From 4a84f901abc0a64a7ecc9be5077154d9cf92a47a Mon Sep 17 00:00:00 2001
From: master <>
Date: Wed, 11 Mar 2026 19:17:12 +0200
Subject: [PATCH] Harden changed-surfaces registry-admin selector

---
 ...faces_registry_admin_selector_hardening.md | 65 +++++++++++++++++++
 .../live-frontdoor-changed-surfaces.mjs       |  2 +-
 2 files changed, 66 insertions(+), 1 deletion(-)
 create mode 100644 docs/implplan/SPRINT_20260311_009_FE_changed_surfaces_registry_admin_selector_hardening.md

diff --git a/docs/implplan/SPRINT_20260311_009_FE_changed_surfaces_registry_admin_selector_hardening.md b/docs/implplan/SPRINT_20260311_009_FE_changed_surfaces_registry_admin_selector_hardening.md
new file mode 100644
index 000000000..e9943a8ea
--- /dev/null
+++ b/docs/implplan/SPRINT_20260311_009_FE_changed_surfaces_registry_admin_selector_hardening.md
@@ -0,0 +1,65 @@
+# Sprint 20260311_009 - FE Changed Surfaces Registry Admin Selector Hardening
+
+## Topic & Scope
+- Revalidate the live changed-surfaces sweep after the registry-admin audit route fix.
+- Root-cause the remaining `registry-admin` failure and repair the QA harness if it is selecting the wrong UI control.
+- Keep the change scoped to the web QA harness and this sprint log.
+- Working directory: `src/Web/StellaOps.Web`.
+- Expected evidence: root-cause notes, narrowed selector in the changed-surfaces script, and a passing live changed-surfaces sweep.
+
+## Dependencies & Concurrency
+- Depends on the deployed web bundle already containing the registry-admin audit route identity fix.
+- Safe parallelism: limited to `src/Web/StellaOps.Web` plus this sprint file.
+
+## Documentation Prerequisites
+- `AGENTS.md`
+- `docs/qa/feature-checks/FLOW.md`
+
+## Delivery Tracker
+
+### FE-CHANGED-SURFACES-001 - Prove whether the remaining registry-admin failure is real
+Status: DONE
+Dependency: none
+Owners: QA, 3rd line support
+Task description:
+- Inspect the changed-surfaces report after the product fix and determine whether the remaining `registry-admin` failure is still in product code or in the sweep selector/action logic.
+
+Completion criteria:
+- [x] The exact failing action record is captured from the changed-surfaces report.
+- [x] Root cause is identified with concrete evidence.
+
+### FE-CHANGED-SURFACES-002 - Narrow the registry-admin action selector
+Status: DONE
+Dependency: FE-CHANGED-SURFACES-001
+Owners: Product Manager, Architect, Developer
+Task description:
+- Update the changed-surfaces harness so the registry-admin action targets the tablist audit control instead of any unrelated page button that happens to contain the word `Audit`.
+
+Completion criteria:
+- [x] The selector is scoped to the registry-admin tab strip.
+- [x] The harness no longer reports a false failure on the healthy audit route.
+
+### FE-CHANGED-SURFACES-003 - Reverify the full changed-surfaces matrix
+Status: DONE
+Dependency: FE-CHANGED-SURFACES-002
+Owners: QA
+Task description:
+- Rerun the full live changed-surfaces matrix and confirm the registry-admin slice and adjacent surfaces remain clean after the selector hardening.
+
+Completion criteria:
+- [x] The changed-surfaces run completes successfully on `https://stella-ops.local`.
+- [x] No surfaces report heading/runtime/action failures.
+
+## Execution Log
+| Date (UTC) | Update | Owner |
+| --- | --- | --- |
+| 2026-03-11 | Sprint created after the changed-surfaces matrix still reported `registry-admin` broken even though the focused audit proof passed. | QA |
+| 2026-03-11 | The remaining failure was reclassified as a harness defect: the matrix selector `a[href*="/registry-admin/audit"], button:has-text("Audit")` matched the sidebar `Security & Audit` accordion before the actual audit tab, leaving the page on the starting route. | QA / 3rd line support |
+| 2026-03-11 | Scoped the registry-admin selector to the tablist audit link, reran the full live changed-surfaces matrix, and confirmed `0` action failures, `0` response errors, `0` console errors, and `0` problem-text hits across all configured surfaces. | Product / Architect / Developer / QA |
+
+## Decisions & Risks
+- Decision: keep the product code unchanged. The focused live proof already showed the audit route itself was healthy after the preceding iteration.
+- Risk: broad text-based selectors can drift into unrelated shell controls as more navigation groups are revived. Surface scripts must scope selectors to the active feature region when the shell contains overlapping labels.
+
+## Next Checkpoints
+- Continue with the next broader live action family after committing the changed-surfaces harness repair.
diff --git a/src/Web/StellaOps.Web/scripts/live-frontdoor-changed-surfaces.mjs b/src/Web/StellaOps.Web/scripts/live-frontdoor-changed-surfaces.mjs
index 1cd3754a9..277c4d139 100644
--- a/src/Web/StellaOps.Web/scripts/live-frontdoor-changed-surfaces.mjs
+++ b/src/Web/StellaOps.Web/scripts/live-frontdoor-changed-surfaces.mjs
@@ -138,7 +138,7 @@ const surfaceConfigs = [
     actions: [
       {
         key: 'audit-tab',
-        selector: 'a[href*="/registry-admin/audit"], button:has-text("Audit")',
+        selector: 'nav[role="tablist"] a[href*="/registry-admin/audit"], nav[role="tablist"] a:has-text("Audit Log")',
         expectedUrlPattern: '/registry-admin/audit',
         expectedTextPattern: /audit/i,
         requiredUrlFragments: ['tenant=', 'regions='],