stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity

mock data

Browse Source
This commit is contained in:
master
2026-02-21 19:10:28 +02:00
parent b911537870
commit 1edce73165
61 changed files with 2325 additions and 3424 deletions
Download Patch File Download Diff File Expand all files Collapse all files

191
docs/implplan/SPRINT_20260221_042_FE_mock_data_to_real_endpoint_cutover.md Normal file
View File

@@ -0,0 +1,191 @@
# Sprint 20260221_042 - FE Mock Data to Real Endpoint Cutover
## Topic & Scope
- Replace runtime mock data paths in Web UI with existing backend endpoint integrations and token-based HTTP clients.
- Eliminate component-level/provider-level mock wiring that bypasses global HTTP client bindings.
- Keep mock implementations only for tests/Storybook/dev harnesses behind explicit non-production wiring.
- Working directory: `src/Web/StellaOps.Web/`.
- Expected evidence: endpoint binding matrix, targeted FE tests, e2e verification against real APIs (or documented BLOCKED gaps), updated UI docs/contracts.
## Dependencies & Concurrency
- Depends on canonical IA route work already delivered in Sprint 041.
- Depends on existing gateway/policy/evidence/authority backend endpoints being reachable in target environment.
- Safe parallelism:
- FE API client wiring and feature component refactors can run in parallel if they do not touch same files.
- QA verification can run in parallel once per-surface refactor tasks reach DONE.
## Documentation Prerequisites
- `docs/modules/ui/README.md`
- `docs/modules/ui/architecture.md`
- `docs/modules/ui/api-strategy.md`
- `docs/modules/ui/v2-rewire/source-of-truth.md`
- `docs/modules/ui/v2-rewire/S00_endpoint_contract_ledger_v2_pack22.md`
## Delivery Tracker
### 042-T1 - Endpoint inventory and current binding audit
Status: DONE
Dependency: none
Owners: Developer (FE), Documentation author
Task description:
- Build an authoritative matrix of runtime tokens/clients/surfaces showing current binding (`useExisting`, `useClass`, direct `inject(Mock...)`) and target backend endpoint.
- Include the user-reported files and all component/provider overrides discovered in Web UI runtime code.
Completion criteria:
- [x] Matrix lists each affected token/client/surface with source file and target endpoint
- [x] Any endpoint mismatch or missing backend route is recorded as explicit risk/blocker
### 042-T2 - Evidence API cutover (`core/api/evidence.client.ts` + evidence surfaces)
Status: DONE
Dependency: 042-T1
Owners: Developer (FE)
Task description:
- Keep `EvidenceHttpClient` as the runtime source of truth and remove runtime paths that still force `MockEvidenceApiService`.
- Migrate evidence UIs to load observations/policy/raw/export via real API responses and deterministic mapping.
Completion criteria:
- [x] Runtime evidence screens no longer bind `EVIDENCE_API` to mock class
- [x] Evidence observations use backend responses (no `MOCK_OBSERVATIONS` in runtime path)
### 042-T3 - Policy Engine cutover (`core/api/policy-engine.client.ts`)
Status: DONE
Dependency: 042-T1
Owners: Developer (FE)
Task description:
- Ensure all policy-engine consumers use `POLICY_ENGINE_API -> PolicyEngineHttpClient` and remove remaining runtime dependencies on `MOCK_PROFILES`/`MOCK_PACKS`.
- Verify request/response field mapping for profiles, packs, explain, review, simulation paths.
Completion criteria:
- [x] Policy Engine runtime surfaces do not rely on `MOCK_PROFILES` or `MOCK_PACKS`
- [x] Policy Engine calls resolve against configured backend base URL contract
### 042-T4 - Policy Governance cutover (`core/api/policy-governance.client.ts`)
Status: DONE
Dependency: 042-T1
Owners: Developer (FE)
Task description:
- Use `POLICY_GOVERNANCE_API -> HttpPolicyGovernanceApi` across runtime surfaces and remove mock-driven runtime state.
- Replace `MOCK_TRUST_WEIGHTS`, `MOCK_RISK_PROFILES`, `MOCK_CONFLICTS`, `MOCK_AUDIT_EVENTS` usage in runtime paths with live calls and adapters where needed.
Completion criteria:
- [x] Governance surfaces read/write through `/api/v1/governance/**` HTTP client paths
- [x] Runtime governance flows no longer consume mock collections
### 042-T5 - Proof API HTTP implementation and DI wiring (`core/api/proof.client.ts`)
Status: DONE
Dependency: 042-T1
Owners: Developer (FE)
Task description:
- Implement HTTP clients for `MANIFEST_API`, `PROOF_BUNDLE_API`, and `SCORE_REPLAY_API` using existing scanner/proof backend endpoints.
- Keep mock proof classes for test harnesses only; add runtime provider bindings in app config.
Completion criteria:
- [x] Runtime DI providers exist for `MANIFEST_API`, `PROOF_BUNDLE_API`, `SCORE_REPLAY_API`
- [x] Proof ledger/replay surfaces can load manifest/bundle/replay data without mock objects
### 042-T6 - Auth mock confinement (`core/auth/auth.service.ts`)
Status: DONE
Dependency: 042-T1
Owners: Developer (FE)
Task description:
- Constrain `MOCK_USER` and `MockAuthService` to tests/dev-only usage.
- Verify runtime `AUTH_SERVICE` consistently resolves to authority-backed adapter service.
Completion criteria:
- [x] Runtime auth flow does not import or instantiate `MockAuthService`
- [x] Mock auth remains available only in tests/story fixtures
### 042-T7 - Remove component-level mock provider overrides
Status: DONE
Dependency: 042-T2, 042-T3, 042-T4
Owners: Developer (FE)
Task description:
- Remove `useClass: Mock...` overrides from runtime components (evidence/findings/policy-simulation surfaces and similar) so global DI bindings apply.
- Preserve unit-test isolation via spec-local providers.
Completion criteria:
- [x] Runtime components do not override API tokens to mock classes
- [x] Unit tests continue to pass with explicit test-local mocks
### 042-T8 - Replace direct `inject(Mock...)` runtime usage
Status: DONE
Dependency: 042-T2, 042-T3, 042-T4, 042-T5
Owners: Developer (FE)
Task description:
- Refactor stores/services/components that directly inject mock classes (delta verdict, fix verification, risk budget, reachability integration, reachability drawer, and related) to inject API tokens or HTTP clients.
- Keep fallback behavior deterministic and explicit for degraded/offline states.
Completion criteria:
- [x] No runtime service/component directly injects `Mock*` classes
- [x] Runtime behavior uses tokenized API abstraction with real endpoint backing
### 042-T9 - Replace inline component mock datasets with backend loads
Status: TODO
Dependency: 042-T1, 042-T7, 042-T8
Owners: Developer (FE)
Task description:
- Remove hardcoded mock datasets from runtime components/stores where corresponding backend endpoints already exist (issuer trust, simulation history/conflict/batch flows, graph overlays/side panels, offline verification placeholders, release detail store, lineage why-safe panes).
- For surfaces lacking existing backend endpoints, mark task `BLOCKED` with explicit endpoint gap and keep temporary fallback isolated.
Completion criteria:
- [ ] Runtime components prefer backend data and only use fallback when explicitly unavailable
- [ ] Any unresolved surfaces are tracked as `BLOCKED` with endpoint gap details
### 042-T10 - Contract transformations, telemetry, and error semantics
Status: TODO
Dependency: 042-T2, 042-T3, 042-T4, 042-T5
Owners: Developer (FE)
Task description:
- Normalize backend payloads into stable UI view-models (ordering, optional/null handling, timestamps, IDs).
- Preserve correlation IDs, retry semantics, and degraded UI contracts when backend returns errors.
Completion criteria:
- [ ] Transform adapters documented and covered by unit tests
- [ ] Error/degraded states remain explicit and deterministic
### 042-T11 - Targeted verification (unit + e2e + API behavior)
Status: DOING
Dependency: 042-T7, 042-T8, 042-T9, 042-T10
Owners: QA, Developer (FE)
Task description:
- Execute targeted FE tests for each cutover surface and run e2e checks that validate real HTTP-backed behavior (not mocked route intercepts) where environment allows.
- Capture command outputs and per-surface pass/fail evidence.
Completion criteria:
- [x] Targeted unit/integration tests pass for all migrated surfaces
- [ ] E2E/API evidence confirms runtime uses real backend responses
### 042-T12 - Docs and contract ledger synchronization
Status: TODO
Dependency: 042-T1, 042-T11
Owners: Documentation author, Developer (FE)
Task description:
- Update UI module docs and endpoint ledger with final runtime bindings, removed mocks, and any residual blocked gaps.
- Link doc updates in sprint Decisions & Risks and keep migration guidance deterministic/offline-aware.
Completion criteria:
- [ ] `docs/modules/ui/**` and endpoint ledger reflect final binding reality
- [ ] Sprint records unresolved gaps, decisions, and mitigation paths
## Execution Log
| Date (UTC) | Update | Owner |
| --- | --- | --- |
| 2026-02-21 | Sprint created to plan FE migration from runtime mocks to existing backend endpoint integrations; all tasks initialized as TODO. | Project Manager |
| 2026-02-21 | Execution started; 042-T1 moved to DOING and runtime mock-to-endpoint cutover implementation began. | Developer (FE) |
| 2026-02-21 | 042-T11 moved to DOING; full end-user Playwright verification started to unblock remaining canonical-route runtime failures and preserve pre-alpha UX behavior. | QA / Developer (FE) |
| 2026-02-21 | Unblocked `web-checked-feature-recheck` by preventing `**/policy/**` route stubs from hijacking document navigations; full Playwright run completed with 222 passed, 187 skipped, 0 failed (`npx playwright test --workers=2 --reporter=list`). | QA / Developer (FE) |
| 2026-02-21 | Completed runtime DI cutover for evidence/policy-simulation/proof plus store-level tokenization (delta verdict, risk budget, fix verification, scoring, ABAC) and removed runtime `useClass: Mock...`/`inject(Mock...)` paths in `src/Web/StellaOps.Web/src/app/**`. | Developer (FE) |
| 2026-02-21 | Validation: `npm run build` passed; targeted specs passed: `npx ng test --watch=false --include=src/tests/audit_reason_capsule/findings-list.reason-capsule.spec.ts`, `npx ng test --watch=false --include=src/tests/triage/vex-trust-column-in-findings-and-triage-lists.behavior.spec.ts`, `npx ng test --watch=false --include=src/tests/policy_studio/policy-simulation.behavior.spec.ts`, `npx ng test --watch=false --include=src/tests/signals_runtime_dashboard/signals-runtime-dashboard.service.spec.ts`, `npx ng test --watch=false --include=src/tests/policy_governance/risk-budget-dashboard.component.spec.ts`. | Developer (FE) |
## Decisions & Risks
- Decision: runtime DI must resolve API tokens to HTTP clients; mock classes are test/dev assets only.
- Decision: no new backend contracts are assumed in this sprint; if a required endpoint is missing, task becomes `BLOCKED` with explicit contract gap.
- Risk: payload shape drift between mock data and backend responses may break UI assumptions. Mitigation: add adapter layer + targeted tests before removing fallback.
- Risk: component-level `providers` can silently override global DI. Mitigation: inventory + explicit removal task (042-T7) with verification.
- Risk: direct `inject(Mock...)` usage bypasses app config contracts. Mitigation: mandatory tokenized refactor task (042-T8).
- Cross-module note: docs updates required in `docs/modules/ui/**` and endpoint ledger docs under `docs/modules/ui/v2-rewire/`.
## Next Checkpoints
- 2026-02-22 UTC: Complete T1 inventory and finalize endpoint mapping/risk list.
- 2026-02-23 UTC: Complete T2-T8 runtime cutover PR set for core API and provider wiring.
- 2026-02-24 UTC: Complete T9-T12 verification and docs sync; decide DONE vs BLOCKED per remaining endpoint gaps.