fix(router): ship audit bundle frontdoor cutover

docs-archived/implplan/SPRINT_20260308_001_Router_audit_bundle_frontdoor_route_deduplication.md

@@ -0,0 +1,76 @@
+# Sprint 20260308-001 - Router Audit Bundle Frontdoor Route Deduplication
+
+## Topic & Scope
+- Repair the live `stella-ops.local` audit-bundle frontdoor so `/v1/audit-bundles` resolves to ExportCenter instead of a stale shadow route.
+- Fail gateway startup fast when exact duplicate non-regex route paths are configured, because first-match-wins shadowing is otherwise silent.
+- Keep the work scoped to Router route-table/config validation plus targeted Router tests and live Playwright retest evidence from the Web surface.
+- Working directory: `src/Router`.
+- Expected evidence: targeted Router tests, live Playwright capture for `/triage/audit-bundles/new`, and sprint execution log updates.
+
+## Dependencies & Concurrency
+- Upstream live evidence came from `docs/implplan/SPRINT_20260306_003_FE_playwright_setup_reset_iteration_loop.md`; that sprint stays QA-first and records Web-side triage only.
+- Safe parallelism: avoid unrelated Router transport or messaging files; scope is limited to `StellaOps.Gateway.WebService`, its tests, and this sprint file.
+- Concurrency note: no active Router sprint for audit-bundle routing was present when this fix started, but other agents may still be modifying unrelated Web/search slices.
+
+## Documentation Prerequisites
+- `docs/code-of-conduct/CODE_OF_CONDUCT.md`
+- `docs/07_HIGH_LEVEL_ARCHITECTURE.md`
+- `docs/modules/platform/architecture-overview.md`
+- `docs/modules/router/architecture.md`
+- `src/Router/AGENTS.md`
+- `src/Router/StellaOps.Gateway.WebService/AGENTS.md`
+
+## Delivery Tracker
+
+### ROUTER-AUDIT-001 - Remove stale duplicate audit-bundle frontdoor mapping
+Status: DONE
+Dependency: none
+Owners: Developer
+Task description:
+- Remove the stale `/v1/audit-bundles` route entry that currently points at EvidenceLocker so the gateway forwards audit-bundle traffic to ExportCenter.
+- Clean the other exact duplicate reverse-proxy entries discovered during triage so startup validation can become strict without breaking the committed route table.
+
+Completion criteria:
+- [x] `src/Router/StellaOps.Gateway.WebService/appsettings.json` contains no exact duplicate non-regex paths.
+- [x] `/v1/audit-bundles` resolves to ExportCenter in the live stack after redeploy.
+
+### ROUTER-AUDIT-002 - Fail fast on duplicate exact route paths
+Status: DONE
+Dependency: ROUTER-AUDIT-001
+Owners: Developer, Test Automation
+Task description:
+- Harden `GatewayOptionsValidator` so exact duplicate non-regex route paths are rejected at startup with a deterministic error message.
+- Add focused Router coverage proving the validator catches the duplicate-path shadowing class that broke audit bundles.
+
+Completion criteria:
+- [x] Targeted Router tests cover duplicate exact route rejection.
+- [x] Startup validation fails before first request dispatch when duplicate exact paths are present.
+
+### ROUTER-AUDIT-003 - Retest live audit-bundle creation through the gateway
+Status: DONE
+Dependency: ROUTER-AUDIT-002
+Owners: QA, Developer
+Task description:
+- Rebuild and redeploy the router/gateway slice, then rerun the authenticated Playwright audit-bundle create flow against `https://stella-ops.local`.
+- Confirm the frontdoor returns a queued/completed job instead of the previous empty `400`.
+
+Completion criteria:
+- [x] Live Playwright evidence shows the create action no longer fails immediately.
+- [x] The sprint log records the exact commands and outcomes.
+
+## Execution Log
+| Date (UTC) | Update | Owner |
+| --- | --- | --- |
+| 2026-03-08 | Sprint created after Web Playwright triage proved the browser was sending valid DPoP-bound `/v1/audit-bundles` requests while the gateway route table still contained duplicate exact paths and first-match shadowing. | Developer |
+| 2026-03-08 | Removed the stale EvidenceLocker `/v1/audit-bundles` frontdoor entry, cleaned the remaining exact duplicates in `appsettings.json`, tightened `GatewayOptionsValidator`, and verified Router coverage with `dotnet test src/Router/__Tests/StellaOps.Gateway.WebService.Tests/StellaOps.Gateway.WebService.Tests.csproj -v normal` plus `dotnet test src/Router/__Tests/StellaOps.Router.AspNet.Tests/StellaOps.Router.AspNet.Tests.csproj -v normal` (`44/44` passing in the ASP.NET dispatcher suite). | Developer |
+| 2026-03-08 | Rebuilt and redeployed the router gateway, then replayed the authenticated browser flow on `https://stella-ops.local/triage/audit-bundles/new?artifactId=asset-review-prod`. The frontdoor POST to `/v1/audit-bundles` returned `202 Accepted`; the remaining service-local `400` was fixed in downstream sprint `SPRINT_20260308_002_ExportCenter_audit_bundle_http_body_binding.md`, after which the same browser retest completed successfully. | Developer |
+
+## Decisions & Risks
+- Decision: treat the remaining audit-bundle failure as a Router frontdoor defect, not a Web defect, because live request capture confirmed `Authorization: DPoP ...` plus a valid `DPoP` proof on the browser POST.
+- Decision: remove exact duplicate route entries from committed gateway config before enabling duplicate-path validation, so startup hardening does not strand the current route table.
+- Decision: keep the downstream ExportCenter body-binding fix in its own sprint so the Router working-directory contract stays honest; this sprint closes once the gateway frontdoor is clean and the authenticated browser retest proves `/v1/audit-bundles` is no longer shadowed.
+- Risk: `src/Router/StellaOps.Gateway.WebService/AGENTS.md` references `docs/modules/gateway/architecture.md` and `docs/modules/gateway/openapi.md`, but those files are currently absent.
+- Mitigation: continue with the Router architecture dossier plus concrete source/runtime evidence for this bug, and record the missing-doc gap here for later documentation cleanup.
+
+## Next Checkpoints
+- Archived after the Router frontdoor fix, redeploy, and live browser retest passed.