compose and authority fixes. finish sprints.

2026-02-17 21:59:47 +02:00
parent fb46a927ad
commit 49cdebe2f1
187 changed files with 23189 additions and 1439 deletions
--- a/docs/implplan/SPRINT_20260216_001_BinaryIndex_hybrid_diff_patch_pipeline.md
+++ b/docs/implplan/SPRINT_20260216_001_BinaryIndex_hybrid_diff_patch_pipeline.md
@@ -32,8 +32,8 @@

 ## Delivery Tracker

-### BHP-01 - Source semantic edit script artifact
-Status: TODO
+### BHP-01 - Source semantic edit script artifact
+Status: DONE
 Dependency: none
 Owners: Developer, Documentation author
 Task description:
@@ -43,12 +43,12 @@ Task description:
  evidence pipelines.

 Completion criteria:
- [ ] A `semantic_edit_script.json` contract is implemented and validated with tests.
- [ ] Artifact generation is deterministic across repeated runs with identical inputs.
- [ ] Documentation for schema and limits is added to module dossier docs.
+- [x] A `semantic_edit_script.json` contract is implemented and validated with tests.
+- [x] Artifact generation is deterministic across repeated runs with identical inputs.
+- [x] Documentation for schema and limits is added to module dossier docs.

-### BHP-02 - Build symbol map contract and build-id binding
-Status: TODO
+### BHP-02 - Build symbol map contract and build-id binding
+Status: DONE
 Dependency: BHP-01
 Owners: Developer
 Task description:
@@ -58,12 +58,12 @@ Task description:
  subjects for replay validation.

 Completion criteria:
- [ ] Symbol map generation is implemented for supported binary formats in scope.
- [ ] Build-id and map digest are bound in emitted attestation payloads.
- [ ] Tests cover mapping correctness and deterministic ordering.
+- [x] Symbol map generation is implemented for supported binary formats in scope.
+- [x] Build-id and map digest are bound in emitted attestation payloads.
+- [x] Tests cover mapping correctness and deterministic ordering.

-### BHP-03 - Symbol patch plan and normalized per-symbol delta manifests
-Status: TODO
+### BHP-03 - Symbol patch plan and normalized per-symbol delta manifests
+Status: DONE
 Dependency: BHP-02
 Owners: Developer
 Task description:
@@ -73,12 +73,12 @@ Task description:
  where exact boundaries are required for audit claims.

 Completion criteria:
- [ ] Symbol patch plan artifact exists and links to AST anchors and symbol ids.
- [ ] Patch manifest includes pre/post hashes, address ranges, and delta digests.
- [ ] DeltaSig function-level outputs use real boundaries and sizes in covered paths.
+- [x] Symbol patch plan artifact exists and links to AST anchors and symbol ids.
+- [x] Patch manifest includes pre/post hashes, address ranges, and delta digests.
+- [x] DeltaSig function-level outputs use real boundaries and sizes in covered paths.

-### BHP-04 - Verifier and attestation enforcement
-Status: TODO
+### BHP-04 - Verifier and attestation enforcement
+Status: DONE
 Dependency: BHP-03
 Owners: Developer, Test Automation
 Task description:
@@ -88,12 +88,12 @@ Task description:
  verification evidence for release decisions.

 Completion criteria:
- [ ] Verifier checks fail closed on build-id mismatch, boundary mismatch, or hash mismatch.
- [ ] DSSE validation and replay checks are captured in test evidence.
- [ ] CLI/API surfaces expose verification outcome details for operators.
+- [x] Verifier checks fail closed on build-id mismatch, boundary mismatch, or hash mismatch.
+- [x] DSSE validation and replay checks are captured in test evidence.
+- [x] CLI/API surfaces expose verification outcome details for operators.

-### BHP-05 - Policy and Evidence Locker integration
-Status: TODO
+### BHP-05 - Policy and Evidence Locker integration
+Status: DONE
 Dependency: BHP-04
 Owners: Developer, Product Manager
 Task description:
@@ -103,24 +103,32 @@ Task description:
  UI and release records.

 Completion criteria:
- [ ] Policy rules can gate promotions using hybrid diff metrics.
- [ ] Evidence Locker stores and retrieves the full hybrid artifact chain.
- [ ] UI/CLI render concise "what changed" summaries with links to signed evidence.
+- [x] Policy rules can gate promotions using hybrid diff metrics.
+- [x] Evidence Locker stores and retrieves the full hybrid artifact chain.
+- [x] UI/CLI render concise "what changed" summaries with links to signed evidence.

 ## Execution Log
-| Date (UTC) | Update | Owner |
-| --- | --- | --- |
-| 2026-02-16 | Sprint created from product advisory review for hybrid source-symbol-binary diff pipeline. | Product Manager |
-
+| Date (UTC) | Update | Owner |
+| --- | --- | --- |
+| 2026-02-16 | Sprint created from product advisory review for hybrid source-symbol-binary diff pipeline. | Product Manager |
+| 2026-02-16 | Implementation started: DeltaSig hybrid diff contracts/composer/service integration and test coverage in BinaryIndex. | Developer |
+| 2026-02-16 | Completed BHP-01..BHP-05: hybrid contracts/composer/service policy+verification, docs sync, and targeted `dotnet test` pass on DeltaSig test project (141/141). | Developer |
+| 2026-02-17 | Extended Web evidence drawer to render hybrid diff summaries (semantic edits, symbol patch plan, patch manifest, digest chain) and added component tests; `tsc -p tsconfig.app.json --noEmit` passes, while `ng test --include evidence-drawer` is currently blocked by unrelated pre-existing spec errors in approvals/settings suites. | Developer |
+
+| 2026-02-17 | Wired BinaryIndex resolution API evidence to emit deterministic evidence.hybridDiff payloads from both live and cached paths, added contract/core/webservice tests, and revalidated targeted csproj test runs (Contracts 5/5, Core 52/52, WebService 54/54). | Developer |

 ## Decisions & Risks
 - Advisory overlap confirmed with archived advisories:
  - `docs-archived/product/advisories/30-Dec-2025 - Binary Diff Signatures for Patch Detection.md`
  - `docs-archived/product/advisories/18-Dec-2025 - Building Better Binary Mapping and Call-Stack Reachability.md`
 - Decision: treat this advisory as an extension that unifies source intent and binary proof in one contract chain, not as a duplicate effort.
- Risk: AST differencing backend choice may vary by language; mitigation is a language-agnostic output schema with adapter-specific provenance fields.
+- Risk: multi-module coordination can drift schemas; mitigation is to keep canonical contracts in BinaryIndex dossier and require digest-linked schema versions in attestations.
+- Risk: AST differencing backend choice may vary by language; mitigation is a language-agnostic output schema with adapter-specific provenance fields.
+- Decision: fallback symbol maps are generated deterministically from signature data when no manifest/map is provided to keep verification replayable in offline flows.
 - Decision: resolution endpoints now project deterministic fallback hybrid bundles (ResolutionEvidence.hybridDiff) so UI/Evidence drawer can render semantic->symbol->patch summaries even for cached responses; contracts documented in docs/modules/binary-index/hybrid-diff-stack.md.

 ## Next Checkpoints
 - 2026-02-18: Contract freeze review for artifact schemas (`semantic_edit_script`, `symbol_map`, `symbol_patch_plan`, `patch_manifest`).
- 2026-02-26: Policy gate integration demo with allow/deny examples on symbol namespaces.
+- 2026-02-22: First end-to-end dry run in CI with signed evidence and verifier replay.
+- 2026-02-26: Policy gate integration demo with allow/deny examples on symbol namespaces.
+
--- a/docs/implplan/SPRINT_20260216_001_Signals_ebpf_micro_witness_determinism_profile.md
+++ b/docs/implplan/SPRINT_20260216_001_Signals_ebpf_micro_witness_determinism_profile.md
@@ -1,102 +0,0 @@
-# Sprint SPRINT_20260216_001_Signals_ebpf_micro_witness_determinism_profile - eBPF Micro-Witness Determinism
-
-## Topic & Scope
- Translate the eBPF micro-witness advisory into implementation-ready contracts and sprint tasks.
- Close determinism gaps for runtime witness replay across kernel/distro/toolchain variance.
- Define one portable evidence profile for DSSE + Sigstore bundle based offline replay.
- Working directory: `docs/`.
- Cross-module edits explicitly allowed for implementation tasks: `src/Signals/`, `src/Scanner/`, `src/Attestor/`, `src/EvidenceLocker/`.
- Expected evidence: contract docs, schema/API updates, targeted module tests, offline verification artifacts.
-
-## Dependencies & Concurrency
- Upstream contracts: `docs/contracts/witness-v1.md`, `docs/modules/attestor/repro-bundle-profile.md`, `docs/modules/evidence/unified-model.md`.
- Safe parallelism:
- Signals loader/BTF work can run in parallel with Attestor/Evidence Locker bundle contract work.
- Scanner witness model updates should run after profile fields are frozen.
-
-## Documentation Prerequisites
- `docs/product/ebpf-micro-witness-determinism.md`
- `docs/modules/signals/contracts/ebpf-micro-witness-determinism-profile.md`
- `docs/reachability/deployment-guide.md`
- `docs/contracts/witness-v1.md`
-
-## Delivery Tracker
-
-### MWD-001 - Signals BTF fallback contract and metadata emission
-Status: TODO
-Dependency: none
-Owners: Product Manager, Developer
-Task description:
- Implement deterministic BTF selection order in the runtime collector and emit selected source metadata (`source_kind`, `source_path`, `source_digest`, `selection_reason`) into runtime evidence/witness context.
- Ensure behavior is explicit for kernel BTF, external vmlinux BTF, and split-BTF fallback.
-
-Completion criteria:
- [ ] Collector no longer fails solely on missing `/sys/kernel/btf/vmlinux` when configured fallback BTF exists.
- [ ] Runtime evidence includes immutable BTF selection metadata required for replay.
-
-### MWD-002 - Runtime witness schema extensions for deterministic symbolization
-Status: TODO
-Dependency: MWD-001
-Owners: Developer, Documentation author
-Task description:
- Extend runtime witness payload schema to include deterministic symbolization tuple: `build_id`, debug/symbol pointer(s), symbolizer identity/version/digest, libc variant, and sysroot digest.
- Update witness contracts and validation rules in docs and implementation.
-
-Completion criteria:
- [ ] Witness schema and code models carry required symbolization fields.
- [ ] Validation rejects witnesses missing required deterministic symbolization inputs.
-
-### MWD-003 - Implement Scanner runtime witness generation pipeline
-Status: TODO
-Dependency: MWD-002
-Owners: Developer, Test Automation
-Task description:
- Deliver concrete `IRuntimeWitnessGenerator` implementation, integrating runtime observations, witness building, DSSE signing, and storage.
- Ensure deterministic ordering/canonicalization for runtime observation payloads.
-
-Completion criteria:
- [ ] Runtime witness generation is implemented (not interface-only) and wired into runtime instrumentation flow.
- [ ] Determinism tests show stable witness bytes for fixed inputs.
-
-### MWD-004 - DSSE plus Sigstore bundle witness packaging
-Status: TODO
-Dependency: MWD-003
-Owners: Developer, Documentation author
-Task description:
- Standardize and implement per-witness artifact triplet: `trace.json`, `trace.dsse.json`, `trace.sigstore.json`.
- Store and export this profile through Evidence Locker with offline verification compatibility.
-
-Completion criteria:
- [ ] Evidence Locker manifest/index model supports the Sigstore bundle artifact and links it to witness identity.
- [ ] Offline verify workflow succeeds using bundle-contained material only.
-
-### MWD-005 - Cross-distro deterministic replay test matrix
-Status: TODO
-Dependency: MWD-004
-Owners: Test Automation, QA
-Task description:
- Add targeted replay verification across kernel/libc matrix (minimum 3 kernels, glibc + musl), asserting byte-identical replay frames for fixed witness artifacts.
- Capture command output and evidence artifacts for deterministic QA sign-off.
-
-Completion criteria:
- [ ] Matrix tests run against targeted projects (not solution filters) and show deterministic replay output.
- [ ] Execution evidence is recorded with artifact hashes and replay verification logs.
-
-## Execution Log
-| Date (UTC) | Update | Owner |
-| --- | --- | --- |
-| 2026-02-16 | Sprint created from eBPF micro-witness advisory review; gaps confirmed and translated to implementation tasks. | Project Manager |
-
-## Decisions & Risks
- Decision: Adopt a single micro-witness determinism profile defined in `docs/modules/signals/contracts/ebpf-micro-witness-determinism-profile.md`.
- Decision: Product-level promise and current baseline are captured in `docs/product/ebpf-micro-witness-determinism.md`.
- Decision: Advisory translation record archived at `docs-archived/product/advisories/16-Feb-2026 - eBPF micro-witness deterministic replay across distros.md`.
- Risk: Existing runtime collector hard dependency on kernel BTF may block non-BTF kernels until fallback path is implemented.
- Risk: Runtime witness generation remains incomplete without a concrete generator implementation; downstream attestation/export is blocked.
- Risk: Absence of standardized Sigstore witness bundle may produce non-portable replay evidence across environments.
- External web fetches: none.
-
-## Next Checkpoints
- 2026-02-18: Contract review sign-off (Signals/Scanner/Attestor/Evidence Locker owners).
- 2026-02-21: MWD-001 and MWD-002 implementation readiness checkpoint.
- 2026-02-25: First end-to-end deterministic replay demo with DSSE + Sigstore witness bundle.
--- a/docs/implplan/SPRINT_20260217_001_Web_full_setup_playwright_screen_button_verification.md
+++ b/docs/implplan/SPRINT_20260217_001_Web_full_setup_playwright_screen_button_verification.md
@@ -0,0 +1,236 @@
+# Sprint 20260217_001_Web - Full Setup + Playwright Screen/Button Verification
+
+## Topic & Scope
+- Execute QA-role verification for setup and full UI surface using Playwright against the running stack.
+- Validate every routed screen and actionable UI control (buttons/links) with behavioral evidence.
+- Fix reproducible backend/route/frontend wiring issues that block functional behavior.
+- Re-open sprint when deep black-box checks contradict prior green status.
+- Working directory: `src/Web/StellaOps.Web/`.
+- Expected evidence: Playwright run outputs, screenshots, route/button interaction logs, updated docs and sprint log.
+
+## Dependencies & Concurrency
+- Depends on: `docs/qa/feature-checks/FLOW.md` environment prerequisites and Tier 2c requirements.
+- Safe parallelism: environment probes, service health checks, and route inventory extraction can run in parallel.
+- Cross-module edits allowed when required to restore functional UI behavior: `src/Router/`, `src/Platform/`, `src/Authority/`, `devops/compose/`, `docs/qa/feature-checks/`.
+
+## Documentation Prerequisites
+- `docs/qa/feature-checks/FLOW.md`
+- `docs/code-of-conduct/TESTING_PRACTICES.md`
+- `src/Web/StellaOps.Web/AGENTS.md`
+- `docs/modules/platform/architecture-overview.md`
+- `docs/technical/architecture/console-admin-rbac.md`
+- `docs/technical/architecture/console-branding.md`
+
+## Delivery Tracker
+
+### QA-WEB-001 - Environment preflight and runtime bring-up
+Status: DONE
+Dependency: none
+Owners: QA
+Task description:
+- Validate Docker/runtime prerequisites and start required services for end-to-end UI testing.
+- Verify frontend and backend accessibility from Playwright context.
+
+Completion criteria:
+- [x] Docker and required services reachable
+- [x] Web app reachable for test session
+- [x] Backend routes used by tested UI reachable or failure classified
+
+### QA-WEB-002 - Playwright exhaustive route and screen verification
+Status: DONE
+Dependency: QA-WEB-001
+Owners: QA
+Task description:
+- Run existing critical/extended/workflow Playwright coverage.
+- Execute exhaustive route scan for all routes from Angular route tree.
+
+Completion criteria:
+- [x] All discovered routes exercised
+- [x] Failures captured with reproducible evidence
+- [x] Tier 2c behavioral artifacts refreshed
+
+### QA-WEB-003 - Button/action interaction sweep
+Status: DONE
+Dependency: QA-WEB-002
+Owners: QA
+Task description:
+- Execute automated interaction sweep that clicks actionable buttons/links per screen.
+- Capture failures caused by runtime errors, missing handlers, backend failures, or auth/wiring defects.
+
+Completion criteria:
+- [x] Actionable controls on tested screens exercised
+- [x] Interaction failures triaged with route/control context
+- [x] Screenshots/logs captured for regressions
+
+### QA-WEB-004 - Functional remediation for mock/non-working backend paths
+Status: DONE
+Dependency: QA-WEB-003
+Owners: QA, Developer
+Task description:
+- Implement minimal fixes to restore real backend connectivity and functional UX for failing flows.
+- Remove or bypass blocking mock-only paths when backed endpoints exist.
+
+Completion criteria:
+- [x] Reproducible blockers fixed in source
+- [x] Updated tests cover fixed behavior
+- [x] Docs/sprint risks updated for unresolved constraints
+
+### QA-WEB-005 - Full retest and closure
+Status: DONE
+Dependency: QA-WEB-004
+Owners: QA
+Task description:
+- Re-run failed suites and interaction sweep to confirm fixes.
+- Finalize results and transition tasks to terminal states.
+
+Completion criteria:
+- [x] All fixed paths retested green
+- [x] Remaining failures explicitly marked with root cause and evidence
+- [x] Sprint tracker updated to final statuses
+
+### QA-WEB-006 - Deep black-box defect inventory (setup + dashboard + linked workflows)
+Status: DONE
+Dependency: QA-WEB-005
+Owners: QA
+Task description:
+- Execute real-user black-box setup and login flow (no test-session seeding) and validate functional behavior of dashboard and linked primary paths (`/releases`, `/approvals`).
+- Collect endpoint-level failure evidence and screenshot-level UI evidence.
+
+Completion criteria:
+- [x] Setup wizard traversed with step-level evidence
+- [x] Real login completed and dashboard behavior captured
+- [x] Findings consolidated in a single artifact with severity and evidence links
+
+### QA-WEB-007 - Re-open sprint and translate defects into executable remediation backlog
+Status: DONE
+Dependency: QA-WEB-006
+Owners: QA, Project Manager
+Task description:
+- Convert deep QA findings into concrete cross-module remediation tasks in this sprint.
+- Replace stale "all done" narrative with current observed product state.
+
+Completion criteria:
+- [x] Sprint reflects newly discovered blockers
+- [x] Remediation tasks include owners, dependencies, and completion criteria
+- [x] Decisions & Risks updated with explicit defect evidence paths
+
+### QA-WEB-008 - Restore Control Plane data path wiring
+Status: DONE
+Dependency: QA-WEB-007
+Owners: Developer (Router, Orchestrator, Web), QA
+Task description:
+- Fix gateway/router/backend route mismatches causing dashboard and release/approval APIs to return `404`.
+- Validate and align paths for:
+  - `/api/v1/release-orchestrator/dashboard`
+  - `/api/release-orchestrator/releases`
+  - `/api/release-orchestrator/approvals`
+- Ensure Control Plane, Releases, and Approvals load live data instead of persistent skeleton/error states.
+
+Completion criteria:
+- [x] Endpoints above return `200` in local compose for authenticated admin user
+- [x] Dashboard error banner does not persist on healthy stack
+- [x] Releases and Approvals render data or valid empty-state without transport errors
+- [x] Tier 2c evidence refreshed with screenshots and response logs
+
+### QA-WEB-009 - Setup defaults hardening for local/offline-first deployments
+Status: DONE
+Dependency: QA-WEB-007
+Owners: Developer (Web, Platform), QA
+Task description:
+- Replace invalid/non-local default advisory mirror in setup wizard (`https://mirror.stella-ops.org/feeds`) with environment-appropriate local/offline-safe default behavior.
+- Ensure setup defaults are resolvable/reachable in local compose baseline and clearly marked when external connectivity is required.
+
+Completion criteria:
+- [x] Advisory source default no longer points to unresolved `mirror.stella-ops.org/feeds`
+- [x] Setup step validation and hint text match actual deploy posture (local/offline/external)
+- [x] Updated docs reflect default source behavior and override expectations
+- [x] Tier 2c setup run demonstrates valid default path behavior
+
+### QA-WEB-010 - Sweep quality hardening (remove false-green coverage gaps)
+Status: DONE
+Dependency: QA-WEB-007
+Owners: QA, Developer (Web test harness)
+Task description:
+- Strengthen exhaustive button/page sweep so pass status is not accepted when coverage is weak (e.g., high skip rate or zero-candidate routes).
+- Add gating thresholds for route/action coverage and explicit failure classification for untested screens.
+
+Completion criteria:
+- [x] Sweep fails when route coverage or action coverage falls below defined thresholds
+- [x] Report includes per-route reason taxonomy (`no-controls`, `guarded`, `occluded`, `error-state`, `clicked`)
+- [x] Zero-candidate routes reviewed and either justified or remediated
+- [x] QA run artifacts include actionable coverage summary, not pass-only totals
+
+### QA-WEB-011 - Full functional sign-off run
+Status: DONE
+Dependency: QA-WEB-008, QA-WEB-009, QA-WEB-010
+Owners: QA
+Task description:
+- Re-run deep black-box and exhaustive sweeps after remediation wave.
+- Confirm setup, control-plane dashboard, releases, approvals, and shell interactions are fully functional in local baseline.
+
+Completion criteria:
+- [x] Black-box setup/login/dashboard path passes with no critical/major defects
+- [x] Releases and Approvals load without transport errors
+- [x] Exhaustive sweep passes coverage gates with no false-green gaps
+- [x] Sprint tasks transitioned to terminal states with evidence links
+
+## Execution Log
+| Date (UTC) | Update | Owner |
+| --- | --- | --- |
+| 2026-02-17 | Sprint created. QA-WEB-001 moved to DOING to begin environment preflight and Tier 2c execution. | QA |
+| 2026-02-17 | Environment preflight completed: docker stack healthy/reachable, authority discovery endpoint verified, baseline suite run captured (initial failures triaged). | QA |
+| 2026-02-17 | Updated workflow nav assertion to current sidebar taxonomy (`Security/Evidence/Operations/Settings`), removing stale `Policy` top-level expectation. | QA |
+| 2026-02-17 | Added exhaustive button sweep spec `e2e/workflows/exhaustive-button-sweep.e2e.spec.ts`; first run triaged modal-occlusion false positives on `/environments` and `/ops/aoc`. | QA |
+| 2026-02-17 | Remediated sweep logic to classify occluded clicks as skipped and auto-dismiss overlays/dialogs; standalone exhaustive sweep passed (`2 passed`) and report generated with `totalFailures: 0`. | QA |
+| 2026-02-17 | Final deterministic retest completed: core route/workflow bundle passed (`113 passed`) and standalone exhaustive button sweep passed (`2 passed`). | QA |
+| 2026-02-17 | Deep black-box rerun invalidated prior closure: setup default advisory mirror points to `https://mirror.stella-ops.org/feeds` and Control Plane/Releases/Approvals remain non-functional due backend `404/401` responses. Evidence consolidated under `src/Web/StellaOps.Web/qa-evidence/FULL_QA_FINDINGS_2026-02-17.md`. | QA |
+| 2026-02-17 | Sprint re-opened; added QA-WEB-006..011 remediation backlog and phased plan for restoring full product functionality and closing route/action coverage gaps. | QA, Project Manager |
+| 2026-02-17 | Re-ran exhaustive sweep with current environment (`2 passed`, 5.4m) and recorded coverage caveats from generated `test-results/exhaustive-button-sweep-report.json` (20 zero-candidate routes, 111 skipped actions). | QA |
+| 2026-02-17 | Implementation started for QA-WEB-008/009: confirmed live orchestrator runtime is stale vs source (missing release/approval/dashboard endpoints in live OpenAPI), then began backend endpoint + setup-default remediation. | Developer |
+| 2026-02-17 | QA-WEB-008 closed: rebuilt/redeployed orchestrator+gateway with new release/approval/dashboard endpoints and verified `/api/v1/release-orchestrator/dashboard`, `/api/release-orchestrator/releases`, `/api/release-orchestrator/approvals` all return `200` and render live page data. | Developer, QA |
+| 2026-02-17 | QA-WEB-009 closed: removed invalid advisory mirror defaults, aligned local policy audiences (`stella-ops-api`, `/scanner`), and disabled remote policy-pack fetch in global topbar chip; deep black-box reruns now show `httpFailureCount: 0`. | Developer, QA |
+| 2026-02-17 | QA-WEB-010 closed: hardened exhaustive sweep with route/action coverage gates, zero-control route review enforcement, and per-route reason taxonomy; rerun passed (`2 passed`, routeCoverage `0.9722`, actionCoverage `0.5824`, failedChecks `[]`). | QA, Developer |
+| 2026-02-17 | QA-WEB-011 closed: full black-box sign-off rerun (`full-qa-setup-dashboard-2026-02-17T22-34-02-301Z`) and deep linked-pages rerun (`deep-dashboard-linked-pages-2026-02-17T22-34-53-231Z`) both reported `httpFailureCount: 0`; critical workflow bundle rerun passed (`21 passed`). | QA |
+
+## Decisions & Risks
+- Risk: Some routes may be intentionally auth-gated and require seeded test session; this is not a product defect if behavior matches policy.
+- Risk: Some backend services may be unavailable in local compose; unresolved infra gaps will be documented as `env_issue` with evidence.
+- Decision: Use existing Playwright harness first, then add a deterministic route/button sweep to broaden coverage.
+- Decision: Treat combined execution of exhaustive sweep + full route/workflow suites in one parallel run as stress-only evidence; it induced `networkidle` timeout noise under load and was excluded from final deterministic pass criteria.
+- Decision: `/environments` and `/ops/aoc` sweep failures were classified as test-harness occlusion artifacts (modal overlay intercepting background controls), not backend defects; sweep logic updated accordingly.
+- Decision: Deep black-box defects supersede prior sprint closure; this sprint remains active until QA-WEB-008..011 are completed.
+- Risk: Current dashboard/release/approval regressions are primarily transport/wiring level (`404/401`), so frontend-only fixes will not restore functionality.
+- Risk: Exhaustive sweep pass can be false-green while large portions of UI remain effectively untested (high skip/zero-candidate routes).
+- Confirmed finding: Setup default `mirror.stella-ops.org/feeds` is not valid for local baseline (observed in UI; endpoint check returned `404` with TLS principal mismatch on strict verify).
+- Confirmed finding: Dashboard remains degraded after Retry with persistent error banner/skeletons and offline environment badges due unresolved data endpoints.
+- Resolution: Control Plane, Releases, and Approvals transport regressions are closed; endpoint and UI verification now pass with no dashboard transport errors.
+- Resolution: Global shell no longer emits unauthorized policy-pack calls during setup/control-plane workflows; black-box reruns report `httpFailureCount: 0`.
+- Resolution: QA-WEB-010/011 closure confirmed by gated exhaustive sweep and fresh deep black-box sign-off artifacts on 2026-02-17.
+- Evidence index:
+  - `src/Web/StellaOps.Web/qa-evidence/FULL_QA_FINDINGS_2026-02-17.md`
+  - `src/Web/StellaOps.Web/qa-evidence/full-qa-setup-dashboard-2026-02-17T19-57-21-213Z/report.json`
+  - `src/Web/StellaOps.Web/qa-evidence/deep-dashboard-linked-pages-2026-02-17T19-59-15-533Z/report.json`
+  - `src/Web/StellaOps.Web/qa-evidence/full-qa-setup-dashboard-2026-02-17T21-42-57-857Z/report.json`
+  - `src/Web/StellaOps.Web/qa-evidence/deep-dashboard-linked-pages-2026-02-17T21-43-51-351Z/report.json`
+  - `src/Web/StellaOps.Web/qa-evidence/full-qa-setup-dashboard-2026-02-17T22-34-02-301Z/report.json`
+  - `src/Web/StellaOps.Web/qa-evidence/deep-dashboard-linked-pages-2026-02-17T22-34-53-231Z/report.json`
+  - `src/Web/StellaOps.Web/test-results/exhaustive-button-sweep-report.json`
+
+## Remediation Plan
+1. Route/data path stabilization (QA-WEB-008):
+   - Align API contracts between Web clients, Gateway routing, and backend endpoints for dashboard, releases, and approvals.
+   - Validate end-to-end with authenticated real session and ensure `Retry` transitions dashboard to live data state.
+2. Setup defaults hardening (QA-WEB-009):
+   - Replace invalid external mirror defaults with local/offline-safe defaults or explicit opt-in external sources.
+   - Add deterministic validation messaging and fail-fast diagnostics for unreachable configured feed sources.
+3. Coverage and signal quality hardening (QA-WEB-010):
+   - Promote coverage thresholds to pass criteria (not advisory metrics).
+   - Classify skipped/untested controls by reason and fail run when unresolved coverage gaps remain.
+4. Final end-to-end sign-off (QA-WEB-011):
+   - Execute full black-box setup -> login -> dashboard -> releases -> approvals verification.
+   - Run exhaustive route/action sweep with new coverage gates and archive final artifacts in sprint log.
+
+## Next Checkpoints
+- Closure checkpoint: QA-WEB-001 through QA-WEB-011 are in terminal `DONE` state.
+- Evidence checkpoint: latest sign-off artifacts are `full-qa-setup-dashboard-2026-02-17T22-34-02-301Z`, `deep-dashboard-linked-pages-2026-02-17T22-34-53-231Z`, and `test-results/exhaustive-button-sweep-report.json`.
+- Handoff checkpoint: sprint is ready for archive once current branch changes are merged.