Make registry-admin audit route self-identifying

2026-03-11 19:09:46 +02:00
parent 6afd8f951e
commit 8eec0a9dee
5 changed files with 308 additions and 0 deletions
--- a/docs/implplan/SPRINT_20260311_008_FE_live_registry_admin_audit_route_identity.md
+++ b/docs/implplan/SPRINT_20260311_008_FE_live_registry_admin_audit_route_identity.md
@@ -0,0 +1,68 @@
 # Sprint 20260311_008 - FE Live Registry Admin Audit Route Identity
 ## Topic & Scope
 - Prove whether the `registry-admin` audit tab failure is a real route break or a weak post-navigation page identity.
 - Keep the fix inside the web workspace by making the audit child route render explicit audit-specific content after navigation.
 - Add focused regression coverage and rerun the live changed-surfaces sweep on `https://stella-ops.local`.
 - Working directory: `src/Web/StellaOps.Web`.
 - Expected evidence: root-cause notes, focused Angular spec, rebuilt web bundle, live Playwright pass for the registry-admin audit action.
 ## Dependencies & Concurrency
 - Depends on the live compose stack being healthy and reachable.
 - Safe parallelism: limited to `src/Web/StellaOps.Web` plus this sprint file.
 ## Documentation Prerequisites
 - `AGENTS.md`
 - `docs/qa/feature-checks/FLOW.md`
 ## Delivery Tracker
 ### FE-REGISTRY-AUDIT-001 - Root-cause the audit-tab live failure
 Status: DONE
 Dependency: none
 Owners: QA, 3rd line support
 Task description:
 - Reproduce the failing `audit-tab` action from the live changed-surfaces sweep and determine whether the click fails, the route fails, or the target route lacks truthful audit-specific content.
 Completion criteria:
 - [x] Live authenticated Playwright proves whether `/ops/integrations/registry-admin/audit` is reached.
 - [x] Root cause is recorded with concrete evidence.
 ### FE-REGISTRY-AUDIT-002 - Make the audit route self-identifying
 Status: DONE
 Dependency: FE-REGISTRY-AUDIT-001
 Owners: Product Manager, Architect, Developer
 Task description:
 - Update the registry-admin audit child view so the audit route renders an explicit title/description/count summary. The target page must clearly indicate that the user is in the audit trail, not just inside the generic registry shell.
 Completion criteria:
 - [x] The audit child view renders an audit-specific heading.
 - [x] The audit state remains clear in loading, empty, and populated cases.
 - [x] Focused component tests cover the visible route identity.
 ### FE-REGISTRY-AUDIT-003 - Reverify the live registry-admin action flow
 Status: DONE
 Dependency: FE-REGISTRY-AUDIT-002
 Owners: QA
 Task description:
 - Rebuild the web bundle, sync it into the live stack, and rerun the changed-surfaces or focused registry-admin Playwright flow to confirm the audit tab now produces truthful post-navigation evidence.
 Completion criteria:
 - [x] Web build passes.
 - [x] Live Playwright confirms the audit tab lands on `/registry-admin/audit`.
 - [x] Live Playwright confirms the page exposes audit-specific visible text.
 ## Execution Log
 | Date (UTC) | Update | Owner |
 | --- | --- | --- |
 | 2026-03-11 | Sprint created after the changed-surfaces sweep flagged the registry-admin audit tab. | QA |
 | 2026-03-11 | Authenticated Playwright repro proved the click navigates correctly to `/ops/integrations/registry-admin/audit`; the real defect is that the target child view exposes no audit-specific heading, so the route is not self-identifying. | QA / 3rd line support |
 | 2026-03-11 | Added explicit audit title/summary content to `PlanAuditComponent`, covered it with focused Angular specs (`2/2` across the registry-admin shell and audit view), rebuilt the web bundle, synced it into `compose_console-dist`, restarted `stellaops-router-gateway`, and passed the focused live Playwright proof in `live-registry-admin-audit-check.mjs` with `actionOk=true` and zero runtime errors. | Product / Architect / Developer / QA |
 ## Decisions & Risks
 - Decision: treat this as a product defect, not a harness change. The audit route is real, but without audit-specific visible identity the user cannot reliably confirm the navigation succeeded.
 - Risk: only checking URL would hide regressions where the shell changes but the intended audit view does not become obvious to the user.
 - Decision: use a focused live Playwright check for this slice instead of re-running the full changed-surfaces matrix after every small route-identity fix. That preserves truthful verification while staying within the low-churn runtime budget.
 ## Next Checkpoints
 - Move to the next live route/action defect from the changed-surfaces and broader action sweeps after committing this registry-admin repair.
--- a/src/Web/StellaOps.Web/scripts/live-registry-admin-audit-check.mjs
+++ b/src/Web/StellaOps.Web/scripts/live-registry-admin-audit-check.mjs
@@ -0,0 +1,111 @@
 #!/usr/bin/env node
 import { mkdirSync, writeFileSync } from 'node:fs';
 import path from 'node:path';
 import { fileURLToPath } from 'node:url';
 import { chromium } from 'playwright';
 import { authenticateFrontdoor, createAuthenticatedContext } from './live-frontdoor-auth.mjs';
 const __filename = fileURLToPath(import.meta.url);
 const __dirname = path.dirname(__filename);
 const webRoot = path.resolve(__dirname, '..');
 const outputDirectory = path.join(webRoot, 'output', 'playwright');
 const outputPath = path.join(outputDirectory, 'live-registry-admin-audit-check.json');
 const baseUrl = process.env.STELLAOPS_FRONTDOOR_BASE_URL?.trim() || 'https://stella-ops.local';
 const statePath = path.join(outputDirectory, 'live-frontdoor-auth-state.json');
 function trimText(value, maxLength = 400) {
  const normalized = value.replace(/\s+/g, ' ').trim();
  return normalized.length > maxLength ? `${normalized.slice(0, maxLength)}...` : normalized;
 }
 async function collectHeadings(page) {
  return page.locator('h1, main h1, main h2, h2').evaluateAll((elements) =>
    elements
      .map((element) => (element.textContent || '').replace(/\s+/g, ' ').trim())
      .filter((text, index, values) => text.length > 0 && values.indexOf(text) === index),
  ).catch(() => []);
 }
 async function main() {
  mkdirSync(outputDirectory, { recursive: true });
  const authReport = await authenticateFrontdoor({
    statePath,
    reportPath: path.join(outputDirectory, 'live-frontdoor-auth-report.json'),
  });
  const browser = await chromium.launch({
    headless: true,
    args: ['--disable-dev-shm-usage'],
  });
  const context = await createAuthenticatedContext(browser, authReport, { statePath });
  const page = await context.newPage();
  const report = {
    generatedAtUtc: new Date().toISOString(),
    baseUrl,
    startUrl: `${baseUrl}/ops/integrations/registry-admin?tenant=demo-prod&regions=apac,eu-west,us-east,us-west`,
    finalUrl: '',
    headings: [],
    auditHeadingMatched: false,
    actionOk: false,
    errors: [],
  };
  page.on('console', (message) => {
    if (message.type() === 'error') {
      report.errors.push(`console:${message.text()}`);
    }
  });
  page.on('pageerror', (error) => {
    report.errors.push(`page:${error.message}`);
  });
  try {
    await page.goto(report.startUrl, {
      waitUntil: 'domcontentloaded',
      timeout: 30_000,
    });
    await page.waitForTimeout(4_000);
    const auditTab = page.locator('nav[role="tablist"] a:has-text("Audit Log")').first();
    await auditTab.click();
    await page.waitForTimeout(4_000);
    report.finalUrl = page.url();
    report.headings = await collectHeadings(page);
    const bodyText = trimText(await page.locator('body').innerText().catch(() => ''), 1200);
    report.auditHeadingMatched = report.headings.some((heading) => /audit/i.test(heading))
      || /registry audit log/i.test(bodyText);
    report.actionOk = report.finalUrl.includes('/registry-admin/audit')
      && report.finalUrl.includes('tenant=')
      && report.finalUrl.includes('regions=')
      && report.auditHeadingMatched;
    await page.screenshot({
      path: path.join(outputDirectory, 'live-registry-admin-audit-check.png'),
      fullPage: true,
    }).catch(() => {});
  } finally {
    await browser.close();
  }
  writeFileSync(outputPath, `${JSON.stringify(report, null, 2)}\n`, 'utf8');
  process.stdout.write(`${JSON.stringify(report, null, 2)}\n`);
  if (!report.actionOk || report.errors.length > 0) {
    process.exitCode = 1;
  }
 }
 if (process.argv[1] && path.resolve(process.argv[1]) === __filename) {
  main().catch((error) => {
    process.stderr.write(`[live-registry-admin-audit-check] ${error instanceof Error ? error.message : String(error)}\n`);
    process.exit(1);
  });
 }
--- a/src/Web/StellaOps.Web/src/app/features/registry-admin/components/plan-audit.component.spec.ts
+++ b/src/Web/StellaOps.Web/src/app/features/registry-admin/components/plan-audit.component.spec.ts
@@ -0,0 +1,54 @@
 import { TestBed } from '@angular/core/testing';
 import { of } from 'rxjs';
 import { REGISTRY_ADMIN_API } from '../../../core/api/registry-admin.client';
 import { PlanAuditComponent } from './plan-audit.component';
 describe('PlanAuditComponent', () => {
  const registryAdminApiStub = {
    getAuditHistory: () =>
      of({
        items: [
          {
            id: 'audit-1',
            timestamp: '2026-03-11T10:15:00Z',
            action: 'Updated',
            planId: 'plan-gold',
            actor: 'admin',
            summary: 'Adjusted repository scopes',
            previousVersion: 2,
            newVersion: 3,
          },
        ],
        totalCount: 1,
        page: 1,
        pageSize: 20,
      }),
  };
  beforeEach(async () => {
    await TestBed.configureTestingModule({
      imports: [PlanAuditComponent],
    })
      .overrideComponent(PlanAuditComponent, {
        set: {
          providers: [{ provide: REGISTRY_ADMIN_API, useValue: registryAdminApiStub }],
        },
      })
      .compileComponents();
  });
  it('renders an explicit audit heading and entry count', async () => {
    const fixture = TestBed.createComponent(PlanAuditComponent);
    fixture.detectChanges();
    await fixture.whenStable();
    fixture.detectChanges();
    const text = fixture.nativeElement.textContent.replace(/\s+/g, ' ').trim();
    expect(text).toContain('Registry Audit Log');
    expect(text).toContain('Review plan mutations, actor activity, and version changes');
    expect(text).toContain('Entries');
    expect(text).toContain('Adjusted repository scopes');
  });
 });
--- a/src/Web/StellaOps.Web/src/app/features/registry-admin/components/plan-audit.component.ts
+++ b/src/Web/StellaOps.Web/src/app/features/registry-admin/components/plan-audit.component.ts
@@ -14,6 +14,19 @@ import { PlanAuditEntry, PaginatedResponse } from '../../../core/api/registry-ad
    changeDetection: ChangeDetectionStrategy.OnPush,
    template: `
    <div class="plan-audit">
      <header class="plan-audit__header">
        <div>
          <h2 class="plan-audit__title">Registry Audit Log</h2>
          <p class="plan-audit__subtitle">
            Review plan mutations, actor activity, and version changes for the registry token service.
          </p>
        </div>
        <div class="plan-audit__summary" aria-label="Audit entry count">
          <span class="plan-audit__summary-value">{{ totalCount() }}</span>
          <span class="plan-audit__summary-label">Entries</span>
        </div>
      </header>
      <!-- Filters -->
      <div class="plan-audit__toolbar">
        <div class="plan-audit__filter">
@@ -134,6 +147,54 @@ import { PlanAuditEntry, PaginatedResponse } from '../../../core/api/registry-ad
    </div>
  `,
    styles: [`
    .plan-audit__header {
      display: flex;
      justify-content: space-between;
      align-items: flex-start;
      gap: 1rem;
      margin-bottom: 1.5rem;
    }
    .plan-audit__title {
      margin: 0 0 0.375rem;
      font-size: 1.5rem;
      font-weight: var(--font-weight-semibold);
      color: var(--color-text-primary);
    }
    .plan-audit__subtitle {
      margin: 0;
      max-width: 56rem;
      color: var(--color-text-muted);
    }
    .plan-audit__summary {
      display: inline-flex;
      flex-direction: column;
      align-items: center;
      justify-content: center;
      min-width: 7rem;
      padding: 0.75rem 1rem;
      border: 1px solid var(--color-text-heading);
      border-radius: var(--radius-lg);
      background: rgba(30, 41, 59, 0.55);
    }
    .plan-audit__summary-value {
      font-size: 1.5rem;
      font-weight: var(--font-weight-semibold);
      color: var(--color-status-info);
      line-height: 1;
    }
    .plan-audit__summary-label {
      margin-top: 0.25rem;
      font-size: 0.75rem;
      text-transform: uppercase;
      letter-spacing: 0.05em;
      color: var(--color-text-muted);
    }
    .plan-audit__toolbar {
      display: flex;
      justify-content: space-between;
@@ -314,6 +375,19 @@ import { PlanAuditEntry, PaginatedResponse } from '../../../core/api/registry-ad
      border-radius: var(--radius-lg);
      margin-top: 1rem;
    }
    @media (max-width: 900px) {
      .plan-audit__header,
      .plan-audit__toolbar,
      .plan-audit__filter {
        flex-direction: column;
        align-items: stretch;
      }
      .plan-audit__summary {
        align-self: flex-start;
      }
    }
  `]
 })
 export class PlanAuditComponent implements OnInit {
--- a/src/Web/StellaOps.Web/tsconfig.spec.features.json
+++ b/src/Web/StellaOps.Web/tsconfig.spec.features.json
@@ -25,6 +25,7 @@
    "src/app/features/policy-simulation/policy-simulation-direct-route-defaults.spec.ts",
    "src/app/features/policy-simulation/policy-simulation-defaults.spec.ts",
    "src/app/features/policy-simulation/simulation-dashboard.component.spec.ts",
    "src/app/features/registry-admin/components/plan-audit.component.spec.ts",
    "src/app/features/registry-admin/registry-admin.component.spec.ts",
    "src/app/features/triage/services/ttfs-telemetry.service.spec.ts",
    "src/app/features/triage/triage-workspace.component.spec.ts",