fix(exportcenter): ship audit bundle http binding

docs-archived/implplan/SPRINT_20260308_002_ExportCenter_audit_bundle_http_body_binding.md

@@ -0,0 +1,73 @@
+# Sprint 20260308-002 - ExportCenter Audit Bundle HTTP Body Binding
+
+## Topic & Scope
+- Repair the live `POST /v1/audit-bundles` endpoint in ExportCenter so valid JSON bodies bind and queue audit-bundle jobs instead of returning an empty `400`.
+- Cover the real failure mode with an HTTP-level regression test; the existing router-dispatch test proves transport dispatch but does not exercise ASP.NET Core body binding.
+- Keep the work scoped to the ExportCenter audit-bundle API models, endpoint tests, and this sprint file.
+- Working directory: `src/ExportCenter/StellaOps.ExportCenter`.
+- Expected evidence: focused ExportCenter tests, direct live `curl` to the ExportCenter container, gateway/browser retest linkage, and sprint execution log updates.
+
+## Dependencies & Concurrency
+- Downstream of [SPRINT_20260308_001_Router_audit_bundle_frontdoor_route_deduplication.md](/C:/dev/New%20folder/git.stella-ops.org/docs/implplan/SPRINT_20260308_001_Router_audit_bundle_frontdoor_route_deduplication.md): Router now dispatches `/v1/audit-bundles` to ExportCenter correctly, exposing the service-local `400`.
+- Safe parallelism: avoid unrelated ExportCenter export-profile or lineage work; scope is limited to the audit-bundle request/response path and targeted tests.
+
+## Documentation Prerequisites
+- `docs/code-of-conduct/CODE_OF_CONDUCT.md`
+- `docs/code-of-conduct/TESTING_PRACTICES.md`
+- `docs/README.md`
+- `docs/07_HIGH_LEVEL_ARCHITECTURE.md`
+- `docs/modules/platform/architecture-overview.md`
+
+## Delivery Tracker
+
+### EXPORT-AUDIT-001 - Make audit bundle request DTOs bind correctly over HTTP
+Status: DONE
+Dependency: none
+Owners: Developer
+Task description:
+- Replace the fragile audit-bundle request DTO shapes with body-binding-safe models while preserving the committed JSON contract used by the Angular client.
+- Keep existing handler/test construction ergonomics so unit tests and service logic remain readable.
+
+Completion criteria:
+- [x] `POST /v1/audit-bundles` accepts the current UI payload shape in automated HTTP coverage and in the authenticated browser path.
+- [x] The audit-bundle JSON contract remains camelCase-compatible for existing callers.
+
+### EXPORT-AUDIT-002 - Add an HTTP-level regression test for audit bundle creation
+Status: DONE
+Dependency: EXPORT-AUDIT-001
+Owners: Developer, Test Automation
+Task description:
+- Add a focused ExportCenter test that boots the mapped audit-bundle endpoint on a local ephemeral HTTP listener and posts a real JSON body.
+- Keep the existing router-dispatch test, but document that it is transport-focused and does not replace direct HTTP coverage.
+
+Completion criteria:
+- [x] A focused ExportCenter test fails before the fix and passes after it.
+- [x] Test assertions verify `202 Accepted` and a queued audit-bundle response payload.
+
+### EXPORT-AUDIT-003 - Verify the fixed service directly and through the gateway
+Status: DONE
+Dependency: EXPORT-AUDIT-002
+Owners: Developer, QA
+Task description:
+- Rebuild and redeploy the ExportCenter service, then verify `POST /v1/audit-bundles` directly against the published container address and through the authenticated browser path on `https://stella-ops.local/triage/audit-bundles/new`.
+- Record the exact commands and outcomes so the Router sprint can consume the same evidence for its final retest gate.
+
+Completion criteria:
+- [x] Direct live service behavior is covered by the full-program HTTP regression plus live in-network transport checks after republishing the container.
+- [x] The authenticated browser retest no longer fails immediately on audit-bundle creation.
+
+## Execution Log
+| Date (UTC) | Update | Owner |
+| --- | --- | --- |
+| 2026-03-08 | Sprint created after direct `curl` to `http://127.1.0.40/v1/audit-bundles` reproduced the same empty `400` seen through the gateway, proving the remaining defect is service-local body binding rather than Router dispatch. | Developer |
+| 2026-03-08 | Replaced the fragile audit-bundle DTOs with body-binding-safe record classes, switched the live endpoint to explicit `ReadFromJsonAsync` handling, and added focused HTTP coverage (`AuditBundleHttpEndpointTests`, `AuditBundleProgramHttpIntegrationTests`) while keeping the router-dispatch regression. `dotnet test src/ExportCenter/StellaOps.ExportCenter/StellaOps.ExportCenter.Tests/StellaOps.ExportCenter.Tests.csproj -v normal` passed `930/930`; `dotnet build src/ExportCenter/StellaOps.ExportCenter/StellaOps.ExportCenter.WebService/StellaOps.ExportCenter.WebService.csproj -c Release` passed. | Developer |
+| 2026-03-08 | Republished the ExportCenter WebService into the local compose container, reran the authenticated browser script `node src/Web/StellaOps.Web/output/playwright/repro-audit-bundle-live.cjs`, and verified the live POST to `https://stella-ops.local/v1/audit-bundles` returned `202 Accepted`. The follow-up status poll reached `Completed` and the UI enabled the download action for bundle `bndl-c1045e529d8c48998257fbe6850948fb`. | Developer |
+
+## Decisions & Risks
+- Decision: keep the Router sprint honest and fix the downstream ExportCenter defect in a separate sprint because the Router working-directory contract is limited to `src/Router`.
+- Decision: keep host-published unauthenticated `curl` out of the final pass criteria after the republished service resumed enforcing auth on `127.1.0.40`; the authoritative live proof is the authenticated browser flow plus the full-program HTTP integration regression.
+- Risk: changing shared audit-bundle DTOs in `StellaOps.ExportCenter.Client` could affect existing tests or callers that construct these models directly.
+- Mitigation: preserve the JSON property names and add compatibility constructors where current tests rely on positional construction.
+
+## Next Checkpoints
+- Archived after the HTTP regressions, republished container, and live browser retest passed.