Skip to main content

Discovery Policy Admin UI

OP-066e adds API-backed discovery policy administration to the Assets console.

Implemented:

  • Tenant admins and system admins can create discovery authorization policies with site, approved methods, network scope, safety profile, rate-limit ref, expiry, and reason.
  • Tenant admins and system admins can update existing policy status, methods, network scope, safety profile, rate-limit ref, expiry, and reason.
  • Operators and auditors keep read-only discovery policy/status visibility.
  • Mutations use same-origin frontend handlers that proxy to the existing OP-035R discovery policy APIs.
  • Frontend tests cover admin create/update behavior and non-admin hidden mutation controls.

Guardrails:

  • The UI does not start scans or passive discovery collection.
  • No Nmap, SNMP, WMI, DHCP, ARP, NetFlow, topology, command, SSH, patching, remote shell, or remote desktop runtime was added.
  • Discovery remains policy-gated by tenant/site authorization records and backend role/audit enforcement.

Validation:

  • npm --prefix frontend run typecheck
  • npm --prefix frontend test -- --run