CipherVault 4.7 — Frontend coverage completo + observability + runbooks
38 PRs em 1 dia. Frontend cobre 100% das features v4.5/v4.6, Grafana
dashboard ciphervault-overview com 12 panels, 9 Prometheus alerts,
4 operator runbooks novos.
Teste suite estabilizada: 1261/1261 passing, 87 suites verdes.
✨ Frontend UI coverage (PRs #276-#285)
10 páginas/widgets novas:
| Página | PR | O que entrega |
|---|---|---|
| /Tenants | #276 | Suspend/unsuspend actions + purge countdown + reason inline |
| /Share | #277 | One-Time Share list + create modal + copy URL + revoke |
| /Environments | #278 | Tree hierarchy + chain visualization + effective_secrets com source highlighting + bind/unbind |
| Settings → OIDC tab | #279 | Discovery preview + JWKS keys table + rotate + AWS IAM setup walkthrough |
| Dashboard widgets | #283 | 4 StatCards (Shares + Envs + KMIP + BreachWatch) com fail-soft queries |
| Profile → GDPR section | #280 | Export download + typed-confirm forget gate |
| Tenants quota gauges | #280 | Progress bar color-coded por threshold |
| Settings → Infrastructure → HSM | #281 | Multi-provider grid + 4 cache metric cards + /health/hsm/cache |
| /Kmip | #282 | Status header + lifecycle distribution + ops support + objects table + detail modal |
| AuditLogs filter | #284 | 14 novos action types com emoji + cores por severity |
| /EndpointDiscovery | #285 | Backend ingestion + admin list + 4 stat cards + filterable table |
✨ Observability — Grafana + Prometheus (#287)
Dashboard ciphervault-overview com 12 panels:
- Leases gauges (active/expiring/expired por engine)
- Latency p50/p95/p99 por endpoint
- Multi-KM health (Local + AWS KMS + PKCS#11)
- Cache hit rate (HSM cache, JWKS cache, Lease cache)
- Replication lag (CDC checkpoint Postgres → MongoDB/MySQL)
- Phase 5 multi-region replica state
- Build info (version, commit, env)
Prometheus alerts — 9 rules:
| Severidade | Count |
|---|---|
| Critical | 2 (DB down, master_key_rotate failed) |
| Warning | 5 (HSM cache miss spike, lease pool > 80%, replication lag > 5min, etc.) |
| Info | 2 (cert renew em 30d, baseline anomaly low confidence) |
Auto-provisioning configs em docker-compose.observability.yml:
docker compose -f docker-compose.yml \
-f infrastructure/docker-compose/docker-compose.observability.yml up -d
# Grafana em :3001 com dashboard pré-importado, Prometheus :9090
✨ Operator runbooks (#288)
4 novos:
OIDC_AWS_SETUP.md— walkthrough OIDC provider → IAM trust → dynamic backendRLS_ACTIVATION.md— 4-phase Postgres Row-Level Security rollout (sombra → enforced → rollback drill → cleanup)KMIP_CLIENT_TESTING.md— pykmip examples + OASIS conformance checklistDR_PLAYBOOK.md— 7 recovery scenarios (region failover, KMS rotation rollback, HSM bricked, full restore from snapshot, partial corruption, network partition, master_key compromise)
🐛 Test stability (#286)
AD/LDAP engines test isolation via lazy require de ldapjs. Eliminou
21 test failures intermitentes. Suíte agora rola 1261/1261 passing,
87 suites verdes — sem flakies.
Comparison pages (#292)
Públicas no docs site, vs Doppler/Vault/Akeyless. Honestas sobre onde CipherVault perde (ex: maturidade ecosystem vs Vault) e onde ganha (LGPD-native, brazilian timezone support, dual-license).
DR Test Report (#291)
Execution report do DR drill 2026-Q2 publicado em docs/dr-test-2026-q2.md.
Validado RTO 12min / RPO 38s real (target: RTO 15min / RPO < 60s).
Atualizando
helm upgrade ciphervault ciphervault/ciphervault --version 4.7.0 \
--reuse-values
# Importar dashboard Grafana
kubectl apply -f infrastructure/observability/grafana-dashboard-cv-overview.yaml
# Importar Prometheus rules
kubectl apply -f infrastructure/observability/prometheus-alerts.yaml
— Rafael Martinez, CEO