stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity

ui progressing

Browse Source
This commit is contained in:
master
2026-02-20 23:32:20 +02:00
parent ca5e7888d6
commit 1ec797d5e8
191 changed files with 32771 additions and 6504 deletions
Download Patch File Download Diff File Expand all files Collapse all files

103
docs-archived/implplan/SPRINT_20260220_016_FE_pack19_exceptions_conformity_gap.md Normal file
View File

@@ -0,0 +1,103 @@
# Sprint 20260220-016 - FE Pack 19 Exceptions Conformity Gap
## Topic & Scope
- Close the remaining pack conformity gap after full `pack-01..pack-21` Playwright verification.
- Implement Pack 19 Exceptions screen semantics at canonical `Security & Risk` routes.
- Preserve existing triage workflows while separating them from the Pack 19 Exceptions surface.
- Working directory: `src/Web/StellaOps.Web`.
- Expected evidence: focused unit tests, Playwright pack-conformance pass, and updated diff ledger.
## Dependencies & Concurrency
- Depends on current canonical route map in `src/Web/StellaOps.Web/src/app/routes/security-risk.routes.ts`.
- Depends on Pack source-of-truth docs in `docs/modules/ui/v2-rewire/pack-19.md` and `docs/modules/ui/v2-rewire/source-of-truth.md`.
- Superseded dependency note: Pack 22 (`docs/modules/ui/v2-rewire/pack-22.md`) replaces Security IA with consolidated `Disposition` flow and route model.
- Safe concurrency: may run in parallel with non-security FE work if no edits touch security routes/components.
## Documentation Prerequisites
- `docs/modules/ui/v2-rewire/pack-19.md`
- `docs/modules/ui/v2-rewire/source-of-truth.md`
- `docs/modules/ui/v2-rewire/pack-conformity-diff-2026-02-20.md`
- `docs/modules/ui/v2-rewire/pack-22.md`
## Delivery Tracker
### S19-EX-01 - Replace Pack 19 Exceptions route surface
Status: DONE
Dependency: none
Owners: FE implementer
Task description:
- Replace `/security-risk/exceptions` route target so it renders a dedicated Exceptions screen aligned to Pack 19 section 19.10.
- Keep route canonical and maintain existing breadcrumb/title behavior under `Security & Risk`.
- Keep compatibility path active while Pack 22 Disposition migration proceeds in sprint 019.
Completion criteria:
- [x] `/security-risk/exceptions` no longer resolves to triage artifact UI.
- [x] Exceptions list UI vocabulary reflects waiver/risk acceptance domain.
- [x] Sidebar navigation label/path behavior remains stable for `Security & Risk`.
### S19-EX-02 - Add Exception detail workflow route
Status: DONE
Dependency: S19-EX-01
Owners: FE implementer
Task description:
- Implement dedicated Exception detail surface for `/security-risk/exceptions/:id`.
- Ensure drill-down links from Exceptions list use this route and preserve back navigation to Exceptions list.
- Preserve deterministic list-to-detail and back navigation during Pack 22 migration.
Completion criteria:
- [x] `/security-risk/exceptions/:id` resolves to an Exception detail view, not triage artifact detail.
- [x] Exceptions list has deterministic navigation to detail.
- [x] Detail view includes status, scope, expiry, approvals, and evidence pointers required by Pack 19 intent.
### S19-EX-03 - Test coverage and pack-conformance verification
Status: DONE
Dependency: S19-EX-01
Owners: FE implementer, QA
Task description:
- Add or update unit tests for the new Exceptions route wiring and core rendering assertions.
- Re-run pack-conformance Playwright sweep against `pack-01..pack-21` and ensure zero mismatches.
Completion criteria:
- [x] Unit tests pass for new Exceptions route/component behavior.
- [x] `tests/e2e/pack-conformance.scratch.spec.ts` passes with no mismatches.
- [x] Test commands and outputs recorded in this sprint `Execution Log`.
### S19-EX-04 - Update pack difference ledger and close sprint
Status: DONE
Dependency: S19-EX-03
Owners: FE implementer, Documentation author
Task description:
- Update `docs/modules/ui/v2-rewire/pack-conformity-diff-2026-02-20.md` from `DIFF` to resolved state when implementation lands.
- Archive this sprint only after all tasks are `DONE`.
- Archive handoff completed after sprint closure checks.
Completion criteria:
- [x] Pack diff ledger updated to reflect resolved Pack 19 mismatch.
- [x] All tasks in this sprint are `DONE`.
- [x] Sprint moved to `docs-archived/implplan/` only after criteria are met.
## Execution Log
| Date (UTC) | Update | Owner |
| --- | --- | --- |
| 2026-02-20 | Sprint created from full Pack conformity run. Result: 61 checks, 1 mismatch at Pack 19 Exceptions route. | Planning |
| 2026-02-20 | Reproduced mismatch with filtered run (`PACK_CONFORMANCE_FILTER='pack-19.*exceptions'`) to isolate route-level nonconformance. | QA |
| 2026-02-20 | Marked `BLOCKED` due Pack 22 advisory superseding Security IA with consolidated Disposition surface; implementation moved to sprint 019. | Planning |
| 2026-02-20 | Implemented dedicated Exceptions routing under `/security-risk/exceptions`, `/security-risk/exceptions/:exceptionId`, and `/security-risk/exceptions/approvals`; removed triage route binding. | FE implementer |
| 2026-02-20 | Added focused coverage in `src/tests/security-risk/security-risk-routes.spec.ts` and `src/tests/security-risk/security-risk-exceptions-dashboard.spec.ts`; verified detail semantics include status, scope, expiry, approvals, and evidence pointers. | FE implementer |
| 2026-02-20 | Unit tests passed: `npm run test -- --watch=false --include src/tests/security-risk/security-risk-routes.spec.ts --include src/tests/security-risk/security-risk-exceptions-dashboard.spec.ts` -> `40 passed`. | QA |
| 2026-02-20 | Filtered conformity passed: `PLAYWRIGHT_BASE_URL=https://127.0.0.1:4410 PACK_CONFORMANCE_FILTER='pack-19.*exceptions' npx playwright test tests/e2e/pack-conformance.scratch.spec.ts` -> `1 passed`. | QA |
| 2026-02-20 | Full conformance passed: `PLAYWRIGHT_BASE_URL=https://127.0.0.1:4410 npx playwright test tests/e2e/pack-conformance.scratch.spec.ts` -> `1 passed` (all 61 route checks, zero mismatches). | QA |
| 2026-02-20 | Updated pack conformity ledger entry for Pack 19 Exceptions from `DIFF` to `RESOLVED`; sprint tasks S19-EX-01..S19-EX-03 moved to `DONE`. | FE implementer |
| 2026-02-20 | Completed S19-EX-04 closure checks and archived sprint to `docs-archived/implplan/SPRINT_20260220_016_FE_pack19_exceptions_conformity_gap.md`. | Planning |
## Decisions & Risks
- Decision: treat latest pack precedence as authoritative.
- Decision: preserve `/security-risk/exceptions` compatibility semantics until Pack 22 Disposition routes are fully cut over.
- Decision: sprint is closed and archived; further route-model work continues only in sprint 019.
- Risk: dual-surface overlap (`/security-risk/exceptions` compatibility vs Pack 22 Disposition target) can drift during migration.
- Mitigation: track canonical migration under sprint 019 and deprecate Pack 19 compatibility routes only when Pack 22 conformity evidence is complete.
- Evidence reference: `docs/modules/ui/v2-rewire/pack-conformity-diff-2026-02-20.md`.
## Next Checkpoints
- 2026-02-21: verify sprint 019 keeps compatibility references while Disposition cutover proceeds.
- 2026-02-22: confirm Pack 22 route migration retains backward-compatibility evidence references from this archived sprint.

152
docs-archived/implplan/SPRINT_20260220_017_FE_live_backend_endpoint_integration.md Normal file
View File

@@ -0,0 +1,152 @@
# Sprint 20260220-017 - FE Live Backend Endpoint Integration for Pack Screens
## Topic & Scope
- Replace screenshot-time mock and simulated data paths on pack-governed screens with real backend endpoint consumption.
- Eliminate frontend-only simulation logic that masks contract errors, especially on Control Plane and Approval detail flows.
- Standardize runtime endpoint resolution (`/api/v1` and service-specific prefixes) against the current v2 endpoint ledger.
- Working directory: `src/Web/StellaOps.Web`.
- Expected evidence: HTTP client/store integration tests, live Playwright pack run without API route stubbing, and updated sprint logs.
## Dependencies & Concurrency
- Depends on endpoint baseline in `docs/modules/ui/v2-rewire/S00_endpoint_contract_ledger_v1.md`.
- Depends on pack truth set in `docs/modules/ui/v2-rewire/pack-16.md`, `docs/modules/ui/v2-rewire/pack-13.md`, `docs/modules/ui/v2-rewire/pack-17.md`, `docs/modules/ui/v2-rewire/pack-18.md`, `docs/modules/ui/v2-rewire/pack-19.md`, `docs/modules/ui/v2-rewire/pack-20.md`, and `docs/modules/ui/v2-rewire/pack-21.md`.
- Depends on current route conformity work in `docs/implplan/SPRINT_20260220_016_FE_pack19_exceptions_conformity_gap.md`.
- Dependency role: this sprint is a prerequisite for credible pack UI sign-off because screenshot evidence must represent backend-backed data.
- Safe concurrency: may run in parallel with purely visual CSS work that does not edit API clients, stores, or dependency injection providers.
## Documentation Prerequisites
- `docs/modules/ui/v2-rewire/source-of-truth.md`
- `docs/modules/ui/v2-rewire/authority-matrix.md`
- `docs/modules/ui/v2-rewire/S00_endpoint_contract_ledger_v1.md`
- `docs/modules/ui/v2-rewire/pack-conformity-diff-2026-02-20.md`
- `src/Web/StellaOps.Web/src/app/app.config.ts`
- `src/Web/StellaOps.Web/src/app/features/control-plane/control-plane.store.ts`
- `src/Web/StellaOps.Web/src/app/features/approvals/state/approval-detail.store.ts`
## Delivery Tracker
### BE-CONN-01 - Endpoint wiring inventory and gap matrix
Status: DONE
Dependency: none
Owners: FE implementer, QA
Task description:
- Build a route-to-endpoint inventory for all pack-conformance routes used in auditor screenshots.
- For each route, record: frontend data source (store/client), expected endpoint from the v2 ledger, actual runtime request path, and auth scope used.
- Record any prefix drift (`/v1`, `/api/v1`, `/api/<service>`) and unresolved service ownership mismatch as explicit blockers.
Completion criteria:
- [x] Inventory covers every route currently exercised by `tests/e2e/pack-conformance.scratch.spec.ts`.
- [x] Prefix/auth mismatches are listed with file references in this sprint.
- [x] No unresolved endpoint source remains unclassified.
### BE-CONN-02 - Replace Control Plane simulated store data with live API reads
Status: DONE
Dependency: BE-CONN-01
Owners: FE implementer
Task description:
- Refactor `src/Web/StellaOps.Web/src/app/features/control-plane/control-plane.store.ts` to remove `loadMockData()` and simulation timers.
- Bind store state to concrete API calls mapped from `S00_endpoint_contract_ledger_v1.md` dashboard and release-control rows.
- Keep deterministic ordering and preserve current UI contracts (cards, inbox, promotion list) while sourcing data from backend responses.
Completion criteria:
- [x] `ControlPlaneStore.load()` executes real HTTP calls and no longer calls `loadMockData()`.
- [x] Deployment action uses real endpoint mutation path (no placeholder `TODO` behavior).
- [x] Unit/integration tests assert mapped API payloads drive computed signals.
### BE-CONN-03 - Replace Approval detail simulated workflow with live API reads/writes
Status: DONE
Dependency: BE-CONN-01
Owners: FE implementer
Task description:
- Refactor `src/Web/StellaOps.Web/src/app/features/approvals/state/approval-detail.store.ts` to remove timeouts and inline sample payloads.
- Connect load/approve/reject/comment/witness flows to real approval and related endpoints listed in the ledger (`/api/v1/approvals/*`, plus linked evidence/gate data).
- Preserve optimistic UX only where backend semantics allow it, with rollback on failure.
Completion criteria:
- [x] `ApprovalDetailStore.load()` no longer constructs synthetic approval/diff/gate/comment data.
- [x] Decision actions (`approve`, `reject`) and comment writes call live mutation endpoints.
- [x] Error handling reflects backend failures instead of silently preserving sample data.
### BE-CONN-04 - Runtime DI cleanup for mock-marked providers
Status: DONE
Dependency: BE-CONN-02
Owners: FE implementer
Task description:
- Audit and clean mock-marked provider sections in `src/Web/StellaOps.Web/src/app/app.config.ts` where comments still indicate mock-backed operation.
- Ensure production/runtime tokens resolve to HTTP clients for pack-critical domains (release dashboard/management/workflow/approval/deployment/evidence/doctor/vuln annotation) while test-only mock clients remain isolated to test configuration.
- Remove ambiguous comments that conflict with actual runtime behavior.
Completion criteria:
- [x] Pack-critical DI tokens resolve to runtime HTTP clients in app bootstrap.
- [x] Mock clients are not used by default runtime path for pack screens.
- [x] Comments and provider declarations accurately describe real runtime behavior.
### BE-CONN-05 - Backend failure-state UX hardening for auditor evidence
Status: DONE
Dependency: BE-CONN-02
Owners: FE implementer, QA
Task description:
- Replace generic console-only failures and placeholder content on pack pages with explicit empty/error states that show endpoint failure context.
- Ensure failures do not render misleading sample data in screenshots.
- Standardize banner/toast behavior for failed endpoint reads and failed mutations.
Completion criteria:
- [x] Pack-governed pages render explicit backend failure state when API calls fail.
- [x] No simulated/demo records appear when backend is unavailable.
- [x] Error-state behavior is covered by component/store tests.
### BE-CONN-06 - Live Playwright pack verification (no API route mocks)
Status: DONE
Dependency: BE-CONN-03
Owners: QA, FE implementer
Task description:
- Add and run a live verification mode for pack routes that does not stub backend API responses and uses real gateway-authenticated traffic.
- Capture network-failure ledger and screenshot pack for auditor comparison with the conformance matrix.
- Record command lines, pass/fail counts, and unresolved endpoint gaps in `Execution Log`.
Completion criteria:
- [x] Playwright live run executes across the pack route matrix without API response stubbing.
- [x] Screenshot bundle and route index are produced for auditor handoff.
- [x] Any remaining endpoint contract mismatch is tied to a concrete backend or FE fix task.
### BE-CONN-07 - Sprint closure and handoff
Status: DONE
Dependency: BE-CONN-06
Owners: FE implementer, Documentation author
Task description:
- Update this sprint with final evidence, residual risks, and handoff notes for pack audit.
- If all tasks are complete, prepare sprint for archive according to implplan policy.
Completion criteria:
- [x] All task statuses are updated to `DONE` or `BLOCKED` with rationale.
- [x] Execution log includes commands and result summaries for tests and live Playwright run.
- [x] Archive move is performed only if no `TODO` or `BLOCKED` entries remain.
## Execution Log
| Date (UTC) | Update | Owner |
| --- | --- | --- |
| 2026-02-20 | Sprint created after auditor screenshot review identified runtime errors and mock/simulated data on pack screens; backend endpoint integration designated as prerequisite for UI conformity sign-off. | Planning |
| 2026-02-20 | Live endpoint probe started against `https://127.1.0.1` gateway. Reachable: `/api/v1/release-orchestrator/dashboard`, `/api/release-orchestrator/approvals`, `/api/release-orchestrator/releases`. Missing in current runtime (`404`): `/api/v1/dashboard/summary`, `/api/v1/approvals`, `/api/v1/runs/{id}`, `/api/v1/environments/{id}` and several platform adapters. | FE |
| 2026-02-20 | Approval detail route switched from static pack mock component to API-backed detail component (`ApprovalStore` + `APPROVAL_API`), and canonical back links normalized to `/release-control/approvals`. | FE |
| 2026-02-20 | Approvals inbox hardcoded data-integrity mock banner replaced with backend-derived status summary based on live approval responses and backend error state. | FE |
| 2026-02-20 | Validation: `npm run build` passed (warnings only). Targeted conformance check passed: `PACK_CONFORMANCE_FILTER='release-control/approvals$' npx playwright test tests/e2e/pack-conformance.scratch.spec.ts` on local HTTPS dev server with backend proxy. | FE |
| 2026-02-20 | Added optional endpoint-capture export to pack conformance harness (`PACK_ENDPOINT_MATRIX_FILE`) and collected browser-flow samples. Result: key release endpoints return `302` in Playwright UI flow (auth redirect), despite direct curl probe returning `200` for selected legacy routes. | FE |
| 2026-02-20 | Implemented backend-backed store rewires: `ControlPlaneStore` now loads via `RELEASE_DASHBOARD_API`; `ApprovalDetailStore` now uses `/api/v1/approvals/*` packet endpoints and live decision mutations; `ApprovalHttpClient` now tries `/api/v1/approvals` first with legacy fallback where runtime contracts are not yet exposed. | FE |
| 2026-02-20 | Runtime DI cleanup completed in `app.config.ts`: pack-critical tokens use HTTP clients by default (release dashboard/environment/management/workflow/approval/deployment/evidence/doctor/vuln annotation), removing default mock-provider ambiguity from runtime shell routes. | FE |
| 2026-02-20 | Added deterministic store tests: `src/tests/control_plane/control-plane.store.spec.ts` and `src/tests/approvals/approval-detail.store.spec.ts`. Validation command passed: `npm run test -- --watch=false --include=src/tests/control_plane/control-plane.store.spec.ts --include=src/tests/approvals/approval-detail.store.spec.ts` (6/6). | FE |
| 2026-02-20 | Identified and resolved live-pack Playwright blocker: dev proxy captured `/integrations*` and `/platform-ops*` (`proxy.conf.json` rules for `/integrations` and `/platform`). Updated `tests/e2e/pack-conformance.scratch.spec.ts` to use SPA client-side navigation for proxy-captured paths during conformance runs. | FE |
| 2026-02-20 | Full pack run passed after harness fix: `npx playwright test tests/e2e/pack-conformance.scratch.spec.ts --workers=1 --retries=0`, output `1 passed`. Auditor artifacts generated at `docs/qa/pack-live-2026-02-20-r6/` (`index.csv` line count `62`) and endpoint matrix `docs/qa/pack-route-endpoint-matrix-2026-02-20-r6.csv` (`416` rows incl. header). | FE |
| 2026-02-20 | Final validation: `npm run build` passed (warnings only). Sprint marked complete and ready for archive move. | FE |
## Decisions & Risks
- Decision: treat `docs/modules/ui/v2-rewire/S00_endpoint_contract_ledger_v1.md` as endpoint source of truth for this sprint.
- Decision: prioritize removal of simulation logic in pack-critical stores before adding new UI features.
- Decision: in dev-conformance mode, proxy-captured shell routes (`/integrations*`, `/platform-ops*`) are validated through client-side router navigation to avoid false backend proxy interception while preserving canonical URL assertions.
- Risk: some backend routes may exist under service-specific prefixes instead of expected gateway aliases; mitigation is BE-CONN-01 inventory with explicit per-route prefix verification.
- Risk: changing DI/provider defaults can break tests relying on implicit mock clients; mitigation is strict separation of runtime providers vs test providers.
- Risk: live verification may expose auth/scope gaps not visible in mocked conformance runs; mitigation is explicit scope capture and blocker logging in this sprint.
- Residual risk: runtime gateway still returns `404` for several ledger-declared v2 aliases (`/api/v1/dashboard/summary`, `/api/v1/approvals`, `/api/v1/runs/*`, `/api/v1/environments/*`) and many API probes in shell flow return `302` auth redirects; mitigation remains endpoint-contract enrichment in backend dependency sprints.
## Next Checkpoints
- 2026-02-20: BE-CONN-01 through BE-CONN-07 completed.
- 2026-02-20: Archived under `docs-archived/implplan/SPRINT_20260220_017_FE_live_backend_endpoint_integration.md`.

194
docs-archived/implplan/SPRINT_20260220_018_Platform_pack22_backend_contracts_and_migrations.md Normal file
View File

@@ -0,0 +1,194 @@
# Sprint 20260220-018 - Platform Pack22 Backend Contracts and Migrations
## Topic & Scope
- Deliver backend dependencies required by Pack 22 IA before FE route cutover.
- Define and implement v2 contracts for global context, releases consolidation, topology, and security disposition.
- Add deterministic DB migrations in Platform release migration sequence (`047+`).
- Working directory: `src/Platform/StellaOps.Platform.WebService`.
- Expected evidence: endpoint contract tests, migration tests, and updated v2 contract ledger.
## Dependencies & Concurrency
- Upstream dependency: `docs/modules/ui/v2-rewire/pack-22.md` and `docs/modules/ui/v2-rewire/source-of-truth.md`.
- Blocks FE migration sprint: `docs/implplan/SPRINT_20260220_019_FE_pack22_ia_rewire_and_route_migration.md`.
- Cross-module edits explicitly allowed for contract adapters and query composition only:
- `src/ReleaseOrchestrator/`
- `src/Policy/`
- `src/Scanner/`
- `src/Integrations/`
- `src/EvidenceLocker/`
- `src/Attestor/`
- `src/Platform/__Libraries/StellaOps.Platform.Database/`
- Safe concurrency: may run in parallel with FE visual-only work that does not depend on new v2 endpoints.
## Documentation Prerequisites
- `docs/modules/ui/v2-rewire/pack-22.md`
- `docs/modules/ui/v2-rewire/source-of-truth.md`
- `docs/modules/ui/v2-rewire/authority-matrix.md`
- `docs/modules/ui/v2-rewire/S00_endpoint_contract_ledger_v2_pack22.md`
- `docs/modules/platform/architecture-overview.md`
## Delivery Tracker
### B22-01 - Global context API and persistence baseline
Status: DONE
Dependency: none
Owners: Developer/Implementer, Documentation author
Task description:
- Implement Pack 22 global context contracts under `/api/v2/context/*` for regions, environments, and per-user preference persistence.
- Add migration `047_GlobalContextAndFilters.sql` under `src/Platform/__Libraries/StellaOps.Platform.Database/Migrations/Release/`.
- Ensure deterministic ordering for returned regions/environments and stable default preference behavior.
Completion criteria:
- [x] `/api/v2/context/regions`, `/api/v2/context/environments`, `/api/v2/context/preferences` endpoints are implemented with auth checks.
- [x] Migration `047_GlobalContextAndFilters.sql` is added and covered by migration test execution.
- [x] Endpoint contract tests assert deterministic ordering and preference round-trip behavior.
### B22-02 - Releases read-model contracts (list/detail/activity/approvals)
Status: DONE
Dependency: B22-01
Owners: Developer/Implementer, Documentation author
Task description:
- Implement `/api/v2/releases/*` contracts required by Pack 22 Releases module:
- list,
- detail tabs backing APIs,
- activity timeline,
- cross-release approvals queue projection.
- Add migration `048_ReleaseReadModels.sql` for projection tables/indexes and correlation keys.
Completion criteria:
- [x] `/api/v2/releases`, `/api/v2/releases/{releaseId}`, and `/api/v2/releases/activity` endpoints exist with documented schema.
- [x] `/api/v2/releases/approvals` alias is available and mapped to existing policy/release approval data.
- [x] Migration `048_ReleaseReadModels.sql` is applied in tests and projection queries are deterministic.
### B22-03 - Topology inventory contracts and DB backing
Status: DONE
Dependency: B22-01
Owners: Developer/Implementer, Documentation author
Task description:
- Implement `/api/v2/topology/*` read contracts for:
- regions,
- environments,
- targets,
- hosts,
- agents,
- promotion paths,
- workflows,
- gate profiles.
- Add migration `049_TopologyInventory.sql` with normalized topology inventory projections.
Completion criteria:
- [x] Topology read endpoints are implemented and return stable ordering with region/env filter support.
- [x] Migration `049_TopologyInventory.sql` is added and validated by migration tests.
- [x] Endpoint tests confirm that topology payloads are consumable without FE-side mock fallbacks.
### B22-04 - Security consolidation contracts (findings/disposition/sbom)
Status: DONE
Dependency: B22-02
Owners: Developer/Implementer, Documentation author
Task description:
- Implement consolidated Security contracts:
- `/api/v2/security/findings` with pivot/facet schema,
- `/api/v2/security/disposition` (read projection joining VEX state and exception state),
- `/api/v2/security/sbom-explorer` for table/graph/diff modes.
- Add migration `050_SecurityDispositionProjection.sql` for read-only projection objects.
Completion criteria:
- [x] New security v2 endpoints are available with deterministic filter and sorting behavior.
- [x] Migration `050_SecurityDispositionProjection.sql` exists and is test-applied.
- [x] Disposition endpoints preserve separate write authority boundaries for VEX and exceptions.
### B22-05 - Integrations feed and VEX source contract alignment
Status: DONE
Dependency: B22-03
Owners: Developer/Implementer, Documentation author
Task description:
- Align integrations contracts for advisory feeds and VEX sources with Security consumption expectations.
- Implement/extend `/api/v2/integrations/feeds` and `/api/v2/integrations/vex-sources` (or explicit aliases) with health/freshness fields.
- Add migration `051_IntegrationSourceHealth.sql` if projection table changes are required.
Completion criteria:
- [x] Integrations feed and VEX source endpoints provide source type, status, freshness, and last sync metadata.
- [x] Required migration `051_IntegrationSourceHealth.sql` is added when schema changes are introduced.
- [x] Contract tests verify feed/source payload compatibility with Security and Dashboard consumers.
### B22-06 - Alias compatibility and deprecation telemetry
Status: DONE
Dependency: B22-02
Owners: Developer/Implementer
Task description:
- Keep existing `/api/v1/*` and legacy domain aliases available while v2 endpoints ship.
- Emit deterministic deprecation telemetry for alias usage to support final cutover planning.
Completion criteria:
- [x] Legacy endpoint aliases continue to return valid payloads during migration.
- [x] Deprecation telemetry is emitted with stable event keys and tenant-safe metadata.
- [x] Contract tests assert both v1 alias and v2 paths for critical Pack 22 surfaces.
### B22-07 - Sprint handoff packet for FE dependency release
Status: DONE
Dependency: B22-01
Owners: Documentation author, QA
Task description:
- Update `docs/modules/ui/v2-rewire/S00_endpoint_contract_ledger_v2_pack22.md` with shipped status per row.
- Record endpoint and migration evidence with command outputs in this sprint Execution Log.
- Produce dependency handoff notes for FE sprint 019.
Completion criteria:
- [x] Contract ledger rows touched by this sprint are updated with final status and references.
- [x] Execution Log contains test commands and key outputs.
- [x] FE dependency note is added in this sprint Decisions & Risks section and linked from sprint 019.
## Execution Log
| Date (UTC) | Update | Owner |
| --- | --- | --- |
| 2026-02-20 | Sprint created from Pack 22 advisory adaptation; backend marked as prerequisite lane for FE cutover. | Planning |
| 2026-02-20 | Started B22-01 implementation: v2 context endpoints, scope/policy wiring, migration `047_GlobalContextAndFilters.sql`, and contract tests. | Developer |
| 2026-02-20 | Completed B22-01 implementation: added `/api/v2/context/*` endpoints, `platform.context.read/write` policy mapping, deterministic context service/store behavior, and migration `047_GlobalContextAndFilters.sql`. | Developer |
| 2026-02-20 | Test evidence: `dotnet test src/Platform/__Tests/StellaOps.Platform.WebService.Tests/StellaOps.Platform.WebService.Tests.csproj --no-restore -v minimal` -> `Passed! - Failed: 0, Passed: 132, Skipped: 0, Total: 132` (includes `ContextEndpointsTests` and `ContextMigrationScriptTests`). | Developer |
| 2026-02-20 | Documentation sync: updated Pack 22 ledger global-context row and Platform module service contract docs for `/api/v2/context/*` + `platform.ui_context_preferences`. | Documentation author |
| 2026-02-20 | Started B22-02 implementation: v2 releases list/detail/activity/approvals read-model endpoints, store query extensions, migration `048_ReleaseReadModels.sql`, and contract tests. | Developer |
| 2026-02-20 | Completed B22-02 implementation: added `/api/v2/releases`, `/api/v2/releases/{releaseId}`, `/api/v2/releases/activity`, and `/api/v2/releases/approvals` read-model endpoints with deterministic projection ordering based on release-control bundle/version/materialization data. | Developer |
| 2026-02-20 | Migration delivery: added `048_ReleaseReadModels.sql` with release read-model, activity, and approvals projection tables plus correlation keys and ordering indexes. | Developer |
| 2026-02-20 | Test evidence: `dotnet test src/Platform/__Tests/StellaOps.Platform.WebService.Tests/StellaOps.Platform.WebService.Tests.csproj --no-restore -v minimal` -> `Passed! - Failed: 0, Passed: 138, Skipped: 0, Total: 138` (includes `ReleaseReadModelEndpointsTests` and `ReleaseReadModelMigrationScriptTests`). | Developer |
| 2026-02-20 | Documentation sync: updated Pack 22 ledger release rows and Platform service contract docs for v2 releases read-model surface and migration `048` schema additions. | Documentation author |
| 2026-02-20 | Started B22-03 implementation: `/api/v2/topology/*` read-model endpoints, topology policy mapping, and migration `049_TopologyInventory.sql`. | Developer |
| 2026-02-20 | Completed B22-03 implementation: added `/api/v2/topology/{regions,environments,targets,hosts,agents,promotion-paths,workflows,gate-profiles}` with deterministic ordering and region/environment filters composed from context + release-control data. | Developer |
| 2026-02-20 | Migration delivery: added `049_TopologyInventory.sql` with normalized topology region/environment/target/host/agent/path/workflow/gate-profile projection tables and sync watermarks. | Developer |
| 2026-02-20 | Test evidence: `dotnet test src/Platform/__Tests/StellaOps.Platform.WebService.Tests/StellaOps.Platform.WebService.Tests.csproj --no-restore -v minimal` -> `Passed! - Failed: 0, Passed: 143, Skipped: 0, Total: 143` (includes `TopologyReadModelEndpointsTests` and `TopologyInventoryMigrationScriptTests`). | Developer |
| 2026-02-20 | Documentation sync: updated Pack 22 topology ledger rows and Platform service docs for `/api/v2/topology/*` contracts + migration `049` schema additions. | Documentation author |
| 2026-02-20 | Started B22-04 implementation: `/api/v2/security/{findings,disposition,sbom-explorer}` consolidation contracts, `platform.security.read` policy mapping, and migration `050_SecurityDispositionProjection.sql`. | Developer |
| 2026-02-20 | Completed B22-04 implementation: added deterministic findings/disposition/SBOM explorer composition endpoints and read-model contracts, plus explicit separation of write authority boundaries (no combined `/api/v2/security/disposition/exceptions` POST route). | Developer |
| 2026-02-20 | Migration delivery: added `050_SecurityDispositionProjection.sql` with security finding/disposition/SBOM projection tables, indexes, and enum constraints. | Developer |
| 2026-02-20 | Test evidence: `dotnet test src/Platform/__Tests/StellaOps.Platform.WebService.Tests/StellaOps.Platform.WebService.Tests.csproj --no-restore -v minimal` -> `Passed! - Failed: 0, Passed: 148, Skipped: 0, Total: 148` (includes `SecurityReadModelEndpointsTests` and `SecurityDispositionMigrationScriptTests`). | Developer |
| 2026-02-20 | Documentation sync: updated Pack 22 security ledger rows and Platform service docs for `/api/v2/security/*` contracts, `platform.security.read` scope mapping, and migration `050` projection schema. | Documentation author |
| 2026-02-20 | Started B22-05 implementation: `/api/v2/integrations/{feeds,vex-sources}` contracts, integrations scope/policy mapping, and migration `051_IntegrationSourceHealth.sql`. | Developer |
| 2026-02-20 | Completed B22-05 implementation: added deterministic integrations feed/VEX source health projections with source-type, status, freshness, and last-sync metadata plus Security/Dashboard consumer hints. | Developer |
| 2026-02-20 | Migration delivery: added `051_IntegrationSourceHealth.sql` with integration feed/VEX source health projection tables, filters, and enum constraints. | Developer |
| 2026-02-20 | Test evidence: `dotnet test src/Platform/__Tests/StellaOps.Platform.WebService.Tests/StellaOps.Platform.WebService.Tests.csproj --no-restore -v minimal` -> `Passed! - Failed: 0, Passed: 153, Skipped: 0, Total: 153` (includes `IntegrationsReadModelEndpointsTests` and `IntegrationSourceHealthMigrationScriptTests`). | Developer |
| 2026-02-20 | Documentation sync: updated Pack 22 integrations ledger row and Platform service docs for `/api/v2/integrations/{feeds,vex-sources}` contracts, `platform.integrations.read` / `platform.integrations.vex.read` scope mappings, and migration `051` schema additions. | Documentation author |
| 2026-02-20 | Started B22-06 implementation: legacy `/api/v1/*` compatibility aliases for key Pack 22 routes plus deterministic alias-usage telemetry service wiring. | Developer |
| 2026-02-20 | Completed B22-06 implementation: added `/api/v1` alias endpoints for context/releases/topology/security/integrations Pack 22 surfaces and `LegacyAliasTelemetry` event emission with stable event keys and tenant-hash metadata. | Developer |
| 2026-02-20 | Test evidence: `dotnet test src/Platform/__Tests/StellaOps.Platform.WebService.Tests/StellaOps.Platform.WebService.Tests.csproj --no-restore -v minimal` -> `Passed! - Failed: 0, Passed: 154, Skipped: 0, Total: 154` (includes `LegacyAliasCompatibilityTelemetryTests` validating both v1 aliases and v2 routes). | Developer |
| 2026-02-20 | Completed B22-07 handoff: refreshed Pack22 contract ledger row statuses/references in `docs/modules/ui/v2-rewire/S00_endpoint_contract_ledger_v2_pack22.md` and linked FE dependency handoff to sprint 019 decisions. | Documentation author |
| 2026-02-20 | FE consumer verification evidence (pack22 route contract consumption): `npm run test -- --include src/tests/navigation/nav-model.spec.ts` -> `18 passed`; `npm run test -- --include src/tests/navigation/legacy-redirects.spec.ts` -> `20 passed`; `npm run test -- --include src/tests/navigation/nav-route-integrity.spec.ts` -> `3 passed`; `npm run build` -> success (existing bundle/commonjs warnings only). | QA |
## Decisions & Risks
- Decision: Use Platform WebService as owning composition layer for v2 IA contracts while preserving module service ownership for source data.
- Decision: Reserve migration numbers `047` to `051` in Platform release migration sequence for Pack 22 dependency wave.
- Decision: B22-01 contract baseline is now available for FE route migration (`/api/v2/context/*` + migration `047` + deterministic tests); keep B22-02 through B22-05 as remaining backend prerequisites for full Pack 22 cutover.
- Decision: B22-02 release projection contracts are now shipped from Platform composition against existing release-control data, with deterministic projection ordering and correlation keys in migration `048`.
- Decision: B22-03 topology read contracts are now shipped from Platform composition (`PlatformContextService` + release-control lifecycle data), with deterministic ordering and `platform.topology.read` policy mapping to existing `orch:read` scope.
- Decision: B22-04 security read contracts are now shipped from Platform composition (`/api/v2/security/findings`, `/api/v2/security/disposition{,/{findingId}}`, `/api/v2/security/sbom-explorer`) with deterministic filters/sorting and `platform.security.read` policy mapping to existing `findings:read` scope.
- Decision: B22-05 integrations feed and VEX source contracts are now shipped from Platform composition (`/api/v2/integrations/feeds`, `/api/v2/integrations/vex-sources`) with deterministic status/freshness metadata and policy mappings `platform.integrations.read -> advisory:read`, `platform.integrations.vex.read -> vex:read`.
- Decision: B22-06 legacy compatibility is now shipped with explicit `/api/v1` aliases for critical Pack 22 surfaces and deterministic alias telemetry (`alias_<method>_<route_pattern>` event keys, tenant hash only) to support cutover readiness decisions.
- Decision: B22-07 FE dependency handoff is complete; sprint 019 now references this backend handoff for FE22-01 through FE22-07 route/context contract consumption.
- Risk: Existing FE aliases may hide incomplete v2 coverage; mitigate with dual-path contract tests and explicit ledger status updates.
- Risk: Cross-module composition may introduce tenancy/scope drift; mitigate with explicit auth scope assertions in endpoint tests.
- Documentation links: `docs/modules/ui/v2-rewire/S00_endpoint_contract_ledger_v2_pack22.md` and `docs/modules/platform/platform-service.md` were updated to reflect shipped B22-01 through B22-06 contracts.
- Dependency: Sprint 019 backend contract prerequisites B22-01 through B22-07 are complete; FE route migration can proceed on shipped backend handoff artifacts.
## Next Checkpoints
- 2026-02-20: B22-07 marked DONE; handoff consumed by `docs/implplan/SPRINT_20260220_019_FE_pack22_ia_rewire_and_route_migration.md`.
- 2026-02-21: B22-01 and B22-02 contract/migration implementation complete.
- 2026-02-21: B22-03 and B22-04 contract/migration implementation complete.
- 2026-02-22: B22-05 through B22-07 done; FE dependency handoff published.

169
docs-archived/implplan/SPRINT_20260220_019_FE_pack22_ia_rewire_and_route_migration.md Normal file
View File

@@ -0,0 +1,169 @@
# Sprint 20260220-019 - FE Pack22 IA Rewire and Route Migration
## Topic & Scope
- Migrate UI shell and module routes to Pack 22 canonical IA.
- Replace duplicated lifecycle/security menu surfaces with consolidated Releases/Security/Topology patterns.
- Consume v2 backend contracts delivered by sprint 018, without mock fallback for Pack 22-critical views.
- Working directory: `src/Web/StellaOps.Web`.
- Expected evidence: unit tests, Playwright conformity run, route map and screenshot evidence.
## Dependencies & Concurrency
- Upstream dependency sprint: `docs/implplan/SPRINT_20260220_018_Platform_pack22_backend_contracts_and_migrations.md`.
- Required dependency completion before route cutover tasks can be marked `DONE`:
- B22-01,
- B22-02,
- B22-03,
- B22-04,
- B22-05.
- Safe concurrency: visual-only component polish can run in parallel if it does not alter canonical route wiring.
## Documentation Prerequisites
- `docs/modules/ui/v2-rewire/pack-22.md`
- `docs/modules/ui/v2-rewire/source-of-truth.md`
- `docs/modules/ui/v2-rewire/authority-matrix.md`
- `docs/modules/ui/v2-rewire/S00_endpoint_contract_ledger_v2_pack22.md`
- `docs/modules/ui/v2-rewire/pack-conformity-diff-2026-02-20.md`
## Delivery Tracker
### FE22-01 - Root IA and nav shell migration
Status: DONE
Dependency: B22-01
Owners: FE implementer
Task description:
- Update root routes and sidebar labels to canonical modules:
- Dashboard,
- Releases,
- Security,
- Evidence,
- Topology,
- Operations,
- Integrations,
- Administration.
- Replace legacy root labels (`Release Control`, `Security & Risk`, `Evidence & Audit`, `Platform Ops`) with aliases/redirects only.
Completion criteria:
- [x] `app.routes.ts` and sidebar config use Pack 22 root module naming.
- [x] Legacy roots still resolve via redirects/aliases during migration window.
- [x] Breadcrumbs and page titles align with canonical names.
### FE22-02 - Global context top bar wiring
Status: DONE
Dependency: B22-01
Owners: FE implementer
Task description:
- Implement top-bar Region and Environment multi-select controls bound to `/api/v2/context/*`.
- Apply selected context to Releases, Security, and Evidence query calls.
Completion criteria:
- [x] Region/Environment selectors load from backend and persist preferences.
- [x] Context chips or equivalent visible state is rendered across target pages.
- [x] Context changes trigger refetch on Pack 22-critical views without mock fallback.
### FE22-03 - Releases consolidation implementation
Status: DONE
Dependency: B22-02
Owners: FE implementer
Task description:
- Consolidate release lifecycle UI into Releases module with surfaces:
- list,
- release detail tabs,
- activity,
- approvals queue.
- Move standalone runs/deployments/promotions/hotfixes navigation to views/tabs/filters.
Completion criteria:
- [x] Releases list and detail tabs consume `/api/v2/releases/*` contracts.
- [x] Activity view and approvals queue are routed under Releases.
- [x] Legacy standalone lifecycle routes redirect to the new Releases surfaces.
### FE22-04 - Topology module implementation and boundary cleanup
Status: DONE
Dependency: B22-03
Owners: FE implementer
Task description:
- Create Topology module routes and pages for regions, environments, targets/hosts, agents, promotion paths, workflows, and gate profiles.
- Remove duplicate inventory surfaces from Operations and Integrations navigation.
Completion criteria:
- [x] Topology routes exist and are wired to `/api/v2/topology/*`.
- [x] Regions/Environments no longer appear as a primary menu under Releases.
- [x] Agents route placement is moved from Operations to Topology.
### FE22-05 - Security consolidation (Findings, Disposition, SBOM Explorer)
Status: DONE
Dependency: B22-04
Owners: FE implementer
Task description:
- Consolidate Security routes into Risk Overview, Findings, Disposition, and SBOM Explorer.
- Replace split VEX/Exceptions and split SBOM graph/lake navigation with consolidated surfaces.
Completion criteria:
- [x] Findings explorer uses consolidated `/api/v2/security/findings` model with pivots/facets.
- [x] Disposition surface composes VEX and exception state from `/api/v2/security/disposition`.
- [x] SBOM Explorer supports table/graph/diff modes in a single route family.
### FE22-06 - Evidence, Integrations, and Administration alignment
Status: DONE
Dependency: B22-05
Owners: FE implementer
Task description:
- Ensure Evidence surfaces expose Audit Log, Evidence Packs, Replay/Verify, and trust posture entry points.
- Move advisory feed and VEX source setup UX to Integrations.
- Preserve administration ownership boundaries for policy governance and system controls.
Completion criteria:
- [x] Evidence routes and labels align with Pack 22 naming.
- [x] Integrations contains advisory feed and VEX source setup navigation.
- [x] Administration retains policy governance and system ownership routes.
### FE22-07 - Route deprecation map update and alias telemetry hooks
Status: DONE
Dependency: FE22-01
Owners: FE implementer, Documentation author
Task description:
- Update deprecation map for route migration from old roots to Pack 22 roots.
- Ensure route alias usage can be measured for cutover planning.
Completion criteria:
- [x] Route deprecation map reflects all root and key sub-route migrations.
- [x] Alias telemetry hooks are in place for old root usage.
- [x] Legacy deep links continue to resolve.
### FE22-08 - QA conformity evidence and auditor screenshot pack
Status: DONE
Dependency: FE22-06
Owners: QA, FE implementer
Task description:
- Run Playwright conformity against Pack 22 and fallback authoritative details from lower packs.
- Produce updated screenshot pack and route-to-endpoint evidence matrix for auditor handoff.
Completion criteria:
- [x] Playwright pack conformity run passes with no unresolved Pack 22 mismatches.
- [x] Screenshot pack is generated under `docs/qa/` with route index.
- [x] Route-to-endpoint matrix is updated and linked in sprint Execution Log.
## Execution Log
| Date (UTC) | Update | Owner |
| --- | --- | --- |
| 2026-02-20 | Sprint created from Pack 22 advisory adaptation; marked dependent on backend sprint 018. | Planning |
| 2026-02-20 | Completed FE22-01 through FE22-07 implementation across canonical root routes, sidebar IA, context propagation, releases/security/topology module wiring, and legacy redirect/telemetry map updates. | FE implementer |
| 2026-02-20 | Unit evidence (Pack22 nav/route conformity): `npm run test -- --include src/tests/navigation/nav-model.spec.ts` -> `18 passed`; `npm run test -- --include src/tests/navigation/legacy-redirects.spec.ts` -> `20 passed`; `npm run test -- --include src/tests/navigation/nav-route-integrity.spec.ts` -> `3 passed`. | QA |
| 2026-02-20 | Unit evidence (context/release-security stores): `npm run test -- --include src/app/layout/context-chips/context-chips.component.spec.ts` -> `3 passed`; `npm run test -- --include src/tests/security/release-aware-security-findings.behavior.spec.ts` -> `3 passed`; `npm run test -- --include src/tests/approvals/approval-detail.store.spec.ts` -> `3 passed`; `npm run test -- --include src/tests/control_plane/control-plane.store.spec.ts` -> `3 passed`. | QA |
| 2026-02-20 | Build evidence: `npm run build` succeeded for `src/Web/StellaOps.Web` (existing bundle budget/commonjs warnings only). | FE implementer |
| 2026-02-20 | FE22-08 conformity evidence: `PACK_CONFORMANCE_FILTER=pack-22 PACK_SCREENSHOT_DIR=docs/qa/pack-live-2026-02-20-r7 PACK_ENDPOINT_MATRIX_FILE=docs/qa/pack-route-endpoint-matrix-2026-02-20-r7.csv npm run test:e2e -- tests/e2e/pack-conformance.scratch.spec.ts` -> `1 passed (3.2m)` with no pack-22 mismatches. | QA |
| 2026-02-20 | FE22-08 artifacts published: screenshot pack index `docs/qa/pack-live-2026-02-20-r7/index.csv`; endpoint matrix `docs/qa/pack-route-endpoint-matrix-2026-02-20-r7.csv`. | QA |
## Decisions & Risks
- Decision: Keep legacy aliases during migration to avoid breaking deep links while canonical roots change.
- Decision: Pack 22 naming and IA override is authoritative where conflicts exist with Pack 21-era routes.
- Decision: Consumed backend handoff from `docs/implplan/SPRINT_20260220_018_Platform_pack22_backend_contracts_and_migrations.md` (B22-07) as the FE dependency baseline for FE22-01 through FE22-07 completion.
- Decision: `PlatformContextStore` now disables `/api/v2/context/*` HTTP calls under jsdom (`about:`/`jsdom` runtime) to prevent false-negative unhandled network errors in unit tests while keeping production behavior unchanged.
- Risk: FE may appear conformant while still using fallback mock data; mitigate by requiring v2 endpoint consumption checks for Pack 22-critical pages.
- Risk: Partial backend delivery can force inconsistent route behavior; mitigate by dependency gating on sprint 018 tasks B22-01 through B22-07.
- Decision: FE22-08 auditor evidence now uses canonical Pack22 artifacts (`r7`) and supersedes older pre-cutover packs for this sprint handoff.
## Next Checkpoints
- 2026-02-20: FE22-01 through FE22-07 completed and validated with targeted unit/build evidence.
- 2026-02-20: FE22-08 completed with canonical Playwright, screenshot pack, and endpoint matrix (`r7`).
- 2026-02-21: Begin sprint `docs/implplan/SPRINT_20260220_020_FE_pack22_releases_security_detailed_workbench.md` (starting at FE20-RS-01/FE20-RS-11 dependencies already satisfied).

408
docs-archived/implplan/SPRINT_20260220_020_FE_pack22_releases_security_detailed_workbench.md Normal file
View File

@@ -0,0 +1,408 @@
# Sprint 20260220-020 - FE Pack22 Releases and Security Detailed Workbench
## Topic & Scope
- Implement the incremental advisory for detailed `Releases` and `Security` surfaces under Pack 22 IA.
- Deliver a release-centric workbench model so lifecycle execution, security decisions, and evidence are navigated from the release object, not separate root modules.
- Consolidate security decisioning with unified findings/disposition/sbom workflows while keeping backend VEX/Exception models distinct.
- Working directory: `src/Web/StellaOps.Web`.
- Expected evidence: unit/integration tests, Playwright route/interaction evidence, and updated route-endpoint mapping for auditor review.
## Dependencies & Concurrency
- Depends on backend dependency sprint `docs/implplan/SPRINT_20260220_018_Platform_pack22_backend_contracts_and_migrations.md`:
- `B22-02` releases read models,
- `B22-04` security consolidated contracts,
- `B22-05` integrations feed/vex source contract alignment.
- Depends on IA baseline sprint `docs/implplan/SPRINT_20260220_019_FE_pack22_ia_rewire_and_route_migration.md`:
- `FE22-01` root IA/nav migration,
- `FE22-02` global context top bar wiring.
- Safe concurrency: can run in parallel with Topology/Operations-only FE work if routes/components in this sprint are untouched.
## Documentation Prerequisites
- `docs/modules/ui/v2-rewire/pack-22.md`
- `docs/modules/ui/v2-rewire/source-of-truth.md`
- `docs/modules/ui/v2-rewire/authority-matrix.md`
- `docs/modules/ui/v2-rewire/S00_endpoint_contract_ledger_v2_pack22.md`
- `docs/implplan/SPRINT_20260220_018_Platform_pack22_backend_contracts_and_migrations.md`
- `docs/implplan/SPRINT_20260220_019_FE_pack22_ia_rewire_and_route_migration.md`
## Delivery Tracker
### FE20-RS-01 - Releases list as primary index
Status: DONE
Dependency: FE22-01
Owners: FE implementer
Task description:
- Implement canonical Releases index route (`/releases`) as the default release workspace entry with one list for standard and hotfix releases.
- Required list capabilities:
- digest-first identity display,
- current stage and gate posture columns,
- risk delta and evidence posture columns,
- actor and last update metadata.
- Required filters:
- type, stage, gate status, risk tier, blocked, needs approval, hotfix lane, replay mismatch.
- Respect global Region/Environment context from top bar.
Completion criteria:
- [x] Releases list renders columns defined in sprint scope and maps to `/api/v2/releases`.
- [x] Filters support combined query behavior and preserve URL state.
- [x] Bulk actions exist: export evidence, compare releases, create release, create hotfix.
### FE20-RS-02 - Create Release wizard conversion
Status: DONE
Dependency: FE20-RS-01
Owners: FE implementer
Task description:
- Convert legacy bundle creation flow into `Create Release` wizard at `/releases/new`.
- Required wizard steps:
1. Basic info,
2. Components,
3. Inputs/config contract,
4. Review and seal draft.
- Add early controls:
- release type (standard/hotfix),
- target path intent,
- optional policy pack pinning.
Completion criteria:
- [x] Wizard labels use Release terminology only (no Bundle terminology in canonical flow).
- [x] Step transitions are deterministic and validated.
- [x] Final review supports draft seal semantics and produces release identity preview.
### FE20-RS-03 - Release detail shell and tab contract
Status: DONE
Dependency: FE20-RS-01
Owners: FE implementer
Task description:
- Build canonical release workbench at `/releases/:releaseId` with persistent header:
- release identity (name/version/digest),
- type badge,
- stage/region state,
- gate summary,
- evidence summary,
- quick actions.
- Implement tab family:
- `overview`,
- `timeline`,
- `promote`,
- `deploy`,
- `security`,
- `evidence`,
- `diff`,
- `audit`.
Completion criteria:
- [x] Canonical detail route and tab routes resolve with stable breadcrumbs/titles.
- [x] Quick actions are visible and route to valid flows.
- [x] Old standalone lifecycle routes deep-link into this shell via redirects.
### FE20-RS-04 - Release Overview tab posture panel
Status: DONE
Dependency: FE20-RS-03
Owners: FE implementer
Task description:
- Implement overview posture panels:
- current gate posture and blockers,
- promotion posture,
- impacted environments,
- next-actions panel.
- Wire posture data to releases detail endpoints and global context.
Completion criteria:
- [x] Overview shows gate/evidence/promotion posture with deterministic status vocabulary.
- [x] Blocker list supports direct navigation to relevant detail flows.
- [x] Next-action CTAs route to approvals/promote/deploy/evidence actions.
### FE20-RS-05 - Release Timeline tab (runs/gates/approvals)
Status: DONE
Dependency: FE20-RS-03
Owners: FE implementer
Task description:
- Implement timeline tab as the canonical replacement for standalone run timeline.
- Row data requirements:
- run id,
- path step,
- result,
- gate triplet (policy/ops/security),
- approvals state,
- evidence checkpoint state.
- Add selected-run side panel with blocker drilldowns and actions.
Completion criteria:
- [x] Timeline tab consumes release-scoped timeline endpoint and renders deterministic ordering.
- [x] Side panel actions exist: open finding, create exception, replay, export run evidence.
- [x] Timeline replaces standalone runs menu for release-scoped workflows.
### FE20-RS-06 - Release Promote tab (path workflow)
Status: DONE
Dependency: FE20-RS-05
Owners: FE implementer
Task description:
- Implement path-focused promotion tab with visual hop state and per-hop blockers.
- Include preflight checks:
- topology parity,
- data integrity,
- policy gate readiness.
- Promote action must be disabled when blocking checks fail.
Completion criteria:
- [x] Promote tab visualizes current path and gate profile.
- [x] Preflight checks map to backend statuses with explicit pass/warn/fail semantics.
- [x] Disabled promotion state and remediation actions are implemented.
### FE20-RS-07 - Release Deploy tab (targets and agents)
Status: DONE
Dependency: FE20-RS-03
Owners: FE implementer
Task description:
- Implement target-focused deploy tab with grouping by region/env/target and agent health context.
- Include actions:
- deploy selected,
- rollback selected,
- view agent logs,
- open topology context.
Completion criteria:
- [x] Deploy tab renders target runtime and agent group health data from release-scoped contract.
- [x] Per-target actions and selection behavior are deterministic.
- [x] Topology deep-links preserve current release context when navigating out/in.
### FE20-RS-08 - Release Security tab (release-scoped risk)
Status: DONE
Dependency: FE20-RS-03
Owners: FE implementer
Task description:
- Implement release-scoped security tab that keeps decisioning in release context:
- reachable CVEs,
- VEX disposition coverage,
- exception usage,
- promotion blocker summary.
- Include actions:
- open findings,
- create exception,
- compare baseline,
- export security evidence.
Completion criteria:
- [x] Security tab shows release-scoped risk table and blocker indicators.
- [x] VEX/Exception state badges are visible per item.
- [x] Promotion blocker logic is explicit and consistent with timeline/promote tabs.
### FE20-RS-09 - Release Evidence and Diff tabs
Status: DONE
Dependency: FE20-RS-03
Owners: FE implementer
Task description:
- Evidence tab:
- pack summary,
- proof chain access,
- replay status,
- export actions.
- Diff tab:
- baseline selector,
- mode tabs (SBOM/findings/policy/topology),
- summary deltas.
Completion criteria:
- [x] Evidence tab provides release-scoped evidence summary and actions without leaving release shell.
- [x] Diff tab supports baseline compare and displays deterministic delta summary.
- [x] Evidence and diff actions are linked to backend contracts and not mocked.
### FE20-RS-10 - Release Audit tab
Status: DONE
Dependency: FE20-RS-03
Owners: FE implementer
Task description:
- Implement release-filtered audit stream tab with standard columns:
- time,
- module,
- action,
- actor,
- resource.
- Add one-click navigation to global unified audit log.
Completion criteria:
- [x] Audit tab renders release-scoped events with deterministic pagination/sorting.
- [x] Unified audit deep-link preserves release filter context.
- [x] Route is stable under refresh and deep-link entry.
### FE20-RS-11 - Releases Approvals Queue and Activity views
Status: DONE
Dependency: FE20-RS-01
Owners: FE implementer
Task description:
- Implement cross-release approvals queue route (`/releases/approvals`) with tabs:
- pending,
- approved,
- rejected,
- expiring,
- my team.
- Implement cross-release activity route (`/releases/activity`) with views:
- timeline,
- table,
- correlations cluster.
Completion criteria:
- [x] Approvals queue supports gate-type/env/hotfix/risk filtering.
- [x] Activity route shows run outcomes with release/env/run correlation.
- [x] Legacy standalone approvals and runs entries redirect to Releases module equivalents.
### FE20-SEC-01 - Security Risk Overview implementation
Status: DONE
Dependency: FE22-01
Owners: FE implementer
Task description:
- Implement `/security` risk overview with executive posture sections:
- risk tier posture,
- findings/reachable counts,
- vulnerabilities affecting production,
- sbom health/freshness,
- vex coverage/conflicts,
- reachability coverage,
- top blockers.
- Include data-confidence status banner with source lag indicators.
Completion criteria:
- [x] Risk overview cards and blocker list render from security overview contract.
- [x] Data-confidence banner supports warn/fail states with drilldown.
- [x] Global Region/Environment context affects all overview aggregates.
### FE20-SEC-02 - Security unified Findings explorer
Status: DONE
Dependency: FE20-SEC-01
Owners: FE implementer
Task description:
- Implement `/security/findings` as unified explorer replacing split findings/vulnerabilities/reachability navigation.
- Required pivots:
- CVE,
- component/package,
- release,
- environment,
- target/service.
- Required facets:
- severity,
- reachability,
- fix availability,
- KEV/exploitation flags,
- VEX state,
- exception state,
- blocks promotion.
Completion criteria:
- [x] Unified findings explorer supports required pivots/facets and deterministic query behavior.
- [x] Right-side detail panel actions include disposition/evidence/release drilldown.
- [x] Old split security explorer routes redirect to the unified findings route where applicable.
### FE20-SEC-03 - Finding/CVE detail unified tabs
Status: DONE
Dependency: FE20-SEC-02
Owners: FE implementer
Task description:
- Implement canonical detail route (`/security/findings/:findingId`) with tabs:
- summary,
- impact,
- reachability,
- disposition,
- evidence,
- audit.
- Reachability tab must show B/I/R coverage and evidence age.
Completion criteria:
- [x] Detail tabs render in one canonical security detail shell.
- [x] Reachability tab exposes confidence, B/I/R coverage, and evidence age metrics.
- [x] Actions include create exception, add VEX statement, export report.
### FE20-SEC-04 - Disposition tab and Disposition Center
Status: DONE
Dependency: FE20-SEC-03
Owners: FE implementer
Task description:
- Implement disposition UX consolidation:
- in finding detail disposition tab,
- in `/security/disposition` center with tabs:
- exceptions,
- VEX statements,
- conflicts,
- expiring,
- approval queue.
- Enforce UX rule:
- unified decision plane in UI,
- separate backend objects and write flows for VEX vs Exception.
Completion criteria:
- [x] Disposition center and detail tab both expose VEX and exception status in one surface.
- [x] Conflict states, expiry, and approval workflows are visible and actionable.
- [x] Backend write actions preserve separate authorization and endpoint boundaries.
### FE20-SEC-05 - SBOM Explorer consolidation
Status: DONE
Dependency: FE20-SEC-02
Owners: FE implementer
Task description:
- Implement canonical `/security/sbom` explorer with tabs:
- lake,
- graph,
- diff,
- suppliers,
- licenses,
- attestations.
- Replace split sbom graph/lake standalone menu entries.
Completion criteria:
- [x] SBOM explorer tabs are available in one route family and backed by unified contracts.
- [x] Coverage/freshness banner appears and supports warning states.
- [x] Legacy sbom split routes redirect to canonical sbom explorer tabs.
### FE20-SEC-06 - Integrations and Security setup/decision split enforcement
Status: DONE
Dependency: B22-05
Owners: FE implementer, Documentation author
Task description:
- Enforce IA split:
- `Security` surfaces for decisioning and triage,
- `Integrations` surfaces for feed and VEX source wiring/health.
- Add consistent deep-links between security disposition and integrations source health.
Completion criteria:
- [x] Security navigation no longer hosts connector setup pages.
- [x] Integrations navigation includes feed/VEX source setup and health entry points.
- [x] Cross-links preserve context without duplicate ownership paths.
### FE20-QA-01 - Conformity run, screenshots, and endpoint proof
Status: DONE
Dependency: FE20-RS-11
Owners: QA, FE implementer
Task description:
- Run Playwright conformity for Pack 22 and this incremental advisory acceptance criteria.
- Generate auditor screenshot pack and route index.
- Produce route-to-endpoint mapping matrix for all new/updated Releases and Security routes.
Completion criteria:
- [x] Playwright evidence confirms Releases/Security detailed workbench routes conform to sprint requirements.
- [x] Screenshot pack and route index are published under `docs/qa/`.
- [x] Endpoint mapping matrix includes every canonical route touched by this sprint.
## Execution Log
| Date (UTC) | Update | Owner |
| --- | --- | --- |
| 2026-02-20 | Sprint created from incremental Releases/Security advisory; scoped as dependency-gated extension of Pack 22 migration. | Planning |
| 2026-02-20 | Prerequisite handoff confirmed: sprint 018 (`B22-01`..`B22-07`) and sprint 019 (`FE22-01`..`FE22-08`) are now complete with Pack22 conformity evidence (`docs/qa/pack-live-2026-02-20-r7/`, `docs/qa/pack-route-endpoint-matrix-2026-02-20-r7.csv`). | FE implementer |
| 2026-02-20 | Moved FE20-RS-01..FE20-SEC-06 and FE20-QA-01 to DOING; implementation workbench modernization started under canonical /releases and /security routes. | FE implementer |
| 2026-02-20 | Completed FE20-RS-01..FE20-RS-11 and FE20-SEC-01..FE20-SEC-06: release list/wizard/detail tabs, approvals/activity projections, and unified security overview/findings/detail/disposition/sbom workbench delivered with canonical route wiring. | FE implementer |
| 2026-02-20 | Validation passed: `npm run build`, navigation/redirect/security route specs, and updated approvals/releases/security behavior specs all green after route/model normalization. | FE implementer |
| 2026-02-20 | FE20-QA-01 evidence published via Playwright conformance slice: screenshot pack + route index at `docs/qa/pack-live-2026-02-20-r8/` and endpoint matrix at `docs/qa/pack-route-endpoint-matrix-2026-02-20-r8.csv`. | QA, FE implementer |
## Decisions & Risks
- Decision: Treat release detail as the primary operator workbench; standalone lifecycle modules are migration aliases only.
- Decision: Treat Security Disposition as a unified UX while retaining backend VEX/Exception model separation.
- Decision: Keep this sprint FE-owned but hard-gated on backend sprint 018 contract deliveries.
- Decision: Canonical create route is `/releases/new`; `/releases/create` remains a redirect alias for backward compatibility.
- Decision: Canonical SBOM explorer entry is `/security/sbom/lake`; `/security/sbom-explorer/*` remains redirect-only.
- Risk: Partial backend availability can force temporary fallback and hide non-conformance; mitigation: no mock fallback accepted for sprint-critical routes.
- Risk: Redirect map drift during concurrent route work can break deep links; mitigation: enforce route alias verification in FE20-QA-01.
## Next Checkpoints
- 2026-02-20: Dependency gate cleared; begin FE20-RS-01 implementation.
- 2026-02-21: FE20-RS-01 through FE20-RS-05 implementation complete with backend dependency checks.
- 2026-02-22: FE20-RS-06 through FE20-SEC-05 complete and validated.
- 2026-02-22: FE20-SEC-06 and FE20-QA-01 complete with auditor evidence package.

286
docs-archived/implplan/SPRINT_20260220_021_FE_pack22_run_centric_releases_platform_scope.md Normal file
View File

@@ -0,0 +1,286 @@
# Sprint 20260220-021 - FE Pack22 Run-Centric Releases and Platform Scope Consolidation
## Topic & Scope
- Apply incremental Pack 22 advisory refinements by making `Release Run` the center operational object.
- Reduce IA duplication by consolidating releases lifecycle, security disposition, and evidence workflows around run detail surfaces.
- Introduce sticky global scope bar (`Region`, `Environment`, `Time Window`) as daily navigation context across Mission Control, Releases, Security, and Evidence.
- Working directory: `src/Web/StellaOps.Web`.
- Expected evidence: route migration tests, Playwright behavioral verification, endpoint mapping matrix, and auditor screenshot pack.
## Dependencies & Concurrency
- Upstream backend dependency sprint:
- `docs/implplan/SPRINT_20260220_018_Platform_pack22_backend_contracts_and_migrations.md`
- required completion gates: `B22-01`, `B22-02`, `B22-04`, `B22-05`.
- Upstream FE IA baseline sprint:
- `docs/implplan/SPRINT_20260220_019_FE_pack22_ia_rewire_and_route_migration.md`
- required completion gates: `FE22-01`, `FE22-02`.
- Upstream FE detailed Releases/Security sprint:
- `docs/implplan/SPRINT_20260220_020_FE_pack22_releases_security_detailed_workbench.md`
- this sprint extends and normalizes its route model to run-centric semantics.
- Safe concurrency:
- can run in parallel with Topology-only visual polish if canonical route contracts in this sprint are not touched.
## Documentation Prerequisites
- `docs/modules/ui/v2-rewire/pack-22.md`
- `docs/modules/ui/v2-rewire/source-of-truth.md`
- `docs/modules/ui/v2-rewire/authority-matrix.md`
- `docs/modules/ui/v2-rewire/S00_endpoint_contract_ledger_v2_pack22.md`
- `docs/implplan/SPRINT_20260220_018_Platform_pack22_backend_contracts_and_migrations.md`
- `docs/implplan/SPRINT_20260220_019_FE_pack22_ia_rewire_and_route_migration.md`
- `docs/implplan/SPRINT_20260220_020_FE_pack22_releases_security_detailed_workbench.md`
## Delivery Tracker
### FE21-01 - Canonical run-centric route model
Status: DONE
Dependency: FE22-01
Owners: FE implementer
Task description:
- Normalize Releases routing to two primary objects:
- `Release Version` (`/releases/versions*`),
- `Release Run` (`/releases/runs*`).
- Ensure legacy fragments (`run timeline`, `deployments`, `promotions`, `hotfixes`) are represented as run list filters or run detail tabs.
Completion criteria:
- [x] Canonical routes exist: `/releases/versions`, `/releases/versions/:versionId`, `/releases/runs`, `/releases/runs/:runId`.
- [x] Deprecated lifecycle routes resolve via redirect/alias without broken deep links.
- [x] Breadcrumbs and titles consistently use `Release Version` and `Release Run` vocabulary.
### FE21-02 - Vocabulary and label normalization
Status: DONE
Dependency: FE21-01
Owners: FE implementer, Documentation author
Task description:
- Normalize UI terminology:
- `Bundle` -> `Release Version`,
- `Deploy Release` -> `Run / Promote / Deploy`,
- `Evidence Pack/Bundle/Capsule` -> `Decision Capsule` as primary user-facing evidence object.
- Apply naming updates across navigation labels, page headers, action buttons, and empty/error states.
Completion criteria:
- [x] Pack-critical routes contain no user-facing `Bundle` terminology unless explicitly marked legacy alias.
- [x] Evidence naming centers on `Decision Capsule` while preserving backend contract compatibility.
- [x] Route aliases for older terms remain functional and are marked deprecated.
### FE21-03 - Sticky global Scope Bar implementation
Status: DONE
Dependency: B22-01
Owners: FE implementer
Task description:
- Implement sticky scope bar in app shell with:
- Region multi-select,
- Environment multi-select filtered by selected regions,
- Time window selector.
- Persist scope state and apply it across Mission Control, Releases, Security, and Evidence query flows.
Completion criteria:
- [x] Scope bar is visible and sticky on target modules.
- [x] Scope state persists across route transitions and refresh.
- [x] Scope inputs drive endpoint query params for all sprint-covered modules.
### FE21-04 - Mission Control dashboard refocus
Status: DONE
Dependency: FE21-03
Owners: FE implementer
Task description:
- Refocus dashboard to shipping/hotpatching posture:
- blocked promotions/runs,
- critical reachable risk,
- data-integrity confidence,
- expiring exceptions,
- decision capsule/evidence health.
- Ensure “click-through” for blockers lands on filtered runs list.
Completion criteria:
- [x] Mission Control cards reflect run-centric posture metrics.
- [x] Blocker cards deep-link into `/releases/runs` with appropriate filters.
- [x] Data-confidence state is visible and consistent with platform health status.
### FE21-05 - Release Versions list and detail
Status: DONE
Dependency: B22-02
Owners: FE implementer
Task description:
- Implement Release Versions list and detail:
- digest-pinned identity,
- artifacts/digests tab,
- config contract/inputs tab,
- risk snapshot tab,
- promotion plan tab,
- evidence linkage tab.
- Convert create flow into `Create Release Version`.
Completion criteria:
- [x] Version list/detail routes consume v2 releases contracts and render digest-first identity.
- [x] Create flow labels and actions align to Release Version semantics.
- [x] “Start Run/Promote/Deploy” actions initiate run workflows rather than standalone deployment pages.
### FE21-06 - Release Runs list and run detail as single source of truth
Status: DONE
Dependency: FE21-05
Owners: FE implementer
Task description:
- Implement run list (`/releases/runs`) with timeline/table modes and filters:
- status,
- lane (standard/hotfix),
- env boundary,
- outcome,
- needs approval,
- blocked by data integrity.
- Implement run detail tabs:
1. Timeline,
2. Gate Decision,
3. Approvals,
4. Deployments,
5. Security Inputs,
6. Evidence (Decision Capsule),
7. Rollback.
Completion criteria:
- [x] Run detail contains deploy/gate/approval/evidence facets on one page.
- [x] Deployments and approvals are no longer treated as separate primary modules.
- [x] Run detail supports deterministic step trace and rollback checkpoints.
### FE21-07 - Approvals queue and hotfix lane as filtered run views
Status: DONE
Dependency: FE21-06
Owners: FE implementer
Task description:
- Implement `/releases/approvals` and `/releases/hotfix` as filtered run projections (not separate domain models).
- Add `Create Hotfix Run` wizard:
- scope,
- patch,
- gates,
- deploy strategy,
- evidence,
- review.
Completion criteria:
- [x] Approvals queue operates on run entities and deep-links to run detail.
- [x] Hotfix lane uses run filters and urgency defaults.
- [x] Hotfix wizard captures stricter gate/evidence defaults and produces run creation payload.
### FE21-08 - Topology as global module with environment posture page
Status: DONE
Dependency: FE22-01
Owners: FE implementer
Task description:
- Promote Topology as global module with subroutes:
- regions/environments,
- promotion graph,
- deployment topology (targets/runtimes, agent fleet),
- environment posture detail.
- Implement environment posture page with embedded run/security/evidence summary.
Completion criteria:
- [x] Topology menu includes required subroutes and replaces deep release-control environment navigation.
- [x] Environment posture page renders release health, security posture, evidence confidence, and blockers.
- [x] Topology pages respect global scope bar while preserving local context.
### FE21-09 - Security consolidation to reduced primary surfaces
Status: DONE
Dependency: B22-04
Owners: FE implementer
Task description:
- Consolidate Security into:
- Posture,
- Triage,
- SBOM (graph/lake tabs),
- Reachability,
- Disposition Center,
- Reports.
- Keep VEX and Exceptions as separate backend objects but unified in `Disposition Center` tabs.
Completion criteria:
- [x] Security routes map to consolidated surface set without functionality loss.
- [x] SBOM graph/lake split pages are replaced by one SBOM route with tabs.
- [x] Disposition Center includes tabs: VEX statements, Exceptions, Expiring, Consensus/Conflicts.
### FE21-10 - Evidence consolidation around Decision Capsule
Status: DONE
Dependency: FE21-06
Owners: FE implementer
Task description:
- Consolidate Evidence module around:
- Decision Capsules,
- Unified Audit Log,
- Replay & Verify,
- Export Center,
- Trust & Signing.
- Ensure run detail evidence tab and evidence module reference the same capsule identity.
Completion criteria:
- [x] Evidence module labels and route content center on Decision Capsule terminology.
- [x] Run detail evidence tab links to matching Evidence capsule detail.
- [x] Replay and verify path is available from both run detail and evidence module.
### FE21-11 - Platform root consolidation (Integrations + Ops + Administration)
Status: DONE
Dependency: FE22-01
Owners: FE implementer
Task description:
- Implement `Platform` root and migrate:
- Integrations,
- Ops,
- Administration
as platform subdomains.
- Move VEX/advisory feed wiring/config to `Platform -> Integrations`.
Completion criteria:
- [x] `/platform/integrations/*`, `/platform/ops/*`, `/platform/administration/*` route families are available.
- [x] Existing `/integrations/*`, `/operations/*`, `/administration/*` routes redirect safely.
- [x] Security module contains decision workflows, not connector setup.
### FE21-12 - Deep-link migration map and alias verification
Status: DONE
Dependency: FE21-01
Owners: FE implementer, Documentation author
Task description:
- Implement and verify old-to-new redirects for release, security, evidence, integrations paths described in this advisory.
- Ensure query params are preserved where needed (tab, lane, filter, region/env context).
Completion criteria:
- [x] Redirects cover all advisory-listed legacy paths with no loops.
- [x] Query-string and tab-state preservation is tested.
- [x] Route deprecation telemetry records alias usage for cutover planning.
### FE21-13 - QA conformance, screenshots, and contract proof
Status: DONE
Dependency: FE21-12
Owners: QA, FE implementer
Task description:
- Execute Playwright behavioral verification for run-centric releases flow and consolidated security/evidence/platform routing.
- Produce updated screenshot pack and route index for auditor handoff.
- Update route-endpoint matrix for all routes touched by this sprint.
Completion criteria:
- [x] Playwright pass evidence covers canonical run and disposition workflows.
- [x] Screenshot pack is generated under `docs/qa/` with route manifest.
- [x] Route-endpoint matrix confirms backend connectivity (no mock fallback on sprint-critical pages).
## Execution Log
| Date (UTC) | Update | Owner |
| --- | --- | --- |
| 2026-02-20 | Sprint created from incremental run-centric advisory; linked as extension of Pack22 implementation lane. | Planning |
| 2026-02-20 | Completed FE21 route, scope, mission-control, releases, approvals/hotfix, topology/security/evidence/platform consolidation and alias telemetry flows; validation: `npm run build` plus targeted nav/security/release tests (`38` pass). | FE |
| 2026-02-20 | Post-archive audit rerun completed: FE contract/navigation/security/release suite `142/142` passed after aligning run-centric approvals/detail specs; backend run-detail suite remains green (`167/167`). | QA |
| 2026-02-20 | Re-audited Playwright Pack22 conformance (`tests/e2e/pack-conformance.scratch.spec.ts`) after aligning route expectations with run-centric canonical paths (`/releases/runs`, `/security/triage`, `/evidence/capsules`, `/platform/setup`); result: `1/1` passed. | QA |
## Decisions & Risks
- Decision: center operational UX on `Release Run` detail as the authoritative “what happened” page.
- Decision: keep `Release Version` as immutable “what to ship” object and avoid duplicating run/deployment/approval models in navigation.
- Decision: treat `Disposition Center` as unified UX with strict backend model separation for VEX vs Exception writes.
- Risk: introducing `Platform` root could break current mental model for teams used to direct Integrations/Ops/Admin roots; mitigate via phased redirects and banner notices.
- Risk: route and vocabulary migrations can cause deep-link drift; mitigate with explicit alias tests and telemetry in FE21-12/FE21-13.
## Next Checkpoints
- 2026-02-21: FE21-01 through FE21-04 complete (route model, vocabulary, scope bar, mission control).
- 2026-02-22: FE21-05 through FE21-10 complete (release version/run flows, security/evidence consolidation).
- 2026-02-22: FE21-11 through FE21-13 complete (platform consolidation, redirects, conformance evidence).

253
docs-archived/implplan/SPRINT_20260220_022_FE_pack22_run_detail_provenance_contract.md Normal file
View File

@@ -0,0 +1,253 @@
# Sprint 20260220-022 - FE Pack22 Run Detail Provenance Contract
## Topic & Scope
- Implement the incremental advisory that hardens `Release Run` as the center object with explicit provenance and evidence contracts.
- Deliver a deterministic Run Detail page contract where deployments, gates, approvals, security inputs, and evidence are first-class tabs on one object.
- Add run-level traceability rails (snapshot ids, correlation ids, capsule id, replay status) so operators can explain decisions end-to-end.
- Working directory: `src/Web/StellaOps.Web`.
- Expected evidence: route behavior tests, tab-level unit tests, Playwright run-detail verification, and auditor screenshot pack.
## Dependencies & Concurrency
- Depends on backend dependency sprint `docs/implplan/SPRINT_20260220_018_Platform_pack22_backend_contracts_and_migrations.md`:
- `B22-02` releases read-model contracts,
- `B22-04` security/disposition consolidated contracts,
- `B22-05` feed/vex source health contracts.
- Depends on backend companion sprint `docs/implplan/SPRINT_20260220_023_Platform_pack22_run_detail_backend_provenance_companion.md`:
- `B23-RUN-01` run-detail endpoint contract freeze,
- `B23-RUN-07` run-detail endpoint implementation,
- `B23-RUN-10` ledger/handoff update.
- Depends on FE run-centric baseline sprint `docs/implplan/SPRINT_20260220_021_FE_pack22_run_centric_releases_platform_scope.md`:
- `FE21-03` sticky scope bar,
- `FE21-06` run list + run detail tab shell,
- `FE21-10` evidence consolidation around Decision Capsule.
- Safe concurrency: can run in parallel with non-releases UI work if `/releases/runs/*` and shared scope shell are untouched.
## Documentation Prerequisites
- `docs/modules/ui/v2-rewire/pack-22.md`
- `docs/modules/ui/v2-rewire/source-of-truth.md`
- `docs/modules/ui/v2-rewire/S00_endpoint_contract_ledger_v2_pack22.md`
- `docs/implplan/SPRINT_20260220_018_Platform_pack22_backend_contracts_and_migrations.md`
- `docs/implplan/SPRINT_20260220_023_Platform_pack22_run_detail_backend_provenance_companion.md`
- `docs/implplan/SPRINT_20260220_021_FE_pack22_run_centric_releases_platform_scope.md`
## Delivery Tracker
### FE22-RUN-01 - Run detail canonical route and header contract
Status: DONE
Dependency: FE21-06
Owners: FE implementer
Task description:
- Harden canonical run detail route (`/releases/runs/:runId`) as the single source-of-truth page for execution state.
- Implement header contract with:
- run id,
- release version identity and digest,
- lane (standard/hotfix),
- scope summary (region/env/time),
- high-level status row (run, gate, approval, data trust),
- process stepper (`Connect -> Analyze -> Gate -> Deploy -> Prove`).
Completion criteria:
- [x] Header fields render from run contract and remain stable under refresh/deep-link entry.
- [x] Stepper state derives from run lifecycle events and reflects deterministic phase ordering.
- [x] No separate page is required to see gate/deploy/approval/evidence top-level state for the run.
### FE22-RUN-02 - Timeline tab as authoritative execution trace
Status: DONE
Dependency: B23-RUN-07
Owners: FE implementer
Task description:
- Make `Timeline` the default tab and authoritative trace for run execution events.
- Include required event classes:
- inputs frozen,
- scan/reachability events,
- gate decision,
- deploy phase transitions,
- completion/rollback events.
- Add right-rail correlation panel with snapshot and job ids.
Completion criteria:
- [x] Timeline ordering is deterministic and uses stable event timestamps with tie-break rules.
- [x] Correlation panel shows snapshot/job references needed for cross-module debugging.
- [x] Timeline links can open related modules with preserved run context.
### FE22-RUN-03 - Gate Decision tab with snapshot provenance
Status: DONE
Dependency: B23-RUN-07
Owners: FE implementer
Task description:
- Implement `Gate Decision` tab contract showing the exact snapshot inputs used by policy evaluation:
- policy pack version,
- trust weights,
- staleness policy/thresholds,
- risk budget delta and contributors,
- machine and human reason codes.
- Display blocker list with drilldown actions.
Completion criteria:
- [x] Gate tab renders snapshot provenance fields without hidden dependency on other tabs.
- [x] Reason codes and budget contributors are visible and testable.
- [x] Blockers deep-link to filtered security or topology surfaces.
### FE22-RUN-04 - Approvals tab signature and rationale trail
Status: DONE
Dependency: B23-RUN-07
Owners: FE implementer
Task description:
- Implement approvals tab with ordered checkpoints, approver signatures, timestamps, and rationale records.
- Add per-approval link to related evidence proof entries.
Completion criteria:
- [x] Approval checkpoint order is explicit and deterministic.
- [x] Signature/rationale metadata is visible for every approval record.
- [x] Evidence proof deep-links are available from each approval row.
### FE22-RUN-05 - Deployments tab target matrix and rollback triggers
Status: DONE
Dependency: B23-RUN-07
Owners: FE implementer
Task description:
- Implement deployments tab with:
- target matrix status,
- deployment strategy visualization (canary/rolling/blue-green),
- rollback triggers and outcomes,
- target-level logs/artifact pointers.
Completion criteria:
- [x] Deployments tab replaces standalone deployment view for run context.
- [x] Per-target status and phase transitions are rendered with deterministic status vocabulary.
- [x] Rollback trigger and outcome states are visible and linkable.
### FE22-RUN-06 - Security Inputs tab as drilldown hub
Status: DONE
Dependency: B23-RUN-07
Owners: FE implementer
Task description:
- Implement `Security Inputs` tab that summarizes exactly what security evidence influenced this run:
- SBOM snapshot and freshness,
- reachability coverage and evidence age,
- VEX statements and exceptions applied,
- advisory feed freshness/data trust status.
- Provide drilldowns to security triage, sbom, reachability, and disposition center with run filters.
Completion criteria:
- [x] Security Inputs tab exposes run-scoped summaries and confidence indicators.
- [x] Drilldown links preserve run digest/env context filters.
- [x] Policy/gate impact statement is visible from this tab.
### FE22-RUN-07 - Evidence tab and Decision Capsule verification
Status: DONE
Dependency: B23-RUN-07
Owners: FE implementer
Task description:
- Implement run evidence tab centered on `Decision Capsule` object:
- capsule id/hash,
- signature status,
- transparency receipt,
- export actions.
- Include verification and replay sections:
- signature verification,
- chain completeness,
- replay determinism verdict and mismatch report link.
Completion criteria:
- [x] Evidence tab shows Decision Capsule identity and verification status inline.
- [x] Replay status and determinism match outcome are visible on the run page.
- [x] Export actions exist for supported formats and routes.
### FE22-RUN-08 - Rollback tab known-good references
Status: DONE
Dependency: B23-RUN-07
Owners: FE implementer
Task description:
- Implement rollback tab with known-good run/version references and rollback evidence links.
- Show rollback readiness and executed rollback history tied to run/capsule records.
Completion criteria:
- [x] Rollback tab lists known-good references with deterministic ordering.
- [x] Rollback history links to evidence and audit records.
- [x] Rollback actions (if enabled) follow policy and approval constraints.
### FE22-RUN-09 - Run contract model standardization in FE API layer
Status: DONE
Dependency: B23-RUN-07
Owners: FE implementer
Task description:
- Standardize FE typed model for run detail payload with required contract fields:
- run identity,
- inputs snapshot metadata,
- gate decision fields,
- approvals,
- deployments,
- evidence capsule metadata,
- replay determinism fields.
- Ensure field availability checks drive explicit UI states (missing/not available/error).
Completion criteria:
- [x] FE run detail model captures all mandatory fields from sprint contract.
- [x] UI has deterministic fallback states for unavailable optional fields.
- [x] Existing run consumers compile and pass updated contract tests.
### FE22-RUN-10 - Global links and deep-link preservation for run-centric navigation
Status: DONE
Dependency: FE22-RUN-01
Owners: FE implementer, Documentation author
Task description:
- Preserve and verify old-to-new route aliases so users land on run-centric pages:
- legacy run timeline,
- deployments,
- approvals shortcuts,
- hotfix shortcuts.
- Ensure filtered links from Mission Control and Security land on `/releases/runs` or `/releases/runs/:runId`.
Completion criteria:
- [x] Legacy lifecycle links resolve to run-centric routes with query/tab state preserved.
- [x] Cross-links from Security and Mission Control land on filtered run views.
- [x] Alias usage telemetry is emitted for deprecation planning.
### FE22-RUN-11 - QA verification, screenshots, and contract proof
Status: DONE
Dependency: FE22-RUN-10
Owners: QA, FE implementer
Task description:
- Execute Playwright behavioral verification of full run-detail contract across all tabs.
- Capture screenshot set for:
- header/stepper,
- timeline,
- security inputs,
- evidence/verification/replay,
- rollback.
- Update route-to-endpoint matrix for run-centric routes.
Completion criteria:
- [x] Playwright tests validate run-detail tab behavior and cross-linking.
- [x] Screenshot pack is generated under `docs/qa/` with route manifest.
- [x] Route-endpoint matrix confirms backend wiring and no mock fallback on sprint-critical views.
## Execution Log
| Date (UTC) | Update | Owner |
| --- | --- | --- |
| 2026-02-20 | Sprint created from incremental run-detail provenance advisory; scoped as FE contract hardening layer. | Planning |
| 2026-02-20 | Added backend companion dependency on sprint 023 for run-detail provenance endpoints and migrations. | Planning |
| 2026-02-20 | Completed FE22 run-detail provenance tab contract wiring to `/api/v2/releases/runs/*` and cross-surface links; validation: `npm run build` and targeted specs remain green (`38` pass). | FE |
| 2026-02-20 | Post-archive audit rerun completed: FE contract/navigation/security/release suite `142/142` passed after aligning run-centric approvals/detail specs; backend run-detail suite remains green (`167/167`). | QA |
| 2026-02-20 | Re-audited Playwright Pack22 conformance (`tests/e2e/pack-conformance.scratch.spec.ts`) after aligning route expectations with run-centric canonical paths (`/releases/runs`, `/security/triage`, `/evidence/capsules`, `/platform/setup`); result: `1/1` passed. | QA |
## Decisions & Risks
- Decision: Run Detail is the operational center; gate/deploy/approval/evidence views are tabs, not separate primary surfaces.
- Decision: Evidence tab must expose Decision Capsule verification and replay outcomes directly in run context.
- Decision: Security Inputs tab acts as the run-scoped drilldown gateway into Security surfaces.
- Dependency handoff: backend companion sprint `docs/implplan/SPRINT_20260220_023_Platform_pack22_run_detail_backend_provenance_companion.md` is completed and `docs/modules/ui/v2-rewire/S00_endpoint_contract_ledger_v2_pack22.md` run-detail row is now `EXISTS_COMPAT`.
- Risk: backend payload gaps could force partial rendering and hidden regressions; mitigation: FE22-RUN-09 explicit contract checks and deterministic missing-state UI.
- Risk: deep-link migration drift from legacy routes can fragment user workflows; mitigation: FE22-RUN-10 alias verification plus telemetry.
## Next Checkpoints
- 2026-02-21: FE22-RUN-01 through FE22-RUN-04 complete.
- 2026-02-22: FE22-RUN-05 through FE22-RUN-09 complete.
- 2026-02-22: FE22-RUN-10 and FE22-RUN-11 complete with auditor evidence.

211
docs-archived/implplan/SPRINT_20260220_023_Platform_pack22_run_detail_backend_provenance_companion.md Normal file
View File

@@ -0,0 +1,211 @@
# Sprint 20260220-023 - Platform Pack22 Run Detail Backend Provenance Companion
## Topic & Scope
- Deliver backend contracts required by run-centric FE sprint `SPRINT_20260220_022_FE_pack22_run_detail_provenance_contract.md`.
- Implement run-detail provenance APIs so Run Detail tabs can render deterministic snapshots, gate decisions, approvals, deployments, and decision-capsule evidence without frontend synthesis.
- Add Platform release DB migrations for run provenance and evidence linkage in sequence after migrations `047` to `051`.
- Working directory: `src/Platform/StellaOps.Platform.WebService`.
- Expected evidence: endpoint contract tests, migration tests, and updated v2 contract ledger rows.
## Dependencies & Concurrency
- Depends on `docs/implplan/SPRINT_20260220_018_Platform_pack22_backend_contracts_and_migrations.md`:
- `B22-02` releases read-model baseline,
- `B22-04` security disposition baseline,
- `B22-05` integrations feed health baseline.
- Blocks `docs/implplan/SPRINT_20260220_022_FE_pack22_run_detail_provenance_contract.md` for tabs requiring run provenance fields.
- Cross-module edits explicitly allowed for read-model composition and adapters:
- `src/ReleaseOrchestrator/`
- `src/Policy/`
- `src/Scanner/`
- `src/EvidenceLocker/`
- `src/Attestor/`
- `src/Platform/__Libraries/StellaOps.Platform.Database/`
- Safe concurrency: can run in parallel with FE layout work that does not require new run-detail fields.
## Documentation Prerequisites
- `docs/modules/ui/v2-rewire/pack-22.md`
- `docs/modules/ui/v2-rewire/source-of-truth.md`
- `docs/modules/ui/v2-rewire/S00_endpoint_contract_ledger_v2_pack22.md`
- `docs/implplan/SPRINT_20260220_018_Platform_pack22_backend_contracts_and_migrations.md`
- `docs/implplan/SPRINT_20260220_022_FE_pack22_run_detail_provenance_contract.md`
- `docs/modules/platform/architecture-overview.md`
## Delivery Tracker
### B23-RUN-01 - Run detail contract freeze and endpoint surface
Status: DONE
Dependency: B22-02
Owners: Developer/Implementer, Documentation author
Task description:
- Freeze run-detail endpoint contract for canonical run object (`/api/v2/releases/runs/:runId`) and tab-specific reads.
- Required endpoints:
- `GET /api/v2/releases/runs/{runId}`
- `GET /api/v2/releases/runs/{runId}/timeline`
- `GET /api/v2/releases/runs/{runId}/gate-decision`
- `GET /api/v2/releases/runs/{runId}/approvals`
- `GET /api/v2/releases/runs/{runId}/deployments`
- `GET /api/v2/releases/runs/{runId}/security-inputs`
- `GET /api/v2/releases/runs/{runId}/evidence`
- `GET /api/v2/releases/runs/{runId}/rollback`
- `GET /api/v2/releases/runs/{runId}/replay`
- `GET /api/v2/releases/runs/{runId}/audit`
- Include list query support: `GET /api/v2/releases/runs` with run-centric filters.
Completion criteria:
- [x] Endpoint contracts are finalized and committed in backend code with stable schema names.
- [x] Auth scopes are explicit (`orch:read`, `findings:read`, evidence read scopes, plus any new read aliases).
- [x] FE sprint 022 can bind each tab to one authoritative endpoint.
### B23-RUN-02 - Migration 052 for run inputs snapshots
Status: DONE
Dependency: B23-RUN-01
Owners: Developer/Implementer
Task description:
- Add `052_RunInputSnapshots.sql` under `src/Platform/__Libraries/StellaOps.Platform.Database/Migrations/Release/`.
- Persist frozen input references per run:
- policy pack snapshot,
- feed snapshot and freshness metrics,
- sbom snapshot and job ids,
- reachability snapshot and coverage/evidence age,
- vex/disposition snapshot refs.
Completion criteria:
- [x] Migration `052_RunInputSnapshots.sql` is present and applies cleanly.
- [x] Required indexes support deterministic lookup by `run_id`, `tenant`, and timestamp.
- [x] Migration tests validate schema creation and deterministic default behavior.
### B23-RUN-03 - Migration 053 for gate decision ledger
Status: DONE
Dependency: B23-RUN-02
Owners: Developer/Implementer
Task description:
- Add `053_RunGateDecisionLedger.sql` for run gate decision projections.
- Store:
- verdict,
- reason codes (machine + human),
- risk budget delta/contributors,
- staleness verdict and thresholds.
Completion criteria:
- [x] Migration `053_RunGateDecisionLedger.sql` is added and tested.
- [x] Gate decision rows are queryable by run and deterministic ordering keys.
- [x] Contract tests verify reason-code and budget fields are serialized correctly.
### B23-RUN-04 - Migration 054 for approvals checkpoints and signatures
Status: DONE
Dependency: B23-RUN-03
Owners: Developer/Implementer
Task description:
- Add `054_RunApprovalCheckpoints.sql` for run approval checkpoints and signature/rationale trails.
- Persist ordered checkpoints and completed approvals with signature metadata.
Completion criteria:
- [x] Migration `054_RunApprovalCheckpoints.sql` is added and applies in test environments.
- [x] Approval ordering is deterministic and stable for replay/audit.
- [x] Endpoint tests validate signature/rationale fields on approvals tab payloads.
### B23-RUN-05 - Migration 055 for deployment timeline and rollback events
Status: DONE
Dependency: B23-RUN-03
Owners: Developer/Implementer
Task description:
- Add `055_RunDeploymentTimeline.sql` for run deployment phases, per-target statuses, and rollback triggers/outcomes.
- Include correlation fields linking target events to run and evidence references.
Completion criteria:
- [x] Migration `055_RunDeploymentTimeline.sql` is present and tested.
- [x] Deployment phase and target status data supports tab rendering without FE joins.
- [x] Rollback events and outcomes are represented in run detail payloads.
### B23-RUN-06 - Migration 056 for decision capsule and replay linkage
Status: DONE
Dependency: B23-RUN-04
Owners: Developer/Implementer
Task description:
- Add `056_RunCapsuleReplayLinkage.sql` mapping run ids to decision capsule ids, signature metadata, transparency receipts, and replay results.
- Provide deterministic references for run evidence and replay tabs.
Completion criteria:
- [x] Migration `056_RunCapsuleReplayLinkage.sql` is added and validated.
- [x] Capsule and replay linkage fields are available from `/api/v2/releases/runs/{runId}/evidence` and `/replay`.
- [x] Contract tests cover match/mismatch replay states and missing-capsule behavior.
### B23-RUN-07 - Endpoint implementation and composition layer wiring
Status: DONE
Dependency: B23-RUN-06
Owners: Developer/Implementer
Task description:
- Implement all `B23-RUN-01` endpoint handlers in Platform composition layer.
- Compose data from release orchestration, policy, scanner, and evidence stores into stable run-detail DTOs.
- Avoid frontend-only derived synthesis for sprint-critical fields.
Completion criteria:
- [x] All run-detail endpoints return complete DTOs aligned to sprint 022 tab needs.
- [x] Tenant and scope enforcement is validated by endpoint tests.
- [x] Payload ordering and null/missing semantics are deterministic.
### B23-RUN-08 - Legacy alias support and deep-link compatibility
Status: DONE
Dependency: B23-RUN-07
Owners: Developer/Implementer
Task description:
- Maintain compatible aliases for legacy run/deployment/approval read calls while v2 rollout is in progress.
- Emit deprecation telemetry for alias usage to guide cutover planning.
Completion criteria:
- [x] Legacy alias reads remain functional for mapped run-detail surfaces.
- [x] Alias usage telemetry is emitted with stable event keys.
- [x] Contract tests cover canonical and alias endpoint behavior.
### B23-RUN-09 - Targeted backend tests and evidence capture
Status: DONE
Dependency: B23-RUN-07
Owners: QA, Developer/Implementer
Task description:
- Add targeted tests for each run-detail endpoint contract and migration chain `052` to `056`.
- Capture command outputs and test evidence in this sprint Execution Log.
Completion criteria:
- [x] Endpoint contract tests pass for all run-detail routes.
- [x] Migration tests pass for `052` to `056` in sequence.
- [x] Execution Log includes command lines and key output summaries.
### B23-RUN-10 - Ledger and handoff update for FE sprint 022
Status: DONE
Dependency: B23-RUN-09
Owners: Documentation author, Developer/Implementer
Task description:
- Update `docs/modules/ui/v2-rewire/S00_endpoint_contract_ledger_v2_pack22.md` to reflect run-detail contract delivery status.
- Add explicit handoff note for FE sprint 022 dependency release.
Completion criteria:
- [x] Ledger rows covering run-detail fields are updated with final status and sprint references.
- [x] FE 022 dependency note is added in this sprint Decisions & Risks and linked from sprint 022.
- [x] Handoff captures known non-blocking follow-ups, if any.
## Execution Log
| Date (UTC) | Update | Owner |
| --- | --- | --- |
| 2026-02-20 | Sprint created as backend companion for FE run-detail provenance contract sprint 022. | Planning |
| 2026-02-20 | Completed run-detail backend companion: contracts + endpoints + v1 aliases + migrations `052`-`056` + migration/endpoint tests; validation: `dotnet test src/Platform/__Tests/StellaOps.Platform.WebService.Tests/StellaOps.Platform.WebService.Tests.csproj -v minimal` (`167` passed). | BE |
| 2026-02-20 | Post-archive audit rerun completed: FE contract/navigation/security/release suite `142/142` passed after aligning run-centric approvals/detail specs; backend run-detail suite remains green (`167/167`). | QA |
| 2026-02-20 | Re-audited Playwright Pack22 conformance (`tests/e2e/pack-conformance.scratch.spec.ts`) after aligning route expectations with run-centric canonical paths (`/releases/runs`, `/security/triage`, `/evidence/capsules`, `/platform/setup`); result: `1/1` passed. | QA |
## Decisions & Risks
- Decision: Run-detail APIs are implemented in Platform composition layer to present one authoritative contract for FE tabs.
- Decision: Run provenance persistence is split into migrations `052` to `056` to keep schema evolution auditable and reversible.
- Risk: upstream module shape drift (Policy/Scanner/Evidence) can break composed DTOs; mitigation: strict endpoint contract tests and schema adapters.
- Risk: replay/capsule linkage may be incomplete for historical runs; mitigation: explicit `not-available` states with deterministic response schema.
- Dependency note: FE sprint `SPRINT_20260220_022_FE_pack22_run_detail_provenance_contract.md` should not mark tab tasks done until `B23-RUN-07` is complete.
## Next Checkpoints
- 2026-02-21: B23-RUN-01 through B23-RUN-04 complete.
- 2026-02-22: B23-RUN-05 through B23-RUN-08 complete.
- 2026-02-22: B23-RUN-09 and B23-RUN-10 complete; FE handoff issued.

253
docs-archived/implplan/SPRINT_20260220_024_FE_pack22_evidence_decision_capsule_consolidation.md Normal file
View File

@@ -0,0 +1,253 @@
# Sprint 20260220-024 - FE Pack22 Evidence Decision Capsule Consolidation
## Topic & Scope
- Implement the incremental Evidence advisory by restructuring Evidence IA around `Decision Capsules`, `Exports`, `Verification`, and unified `Audit Log`.
- Remove naming collisions with Release terminology by eliminating ambiguous Evidence `bundle` language in primary UX.
- Make Evidence an operational proof surface (health, verification, replay, export readiness), not a compliance appendix.
- Working directory: `src/Web/StellaOps.Web`.
- Expected evidence: UI tests, Playwright behavioral verification, route migration proof, and auditor screenshot pack.
## Dependencies & Concurrency
- Depends on backend baseline sprint `docs/implplan/SPRINT_20260220_018_Platform_pack22_backend_contracts_and_migrations.md`:
- `B22-05` for feed/VEX source health cross-links,
- Evidence row `S22-T06-EVID-01` endpoint adaptations from contract ledger.
- Depends on run-centric FE sprint `docs/implplan/SPRINT_20260220_021_FE_pack22_run_centric_releases_platform_scope.md`:
- `FE21-03` sticky global scope bar,
- `FE21-10` Decision Capsule-centered evidence language baseline.
- Depends on run detail FE sprint `docs/implplan/SPRINT_20260220_022_FE_pack22_run_detail_provenance_contract.md`:
- run detail Evidence tab cross-links into Evidence module.
- Depends on backend run-detail companion sprint `docs/implplan/SPRINT_20260220_023_Platform_pack22_run_detail_backend_provenance_companion.md` for capsule/replay linkage fields used in Evidence correlations.
- Safe concurrency: may run in parallel with non-evidence FE tasks if canonical evidence routes/components are not edited.
## Documentation Prerequisites
- `docs/modules/ui/v2-rewire/pack-22.md`
- `docs/modules/ui/v2-rewire/source-of-truth.md`
- `docs/modules/ui/v2-rewire/authority-matrix.md`
- `docs/modules/ui/v2-rewire/S00_endpoint_contract_ledger_v2_pack22.md`
- `docs/implplan/SPRINT_20260220_021_FE_pack22_run_centric_releases_platform_scope.md`
- `docs/implplan/SPRINT_20260220_022_FE_pack22_run_detail_provenance_contract.md`
- `docs/implplan/SPRINT_20260220_023_Platform_pack22_run_detail_backend_provenance_companion.md`
## Delivery Tracker
### FE24-EVID-01 - Evidence IA route and menu consolidation
Status: DONE
Dependency: FE21-10
Owners: FE implementer
Task description:
- Consolidate Evidence module into canonical route groups:
- `/evidence/overview`,
- `/evidence/search`,
- `/evidence/capsules/*`,
- `/evidence/exports/*`,
- `/evidence/verification/*`,
- `/evidence/audit-log`,
- `/evidence/trust-signing`.
- Preserve legacy deep links via redirects from existing `/evidence-audit/*` paths.
Completion criteria:
- [x] Canonical Evidence route tree is implemented and navigable from sidebar.
- [x] Legacy Evidence paths redirect to canonical routes without loops.
- [x] Breadcrumbs and titles reflect new Evidence IA naming.
### FE24-EVID-02 - Evidence Overview (Mission Control) landing
Status: DONE
Dependency: FE24-EVID-01
Owners: FE implementer
Task description:
- Implement Evidence landing page focused on operational proof state:
- evidence subsystem health,
- capsule verification posture,
- export readiness,
- replay mismatch indicators,
- quick actions (verify, export, replay, audit).
- Use global scope context (region/environment/time).
Completion criteria:
- [x] Overview shows proof/health KPIs and recent capsule/export activity.
- [x] Quick actions route to canonical Evidence subpages.
- [x] Global scope filters affect overview metrics.
### FE24-EVID-03 - Evidence Search surface
Status: DONE
Dependency: FE24-EVID-01
Owners: FE implementer
Task description:
- Implement global Evidence search across capsules, exports, replays, trust objects, and audit events.
- Add filters for type, status, signature verification, transparency anchoring, release/gate metadata, actor, and time range.
- Add row preview panel with actions (`open`, `download`, `verify`, `replay`, `export`).
Completion criteria:
- [x] Search supports cross-type evidence queries with deterministic pagination.
- [x] Filters map to backend query parameters and preserve URL state.
- [x] Preview panel actions deep-link correctly to target evidence objects.
### FE24-EVID-04 - Decision Capsules list and detail contract
Status: DONE
Dependency: FE24-EVID-01
Owners: FE implementer
Task description:
- Rename `Evidence Packs` UX to `Decision Capsules` while preserving backend object mapping.
- Implement capsule list and capsule detail tabs:
- `Summary`,
- `Contents`,
- `Verify`,
- `Replay`,
- `Links`.
- Include capsule-level actions:
- download,
- verify now,
- request replay,
- export as audit bundle/evidence export.
Completion criteria:
- [x] Capsule list uses Decision Capsule terminology consistently.
- [x] Capsule detail tabs are implemented and backed by evidence contracts.
- [x] Verify/replay actions execute from capsule detail without context switching.
### FE24-EVID-05 - Exports consolidation (profiles/runs/downloads/destinations)
Status: DONE
Dependency: FE24-EVID-01
Owners: FE implementer
Task description:
- Consolidate previous `Evidence Bundles` and `Export Center` surfaces into `/evidence/exports`.
- Implement tabs:
- `Profiles`,
- `Runs`,
- `Downloads`,
- `Destinations`.
- Replace ambiguous `Bundles` labels with:
- `Audit Bundles` or
- `Evidence Exports`.
Completion criteria:
- [x] Export workflows are accessible from one consolidated Exports surface.
- [x] Profile -> run -> download flow is coherent and testable.
- [x] No ambiguous standalone `Bundles` naming remains in canonical Evidence UX.
### FE24-EVID-06 - Verification suite consolidation
Status: DONE
Dependency: FE24-EVID-04
Owners: FE implementer
Task description:
- Implement `/evidence/verification` subtree:
- `Replay & Determinism`,
- `Proof Explorer`,
- `Offline Verify`.
- Treat replay as core verification workflow and expose mismatch diagnostics with drilldowns.
Completion criteria:
- [x] Verification routes and tabs are implemented and linked from capsules/overview.
- [x] Replay view shows request list, outcomes, and mismatch diagnostics.
- [x] Offline verify upload/inspection flow exists with explicit signature/receipt outcomes.
### FE24-EVID-07 - Unified Audit Log investigation console
Status: DONE
Dependency: FE24-EVID-01
Owners: FE implementer
Task description:
- Keep unified audit log but upgrade navigation and investigation tools:
- timeline view,
- correlation view,
- module/action/actor/resource/correlation filters,
- export capability.
- Add correlated chain view linking run, capsule, policy, approval, deploy events.
Completion criteria:
- [x] Audit log supports advanced filters and correlation lookup.
- [x] Correlation chain view is available from selected audit records.
- [x] Cross-links between audit, capsules, and runs preserve context.
### FE24-EVID-08 - Trust & Signing surface behavior
Status: DONE
Dependency: FE24-EVID-01
Owners: FE implementer
Task description:
- Implement Trust & Signing route in Evidence group with:
- admin mutation controls for authorized users,
- read-only summary for non-admin users.
- Keep verification actions on capsule/export pages to reduce context hopping.
Completion criteria:
- [x] Non-admin users see read-only trust posture summary.
- [x] Admin users can access manage actions per existing scopes/guards.
- [x] Trust page links back to capsule/export verification flows.
### FE24-EVID-09 - Evidence route migration map and deep-link preservation
Status: DONE
Dependency: FE24-EVID-01
Owners: FE implementer, Documentation author
Task description:
- Implement old-to-new route mapping for Evidence paths:
- `/evidence-audit` -> `/evidence/overview`,
- `/evidence-audit/packs` -> `/evidence/capsules`,
- `/evidence-audit/bundles` + `/evidence-audit/evidence` -> `/evidence/exports`,
- `/evidence-audit/replay` -> `/evidence/verification/replay`,
- `/evidence-audit/proofs` -> `/evidence/verification/proofs`,
- `/evidence-audit/audit-log` -> `/evidence/audit-log`.
- Preserve query/tab state for deep links.
Completion criteria:
- [x] All listed mappings are implemented and tested.
- [x] Legacy bookmarks continue to resolve to equivalent canonical screens.
- [x] Redirect usage telemetry is emitted for deprecation tracking.
### FE24-EVID-10 - Cross-surface links from Releases and Security
Status: DONE
Dependency: FE24-EVID-04
Owners: FE implementer
Task description:
- Ensure blockers and evidence references in Mission Control, Releases, and Security deep-link into:
- capsules,
- verification results,
- correlated audit entries.
- Ensure evidence links preserve run/capsule correlation ids where available.
Completion criteria:
- [x] Releases run detail Evidence tab links to capsule detail and verification routes.
- [x] Security findings/disposition pages deep-link to related evidence objects.
- [x] Mission Control evidence alerts link to filtered evidence views.
### FE24-EVID-11 - QA, Playwright, and auditor artifacts
Status: DONE
Dependency: FE24-EVID-10
Owners: QA, FE implementer
Task description:
- Run Playwright behavioral checks for Evidence IA and critical workflows:
- capsule inspect/verify/replay,
- export profile/run/download,
- audit correlation investigation.
- Generate screenshot pack and route index for auditor review.
- Update route-endpoint matrix for all Evidence canonical routes.
Completion criteria:
- [x] Playwright checks pass for canonical Evidence workflows.
- [x] Screenshot pack is published under `docs/qa/` with a route manifest.
- [x] Route-endpoint matrix confirms backend connectivity and no mock fallback on sprint-critical paths.
## Execution Log
| Date (UTC) | Update | Owner |
| --- | --- | --- |
| 2026-02-20 | Sprint created from incremental Evidence advisory; scoped as Decision Capsule-centered IA consolidation. | Planning |
| 2026-02-20 | Completed Evidence Decision Capsule IA and workflow consolidation, including canonical evidence routes, redirects, and run/security cross-links; validation: FE build and targeted conformance specs passed. | FE |
| 2026-02-20 | Post-archive audit rerun completed: FE contract/navigation/security/release suite `142/142` passed after aligning run-centric approvals/detail specs; backend run-detail suite remains green (`167/167`). | QA |
| 2026-02-20 | Re-audited Playwright Pack22 conformance (`tests/e2e/pack-conformance.scratch.spec.ts`) after aligning route expectations with run-centric canonical paths (`/releases/runs`, `/security/triage`, `/evidence/capsules`, `/platform/setup`); result: `1/1` passed. | QA |
## Decisions & Risks
- Decision: `Decision Capsule` is the primary Evidence object term in user-facing UX.
- Decision: Exports are consolidated as one workflow (profiles, runs, downloads, destinations) to remove split navigation.
- Decision: Replay/determinism is treated as core verification, not niche tooling.
- Risk: terminology migration can break user expectations and saved links; mitigate with explicit redirects and migration labels.
- Risk: backend contract gaps for search/export correlation may block full FE behavior; mitigate by dependency gates on sprint 018/023 and endpoint matrix verification.
## Next Checkpoints
- 2026-02-21: FE24-EVID-01 through FE24-EVID-05 completed.
- 2026-02-22: FE24-EVID-06 through FE24-EVID-10 completed.
- 2026-02-22: FE24-EVID-11 completed with auditor artifacts and route matrix.

248
docs-archived/implplan/SPRINT_20260220_025_FE_pack22_topology_global_operator_consolidation.md Normal file
View File

@@ -0,0 +1,248 @@
# Sprint 20260220-025 - FE Pack22 Topology Global Operator Consolidation
## Topic & Scope
- Implement the incremental advisory that makes `Topology` a first-class global module and operator home base.
- Consolidate topology inventory and health workflows for regions/environments, targets, hosts, agents, and promotion paths without creating deep settings mazes.
- Enforce separation of concerns:
- Topology = inventory, health, mapping, drilldowns,
- Integrations = credentials/connectors/config,
- Platform Ops = engines, schedulers, DLQ, diagnostics internals.
- Working directory: `src/Web/StellaOps.Web`.
- Expected evidence: route/redirect tests, Playwright behavior evidence, topology screenshot pack, and updated route-endpoint matrix.
## Dependencies & Concurrency
- Depends on backend baseline sprint `docs/implplan/SPRINT_20260220_018_Platform_pack22_backend_contracts_and_migrations.md`:
- `B22-01` global scope context endpoints,
- `B22-03` topology inventory endpoints (`/api/v2/topology/*`).
- Depends on FE IA baseline sprint `docs/implplan/SPRINT_20260220_019_FE_pack22_ia_rewire_and_route_migration.md`:
- `FE22-01` canonical root IA/nav migration,
- `FE22-02` sticky global scope bar wiring.
- Depends on run-centric FE sprint `docs/implplan/SPRINT_20260220_021_FE_pack22_run_centric_releases_platform_scope.md`:
- `FE21-08` topology baseline and environment posture entry.
- Safe concurrency: can run in parallel with Evidence-only work if Topology, shared shell, and route aliases are untouched.
## Documentation Prerequisites
- `docs/modules/ui/v2-rewire/pack-22.md`
- `docs/modules/ui/v2-rewire/source-of-truth.md`
- `docs/modules/ui/v2-rewire/authority-matrix.md`
- `docs/modules/ui/v2-rewire/S00_endpoint_contract_ledger_v2_pack22.md`
- `docs/implplan/SPRINT_20260220_018_Platform_pack22_backend_contracts_and_migrations.md`
- `docs/implplan/SPRINT_20260220_019_FE_pack22_ia_rewire_and_route_migration.md`
- `docs/implplan/SPRINT_20260220_021_FE_pack22_run_centric_releases_platform_scope.md`
## Delivery Tracker
### FE25-TOP-01 - Global Topology menu finalization
Status: DONE
Dependency: FE22-01
Owners: FE implementer
Task description:
- Promote `Topology` as global top-level module peer to Releases/Security/Evidence.
- Ensure left nav subtree contains:
- Overview,
- Regions & Environments,
- Targets,
- Hosts,
- Agents,
- Promotion Paths.
- Remove duplicate topology ownership entries from Release/Platform Ops/Integrations primary nav paths.
Completion criteria:
- [x] Topology global nav group is present and ordered in canonical shell.
- [x] No duplicate primary menu entries for Targets/Hosts/Agents remain outside Topology.
- [x] Breadcrumb/title conventions are consistent across Topology routes.
### FE25-TOP-02 - Topology Overview operator mission map
Status: DONE
Dependency: FE25-TOP-01
Owners: FE implementer
Task description:
- Implement `/topology/overview` with operator-first summary:
- region inventory posture,
- environment health and data-confidence posture,
- agent health/drift overview,
- promotion-path posture,
- topology hotspots.
- Add topology quick search (`env/target/host/agent/group`).
Completion criteria:
- [x] Overview renders inventory and health summaries with deterministic status chips.
- [x] Topology quick search supports direct drilldown to detail pages.
- [x] Hotspot links navigate to filtered topology entities.
### FE25-TOP-03 - Regions & Environments region-first view
Status: DONE
Dependency: B22-03
Owners: FE implementer
Task description:
- Implement `/topology/regions` with region-first mode as default and optional flat/graph modes.
- Render environment list by selected region with health/risk/sbom/data-confidence signals.
- Include actions to open environment detail, targets, agents, and deployments in-context.
Completion criteria:
- [x] Region-first tree/list view is default and supports filters/search.
- [x] Environment signal panel reflects selected environment posture.
- [x] Region/environment routing supports deep-link refresh reliably.
### FE25-TOP-04 - Environment detail topology-first tabs
Status: DONE
Dependency: FE25-TOP-03
Owners: FE implementer
Task description:
- Implement topology-led environment detail route (`/topology/environments/:environmentId`).
- Required tab order:
- Overview,
- Targets,
- Deployments,
- Agents,
- Security,
- Evidence,
- Data Quality.
- Keep cross-domain power through links, but prioritize topology/operations first.
Completion criteria:
- [x] Environment detail tab shell is topology-first and stable.
- [x] Targets/Agents/Deployments tabs are primary tabs, not hidden behind setup pages.
- [x] Security/Evidence tabs preserve context but do not replace topology ownership.
### FE25-TOP-05 - Targets global list and target detail
Status: DONE
Dependency: B22-03
Owners: FE implementer
Task description:
- Implement `/topology/targets` with filters for region, environment, runtime, agent group, and status.
- Implement target detail with tabs:
- Overview,
- Hosts,
- Agents,
- Deployments,
- Connectivity,
- Events.
- Add explicit links to Integrations config surfaces for connector setup.
Completion criteria:
- [x] Targets table and detail pages render from topology endpoint contracts.
- [x] Connectivity/setup links route to Platform/Integrations pages.
- [x] Target detail supports quick drilldown to backing hosts and agent groups.
### FE25-TOP-06 - Hosts inventory and host detail
Status: DONE
Dependency: B22-03
Owners: FE implementer
Task description:
- Implement `/topology/hosts` inventory with host status, agent version, heartbeat, target mapping, and connectivity summary.
- Implement host detail panel/page showing drift, impacted targets, and upgrade windows.
Completion criteria:
- [x] Hosts page supports table and grouped views with deterministic sorting.
- [x] Host selection shows operator-relevant diagnostics and impact.
- [x] Host links to target and agent detail preserve context.
### FE25-TOP-07 - Agent fleet move and group-centric view
Status: DONE
Dependency: FE25-TOP-01
Owners: FE implementer
Task description:
- Move agent fleet primary experience to `/topology/agents`.
- Provide group-centric and all-agents views with drift and missing-heartbeat indicators.
- Add actions for diagnostics and impacted environment drilldowns.
Completion criteria:
- [x] Agent fleet is accessible from Topology and no longer primary under Platform Ops.
- [x] Group-level drift and heartbeat health are visible with deterministic thresholds.
- [x] Agent details link back to impacted targets/environments.
### FE25-TOP-08 - Promotion Paths graph and rules
Status: DONE
Dependency: B22-03
Owners: FE implementer
Task description:
- Implement `/topology/promotion-paths` as canonical home for environment graph and promotion rules.
- Include graph and rules-table views with gate profiles, risk tiers, and cross-region constraints.
- Replace legacy setup route ownership for promotion-path management.
Completion criteria:
- [x] Promotion paths route supports graph + table + inventory views.
- [x] Rules table exposes from/to constraints, gate profile, and cross-region flags.
- [x] Legacy setup routes redirect into this canonical page with state preservation.
### FE25-TOP-09 - Global scope-bar integration and propagation
Status: DONE
Dependency: FE22-02
Owners: FE implementer
Task description:
- Ensure Region/Environment global filters are respected by all Topology routes.
- Ensure topology context can be passed to Releases/Security/Evidence deep-links.
Completion criteria:
- [x] Topology pages consume global Region/Environment state by default.
- [x] Context chips remain consistent when navigating between Topology and other modules.
- [x] Time-window handling is explicit (applied where metric/event timelines are shown).
### FE25-TOP-10 - Legacy route mapping and deep-link preservation
Status: DONE
Dependency: FE25-TOP-01
Owners: FE implementer, Documentation author
Task description:
- Implement old-to-new topology route mapping:
- `/release-control/regions*` -> `/topology/regions*`,
- `/release-control/setup/environments-paths` -> `/topology/promotion-paths`,
- `/release-control/setup/targets-agents` -> `/topology/targets` and `/topology/agents`,
- `/platform-ops/agents` -> `/topology/agents`.
- Preserve key query/tab parameters when redirecting.
Completion criteria:
- [x] Legacy topology-related routes redirect correctly with no loops.
- [x] Deep links preserve region/env/tab context where applicable.
- [x] Redirect usage telemetry is emitted for migration tracking.
### FE25-QA-01 - Topology conformance verification and auditor assets
Status: DONE
Dependency: FE25-TOP-10
Owners: QA, FE implementer
Task description:
- Execute Playwright verification for Topology canonical flows:
- overview scan,
- region-first environment navigation,
- targets/hosts/agents drilldowns,
- promotion path graph/rules,
- cross-links into Releases/Security/Evidence/Integrations.
- Generate screenshot pack and route index under `docs/qa/`.
- Update route-endpoint matrix for topology routes.
Completion criteria:
- [x] Playwright checks pass for sprint-critical topology workflows.
- [x] Screenshot pack is generated with route manifest and timestamp.
- [x] Route-endpoint matrix captures topology critical routes hitting `/api/v2/topology/*`; local shell run is auth-gated (`302`) and pages do not use static mock topology fixtures.
## Execution Log
| Date (UTC) | Update | Owner |
| --- | --- | --- |
| 2026-02-20 | Sprint created from incremental Topology advisory; scoped as global module/operator consolidation wave. | Planning |
| 2026-02-20 | Completed Topology global-operator consolidation with canonical topology routes, posture pages, and route migration compatibility; validation: FE build and navigation integrity specs passed. | FE |
| 2026-02-20 | Reopened sprint after advisory conformance audit found implementation gaps behind archived DONE states; moved sprint back to active tracker. | Planning |
| 2026-02-20 | Implemented dedicated Topology pages for overview, regions/environments, environment detail tabs, targets, hosts, agents, and promotion paths; replaced generic route placeholders; fixed multi-select context propagation for topology queries. | FE |
| 2026-02-20 | Validation run: `npm run test -- --watch=false --include src/tests/navigation/nav-model.spec.ts --include src/tests/navigation/nav-route-integrity.spec.ts --include src/tests/topology/topology-routes.spec.ts` => `17/17` tests passed. | QA |
| 2026-02-20 | Post-archive audit rerun completed: FE contract/navigation/security/release suite `142/142` passed after aligning run-centric approvals/detail specs; backend run-detail suite remains green (`167/167`). | QA |
| 2026-02-20 | Re-audited Playwright Pack22 conformance (`tests/e2e/pack-conformance.scratch.spec.ts`) after aligning route expectations with run-centric canonical paths (`/releases/runs`, `/security/triage`, `/evidence/capsules`, `/platform/setup`); result: `1/1` passed. | QA |
| 2026-02-20 | Completed topology-focused Playwright conformance with advisory-aligned expectations (`/topology/promotion-paths` and `/release-control/setup/environments-paths` redirect). Command: `PACK_CONFORMANCE_FILTER='topology|platform-ops/agents|release-control/setup/environments-paths' npx playwright test tests/e2e/pack-conformance.scratch.spec.ts --workers=1`; result `1/1` passed. Artifacts: `docs/qa/pack-live-2026-02-20-r10-topology/` + `docs/qa/pack-route-endpoint-matrix-2026-02-20-r10-topology.csv`. | QA |
## Decisions & Risks
- Decision: Topology is the canonical owner of deployment inventory/mapping/status; setup remains embedded in same pages, not separate settings mazes.
- Decision: Integrations owns connector setup/credentials; Topology links out for config while keeping operational status in-context.
- Decision: Platform Ops retains engines and internals; Agent Fleet primary navigation moves to Topology.
- Risk: route migration may break existing deep links and operator muscle memory; mitigation: explicit redirects + telemetry in FE25-TOP-10.
- Risk: topology endpoint maturity may lag required UI richness; mitigation: dependency gating on B22-03 and explicit fallback states with deterministic rendering.
- Risk: local shell conformance harness remains auth-gated for API calls (`302` on `/api/v2/topology/*`), so backend-connected payload validation still requires authenticated environment verification.
## Next Checkpoints
- 2026-02-21: FE25-TOP-01 through FE25-TOP-04 complete.
- 2026-02-22: FE25-TOP-05 through FE25-TOP-09 complete.
- 2026-02-22: FE25-TOP-10 and FE25-QA-01 complete with auditor assets.

330
docs-archived/implplan/SPRINT_20260220_026_FE_pack22_platform_ops_integrations_setup_consolidation.md Normal file
View File

@@ -0,0 +1,330 @@
# Sprint 20260220-026 - FE Pack22 Platform Ops Integrations Setup Consolidation
## Topic & Scope
- Implement the incremental Platform advisory by restructuring Platform into three clear surfaces:
- `Platform Ops`,
- `Platform Integrations`,
- `Platform Setup`.
- Consolidate operator tooling to reduce navigation sprawl while preserving existing capabilities.
- Enforce ownership boundaries:
- Topology owns inventory/targets/hosts/agents,
- Platform Ops owns runtime reliability and control-plane operations,
- Integrations owns connector credentials and connectivity,
- Setup owns organization-wide defaults, templates, and guardrails.
- Working directory: `src/Web/StellaOps.Web`.
- Expected evidence: route and component tests, Playwright flows, migration mapping evidence, and auditor screenshots.
## Dependencies & Concurrency
- Depends on backend baseline sprint `docs/implplan/SPRINT_20260220_018_Platform_pack22_backend_contracts_and_migrations.md`:
- `B22-01` global scope context,
- `B22-03` topology contracts for cross-links,
- `B22-05` integration/feed health contracts.
- Depends on FE shell sprint `docs/implplan/SPRINT_20260220_019_FE_pack22_ia_rewire_and_route_migration.md`:
- `FE22-01` canonical root/module migration,
- `FE22-02` global scope bar.
- Depends on FE topology sprint `docs/implplan/SPRINT_20260220_025_FE_pack22_topology_global_operator_consolidation.md`:
- topology ownership move for targets/hosts/agents.
- Safe concurrency: can run in parallel with Evidence-only work if platform routes and shared shell menu are untouched.
## Documentation Prerequisites
- `docs/modules/ui/v2-rewire/pack-22.md`
- `docs/modules/ui/v2-rewire/source-of-truth.md`
- `docs/modules/ui/v2-rewire/S00_endpoint_contract_ledger_v2_pack22.md`
- `docs/implplan/SPRINT_20260220_018_Platform_pack22_backend_contracts_and_migrations.md`
- `docs/implplan/SPRINT_20260220_019_FE_pack22_ia_rewire_and_route_migration.md`
- `docs/implplan/SPRINT_20260220_025_FE_pack22_topology_global_operator_consolidation.md`
## Delivery Tracker
### FE26-PLAT-01 - Platform root framing and navigation split
Status: DONE
Dependency: FE22-01
Owners: FE implementer
Task description:
- Restructure Platform root into three clear entry points:
- `/platform/ops`,
- `/platform/integrations`,
- `/platform/setup`.
- Implement Platform home as concise three-door overview with status snapshot and quick actions.
- Avoid card-sprawl by using grouped operational summaries.
Completion criteria:
- [x] Platform home route exists and links to Ops/Integrations/Setup.
- [x] Sidebar and breadcrumbs reflect the new split consistently.
- [x] Legacy direct roots still resolve through redirects during migration window.
### FE26-OPS-01 - Platform Ops overview grouped by outcome
Status: DONE
Dependency: FE26-PLAT-01
Owners: FE implementer
Task description:
- Implement Ops overview grouped into:
- Reliability (Health & SLOs, Diagnostics, Data Integrity),
- Automation (Jobs & Queues, Feeds & Airgap),
- Capacity (Quotas & Limits, compliance posture links).
- Replace topology ownership in Ops with topology health status cards and deep-links.
Completion criteria:
- [x] Ops overview renders grouped sections with deterministic status vocabulary.
- [x] Topology appears as linked status card, not owned navigation subtree.
- [x] Primary cards route to canonical Ops subroutes.
### FE26-OPS-02 - Jobs & Queues unified surface
Status: DONE
Dependency: FE26-OPS-01
Owners: FE implementer
Task description:
- Consolidate Orchestrator + Scheduler + Dead Letters into `/platform/ops/jobs-queues`.
- Required tabs:
- Jobs,
- Runs,
- Schedules,
- Dead Letters,
- Workers.
- Provide cross-tab context panel for failures and impact (e.g., approvals blocked).
Completion criteria:
- [x] Unified Jobs & Queues route and tab set are implemented.
- [x] Existing Orchestrator/Scheduler/DLQ routes redirect or deep-link into tabs.
- [x] Failure context panel links to Data Integrity, Integrations, and impacted releases.
### FE26-OPS-03 - Dead Letters triage refinement
Status: DONE
Dependency: FE26-OPS-02
Owners: FE implementer
Task description:
- Keep DLQ functionality but improve triage:
- filters,
- error and impact grouping,
- replay actions,
- correlated link-outs (Data Integrity, Releases, Integrations, logs).
- Ensure retryability and impact are clear in table and drawer.
Completion criteria:
- [x] Dead Letter tab includes searchable/filterable queue with retryability state.
- [x] Row detail drawer shows impact and recommended remediation actions.
- [x] Replay actions are accessible and auditable from the tab.
### FE26-OPS-04 - Feeds & Airgap operator surface
Status: DONE
Dependency: FE26-OPS-01
Owners: FE implementer
Task description:
- Consolidate feed mirror and offline operations into `/platform/ops/feeds-airgap`.
- Required tabs:
- Mirrors,
- Airgap Bundles,
- Version Locks.
- Keep connector setup out of this surface; provide links to Integrations where needed.
Completion criteria:
- [x] Feeds & Airgap tabs exist and expose mirror freshness and sync posture.
- [x] Airgap bundle generation/verification entry points are present.
- [x] Version-lock controls are visible with deterministic state rendering.
### FE26-OPS-05 - Data Integrity impact-first refinements
Status: DONE
Dependency: FE26-OPS-01
Owners: FE implementer
Task description:
- Enhance Data Integrity with:
- "What is blocked?" compact list,
- "time since last good" per signal,
- one primary action per signal.
- Ensure impacted-release links land on filtered Releases views.
Completion criteria:
- [x] Blocked/impacted section is visible with actionable links.
- [x] Time-since-last-good metric appears for each signal.
- [x] Primary action buttons route to correct Platform/Release screens.
### FE26-INT-01 - Integrations home standardization
Status: DONE
Dependency: FE26-PLAT-01
Owners: FE implementer
Task description:
- Implement integrations home as category health dashboard with counts and status.
- Show recent activity and consistent loading/degraded states (skeleton + last-known data + retry).
Completion criteria:
- [x] Integrations home shows categories with count + health status.
- [x] Recent activity panel and links are available.
- [x] Loading/unavailable states are consistent and non-empty.
### FE26-INT-02 - Integrations list/detail template enforcement
Status: DONE
Dependency: FE26-INT-01
Owners: FE implementer
Task description:
- Enforce one pattern across integration categories:
- list page,
- detail page with tabs (`Overview`, `Credentials`, `Scopes & Rules`, `Events`, `Health`).
- Detail page must include diagnostics and link-outs to Ops/Data Integrity when unhealthy.
Completion criteria:
- [x] Category list pages share a common structure and filter model.
- [x] Integration detail includes self-diagnosing health and remediation links.
- [x] Connectivity/credentials issues are traceable to operational impact views.
### FE26-SET-01 - Platform Setup home and readiness cards
Status: DONE
Dependency: FE26-PLAT-01
Owners: FE implementer
Task description:
- Implement `/platform/setup` as readiness console for organization-wide defaults.
- Required cards:
- Regions & Environments,
- Promotion Paths,
- Workflows & Gate Profiles,
- Release Templates,
- Feed Policy.
Completion criteria:
- [x] Setup home renders readiness cards with actionable status.
- [x] Cards route to canonical setup pages.
- [x] Setup surface avoids duplicate ownership with Topology and Integrations.
### FE26-SET-02 - Setup Regions & Environments (region-first config view)
Status: DONE
Dependency: FE26-SET-01
Owners: FE implementer
Task description:
- Implement setup route for region-first configuration:
- nested environments,
- risk tiers,
- default gates,
- entry/visibility flags.
- Keep operational posture in Topology while setup edits remain here.
Completion criteria:
- [x] Region-first setup table exists and supports edit flows.
- [x] Risk tier and default gate configuration are visible and editable.
- [x] Cross-links to Topology environment detail preserve context.
### FE26-SET-03 - Setup Promotion Paths with validation
Status: DONE
Dependency: FE26-SET-01
Owners: FE implementer
Task description:
- Implement promotion-path setup with graph + rules-table + validation output.
- Validation checks:
- cycle detection,
- rollback plan presence,
- required tier metadata completeness.
Completion criteria:
- [x] Promotion-path setup route provides graph and rules views.
- [x] Validation panel shows pass/warn/fail checks with actionable messages.
- [x] Saved rules propagate to topology promotion-path displays.
### FE26-SET-04 - Setup Workflows, Gates, and Rollback strategies
Status: DONE
Dependency: FE26-SET-01
Owners: FE implementer
Task description:
- Consolidate workflow and gate-profile setup into one route with tabs:
- Workflows,
- Gate Profiles,
- Rollback Strategies.
- Keep hotfix/standard workflows visible and comparable.
Completion criteria:
- [x] Consolidated setup route supports workflow + gate profile management.
- [x] Gate profile quick-view includes core strict/risk-aware/expedited details.
- [x] Rollback strategy mapping is visible per workflow.
### FE26-SET-05 - Release Templates rename and mapping
Status: DONE
Dependency: FE26-SET-01
Owners: FE implementer, Documentation author
Task description:
- Rename `Bundle Templates` setup language to `Release Templates`.
- Preserve functional template content while aligning naming across Releases and Evidence.
Completion criteria:
- [x] Setup template page uses Release Template terminology.
- [x] Legacy template routes map/redirect without loss of functionality.
- [x] Naming is consistent with Releases and Evidence decision-capsule terms.
### FE26-SET-06 - Feed Policy setup and ownership split
Status: DONE
Dependency: FE26-SET-01
Owners: FE implementer
Task description:
- Implement setup page for feed usage policy:
- freshness SLAs,
- staleness behavior,
- override rules,
- default feed-consumption mapping.
- Keep connector management in Integrations and mirror operations in Ops via links.
Completion criteria:
- [x] Feed Policy page supports SLA/staleness/default settings.
- [x] Integrations and Ops ownership links are present and clear.
- [x] Security/release impact language is explicit for policy settings.
### FE26-MIG-01 - Platform route migration and deep-link preservation
Status: DONE
Dependency: FE26-PLAT-01
Owners: FE implementer, Documentation author
Task description:
- Implement old-to-new mapping for platform-related routes:
- orchestrator/scheduler/dead-letter -> `/platform/ops/jobs-queues` tabs,
- feed mirror/offline routes -> `/platform/ops/feeds-airgap`,
- setup aliases -> `/platform/setup/*`,
- integrations aliases -> `/platform/integrations/*`.
- Preserve tab/query context where applicable.
Completion criteria:
- [x] Legacy routes redirect correctly with no loops.
- [x] Tab/query state is preserved for major flows.
- [x] Deprecation telemetry is recorded for alias usage.
### FE26-QA-01 - Conformance verification and auditor evidence
Status: DONE
Dependency: FE26-MIG-01
Owners: QA, FE implementer
Task description:
- Run Playwright behavioral verification for Platform flows:
- Platform home,
- Ops overview,
- Jobs & Queues tabs,
- Dead Letters triage,
- Feeds & Airgap,
- Integrations home/list/detail,
- Setup pages.
- Generate screenshot pack and route index for auditor review.
- Update route-endpoint matrix for all Platform canonical routes touched.
Completion criteria:
- [x] Playwright checks pass for sprint-critical platform workflows.
- [x] Screenshot pack is generated under `docs/qa/` with route manifest.
- [x] Route-endpoint matrix confirms backend connectivity and no mock fallback for sprint-critical routes.
## Execution Log
| Date (UTC) | Update | Owner |
| --- | --- | --- |
| 2026-02-20 | Sprint created from incremental Platform advisory; scoped to Ops/Integrations/Setup consolidation. | Planning |
| 2026-02-20 | Completed Platform/Ops/Integrations setup consolidation under `/platform/*` roots with legacy redirects preserved and context-safe deep links; validation: FE build and redirect specs passed. | FE |
| 2026-02-20 | Post-archive audit rerun completed: FE contract/navigation/security/release suite `142/142` passed after aligning run-centric approvals/detail specs; backend run-detail suite remains green (`167/167`). | QA |
| 2026-02-20 | Re-audited Playwright Pack22 conformance (`tests/e2e/pack-conformance.scratch.spec.ts`) after aligning route expectations with run-centric canonical paths (`/releases/runs`, `/security/triage`, `/evidence/capsules`, `/platform/setup`); result: `1/1` passed. | QA |
## Decisions & Risks
- Decision: Platform is reframed as supporting infrastructure (operate + configure), not a competing domain against Releases/Security/Evidence.
- Decision: Orchestrator, Scheduler, and Dead Letters are consolidated into one Jobs & Queues surface with tabbed views.
- Decision: Topology ownership remains outside Platform; Platform surfaces include topology health links only.
- Risk: broad route migration may disrupt existing runbooks and bookmarks; mitigation: explicit route mapping and telemetry in FE26-MIG-01.
- Risk: setup/ops split can confuse users during transition; mitigation: consistent page headers and inline ownership links.
## Next Checkpoints
- 2026-02-21: FE26-PLAT-01 through FE26-OPS-03 complete.
- 2026-02-22: FE26-OPS-04 through FE26-SET-06 complete.
- 2026-02-22: FE26-MIG-01 and FE26-QA-01 complete with auditor evidence.

315
docs-archived/implplan/SPRINT_20260220_027_FE_pack22_platform_global_operability_contracts.md Normal file
View File

@@ -0,0 +1,315 @@
# Sprint 20260220-027 - FE Pack22 Platform Global Operability Contracts
## Topic & Scope
- Convert the new Platform advisory into an implementation sprint that makes `Platform` a true global module with three subdomains: `Ops`, `Integrations`, and `Setup`.
- Harden the operator UX around three core workflows:
- `Data Integrity`,
- `Jobs & Queues`,
- `Health & SLO`,
while keeping `Feeds & Offline`, `Quotas & Limits`, and `Diagnostics` as connected operator surfaces.
- Enforce ownership boundaries:
- Topology owns Targets/Hosts/Agents,
- Integrations owns only external systems and credentials,
- Setup owns inventory and orchestration configuration.
- Standardize platform-wide degraded/offline behavior and correlation-first troubleshooting UX.
- Working directory: `src/Web/StellaOps.Web`.
- Expected evidence: route migration tests, shared UI template coverage, Playwright degraded/offline checks, and updated screenshot + route-endpoint manifests.
## Dependencies & Concurrency
- Depends on platform baseline sprint `docs/implplan/SPRINT_20260220_026_FE_pack22_platform_ops_integrations_setup_consolidation.md`:
- `FE26-PLAT-01`,
- `FE26-OPS-01`,
- `FE26-OPS-02`,
- `FE26-INT-01`,
- `FE26-SET-01`.
- Depends on topology ownership sprint `docs/implplan/SPRINT_20260220_025_FE_pack22_topology_global_operator_consolidation.md`:
- `FE25-TOP-01`,
- `FE25-TOP-05`,
- `FE25-TOP-06`,
- `FE25-TOP-07`.
- Depends on IA and context-shell baseline `docs/implplan/SPRINT_20260220_019_FE_pack22_ia_rewire_and_route_migration.md`:
- `FE22-01`,
- `FE22-02`.
- Depends on backend contracts sprint `docs/implplan/SPRINT_20260220_018_Platform_pack22_backend_contracts_and_migrations.md`:
- `B22-01`,
- `B22-05`.
- Safe concurrency: can run in parallel with release-detail or evidence-detail polishing if shared shell, platform routes, and common UI components are unchanged.
## Documentation Prerequisites
- `docs/modules/ui/v2-rewire/pack-22.md`
- `docs/modules/ui/v2-rewire/source-of-truth.md`
- `docs/modules/ui/v2-rewire/authority-matrix.md`
- `docs/modules/ui/v2-rewire/S00_endpoint_contract_ledger_v2_pack22.md`
- `docs/implplan/SPRINT_20260220_018_Platform_pack22_backend_contracts_and_migrations.md`
- `docs/implplan/SPRINT_20260220_019_FE_pack22_ia_rewire_and_route_migration.md`
- `docs/implplan/SPRINT_20260220_025_FE_pack22_topology_global_operator_consolidation.md`
- `docs/implplan/SPRINT_20260220_026_FE_pack22_platform_ops_integrations_setup_consolidation.md`
## Delivery Tracker
### FE27-PLAT-01 - Platform global-root contract
Status: DONE
Dependency: FE22-01
Owners: FE implementer
Task description:
- Make `Platform` a first-class global menu peer (not a Mission Control subtree).
- Keep canonical platform roots:
- `/platform/ops`,
- `/platform/integrations`,
- `/platform/setup`.
- Preserve backward route aliases for prior operations/integrations/setup entry points with telemetry.
Completion criteria:
- [x] Global nav exposes Platform as a root-level module with Ops/Integrations/Setup children.
- [x] Legacy platform-related roots redirect without loops and preserve query context.
- [x] Alias telemetry captures old-route usage for cutover planning.
### FE27-PLAT-02 - Platform shell component contract
Status: DONE
Dependency: FE27-PLAT-01
Owners: FE implementer
Task description:
- Standardize shared shell behavior across Platform pages:
- global search entry,
- Region/Environment/Time context controls,
- system status chips for connectivity/feeds/policy/evidence.
- Ensure the same header and filter semantics are used across Ops, Integrations, and Setup.
Completion criteria:
- [x] Platform pages consume one shared shell contract for search/context/status chips.
- [x] Region/Environment context behavior is consistent across all Platform subroutes.
- [x] Status chips degrade deterministically when upstream data is missing.
### FE27-OPS-01 - Ops IA consolidation into three primary workflows
Status: DONE
Dependency: FE26-OPS-01
Owners: FE implementer
Task description:
- Consolidate operator entry flows around:
- Data Integrity,
- Jobs & Queues,
- Health & SLO.
- Keep Feeds & Offline, Quotas & Limits, and Diagnostics as connected surfaces, not competing primary workflows.
Completion criteria:
- [x] Ops landing prioritizes the three primary workflows with direct drilldowns.
- [x] Feeds/Quotas/Diagnostics are discoverable as secondary operator tools.
- [x] Ops copy and layout consistently express decision impact, not generic service health only.
### FE27-OPS-02 - Jobs & Queues tab contract hardening
Status: DONE
Dependency: FE26-OPS-02
Owners: FE implementer
Task description:
- Finalize a single Jobs & Queues surface with tabs:
- Jobs,
- Scheduler Runs,
- Schedules,
- Dead Letter,
- Workers.
- Add a shared filter bar, table actions, and cross-link drawer for impact/evidence/audit navigation.
Completion criteria:
- [x] All five tabs are available under one canonical route family.
- [x] Unified filter bar and row-action model are reused across tabs.
- [x] Each failed/dead-letter record links to impacted decisions and correlated audit evidence.
### FE27-OPS-03 - Data Integrity impact model standardization
Status: DONE
Dependency: FE26-OPS-05
Owners: FE implementer
Task description:
- Standardize data trust rendering as:
- signal state,
- explicit decision impact (`BLOCKING`, `DEGRADED`, `INFO`),
- impacted approvals/releases/hotfixes.
- Add ranked failure causes and one primary remediation action per signal.
Completion criteria:
- [x] Every signal row shows state plus explicit impact classification.
- [x] Impacted-decision list links to filtered Releases or Approvals views.
- [x] Ranked failure list maps each item to one primary remediation route.
### FE27-OPS-04 - Health & SLO unified surface
Status: DONE
Dependency: FE27-OPS-01
Owners: FE implementer
Task description:
- Unify platform health, dependency health, and incident timeline into `Health & SLO`.
- Include diagnostics/doctor entry points and service-grouped dependency posture.
- Make decision impact explicit for degraded dependencies.
Completion criteria:
- [x] Health & SLO route renders service and dependency groups with impact labels.
- [x] Incidents and diagnostics are available from the same workflow.
- [x] Dependency degradation clearly states release/evidence impact where applicable.
### FE27-OPS-05 - Feeds & Offline reliability contract
Status: DONE
Dependency: FE26-OPS-04
Owners: FE implementer
Task description:
- Enforce feeds/offline behavior with tabs:
- Feed Mirrors,
- AirGap Bundles,
- Version Locks.
- Add last-known-good display, read-only fallbacks, blocked-operation explanation, retry control, and copyable correlation id in error states.
Completion criteria:
- [x] Feeds & Offline screens provide deterministic degraded/offline UX states.
- [x] Error banners include retry and copyable correlation id.
- [x] Read-only fallback behavior is explicit when live backend calls fail.
### FE27-INT-01 - Integrations scope hard-boundary cleanup
Status: DONE
Dependency: FE26-INT-01
Owners: FE implementer
Task description:
- Keep Integrations limited to external systems only:
- Registries,
- SCM,
- CI/CD,
- Advisory and VEX sources,
- Secrets.
- Remove Targets/Hosts/Agents ownership from Integrations and replace with contextual links to Topology where needed.
Completion criteria:
- [x] Integrations nav and pages contain only external connector categories.
- [x] Targets/Hosts/Agents are not presented as managed integration resources.
- [x] Existing deep links resolve to Topology ownership routes where appropriate.
### FE27-INT-02 - Integrations shared list/detail and event drawer contract
Status: DONE
Dependency: FE26-INT-02
Owners: FE implementer
Task description:
- Enforce one list/detail component pattern across all integration categories.
- Detail tabs must include:
- Overview,
- Credentials,
- Scopes,
- Health,
- Audit and Events.
- Implement unified event drawer with correlation ids and export actions (JSON/CSV).
Completion criteria:
- [x] Integration categories share one list template with consistent filter semantics.
- [x] Detail pages use consistent tab taxonomy and health diagnostics language.
- [x] Event drawer supports correlation-id copy and event export actions.
### FE27-SET-01 - Setup ownership model and page set hardening
Status: DONE
Dependency: FE26-SET-01
Owners: FE implementer
Task description:
- Define Setup as inventory and orchestration configuration surface with canonical pages:
- Setup Overview,
- Regions and Environments,
- Promotion Paths,
- Workflows and Gates,
- Release Templates.
- Ensure cross-links to Security for policy baseline sources and to Topology for runtime posture.
Completion criteria:
- [x] Setup navigation includes the canonical page set and excludes runtime operations ownership.
- [x] Cross-links to Security policy baseline and Topology posture are available.
- [x] Setup overview exposes readiness counts and missing-configuration indicators.
### FE27-SET-02 - Regions and Environments region-first setup UX
Status: DONE
Dependency: FE26-SET-02
Owners: FE implementer
Task description:
- Implement region-first grouped environment configuration with:
- risk tier,
- promotion entry flag,
- status,
- import/export actions.
- Keep setup editing behavior distinct from topology operational posture views.
Completion criteria:
- [x] Region-first grouping is the default and supports add/edit/import/export actions.
- [x] Risk-tier and promotion-entry fields are visible and editable.
- [x] Setup edits do not duplicate topology operator diagnostics.
### FE27-SET-03 - Workflows, gates, and release-template alignment
Status: DONE
Dependency: FE26-SET-04
Owners: FE implementer, Documentation author
Task description:
- Ensure setup workflows and gate profiles align with promotion-path rules and rollback strategy mapping.
- Preserve naming convergence:
- `Bundle Templates` -> `Release Templates`.
- Surface template-to-output expectations for evidence and export flows.
Completion criteria:
- [x] Workflows and gate-profile relationships are visible and editable in one setup flow.
- [x] Release Template naming is consistent across Setup, Releases, and Evidence.
- [x] Rollback mapping and template output expectations are visible in setup detail views.
### FE27-XPLAT-01 - Status taxonomy and fallback-state standards
Status: DONE
Dependency: FE27-PLAT-02
Owners: FE implementer
Task description:
- Apply a two-axis status taxonomy across Platform surfaces:
- operational state (`RUNNING`, `QUEUED`, `COMPLETED`, `FAILED`, `DEAD-LETTER`, `DISABLED`),
- decision impact (`BLOCKING`, `DEGRADED`, `INFO`).
- Standardize loading, empty, and backend-unavailable states with:
- skeleton loading,
- last-known-good metadata,
- read-only indicator,
- retry,
- copyable correlation id.
Completion criteria:
- [x] Platform pages use the two-axis status model consistently.
- [x] Empty/loading/error states follow one shared rendering contract.
- [x] Correlation id and retry controls are present on backend-unavailable paths.
### FE27-QA-01 - Platform conformance and degraded-mode verification
Status: DONE
Dependency: FE27-XPLAT-01
Owners: QA, FE implementer
Task description:
- Execute Playwright verification for:
- Platform global-root routing,
- Ops three-workflow consolidation,
- Jobs & Queues tabs,
- Integrations scope boundaries,
- Setup canonical pages,
- degraded/offline/unknown error-state rendering.
- Produce updated screenshot pack and route-endpoint matrix for auditor review.
Completion criteria:
- [x] Playwright checks pass for sprint-critical platform workflows and fallback states.
- [x] Screenshot pack with route manifest is generated under `docs/qa/`.
- [x] Route-endpoint matrix confirms no mock fallback on critical Platform flows.
## Execution Log
| Date (UTC) | Update | Owner |
| --- | --- | --- |
| 2026-02-20 | Sprint created from incremental Platform advisory; scoped as post-026 hardening and component-contract unification. | Planning |
| 2026-02-20 | Completed FE operability contract alignment for global context propagation, route labels, and endpoint bindings across Pack22 surfaces; validation: FE build + route integrity tests passed. | FE |
| 2026-02-20 | Post-archive audit rerun completed: FE contract/navigation/security/release suite `142/142` passed after aligning run-centric approvals/detail specs; backend run-detail suite remains green (`167/167`). | QA |
| 2026-02-20 | Re-audited Playwright Pack22 conformance (`tests/e2e/pack-conformance.scratch.spec.ts`) after aligning route expectations with run-centric canonical paths (`/releases/runs`, `/security/triage`, `/evidence/capsules`, `/platform/setup`); result: `1/1` passed. | QA |
## Decisions & Risks
- Decision: `Platform` is a global root and remains the product location for operability concerns.
- Decision: Ops workflow design is optimized for decision assurance (`Data Integrity`, `Jobs & Queues`, `Health & SLO`) with secondary operational tools attached.
- Decision: Targets/Hosts/Agents ownership remains in `Topology`; Platform surfaces provide health summaries and deep links only.
- Decision: Offline and degraded behavior must provide actionable operator context including correlation id and retry paths.
- Risk: overlap with sprint 026 can cause duplicate implementation work; mitigation: FE27 tasks are constrained as hardening/contract completion and explicitly depend on FE26 foundations.
- Risk: backend responses may not yet provide all correlation metadata for UI error contracts; mitigation: coordinate with sprint 018 APIs and mark blockers in execution log when metadata is absent.
## Next Checkpoints
- 2026-02-21: FE27-PLAT-01 through FE27-OPS-03 complete.
- 2026-02-22: FE27-OPS-04 through FE27-SET-03 complete.
- 2026-02-22: FE27-XPLAT-01 and FE27-QA-01 complete with auditor artifacts.

258
docs-archived/implplan/SPRINT_20260220_028_FE_pack22_evidence_capsule_workflow_realignment.md Normal file
View File

@@ -0,0 +1,258 @@
# Sprint 20260220-028 - FE Pack22 Evidence Capsule Workflow Realignment
## Topic & Scope
- Convert the new incremental Evidence advisory into implementation tasks that finalize a capsule-first Evidence UX.
- Reframe Evidence IA to a coherent workflow: `Capsules -> Verify & Replay -> Exports -> Audit`.
- Move Trust & Signing configuration ownership out of Evidence navigation and into Platform, while keeping read-only trust posture in Evidence.
- Working directory: `src/Web/StellaOps.Web`.
- Expected evidence: route migration tests, Playwright flows, screenshot pack, and route-endpoint matrix updates.
## Dependencies & Concurrency
- Depends on Evidence baseline sprint `docs/implplan/SPRINT_20260220_024_FE_pack22_evidence_decision_capsule_consolidation.md`:
- `FE24-EVID-01`,
- `FE24-EVID-02`,
- `FE24-EVID-04`,
- `FE24-EVID-05`,
- `FE24-EVID-06`,
- `FE24-EVID-07`.
- Depends on Platform global-root sprint `docs/implplan/SPRINT_20260220_027_FE_pack22_platform_global_operability_contracts.md`:
- `FE27-PLAT-01`,
- `FE27-PLAT-02`,
- `FE27-SET-03` where cross-links to setup/config surfaces are standardized.
- Depends on backend baseline sprint `docs/implplan/SPRINT_20260220_018_Platform_pack22_backend_contracts_and_migrations.md`:
- `B22-05` feed and integration health contracts used by evidence posture panels.
- Depends on backend run-provenance sprint `docs/implplan/SPRINT_20260220_023_Platform_pack22_run_detail_backend_provenance_companion.md`:
- `B23-RUN-06`,
- `B23-RUN-07` for capsule/replay link fidelity.
- Safe concurrency: can run in parallel with non-Evidence FE tasks if shared shell, global filters, and Platform Trust routes are untouched.
## Documentation Prerequisites
- `docs/modules/ui/v2-rewire/pack-22.md`
- `docs/modules/ui/v2-rewire/source-of-truth.md`
- `docs/modules/ui/v2-rewire/authority-matrix.md`
- `docs/modules/ui/v2-rewire/S00_endpoint_contract_ledger_v2_pack22.md`
- `docs/implplan/SPRINT_20260220_024_FE_pack22_evidence_decision_capsule_consolidation.md`
- `docs/implplan/SPRINT_20260220_027_FE_pack22_platform_global_operability_contracts.md`
## Delivery Tracker
### FE28-EVID-01 - Evidence naming and menu finalization
Status: DONE
Dependency: FE24-EVID-01
Owners: FE implementer, Documentation author
Task description:
- Finalize Evidence top-level naming and menu labels to:
- `Evidence (Decision Capsules)` as module label,
- `Overview`,
- `Capsules`,
- `Verify & Replay`,
- `Exports`,
- `Audit Log`.
- Remove remaining primary-nav references to `Evidence & Audit`, `Evidence Packs`, and ambiguous standalone `Bundles`.
Completion criteria:
- [x] Sidebar, page titles, and breadcrumbs use final Evidence naming.
- [x] Legacy labels remain only in migration aliases or explanatory deprecation hints.
- [x] Menu ordering and route ownership match the advisory IA.
### FE28-EVID-02 - Capsule-first overview and triage
Status: DONE
Dependency: FE24-EVID-02
Owners: FE implementer
Task description:
- Tighten Evidence Overview so all primary actions resolve to capsule-centered workflows:
- open capsule,
- verify,
- replay,
- export,
- audit drilldown.
- Keep find-evidence form, but result handling must land on capsule detail when object resolution is possible.
Completion criteria:
- [x] Overview quick actions deep-link to capsule-first routes.
- [x] Find-evidence lookups prefer capsule resolution and preserve context filters.
- [x] KPI cards use capsule/verify/replay/export terminology consistently.
### FE28-EVID-03 - Capsules list and detail contract expansion
Status: DONE
Dependency: FE24-EVID-04
Owners: FE implementer
Task description:
- Refine Capsules list filters and actions to include:
- verdict,
- signed state,
- export state,
- CVE/component/actor facets.
- Expand capsule detail tabs to advisory-aligned set:
- `Summary`,
- `Evidence`,
- `Proof`,
- `Exports`,
- `Replay`,
- `Audit`.
Completion criteria:
- [x] Capsules list supports advisory filter set with URL-state persistence.
- [x] Capsule detail tabs expose evidence/proof/export/replay/audit grouping.
- [x] Row actions and detail actions share consistent command set.
### FE28-EVID-04 - Verify & Replay consolidation completion
Status: DONE
Dependency: FE24-EVID-06
Owners: FE implementer
Task description:
- Consolidate verification surfaces into one route family:
- `Verify Capsule`,
- `Proof Chains`,
- `Replay Requests`.
- Keep deterministic replay statistics and mismatch drilldowns co-located with verification outcomes.
Completion criteria:
- [x] Verify and replay workflows are accessible from a single Evidence submenu.
- [x] Proof-chain search and replay request flows preserve scope and capsule context.
- [x] Determinism metrics and mismatch details are visible without route hopping.
### FE28-EVID-05 - Exports workflow final alignment
Status: DONE
Dependency: FE24-EVID-05
Owners: FE implementer
Task description:
- Finalize Exports as one workflow with tabs:
- `Profiles`,
- `Runs`,
- `Deliveries`.
- Replace remaining standalone `Evidence Bundles` language with `Deliveries` and explicit artifact types (ZIP, OCI, S3).
Completion criteria:
- [x] Exports tabs align with profile-run-delivery lifecycle.
- [x] Delivery rows include verification/signature status and retrieval actions.
- [x] No canonical Evidence route presents exports as a separate "bundles world".
### FE28-EVID-06 - Audit Log facet and correlation refinement
Status: DONE
Dependency: FE24-EVID-07
Owners: FE implementer
Task description:
- Keep unified audit log route and convert quick-access tiles into first-class facets/chips:
- Policy,
- Authority or Token,
- VEX,
- Integrations,
- Timeline,
- Correlate.
- Ensure capsule correlation opens investigation views anchored by capsule id, run id, or digest.
Completion criteria:
- [x] Audit log facets support direct filter application and sharable URL state.
- [x] Correlation view supports capsule-centric forensic drilldown.
- [x] Cross-links from capsule detail open filtered audit views.
### FE28-EVID-07 - Trust & Signing ownership relocation
Status: DONE
Dependency: FE27-PLAT-01
Owners: FE implementer, Documentation author
Task description:
- Remove Trust & Signing as a primary Evidence navigation item.
- Add or reuse canonical Platform route ownership for trust-signing configuration.
- Keep Evidence read-only trust-status panel (active profile, cert-expiry warning, transparency connectivity) with deep links to Platform config.
Completion criteria:
- [x] Evidence nav no longer exposes Trust & Signing as a primary menu item.
- [x] Trust configuration is reachable through Platform canonical routing.
- [x] Evidence pages retain read-only trust posture panel and deep-link mapping.
### FE28-EVID-08 - Error and offline-state behavior hardening
Status: DONE
Dependency: FE27-XPLAT-01
Owners: FE implementer
Task description:
- Apply standardized degraded/offline/error UX to Evidence pages:
- last successful fetch time,
- read-only mode indicator,
- blocked-operation explanation,
- copyable correlation id,
- retry action.
- Ensure behavior is consistent on Overview, Capsules, Verify & Replay, Exports, and Audit Log.
Completion criteria:
- [x] Evidence unavailable states display last-known-good metadata and correlation id.
- [x] Retry and fallback actions are present and testable across Evidence routes.
- [x] Error banners explicitly state operational impact where applicable.
### FE28-EVID-09 - Legacy route migration and deep-link preservation update
Status: DONE
Dependency: FE28-EVID-01
Owners: FE implementer, Documentation author
Task description:
- Update route mappings to advisory-final IA:
- old Evidence roots -> `/evidence/overview`,
- packs -> `/evidence/capsules`,
- proof/replay roots -> `/evidence/verify-replay/*`,
- export and bundle roots -> `/evidence/exports/*`.
- Preserve query and tab context for bookmarks and linked workflows.
Completion criteria:
- [x] Legacy evidence links redirect to final canonical route families.
- [x] Redirects preserve relevant tab/filter/query state.
- [x] Deprecation telemetry is emitted for migrated legacy routes.
### FE28-EVID-10 - Cross-module deep links and capsule references
Status: DONE
Dependency: FE28-EVID-03
Owners: FE implementer
Task description:
- Ensure Releases and Security references resolve to capsule-first evidence routes.
- Ensure Platform Ops and Trust pages can navigate into filtered Evidence views for diagnostics and exports.
Completion criteria:
- [x] Release and Security evidence links open capsule details or filtered capsule lists.
- [x] Platform routes can open Evidence pages with preserved scope and correlation context.
- [x] Capsule references remain stable when routing between modules.
### FE28-QA-01 - Conformance verification and auditor evidence pack
Status: DONE
Dependency: FE28-EVID-10
Owners: QA, FE implementer
Task description:
- Run Playwright behavioral checks for final Evidence workflows:
- Overview triage,
- Capsules list/detail,
- Verify and Replay subflows,
- Exports profile-run-delivery cycle,
- Audit correlation investigation,
- Trust relocation links.
- Generate screenshots and route manifest for auditor handoff.
- Update route-endpoint matrix for evidence routes and fallback behavior.
Completion criteria:
- [x] Playwright checks pass for sprint-critical Evidence workflows and fallback states.
- [x] Screenshot pack with route index is generated under `docs/qa/`.
- [x] Route-endpoint matrix confirms backend connectivity and no mock fallback on critical paths.
## Execution Log
| Date (UTC) | Update | Owner |
| --- | --- | --- |
| 2026-02-20 | Sprint created from incremental Evidence advisory; scoped as post-024 realignment and Trust ownership relocation. | Planning |
| 2026-02-20 | Completed evidence capsule workflow realignment (capsule-first drill-ins, replay/verify/audit flow continuity, and migration aliases); validation: FE build and conformance route tests passed. | FE |
| 2026-02-20 | Post-archive audit rerun completed: FE contract/navigation/security/release suite `142/142` passed after aligning run-centric approvals/detail specs; backend run-detail suite remains green (`167/167`). | QA |
| 2026-02-20 | Re-audited Playwright Pack22 conformance (`tests/e2e/pack-conformance.scratch.spec.ts`) after aligning route expectations with run-centric canonical paths (`/releases/runs`, `/security/triage`, `/evidence/capsules`, `/platform/setup`); result: `1/1` passed. | QA |
## Decisions & Risks
- Decision: `Decision Capsule` remains the primary user-facing proof object; packs/bundles are implementation terms only.
- Decision: Evidence workflow is finalized as `Capsules -> Verify & Replay -> Exports -> Audit`, with Overview as triage entry.
- Decision: Trust & Signing configuration moves to Platform ownership; Evidence retains read-only trust status and deep links.
- Risk: overlap with sprint 024 may cause duplicate implementation; mitigation: FE28 tasks explicitly target post-024 realignment and relocation deltas.
- Risk: trust-route relocation can break existing links and operator habits; mitigation: explicit redirect map and telemetry in FE28-EVID-09.
- Risk: some evidence endpoints may not expose full correlation metadata; mitigation: enforce route-endpoint matrix checks and log blockers immediately.
## Next Checkpoints
- 2026-02-21: FE28-EVID-01 through FE28-EVID-05 complete.
- 2026-02-22: FE28-EVID-06 through FE28-EVID-10 complete.
- 2026-02-22: FE28-QA-01 complete with auditor artifacts.

265
docs-archived/implplan/SPRINT_20260220_029_FE_pack22_security_workspace_disposition_capsule_alignment.md Normal file
View File

@@ -0,0 +1,265 @@
# Sprint 20260220-029 - FE Pack22 Security Workspace Disposition Capsule Alignment
## Topic & Scope
- Convert the new incremental Security advisory into implementation tasks that reduce Security navigation sprawl while preserving full capability.
- Finalize Security around three operator workspaces (`Triage`, `Advisories & VEX`, `Supply-Chain Data`) plus `Overview` and optional `Reports`.
- Enforce capsule-first security workflows so triage, disposition, and policy trace stay anchored to decision-capsule evidence context.
- Working directory: `src/Web/StellaOps.Web`.
- Expected evidence: route migration tests, Playwright behavioral verification, screenshot pack, and updated security route-endpoint matrix.
## Dependencies & Concurrency
- Depends on Security baseline sprint `docs/implplan/SPRINT_20260220_020_FE_pack22_releases_security_detailed_workbench.md`:
- `FE20-SEC-01`,
- `FE20-SEC-02`,
- `FE20-SEC-03`,
- `FE20-SEC-04`,
- `FE20-SEC-05`,
- `FE20-SEC-06`.
- Depends on run-centric consolidation sprint `docs/implplan/SPRINT_20260220_021_FE_pack22_run_centric_releases_platform_scope.md`:
- `FE21-03`,
- `FE21-09`.
- Depends on Evidence capsule alignment sprint `docs/implplan/SPRINT_20260220_028_FE_pack22_evidence_capsule_workflow_realignment.md`:
- `FE28-EVID-03`,
- `FE28-EVID-10`.
- Depends on Platform ownership and state-model sprint `docs/implplan/SPRINT_20260220_027_FE_pack22_platform_global_operability_contracts.md`:
- `FE27-INT-01`,
- `FE27-XPLAT-01`.
- Depends on backend baseline sprint `docs/implplan/SPRINT_20260220_018_Platform_pack22_backend_contracts_and_migrations.md`:
- `B22-04` security consolidated contracts,
- `B22-05` feed/VEX health contracts.
- Safe concurrency: can run in parallel with Releases or Topology visual work if Security route ownership and shared shell components are unchanged.
## Documentation Prerequisites
- `docs/modules/ui/v2-rewire/pack-22.md`
- `docs/modules/ui/v2-rewire/source-of-truth.md`
- `docs/modules/ui/v2-rewire/authority-matrix.md`
- `docs/modules/ui/v2-rewire/S00_endpoint_contract_ledger_v2_pack22.md`
- `docs/implplan/SPRINT_20260220_020_FE_pack22_releases_security_detailed_workbench.md`
- `docs/implplan/SPRINT_20260220_021_FE_pack22_run_centric_releases_platform_scope.md`
- `docs/implplan/SPRINT_20260220_027_FE_pack22_platform_global_operability_contracts.md`
- `docs/implplan/SPRINT_20260220_028_FE_pack22_evidence_capsule_workflow_realignment.md`
## Delivery Tracker
### FE29-SEC-01 - Security IA final workspace model
Status: DONE
Dependency: FE21-09
Owners: FE implementer, Documentation author
Task description:
- Finalize Security secondary navigation to:
- `/security/overview`,
- `/security/triage`,
- `/security/advisories-vex`,
- `/security/supply-chain-data`,
- `/security/reports` (optional route family, enabled where reporting scope is implemented).
- Remove split explorer duplication from canonical menus while preserving deep-link aliases.
Completion criteria:
- [x] Security nav renders canonical workspace set in correct order.
- [x] Legacy split explorer routes redirect to workspace routes with context preserved.
- [x] Breadcrumbs and page titles reflect final workspace terminology.
### FE29-SEC-02 - Triage as single dataset with pivot lenses
Status: DONE
Dependency: FE20-SEC-02
Owners: FE implementer
Task description:
- Implement one triage dataset with pivot controls for:
- Findings,
- CVEs,
- Components,
- Artifacts/Images,
- Environments.
- Keep one shared filter model (severity, reachability, effective VEX, waiver state, policy gate state, evidence age).
Completion criteria:
- [x] Triage pivots resolve over one dataset contract without route hopping.
- [x] Filter and saved-view behavior is consistent across all pivots.
- [x] Pivot and filter state is URL-addressable and refresh-safe.
### FE29-SEC-03 - Disposition UX unification in triage and detail
Status: DONE
Dependency: FE20-SEC-04
Owners: FE implementer
Task description:
- Unify VEX and Exceptions in UX as `Disposition` while preserving separate backend types and write paths.
- Required Disposition tabs/sections:
- Effective VEX (resolution and provenance),
- Waivers/Exceptions (request, approval, expiry),
- Policy Gate Trace (ship/block/needs-waiver explanation).
- Surface disposition consistently in triage rail and finding/CVE detail.
Completion criteria:
- [x] Operators can evaluate effective VEX, waiver state, and gate trace in one place.
- [x] Write actions preserve backend authorization boundaries for VEX vs waiver flows.
- [x] Disposition context is consistent between list-side rail and detail routes.
### FE29-SEC-04 - Capsule-first evidence rail for security decisions
Status: DONE
Dependency: FE28-EVID-10
Owners: FE implementer
Task description:
- Add or finalize a sticky evidence rail within triage/detail showing:
- SBOM facts,
- reachability proof,
- effective VEX provenance,
- waiver workflow status,
- policy gate trace,
- evidence export action.
- Ensure all security decision drilldowns can open related decision capsules directly.
Completion criteria:
- [x] Evidence rail is present in triage/detail and reflects selected finding context.
- [x] Capsule deep links preserve finding, scope, and correlation identifiers.
- [x] Export and audit actions from the rail route to canonical Evidence surfaces.
### FE29-SEC-05 - Advisories & VEX workspace completion
Status: DONE
Dependency: FE20-SEC-06
Owners: FE implementer
Task description:
- Consolidate Security advisory and VEX operations into one workspace with tabs:
- Providers (health/freshness),
- VEX Library,
- Conflicts,
- Issuer Trust.
- Expose conflict reasoning and effective-resolution explanation in-place.
Completion criteria:
- [x] Advisories & VEX route family exists with required tabs.
- [x] Provider freshness and conflict visibility are explicit and drillable.
- [x] Effective-resolution explanation is available for conflicting VEX statements.
### FE29-SEC-06 - Supply-Chain Data workspace completion
Status: DONE
Dependency: FE20-SEC-05
Owners: FE implementer
Task description:
- Consolidate supply-chain data views under one route family with tabs:
- SBOM Viewer,
- SBOM Graph,
- SBOM Lake,
- Reachability,
- Coverage/Unknowns.
- Keep coverage and staleness as first-class operator signals.
Completion criteria:
- [x] Supply-chain route contains required tabs with stable navigation.
- [x] Reachability coverage and unknowns are visible with evidence-age context.
- [x] SBOM and reachability data views link back to triage pivots and capsule context.
### FE29-SEC-07 - Security observe-only feed configuration boundary
Status: DONE
Dependency: FE27-INT-01
Owners: FE implementer, Documentation author
Task description:
- Remove feed and connector configuration actions from Security workspaces.
- Keep Security read-only observability for feed/VEX freshness and conflicts.
- Add clear configure links to canonical Platform/Integrations or Setup ownership routes.
Completion criteria:
- [x] Security pages do not present feed source configuration ownership actions.
- [x] Configure links route to Platform ownership pages with context hints.
- [x] Security continues to display feed health impact on decisions.
### FE29-SEC-08 - Overview posture rewrite for blockers and freshness
Status: DONE
Dependency: FE20-SEC-01
Owners: FE implementer
Task description:
- Rework Security Overview to operator posture with explicit sections:
- risk posture KPIs,
- top blocking items by capsule/environment,
- expiring waivers,
- advisory/VEX conflicts,
- unknown reachability and staleness impact.
- Ensure "what blocks shipping now" is primary.
Completion criteria:
- [x] Overview highlights blocker-first posture and freshness confidence.
- [x] KPI cards and blocker rows deep-link into Triage and Disposition contexts.
- [x] Global scope (region/env/time) affects all overview data panels.
### FE29-SEC-09 - Reports placement and Evidence handoff alignment
Status: DONE
Dependency: FE28-EVID-05
Owners: FE implementer, Documentation author
Task description:
- Implement optional Security Reports route semantics without duplicating Evidence export ownership.
- Required report intents:
- risk report,
- VEX/waiver ledger,
- SBOM export,
- evidence-bundle handoff route to Evidence Exports.
- Keep final export delivery ownership in Evidence workspace.
Completion criteria:
- [x] Security reports route (if enabled) does not duplicate export delivery mechanics.
- [x] Evidence-bundle/report handoff links to canonical Evidence Exports routes.
- [x] Report outputs preserve scope and filter context.
### FE29-SEC-10 - Route migration and deep-link preservation
Status: DONE
Dependency: FE29-SEC-01
Owners: FE implementer, Documentation author
Task description:
- Map prior security paths to new workspaces:
- findings/vulnerabilities/reachability -> triage pivots,
- advisory sources + VEX hub -> advisories-vex,
- sbom graph/lake -> supply-chain-data tabs,
- exceptions routes -> disposition tabs and policy-waiver routes.
- Preserve query/tab/filter state and emit alias telemetry.
Completion criteria:
- [x] Legacy security deep links resolve to equivalent workspace routes.
- [x] Query state (pivot/filter/tab/scope) is preserved where applicable.
- [x] Alias telemetry is recorded for migration tracking.
### FE29-QA-01 - Security workspace conformance and auditor assets
Status: DONE
Dependency: FE29-SEC-10
Owners: QA, FE implementer
Task description:
- Execute Playwright behavioral verification for:
- overview blocker-first posture,
- triage pivots and evidence rail,
- disposition workflows (VEX, waiver, gate trace),
- advisories-vex tabs,
- supply-chain-data tabs,
- route redirects and filter-state preservation.
- Generate screenshot pack and route manifest for auditor review.
- Update security entries in route-endpoint matrix, including fallback/error-state behavior.
Completion criteria:
- [x] Playwright checks pass for sprint-critical Security workflows and redirects.
- [x] Screenshot pack and route manifest are published under `docs/qa/`.
- [x] Route-endpoint matrix confirms backend connectivity and no mock fallback on critical Security paths.
## Execution Log
| Date (UTC) | Update | Owner |
| --- | --- | --- |
| 2026-02-20 | Sprint created from incremental Security advisory; scoped as post-020/021 workspace and disposition realignment with capsule-first evidence links. | Planning |
| 2026-02-20 | Completed security workspace alignment with triage/disposition/capsule-first evidence rail and supply-chain/advisory workspace consolidation; validation: FE build and release-aware security specs passed. | FE |
| 2026-02-20 | Post-archive audit rerun completed: FE contract/navigation/security/release suite `142/142` passed after aligning run-centric approvals/detail specs; backend run-detail suite remains green (`167/167`). | QA |
| 2026-02-20 | Re-audited Playwright Pack22 conformance (`tests/e2e/pack-conformance.scratch.spec.ts`) after aligning route expectations with run-centric canonical paths (`/releases/runs`, `/security/triage`, `/evidence/capsules`, `/platform/setup`); result: `1/1` passed. | QA |
## Decisions & Risks
- Decision: Security workspace model is finalized as `Overview`, `Triage`, `Advisories & VEX`, `Supply-Chain Data`, and optional `Reports`.
- Decision: VEX and Exceptions remain separate backend types but are presented as one `Disposition` UX for operator flow.
- Decision: Feed and connector configuration ownership remains outside Security; Security observes health and conflicts only.
- Decision: Security decisions are capsule-first and must deep-link into Evidence objects for verification and export.
- Risk: overlap with earlier security sprints may create duplicate implementation tasks; mitigation: this sprint is constrained to post-baseline workspace/ownership/UX convergence.
- Risk: policy-waiver governance routes may diverge across Security and Policy workspaces; mitigation: enforce one underlying object model with alias links and shared correlation ids.
- Risk: missing correlation metadata from backend can degrade evidence rail usefulness; mitigation: block task completion until matrix evidence confirms required fields.
## Next Checkpoints
- 2026-02-21: FE29-SEC-01 through FE29-SEC-05 complete.
- 2026-02-22: FE29-SEC-06 through FE29-SEC-10 complete.
- 2026-02-22: FE29-QA-01 complete with auditor artifacts.

103
docs-archived/implplan/SPRINT_20260220_030_FE_security_advisory_workspace_rebuild.md Normal file
View File

@@ -0,0 +1,103 @@
# Sprint 20260220-030 - FE Security Advisory Workspace Rebuild
## Topic & Scope
- Rebuild Security UI surfaces to match the operator model from the latest advisory: `Overview`, `Triage`, `Advisories & VEX`, `Supply-Chain Data`, and `Reports` handoff semantics.
- Unify VEX and Exceptions as one Disposition mental model in triage/detail UX while preserving separate backend contracts.
- Ensure feed/source configuration ownership remains in Platform/Integrations and Security remains observe-first.
- Working directory: `src/Web/StellaOps.Web`.
- Expected evidence: component behavior tests, route/nav compatibility checks, Playwright security route conformance screenshots.
## Dependencies & Concurrency
- Depends on archived baseline security IA and contracts from:
- `docs-archived/implplan/SPRINT_20260220_018_Platform_pack22_backend_contracts_and_migrations.md`
- `docs-archived/implplan/SPRINT_20260220_029_FE_pack22_security_workspace_disposition_capsule_alignment.md`
- Safe concurrency: UI-only changes can run in parallel with unrelated backend modules when `/api/v2/security/*` contracts are unchanged.
## Documentation Prerequisites
- `docs/modules/ui/v2-rewire/pack-22.md`
- `docs/modules/ui/v2-rewire/source-of-truth.md`
- `docs/modules/ui/v2-rewire/S00_route_deprecation_map.md`
- `docs/modules/ui/v2-rewire/pack-conformity-diff-2026-02-20.md`
## Delivery Tracker
### FE30-SEC-01 - Security Overview posture alignment
Status: DONE
Dependency: none
Owners: FE implementer
Task description:
- Rework `/security/overview` to blocker-first posture, explicit confidence/freshness, expiring waivers, conflicts, and unknown reachability visibility.
- Add direct drilldowns from overview cards/lists into triage and advisories workflows.
Completion criteria:
- [x] Overview highlights shipping blockers and data freshness before secondary metrics.
- [x] Expiring waiver and conflict signals are visible without leaving the page.
- [x] Panel links navigate to canonical security/platform routes.
### FE30-SEC-02 - Triage single-surface operator flow
Status: DONE
Dependency: FE30-SEC-01
Owners: FE implementer
Task description:
- Rebuild `/security/triage` into one operator surface with pivots, facet filters, and a sticky evidence rail.
- Evidence rail must expose `Why`, `SBOM`, `Reachability`, `Effective VEX`, `Waiver`, `Policy Trace`, and `Export`.
Completion criteria:
- [x] Triage presents pivot/facet behavior on one route without menu hopping.
- [x] Evidence rail updates with selected finding context and action links.
- [x] Query params preserve pivot/facet state after refresh.
### FE30-SEC-03 - Advisories & VEX workspace and config boundary
Status: DONE
Dependency: FE30-SEC-02
Owners: FE implementer
Task description:
- Rebuild `/security/advisories-vex` into tabs for providers, VEX library, conflicts, and issuer trust.
- Keep feed/VEX configuration links pointing to Platform/Integrations ownership surfaces.
Completion criteria:
- [x] Provider freshness and conflicts are explicit in the workspace.
- [x] Effective-resolution context is visible for conflicting VEX/waiver states.
- [x] Configure actions route to `/platform/integrations/*` instead of in-security mutation forms.
### FE30-SEC-04 - Supply-Chain Data workspace alignment
Status: DONE
Dependency: FE30-SEC-02
Owners: FE implementer
Task description:
- Rework `/security/supply-chain-data/:mode` into tabs matching advisory semantics: `SBOM Viewer`, `SBOM Graph`, `SBOM Lake`, `Reachability`, `Coverage/Unknowns`.
- Surface coverage/staleness/unknowns as first-class status signals.
Completion criteria:
- [x] Supply-chain tabs render under canonical routes and map cleanly from legacy aliases.
- [x] Reachability and unknowns coverage are shown with freshness context.
- [x] Cross-links to triage and evidence are present.
### FE30-SEC-05 - Disposition detail UX unification and validation
Status: DONE
Dependency: FE30-SEC-03
Owners: FE implementer, QA
Task description:
- Rework finding detail tabs into disposition-centric flow (`Effective VEX`, `Waivers/Exceptions`, `Policy Gate Trace`) with evidence and export links.
- Update and run focused tests for security behavior/routes and advisory-aligned text markers.
Completion criteria:
- [x] Finding detail renders disposition-first tabs and action links.
- [x] Existing security tests are updated and passing.
- [x] Playwright conformance run confirms security routes and screenshot output.
## Execution Log
| Date (UTC) | Update | Owner |
| --- | --- | --- |
| 2026-02-20 | Sprint created from user-provided security advisory; FE30-SEC-01 started. | FE |
| 2026-02-20 | Completed security advisory workspace rebuild across overview/triage/advisories/supply-chain/detail surfaces; validation: focused FE specs `42/42`, broad regression suite `142/142`, and Playwright security conformance `1/1` with screenshots under `src/Web/StellaOps.Web/docs/qa/security-advisory-rebuild-2026-02-20/`. | FE/QA |
## Decisions & Risks
- Decision: Keep canonical security routes (`/security/overview`, `/security/triage`, `/security/advisories-vex`, `/security/supply-chain-data/*`) while rebuilding page internals to match advisory workspace semantics.
- Decision: Preserve backend data model boundaries for VEX vs exceptions; unify only at UX layer.
- Risk: Some contracts do not expose explicit issuer-trust attributes; issuer trust view may rely on deterministic derived indicators until backend fields expand.
- Risk: Legacy tests may encode prior labels; mitigated by updating tests to assert advisory-aligned semantics and stable route contracts.
## Next Checkpoints
- 2026-02-20: FE30-SEC-01 through FE30-SEC-03 complete with updated tests.
- 2026-02-20: FE30-SEC-04 and FE30-SEC-05 validation complete; sprint archived if all criteria are done.

115
docs-archived/implplan/SPRINT_20260220_031_FE_platform_global_ops_integrations_setup_advisory_recheck.md Normal file
View File

@@ -0,0 +1,115 @@
# Sprint 20260220-031 - FE Platform Advisory Recheck (Ops/Integrations/Setup)
## Topic & Scope
- Recheck and implement the new Platform product advisory for operator UX and IA consolidation.
- Rebuild Platform UI surfaces to match the required model: `Platform` global root with `Ops`, `Integrations`, and `Setup` as working subdomains.
- Enforce ownership boundaries:
- Topology owns hosts/targets/agents inventory management.
- Integrations owns external connectors only.
- Setup owns inventory/orchestration configuration.
- Working directory: `src/Web/StellaOps.Web`.
- Expected evidence: updated route/component tests plus focused FE test run output.
## Dependencies & Concurrency
- Depends on prior Pack22 baseline implementation and route migration work from archived sprints:
- `docs-archived/implplan/SPRINT_20260220_026_FE_pack22_platform_ops_integrations_setup_consolidation.md`
- `docs-archived/implplan/SPRINT_20260220_027_FE_pack22_platform_global_operability_contracts.md`
- Safe concurrency: do not run parallel edits on shared nav shell/routes during this sprint.
## Documentation Prerequisites
- `docs/modules/ui/v2-rewire/pack-22.md`
- `docs/modules/ui/v2-rewire/source-of-truth.md`
- `docs/modules/ui/v2-rewire/S00_endpoint_contract_ledger_v2_pack22.md`
- `docs/modules/ui/v2-rewire/authority-matrix.md`
## Delivery Tracker
### FE31-01 - Platform nav and Ops workflow alignment
Status: DONE
Dependency: none
Owners: FE implementer
Task description:
- Align Platform sidebar children and Ops route labels with advisory-required workflow framing:
- primary: `Data Integrity`, `Jobs & Queues`, `Health & SLO`
- secondary: `Feeds & Offline`, `Quotas & Limits`, `Diagnostics`.
- Remove stale Platform Ops-era labels and route links from UI surfaces.
Completion criteria:
- [x] Sidebar and Ops pages expose advisory-conformant labels and links.
- [x] Platform remains a global root with Ops/Integrations/Setup ownership split.
### FE31-02 - Integrations ownership boundary cleanup
Status: DONE
Dependency: FE31-01
Owners: FE implementer
Task description:
- Rework integrations hub/routes so Integrations contains external systems only:
- Registries, SCM, CI/CD, Advisory Sources, VEX Sources, Secrets.
- Remove hosts/targets ownership from Integrations views and preserve deep-link compatibility via redirects to Topology.
Completion criteria:
- [x] Integrations menu/routes no longer present Hosts/Targets as managed integration categories.
- [x] Legacy hosts/targets integration links redirect to Topology surfaces.
### FE31-03 - Setup owned pages and readiness UX
Status: DONE
Dependency: FE31-01
Owners: FE implementer
Task description:
- Replace setup redirects with setup-owned pages for:
- Regions & Environments,
- Promotion Paths,
- Workflows & Gates,
- Release Templates.
- Keep explicit cross-links to Topology/Security where runtime posture or policy sources are needed.
Completion criteria:
- [x] Setup routes render setup-owned content instead of only redirecting to other modules.
- [x] Setup home/readiness copy matches advisory ownership model.
### FE31-04 - Degraded/offline impact UX standardization (Platform surfaces)
Status: DONE
Dependency: FE31-01
Owners: FE implementer
Task description:
- Ensure key Platform surfaces include explicit impact wording and troubleshooting affordances:
- Impact classification (`BLOCKING`, `DEGRADED`, `INFO`),
- copyable correlation id,
- retry/refresh controls,
- last-known-good/read-only messaging where applicable.
Completion criteria:
- [x] Data Integrity and Feeds/Offline views display impact-aware operator messaging.
- [x] Jobs/Queues or Ops overview exposes correlation-aware troubleshooting hooks.
### FE31-05 - Docs and conformance tests refresh
Status: DONE
Dependency: FE31-02
Owners: FE implementer, Documentation author, QA
Task description:
- Update Pack22 planning docs to reflect this advisory delta for Platform IA ownership.
- Update affected FE route/UI tests and run targeted suites for nav/routes/integrations/platform ops pages.
Completion criteria:
- [x] Pack22 source-of-truth docs reflect Platform as global with Ops/Integrations/Setup split.
- [x] Targeted FE tests pass for modified nav/route/hub/setup/platform pages.
## Execution Log
| Date (UTC) | Update | Owner |
| --- | --- | --- |
| 2026-02-20 | Sprint created for advisory recheck and marked FE31-01 DOING. | FE |
| 2026-02-20 | Implemented Platform nav/Ops workflow realignment, Integrations topology-boundary redirects, and Setup owned pages under `/platform/setup/*`. | FE |
| 2026-02-20 | Updated Pack authority/source docs (`pack-23`, source-of-truth, authority matrix, ledger) and archived advisory translation note. | FE |
| 2026-02-20 | Validation complete: targeted FE specs passed (`60/60`) and `npm run build` succeeded (existing non-blocking warnings only). | QA |
## Decisions & Risks
- Decision: this sprint is a recheck-and-corrective pass over already-landed Pack22 changes, focused only on advisory mismatches.
- Decision: Platform authority was lifted into `docs/modules/ui/v2-rewire/pack-23.md`, with supporting updates in:
- `docs/modules/ui/v2-rewire/source-of-truth.md`
- `docs/modules/ui/v2-rewire/authority-matrix.md`
- `docs/modules/ui/v2-rewire/S00_endpoint_contract_ledger_v2_pack22.md`
- Risk: existing pre-change test suites contain mixed canonical and legacy assumptions; mitigation is targeted updates only for files directly affected by this sprint.
## Next Checkpoints
- 2026-02-20: FE31-01 through FE31-04 implemented with route/nav parity.
- 2026-02-20: FE31-05 docs/tests complete and sprint closed.

69
docs-archived/implplan/SPRINT_20260220_032_FE_platform_advisory_followup_route_hardening.md Normal file
View File

@@ -0,0 +1,69 @@
# Sprint 20260220-032 - FE Platform Advisory Follow-up Route Hardening
## Topic & Scope
- Close remaining advisory recheck gaps discovered after Sprint 031 validation.
- Canonicalize Platform Ops Data Integrity links to `/platform/ops/*`.
- Replace stale Feeds sub-path links with valid `Feeds & Offline` navigation targets.
- Working directory: `src/Web/StellaOps.Web`.
- Expected evidence: targeted frontend tests covering links/query-tab behavior.
## Dependencies & Concurrency
- Depends on archived Sprint 031 advisory recheck baseline:
- `docs-archived/implplan/SPRINT_20260220_031_FE_platform_global_ops_integrations_setup_advisory_recheck.md`
- Safe concurrency: avoid parallel edits to shared ops route pages while this follow-up is active.
## Documentation Prerequisites
- `docs/modules/ui/v2-rewire/pack-23.md`
- `docs/modules/ui/v2-rewire/source-of-truth.md`
## Delivery Tracker
### FE32-01 - Canonicalize Data Integrity top-failure links
Status: DONE
Dependency: none
Owners: FE implementer
Task description:
- Replace legacy `/platform-ops/*` deep links in Data Integrity overview failure cards with canonical `/platform/ops/*` links.
Completion criteria:
- [x] Data Integrity top-failure links resolve to `/platform/ops/data-integrity/*`.
- [x] No residual legacy `/platform-ops/*` links remain in the updated overview component.
### FE32-02 - Harden Feeds Freshness footer links
Status: DONE
Dependency: FE32-01
Owners: FE implementer
Task description:
- Replace stale `/platform/ops/feeds/*` links with valid `Feeds & Offline` targets.
- Add query-parameter tab selection support on `Feeds & Offline` page so deep links can open `feed-mirrors` or `version-locks`.
Completion criteria:
- [x] Feeds Freshness footer links resolve to `/platform/ops/feeds-airgap`.
- [x] Query tab values select valid tabs on the Feeds & Offline page.
### FE32-03 - Targeted FE validation refresh
Status: DONE
Dependency: FE32-02
Owners: FE implementer, QA
Task description:
- Refresh route/link tests for changed Data Integrity and Feeds deep links.
- Add focused test coverage for Feeds & Offline query-tab behavior.
Completion criteria:
- [x] Updated tests pass for `data-integrity-pages` and `platform-feeds-airgap-page`.
- [x] No regression in selected advisory conformance suites.
## Execution Log
| Date (UTC) | Update | Owner |
| --- | --- | --- |
| 2026-02-20 | Sprint created for post-031 advisory route hardening follow-up. | FE |
| 2026-02-20 | Canonicalized Data Integrity top-failure links and replaced stale Feeds footer paths with `/platform/ops/feeds-airgap` targets. | FE |
| 2026-02-20 | Added Feeds & Offline query-tab handling and new focused spec coverage (`platform-feeds-airgap-page`). | FE |
| 2026-02-20 | Validation complete: targeted FE specs passed (`63/63`) and `npm run build` succeeded (existing warnings only). | QA |
## Decisions & Risks
- Decision: treat this as a narrow corrective sprint to avoid reopening broader advisory scope.
- Risk: stale legacy aliases can mask broken canonical links; mitigated by direct canonical link assertions in tests.
## Next Checkpoints
- 2026-02-20: run focused FE tests and archive sprint when all tasks are DONE.

117
docs-archived/implplan/SPRINT_20260220_033_FE_platform_advisory_gap_closure.md Normal file
View File

@@ -0,0 +1,117 @@
# Sprint 20260220-033 - FE Platform Advisory Gap Closure
## Topic & Scope
- Close the remaining implementation gaps against the Platform advisory reframe.
- Ship a true Platform home plus final Ops/Integrations/Setup IA and page behavior updates.
- Normalize advisory naming and tab models where UI still diverges.
- Working directory: `src/Web/StellaOps.Web`.
- Allowed cross-module edits: `docs/modules/ui/v2-rewire/**`, `docs-archived/product/advisories/**`.
- Expected evidence: targeted FE route/component tests and build output.
## Dependencies & Concurrency
- Depends on:
- `docs-archived/implplan/SPRINT_20260220_031_FE_platform_global_ops_integrations_setup_advisory_recheck.md`
- `docs-archived/implplan/SPRINT_20260220_032_FE_platform_advisory_followup_route_hardening.md`
- Safe concurrency: avoid parallel edits to shared route/nav files during this sprint.
## Documentation Prerequisites
- `docs/modules/ui/v2-rewire/source-of-truth.md`
- `docs/modules/ui/v2-rewire/pack-23.md`
## Delivery Tracker
### FE33-01 - Platform home and operate/configure split completion
Status: DONE
Dependency: none
Owners: FE implementer
Task description:
- Replace `/platform` redirect behavior with a real Platform landing page that presents three primary entry points:
- Platform Ops
- Platform Integrations
- Platform Setup
- Include status snapshot and quick actions to match advisory intent.
Completion criteria:
- [x] `/platform` renders a dedicated page instead of redirecting to `/platform/ops`.
- [x] Platform landing contains the three core doors and status snapshot cards.
### FE33-02 - Ops naming and Jobs & Queues behavioral tabs
Status: DONE
Dependency: FE33-01
Owners: FE implementer
Task description:
- Rename remaining advisory-visible labels from `Feeds & Offline` to `Feeds & Airgap`.
- Make Jobs & Queues tabs behaviorally distinct with tab-specific datasets/views for:
- Jobs
- Runs
- Schedules
- Dead Letters
- Workers
Completion criteria:
- [x] Ops labels use advisory naming (`Feeds & Airgap`) in route titles/sidebar/page headers.
- [x] Jobs & Queues tabs change the displayed table/content by selected tab.
### FE33-03 - Setup completion (feed policy + gate profiles + defaults)
Status: DONE
Dependency: FE33-01
Owners: FE implementer
Task description:
- Add setup-owned pages for:
- Feed Policy
- Gate Profiles
- Defaults & Guardrails
- Update Setup home cards and setup route map to expose these pages.
Completion criteria:
- [x] `Feed Policy` no longer redirects to Ops and renders setup-owned content.
- [x] Setup route map includes Gate Profiles and Defaults & Guardrails.
### FE33-04 - Integrations category + detail tab model alignment
Status: DONE
Dependency: FE33-01
Owners: FE implementer
Task description:
- Add Integrations category surface for `Runtimes / Hosts (connectors)` while preserving Topology ownership of inventory.
- Update Integration detail tab structure to advisory model:
- Overview
- Credentials
- Scopes & Rules
- Events
- Health
Completion criteria:
- [x] Integration hub includes a runtime/hosts connectors entry point.
- [x] Integration detail tabs match the advisory tab model.
### FE33-05 - Docs sync, validation, and sprint closure
Status: DONE
Dependency: FE33-02
Owners: FE implementer, Documentation author, QA
Task description:
- Update active UI authority docs for the final advisory-conformant state.
- Run targeted FE tests for nav/routes/platform ops/setup/integrations and ensure build succeeds.
- Archive sprint only after all tasks are marked DONE.
Completion criteria:
- [x] Docs reflect the implemented final advisory state.
- [x] Targeted FE tests pass and build succeeds.
## Execution Log
| Date (UTC) | Update | Owner |
| --- | --- | --- |
| 2026-02-20 | Sprint created for final Platform advisory gap closure pass. | FE |
| 2026-02-20 | Closed Setup gaps: implemented setup-owned `Feed Policy`, `Gate Profiles`, and `Defaults & Guardrails` pages; updated setup route map and setup home cards to expose all three. | FE |
| 2026-02-20 | Closed Integrations gaps: added `Runtimes / Hosts` connector category and aligned integration detail tabs to `Overview`, `Credentials`, `Scopes & Rules`, `Events`, `Health`. | FE |
| 2026-02-20 | Updated authority doc `docs/modules/ui/v2-rewire/pack-23.md` to reflect final Platform naming and ownership (`Feeds & Airgap`, setup route ownership, runtime/hosts connector category). | Docs |
| 2026-02-20 | Validation run: `npm run test -- --watch=false --include src/tests/navigation/nav-model.spec.ts --include src/tests/navigation/nav-route-integrity.spec.ts --include src/tests/platform-ops/platform-ops-routes.spec.ts --include src/tests/platform-ops/platform-feeds-airgap-page.component.spec.ts --include src/tests/integration_hub/integration-hub-ui.component.spec.ts --include src/tests/platform/platform-setup-routes.spec.ts` => `49/49` tests passed. | QA |
| 2026-02-20 | Build validation: `npm run build` completed successfully; non-blocking existing warnings remain for bundle/style budgets and CommonJS dependencies (mermaid/langium transitive modules). | QA |
## Decisions & Risks
- Decision: prioritize shipping advisory-conformant IA/UX over preserving interim labels from prior packs where they conflict.
- Risk: route/nav edits can cause regressions in legacy alias tests; mitigated by targeted route/nav test reruns.
- Risk: FE build reports pre-existing budget/CommonJS warnings; treated as non-blocking for this sprint because no new warning classes were introduced by these changes.
## Next Checkpoints
- 2026-02-20: implement FE33-01 through FE33-04.
- 2026-02-20: run FE33-05 validation, then archive sprint.

40
docs-archived/product/advisories/2026-02-20-platform-ops-integrations-setup-ux-recheck.md Normal file
View File

@@ -0,0 +1,40 @@
# 2026-02-20 Platform Ops/Integrations/Setup UX Recheck
Status: Translated to implementation and documentation updates
Source: Product advisory shared in operator review thread (2026-02-20)
## Summary
The advisory requested Platform IA and UX realignment:
- Platform as a global root.
- Consolidated Ops operator workflows (`Data Integrity`, `Jobs & Queues`, `Health & SLO`).
- Integrations limited to external systems only.
- Setup as inventory/orchestration configuration ownership surface.
- Consistent degraded/offline decision-impact UX patterns.
## Translation outputs
- Sprint:
- `docs-archived/implplan/SPRINT_20260220_031_FE_platform_global_ops_integrations_setup_advisory_recheck.md`
- `docs-archived/implplan/SPRINT_20260220_032_FE_platform_advisory_followup_route_hardening.md` (route hardening follow-up)
- Docs authority updates:
- `docs/modules/ui/v2-rewire/pack-23.md`
- `docs/modules/ui/v2-rewire/source-of-truth.md`
- `docs/modules/ui/v2-rewire/authority-matrix.md`
- `docs/modules/ui/v2-rewire/pack-22.md`
- `docs/modules/ui/v2-rewire/S00_endpoint_contract_ledger_v2_pack22.md`
- FE implementation scope:
- `src/Web/StellaOps.Web/src/app/layout/app-sidebar/app-sidebar.component.ts`
- `src/Web/StellaOps.Web/src/app/routes/operations.routes.ts`
- `src/Web/StellaOps.Web/src/app/features/platform/ops/*`
- `src/Web/StellaOps.Web/src/app/features/platform/setup/*`
- `src/Web/StellaOps.Web/src/app/features/integration-hub/*`
## Validation evidence
- Targeted FE test suite:
- navigation model/integrity,
- platform ops routes/data-integrity pages,
- integration hub UI.
- FE production build completed successfully (with existing bundle-size/commonjs warnings).