feat(ui): ship topology and trust admin cutover

docs-archived/implplan/SPRINT_20260308_005_FE_topology_trust_admin_cutover.md

@@ -0,0 +1,108 @@
+# Sprint 20260308_005_FE - Topology And Trust Administration Cutover
+
+## Topic & Scope
+- Complete the `Setup` cutover for `Topology` and `Trust & Signing` so the canonical setup surfaces are fully usable and old settings or admin entry points no longer strand operators on placeholder pages or broken links.
+- Replace stale `/platform/setup/*`, `/settings/trust*`, `/administration/trust*`, and `/admin/*` trust or setup links with mounted canonical routes while preserving bookmark compatibility where practical.
+- Finish the missing workflow exposure for topology inventory and trust administration so preserved pages are actually reachable from the shell instead of hiding behind weak-route drift.
+- Working directory: `src/Web/StellaOps.Web/`.
+- Expected evidence: targeted Angular tests, Playwright setup/trust cutover coverage, shipped UI docs, and archived sprint notes.
+
+## Dependencies & Concurrency
+- Depends on the shipped `Platform Ops Consolidation`, `Watchlist`, and `Execution Operations` cutovers already archived in `docs-archived/implplan/`.
+- Safe parallelism: backend APIs are out of scope; this sprint is limited to frontend code, frontend docs, and verification assets.
+
+## Documentation Prerequisites
+- `AGENTS.md`
+- `docs/modules/ui/AGENTS.md`
+- `src/Web/StellaOps.Web/AGENTS.md`
+- `docs/modules/ui/README.md`
+- `docs/modules/ui/architecture.md`
+- `docs/modules/ui/implementation_plan.md`
+- `docs/modules/ui/component-preservation-map/RESTORATION_PRIORITIES.md`
+- `docs/modules/ui/component-preservation-map/components/weak-route/topology/README.md`
+- `docs/modules/ui/component-preservation-map/components/weak-route/trust-admin/README.md`
+
+## Delivery Tracker
+
+### FE-TTA-001 - Freeze canonical setup owner and alias contract
+Status: DONE
+Dependency: none
+Owners: Developer / Implementer
+Task description:
+- Make `Setup > Topology` and `Setup > Trust & Signing` the canonical owners for setup inventory and trust administration workflows.
+- Standardize redirect behavior for stale `platform/setup`, `settings/trust`, `administration/trust`, and old `admin/*` trust-related entry points so they land on mounted canonical pages without dropping context.
+
+Completion criteria:
+- [x] Canonical route helpers and alias policy are defined for topology and trust setup pages.
+- [x] Stale platform or trust entry points land on mounted canonical pages.
+- [x] Active navigation no longer points trust administration at nonexistent `/admin/*` roots.
+
+### FE-TTA-002 - Complete topology shell exposure and platform setup handoffs
+Status: DONE
+Dependency: FE-TTA-001
+Owners: Developer / Implementer
+Task description:
+- Expose the preserved topology pages through the active setup shell so operators can reach regions, environments, promotion graph, workflows, gate profiles, and related detail flows without relying on typed URLs.
+- Repair `Platform Setup` quick links and topology drill-ins so they hand off into the canonical `Setup > Topology` subtree instead of stale or broken `platform/setup` routes.
+
+Completion criteria:
+- [x] Topology shell navigation exposes the preserved topology pages that are already mounted.
+- [x] Platform Setup handoffs point to canonical setup or topology routes.
+- [x] Topology overview and setup entry points use working route-backed drill-ins.
+
+### FE-TTA-003 - Merge legacy trust settings and issuer entry points into usable trust administration
+Status: DONE
+Dependency: FE-TTA-001
+Owners: Developer / Implementer
+Task description:
+- Replace the placeholder `TrustSettingsPageComponent` routes with the real trust-administration shell and merge remaining legacy issuer or trust entry points into that shell.
+- Keep watchlist, keys, issuers, certificates, audit, air-gap, incidents, and analytics accessible from the canonical trust workspace while preserving operator context from old bookmarks where possible.
+
+Completion criteria:
+- [x] Live trust routes no longer render the placeholder trust settings page.
+- [x] Legacy issuer and trust entry points hand off into the canonical trust workspace.
+- [x] Trust navigation and summary state remain usable from both setup and legacy entry paths.
+
+### FE-TTA-004 - Verify cutover, sync docs, and archive
+Status: DONE
+Dependency: FE-TTA-002, FE-TTA-003
+Owners: Developer / Implementer, QA
+Task description:
+- Add focused tests for the setup alias contract and repaired topology or trust workflows, then run targeted Angular and Playwright verification.
+- Record the shipped setup cutover in checked-feature docs and archive the sprint only after every delivery task is done.
+
+Completion criteria:
+- [x] Targeted Angular tests cover redirect contracts and repaired topology or trust workflows.
+- [x] Playwright verifies at least one end-to-end setup journey across topology and trust handoffs.
+- [x] UI docs and checked-feature notes reflect the shipped behavior.
+- [x] Sprint moved to `docs-archived/implplan/` only after all tasks are marked DONE.
+
+## Execution Log
+| Date (UTC) | Update | Owner |
+| --- | --- | --- |
+| 2026-03-08 | Sprint created and moved to DOING for the topology and trust administration cutover. | Codex |
+| 2026-03-08 | Repaired canonical setup alias helpers, old admin and settings trust bookmarks, navigation targets, and platform-setup handoffs into Topology and Trust & Signing. | Developer |
+| 2026-03-08 | Expanded topology shell exposure and removed live placeholder trust ownership in favor of the mounted trust-admin workspace. | Developer |
+| 2026-03-08 | Verified targeted Angular coverage with `npm run test -- --watch=false --include src/tests/platform/platform-setup-routes.spec.ts --include src/tests/topology/topology-routes.spec.ts --include src/tests/topology/topology-shell.component.spec.ts --include src/tests/setup/setup-topology-trust-cutover.spec.ts --include src/tests/trust_admin/trust-scoring-dashboard-ui.behavior.spec.ts`: 20 tests passed across 5 files. | QA |
+| 2026-03-08 | Verified browser cutover flow with `npx playwright test --config playwright.config.ts tests/e2e/topology-trust-admin-cutover.spec.ts --workers=1`: 1 scenario passed. | QA |
+| 2026-03-08 | Production build passed via `npm run build`; existing bundle budget warnings remain unchanged from the baseline. | QA |
+| 2026-03-08 | Synced topology and trust administration docs, checked-feature evidence, and task-board status for archive. | Documentation author |
+
+## Decisions & Risks
+- Risk: the current setup area has two overlapping trust surfaces, and one of them is only a placeholder shell.
+- Mitigation: make the trust-admin shell canonical and route old trust settings entry points into it in the same sprint.
+- Risk: `Platform Setup` still carries stale quick links and duplicate setup concepts that may drift from the canonical topology shell.
+- Mitigation: keep topology ownership in `Setup` and repair old handoffs instead of growing another setup product tree.
+- Risk: some old `/admin/*` links may have no top-level route owner anymore.
+- Mitigation: either retarget them to canonical setup destinations or add explicit alias redirects so bookmarks still resolve.
+- Delivery rule: this sprint is only complete when canonical setup routes are mounted, stale trust and topology entry points are repaired, and the core operator journeys are verified end to end.
+- Reference design note: `docs/modules/ui/topology-trust-administration/README.md`.
+- Docs synced:
+  - `docs/modules/ui/topology-trust-administration/README.md`
+  - `docs/features/checked/web/topology-trust-administration-ui.md`
+  - `docs/modules/ui/README.md`
+  - `docs/modules/ui/implementation_plan.md`
+  - `docs/modules/ui/TASKS.md`
+
+## Next Checkpoints
+- 2026-03-08: archived after implementation, verification, and docs sync completed.