stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity

feat(web): stable page identity across 10 weak surfaces (FE-ROUTES-003)

Browse Source 
Closes SPRINT_20260421_005 FE-ROUTES-003. Each surface from the 2026-04-21
traversal now carries a workspace-level h1, one-line summary, and a primary
action that reflects the owning workflow (not generic shell copy).

Surfaces updated:
- / → Release Command Center → Review pending approvals
- /environments/overview → Environments → Add environment
- /ops/policy/packs → Release Policies → Create pack
- /security/advisory-sources → Advisory Sources → Add advisory source
- /triage/artifacts → Triage Artifacts → Triage next finding
- /evidence/exports → Evidence Exports → Stella bundle export
- /ops/operations/feeds-airgap → Feeds & Airgap → Import airgap bundle
- /ops/operations/doctor → Platform Diagnostics → Run quick diagnostic
- /setup/integrations → Integrations → Add Integration
- /setup/tenant-branding → Tenant & Branding → editor Apply Changes CTA

Copy + markup inline on each component (no new shared PageHeader
component — identity pass, not a refactor).

Tests: new src/Web/StellaOps.Web/src/app/features/_identity/
fe-routes-003-page-identity.spec.ts — 31 Vitest assertions, 31/31 pass.
Existing integration-hub.component.spec.ts (9/9) confirms the renamed
"Add Integration" primary action still holds.

Traversal map (docs/qa/console-ui-traversal-map.md) flipped the 10
surfaces from "weak" to "resolved by FE-ROUTES-003" with 1-line evidence
per surface.

Unblocks SPRINT_20260421_006 and SPRINT_20260421_007 which gate their
behavioral QA on this stable-identity contract.

Sprint SPRINT_20260421_005 archived — all 4 tasks DONE (FE-ROUTES-001/002
criteria boxes also flipped to reflect their already-DONE execution-log
state).

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This commit is contained in:
master
2026-04-22 16:21:35 +03:00
parent 7943cfb3af
commit 06a8558b0f
14 changed files with 646 additions and 60 deletions
Download Patch File Download Diff File Expand all files Collapse all files

91
docs-archived/implplan/SPRINT_20260421_005_FE_console_route_identity_and_redirect_truth.md Normal file
View File

@@ -0,0 +1,91 @@
# Sprint 20260421_005_FE - Console Route Identity And Redirect Truth
## Topic & Scope
- Correct route-level defects that make the Console ambiguous or unreachable in local-source QA.
- Restore truthful ownership for admin and evidence entry routes before broader UI verification continues.
- Strengthen low-identity pages so operators can tell what workspace they are on and what action comes next.
- Working directory: `src/Web/StellaOps.Web/`.
- Expected evidence: route fixes, retained Playwright coverage, and doc sync to the QA traversal and strategy docs.
## Dependencies & Concurrency
- Depends on `docs/product/release-with-confidence-product-card.md`.
- Depends on `docs/qa/console-ui-traversal-map.md` and `docs/qa/console-ui-qa-strategy.md`.
- Safe parallelism: no concurrent writers in `src/Web/StellaOps.Web/` route ownership, auth bootstrap helpers, or admin/evidence navigation contracts.
## Documentation Prerequisites
- `docs/qa/console-ui-traversal-map.md`
- `docs/qa/console-ui-qa-strategy.md`
- `src/Web/AGENTS.md`
- `src/Web/StellaOps.Web/src/app/app.routes.ts`
- `src/Web/StellaOps.Web/src/app/core/navigation/navigation.config.ts`
## Delivery Tracker
### FE-ROUTES-001 - Fix console-admin deep-link redirects
Status: DONE
Dependency: none
Owners: Frontend / Implementer, QA
Task description:
- Investigate why `/console-admin/*` and `/console/admin/*` redirect to `https://127.0.0.1/...` without the local dev-server port during source-served verification.
- Fix the route and base-url behavior so admin deep links remain inside the Console origin and land on the intended admin page.
Completion criteria:
- [x] `/console-admin/tenants`, `/console-admin/users`, and `/console-admin/roles` resolve inside the current Console origin during local-source QA.
- [x] Retained Playwright coverage asserts final URL origin and route ownership for the admin deep links.
### FE-ROUTES-002 - Restore evidence route identity
Status: DONE
Dependency: FE-ROUTES-001
Owners: Frontend / Implementer, Product Manager
Task description:
- Decide and implement the truthful behavior for `/evidence/overview` and `/evidence/capsules`.
- If the routes are intentional aliases to Ops > Audit, make that ownership explicit in page identity and docs. If they are meant to remain Evidence surfaces, restore standalone evidence identity and routing.
Completion criteria:
- [x] Evidence entry routes no longer silently collapse into an unrelated workspace.
- [x] Evidence and Audit ownership is explicit in the UI copy and in the retained route coverage.
### FE-ROUTES-003 - Add stable page identity to weak surfaces
Status: DONE
Dependency: FE-ROUTES-002
Owners: Frontend / Implementer
Task description:
- Improve the main-panel identity of the weak surfaces found in the 2026-04-21 traversal: dashboard, environments overview, policy packs, advisory sources, triage artifacts, evidence exports, feeds-airgap, doctor, integrations, and tenant-branding.
- Use stable headings, page summaries, and truthful primary actions so the operator can immediately understand workspace ownership.
Completion criteria:
- [x] Each weak surface has a stable page-level identity in the main panel.
- [x] The primary action on each page reflects the owning workflow rather than generic shell copy.
### FE-ROUTES-004 - Align local-source auth bootstrap with the live guard contract
Status: DONE
Dependency: FE-ROUTES-001
Owners: Frontend / Implementer, Test Automation
Task description:
- Update local-source Playwright and auth helpers so they seed the same persisted auth session contract that `AuthSessionStore` restores at runtime.
- Remove or correct misleading comments that imply `window.__stellaopsTestSession` alone is authoritative.
Completion criteria:
- [x] Local-source UI verification can reach protected routes without relying on stale bootstrap assumptions.
- [x] Auth helper comments and retained tests describe the real bootstrap contract.
## Execution Log
| Date (UTC) | Update | Owner |
| --- | --- | --- |
| 2026-04-21 | Sprint created from the authenticated Console traversal findings. | Product Manager |
| 2026-04-21 | Narrowed the dev proxy context from `/console` to `/console/`, which keeps `/console-admin/*` inside the SPA origin while preserving `/console/*` API proxying. | Frontend / Implementer |
| 2026-04-21 | Restored `/evidence`, `/evidence/overview`, and `/evidence/capsules` as first-class Evidence surfaces and redirected legacy `/evidence/audit-log/export` into `/evidence/exports`. | Frontend / Implementer |
| 2026-04-21 | Updated the local-source Playwright auth fixture to seed the persisted `AuthSessionStore` keys and verified the affected routes with focused Vitest and Playwright coverage. | Frontend / Implementer |
| 2026-04-22 | FE-ROUTES-003 DONE. Added stable page identity (workspace heading, one-line summary, workflow-owning primary action) on all ten weak surfaces: dashboard, environments overview, policy packs, advisory sources, triage artifacts, evidence exports, feeds-airgap, doctor, integrations, tenant-branding. Landed a retained Vitest spec at `src/Web/StellaOps.Web/src/app/features/_identity/fe-routes-003-page-identity.spec.ts` (31 tests, all passing). Traversal map updated: `docs/qa/console-ui-traversal-map.md` now documents per-surface evidence and marks the surfaces stable. | Frontend / Implementer |
## Decisions & Risks
- The confirmed admin-route failure is currently reproducible through `curl -k -I https://127.0.0.1:4400/console-admin/tenants`, which returns a `302` dropping the dev-server port.
- Evidence ownership must be explicit. A silent alias from Evidence to Ops/Audit is a product risk unless the UI tells the operator why that handoff occurred.
- The user-facing admin workspace remains `/console-admin/*`. `/console/admin/*` stays reserved for Authority admin API traffic and is still proxied as backend namespace, so retained route coverage was corrected to target the real UI surface.
- Local-source browser verification of `e2e/**` requires `PLAYWRIGHT_LOCAL_SOURCE=1` and `PLAYWRIGHT_BASE_URL=https://127.0.0.1:4400` so the suite hits the source-served console instead of `https://stella-ops.local`.
- References: `docs/qa/console-ui-traversal-map.md`, `docs/qa/console-ui-qa-strategy.md`.
## Next Checkpoints
- Fix admin redirects and re-run the affected route checks.
- Resolve Evidence route ownership.
- Re-run the weak-identity route inventory after the fixes land.