Policy Fork/Edit UI

Status

Implemented for OP-066f. The Compliance Evidence console now exposes API-backed policy fork and tenant-managed policy edit controls for tenant admin and system admin roles.

What Was Implemented

Same-origin console handlers for policy fork and update mutations.
Policy catalog rendering that distinguishes Managed by OneProtect baselines from Managed by Tenant forks.
Fork controls for tenant admins/system admins, including a title override.
Tenant-managed policy edit controls for title, status, policy text, evidence expectations, and change summary.
Optimistic version payloads sent to the existing OP-038R policy update API.
Frontend tests for tenant admin fork/edit behavior and auditor read-only rendering.

Security / Tenant Isolation

The UI derives role behavior from the backend session. Tenant admins and system admins may fork baselines or update tenant-managed policies. Operators and auditors see policy details in read-only mode with mutation controls hidden, not disabled. OneProtect-managed baselines are never edited in place.

Validation

npm --prefix frontend run typecheck
npm --prefix frontend test -- --run
make docs-build

Known Limitations

No visual policy editor.
No diff view.
No approval workflow.
No bulk policy operations.

Status​

What Was Implemented​

Security / Tenant Isolation​

Validation​

Known Limitations​

Status

What Was Implemented

Security / Tenant Isolation

Validation

Known Limitations