example42 · alvagante · Jan 12, 2026 · Jan 6, 2026 · Jan 6, 2026 · Jan 7, 2026
diff --git a/.kiro/certificate-removal-analysis.md b/.kiro/certificate-removal-analysis.md
@@ -0,0 +1,323 @@
+# Certificate Functionality Removal Analysis
+
+## Executive Summary
+
+This document identifies all certificate-related functionality that needs to be removed from the codebase. The analysis reveals that **certificate management has already been partially removed** from the backend services, but references remain in:
+
+1. Frontend pages and components (some non-existent)
+2. Documentation and spec files
+3. Test files
+4. Kiro development notes
+
+## Key Finding: CertificateManagement Component Does Not Exist
+
+**CRITICAL**: The `CertificateManagement.svelte` component is **referenced but not implemented**:
+
+- Exported in `frontend/src/components/index.ts`
+- Imported in `frontend/src/pages/CertificatesPage.svelte`
+- **File does not exist** at `frontend/src/components/CertificateManagement.svelte`
+
+This is a broken import that will cause runtime errors.
+
+---
+
+## Files to Remove
+
+### Frontend Files
+
+#### Pages
+
+- **`frontend/src/pages/CertificatesPage.svelte`** - Entire page dedicated to certificate management
+  - Imports non-existent `CertificateManagement` component
+  - No longer needed
+
+#### Components
+
+- **`frontend/src/components/index.ts`** - Line 3
+  - Remove: `export { default as CertificateManagement } from "./CertificateManagement.svelte";`
+  - Note: Component file doesn't exist, so only the export needs removal
+
+#### UI References in Existing Components
+
+- **`frontend/src/pages/PuppetPage.svelte`** - Lines 16, 140, 149, 227-238, 371-392
+  - Remove 'certificates' from TabId type union
+  - Remove certificate tab button and UI
+  - Remove certificate tab content section
+  - Remove certificate-related state management
+
+- **`frontend/src/pages/NodeDetailPage.svelte`** - Certificate status references
+  - Search for and remove certificate status display
+  - Remove certificate-related tabs/sections
+
+### Backend Files
+
+#### Services
+
+- **`backend/src/integrations/puppetserver/PuppetserverService.ts`** - Lines with certificate methods
+  - `getInventory()` - Already returns empty array (certificate management removed)
+  - `getNode()` - Already returns null (certificate management removed)
+  - `listNodeStatuses()` - Already returns empty array (certificate management removed)
+  - `getNodeStatus()` - Already returns basic status (certificate management removed)
+  - `categorizeNodeActivity()` - Already returns 'unknown'
+  - `shouldHighlightNode()` - Already returns false
+  - `getSecondsSinceLastCheckIn()` - Already returns 0
+  - Note: These methods have already been gutted but contain certificate-related comments
+
+- **`backend/src/integrations/puppetserver/PuppetserverClient.ts`** - No certificate methods found
+  - Already removed or never implemented
+
+#### Error Handling
+
+- **`backend/src/middleware/errorHandler.ts`** - Line 122
+  - Remove: `case "CertificateOperationError":`
+  - This error type is no longer used
+
+#### Routes
+
+- **`backend/src/routes/integrations.ts`** - Certificate-related routes
+  - Search for `/certificates` endpoints
+  - No certificate endpoints found in current implementation (already removed)
+
+### Test Files
+
+#### Integration Tests
+
+- **`backend/test/integration/puppetserver-nodes.test.ts`** - Lines with certificate references
+  - Line 28: `certificateStatus: "signed"`
+  - Line 37: `certificateStatus: "requested"`
+  - Line 300: `expect(response.body.nodes[0]).toHaveProperty("certificateStatus")`
+  - Line 314: `expect(response.body.node.certificateStatus).toBe("signed")`
+  - Remove certificate status assertions and test data
+
+#### Property-Based Tests
+
+- **`backend/test/properties/puppetserver/property-18.test.ts`** - SSL certificate configuration
+  - Lines 155-157: SSL cert/key configuration tests
+  - These are for SSL/TLS authentication, not certificate management - **KEEP THESE**
+
+### Documentation Files
+
+#### Kiro Development Notes
+
+- **`.kiro/todo/puppetserver-ca-authorization-fix.md`** - Entire file
+  - Documents certificate authorization issues
+  - No longer relevant
+
+- **`.kiro/puppetdb-puppetserver-api-endpoints.md`** - Certificate-related sections
+  - Lines 95-113: "Certificate Authority (CA) Endpoints" section
+  - References to `getCertificates()`, `getCertificate()`, `signCertificate()`, `revokeCertificate()`
+  - References to certificate API routes
+  - Remove entire CA endpoints section
+
+#### Spec Files
+
+- **`.kiro/specs/puppetserver-integration/requirements.md`** - Certificate-related requirements
+  - Requirement 2: "Fix Puppetserver Certificate API"
+  - Requirement 3: "Fix Puppetserver Inventory Integration" (partially - inventory from CA)
+  - Requirement 13: "Restructure Navigation and Pages" - mentions "Certificates" section
+  - Requirement 14: "Restructure Node Detail Page" - mentions "Certificate Status" sub-tab
+  - Remove or update these requirements
+
+### Backend Configuration/Documentation
+
+- **`backend/test-certificate-api-verification.ts`** - Entire file
+  - Script for testing certificate API
+  - No longer needed
+  - **EXCEPTION**: Keep `generate-pabawi-cert.sh` script (mentioned in requirements)
+
+---
+
+## Files to Modify (Keep but Update)
+
+### Frontend Components
+
+#### `frontend/src/pages/PuppetPage.svelte`
+
+**Changes needed:**
+
+- Line 16: Remove `'certificates'` from `TabId` type
+- Line 140: Remove certificate tab from comment
+- Line 149: Remove `'certificates'` from array check
+- Lines 227-238: Remove entire certificate tab button
+- Lines 371-392: Remove entire certificate tab content section
+
+#### `frontend/src/pages/NodeDetailPage.svelte`
+
+**Changes needed:**
+
+- Search for and remove certificate status display
+- Remove certificate-related tabs or sections
+- Update tab navigation if certificates were a tab
+
+#### `frontend/src/components/PuppetserverSetupGuide.svelte`
+
+**Changes needed:**
+
+- Remove references to certificate generation
+- Remove SSL certificate configuration examples
+- Keep token-based authentication examples
+
+#### `frontend/src/components/PuppetdbSetupGuide.svelte`
+
+**Changes needed:**
+
+- Keep SSL certificate configuration (this is for SSL/TLS, not certificate management)
+- Remove references to certificate management features
+
+### Backend Services
+
+#### `backend/src/integrations/puppetserver/PuppetserverService.ts`
+
+**Changes needed:**
+
+- Remove or update comments mentioning certificate management
+- Keep the stub methods that return empty/null (they're already gutted)
+- Update class documentation to remove certificate references
+- Update `getNodeData()` method - remove 'certificate' data type if present
+
+#### `backend/src/integrations/puppetserver/PuppetserverClient.ts`
+
+**Changes needed:**
+
+- Remove any certificate-related method stubs
+- Update class documentation
+- Remove certificate-related comments
+
+#### `backend/src/middleware/errorHandler.ts`
+
+**Changes needed:**
+
+- Line 122: Remove `case "CertificateOperationError":`
+
+### Test Files
+
+#### `backend/test/integration/puppetserver-nodes.test.ts`
+
+**Changes needed:**
+
+- Remove `certificateStatus` from mock node data (lines 28, 37)
+- Remove certificate status assertions (lines 300, 314)
+- Update test descriptions if they mention certificates
+
+#### `backend/test/integration/puppetserver-catalogs-environments.test.ts`
+
+**Changes needed:**
+
+- Search for certificate references
+- Remove if found
+
+### Documentation
+
+#### `frontend/src/components/index.ts`
+
+**Changes needed:**
+
+- Line 3: Remove `export { default as CertificateManagement } from "./CertificateManagement.svelte";`
+
+#### `.kiro/specs/puppetserver-integration/requirements.md`
+
+**Changes needed:**
+
+- Remove Requirement 2: "Fix Puppetserver Certificate API"
+- Update Requirement 3: Remove certificate inventory references
+- Update Requirement 13: Remove "Certificates" from navigation
+- Update Requirement 14: Remove "Certificate Status" from node detail tabs
+- Renumber remaining requirements
+
+---
+
+## Files to Keep (SSL/TLS Configuration)
+
+These files contain SSL/TLS certificate configuration for authentication, NOT certificate management:
+
+- `backend/src/integrations/puppetserver/PuppetserverClient.ts` - SSL agent configuration
+- `backend/src/integrations/puppetdb/PuppetDBClient.ts` - SSL agent configuration
+- `backend/test/properties/puppetserver/property-18.test.ts` - SSL configuration tests
+- `frontend/src/components/PuppetserverSetupGuide.svelte` - SSL setup instructions
+- `frontend/src/components/PuppetdbSetupGuide.svelte` - SSL setup instructions
+- `backend/.env` - SSL certificate paths for authentication
+- `backend/.env.example` - SSL certificate path examples
+
+**Rationale**: These are for mutual TLS authentication between Pabawi and Puppetserver/PuppetDB, not for managing Puppet node certificates.
+
+---
+
+## Patterns to Search For
+
+When removing certificate functionality, search for these patterns:
+
+```typescript
+// Certificate-related patterns
+certificate
+cert (but not "certname" or "SSL cert")
+puppet-ca
+/puppet-ca/v1/
+getCertificate
+signCertificate
+revokeCertificate
+CertificateManagement
+CertificateOperationError
+certificateStatus
+```
+
+**Exclusions** (keep these):
+
+- `certname` - Node identifier in Puppet
+- `SSL cert` or `ssl.cert` - SSL/TLS authentication
+- `ca.pem` or `ca` in SSL context - CA certificate for SSL/TLS
+- `generate-pabawi-cert.sh` - Certificate generation script (keep)
+
+---
+
+## Summary of Changes
+
+### Files to Delete (5)
+
+1. `frontend/src/pages/CertificatesPage.svelte`
+2. `backend/test-certificate-api-verification.ts`
+3. `.kiro/todo/puppetserver-ca-authorization-fix.md`
+4. `.kiro/puppetdb-puppetserver-api-endpoints.md` (or update to remove CA section)
+5. `.kiro/specs/puppetserver-integration/requirements.md` (or update to remove certificate requirements)
+
+### Files to Modify (10+)
+
+1. `frontend/src/components/index.ts` - Remove export
+2. `frontend/src/pages/PuppetPage.svelte` - Remove certificate tab
+3. `frontend/src/pages/NodeDetailPage.svelte` - Remove certificate references
+4. `frontend/src/components/PuppetserverSetupGuide.svelte` - Remove certificate generation
+5. `backend/src/middleware/errorHandler.ts` - Remove error type
+6. `backend/test/integration/puppetserver-nodes.test.ts` - Remove certificate assertions
+7. `backend/src/integrations/puppetserver/PuppetserverService.ts` - Update comments
+8. `backend/src/integrations/puppetserver/PuppetserverClient.ts` - Update comments
+9. `.kiro/specs/puppetserver-integration/requirements.md` - Update requirements
+
+### Files to Keep (No Changes)
+
+- All SSL/TLS certificate configuration files
+- `generate-pabawi-cert.sh` script
+- PuppetDB and Puppetserver integration files (except noted modifications)
+
+---
+
+## Implementation Notes
+
+1. **CertificateManagement Component**: The component doesn't exist, so only the export in `index.ts` needs removal
+2. **Backend Services**: Certificate methods have already been gutted (return empty/null), but comments and error types remain
+3. **Tests**: Certificate status assertions need removal from test data
+4. **Documentation**: Kiro spec files reference certificate requirements that are no longer valid
+5. **SSL/TLS**: Ensure not to remove SSL certificate configuration used for authentication
+
+---
+
+## Verification Checklist
+
+After removal, verify:
+
+- [ ] No broken imports of `CertificateManagement`
+- [ ] No references to `/certificates` API endpoints
+- [ ] No `CertificateOperationError` in error handling
+- [ ] No `certificateStatus` in node data structures
+- [ ] No certificate-related tabs in UI
+- [ ] All tests pass
+- [ ] SSL/TLS authentication still works
+- [ ] Documentation is updated