stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity

documentation cleanse, sprints work and planning. remaining non EF DAL migration to EF

Browse Source
This commit is contained in:
master
2026-02-25 01:24:07 +02:00
parent b07d27772e
commit 4db038123b
9090 changed files with 4836 additions and 2909 deletions
Download Patch File Download Diff File Expand all files Collapse all files

81
docs-archived/implplan/SPRINT_20260224_001_Platform_unified_translation_gap_closure.md Normal file
View File

@@ -0,0 +1,81 @@
# Sprint 20260224_001 - Unified Translation Gap Closure
## Topic & Scope
- Close remaining implementation gaps from `plan.md` for runtime translation delivery.
- Finish shell-level locale switching for the Angular console and remove remaining legacy key fallbacks.
- Add missing Platform DB migration coverage for translation overrides and endpoint verification.
- Working directory: `src/Platform/StellaOps.Platform.WebService`.
- Explicit cross-module edits authorized: `src/Web/StellaOps.Web`, `src/Platform/__Libraries/StellaOps.Platform.Database`, `src/Platform/__Tests/StellaOps.Platform.WebService.Tests`, `docs/modules/platform`, `docs/modules/ui`.
- Expected evidence: backend/frontend targeted validation, migration script test, docs sync links.
## Dependencies & Concurrency
- Depends on existing uncommitted localization foundation files already present in working tree (`StellaOps.Localization`, Platform localization services/endpoints, Web i18n service).
- Safe parallelism: frontend and backend migration/test edits can proceed independently; docs updates after code verification.
## Documentation Prerequisites
- `docs/code-of-conduct/CODE_OF_CONDUCT.md`
- `docs/README.md`
- `docs/07_HIGH_LEVEL_ARCHITECTURE.md`
- `docs/modules/platform/architecture-overview.md`
- `docs/modules/platform/platform-service.md`
- `docs/modules/ui/architecture.md`
## Delivery Tracker
### LOC-001 - Shell locale switcher and flat-key cleanup (Web)
Status: DONE
Dependency: none
Owners: Developer / Implementer
Task description:
- Add a locale switcher in the authenticated shell topbar and wire it to runtime `I18nService.setLocale(...)` so locale changes are applied immediately and persisted.
- Remove remaining legacy FirstSignal key lookups (`firstSignal.*`) in runtime component logic in favor of flat key space (`ui.first_signal.*`).
- Keep offline fallback behavior intact.
Completion criteria:
- [x] Topbar exposes locale selector and calls `setLocale(...)` on user change.
- [x] FirstSignal no longer depends on legacy nested key paths in runtime logic.
- [x] Frontend build validates these edits; unit spec added for locale switch interaction.
### LOC-002 - Platform translation persistence migration + API verification
Status: DONE
Dependency: none
Owners: Developer / Implementer
Task description:
- Add the missing release migration script that creates `platform.translations` used by `PostgresTranslationStore`.
- Add deterministic migration sequence test coverage and endpoint-level verification for localization bundle behavior.
Completion criteria:
- [x] New release migration SQL for `platform.translations` exists and is ordered after current latest migration.
- [x] Migration script test validates table/index/ordering expectations.
- [x] Localization endpoint tests verify bundle retrieval and override behavior.
### LOC-003 - Docs and tracker synchronization
Status: DONE
Dependency: LOC-001, LOC-002
Owners: Documentation Author / Developer
Task description:
- Sync UI and Platform architecture docs with the runtime translation API contract and locale switching path.
- Record execution evidence and risks in this sprint and update relevant module task boards.
Completion criteria:
- [x] `docs/modules/ui/architecture.md` reflects `/platform/i18n/{locale}.json` runtime loader behavior.
- [x] `docs/modules/platform/platform-service.md` includes localization API/data model references.
- [x] Platform module task boards mirror sprint status.
## Execution Log
| Date (UTC) | Update | Owner |
| --- | --- | --- |
| 2026-02-24 | Sprint created; LOC-001 and LOC-002 moved to DOING for implementation. | Implementer |
| 2026-02-24 | Implemented locale selector in `src/Web/StellaOps.Web/src/app/layout/app-topbar/app-topbar.component.ts`, added locale switch unit spec in `.../app-topbar.component.spec.ts`, and removed runtime legacy `firstSignal.*` key usage in `.../first-signal-card.component.ts`. | Developer |
| 2026-02-24 | Added migration `src/Platform/__Libraries/StellaOps.Platform.Database/Migrations/Release/057_PlatformTranslations.sql`, migration test `PlatformTranslationsMigrationScriptTests.cs`, and endpoint tests `LocalizationEndpointsTests.cs`. | Developer |
| 2026-02-24 | Updated docs: `docs/modules/ui/architecture.md` and `docs/modules/platform/platform-service.md`. Updated task boards: `src/Platform/StellaOps.Platform.WebService/TASKS.md` and `src/Platform/__Tests/StellaOps.Platform.WebService.Tests/TASKS.md`. | Documentation Author |
| 2026-02-24 | Validation: `dotnet test src/Platform/__Tests/StellaOps.Platform.WebService.Tests/StellaOps.Platform.WebService.Tests.csproj -v minimal` passed (191/191). `npm --prefix src/Web/StellaOps.Web run build` passed with existing warnings. | Developer |
## Decisions & Risks
- Decision: prioritize closure of phase-1/phase-2 critical runtime gaps (switcher wiring + persistence migration) before full multi-service rollout.
- Risk: phase-3/phase-4 rollout (Scanner/Policy/Graph adoption, second-locale assets) remains out of scope for this sprint.
- Risk: targeted Angular `ng test --include ...app-topbar.component.spec.ts` run is blocked by unrelated pre-existing spec compile errors (`global_search` and `plugin_system` test files). Mitigation: validated via production build plus new spec addition; leave unit lane unblocked in follow-on cleanup sprint.
## Next Checkpoints
- 2026-02-24: Code + targeted validation complete for LOC-001/LOC-002.
- 2026-02-24: Documentation sync and tracker closeout complete for LOC-003.

168
docs-archived/implplan/SPRINT_20260224_004_Platform_user_locale_expansion_and_cli_persistence.md Normal file
View File

@@ -0,0 +1,168 @@
# Sprint 20260224_004 - User Locale Expansion and CLI Persistence
## Topic & Scope
- Add requested locale assets for UI/runtime bundles: `de-DE`, `bg-BG`, `ru-RU`, `es-ES`, `fr-FR`, `zh-TW`, `zh-CN`.
- Add authenticated user language preference API and wire Web shell locale switching to persisted backend preference.
- Add CLI commands to read/write the same language preference so Web/CLI share one user-level setting.
- Close remaining translation-storage gaps for supported locales across Platform `ui`/`platform` namespaces and shared `common` bundles.
- Add a dedicated UI settings screen for language selection at `/settings/language` using the same persisted preference API.
- Add `uk-UA` locale support across all localization storages (Platform `ui`/`platform`, shared `common`, Web fallback).
- Use Platform locale catalog endpoint (`GET /api/v1/platform/localization/locales`) as selector source for both UI and CLI locale selection flows.
- Working directory: `src/Platform/StellaOps.Platform.WebService`.
- Explicit cross-module edits authorized: `src/Web/StellaOps.Web`, `src/Cli/StellaOps.Cli`, `src/Cli/__Tests/StellaOps.Cli.Tests`, `src/Platform/__Tests/StellaOps.Platform.WebService.Tests`, `docs/modules/platform`, `docs/modules/ui`, `docs/modules/cli`.
- Expected evidence: targeted Platform tests, targeted CLI build/tests, targeted Web tests/build, docs sync links.
## Dependencies & Concurrency
- Depends on existing localization foundation (`StellaOps.Localization`, Platform localization endpoints, Web runtime i18n loader).
- Safe parallelism: locale bundle asset additions can run in parallel with preference API/client wiring; final validation after integration.
## Documentation Prerequisites
- `docs/code-of-conduct/CODE_OF_CONDUCT.md`
- `docs/modules/platform/platform-service.md`
- `docs/modules/ui/architecture.md`
- `docs/modules/cli/architecture.md`
## Delivery Tracker
### LOC-301 - Locale bundle expansion across Platform/Web assets
Status: DONE
Dependency: none
Owners: Developer / Implementer
Task description:
- Add and register requested locale bundles in Platform translation assets and Web offline fallback bundles.
- Extend locale selector label keys so all requested locales render localized option names.
Completion criteria:
- [x] Platform translation assets include all requested locale files.
- [x] Web fallback assets include all requested locale files.
- [x] Locale selector keys exist for all requested locales.
### LOC-302 - Persisted authenticated user language preference (Platform + Web)
Status: DONE
Dependency: LOC-301
Owners: Developer / Implementer
Task description:
- Add platform preferences endpoints for reading/updating user language preference.
- Wire Web locale selection and authenticated startup sync to this persisted preference.
Completion criteria:
- [x] Platform exposes `GET/PUT /api/v1/platform/preferences/language`.
- [x] Web shell applies persisted language for authenticated users.
- [x] Locale changes from Web are persisted through Platform preference API.
### LOC-303 - CLI locale preference mechanism against Platform preference API
Status: DONE
Dependency: LOC-302
Owners: Developer / Implementer
Task description:
- Add CLI command surface to get/set the authenticated user locale preference using the Platform API.
- Keep tenant scoping and deterministic output behavior aligned with existing CLI conventions.
Completion criteria:
- [x] CLI supports locale preference read/write commands.
- [x] CLI uses tenant-scoped authenticated backend calls.
- [x] CLI wiring compiles with existing test doubles.
### LOC-304 - Docs and tracker synchronization
Status: DONE
Dependency: LOC-301, LOC-302, LOC-303
Owners: Documentation Author / Developer
Task description:
- Update module docs for user locale preference API and Web/CLI usage path.
- Synchronize sprint and module task boards with completed execution evidence.
Completion criteria:
- [x] Platform docs include language preference endpoint contract.
- [x] UI docs include persisted locale behavior.
- [x] CLI docs mention locale preference command surface.
### LOC-305 - Localization storage parity completion
Status: DONE
Dependency: LOC-301
Owners: Developer / Implementer
Task description:
- Add missing Platform `platform` namespace locale bundles for all supported locales.
- Add missing shared localization-library `common` locale bundles so `/platform/i18n/{locale}.json` includes common-layer keys for every supported locale.
- Add regression tests that verify common + platform namespace key availability across all supported locales.
Completion criteria:
- [x] `src/Platform/StellaOps.Platform.WebService/Translations/*.platform.json` exists for all supported locales.
- [x] `src/__Libraries/StellaOps.Localization/Translations/*.common.json` exists for all supported locales.
- [x] Platform localization tests cover common-layer and platform-namespace availability for all supported locales.
### LOC-306 - UI language settings screen
Status: DONE
Dependency: LOC-302
Owners: Developer / Implementer
Task description:
- Add a dedicated language settings screen under Settings routes.
- Wire locale updates to existing `I18nService` and authenticated preference persistence through `UserLocalePreferenceService`.
- Ensure route/navigation access (`/settings` + `/settings/language`) is available from the main app router and user menu.
Completion criteria:
- [x] `/settings/language` route is implemented and reachable.
- [x] Selecting a locale in settings updates UI locale immediately.
- [x] Authenticated locale changes from settings persist through `PUT /api/v1/platform/preferences/language`.
### LOC-307 - Ukrainian locale rollout (`uk-UA`) across localization storages
Status: DONE
Dependency: LOC-305
Owners: Developer / Implementer
Task description:
- Add `uk-UA` locale bundles to all required localization stores consumed by Platform runtime and Web fallback.
- Extend locale validation/normalization in Platform language preference APIs to accept Ukrainian locale aliases and return canonical `uk-UA`.
- Extend localization coverage tests to include `uk-UA` in locale bundle/catalog assertions.
Completion criteria:
- [x] `uk-UA.ui.json` and `uk-UA.platform.json` exist in Platform translations.
- [x] `uk-UA.common.json` exists in both shared localization library and Web fallback locales.
- [x] Platform language preference normalization accepts `uk-UA` aliases and tests cover canonicalization behavior.
### LOC-308 - Locale catalog endpoint usage for UI/CLI selection
Status: DONE
Dependency: LOC-302, LOC-303
Owners: Developer / Implementer
Task description:
- Ensure UI locale selectors (topbar + `/settings/language`) consume Platform locale catalog endpoint (`GET /api/v1/platform/localization/locales`) with local fallback.
- Add CLI locale-catalog command surface and pre-validation path so locale selection is driven by platform locale catalog where available.
Completion criteria:
- [x] UI locale options are sourced from Platform locale catalog endpoint with deterministic local fallback.
- [x] CLI exposes locale catalog listing command backed by Platform locale catalog endpoint.
- [x] CLI locale set path validates against catalog when available and falls back to backend validation when catalog lookup fails.
## Execution Log
| Date (UTC) | Update | Owner |
| --- | --- | --- |
| 2026-02-24 | Sprint created and LOC-301 moved to DOING. | Implementer |
| 2026-02-24 | Added locale assets for `bg-BG`, `ru-RU`, `es-ES`, `fr-FR`, `zh-TW`, `zh-CN` in Platform translation bundles and Web fallback bundles; added locale label keys for expanded locale selector coverage. | Implementer |
| 2026-02-24 | Added Platform language preference contracts/service methods and new `GET/PUT /api/v1/platform/preferences/language` endpoints; Web topbar now syncs/persists locale through Platform preference API for authenticated users. | Implementer |
| 2026-02-24 | Added CLI tenant locale command surface (`stella tenants locale get|set`) and backend client wiring; updated CLI test stubs for new backend interface methods. | Implementer |
| 2026-02-24 | Validation evidence: `dotnet build` succeeded for Platform WebService and CLI; Platform WebService tests passed (`194/194`) via no-build run; Web development build succeeded; CLI tests executed (`1196/1201` passed) with 5 pre-existing unrelated failures in migration/knowledge-search/risk-budget lanes. | Implementer |
| 2026-02-24 | Validation blockers recorded: full graph builds and `dotnet run` are currently blocked by unrelated AirGap compile errors in `src/AirGap/StellaOps.AirGap.Controller/Program.cs` (`AddStellaOpsLocalization`/`AddTranslationBundle`/`UseStellaOpsLocalization`/`LoadTranslationsAsync` missing). | Implementer |
| 2026-02-24 | Docs/task synchronization completed for Platform/UI/CLI module docs and module task boards. | Implementer |
| 2026-02-24 | Added missing locale storage bundles for Platform `platform` namespace and shared localization-library `common` namespace; added localization tests that assert common + platform namespace key coverage for all supported locales. | Implementer |
| 2026-02-24 | Added `/settings/language` screen and route wiring, user-menu navigation entry, shared locale option constant reuse, and language-settings component tests. | Implementer |
| 2026-02-24 | Validation evidence update: `dotnet build` passed for `StellaOps.Localization` and Platform WebService; Platform WebService tests passed (`194/194`). Web build passed; Web test command remains blocked by pre-existing unrelated compile errors in `src/tests/global_search/*` and `src/tests/plugin_system/*`. | Implementer |
| 2026-02-24 | Added `uk-UA` bundles for Platform (`ui` + `platform`), shared `StellaOps.Localization` common bundle, and Web fallback bundle; expanded locale label keys to include `ui.locale.uk_ua`. | Implementer |
| 2026-02-24 | Added CLI locale catalog endpoint client/command (`stella tenants locale list`) and `locale set` catalog pre-validation; added UI locale catalog service so topbar and `/settings/language` use `GET /api/v1/platform/localization/locales` with fallback. | Implementer |
| 2026-02-24 | Extended Platform tests for `uk-UA` locale catalog/bundle coverage and language preference alias normalization; added CLI command-handler tests for locale catalog listing and unsupported-locale rejection. | Implementer |
| 2026-02-24 | Revalidation run: `dotnet build` passed for Platform WebService and CLI; Platform tests passed (`194/194`); CLI tests remain at baseline (`1196/1201`) with the same pre-existing unrelated failures in KnowledgeSearch/Migration/RiskBudget lanes; Web development build (`npm run build -- --configuration development`) succeeded. | Implementer |
## Decisions & Risks
- Decision: persist user language preference via Platform preference API so Web and CLI read/write one source of truth.
- Risk: translation text quality for newly added locale bundles may be partial in this sprint; key coverage is prioritized to remove missing-key regressions.
- Decision: expose a dedicated `/settings/language` UX in addition to topbar locale switching so language preference is discoverable in settings and explicitly tied to persisted user preferences.
- Risk: legacy standalone `src/tests/**` Web test lanes currently fail TypeScript compilation unrelated to locale work, so targeted settings test execution cannot be isolated through current Angular test configuration.
- Docs synchronized:
- `docs/modules/platform/platform-service.md`
- `docs/modules/ui/architecture.md`
- `docs/modules/cli/architecture.md`
- Risk: CLI/Platform full graph test execution remains noisy because Microsoft.Testing.Platform ignores legacy `--filter` flags (`MTP0001`) and executes full suites unless migrated to MTP-native filtering.
- Risk: unrelated AirGap compilation errors currently block full monorepo build/test execution paths, including `dotnet run` from project entry points.
- Decision: UI/CLI locale selection now treats Platform locale catalog endpoint as authoritative and uses embedded locale fallback only when the catalog endpoint is unavailable.
## Next Checkpoints
- 2026-02-24: Locale bundle expansion complete and validated.
- 2026-02-24: Platform/Web/CLI language preference path validated.
- 2026-02-24: Docs/task-board sync complete.

106
docs-archived/implplan/SPRINT_20260224_100_Platform_idp_management_api.md Normal file
View File

@@ -0,0 +1,106 @@
# Sprint 100 -- Platform Identity Provider Management API
## Topic & Scope
- Add REST API for runtime CRUD management of identity provider configurations (LDAP, SAML, OIDC, Standard).
- New EF Core model `IdentityProviderConfig` with tenant-scoped unique name constraint.
- Service layer with type-specific validation and connection testing (TCP for LDAP, HTTP for SAML/OIDC).
- Working directory: `src/Platform/`
- Expected evidence: integration tests, endpoint tests.
## Dependencies & Concurrency
- No upstream dependencies. Foundation sprint.
- Safe to run in parallel with Sprint 101 (Docker containers).
## Documentation Prerequisites
- `docs/modules/platform/architecture-overview.md`
## Delivery Tracker
### TASK-100-01 - DB Model and DbContext
Status: DONE
Dependency: none
Owners: Developer
Task description:
- Create `IdentityProviderConfig` EF Core model with Id, TenantId, Name, Type, Enabled, ConfigurationJson (jsonb), Description, timestamps, and audit fields.
- Add `DbSet<IdentityProviderConfig>` to `PlatformDbContext` with fluent configuration including unique index on (TenantId, Name).
Completion criteria:
- [x] Model created at `src/Platform/__Libraries/StellaOps.Platform.Database/EfCore/Models/IdentityProviderConfig.cs`
- [x] DbContext updated with entity configuration
### TASK-100-02 - API Contracts
Status: DONE
Dependency: none
Owners: Developer
Task description:
- Create DTOs: IdentityProviderConfigDto, CreateIdentityProviderRequest, UpdateIdentityProviderRequest, TestConnectionRequest, TestConnectionResult, IdentityProviderTypeSchema, IdentityProviderFieldSchema.
Completion criteria:
- [x] Contracts at `src/Platform/StellaOps.Platform.WebService/Contracts/IdentityProviderModels.cs`
### TASK-100-03 - Service Layer
Status: DONE
Dependency: TASK-100-01
Owners: Developer
Task description:
- Create `IdentityProviderManagementService` with CRUD operations, type validation, field validation, and connection testing.
- LDAP test: TCP connect; SAML test: HTTP GET metadata; OIDC test: HTTP GET discovery.
Completion criteria:
- [x] Service at `src/Platform/StellaOps.Platform.WebService/Services/IdentityProviderManagementService.cs`
### TASK-100-04 - Endpoints
Status: DONE
Dependency: TASK-100-03
Owners: Developer
Task description:
- Create endpoint group at `/api/v1/platform/identity-providers` with: List, Get, Create, Update, Delete, Enable, Disable, TestConnection, Health, Apply, Types.
- Add `IdentityProviderAdmin` policy and scope.
Completion criteria:
- [x] Endpoints at `src/Platform/StellaOps.Platform.WebService/Endpoints/IdentityProviderEndpoints.cs`
- [x] Policy added to PlatformPolicies, scope added to PlatformScopes
- [x] Wired in Program.cs
### TASK-100-05 - Integration Tests
Status: DONE
Dependency: TASK-100-04
Owners: Developer
Task description:
- Create endpoint tests covering CRUD lifecycle, validation errors, tenant isolation, enable/disable, test-connection, and type schemas.
Completion criteria:
- [x] Tests at `src/Platform/__Tests/StellaOps.Platform.WebService.Tests/IdentityProviderEndpointsTests.cs`
### TASK-100-06 - Authority Reload Wiring
Status: DONE
Dependency: TASK-100-04
Owners: Developer
Task description:
- Wire the `/apply` endpoint to call Authority's `POST /internal/plugins/reload` endpoint via named HttpClient (`AuthorityInternal`).
- Register `AuthorityInternal` HttpClient in Platform's Program.cs with base address from `STELLAOPS_AUTHORITY_URL` or `Authority:InternalUrl` config, and bootstrap key from `STELLAOPS_BOOTSTRAP_KEY` or `Authority:BootstrapKey` config.
- Handle Authority unreachable gracefully (config saved but not applied).
Completion criteria:
- [x] `AuthorityInternal` HttpClient registered in `src/Platform/StellaOps.Platform.WebService/Program.cs`
- [x] `/apply` endpoint calls Authority reload in `src/Platform/StellaOps.Platform.WebService/Endpoints/IdentityProviderEndpoints.cs`
## Execution Log
| Date (UTC) | Update | Owner |
| --- | --- | --- |
| 2026-02-24 | Sprint created and all tasks completed. | Developer |
| 2026-02-24 | TASK-100-06 added and completed: Authority reload wiring for /apply endpoint. | Developer |
## Decisions & Risks
- In-memory store used for MVP; Postgres persistence via EfCore model is prepared but store uses in-memory dict to avoid requiring DB during local dev.
- Connection testing is basic (TCP for LDAP, HTTP GET for SAML/OIDC). Full LDAP bind testing deferred to container integration tests.
- Authority reload wiring uses `STELLAOPS_AUTHORITY_URL` / `Authority:InternalUrl` for Authority discovery and `STELLAOPS_BOOTSTRAP_KEY` / `Authority:BootstrapKey` for authentication. If Authority is unreachable, the apply endpoint returns success with `applied=false` so the UI can inform the user.
## Next Checkpoints
- Container integration tests (Sprint 104).

72
docs-archived/implplan/SPRINT_20260224_101_DevOps_idp_test_containers.md Normal file
View File

@@ -0,0 +1,72 @@
# Sprint 101 -- Docker Test Containers (LDAP, SAML, OIDC)
## Topic & Scope
- Provide Docker Compose configuration for OpenLDAP and Keycloak test containers.
- Bootstrap LDAP with test users/groups and Keycloak with SAML/OIDC clients.
- Working directory: `devops/compose/`
- Expected evidence: compose file, fixture data, license verification.
## Dependencies & Concurrency
- No upstream dependencies. Parallel with Sprint 100.
## Documentation Prerequisites
- None.
## Delivery Tracker
### TASK-101-01 - Docker Compose File
Status: DONE
Dependency: none
Owners: Developer
Task description:
- Create `docker-compose.idp-testing.yml` with OpenLDAP (osixia/openldap:1.5.0) and Keycloak (quay.io/keycloak/keycloak:24.0) under `idp` profile.
- OpenLDAP on ports 3389/3636, Keycloak on port 8280.
Completion criteria:
- [x] Compose file at `devops/compose/docker-compose.idp-testing.yml`
### TASK-101-02 - LDAP Bootstrap Fixture
Status: DONE
Dependency: none
Owners: Developer
Task description:
- Create `bootstrap.ldif` with ou=users, ou=groups, and three test users (test-admin, test-operator, test-viewer) with group memberships.
Completion criteria:
- [x] Fixture at `devops/compose/fixtures/ldap/bootstrap.ldif`
### TASK-101-03 - Keycloak Realm Fixture
Status: DONE
Dependency: none
Owners: Developer
Task description:
- Create `stellaops-realm.json` with realm, roles (admin/operator/viewer), users (saml-admin, saml-operator, oidc-admin, oidc-operator), SAML client (stellaops-saml-sp), and OIDC client (stellaops-oidc-client).
Completion criteria:
- [x] Fixture at `devops/compose/fixtures/keycloak/stellaops-realm.json`
### TASK-101-04 - License Gate
Status: DONE
Dependency: none
Owners: Developer
Task description:
- Verify osixia/openldap (OpenLDAP Public License, test-only) and Keycloak (Apache 2.0) are compatible with BUSL-1.1.
Completion criteria:
- [x] Both licenses verified as compatible for test-only use
## Execution Log
| Date (UTC) | Update | Owner |
| --- | --- | --- |
| 2026-02-24 | Sprint created and all tasks completed. | Developer |
## Decisions & Risks
- Keycloak `start-dev` mode used for testing (no production TLS).
- OpenLDAP TLS disabled for simplicity in test environment.
## Next Checkpoints
- Container integration tests in Sprint 104.

96
docs-archived/implplan/SPRINT_20260224_102_Cli_idp_commands.md Normal file
View File

@@ -0,0 +1,96 @@
# Sprint 102 -- CLI Identity Provider Commands
## Topic & Scope
- Add `stella config identity-providers` command group with list, show, add, update, remove, test, enable, disable, apply subcommands.
- Extend backend client interface and implementation for IDP API calls.
- Extend setup wizard with SAML and OIDC provider configuration steps.
- Working directory: `src/Cli/StellaOps.Cli/`
- Expected evidence: unit tests, command group integration.
## Dependencies & Concurrency
- Depends on Sprint 100 (API contracts).
- Safe to run in parallel with Sprint 103 (UI).
## Documentation Prerequisites
- Sprint 100 API endpoint definitions.
## Delivery Tracker
### TASK-102-01 - CLI DTOs
Status: DONE
Dependency: none
Owners: Developer
Task description:
- Create `IdentityProviderModels.cs` with CLI-side DTOs matching Platform API contracts.
Completion criteria:
- [x] File at `src/Cli/StellaOps.Cli/Services/Models/IdentityProviderModels.cs`
### TASK-102-02 - Backend Client Extension
Status: DONE
Dependency: TASK-102-01
Owners: Developer
Task description:
- Add 8 IDP methods to `IBackendOperationsClient` and implement in `BackendOperationsClient`.
Completion criteria:
- [x] Interface updated
- [x] Implementation added
### TASK-102-03 - Command Group
Status: DONE
Dependency: TASK-102-02
Owners: Developer
Task description:
- Create `IdentityProviderCommandGroup` with all subcommands and type-specific options.
Completion criteria:
- [x] File at `src/Cli/StellaOps.Cli/Commands/IdentityProviderCommandGroup.cs`
### TASK-102-04 - Command Factory Wiring
Status: DONE
Dependency: TASK-102-03
Owners: Developer
Task description:
- Register identity-providers subgroup under `config` in `CommandFactory.cs`.
Completion criteria:
- [x] CommandFactory.cs updated
### TASK-102-05 - Setup Wizard Extension
Status: DONE
Dependency: none
Owners: Developer
Task description:
- Extend `AuthoritySetupStep` to support SAML and OIDC providers in addition to standard and LDAP.
Completion criteria:
- [x] AuthoritySetupStep.cs extended with SAML/OIDC configuration methods
### TASK-102-06 - Unit Tests
Status: DONE
Dependency: TASK-102-03
Owners: Developer
Task description:
- Create tests for command group verifying backend client calls for list, add, remove, enable, disable.
Completion criteria:
- [x] Tests at `src/Cli/__Tests/StellaOps.Cli.Tests/Commands/IdentityProviderCommandGroupTests.cs`
## Execution Log
| Date (UTC) | Update | Owner |
| --- | --- | --- |
| 2026-02-24 | Sprint created and all tasks completed. | Developer |
## Decisions & Risks
- Interactive prompts for add command follow existing GetOrPrompt pattern from setup wizard.
- Non-interactive mode supported via command-line flags.
## Next Checkpoints
- CLI integration tests with real containers (Sprint 104).

107
docs-archived/implplan/SPRINT_20260224_103_FE_idp_settings_page.md Normal file
View File

@@ -0,0 +1,107 @@
# Sprint 103 -- UI Identity Providers Settings Page
## Topic & Scope
- Add Angular settings page for managing identity providers (LDAP, SAML, OIDC, Standard).
- API client service, settings page component, add/edit wizard, route/nav wiring.
- Extend setup wizard with SAML and OIDC provider options.
- Working directory: `src/Web/StellaOps.Web/`
- Expected evidence: component specs, route integration.
## Dependencies & Concurrency
- Depends on Sprint 100 (API contracts).
- Safe to run in parallel with Sprint 102 (CLI).
## Documentation Prerequisites
- Sprint 100 API endpoint definitions.
## Delivery Tracker
### TASK-103-01 - API Client
Status: DONE
Dependency: none
Owners: Developer
Task description:
- Create `identity-provider.client.ts` with interface, InjectionTokens, HTTP client implementation, and mock client.
Completion criteria:
- [x] File at `src/Web/StellaOps.Web/src/app/core/api/identity-provider.client.ts`
### TASK-103-02 - Settings Page Component
Status: DONE
Dependency: TASK-103-01
Owners: Developer
Task description:
- Create standalone component with KPI strip, provider card grid, empty state, and action buttons.
Completion criteria:
- [x] File at `src/Web/StellaOps.Web/src/app/features/settings/identity-providers/identity-providers-settings-page.component.ts`
### TASK-103-03 - Add Provider Wizard
Status: DONE
Dependency: TASK-103-01
Owners: Developer
Task description:
- Create multi-step wizard: select type, configure, test, save.
Completion criteria:
- [x] File at `src/Web/StellaOps.Web/src/app/features/settings/identity-providers/add-provider-wizard.component.ts`
### TASK-103-04 - Route and Navigation
Status: DONE
Dependency: TASK-103-02
Owners: Developer
Task description:
- Add identity-providers route to settings.routes.ts and nav item to navigation.config.ts.
Completion criteria:
- [x] settings.routes.ts updated
- [x] navigation.config.ts updated
### TASK-103-05 - Setup Wizard Extension
Status: DONE
Dependency: none
Owners: Developer
Task description:
- Add SAML and OIDC entries to AUTHORITY_PROVIDERS in setup-wizard.models.ts.
Completion criteria:
- [x] setup-wizard.models.ts updated
### TASK-103-06 - DI Wiring
Status: DONE
Dependency: TASK-103-01
Owners: Developer
Task description:
- Register identity provider API client in app.config.ts.
Completion criteria:
- [x] app.config.ts updated
### TASK-103-07 - Unit Tests
Status: DONE
Dependency: TASK-103-02
Owners: Developer
Task description:
- Create spec tests for settings page: empty state, provider cards, KPI counts, wizard open.
Completion criteria:
- [x] Tests at `src/Web/StellaOps.Web/src/app/features/settings/identity-providers/identity-providers-settings-page.component.spec.ts`
## Execution Log
| Date (UTC) | Update | Owner |
| --- | --- | --- |
| 2026-02-24 | Sprint created and all tasks completed. | Developer |
## Decisions & Risks
- Mock client provides realistic sample data for offline dev.
- Wizard uses dynamic form generation from type schemas.
## Next Checkpoints
- Playwright E2E tests (Sprint 104).

194
docs-archived/implplan/SPRINT_20260224_104_AdvisoryAI_llm_grounded_synthesis.md Normal file
View File

@@ -0,0 +1,194 @@
# Sprint 20260224_104 — Search Gap G3: LLM-Grounded Synthesis (SIGNIFICANT)
## Topic & Scope
- **Gap**: The `SynthesisTemplateEngine` generates summaries by selecting from 5 hardcoded templates that count results and name the top match. These are metadata summaries, not answers. When a user asks "Why did my release fail?", the synthesis says "Found 4 result(s) across 2 domain(s)..." — a restatement of search metadata, not an explanation. The system has a full LLM adapter infrastructure (`LlmAdapterEndpoints`, OpenAI-compatible proxy, provider registry) but the search synthesis doesn't use it. The gap between the infrastructure's capability and the synthesis output is the core missed opportunity.
- **Outcome**: Replace the template-only synthesis with LLM-grounded answer generation that uses retrieved search results as context (true RAG for search). The template engine becomes the offline/no-LLM fallback. When an LLM provider is configured and available, synthesis generates a direct answer to the user's question, grounded in the retrieved entity cards, with citations.
- Working directory: `src/AdvisoryAI`.
- Explicit cross-module edits authorized: `src/Web/StellaOps.Web` (synthesis panel rendering), `docs/modules/advisory-ai`.
- Expected evidence: integration tests with mocked LLM, A/B comparison of template vs LLM synthesis, citation grounding verification, offline fallback test.
## Dependencies & Concurrency
- Upstream: LLM adapter infrastructure must be functional (`LlmAdapterEndpoints`, at least one provider configured). This already exists.
- `SPRINT_20260224_103` (G2 — live data) is complementary: better synthesis requires better retrieval results.
- Safe parallelism: prompt engineering (001) and LLM integration (002) are sequential. Frontend updates (003) are independent. Fallback (004) is independent.
- Required references:
- `src/AdvisoryAI/StellaOps.AdvisoryAI/UnifiedSearch/Synthesis/SynthesisTemplateEngine.cs` — current template engine
- `src/AdvisoryAI/StellaOps.AdvisoryAI.WebService/Endpoints/LlmAdapterEndpoints.cs` — LLM proxy
- `src/AdvisoryAI/StellaOps.AdvisoryAI/Chat/` — existing chat service with streaming
- `src/Web/StellaOps.Web/src/app/shared/components/synthesis-panel/synthesis-panel.component.ts` — UI rendering
## Documentation Prerequisites
- `docs/modules/advisory-ai/knowledge-search.md`
- `docs/code-of-conduct/CODE_OF_CONDUCT.md`
- `src/AdvisoryAI/AGENTS.md`
## Delivery Tracker
### G3-001 - Design grounded synthesis prompt with citation format
Status: DONE
Dependency: none
Owners: Developer / Implementer
Task description:
- Create a system prompt template for search synthesis stored as an embedded resource or configuration file at `src/AdvisoryAI/StellaOps.AdvisoryAI/UnifiedSearch/Synthesis/synthesis-system-prompt.txt`.
- The prompt must:
1. Instruct the LLM to answer the user's question directly, using ONLY the provided search results as evidence.
2. Include a structured context block with the entity cards (title, snippet, domain, severity, entity_key) serialized as numbered references.
3. Require citations in the format `[1]`, `[2]`, etc., referencing the numbered context items.
4. Instruct the LLM to say "I don't have enough information to answer this" if the search results don't contain relevant information (avoid hallucination).
5. Limit response length to 3-5 sentences for search synthesis (not a full conversation).
6. Include domain-specific instructions:
- For findings: mention severity and remediation status.
- For VEX: mention exploitability status and justification.
- For policy: mention enforcement level and scope.
- For doctor: mention severity and run command.
- Create a user prompt template: `"Question: {query}\n\nSearch results:\n{formatted_results}\n\nAnswer the question using only the search results above."`.
Completion criteria:
- [x] System prompt file exists with grounding instructions.
- [x] User prompt template exists with result formatting.
- [x] Citation format defined and documented.
- [x] Hallucination guardrail instruction included.
- [x] Length constraint (3-5 sentences) specified.
- [x] Domain-specific instructions for findings/vex/policy/doctor.
### G3-002 - Implement LlmSynthesisEngine with provider integration
Status: DONE
Dependency: G3-001
Owners: Developer / Implementer
Task description:
- Create `src/AdvisoryAI/StellaOps.AdvisoryAI/UnifiedSearch/Synthesis/LlmSynthesisEngine.cs` implementing a new `ISynthesisEngine` interface.
- The `ISynthesisEngine` interface:
```csharp
Task<SynthesisResult?> SynthesizeAsync(
string query,
IReadOnlyList<EntityCard> cards,
IReadOnlyList<EntityMention> detectedEntities,
CancellationToken ct);
```
- The `LlmSynthesisEngine` must:
1. Format entity cards into the numbered reference context block.
2. Build the system + user prompt from templates.
3. Call the LLM adapter via internal `HttpClient` (`POST /v1/advisory-ai/adapters/llm/{providerId}/chat/completions`).
4. Use the first configured and available provider (from provider list endpoint).
5. Parse the LLM response, extract citations (`[1]`, `[2]`).
6. Map citation numbers back to entity card `entityKey` values.
7. Build `SynthesisResult` with:
- `summary`: LLM-generated answer text.
- `template`: `"llm_grounded"` (to distinguish from hardcoded templates).
- `confidence`: based on citation count relative to result count.
- `sourceCount`: number of cited sources.
- `domainsCovered`: domains of cited entities.
8. Respect a timeout (default: 5 seconds, configurable via `KnowledgeSearchOptions.SynthesisTimeoutMs`).
9. If LLM call fails or times out, return `null` (caller falls back to template engine).
- Refactor `SynthesisTemplateEngine` to also implement `ISynthesisEngine`.
- Update DI to register a `CompositeSynthesisEngine` that tries `LlmSynthesisEngine` first, falls back to `SynthesisTemplateEngine`.
Completion criteria:
- [x] `ISynthesisEngine` interface defined.
- [x] `LlmSynthesisEngine` implemented with LLM adapter call.
- [x] Prompt templates loaded and formatted correctly.
- [x] Citations extracted and mapped to entity keys.
- [x] Timeout respected (default 5s).
- [x] Failure/timeout → returns null (fallback to template).
- [x] `SynthesisTemplateEngine` refactored to implement `ISynthesisEngine`.
- [x] `CompositeSynthesisEngine` tries LLM first, falls back to template.
- [x] Integration test with mocked LLM response proves citation mapping.
### G3-003 - Update synthesis panel UI for LLM-generated answers
Status: DONE
Dependency: G3-002
Owners: Developer / Implementer (Frontend)
Task description:
- In `src/Web/StellaOps.Web/src/app/shared/components/synthesis-panel/synthesis-panel.component.ts`:
1. When `synthesis.template === "llm_grounded"`:
- Render the summary as formatted text with citation links.
- Citation references `[1]`, `[2]` should be rendered as clickable chips that scroll to/highlight the corresponding entity card in the results list.
- Show a small "AI-generated" badge next to the summary header.
- Show grounding indicator: "Based on N sources" with domain tags.
2. When `synthesis.template` is any hardcoded template:
- Render as before (no change to existing behavior).
3. Add a "Show sources" toggle that expands/collapses the cited entity cards inline within the synthesis panel.
- Update the `SynthesisResult` TypeScript model to include an optional `citations` array:
```typescript
citations?: { index: number; entityKey: string; title: string }[];
```
Completion criteria:
- [x] LLM synthesis renders with citation links.
- [x] Citation chips scroll to corresponding entity card.
- [x] "AI-generated" badge shown for LLM synthesis.
- [x] Hardcoded template rendering unchanged.
- [x] "Show sources" toggle works.
- [x] `SynthesisResult` model updated with `citations` field.
### G3-004 - Offline fallback: no LLM → template synthesis
Status: DONE
Dependency: G3-002
Owners: Developer / Implementer
Task description:
- Ensure the `CompositeSynthesisEngine` correctly falls back:
1. No LLM provider configured → skip `LlmSynthesisEngine`, use `SynthesisTemplateEngine` directly.
2. LLM provider configured but unavailable (network error) → `LlmSynthesisEngine` returns null → `SynthesisTemplateEngine` used.
3. LLM provider returns error (4xx/5xx) → fallback to template.
4. LLM response timeout (>5s) → fallback to template.
- In all fallback cases:
1. `SynthesisResult.template` is set to the hardcoded template name (not `"llm_grounded"`).
2. Diagnostics include `synthesisSource: "template"` or `"llm"` so the caller knows which path was used.
- Add configuration: `KnowledgeSearchOptions.LlmSynthesisEnabled` (default: `true` when a provider is configured, `false` otherwise).
Completion criteria:
- [x] No LLM provider → template used without error.
- [x] LLM unavailable → template fallback with warning log.
- [x] LLM error → template fallback.
- [x] LLM timeout → template fallback.
- [x] Diagnostics report synthesis source.
- [x] Integration test: disable LLM, verify template synthesis works.
- [x] Integration test: mock LLM timeout, verify fallback within 6 seconds total.
### G3-005 - Grounding validation: prevent hallucinated answers
Status: DONE
Dependency: G3-002
Owners: Developer / Implementer, Test Automation
Task description:
- Add post-processing validation to `LlmSynthesisEngine`:
1. Parse citation references from the LLM response.
2. Verify each citation index maps to an actual entity card in the context.
3. If the response contains zero valid citations, downgrade confidence to `"low"` and append a disclaimer: "This answer may not be fully grounded in the search results."
4. If the response references a citation index that doesn't exist (e.g., `[7]` when only 5 results were provided), strip the invalid citation.
5. Compute a `groundingScore` = (valid citations / total entity cards mentioned in response). Add to `SynthesisResult`.
- Create a test fixture with 10 query/result/expected-answer triples. Run the LLM synthesis and verify:
1. All citations in the response map to real entity cards.
2. No fabricated entity keys, CVE IDs, or URLs appear in the response.
3. Grounding score >= 0.6 for all test cases.
Completion criteria:
- [x] Citation validation strips invalid references.
- [x] Zero-citation responses get low confidence + disclaimer.
- [x] `groundingScore` computed and returned in `SynthesisResult`.
- [x] Test fixture with 10 query/result/answer triples.
- [x] All test cases achieve grounding score >= 0.6.
- [x] No fabricated entities in any test case.
## Execution Log
| Date (UTC) | Update | Owner |
| --- | --- | --- |
| 2026-02-24 | Sprint created from search gap analysis G3 (SIGNIFICANT). | Product Manager |
| 2026-02-24 | G3-001: Created `synthesis-system-prompt.txt` with grounding instructions, citation format, hallucination guardrails, 3-5 sentence limit, and domain-specific instructions for findings/vex/policy/doctor. Embedded as resource in `.csproj`. | Developer |
| 2026-02-24 | G3-002: Created `ISynthesisEngine` interface, `LlmSynthesisEngine` (HTTP call to LLM adapter, prompt formatting, citation parsing, timeout handling), `CompositeSynthesisEngine` (LLM-first with template fallback). Refactored `SynthesisTemplateEngine` to implement `ISynthesisEngine`. Updated `UnifiedSearchService` to accept `ISynthesisEngine` and call `SynthesizeAsync`. Updated DI registrations with named `llm-synthesis` HttpClient. | Developer |
| 2026-02-24 | G3-003: Updated `SynthesisResult` TS model with `citations` and `groundingScore` fields. Updated synthesis panel with AI-generated badge, citation chips, Show/Hide sources toggle. Preserved existing feedback UI. Added `citationClick` output for scroll-to-card integration. | Developer |
| 2026-02-24 | G3-004: `CompositeSynthesisEngine` checks `LlmSynthesisEnabled`, `LlmAdapterBaseUrl`, and `LlmProviderId` before attempting LLM synthesis. Falls back to template on null/failure/timeout. Added `LlmSynthesisEnabled` (default: false), `SynthesisTimeoutMs` (default: 5000), `LlmAdapterBaseUrl`, and `LlmProviderId` to `KnowledgeSearchOptions`. | Developer |
| 2026-02-24 | G3-005: `LlmSynthesisEngine` validates citations post-LLM response: strips invalid citation indices, downgrades to low confidence with disclaimer on zero citations, computes `groundingScore`. Added `GroundingScore` and `Citations` to C# `SynthesisResult` model. | Developer |
## Decisions & Risks
- **Decision**: The LLM synthesis is opt-in and gracefully degrades. Template synthesis is always available as fallback. This preserves the deterministic/offline guarantee.
- **Decision**: Use the existing LLM adapter proxy (OpenAI-compatible) rather than direct SDK integration. This means synthesis works with any provider that's already configured (OpenAI, Azure OpenAI, local models via Ollama, etc.).
- **Risk**: LLM synthesis adds latency (1-5 seconds). Mitigation: the UI already shows results instantly; synthesis populates asynchronously. Set a 5-second timeout.
- **Risk**: LLM responses may hallucinate despite grounding instructions. Mitigation: citation validation (G3-005), grounding score, and "low confidence" disclaimers.
- **Risk**: LLM costs for synthesis on every search query could be significant. Mitigation: synthesis is optional (`includeSynthesis` parameter), and the UI can cache synthesis results for the same query.
- **Decision**: Keep synthesis short (3-5 sentences). This is a search summary, not a full advisory response. Users who want deeper analysis should use the Advisory AI chat.
- **Decision**: `LlmSynthesisEnabled` defaults to `false` (must opt-in) rather than auto-detecting provider availability. This prevents unexpected LLM calls and costs in deployments that have a provider configured for chat but not for synthesis.
## Next Checkpoints
- After G3-001: review prompt template with product team.
- After G3-002: demo LLM synthesis with live search results.
- After G3-005: present grounding validation results.

62
docs-archived/implplan/SPRINT_20260224_104_E2E_idp_verification.md Normal file
View File

@@ -0,0 +1,62 @@
# Sprint 104 -- E2E Identity Provider Verification
## Topic & Scope
- Playwright E2E tests for UI identity provider settings page.
- API integration tests against real OpenLDAP and Keycloak containers.
- CLI integration tests validating DTO construction and command flow.
- Working directory: `src/Web/StellaOps.Web/e2e/` + `src/Platform/__Tests/` + `src/Cli/__Tests/`
- Expected evidence: E2E test files, container integration test stubs.
## Dependencies & Concurrency
- Depends on Sprints 100-103.
## Documentation Prerequisites
- All prior sprint docs.
## Delivery Tracker
### TASK-104-01 - Playwright E2E Tests
Status: DONE
Dependency: Sprint 103
Owners: Developer
Task description:
- Create `identity-providers.e2e.spec.ts` with tests for page load, empty state, provider cards, add wizard, enable/disable, and delete.
Completion criteria:
- [x] File at `src/Web/StellaOps.Web/e2e/identity-providers.e2e.spec.ts`
### TASK-104-02 - API Container Integration Tests
Status: DONE
Dependency: Sprint 100, Sprint 101
Owners: Developer
Task description:
- Create `IdentityProviderContainerTests.cs` with container-dependent tests (skipped by default).
- Tests for LDAP TCP connect, SAML metadata fetch, OIDC discovery, unreachable host timeout, full CRUD lifecycle.
Completion criteria:
- [x] File at `src/Platform/__Tests/StellaOps.Platform.WebService.Tests/Integration/IdentityProviderContainerTests.cs`
### TASK-104-03 - CLI Integration Tests
Status: DONE
Dependency: Sprint 102
Owners: Developer
Task description:
- Create `IdentityProviderIntegrationTests.cs` with DTO construction tests and container-dependent stubs.
Completion criteria:
- [x] File at `src/Cli/__Tests/StellaOps.Cli.Tests/Integration/IdentityProviderIntegrationTests.cs`
## Execution Log
| Date (UTC) | Update | Owner |
| --- | --- | --- |
| 2026-02-24 | Sprint created and all tasks completed. | Developer |
## Decisions & Risks
- Container-dependent tests are marked with `Skip = "Requires docker compose idp containers"` to avoid CI failures.
- Playwright tests mock API responses for deterministic behavior in CI.
## Next Checkpoints
- Remove skip attributes once CI pipeline includes IDP container startup.

84
docs-archived/implplan/SPRINT_20260224_105_Authority_plugin_reload_mechanism.md Normal file
View File

@@ -0,0 +1,84 @@
# Sprint 105 -- Authority Runtime Plugin Reload Mechanism
## Topic & Scope
- Add runtime reload capability to Authority's plugin and identity provider registries.
- Expose `POST /internal/plugins/reload` endpoint for Platform to trigger registry refresh.
- Wire Platform's `/apply` endpoint to call Authority's reload endpoint.
- Working directory: `src/Authority/StellaOps.Authority/StellaOps.Authority/` + `src/Platform/StellaOps.Platform.WebService/`
- Expected evidence: reloadable registries, internal endpoint, Platform-to-Authority HTTP wiring.
## Dependencies & Concurrency
- Depends on Sprint 100 (Platform IDP API with /apply endpoint).
## Documentation Prerequisites
- Sprint 100 API endpoint definitions.
## Delivery Tracker
### TASK-105-01 - Reloadable Plugin Registry
Status: DONE
Dependency: none
Owners: Developer
Task description:
- Modify `AuthorityPluginRegistry` to use volatile fields and add an internal `Reload()` method that atomically swaps plugin contexts.
Completion criteria:
- [x] `AuthorityPluginRegistry.Reload()` method added at `src/Authority/StellaOps.Authority/StellaOps.Authority/AuthorityPluginRegistry.cs`
### TASK-105-02 - Rebuildable Identity Provider Registry
Status: DONE
Dependency: none
Owners: Developer
Task description:
- Modify `AuthorityIdentityProviderRegistry` to extract build logic into a `Rebuild()` method.
- Use volatile fields for thread-safe reads during concurrent rebuilds.
- Constructor calls `Rebuild()` for initial population.
Completion criteria:
- [x] `AuthorityIdentityProviderRegistry.Rebuild()` method added at `src/Authority/StellaOps.Authority/StellaOps.Authority/AuthorityIdentityProviderRegistry.cs`
### TASK-105-03 - Internal Reload Endpoint
Status: DONE
Dependency: TASK-105-01, TASK-105-02
Owners: Developer
Task description:
- Add `POST /internal/plugins/reload` endpoint to Authority's Program.cs under the existing bootstrap group.
- Protected by `BootstrapApiKeyFilter` (requires `X-StellaOps-Bootstrap-Key` header).
- Re-reads YAML plugin configs via `AuthorityPluginConfigurationLoader.Load()`.
- Calls `AuthorityPluginRegistry.Reload()` and `AuthorityIdentityProviderRegistry.Rebuild()`.
- Returns JSON with reload status, plugin count, and provider count.
Completion criteria:
- [x] Endpoint added to `src/Authority/StellaOps.Authority/StellaOps.Authority/Program.cs`
### TASK-105-04 - Platform Apply Wiring
Status: DONE
Dependency: TASK-105-03
Owners: Developer
Task description:
- Register `AuthorityInternal` named HttpClient in Platform's Program.cs.
- Update `/apply` endpoint to call `POST internal/plugins/reload` on Authority.
- Handle Authority unreachable gracefully.
Completion criteria:
- [x] HttpClient registered in `src/Platform/StellaOps.Platform.WebService/Program.cs`
- [x] Apply endpoint wired in `src/Platform/StellaOps.Platform.WebService/Endpoints/IdentityProviderEndpoints.cs`
## Execution Log
| Date (UTC) | Update | Owner |
| --- | --- | --- |
| 2026-02-24 | Sprint created and all tasks completed. | Developer |
## Decisions & Risks
- Plugin reload re-reads YAML configuration files and rebuilds registries. New plugin assemblies that weren't loaded at startup still require a full Authority restart.
- Identity provider registry rebuild re-resolves `IIdentityProviderPlugin` instances from DI. Plugin instances whose DI registrations haven't changed will retain their existing behavior. Configuration changes that affect plugin constructor parameters require a restart.
- The reload endpoint is idempotent: calling it multiple times produces the same state.
- `BootstrapApiKeyFilter` protects the reload endpoint with the same authentication as all other internal endpoints.
## Next Checkpoints
- Integration tests for reload behavior with live containers (future work).
- Support for DB-sourced plugin configs as Layer 3 priority merge (future work).

174
docs-archived/implplan/SPRINT_20260224_108_FE_search_result_inline_previews.md Normal file
View File

@@ -0,0 +1,174 @@
# Sprint 20260224_108 — Search Gap G8: Inline Result Previews and Direct Answers (MODERATE)
## Topic & Scope
- **Gap**: Search results show a 2-line snippet with ellipsis truncation. For documentation results, the user must navigate away from the search panel to read the actual content. For API results, there's no preview of the endpoint signature, request/response schema, or curl example. For findings, there's no inline severity/reachability summary. Users must click through 5+ results to find the right one, creating high friction and context switching. Modern search experiences (Notion, Algolia, Confluence, GitHub) show rich inline previews with code blocks, tables, and direct answers without leaving the search panel.
- **Outcome**: Add expandable rich previews to entity cards in the global search results. Documentation results show the full section content with markdown rendering. API results show the endpoint signature, parameters, and example curl. Finding results show a severity/reachability/VEX summary card. Doctor results show symptoms, remediation steps, and run command. Previews expand inline without navigating away from search.
- Working directory: `src/Web/StellaOps.Web`.
- Explicit cross-module edits authorized: `src/AdvisoryAI/StellaOps.AdvisoryAI.WebService` (extended result payload), `docs/modules/ui`.
- Expected evidence: UI screenshots, accessibility tests, performance verification (preview rendering latency).
## Dependencies & Concurrency
- No hard upstream dependency.
- The backend may need to return extended snippet content (currently truncated to 320 chars). This requires a minor backend change.
- Safe parallelism: docs preview (002), API preview (003), and finding/doctor preview (004) can be developed in parallel after the expandable scaffold (001).
- Required references:
- `src/Web/StellaOps.Web/src/app/shared/components/entity-card/entity-card.component.ts`
- `src/Web/StellaOps.Web/src/app/layout/global-search/global-search.component.ts`
- `src/AdvisoryAI/StellaOps.AdvisoryAI/KnowledgeSearch/PostgresKnowledgeSearchStore.cs` — snippet generation
## Documentation Prerequisites
- `docs/modules/ui/architecture.md`
- `docs/code-of-conduct/CODE_OF_CONDUCT.md`
## Delivery Tracker
### G8-001 - Add expandable preview scaffold to entity cards
Status: DONE
Dependency: none
Owners: Developer / Implementer (Frontend)
Task description:
- In `EntityCardComponent`:
1. Add an expand/collapse toggle (chevron icon) on the right side of each card.
2. When expanded, show a `preview` section below the snippet:
- The preview area has a maximum height of 400px with scroll.
- Smooth expand/collapse animation (200ms ease-in-out).
- Background slightly different from card body for visual distinction.
3. Keyboard: press `Space` or `Right Arrow` on a focused card to expand preview. `Left Arrow` or `Escape` to collapse.
4. Only one card can be expanded at a time (accordion behavior). Expanding a new card collapses the previous.
5. The preview content is provided by the entity card's `preview` field (new optional field in the model).
- Update `EntityCard` TypeScript model:
```typescript
interface EntityCard {
// ... existing fields ...
preview?: EntityCardPreview;
}
interface EntityCardPreview {
contentType: 'markdown' | 'code' | 'structured';
content: string; // Markdown or code block
language?: string; // For code: 'json', 'yaml', 'bash', etc.
structuredFields?: { label: string; value: string; severity?: string }[];
}
```
Completion criteria:
- [x] Expand/collapse toggle on entity cards.
- [x] Smooth animation for expand/collapse.
- [x] Accordion behavior (one at a time).
- [x] Max height 400px with scroll.
- [x] Keyboard: Space/Right to expand, Left/Escape to collapse.
- [x] `EntityCardPreview` model added.
- [x] ARIA attributes: `aria-expanded`, `aria-controls`.
### G8-002 - Implement documentation preview (markdown rendering)
Status: DONE
Dependency: G8-001
Owners: Developer / Implementer (Frontend + Backend)
Task description:
- **Backend**: In `PostgresKnowledgeSearchStore.BuildResult()` or the unified search response builder:
1. For `docs` / `md_section` results: include the full section body (not truncated) in a new `preview` response field.
2. Cap at 2000 characters to avoid payload bloat.
3. Include the section's `span_start` and `span_end` for accurate navigation.
- **Frontend**: For `docs` entity cards:
1. Set `preview.contentType = 'markdown'`.
2. Render the markdown content using the existing markdown renderer (from `ChatMessageComponent` — bold, italic, code, line breaks, block code).
3. Add heading anchors for sub-sections within the preview.
4. Add a "Open full document" link at the bottom of the preview.
Completion criteria:
- [x] Backend returns full section body (up to 2000 chars) in `preview` field.
- [x] Frontend renders markdown preview with code blocks, formatting.
- [x] "Open full document" link navigates to the full doc page.
- [x] Preview respects 400px max height with scroll for long sections.
- [x] Tested with documentation sections containing code blocks, tables, lists.
### G8-003 - Implement API endpoint preview (signature + curl example)
Status: DONE
Dependency: G8-001
Owners: Developer / Implementer (Frontend + Backend)
Task description:
- **Backend**: For `api` / `api_operation` results:
1. Include structured preview data:
- Method + path (e.g., `POST /api/v1/scanner/scans`)
- Operation ID
- Summary (existing)
- Parameters: list of query/path/header params with types
- Request body schema (JSON, truncated to 500 chars)
- Response codes: list of status codes with descriptions
- Security requirements (auth schemes)
2. Pre-generate a curl example:
```
curl -X POST "$STELLAOPS_API_BASE/api/v1/scanner/scans" \
-H "Authorization: Bearer $TOKEN" \
-H "Content-Type: application/json" \
-d '{"imageRef": "...", "scanType": "full"}'
```
- **Frontend**: For `api` entity cards:
1. Set `preview.contentType = 'structured'`.
2. Render as a mini-API card:
- Method badge (GET=green, POST=blue, PUT=orange, DELETE=red) + path in monospace.
- Parameters table (if any).
- Request body JSON block (collapsible).
- Response codes list.
- Curl example in a code block with a "Copy" button.
Completion criteria:
- [x] Backend returns structured API preview with method, path, params, body, responses.
- [x] Curl example pre-generated.
- [x] Frontend renders method badge + path.
- [x] Parameters displayed in compact table.
- [x] Request body shown in collapsible JSON block.
- [x] Curl example shown with "Copy" button.
- [x] Copy button works (clipboard API + fallback).
### G8-004 - Implement finding and doctor check previews
Status: DONE
Dependency: G8-001
Owners: Developer / Implementer (Frontend + Backend)
Task description:
- **Findings preview**:
1. Backend includes structured preview: CVE ID, severity, CVSS score, affected package, affected versions, reachability status, VEX status, policy badge.
2. Frontend renders as a compact summary card with:
- Severity badge (color-coded).
- Reachability indicator (reachable/unknown/unreachable with icon).
- VEX status chip.
- Policy badge (fail/warn/pass/waived).
- "Last updated" timestamp.
- One-line remediation hint if available.
- **Doctor check preview**:
1. Backend includes: check code, severity, symptoms list, remediation text, run command, control status (safe/destructive/requires_confirmation).
2. Frontend renders as:
- Severity badge.
- Symptoms as a bullet list.
- Remediation text (markdown rendered).
- Run command in a code block with "Copy" and "Run" buttons.
- Warning badge if destructive or requires confirmation.
Completion criteria:
- [x] Finding preview shows severity, reachability, VEX, policy, remediation.
- [x] Doctor preview shows symptoms, remediation, run command.
- [x] Run command has "Copy" and "Run" buttons.
- [x] Destructive checks show warning badge.
- [x] Severity color-coding matches existing entity card colors.
- [x] All preview content is accessible (screen reader friendly).
## Execution Log
| Date (UTC) | Update | Owner |
| --- | --- | --- |
| 2026-02-24 | Sprint created from search gap analysis G8 (MODERATE). | Product Manager |
| 2026-02-24 | G8-001 DONE: Added `EntityCardPreview` interface to TS models; updated `EntityCardComponent` with expand/collapse toggle, preview rendering (markdown/code/structured), `expandedInput` signal, `toggleExpand` output, ARIA attributes, 200ms animation, 400px max-height scroll; updated `GlobalSearchComponent` with `expandedCardKey` signal for accordion behavior. | Developer |
| 2026-02-24 | G8-002 DONE: Backend `BuildPreview` in `UnifiedSearchService` generates markdown preview for `md_section` chunks (body truncated to 2000 chars); frontend renders via `renderSimpleMarkdown` (bold, italic, code, fenced code blocks, line breaks). | Developer |
| 2026-02-24 | G8-003 DONE: Backend generates structured preview for `api_operation` chunks with Method, Path, Service, Operation, Summary fields and curl example; frontend renders structured fields + code block. | Developer |
| 2026-02-24 | G8-004 DONE: Backend generates structured preview for `finding` chunks (CVE ID, severity, package, reachability, VEX status, policy) and `doctor_check` chunks (severity, check code, symptoms, remediation, run command, control). Added 7 new unit tests covering all preview types and truncation. | Developer |
## Decisions & Risks
- **Decision**: Previews are lazy-loaded — the extended content is included in the search response but only rendered when the user expands a card. This avoids rendering cost for all cards.
- **Decision**: Accordion behavior (one preview at a time) keeps the results list scannable and prevents the dropdown from becoming overwhelmingly long.
- **Risk**: Including full section bodies in search responses increases payload size. Mitigation: cap at 2000 chars per preview; compress responses.
- **Risk**: Rendering markdown and code blocks in a dropdown may cause layout issues. Mitigation: restrict preview to simple markdown (no images, no iframes, no external resources).
- **Decision**: Curl examples use `$STELLAOPS_API_BASE` and `$TOKEN` variables rather than hardcoded URLs, matching the existing copy-curl behavior.
## Next Checkpoints
- After G8-001: demo expandable card scaffold with placeholder content.
- After G8-002: demo documentation preview with real markdown rendering.
- After G8-003: demo API preview with curl example and copy button.