texts fixes, search bar fixes, global menu fixes.

src/Replay/StellaOps.Replay.WebService/TASKS.md

@@ -7,3 +7,4 @@ Source of truth: `docs/implplan/SPRINT_20260130_002_Tools_csproj_remediation_sol
 | REMED-05 | TODO | Remediation checklist: docs/implplan/audits/csproj-standards/remediation/checklists/src/Replay/StellaOps.Replay.WebService/StellaOps.Replay.WebService.md. |
 | REMED-06 | DONE | SOLID review notes captured for SPRINT_20260130_002. |
 | SPRINT-312-006 | DONE | Added Postgres snapshot index + seed-fs snapshot blob stores and wired storage-driver registration in webservice startup. |
+| SPRINT-20260305-003 | DONE | Replay storage contract closed: object-store narrowed to seed-fs only with deterministic rustfs/unknown-driver startup rejection and synced docs. |

src/Replay/__Tests/StellaOps.Replay.Core.Tests/FeedSnapshots/PointInTimeQueryApiIntegrationTests.cs

@@ -4,11 +4,20 @@
 
 using System.Net;
 using System.Net.Http.Json;
+using System.Security.Claims;
 using System.Text.Json;
+using System.Text.Encodings.Web;
+using Microsoft.AspNetCore.Authentication;
+using Microsoft.AspNetCore.Authorization;
 using FluentAssertions;
 using Microsoft.AspNetCore.Hosting;
 using Microsoft.AspNetCore.Mvc.Testing;
+using Microsoft.AspNetCore.TestHost;
 using Microsoft.Extensions.Configuration;
+using Microsoft.Extensions.DependencyInjection;
+using Microsoft.Extensions.DependencyInjection.Extensions;
+using Microsoft.Extensions.Logging;
+using Microsoft.Extensions.Options;
 using StellaOps.Replay.WebService;
 using Xunit;
 
@@ -23,6 +32,7 @@ public sealed class PointInTimeQueryApiIntegrationTests
     {
         await using var factory = CreateFactory();
         using var client = factory.CreateClient();
+        ConfigureClient(client);
 
         var cveId = "CVE-2024-7777";
         var providerId = "nvd-e2e";
@@ -112,6 +122,7 @@ public sealed class PointInTimeQueryApiIntegrationTests
     {
         await using var factory = CreateFactory();
         using var client = factory.CreateClient();
+        ConfigureClient(client);
 
         var response = await client.PostAsJsonAsync(
             "/v1/pit/advisory/diff",
@@ -146,6 +157,67 @@ public sealed class PointInTimeQueryApiIntegrationTests
                         ["Replay:Authority:RequireHttpsMetadata"] = "false",
                     });
                 });
+                builder.ConfigureTestServices(services =>
+                {
+                    services.AddAuthentication(TestReplayAuthHandler.SchemeName)
+                        .AddScheme<AuthenticationSchemeOptions, TestReplayAuthHandler>(
+                            TestReplayAuthHandler.SchemeName,
+                            _ => { });
+
+                    services.PostConfigureAll<AuthenticationOptions>(options =>
+                    {
+                        options.DefaultAuthenticateScheme = TestReplayAuthHandler.SchemeName;
+                        options.DefaultChallengeScheme = TestReplayAuthHandler.SchemeName;
+                        options.DefaultScheme = TestReplayAuthHandler.SchemeName;
+                    });
+
+                    services.RemoveAll<IAuthorizationHandler>();
+                    services.AddSingleton<IAuthorizationHandler, AllowAllAuthorizationHandler>();
+                });
             });
     }
+
+    private static void ConfigureClient(HttpClient client)
+    {
+        client.DefaultRequestHeaders.TryAddWithoutValidation("X-StellaOps-Tenant", "tenant-e2e");
+    }
+
+    private sealed class TestReplayAuthHandler : AuthenticationHandler<AuthenticationSchemeOptions>
+    {
+        public const string SchemeName = "ReplayTestScheme";
+
+        public TestReplayAuthHandler(
+            IOptionsMonitor<AuthenticationSchemeOptions> options,
+            ILoggerFactory logger,
+            UrlEncoder encoder)
+            : base(options, logger, encoder)
+        {
+        }
+
+        protected override Task<AuthenticateResult> HandleAuthenticateAsync()
+        {
+            var claims = new[]
+            {
+                new Claim("scope", "vuln.operate replay.token.read replay.token.write"),
+                new Claim("scp", "vuln.operate replay.token.read replay.token.write")
+            };
+
+            var principal = new ClaimsPrincipal(new ClaimsIdentity(claims, SchemeName));
+            var ticket = new AuthenticationTicket(principal, SchemeName);
+            return Task.FromResult(AuthenticateResult.Success(ticket));
+        }
+    }
+
+    private sealed class AllowAllAuthorizationHandler : IAuthorizationHandler
+    {
+        public Task HandleAsync(AuthorizationHandlerContext context)
+        {
+            foreach (var requirement in context.PendingRequirements.ToList())
+            {
+                context.Succeed(requirement);
+            }
+
+            return Task.CompletedTask;
+        }
+    }
 }

src/Replay/__Tests/StellaOps.Replay.Core.Tests/TASKS.md

@@ -7,3 +7,4 @@ Source of truth: `docs/implplan/SPRINT_20260130_002_Tools_csproj_remediation_sol
 | REMED-05 | TODO | Remediation checklist: docs/implplan/audits/csproj-standards/remediation/checklists/src/Replay/__Tests/StellaOps.Replay.Core.Tests/StellaOps.Replay.Core.Tests.md. |
 | REMED-06 | DONE | SOLID review notes captured for SPRINT_20260130_002. |
 | SPRINT-312-006 | DONE | Added `ReplayFeedSnapshotStoresTests` and validated Postgres index + seed-fs blob stores via class-targeted xUnit execution (3/3 pass). |
+| SPRINT-20260305-003 | DONE | Added authenticated replay API integration test harness and revalidated Replay core suite (`dotnet test ...` passed 99/99). |