feat(certificates): configure expiry thresholds #827

Merged
simon merged 1 commit from feat/certificate-expiry-thresholds into dev 2026-06-29 07:12:34 +00:00
Owner

Summary\n- add certificate expiry warning and critical threshold settings on the Instance settings page\n- store the policy in instance metadata and recalculate certificate posture when it changes\n- make web-created and ingest-evaluated certificate expiry alerts use warning/critical windows by severity\n\n## Validation\n- node --experimental-strip-types --test lib/certificate-expiry-policy.test.mjs lib/db/schema/metadata-validation.test.mjs lib/actions/dashboard-standalone.test.mjs\n- corepack pnpm@10.6.5 --filter web type-check\n- corepack pnpm@10.6.5 --filter web test:unit (blocked by unrelated missing lib/dsum/dsum.ts; issue #826 opened)\n- corepack pnpm@10.6.5 go:test\n- BETTER_AUTH_URL=https://localhost DATABASE_URL=postgresql://ctops:ctops@localhost:5432/ctops corepack pnpm@10.6.5 --filter web build

## Summary\n- add certificate expiry warning and critical threshold settings on the Instance settings page\n- store the policy in instance metadata and recalculate certificate posture when it changes\n- make web-created and ingest-evaluated certificate expiry alerts use warning/critical windows by severity\n\n## Validation\n- node --experimental-strip-types --test lib/certificate-expiry-policy.test.mjs lib/db/schema/metadata-validation.test.mjs lib/actions/dashboard-standalone.test.mjs\n- corepack pnpm@10.6.5 --filter web type-check\n- corepack pnpm@10.6.5 --filter web test:unit (blocked by unrelated missing lib/dsum/dsum.ts; issue #826 opened)\n- corepack pnpm@10.6.5 go:test\n- BETTER_AUTH_URL=https://localhost DATABASE_URL=postgresql://ctops:ctops@localhost:5432/ctops corepack pnpm@10.6.5 --filter web build
feat(certificates): configure expiry thresholds
All checks were successful
Conventional PR title / Conventional PR title (pull_request) Successful in 0s
PR Checks (Docker images) / Ansible API contract (pull_request) Successful in 7s
SAST / Detect security scan scope (pull_request) Successful in 9s
PR Checks (Docker images) / Detect Docker image changes (pull_request) Successful in 10s
PR Checks (Docker images) / Ansible API Docker image (pull_request) Has been skipped
SAST / gosec (agent) (pull_request) Has been skipped
Secret Scan / gitleaks (pull_request) Successful in 30s
SAST / trivy (filesystem) (pull_request) Has been skipped
SAST / trivy (config / IaC) (pull_request) Has been skipped
PR Checks (Go) / Go (test / build) (pull_request) Successful in 1m1s
SAST / semgrep (pull_request) Successful in 1m12s
SAST / crypto-lint (no weak hashes / ciphers) (pull_request) Successful in 1m6s
SAST / gosec (ingest) (pull_request) Successful in 2m1s
PR Checks (Web) / Web (lint / type-check / build) (pull_request) Successful in 3m7s
PR Checks (Docker images) / Ingest Docker image (pull_request) Successful in 9m16s
PR Checks (Docker images) / Web Docker image (pull_request) Successful in 12m46s
d448e159b1
simon deleted branch feat/certificate-expiry-thresholds 2026-06-29 07:12:35 +00:00
Sign in to join this conversation.
No reviewers
No milestone
No project
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
carrtech/ct-ops!827
No description provided.