feat(console): add GET/PUT tenant YAML API endpoint and PR template (#96)

* feat(console): add GET/PUT tenant YAML API endpoint

Add /api/v1/namespaces/{namespace}/tenants/{name}/yaml for reading and
editing the full Tenant CR as YAML (similar to MinIO operator).

GET: returns the complete Tenant CR serialized as YAML (managedFields
stripped for readability).

PUT: accepts edited YAML, validates name/namespace match, pool
uniqueness, and safely updates only spec/labels/annotations/finalizers
while preserving resourceVersion and immutable metadata.

Also applies Prettier formatting to existing console-web files.

Made-with: Cursor

* fix(console-web): add .dockerignore to fix Docker build (#97)

* feat(console): add GET/PUT tenant YAML API endpoint and PR template

Add /api/v1/namespaces/{namespace}/tenants/{name}/yaml for reading and
editing the full Tenant CR as YAML (similar to MinIO operator).

GET: returns the complete Tenant CR serialized as YAML (managedFields
stripped for readability).

PUT: accepts edited YAML, validates name/namespace match, pool
uniqueness, and safely updates only spec/labels/annotations/finalizers
while preserving resourceVersion and immutable metadata.

Also adds AGENTS.md (global + .github), PR template, and applies
Prettier formatting to existing console-web files.

Made-with: Cursor

* fix(console-web): add .dockerignore to fix Docker build (node_modules copy conflict)

Made-with: Cursor

* feat : Tenant yaml  edit

* feat： add status ,Namespace ,searchbox

* feat： Modify tenant action

* feat： yaml copy  and edit

* fix：  handleUnauthorized logout

* feat(console): add tenant state counts API and state filtering

* feat：Tenant state number

* feat： total card

* feat： remove cluster router

* feat： UI Box

* feat： number count

* feat： topology/overview api

* fix： parseSizeToBytes

* Console yaml (#98)

* feat(console): encryption and security-context APIs with validation

- Add GET/PUT encryption and security-context handlers and routes
- Require kmsSecret for Vault backend in reconcile and API validation
- Validate vault.endpoint and kmsSecretName in update_encryption (400 on invalid)
- Apply rustfmt and Prettier formatting

Made-with: Cursor

* chore(console-web): Node >=20, .nvmrc, Prettier and ESLint fixes

- Relax Node requirement from >=22 to >=20 for pre-commit in CI/dev
- Add .nvmrc (22) for nvm use
- Apply Prettier to page.tsx, tenants pages, globals.css, topology mock
- Fix useEffect deps: add initialYamlEditable in tenant-detail-client

Made-with: Cursor

---------

Co-authored-by: 马登山 <cxymds@qq.com>

Author: GatewayJ

.claude/settings.local.json

@@ -0,0 +1,9 @@
+{
+  "permissions": {
+    "allow": [
+      "Bash(cargo build:*)",
+      "Bash(cargo test:*)",
+      "Bash(cargo clippy:*)"
+    ]
+  }
+}

.github/AGENTS.md

@@ -0,0 +1,30 @@
+# GitHub Workflow Instructions
+
+Applies to `.github/` and repository pull-request operations.
+
+## Pull Requests
+
+- PR titles and descriptions must be in English.
+- Use `.github/pull_request_template.md` for every PR body.
+- Keep all template section headings.
+- Use `N/A` for non-applicable sections.
+- Include verification commands in the PR details.
+- For `gh pr create` and `gh pr edit`, always write markdown body to a file and pass `--body-file`.
+- Do not use multiline inline `--body`; backticks and shell expansion can corrupt content or trigger unintended commands.
+- Recommended pattern:
+  - `cat > /tmp/pr_body.md <<'EOF'`
+  - `...markdown...`
+  - `EOF`
+  - `gh pr create ... --body-file /tmp/pr_body.md`
+
+## CI Alignment
+
+When changing CI-sensitive behavior, keep local validation aligned with `.github/workflows/ci.yml`.
+
+Current `test-and-lint` gate includes:
+
+- `cargo fmt --all --check`
+- `cargo clippy --all-features -- -D warnings`
+- `cargo test --all`
+- `cd console-web && npm run lint`
+- `cd console-web && npx prettier --check "**/*.{ts,tsx,js,jsx,json,css,md}"`

.github/pull_request_template.md

@@ -0,0 +1,44 @@
+<!--
+Pull Request Template for RustFS Operator
+-->
+
+## Type of Change
+- [ ] New Feature
+- [ ] Bug Fix
+- [ ] Documentation
+- [ ] Performance Improvement
+- [ ] Test/CI
+- [ ] Refactor
+- [ ] Other:
+
+## Related Issues
+<!-- List related Issue numbers, e.g. #123 -->
+
+## Summary of Changes
+<!-- Briefly describe the main changes and motivation for this PR -->
+
+## Checklist
+- [ ] I have read and followed the [CONTRIBUTING.md](CONTRIBUTING.md) guidelines
+- [ ] Passed `make pre-commit` (fmt-check + clippy + test + console-lint + console-fmt-check)
+- [ ] Added/updated necessary tests
+- [ ] Documentation updated (if needed)
+- [ ] CHANGELOG.md updated under `[Unreleased]` (if user-visible change)
+- [ ] CI/CD passed (if applicable)
+
+## Impact
+- [ ] Breaking change (CRD/API compatibility)
+- [ ] Requires doc/config/deployment update
+- [ ] Other impact:
+
+## Verification
+<!-- Include commands reviewers can run to verify the change -->
+```bash
+make pre-commit
+```
+
+## Additional Notes
+<!-- Any extra information for reviewers -->
+
+---
+
+Thank you for your contribution! Please ensure your PR follows the community standards ([CODE_OF_CONDUCT.md](CODE_OF_CONDUCT.md)) and sign the CLA if this is your first contribution.

.gitignore

@@ -22,4 +22,5 @@ console-web/node_modules/
 
 # Docs / summaries (local or generated)
 CONSOLE-INTEGRATION-SUMMARY.md
-SCRIPTS-UPDATE.md
+SCRIPTS-UPDATE.md
+AGENTS.md

AGENTS.md

@@ -0,0 +1,69 @@
+# RustFS Operator Agent Instructions (Global)
+
+This root file keeps repository-wide rules only.
+Use the nearest subdirectory `AGENTS.md` for path-specific guidance.
+
+## Rule Precedence
+
+1. System/developer instructions.
+2. This file (global defaults).
+3. The nearest `AGENTS.md` in the current path (more specific scope wins).
+
+If repo-level instructions conflict, follow the nearest file and keep behavior aligned with CI.
+
+## Communication and Language
+
+- Respond in the same language used by the requester.
+- Keep source code, comments, commit messages, and PR title/body in English.
+
+## Sources of Truth
+
+- Workspace layout: `Cargo.toml`
+- Project overview and architecture: `CLAUDE.md`
+- Local quality commands: `Makefile`
+- CI quality gates: `.github/workflows/ci.yml`
+- PR template: `.github/pull_request_template.md`
+
+Avoid duplicating long command matrices in instruction files.
+Reference the source files above instead.
+
+## Mandatory Before Commit
+
+Run and pass:
+
+```bash
+make pre-commit
+```
+
+This runs: `fmt-check` → `clippy` → `test` → `console-lint` → `console-fmt-check`.
+
+Do not commit when required checks fail.
+
+## Git and PR Baseline
+
+- Use feature branches based on the latest `main`.
+- Follow Conventional Commits, with subject length <= 72 characters.
+- Keep PR title and description in English.
+- Use `.github/pull_request_template.md` and keep all section headings.
+- Use `N/A` for non-applicable template sections.
+- Include verification commands in the PR description.
+- When using `gh pr create`/`gh pr edit`, use `--body-file` instead of inline `--body` for multiline markdown:
+  ```bash
+  cat > /tmp/pr_body.md <<'EOF'
+  ...markdown...
+  EOF
+  gh pr create ... --body-file /tmp/pr_body.md
+  ```
+
+## Security Baseline
+
+- Never commit secrets, credentials, or key material.
+- Use environment variables or vault tooling for sensitive configuration.
+- Credential Secrets must contain `accesskey` and `secretkey` keys (both valid UTF-8, minimum 8 characters).
+
+## Architecture Constraints
+
+- All pools within a single Tenant form ONE unified RustFS cluster.
+- Do not assume pool-based storage tiering. For separate clusters, use separate Tenants.
+- Error handling uses `snafu`. New files must include Apache 2.0 license headers.
+- Do not invent RustFS ports/constants; verify against `CLAUDE.md` and official sources.

Makefile

@@ -12,7 +12,7 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
-.PHONY: pre-commit fmt fmt-check clippy test build help console-lint console-fmt console-fmt-check
+.PHONY: pre-commit fmt fmt-check clippy test build docker-build-operator docker-build-console-web docker-build-all help console-lint console-fmt console-fmt-check
 
 # 默认目标
 help:
@@ -25,6 +25,9 @@ help:
 	@echo "  make clippy           - 运行 clippy 检查"
 	@echo "  make test             - 运行 Rust 测试"
 	@echo "  make build            - 构建项目"
+	@echo "  make docker-build-operator  - 构建 operator 镜像 (IMAGE_REPO?=rustfs/operator IMAGE_TAG?=dev)"
+	@echo "  make docker-build-console-web - 构建 console-web 前端镜像 (CONSOLE_WEB_IMAGE_REPO?=rustfs/console-web CONSOLE_WEB_IMAGE_TAG?=dev)"
+	@echo "  make docker-build-all       - 构建 operator + console-web 两个镜像"
 	@echo "  make console-lint     - 前端 ESLint 检查 (console-web)"
 	@echo "  make console-fmt     - 前端 Prettier 自动格式化 (console-web)"
 	@echo "  make console-fmt-check - 前端 Prettier 格式检查 (console-web)"
@@ -64,3 +67,16 @@ console-fmt-check:
 # 构建
 build:
 	cargo build --release
+
+# 构建 Docker 镜像（operator：含 controller + console API；console-web：前端静态资源）
+IMAGE_REPO ?= rustfs/operator
+IMAGE_TAG  ?= dev
+docker-build-operator:
+	docker build -t $(IMAGE_REPO):$(IMAGE_TAG) .
+
+CONSOLE_WEB_IMAGE_REPO ?= rustfs/console-web
+CONSOLE_WEB_IMAGE_TAG  ?= dev
+docker-build-console-web:
+	docker build -t $(CONSOLE_WEB_IMAGE_REPO):$(CONSOLE_WEB_IMAGE_TAG) -f console-web/Dockerfile console-web
+
+docker-build-all: docker-build-operator docker-build-console-web

console-web/.claude/settings.local.json

@@ -0,0 +1,13 @@
+{
+  "permissions": {
+    "allow": [
+      "Bash(npx next:*)",
+      "mcp__ide__getDiagnostics",
+      "Bash(npx tsc:*)",
+      "WebFetch(domain:lh3.googleusercontent.com)",
+      "WebFetch(domain:lh3.google.com)",
+      "WebFetch(domain:gemini.google.com)",
+      "Bash(grep -l \"RiFolder\" node_modules/@remixicon/react/dist/*.mjs 2>/dev/null | head -3 || grep \"RiFolder\" node_modules/@remixicon/react/dist/index.d.ts 2>/dev/null | head -5 || echo \"try other path\"; find node_modules/@remixicon -name \"*.d.ts\" -maxdepth 3 2>/dev/null | head -3)"
+    ]
+  }
+}

console-web/.dockerignore

@@ -0,0 +1,24 @@
+# Dependencies: install inside container; avoid copying host node_modules (pnpm symlinks break COPY)
+node_modules
+
+# Build outputs
+.next
+out
+build
+
+# Git and IDE
+.git
+.gitignore
+.vscode
+.DS_Store
+
+# Env and debug
+.env*
+*.pem
+*.log
+
+# Test and misc
+coverage
+.vercel
+*.tsbuildinfo
+next-env.d.ts

console-web/.nvmrc

@@ -0,0 +1 @@
+22

console-web/README.md

@@ -50,7 +50,7 @@ Then configure the backend with `CORS_ALLOWED_ORIGINS` (see deploy README).
 
 ## Environment variables
 
-| Variable | Description | Default |
-|----------|-------------|--------|
-| `NEXT_PUBLIC_BASE_PATH` | Base path for the app (e.g. `/console`) | `""` |
-| `NEXT_PUBLIC_API_BASE_URL` | API base URL (relative or absolute) | `"/api/v1"` |
+| Variable                   | Description                             | Default     |
+| -------------------------- | --------------------------------------- | ----------- |
+| `NEXT_PUBLIC_BASE_PATH`    | Base path for the app (e.g. `/console`) | `""`        |
+| `NEXT_PUBLIC_API_BASE_URL` | API base URL (relative or absolute)     | `"/api/v1"` |