Archive completed web QA loop and split platform-setup follow-up
This commit is contained in:
master
@@ -0,0 +1,112 @@
|
||||
# Sprint 20260306-003 - Web Playwright Setup/Reset Iteration Loop
|
||||
|
||||
## Topic & Scope
|
||||
- Run repeated Web QA/developer iterations against `https://stella-ops.local` using Playwright as the primary Tier 2 verification method.
|
||||
- Treat an iteration as: verify runtime state, exercise real page flows/actions, capture defects, diagnose root cause, fix within Web scope, and retest with fresh evidence.
|
||||
- Keep the work bounded to SPA/runtime-facing defects in the Web module; avoid repo-wide builds, mass tests, and unrelated cross-module churn.
|
||||
- Working directory: `src/Web/StellaOps.Web`.
|
||||
- Expected evidence: Playwright interaction logs/screenshots, targeted FE tests only when needed, updated UI docs if behavior changes, and sprint execution log entries.
|
||||
|
||||
## Dependencies & Concurrency
|
||||
- Runtime dependency: `https://stella-ops.local` must remain reachable with the current compose stack.
|
||||
- Existing active work in `SPRINT_20260306_001` and `SPRINT_20260306_002` is treated as parallel ownership; avoid editing their in-flight search-context files unless a confirmed Web defect forces a coordinated fix.
|
||||
- Cross-module edits are not planned for this sprint. If a root cause is confirmed outside `src/Web/StellaOps.Web`, record it and stop at triage inside this sprint.
|
||||
- Safe parallelism:
|
||||
- Route exploration, selector mapping, and evidence capture can proceed without touching source files.
|
||||
- Code changes begin only after a defect is reproduced with fresh Playwright evidence.
|
||||
|
||||
## Documentation Prerequisites
|
||||
- `docs/qa/feature-checks/FLOW.md`
|
||||
- `docs/code-of-conduct/TESTING_PRACTICES.md`
|
||||
- `docs/code-of-conduct/CODE_OF_CONDUCT.md`
|
||||
- `docs/modules/ui/architecture.md`
|
||||
- `src/Web/StellaOps.Web/AGENTS.md`
|
||||
|
||||
## Delivery Tracker
|
||||
|
||||
### FE-QA-LOOP-001 - Establish bounded full-iteration workflow
|
||||
Status: DONE
|
||||
Dependency: none
|
||||
Owners: QA, Developer (FE)
|
||||
Task description:
|
||||
- Define and execute a Web-only iteration loop that does not degrade into shallow page pings.
|
||||
- Use Playwright to drive real route interactions, dialogs, filters, forms, keyboard flows, and negative/error paths where the route semantics support them.
|
||||
- Record concrete issue evidence before any fixes are attempted.
|
||||
|
||||
Completion criteria:
|
||||
- [x] Fresh Playwright evidence exists for a full route/action sweep against the running stack.
|
||||
- [x] The sweep records route-specific interactions, not only status codes or generic button clicks.
|
||||
- [x] Any discovered defects are carried into triage instead of skipped.
|
||||
|
||||
### FE-QA-LOOP-002 - Reproduce and triage confirmed Web defects
|
||||
Status: DONE
|
||||
Dependency: FE-QA-LOOP-001
|
||||
Owners: QA, Developer (FE)
|
||||
Task description:
|
||||
- For each confirmed issue in scope, capture the failing user transaction, isolate the route/component/service boundary involved, and classify the defect.
|
||||
- Keep a strict problems-first loop: do not move to a new defect until the current one is triaged to fix or blocked.
|
||||
|
||||
Completion criteria:
|
||||
- [x] Each confirmed issue has reproducible steps and captured evidence.
|
||||
- [x] Root cause is documented with affected Web files or explicitly marked out-of-scope.
|
||||
- [x] Concurrency risks are noted when another agent owns overlapping files.
|
||||
|
||||
### FE-QA-LOOP-003 - Implement scoped fixes and retest
|
||||
Status: DONE
|
||||
Dependency: FE-QA-LOOP-002
|
||||
Owners: Developer (FE), Test Automation
|
||||
Task description:
|
||||
- Apply minimal Web-only fixes for confirmed defects and add focused regression coverage where practical.
|
||||
- Prefer targeted tests and route-specific Playwright replays over heavy workspace builds.
|
||||
|
||||
Completion criteria:
|
||||
- [x] Each fix has fresh Playwright retest evidence.
|
||||
- [x] Any new FE automated coverage is targeted and memory-safe.
|
||||
- [x] Docs are updated when behavior or operator workflow changes.
|
||||
|
||||
## Execution Log
|
||||
| Date (UTC) | Update | Owner |
|
||||
| --- | --- | --- |
|
||||
| 2026-03-06 | Sprint created to isolate Web-only full QA/developer iterations on `https://stella-ops.local` using Playwright-first behavioral verification. | Project Manager |
|
||||
| 2026-03-06 | FE-QA-LOOP-001 started. Preconditions read: QA FLOW, testing practices, code of conduct, UI architecture, and Web AGENTS. Runtime preflight confirms `stella-ops.local` is reachable and the compose stack is healthy. | QA |
|
||||
| 2026-03-06 | Real authenticated Playwright probe found canonical-route drift hidden by prior shallow sweeps: `/security/advisories-vex`, `/ops/policy/overview`, and `/ops/policy/risk-budget` stayed on their requested URLs but rendered dashboard fallback content instead of the target surfaces. | QA |
|
||||
| 2026-03-06 | Root cause confirmed in active router trees: `app.routes.ts` mounts `security-risk.routes.ts` (missing `advisories-vex`) and `ops.routes.ts` mounts `policy-governance.routes.ts` (missing `overview` and `risk-budget` aliases) while existing code/tests still deep-link to those canonical paths. | Developer (FE) |
|
||||
| 2026-03-06 | Fixed canonical route gaps in `security-risk.routes.ts` and `policy-governance.routes.ts`, corrected stale governance card links to canonical policy paths, and tightened `prealpha-canonical-full-sweep.spec.ts` with route-specific heading/title assertions so dashboard fallback cannot pass silently. | Developer (FE) |
|
||||
| 2026-03-06 | Verification: targeted Playwright regression slice passed locally (`npx playwright test tests/e2e/prealpha-canonical-full-sweep.spec.ts --grep \"advisories-vex|ops/policy$|ops/policy/overview|ops/policy/risk-budget\"` -> 4/4 pass). Angular console bundle rebuilt and synced into `compose_console-dist`; real authenticated Playwright probe against `https://stella-ops.local` confirmed all three routes now render their intended headings. | QA |
|
||||
| 2026-03-06 | Live mission-board interaction probe found a second routing defect: the visible `View SBOM` action linked to `/security/sbom/lake`, which stayed on that URL but rendered dashboard fallback content. Direct navigation proved the intended surface is `/security/sbom-lake`. | QA |
|
||||
| 2026-03-06 | Fixed the mission-board SBOM action to point at `/security/sbom-lake` and extended `prealpha-canonical-full-sweep.spec.ts` to cover both the canonical SBOM Lake route and the dashboard click-through path. | Developer (FE) |
|
||||
| 2026-03-06 | Verification: targeted Playwright slice passed locally (`npx playwright test tests/e2e/prealpha-canonical-full-sweep.spec.ts --grep \"sbom-lake|mission board SBOM card opens SBOM Lake\"` -> 2/2 pass). Frontend bundle rebuilt, synced into `compose_console-dist`, and live authenticated Playwright confirmed the mission-board `View SBOM` action now lands on `https://stella-ops.local/security/sbom-lake` with `SBOM Lake` / `Attestation Coverage Metrics` visible. | QA |
|
||||
| 2026-03-06 | Follow-up mission-board QA found a semantic navigation defect: Playwright DOM capture showed both Reachability card actions (`View reachability`, `Deep analysis`) pointing at `/security/findings` even though the working canonical reachability surface is `/security/reachability`. | QA |
|
||||
| 2026-03-06 | Updated the mission-board Reachability card actions to target `/security/reachability` and added focused Playwright coverage for the canonical reachability route plus the mission-board click-through. | Developer (FE) |
|
||||
| 2026-03-06 | Verification: targeted Playwright slice passed locally (`npx playwright test tests/e2e/prealpha-canonical-full-sweep.spec.ts --grep \"route works: /security/reachability|mission board reachability card opens Reachability Center\"` -> 2/2 pass). Frontend bundle rebuilt, synced into `compose_console-dist`, and live authenticated Playwright confirmed the mission-board Reachability action now lands on `https://stella-ops.local/security/reachability` with `Reachability Center` visible. | QA |
|
||||
| 2026-03-07 | Setup-surface QA found a canonical drift defect inside Trust & Signing: from `/setup/trust-signing`, Playwright showed in-page tabs rendering `/administration/trust-signing/*` hrefs, and clicking `Signing Keys` navigated to the retired administration tree instead of staying under setup. | QA |
|
||||
| 2026-03-07 | Fixed Trust & Signing to load directly under `setup.routes.ts`, repointed evidence-related setup/trust links to `/setup/trust-signing`, and added Playwright coverage for the canonical setup trust route and tab navigation. | Developer (FE) |
|
||||
| 2026-03-07 | Verification: the new setup trust-signing Playwright slice initially exposed a harness gap in trust API fixtures; added deterministic trust dashboard/key stubs to `prealpha-canonical-full-sweep.spec.ts`, then reran the slice successfully (`npx playwright test tests/e2e/prealpha-canonical-full-sweep.spec.ts --grep \"route works: /setup/trust-signing|setup trust-signing tabs stay under setup routes\"` -> 2/2 pass). Frontend bundle was synced into `compose_console-dist`, and live authenticated Playwright confirmed `Signing Keys` now keeps users on `https://stella-ops.local/setup/trust-signing/keys`. | QA |
|
||||
| 2026-03-07 | A follow-up live authenticated Playwright probe on `https://stella-ops.local/setup/trust-signing/keys` exposed a second trust-signing defect: the canonical setup route still rendered an `Administration` eyebrow because `trust-admin.component.ts` hard-coded the workspace label instead of deriving it from the mounted route root. | QA |
|
||||
| 2026-03-07 | Fixed the trust workspace branding leak by deriving the eyebrow label from the current route root (`setup` vs `administration`) in `trust-admin.component.ts`, tightened the canonical route expectation to require `Setup`, reran the targeted Playwright slice successfully (`npx playwright test tests/e2e/prealpha-canonical-full-sweep.spec.ts --grep \"route works: /setup/trust-signing|setup trust-signing tabs stay under setup routes\"` -> 2/2 pass), rebuilt the frontend bundle, synced `dist/stellaops-web/browser` into `compose_console-dist`, and live authenticated Playwright confirmed `/setup/trust-signing/keys` now shows `Setup` above `Trust Management`. | Developer (FE) |
|
||||
| 2026-03-07 | A deeper authenticated Playwright pass over Setup Integrations found two new action defects: completing host onboarding navigated to `/setup/integrations/hosts`, which the router treated as `:integrationId` and left on a detail spinner, and clicking a missing activity/detail route such as `/setup/integrations/int-1` also stayed on an infinite loading state. | QA |
|
||||
| 2026-03-07 | Root cause for the host flow was `integrations-hub.component.ts` mapping `host -> hosts` even though the canonical list route is `/runtime-hosts`. Root cause for the dead detail flow was `integration-detail.component.ts` never leaving `loading` when the backing GET failed or stalled. Additional live triage showed the direct Integrations service answered immediately, but the authenticated `stella-ops.local` path could stall long enough that the browser request had to be aborted client-side. | Developer (FE) |
|
||||
| 2026-03-07 | Fixed the host onboarding post-create route to `runtime-hosts`, added explicit unavailable/error rendering to integration detail, and added bounded request timeouts plus retry/error states to integration list/detail pages so authenticated frontdoor stalls no longer trap operators on indefinite spinners. Targeted Playwright harness regressions passed after restarting the reused local source server (`npx playwright test tests/e2e/prealpha-canonical-full-sweep.spec.ts --grep \"setup host onboarding returns to runtime-hosts list after create|setup integration detail 404 renders an explicit error state\"` -> 2/2 pass). | Developer (FE) |
|
||||
| 2026-03-07 | Live authenticated Playwright confirmed the repaired host action now lands on `https://stella-ops.local/setup/integrations/runtime-hosts` without entering detail fallback, confirmed missing detail routes now render an explicit unavailable/timeout state with a back-link instead of a permanent spinner, and verified previously hanging list pages such as `/setup/integrations/registries` and `/setup/integrations/secrets` now fail closed with retryable timeout messaging when the authenticated frontdoor path stalls. | QA |
|
||||
| 2026-03-08 | Fresh regression replay against the local Playwright stack revalidated the broad canonical sweep and exposed two stale acceptance problems plus one real regression. Fixed stale reachability assertions to match the current witness workspace UX, restored top-level policy canonical aliases (`/ops/policy/risk-budget`, `trust-weights`, `staleness`, `sealed-mode`, `profiles`, `validator`, `baselines`, `waivers`) under the Decisioning Studio shell with focused route/unit coverage, and re-ran the affected Playwright slices successfully. The remaining failing route is now `ops/platform-setup/*`, which currently rewrites into `setup/topology/*` and overlaps active setup/topology ownership; that follow-up was split into `SPRINT_20260308_007_FE_platform_setup_canonical_route_preservation.md`. | Developer (FE) |
|
||||
|
||||
## Decisions & Risks
|
||||
- Decision: this sprint stays inside `src/Web/StellaOps.Web` plus required sprint/doc updates only.
|
||||
- Decision: Playwright is the primary behavioral verification tool; existing shallow sweep scripts are reference material, not acceptance evidence.
|
||||
- Decision: avoid heavy solution-wide builds/tests due to memory constraints; use targeted FE checks only when a fix requires them.
|
||||
- Decision: canonical route regressions must assert route-specific titles/headings, not only that the URL and shell remain visible. This aligns the implementation with `docs/modules/ui/v2-rewire/S00_route_deprecation_map.md`.
|
||||
- Decision: setup/ops integration pages must fail closed on request stalls with explicit retryable states; the operator experience cannot depend on an eventually-resolving gateway path.
|
||||
- Decision: this sprint is closed after the 2026-03-08 refresh because its remaining open failure moved out of the already-stabilized search/policy surface and into a separately tracked `platform-setup` cutover defect; continuing to pile unrelated setup/topology ownership into this generic loop would leave the active sprint inventory ambiguous.
|
||||
- Risk: concurrent agents are actively modifying search-related Web files.
|
||||
- Mitigation: avoid those files unless a reproduced defect proves they are the root cause; record any overlap before editing.
|
||||
- Risk: some visible failures may originate from backend APIs rather than Web code.
|
||||
- Mitigation: capture the exact failing route/action and stop at triage if the root cause leaves Web scope.
|
||||
- Risk: the authenticated `stella-ops.local` frontdoor path for `/api/v1/integrations*` can still stall longer than the direct Integrations host path even after the backend service was repaired.
|
||||
- Mitigation: Web now surfaces explicit timeout/retry states instead of indefinite spinners; a later cross-module iteration should trace the frontdoor/gateway hop if flawless live behavior remains the goal.
|
||||
- Risk: `/ops/platform-setup/*` canonical routes currently rewrite to `/setup/topology/*`, so the broad sweep is not fully green yet.
|
||||
- Mitigation: track that separately in `SPRINT_20260308_007_FE_platform_setup_canonical_route_preservation.md`; do not leave the completed search/policy/browser loop masquerading as an active search sprint.
|
||||
|
||||
## Next Checkpoints
|
||||
- 2026-03-06: Complete first fresh Playwright route/action sweep and defect list.
|
||||
- 2026-03-06: Triage the first confirmed in-scope defect to root cause.
|
||||
- 2026-03-07: Land first scoped fix with fresh retest evidence and a small commit.
|
||||
Reference in New Issue
Block a user