texts fixes, search bar fixes, global menu fixes.

2026-03-05 18:10:56 +02:00
parent 8e1cb9448d
commit a918d39a61
101 changed files with 3543 additions and 534 deletions
--- a/docs/modules/jobengine/architecture.md
+++ b/docs/modules/jobengine/architecture.md
@@ -173,6 +173,8 @@ The TaskRunner provides the execution substrate for Orchestrator jobs. Workers p
 - `Storage:Driver=postgres` is the production default for run state, logs, and approvals.
 - Postgres-backed stores: `PostgresPackRunStateStore`, `PostgresPackRunLogStore`, `PostgresPackRunApprovalStore` via `TaskRunnerDataSource`.
 - Artifact payload channel uses object storage path (`seed-fs` driver) configured with `TaskRunner:Storage:ObjectStore:SeedFs:RootPath`.
+- Startup fails fast when `Storage:ObjectStore:Driver` is set to `rustfs` (not implemented) or any unsupported driver value.
+- Non-development startup fails fast when `Storage:Driver=postgres` and no connection string is configured.
 - Explicit non-production overrides remain available (`filesystem`, `inmemory`) but are no longer implicit defaults.

 ### 8.3) PacksRegistry subdomain
@@ -186,6 +188,8 @@ The PacksRegistry manages compliance/automation pack definitions, versions, and
 **Database and storage contract (Sprint 312):**
 - `Storage:Driver=postgres` is the production default for metadata/state repositories (`pack`, `parity`, `lifecycle`, `mirror`, `audit`, `attestation metadata`).
 - Blob/object payloads (`pack content`, `provenance content`, `attestation content`) are persisted through the seed-fs object-store channel (`SeedFsPacksRegistryBlobStore`).
+- Startup fails fast when `Storage:ObjectStore:Driver` is set to `rustfs` (not implemented) or any unsupported driver value.
+- Non-development startup fails fast when `Storage:Driver=postgres` and no connection string is configured.
 - PostgreSQL keeps metadata and compatibility placeholders; payload retrieval resolves from object storage first.
 - Explicit non-production overrides remain available (`filesystem`, `inmemory`) but are no longer implicit defaults.

--- a/docs/modules/platform/architecture.md
+++ b/docs/modules/platform/architecture.md
@@ -29,7 +29,8 @@ This contract is the default for all stateful StellaOps webservices unless a mod
  - Production default: `postgres`.
  - `inmemory` and `filesystem` are non-production/testing-only and must be explicitly configured.
 - `Storage:ObjectStore:Driver`
-  - Accepted values: `rustfs`, `seed-fs`.
+  - Accepted values at platform key level: `rustfs`, `seed-fs`.
+  - Module runtime contracts may narrow this set and must fail fast for unsupported values.
  - Use only for blob/object payload channels (artifacts, snapshots, package blobs).
 - `ConnectionStrings:Default`
  - Required when `Storage:Driver=postgres` unless a service-specific connection key is provided.
@@ -40,12 +41,43 @@ Fail-fast policy:
 - Development runtime may use localhost/file defaults only when explicitly intended for local workflows.

 Current implementation status (2026-03-05):
- `PacksRegistry`: Postgres metadata/state + seed-fs payload channel for pack/provenance/attestation blobs.
- `TaskRunner`: Postgres run state/log/approval + seed-fs artifact payload channel.
+- `PacksRegistry`: Postgres metadata/state + seed-fs payload channel for pack/provenance/attestation blobs; startup rejects `rustfs` and unknown object-store drivers.
+- `TaskRunner`: Postgres run state/log/approval + seed-fs artifact payload channel; startup rejects `rustfs` and unknown object-store drivers in both WebService and Worker.
 - `RiskEngine`: Postgres-backed result store (`riskengine.risk_score_results`) with explicit in-memory test fallback.
- `Replay`: Postgres snapshot index + seed-fs snapshot blob store.
+- `Replay`: Postgres snapshot index + seed-fs snapshot blob store; startup rejects `rustfs` and unknown object-store drivers.
 - `OpsMemory`: connection precedence aligned to `ConnectionStrings:OpsMemory -> ConnectionStrings:Default`, with non-development fail-fast.

+## Platform Runtime Read-Model Boundary Policy (Point 4 / Sprint 20260305-005)
+
+Platform runtime read-model APIs are aggregation-only and must stay behind explicit query contracts. Runtime read handlers must not take direct dependencies on foreign module persistence internals.
+
+Approved runtime query contracts:
+- `IReleaseControlBundleStore` (release/topology/security/integration projections over release-control bundles + runs).
+- `IPlatformContextQuery` (read-only access to region/environment context inventory).
+
+Prohibited in runtime read-model services:
+- Direct constructor dependencies on foreign `StellaOps.*.Persistence*` namespaces.
+- Direct `DbContext`, `NpgsqlDataSource`, or module-specific migration runner dependencies from non-admin read endpoints.
+
+Migration/admin allowlist (explicit boundary exceptions):
+- `src/Platform/StellaOps.Platform.WebService/Endpoints/SeedEndpoints.cs`
+- `src/Platform/__Libraries/StellaOps.Platform.Database/MigrationModulePlugins.cs`
+
+Enforcement:
+- Guard tests in `src/Platform/__Tests/StellaOps.Platform.WebService.Tests/PlatformRuntimeBoundaryGuardTests.cs` fail when constructor contracts drift or foreign persistence references appear outside the allowlist above.
+
+### Runtime Dependency Inventory (2026-03-05)
+
+| Component | Dependency category | Classification | Notes |
+| --- | --- | --- | --- |
+| `ReleaseReadModelService` | `IReleaseControlBundleStore` | Allowed runtime read-model dependency | Release projection reads only via Platform-owned bundle-store contract. |
+| `TopologyReadModelService` | `IReleaseControlBundleStore`, `IPlatformContextQuery` | Allowed runtime read-model dependency | Topology projection composes release bundles with context inventory through explicit query contracts. |
+| `SecurityReadModelService` | `IReleaseControlBundleStore`, `IPlatformContextQuery` | Allowed runtime read-model dependency | Security projection remains synthetic/read-only and does not call VEX/exception write stores directly. |
+| `IntegrationsReadModelService` | `IReleaseControlBundleStore`, `IPlatformContextQuery` | Allowed runtime read-model dependency | Integration freshness projection uses release run metadata and context inventory only. |
+| `PlatformContextService` | `IPlatformContextStore` (`InMemory`/`Postgres`) | Allowed runtime dependency (module-local persistence) | Exposes read-only `IPlatformContextQuery` plus preference write APIs; no foreign module coupling. |
+| `SeedEndpoints` | Foreign `StellaOps.*.Persistence*` migration assemblies | Migration/admin-only dependency | Allowed exception for demo seed execution only (`platform.setup.admin`). |
+| `MigrationModulePlugins` | Foreign module migration assemblies | Migration-only dependency | Allowed exception for schema migration orchestration, not part of runtime read endpoint execution path. |
+
 ## Advisory Commitments (2026-02-26 Batch)

 - `SPRINT_20260226_223_Platform_score_explain_contract_and_replay_alignment` defines deterministic score/explain/replay contract behavior for CLI and Web consumers.
--- a/docs/modules/platform/platform-service.md
+++ b/docs/modules/platform/platform-service.md
@@ -161,6 +161,14 @@ Provide a single, deterministic aggregation layer for cross-service UX workflows
 - Notifier (alert policies and delivery status)
 - Policy/Scanner/Registry/VexHub (search aggregation sources)

+## Runtime boundary policy
+- Runtime read-model services (`/api/v2/releases`, `/api/v2/topology/*`, `/api/v2/security/*`, `/api/v2/integrations/*`) must depend only on explicit query contracts:
+- `IReleaseControlBundleStore`
+- `IPlatformContextQuery`
+- Foreign module persistence references are migration/admin-only and limited to explicit allowlist surfaces (`SeedEndpoints`, `MigrationModulePlugins`).
+- Runtime read endpoints must not inject foreign `*.Persistence*` types, `DbContext` from other modules, or migration runners directly.
+- Guard tests: `src/Platform/__Tests/StellaOps.Platform.WebService.Tests/PlatformRuntimeBoundaryGuardTests.cs`.
+
 ## Security and scopes
 - Health: `ops.health` (summary), `ops.admin` (metrics)
 - Quotas: `quota.read` (summary), `quota.admin` (alerts/config)
--- a/docs/modules/router/webservices-valkey-rollout-matrix.md
+++ b/docs/modules/router/webservices-valkey-rollout-matrix.md
@@ -42,6 +42,7 @@ Legend:
 | policy-engine.stella-ops.local | policy-engine | /api/risk, /api/risk-budget, /api/v1/determinization, /policyEngine | C | Developer + Test Automation (Wave C) | Migrate API prefixes first; keep root compatibility path until control-plane verification completes. | Route type revert + `POLICY_ENGINE_ROUTER_ENABLED=false` (RMW-03). |
 | policy-gateway.stella-ops.local | policy | /api/cvss, /api/exceptions, /api/gate, /api/policy, /api/v1/governance, /api/v1/policy, /policy, /policyGateway | C | Developer + Test Automation (Wave C) | Migrate API prefixes first; keep `/policy` and `/policyGateway` compatibility paths until final cutover. | Route type revert + `POLICY_GATEWAY_ROUTER_ENABLED=false` (RMW-03). |
 | reachgraph.stella-ops.local | reachgraph-web | /api/v1/reachability, /reachgraph | D | Developer + Test Automation (Wave D) | Migrate API prefix first, then root compatibility path. | Route type revert + `REACHGRAPH_ROUTER_ENABLED=false` (RMW-03). |
+| remediation.stella-ops.local | — (not in compose snapshot) | — (no ReverseProxy route in 2026-02-21 snapshot) | C | Developer + Test Automation (Wave C) | `StellaOps.Remediation.WebService` exists, but router/compose mapping is missing. Add explicit remediation API route inventory and then migrate to Microservice route type in control-plane wave. | Missing rollback key; add `REMEDIATION_ROUTER_ENABLED` once route is added. |
 | registry-token.stella-ops.local | registry-token | /registryTokenservice | A | Developer + Test Automation (Wave A) | Migrate compatibility route with token flow validation in Wave A. | Route type revert + `REGISTRY_TOKEN_ROUTER_ENABLED=false` (RMW-03). |
 | replay.stella-ops.local | replay-web | /replay | A | Developer + Test Automation (Wave A) | Migrate compatibility route in Wave A; add API-form alias if needed. | Route type revert + `REPLAY_ROUTER_ENABLED=false` (RMW-03). |
 | riskengine.stella-ops.local | riskengine-web | /riskengine | C | Developer + Test Automation (Wave C) | Migrate compatibility route in control-plane wave; add API alias if required. | Route type revert + `RISKENGINE_ROUTER_ENABLED=false` (RMW-03). |
--- a/docs/modules/ui/information-architecture.md
+++ b/docs/modules/ui/information-architecture.md
@@ -4,6 +4,18 @@

 This document defines the information architecture (IA) for the StellaOps web interface, including navigation structure, route hierarchy, and role-based access patterns.

+## 2026-03-05 Shell IA Update
+
+The global shell navigation was updated to improve visual scanability and mobile usability:
+
+- Sidebar global menus are now grouped into:
+- `Release Control`
+- `Security & Evidence`
+- `Platform & Setup`
+- Group headers act as direct links to each group's landing route for faster navigation.
+- Mobile topbar secondary controls now open through an explicit `Context` toggle instead of always occupying visible row space.
+- Findings compare panes and Releases deployment list were updated for mobile-safe layouts (no forced clipping).
+
 ## Navigation Structure

 ### Primary Navigation