Asset Detail Investigation UI
OP-066d completes the operator investigation loop from alert to ticket to asset context. The Assets page now shows richer API-backed endpoint detail and lets operators/admins create an investigation ticket from the asset.
What Changed
- Expanded asset detail to show tenant/site, FQDN, OS, first/last seen, collector/source confidence, hardware/network metadata, linked alerts, linked evidence, and asset timeline records.
- Added asset timeline data from
GET /api/v1/assets/{asset_id}/timeline. - Added a create-investigation-ticket action that posts through the existing
/console-api/oneprotect/ticketssame-origin handler. - Added session-expiry handling for mutation actions so expired OIDC access
cookies redirect back through login instead of leaving a terse
401failure in the panel. - Asset state now distinguishes an enrolled-agent managed endpoint from an approved-inventory allowlist match. Agent-managed endpoints render as managed; unknown agentless observations still render as unmanaged until approved.
- Hid investigation ticket controls from auditor sessions.
- Removed placeholder command/quarantine controls from the asset detail panel.
Guardrails
- No command execution, SSH, quarantine, active scan, topology, patching, or remote desktop controls were added.
- The create-ticket action uses the implemented tenant-scoped ticket API.
- Console proxy mutations refresh OIDC access tokens from the secure refresh cookie when available and force a fresh login when the session is no longer recoverable.
- Auditor users retain read-only asset context and timeline visibility.
- Hardware/source details are shown only from current redacted/read-model fields.
Validation
npm --prefix frontend run typecheck
npm --prefix frontend test -- --run
make docs-build
Acceptance
| Requirement | Evidence |
|---|---|
| Operator can view full asset detail | Assets page renders hardware, network, source, linked refs, and timeline context |
| Operator can create ticket from asset | Asset detail button posts /console-api/oneprotect/tickets with asset_id |
| Auditor sees read-only asset detail | Frontend test verifies create-ticket control is hidden |
| Expired session is recoverable | Mutation 401s redirect through login rather than failing silently |
| No unsupported remote actions | Command/quarantine placeholders are removed from the touched panel |