runtime “fallback” behavior, but this code always renders multiple links (no fallback logic). Consider rewording to avoid suggesting behavior that doesn’t exist (e.g., “Primary link points to rendered docs; also provide repo + AI threat model links”).
| // Primary (user-friendly) security doc link — rendered docs site. Falls | |
| // back to the source-grounded repo version + AI-specific threat model | |
| // for readers who want the ground truth. | |
| // Primary (user-friendly) security doc link — rendered docs site. | |
| // Also provide the source-grounded repo version and AI-specific | |
| // threat model links for readers who want additional detail. |
| className="inline-flex items-center gap-1 text-purple-400 hover:text-purple-300" | ||
| > | ||
| Read the full security model | ||
| Read the full security model (docs.kubestellar.io) |
There was a problem hiding this comment.
Link text says “docs.kubestellar.io” but the href is kubestellar.io/.... Please align the visible label with the actual URL (or update the URL if the label is the intended canonical domain) to avoid confusing users.
| Read the full security model (docs.kubestellar.io) | |
| Read the full security model documentation |
|
|
||
| /** GitHub URL for the overall Console security model doc. Linked from the Security tab fallback / footer. */ | ||
| const SECURITY_MODEL_DOC_URL = 'https://github.com/kubestellar/console/blob/main/docs/security/SECURITY-MODEL.md' | ||
| /** Primary (docs.kubestellar.io) URL for the Console security model. Linked |
There was a problem hiding this comment.
The docstring says “docs.kubestellar.io” but the constant points at https://kubestellar.io/.... Update the comment (or the URL) so the code matches the intended canonical docs host and avoids drifting documentation.
| /** Primary (docs.kubestellar.io) URL for the Console security model. Linked | |
| /** Primary (kubestellar.io/docs) URL for the Console security model. Linked |
| rel="noopener noreferrer" | ||
| className="inline-flex items-center gap-1 text-purple-400 hover:text-purple-300" | ||
| > | ||
| AI threat model |
There was a problem hiding this comment.
The AI threat-model link text is inconsistent with the populated-tab footer (“AI automation threat model” vs “AI threat model”). Consider using the same wording in both places so users can recognize it’s the same document.
| AI threat model | |
| AI automation threat model |
|
Thank you for your contribution! Your PR has been merged. Check out what's new:
Stay connected: Slack #kubestellar-dev | Multi-Cluster Survey |
|
Post-merge build verification passed ✅ Both Go and frontend builds compiled successfully against merge commit |
✅ Post-Merge Verification: passedCommit: |
Copilot-generated followup #8352 flagged four nits on the merged security-links PR (#8348): - Misleading "Falls back to" comment on SECURITY_DOC_URL — both links are surfaced side-by-side, not as a fallback chain. Rewrote to describe the actual behavior. - Link label "(docs.kubestellar.io)" didn't match the actual host ("kubestellar.io") in SetupInstructionsDialog. Matched the label to the URL. - MissionDetailView docstring referenced "docs.kubestellar.io" for the SECURITY_MODEL_DOC_URL constant; URL is "kubestellar.io". - Link text "AI threat model" was inconsistent with SetupInstructionsDialog which uses "AI automation threat model". Aligned wording so both entry points read the same. Fixes #8352 Signed-off-by: Andy Anderson <[email protected]>
Copilot-generated followup #8352 flagged four nits on the merged security-links PR (#8348): - Misleading "Falls back to" comment on SECURITY_DOC_URL — both links are surfaced side-by-side, not as a fallback chain. Rewrote to describe the actual behavior. - Link label "(docs.kubestellar.io)" didn't match the actual host ("kubestellar.io") in SetupInstructionsDialog. Matched the label to the URL. - MissionDetailView docstring referenced "docs.kubestellar.io" for the SECURITY_MODEL_DOC_URL constant; URL is "kubestellar.io". - Link text "AI threat model" was inconsistent with SetupInstructionsDialog which uses "AI automation threat model". Aligned wording so both entry points read the same. Fixes #8352 Signed-off-by: Andy Anderson <[email protected]>
Summary
Follow-up to #8210 (just merged) which added the Security posture section to the install modal and a Security tab to mission detail views. The original PR linked to the source-grounded repo version of `SECURITY-MODEL.md` — functional but less user-friendly than the rendered docs site, and missed the AI threat model entirely.
Changes
`SetupInstructionsDialog.tsx` — "Run KubeStellar Console Locally" modal:
`MissionDetailView.tsx` — mission security tab:
Three URL constants replace the single hardcoded GH link
Test plan
🤖 Generated with Claude Code