feat(security): implement decision and ruleset management with logging and retrieval

frontend/src/api/security.ts

@@ -30,9 +30,14 @@ export interface SecurityConfigPayload {
   enabled?: boolean
   admin_whitelist?: string
   crowdsec_mode?: string
+  crowdsec_api_url?: string
   waf_mode?: string
+  waf_rules_source?: string
+  waf_learning?: boolean
   rate_limit_enable?: boolean
   rate_limit_burst?: number
+  rate_limit_requests?: number
+  rate_limit_window_sec?: number
 }
 
 export const getSecurityConfig = async () => {
@@ -59,3 +64,23 @@ export const disableCerberus = async (payload?: any) => {
   const response = await client.post('/security/disable', payload || {})
   return response.data
 }
+
+export const getDecisions = async (limit = 50) => {
+  const response = await client.get(`/security/decisions?limit=${limit}`)
+  return response.data
+}
+
+export const createDecision = async (payload: any) => {
+  const response = await client.post('/security/decisions', payload)
+  return response.data
+}
+
+export const getRuleSets = async () => {
+  const response = await client.get('/security/rulesets')
+  return response.data
+}
+
+export const upsertRuleSet = async (payload: any) => {
+  const response = await client.post('/security/rulesets', payload)
+  return response.data
+}

frontend/src/hooks/useSecurity.ts

@@ -1,5 +1,5 @@
 import { useMutation, useQuery, useQueryClient } from '@tanstack/react-query'
-import { getSecurityStatus, getSecurityConfig, updateSecurityConfig, generateBreakGlassToken, enableCerberus, disableCerberus } from '../api/security'
+import { getSecurityStatus, getSecurityConfig, updateSecurityConfig, generateBreakGlassToken, enableCerberus, disableCerberus, getDecisions, createDecision, getRuleSets, upsertRuleSet } from '../api/security'
 import toast from 'react-hot-toast'
 
 export function useSecurityStatus() {
@@ -29,6 +29,30 @@ export function useGenerateBreakGlassToken() {
   return useMutation({ mutationFn: () => generateBreakGlassToken() })
 }
 
+export function useDecisions(limit = 50) {
+  return useQuery({ queryKey: ['securityDecisions', limit], queryFn: () => getDecisions(limit) })
+}
+
+export function useCreateDecision() {
+  const qc = useQueryClient()
+  return useMutation({
+    mutationFn: (payload: any) => createDecision(payload),
+    onSuccess: () => qc.invalidateQueries({ queryKey: ['securityDecisions'] }),
+  })
+}
+
+export function useRuleSets() {
+  return useQuery({ queryKey: ['securityRulesets'], queryFn: () => getRuleSets() })
+}
+
+export function useUpsertRuleSet() {
+  const qc = useQueryClient()
+  return useMutation({
+    mutationFn: (payload: any) => upsertRuleSet(payload),
+    onSuccess: () => qc.invalidateQueries({ queryKey: ['securityRulesets'] }),
+  })
+}
+
 export function useEnableCerberus() {
   const qc = useQueryClient()
   return useMutation({