Remove unused import and variable in criticalUIFixes test
Update PodList test mocks to use new Interactive* modal components
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
- Create SecretDataModal component for viewing and decoding base64 secret data
- Add View Data action to SecretList that opens SecretDataModal
- Add Edit and Delete actions to PodDisruptionBudgetList
- Add Edit and Delete actions to PriorityClassList
- Add Edit and Delete actions to RuntimeClassList
- Add Edit and Delete actions to LeaseList
- Add Edit and Delete actions to MutatingWebhookList
- Add Edit and Delete actions to ValidatingWebhookList
- Update KubernetesPage to pass onRefresh to all config resource lists
- Export SecretDataModal from index.tsx
- Add comprehensive test suite for SecretDataModal (8 tests, all passing)
SecretDataModal features:
- Parses secret YAML and extracts data keys
- Decodes base64 values with native atob()
- Individual reveal/hide toggle per key
- Copy to clipboard with visual feedback
- Handles empty secrets and malformed base64
All 11 config resource types now have complete Edit/Delete functionality.
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
- Create WorkloadLogsModal component for viewing logs from workload-managed pods
- Add Logs action to DeploymentList with WorkloadLogsModal
- Add Logs action to StatefulSetList with WorkloadLogsModal
- Add Logs action to DaemonSetList with WorkloadLogsModal
- Add Logs action to JobList with WorkloadLogsModal
- Add Logs action to CronJobList with WorkloadLogsModal
- Add Logs action to ReplicaSetList with WorkloadLogsModal
- Fully rewrite ReplicationControllerList with Scale, Logs, Edit, Delete actions
- WorkloadLogsModal uses pod name-pattern matching to find workload pods
- Support for all workload types: deployment, statefulset, daemonset, job, cronjob, replicaset, replicationcontroller
- Configurable tail lines (50, 100, 500, 1000, 5000)
- Verify WorkloadOverview dashboard already exists and functional
All workload resource types now have complete functionality matching FreeLens.
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
Replace LogsModal with LogStreamPanel in PodList for streaming logs
Add smart positioning to ResourceActionMenu to flip when near bottom
Fix dark mode text visibility by applying class to html element
Fix YAML editor loading race condition
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
- Fix LogStreamPanel event listener cleanup with synchronous unlisten
- Fix eventBus async-unsafe unsubscribe with proper error handling
- Fix KubernetesPage infinite loading by resetting state on section change
- Add ErrorBoundary component with reset capability
- Add Badge component with multiple variants
- Add ResourceDetailsDrawer for slide-out details panel
- Add useFavorites hook with localStorage persistence
- Add useKeyboardShortcuts hook for declarative shortcuts
- Add comprehensive test coverage for all new components/hooks
- Add keyboard shortcuts documentation to README
- Wrap KubernetesPage with ErrorBoundary for crash recovery
- Install react-window for virtual scrolling support
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
Add PortForwardPage.tsx as standalone page for port forwarding management
with complete CRUD operations (Start, Stop, Delete). Includes real-time
status updates, auto-refresh, and integrated form for creating new forwards.
All 6 network resource list components already exist and are complete:
- ServiceList.tsx: Name, Type, Cluster IP, External IP, Ports, Age, Status
- IngressList.tsx: Name, Namespace, Load Balancers, Rules, Age
- NetworkPolicyList.tsx: Name, Namespace, Pod Selector, Age
- EndpointList.tsx: Name, Namespace, Endpoints, Age
- EndpointSliceList.tsx: Name, Namespace, Endpoints, Address Type, Age
- IngressClassList.tsx: Name, Controller, Age
Backend commands verified in kube.rs:
- start_port_forward, stop_port_forward, list_port_forwards, delete_port_forward
Navigation already integrated in KubernetesPage.tsx Network group.
Deployment/StatefulSet/DaemonSet action handlers were passing
namespace='all' to kubectl when All Namespaces was selected.
Actions now use the resource's own .namespace field for openEdit,
handleRestart, handleRollback, handleDelete, ScaleModal, and
EditResourceModal.
Adds 21 TDD tests in WorkloadListActions.test.tsx covering all
action handlers across DeploymentList, StatefulSetList, DaemonSetList,
ReplicaSetList, JobList, and CronJobList. Tests verify IPC calls
receive the item's actual namespace even when the filter prop is 'all'.
Service/Ingress/ConfigMap/Secret/HPA/PVC/ServiceAccount/Role/RoleBinding/
NetworkPolicy/ResourceQuota/LimitRange action handlers now use the resource's
own .namespace field instead of the UI filter namespace='all'. Removes the
now-unused ns local variable from CronJobList/JobList/ReplicaSetList.
24 new TDD tests verify the correct namespace is passed to getResourceYamlCmd
and deleteResourceCmd for each of the 12 affected components.
Pod actions (logs, shell, attach, edit, delete) were receiving namespace='all'
from the UI filter prop and passing it to kubectl as -n all. Fixes by adding
namespace field to PodInfo (Rust + TypeScript) and using pod.namespace in all
action command calls in PodList.
- workloads_overview now fetches pods/deployments/statefulsets/daemonsets/jobs/
cronjobs in parallel via Promise.allSettled
- loadInitialData initializedRef guard prevents double connectClusterFromKubeconfig
- connection errors now surface as a dismissible banner instead of being swallowed
Non-adaptive text-gray-* and bg-white classes replaced with text-foreground,
text-muted-foreground, bg-card, bg-background — ensuring readable contrast
in both light and dark themes.
Each kubectl command now uses a globally unique temp kubeconfig path via
an AtomicU64 counter, preventing TempFileCleanup from deleting a file that
a concurrent call is still using.
KubernetesPage.test.tsx had two stale section heading assertions from
before the nav restructure:
- "Services & Networking" → "Network"
- "Config & Storage" → "Config" + "Storage" (now separate sections)
Also renamed the matching it() description for accuracy.
eslint.config.js: add .claude/ to ignores (session memory dir).
Adds FreeLens feature inventory (md + json) generated during
gap analysis research for this feature parity work.
- Apply cargo fmt to src-tauri/src/commands/kube.rs (CI was failing)
- Update pr-review.yml to use qwen3-coder-next model via liteLLM
- Add TICKET-kube-ui-feature-parity.md gap analysis for FreeLens parity
Co-Authored-By: TFTSR Engineering <noreply@tftsr.com>
Replace hardcoded light-mode Tailwind colors with dark: variants
across six components. Issues that broke readability:
- PiiDiffViewer / Security: toggle knob was bg-white (invisible on
bg-muted in dark mode) -> bg-background
- ImageGallery: thumbnail container, filename labels, alert banners,
and modal chrome all used hardcoded gray/white backgrounds with dark
text; added full dark: variants throughout
- ShellExecution TIER_CONFIG: tier cards used bg-green/yellow/red-50
(near-white) with dark text; added dark:bg-*-950/30 backgrounds and
light text for all three tiers
- ShellApprovalModal: tier 2 badge hardcoded bg-yellow-50/text-yellow-700;
added dark: variants
- LogUpload: PII warning alert used bg-amber-50/text-amber-800; added
dark:bg-amber-900/20 and lighter text for dark mode
Add write_secure_temp_file() helper that creates files with mode 0600
on Unix (owner read/write only) instead of the default 0644
(world-readable). All 41 temp kubeconfig write sites updated.
Kubeconfig files contain cluster credentials; world-readable temp files
would expose them to any local user on the system.
- Add detect_auth_method() to identify kubeconfig credential type
(exec plugin, bearer token, inline cert, file-path cert, basic auth)
and surface warnings when the auth requires an external binary or file
- Split test into Stage 1 (kubectl get --raw=/healthz, no auth) and
Stage 2 (kubectl cluster-info, authenticated), so connectivity and
auth failures are reported distinctly rather than collapsing both
into opaque memcache.go noise
- Output now includes auth method and per-stage result for faster
diagnosis of 'server requires credentials' vs unreachable host
Credential error persists: switch all 40 kubectl invocations from using
KUBECONFIG env var to the explicit --kubeconfig CLI flag. The flag has higher
precedence in kubectl's lookup order and is unambiguous regardless of any
inherited KUBECONFIG env var in the parent process environment.
Also adds test_kubectl_connection Tauri command (runs kubectl cluster-info
with the stored kubeconfig) and a Test button in Settings → Kubeconfig so
the exact kubectl output — context name, exit code, full stdout/stderr — is
visible without needing to inspect tracing logs. This output will reveal
whether the issue is expired certs, a missing exec-auth plugin, wrong context,
or something else entirely.
## kubectl credentials still failing after --context fix
Root cause: both extract_context() (kube.rs) and upload_kubeconfig() (shell.rs)
ignored the kubeconfig's current-context field and always picked contexts[0] from
the contexts array. If a kubeconfig has multiple contexts and current-context
points to entry N>0, we silently used the wrong context — one that may have empty
or expired credentials — causing the 401 "the server has asked for the client to
provide credentials" error on every kubectl call.
Fixes:
- extract_context(): read current-context field first; fall back to contexts[0]
only when current-context is absent or empty.
- extract_current_context_name(): new helper in kubeconfig.rs using the same
line-scanner approach as parse_kubeconfig_contexts (no extra dependencies).
- upload_kubeconfig(): use current-context to select the matching context entry
when storing context name in kubeconfig_files; falls back to first entry.
NOTE: existing kubeconfig rows in the database have the old (wrong) context
stored. Re-uploading kubeconfig files after deploying this build will fix them.
## Cluster dropdown still showing UUID
Root cause: SelectValue rendered ctx.value (the raw UUID passed to SelectItem's
value prop) instead of the display label (SelectItem's children). The custom
Select component had no mechanism to mirror a selected item's children into the
trigger area.
Fix: Select now builds a value→label Map by walking the children tree at render
time (collectLabels). The map is memoised on children. SelectValue reads the
display label from the map; if found, shows the label; otherwise falls back to
the raw value so existing behaviour is preserved for callers that don't need it.
1. kubectl credentials error (41 places in kube.rs)
Every kubectl invocation used .env("KUBERNETES_CONTEXT", context) which
is not a real kubectl environment variable — kubectl silently ignores it
and falls back to whatever current-context is set in the kubeconfig YAML.
If that context has expired or wrong credentials the auth failure occurs.
Replaced all 41 instances with .arg("--context").arg(context) so kubectl
always uses the correct context from the stored kubeconfig.
2. Cluster name still showed UUID (two causes)
a) Hotbar read from kubernetesStore.clusters (ClusterInfo[]) which is never
populated by the kubeconfig-based flow — always empty, so selectedCluster
was always undefined. Removed the Zustand cluster lookup from Hotbar and
added a clusterName prop passed from KubernetesPage.tsx (selectedConfig?.name).
b) ClusterOverview fell back to showing raw clusterId UUID when clusterName
was undefined. Changed subtitle to render conditionally so UUID never shows.
3. Bell dialog had no way to close
Custom DialogContent had no X button and no backdrop-click handler.
Added X close button (top-right) and backdrop-click-to-close.
4. Hotbar icons invisible in dark mode
variant="ghost" only styles hover state with no baseline text color.
Added className="text-foreground" to all icon-only ghost buttons.
Bug 1 — Dead multi-word tier3 entries / missing single-token commands
parse_single_command() extracts only the first token as `command`, so
multi-word entries like "kill -9", "init 0", "service stop" in the tier3
array never matched. Adding the single-token forms "kill", "pkill",
"killall", "init" to TIER3_COMMANDS ensures these commands are always
denied. Removed all dead multi-word entries.
Bug 2 — systemctl Tier 1 special case was dead code
systemctl was not in tier1_general, so the block that was supposed to
auto-execute `systemctl status` never ran. Moved systemctl handling into
its own block (TIER1_SYSTEMCTL_SUBCOMMANDS / TIER2_SYSTEMCTL_SUBCOMMANDS)
evaluated before the general tier checks. status, is-active, is-enabled,
list-units, list-unit-files → Tier 1; all others → Tier 2.
Bug 3 — ldapmodify / ldapdelete / ldapadd misclassified as Tier 1
Both appeared in the old tier1_general and tier2_general arrays; the tier1
check ran first, so LDAP write operations auto-executed. Removed them from
tier1. ldapsearch (read-only) remains Tier 1.
Dynamic Safety Architecture UI
Extracted all tier classification arrays to module-level pub const slices
(TIER3_COMMANDS, TIER1_KUBECTL_SUBCOMMANDS, etc.) so both the classifier
logic and a new get_classifier_rules() Tauri command share a single source
of truth. ShellExecution.tsx now calls getClassifierRulesCmd() on mount and
renders the actual command lists in collapsible per-tier cards — any change
to the const arrays is automatically reflected in the UI with no manual
documentation update needed.
Also fixes the cargo fmt CI failure introduced in the previous commit
(ClusterClient::new call reformatted to a single line).
Resolves four bugs in the Kubernetes management interface:
1. **Cluster not found error** - commands/kube.rs::list_nodes (and all other
kube resource commands) look up clusters from state.clusters (in-memory map)
which was never populated from the kubeconfig_files table. Add a new
connect_cluster_from_kubeconfig Tauri command that reads the encrypted
kubeconfig from the DB, decrypts it, and inserts a ClusterClient into
state.clusters. Wire it into KubernetesPage on initial load and cluster
change so the in-memory map is always populated before any kube command runs.
2. **Dropdown selection has no effect** - same root cause as #1; activating a
kubeconfig only updated the DB flag but never loaded the client into memory.
handleClusterChange now calls connectClusterFromKubeconfigCmd after activation.
3. **GUID shown instead of cluster name** - ClusterOverview displayed the raw
internal UUID as the page subtitle. Now accepts a clusterName prop (populated
from kubeconfig.context) and renders that instead. ClusterDetails similarly
changed to show kubeconfig.context in the header, not the UUID.
4. **Bell icon not clickable** - Hotbar bell button had no onClick handler. Add
optional onNotifications / notificationCount props; badge count is now dynamic
rather than hardcoded. KubernetesPage wires up a notifications dialog showing
active cluster context and a link to the Events section.
All changes follow TDD: failing tests written first, then implementation.
