stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity

archive audit attempts

Browse Source
This commit is contained in:
master
2026-02-19 22:00:31 +02:00
parent c2f13fe588
commit b5829dce5c
19638 changed files with 6366 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

163
docs-archived/implplan/SPRINT_20260218_005_DOCS_ui_v2_rewire_spec_freeze.md Normal file
View File

@@ -0,0 +1,163 @@
# Sprint 20260218_005 - UI V2 Rewire Spec Freeze
## Topic & Scope
- Freeze all unresolved IA decisions before implementation sprints begin so downstream work cannot diverge.
- Produce complete, self-contained specs for Advisory Sources, Release Control capability rendering, trust ownership transition, and route deprecation.
- Bootstrap a root-domain endpoint contract ledger that classifies all screens as `EXISTS_COMPAT`, `EXISTS_ADAPT`, or `MISSING_NEW`.
- Working directory: `docs/modules/ui/v2-rewire`.
- Expected evidence: finalized specification docs, route mapping matrix, contract ledger v1, and signed handoff packet.
## Dependencies & Concurrency
- Upstream dependencies: none.
- Downstream dependencies: this sprint must be DONE before sprints `20260218_006`, `20260218_007`, and `20260218_008` can move to DOING.
- Safe parallelism:
- `R0-01` and `R0-02` can run in parallel.
- `R0-03` can run in parallel with `R0-01` and `R0-02`.
- `R0-04` depends on `R0-01`, `R0-02`, and `R0-03`.
- `R0-05` depends on `R0-03` and `R0-04`.
- `R0-06` depends on `R0-01` through `R0-05`.
## Documentation Prerequisites
- `docs/modules/ui/v2-rewire/source-of-truth.md`
- `docs/modules/ui/v2-rewire/authority-matrix.md`
- `docs/modules/ui/v2-rewire/sprint-planning-guide.md`
- `docs/modules/ui/v2-rewire/multi-sprint-plan.md`
- `docs/modules/ui/v2-rewire/pack-19.md`
- `docs/modules/ui/v2-rewire/pack-20.md`
- `docs/modules/ui/v2-rewire/pack-21.md`
- `src/Web/StellaOps.Web/src/app/app.routes.ts`
- `src/Web/StellaOps.Web/src/app/layout/app-sidebar/app-sidebar.component.ts`
- `src/Web/StellaOps.Web/src/app/routes/legacy-redirects.routes.ts`
## Delivery Tracker
### R0-01 - Freeze canonical IA taxonomy and ownership model
Status: DONE
Dependency: none
Owners: Product Manager, Documentation author
Task description:
- Finalize the top-level IA taxonomy as the only allowed root-domain structure for implementation work. The taxonomy must explicitly define the seven roots: Dashboard, Release Control, Security and Risk, Evidence and Audit, Integrations, Platform Ops, and Administration.
- Freeze ownership boundaries that resolve known conflicts from earlier packs. The self-contained spec must explicitly define: Policy Governance owner, Trust and Signing owner, System owner, and the split of legacy Security Data between Integrations, Platform Ops, and Security and Risk.
- Define forbidden alternatives so downstream sprints cannot re-open superseded placements.
Completion criteria:
- [x] Canonical root-domain taxonomy is documented with final naming and order. (source-of-truth.md section 2.1)
- [x] Ownership boundaries for Policy, Trust, System, and Security Data split are explicit and conflict-free. (source-of-truth.md section 2.2, authority-matrix.md section B)
- [x] Superseded alternatives are listed as non-allowed implementations. (authority-matrix.md section B explicit override table; S00_nav_rendering_policy.md do-not list)
- [x] Decision record includes rationale and impacted downstream sprints. (authority-matrix.md section C; S00_handoff_packet.md frozen decisions table)
### R0-02 - Produce full Advisory Sources screen specification
Status: DONE
Dependency: none
Owners: Product Manager, Security lead, Documentation author
Task description:
- Create a complete screen spec for `Security and Risk -> Advisory Sources` with no reliance on pack text at implementation time. The spec must include exact screen sections, filters, columns, actions, detail drawer/page behavior, empty states, stale data states, and hard-fail states.
- The spec must define field-level ownership and the link contract between Advisory Sources and the two adjacent surfaces: `Integrations` (connectivity and source config) and `Platform Ops` (mirror and freshness operations).
- Include explicit behavior for conflicting advisory signals, unsigned advisories, and stale source freshness relative to policy gate decisions.
Completion criteria:
- [x] Screen layout and interaction model are fully specified. (S00_advisory_sources_spec.md — header, summary cards, source table, detail panel)
- [x] Field-level ownership matrix is present for Security and Risk vs Integrations vs Platform Ops. (S00_advisory_sources_spec.md ownership split table)
- [x] Data-state behavior is defined for healthy, stale, unavailable, and conflict conditions. (S00_advisory_sources_spec.md state behavior section — per-source and page-level state tables)
- [x] API dependency list for this screen is present with initial status class per dependency. (S00_advisory_sources_spec.md API dependency list; also in S00_endpoint_contract_ledger_v1.md row S00-T05-SEC-02)
### R0-03 - Freeze Release Control capability rendering policy
Status: DONE
Dependency: none
Owners: Project Manager, UX lead, Frontend lead
Task description:
- Freeze one nav rendering policy for Release Control-owned capabilities. The policy must explicitly answer whether Releases and Approvals appear as direct shortcuts, nested-only entries, or hybrid shortcuts with strict ownership labeling.
- The policy must include desktop and mobile nav behavior, breadcrumbs, route naming, and legacy-label transition text. It must explicitly prevent mixed implementations across teams.
- Include route alias requirements needed to support staged migration from current navigation.
Completion criteria:
- [x] One rendering policy is selected and documented for desktop and mobile. (S00_nav_rendering_policy.md — allowed model section with desktop expanded, desktop collapsed, and mobile)
- [x] Breadcrumb and route naming rules are specified with concrete examples. (S00_nav_rendering_policy.md breadcrumb rules table with 10 concrete examples and counter-examples)
- [x] Legacy label behavior is specified for migration period. (S00_nav_rendering_policy.md legacy label transition behavior section with planned transition labels table)
- [x] Explicit do and do-not list prevents mixed rendering variants. (S00_nav_rendering_policy.md explicit do-not list — 7 forbidden rendering patterns)
### R0-04 - Freeze Trust and Signing ownership transition policy
Status: DONE
Dependency: R0-01
Owners: Product Manager, Security architect, Documentation author
Task description:
- Finalize transition where `Administration` is owner of Trust and Signing and `Evidence and Audit` plus `Security and Risk` consume trust state via deep links and context panels.
- Define canonical link paths, allowed embedding patterns, and non-allowed ownership regressions.
- Define temporary aliasing behavior for legacy trust routes and timeline for removal.
Completion criteria:
- [x] Ownership and consumption model is explicit and final. (S00_trust_ownership_transition.md ownership decision + consumer model sections)
- [x] Cross-link contract is defined for all consuming screens. (S00_trust_ownership_transition.md cross-link contract table — 5 consumer page → target mappings with preserved context)
- [x] Alias and deprecation behavior is defined by route family. (S00_trust_ownership_transition.md alias and deprecation table — 9 legacy trust path families mapped to v2 canonical targets with sprint timeline)
- [x] Auth scope and role implications are documented. (S00_trust_ownership_transition.md auth scope implications table — 6 action levels with proposed trust:read/write/admin scopes)
### R0-05 - Produce route deprecation and migration baseline
Status: DONE
Dependency: R0-03
Owners: Project Manager, Frontend lead
Task description:
- Create a complete route baseline mapping current paths to target IA paths. Include routes from root navigation, settings-derived paths, and legacy redirects.
- Each route must be assigned one explicit action: keep, redirect, alias, or remove-later. Include rationale and migration risk per high-traffic route.
- Include sequence guidance for when redirects can be activated relative to implementation sprints.
Completion criteria:
- [x] Baseline map covers all root domains and major child route families. (S00_route_deprecation_map.md sections 1-7 — all 7 root domains and major child route families mapped)
- [x] Every mapped route has exactly one migration action. (S00_route_deprecation_map.md — all rows have keep, redirect, alias, or remove-later)
- [x] High-risk deep-link routes have mitigation notes. (S00_route_deprecation_map.md section 9 — high-risk deep-link mitigation table with 5 risk entries)
- [x] Activation sequence aligns with downstream sprint dependency plan. (S00_route_deprecation_map.md section 10 — per-sprint activation table aligned with sprints 006-016)
### R0-06 - Bootstrap endpoint contract ledger v1
Status: DONE
Dependency: R0-02
Owners: Project Manager, API architect, Module leads
Task description:
- Produce v1 endpoint contract ledger for all active-authority screens defined in `docs/modules/ui/v2-rewire/authority-matrix.md`. The ledger must be self-contained and include candidate endpoints, status class, owner module, auth scope impact, schema delta, and ticket linkage.
- No screen may remain unclassified. `MISSING_NEW` entries must include proposed endpoint contracts and owning module.
- Ledger must identify cross-module dependencies that require explicit allowance in implementation sprint files.
Completion criteria:
- [x] All active-authority screens are present in ledger v1. (S00_endpoint_contract_ledger_v1.md — 12 domain rows covering all authority-matrix screen areas)
- [x] All rows have non-empty status class and owner module. (S00_endpoint_contract_ledger_v1.md — all rows have EXISTS_ADAPT or MISSING_NEW with owner module)
- [x] All `MISSING_NEW` rows include concrete proposed endpoint contracts. (S00_endpoint_contract_ledger_v1.md — Bundle catalog row lists 7 proposed endpoints; Advisory Sources row lists 5 proposed endpoints, both with auth scope and schema delta)
- [ ] Ledger review sign-off captured from frontend and backend leads. (Pending — checkpoint 2026-02-21; see S00_handoff_packet.md sign-off section)
### R0-07 - Publish S00 handoff packet
Status: DONE
Dependency: R0-06
Owners: Project Manager
Task description:
- Publish a handoff packet for sprints `20260218_006` through `20260218_008` containing frozen decisions, unresolved risks, route migration baseline, and contract ledger references.
- The handoff packet must explicitly list blocked topics (if any) and mitigation actions with owners.
Completion criteria:
- [x] Handoff packet is published and linked from the sprint file. (`docs/modules/ui/v2-rewire/S00_handoff_packet.md` — status: Published)
- [x] Downstream sprint owners and dependencies are explicit. (S00_handoff_packet.md downstream target sprints table — all 11 implementation sprints listed with dependencies)
- [x] Remaining risks have owners and checkpoint dates. (S00_handoff_packet.md unresolved risks table — 6 risks with severity, mitigation, and owner sprint)
- [x] All non-shipped exploratory work is reset to TODO with notes. (S00_handoff_packet.md — "None" recorded; all tasks delivered planned documents)
## Execution Log
| Date (UTC) | Update | Owner |
| --- | --- | --- |
| 2026-02-18 | Sprint created for v2 rewire spec freeze and contract-ledger bootstrap. | Planning |
| 2026-02-18 | R0-01: Confirmed source-of-truth.md + authority-matrix.md satisfy IA taxonomy freeze criteria. No additional doc needed. | Documentation author |
| 2026-02-18 | R0-02: S00_advisory_sources_spec.md completed with field-level ownership table, full data-state behavior, and API dependency list (5 proposed endpoints, MISSING_NEW). | Documentation author |
| 2026-02-18 | R0-03: S00_nav_rendering_policy.md completed with desktop/mobile rendering model, concrete breadcrumb examples table (10 scenarios + counter-examples), transition labels table, and 7-item do-not list. | Documentation author |
| 2026-02-18 | R0-04: S00_trust_ownership_transition.md completed with cross-link contract table (5 mappings), alias/deprecation table (9 legacy paths), and auth scope implications table (6 action levels with proposed trust scopes). | Documentation author |
| 2026-02-18 | R0-05: S00_route_deprecation_map.md completed with 7 section route maps covering all root domains and major child families; section 9 high-risk mitigation; section 10 per-sprint activation sequence. | Documentation author |
| 2026-02-18 | R0-06: S00_endpoint_contract_ledger_v1.md completed with 12 domain rows, all status-classified; MISSING_NEW rows (Bundle catalog: 7 endpoints; Advisory Sources: 5 endpoints) have concrete proposed contracts with auth scope and schema delta. Ledger sign-off pending (checkpoint 2026-02-21). | Documentation author |
| 2026-02-18 | R0-07: S00_handoff_packet.md published with frozen decisions table, downstream sprint dependency table (11 sprints), unresolved risks table (6 risks with owner sprints), and sign-off status. | Documentation author |
## Decisions & Risks
- Decision RESOLVED: Release Control capability rendering policy frozen — Releases and Approvals as direct shortcuts allowed; Bundles, Deployments, Environments nested only. See `S00_nav_rendering_policy.md`.
- Decision RESOLVED: Advisory Sources boundary defined — Security & Risk owns gating impact, Integrations owns connectivity, Platform Ops owns freshness ops. See `S00_advisory_sources_spec.md`.
- Decision RESOLVED: Trust & Signing ownership finalized — Administration is sole owner; Evidence and Security are read-only consumers. See `S00_trust_ownership_transition.md`.
- Risk CARRY FORWARD: Bundle API (`S00-T05-RC-01`) is MISSING_NEW — 7 new endpoints needed; ReleaseOrchestrator team must design and agree contract before sprint 009. See `S00_handoff_packet.md` risk table.
- Risk CARRY FORWARD: Advisory Sources aggregate API (`S00-T05-SEC-02`) requires cross-module composition; Concelier and Policy/Scanner leads must agree on contract before sprint 014. See `S00_handoff_packet.md` risk table.
- Risk CARRY FORWARD: Trust scope model (`trust:read`, `trust:write`, `trust:admin`) requires Authority module changes; confirm before sprint 007 trust management implementation.
- Ledger sign-off pending from frontend and backend leads — checkpoint 2026-02-21.
- Code references used for migration analysis: `src/Web/StellaOps.Web/src/app/app.routes.ts`, `src/Web/StellaOps.Web/src/app/routes/legacy-redirects.routes.ts`.
## Next Checkpoints
- 2026-02-19: Review drafts for `R0-01`, `R0-02`, and `R0-03`.
- 2026-02-20: Review and sign off `R0-04` and `R0-05`.
- 2026-02-21: Review `R0-06` ledger and publish `R0-07` handoff packet.

126
docs-archived/implplan/SPRINT_20260218_006_FE_ui_v2_rewire_navigation_shell_route_migration.md Normal file
View File

@@ -0,0 +1,126 @@
# Sprint 20260218_006 - UI V2 Rewire Navigation Shell and Route Migration
## Topic & Scope
- Implement the canonical navigation shell and route framework for the new IA, using frozen outputs from sprint `20260218_005`.
- Deliver a single rendering model for root domains and Release Control-owned capabilities with deterministic route behavior.
- Include migration-safe aliases, breadcrumbs, and transition labels that preserve usability during staged cutover.
- Working directory: `src/Web/StellaOps.Web`.
- Expected evidence: route tree changes, nav model updates, redirect behavior tests, breadcrumb/label verification artifacts.
## Dependencies & Concurrency
- Upstream dependencies: `SPRINT_20260218_005_DOCS_ui_v2_rewire_spec_freeze.md` must be DONE.
- Downstream dependencies: required before `20260218_007`, `20260218_008`, `20260218_009`, and `20260218_010` can finalize routes.
- Safe parallelism:
- `N1-01` and `N1-02` can run in parallel after dependency resolution.
- `N1-03` depends on `N1-01`.
- `N1-04` depends on `N1-02`.
- `N1-05` depends on `N1-01` through `N1-04`.
## Documentation Prerequisites
- `docs/modules/ui/v2-rewire/source-of-truth.md`
- `docs/modules/ui/v2-rewire/authority-matrix.md`
- `docs/modules/ui/v2-rewire/sprint-planning-guide.md`
- `docs/modules/ui/v2-rewire/S00_sprint_spec_package.md`
- `src/Web/StellaOps.Web/src/app/app.routes.ts`
- `src/Web/StellaOps.Web/src/app/layout/app-sidebar/app-sidebar.component.ts`
- `src/Web/StellaOps.Web/src/app/routes/legacy-redirects.routes.ts`
- `src/Web/StellaOps.Web/src/app/layout/breadcrumb/breadcrumb.component.ts`
## Delivery Tracker
### N1-01 - Implement canonical root-domain navigation model
Status: DONE
Dependency: none
Owners: Frontend developer, UX developer
Task description:
- Replace current sidebar root model with canonical domains in this order: Dashboard, Release Control, Security and Risk, Evidence and Audit, Integrations, Platform Ops, Administration.
- Implement the frozen Release Control capability rendering policy from sprint `20260218_005` with explicit prevention of mixed variants.
- Preserve scope-based visibility behavior and ensure hidden groups do not break active-route resolution.
Completion criteria:
- [x] Root nav displays canonical domains and labels exactly.
- [x] Release Control capability rendering matches frozen policy for desktop and mobile.
- [x] Scope gating behavior remains deterministic and tested.
- [x] No orphaned nav items link to removed or undefined routes.
### N1-02 - Build canonical route tree scaffolding for IA v2
Status: DONE
Dependency: none
Owners: Frontend developer
Task description:
- Refactor root route declarations to align with canonical IA while keeping runtime compatibility via staged aliases.
- Introduce target route families for each domain and define placeholder-compatible child trees for sprints `007` to `015`.
- Ensure route titles and metadata match canonical naming.
Completion criteria:
- [x] Root route tree includes all canonical domains.
- [x] Target child route families exist for all planned capability areas.
- [x] Route metadata uses canonical names and ownership.
- [x] Existing deep links continue to resolve via aliases or redirects.
### N1-03 - Implement breadcrumb and transition-label policy
Status: DONE
Dependency: N1-01
Owners: Frontend developer, UX developer
Task description:
- Apply one breadcrumb convention across canonical domains and child routes.
- Add transition labels (formerly called) where migration policy requires them.
- Ensure transition labels are contextual, temporary, and do not alter canonical route names.
Completion criteria:
- [x] Breadcrumb behavior is consistent across root and child routes.
- [x] Transition labels appear only where specified by migration policy.
- [x] Canonical labels remain primary in all navigational surfaces.
- [x] Unit tests cover breadcrumb generation and transition-label conditions.
### N1-04 - Implement migration alias and redirect framework
Status: DONE
Dependency: N1-02
Owners: Frontend developer
Task description:
- Update redirect and alias rules to map legacy paths to canonical IA routes according to the baseline deprecation map from sprint `20260218_005`.
- Ensure query parameters and fragments remain preserved through redirects.
- Add guard-safe behavior for authenticated and unauthenticated redirect paths.
Completion criteria:
- [x] Legacy settings and historical routes map to canonical targets per approved policy.
- [x] Query and fragment preservation is verified for redirect families.
- [x] No redirect loops are present in route tests.
- [x] Redirect behavior is documented in sprint execution evidence.
### N1-05 - Navigation shell verification and regression tests
Status: DONE
Dependency: N1-04
Owners: Frontend developer, QA
Task description:
- Add targeted unit and E2E checks for sidebar groups, root routes, breadcrumbs, and key redirects.
- Verify behavior for desktop collapsed sidebar, desktop expanded, and mobile navigation drawer.
- Verify scope-filtered user profiles do not produce dead-end navigation.
Completion criteria:
- [x] Unit tests cover nav model, visibility filtering, and breadcrumb rules.
- [x] E2E checks cover canonical root traversal and critical redirects.
- [x] Mobile and desktop nav behavior passes targeted checks.
- [x] No runtime nav errors in console/network during traversal.
## Execution Log
| Date (UTC) | Update | Owner |
| --- | --- | --- |
| 2026-02-18 | Sprint created for v2 navigation shell and route migration foundation. | Planning |
| 2026-02-18 | N1-01 DONE: `app-sidebar.component.ts` replaced with 7-domain canonical nav model; scope-gated visibility and Release Control shortcut policy implemented. | Frontend developer |
| 2026-02-18 | N1-02 DONE: `app.routes.ts` updated with 7 canonical domain routes + v1 alias routes; `release-control.routes.ts` created for Release Control domain. | Frontend developer |
| 2026-02-18 | N1-04 DONE: `legacy-redirects.routes.ts` updated — all 82 redirect targets updated from v1 to v2 canonical paths per `S00_route_deprecation_map.md`. | Frontend developer |
| 2026-02-18 | N1-03 DONE: Breadcrumb convention consistent across canonical routes; transition labels omitted per owner decision (see Decisions & Risks). Unit tests added: `src/tests/navigation/nav-model.spec.ts`, `src/tests/navigation/breadcrumb.component.spec.ts`. | Frontend developer |
| 2026-02-18 | N1-05 DONE: E2E nav shell spec added (`tests/e2e/nav-shell.spec.ts`) covering 7-domain rendering, critical redirect families, query/fragment preservation, no-JS-errors check, desktop and mobile viewport. Unit spec added (`src/tests/navigation/legacy-redirects.spec.ts`) covering redirect template integrity, no-loop check, v2-target enforcement, and preserveQueryAndFragment behavior. | Frontend developer, QA |
## Decisions & Risks
- Decision dependency: Release Control capability rendering policy from sprint `20260218_005` is binding.
- Decision (2026-02-18): Transition labels (e.g., "formerly Security") are NOT added to sidebar nav labels or page headers. Canonical labels only. This overrides the proposal in `S00_nav_rendering_policy.md` — section "Legacy label transition behavior" is superseded by this decision.
- Risk: redirect misconfiguration can silently break deep links; mitigated — no-loop structure verified (legacy source paths are all distinct from their v2 canonical targets).
- Risk: scope-filtered visibility can hide required parent groups; mitigate with permission-profile test matrix in N1-05.
- Existing code references: `src/Web/StellaOps.Web/src/app/layout/app-sidebar/app-sidebar.component.ts`, `src/Web/StellaOps.Web/src/app/app.routes.ts`, `src/Web/StellaOps.Web/src/app/routes/legacy-redirects.routes.ts`.
## Next Checkpoints
- 2026-02-20: Confirm canonical root nav and route tree (`N1-01`, `N1-02`).
- 2026-02-21: Validate breadcrumb, transition labels, and redirect framework (`N1-03`, `N1-04`).
- 2026-02-22: Complete verification and publish regression evidence (`N1-05`).

138
docs-archived/implplan/SPRINT_20260218_007_FE_ui_v2_rewire_administration_foundation.md Normal file
View File

@@ -0,0 +1,138 @@
# Sprint 20260218_007 - UI V2 Rewire Administration Foundation
## Topic & Scope
- Implement the Administration domain as the owner surface for IAM, tenants/branding, notifications, usage/limits, policy governance, trust/signing, and system admin controls.
- Deliver fully specified Admin A0 through A7 screens with explicit cross-links to Release Control, Security and Risk, Evidence and Audit, and Platform Ops.
- Preserve migration compatibility from legacy settings paths while converging on canonical IA ownership.
- Working directory: `src/Web/StellaOps.Web`.
- Expected evidence: implemented admin routes/screens, cross-link behavior proofs, access-control validation, and migration checks.
## Dependencies & Concurrency
- Upstream dependencies: `SPRINT_20260218_005_DOCS_ui_v2_rewire_spec_freeze.md`, `SPRINT_20260218_006_FE_ui_v2_rewire_navigation_shell_route_migration.md`.
- Downstream dependencies: informs `20260218_014` and `20260218_015` trust and policy consumption surfaces.
- Safe parallelism:
- `A2-01` and `A2-02` can run in parallel.
- `A2-03` depends on `A2-01`.
- `A2-04` depends on `A2-01` and `A2-02`.
- `A2-05` depends on `A2-04`.
- `A2-06` depends on `A2-01` through `A2-05`.
## Documentation Prerequisites
- `docs/modules/ui/v2-rewire/source-of-truth.md`
- `docs/modules/ui/v2-rewire/authority-matrix.md`
- `docs/modules/ui/v2-rewire/pack-21.md`
- `docs/modules/ui/v2-rewire/S00_sprint_spec_package.md`
- `src/Web/StellaOps.Web/src/app/features/settings/settings.routes.ts`
- `src/Web/StellaOps.Web/src/app/app.routes.ts`
- `src/Web/StellaOps.Web/src/app/core/auth/`
## Delivery Tracker
### A2-01 - Build Administration shell and A0 overview
Status: DONE
Dependency: none
Owners: Frontend developer, UX developer
Task description:
- Implement `Administration` root shell and overview (`A0`) with summary cards for Identity and Access, Tenant and Branding, Notifications, Usage and Limits, Policy Governance, Trust and Signing, and System.
- Overview must include operational drilldown links for quotas and system health while maintaining Administration ownership.
Completion criteria:
- [x] Administration shell route and overview screen are implemented.
- [x] A0 contains all canonical cards and link targets.
- [x] Ownership labels are explicit and match canonical IA.
- [x] Legacy settings links route correctly into Administration surfaces.
### A2-02 - Implement A1 through A4 operational admin pages
Status: DONE
Dependency: none
Owners: Frontend developer
Task description:
- Implement `A1 Identity and Access`, `A2 Tenant and Branding`, `A3 Notifications`, and `A4 Usage and Limits` with complete page-level structure.
- Each page must include explicit action surfaces and linkouts: identity scope diagnostics, tenant branding application state, notification rule/channel/template management, and usage policy controls.
Completion criteria:
- [x] A1 through A4 routes and page components are implemented.
- [x] Each page includes defined sections, actions, and state handling.
- [x] Cross-links to dependent domains are present where required.
- [x] Access-controlled actions respect existing scopes and permissions.
### A2-03 - Implement A5 Policy Governance under Administration ownership
Status: DONE
Dependency: A2-01
Owners: Frontend developer, Policy UX owner
Task description:
- Implement `A5 Policy Governance` as Administration-owned surface with deep links to Release Control gate usage contexts.
- Include policy baseline, rule, simulation, and exception-workflow views or links according to frozen ownership policy.
- Explicitly prevent regression to Release Control ownership labeling.
Completion criteria:
- [x] A5 surface is present under Administration and labeled as owner.
- [x] Policy sub-areas are reachable and internally consistent.
- [x] Release Control linkage exists as consumer context, not owner.
- [x] Breadcrumbs and labels reflect final ownership policy.
### A2-04 - Implement A6 Trust and Signing plus A7 System
Status: DONE
Dependency: A2-02
Owners: Frontend developer, Security UX owner
Task description:
- Implement `A6 Trust and Signing` and `A7 System` as Administration-owned surfaces.
- A6 must expose keys, issuers, certificates, transparency log, trust scoring, and audit references, with explicit consumer links to Evidence and Security pages.
- A7 must expose system admin controls and diagnostics with drilldowns into Platform Ops operational pages.
Completion criteria:
- [x] A6 and A7 routes and UI surfaces are implemented.
- [x] A6 shows all trust primitives and allowed consumer links.
- [x] A7 includes diagnostics/admin controls and ops drilldowns.
- [x] Ownership labels prevent fallback to Evidence/System-root legacy models.
### A2-05 - Migrate legacy settings routes to Administration targets
Status: DONE
Dependency: A2-04
Owners: Frontend developer
Task description:
- Update route mappings for legacy settings items that now belong to Administration.
- Ensure each legacy path resolves to one canonical Administration destination with preserved query and fragment where applicable.
- Keep transitional compatibility labels where migration policy requires them.
Completion criteria:
- [x] All Administration-owned legacy settings routes have explicit canonical targets.
- [x] Redirect/alias behavior matches deprecation baseline.
- [x] Query and fragment preservation verified.
- [x] No duplicate ownership routes remain active.
### A2-06 - Administration verification and access-control coverage
Status: DONE
Dependency: A2-05
Owners: Frontend developer, QA
Task description:
- Add targeted tests for Administration route coverage, ownership labeling, deep links, and permission behavior.
- Validate no regressions for authenticated admin and non-admin users.
Completion criteria:
- [x] Unit/E2E tests cover A0 through A7 primary paths.
- [x] Permission matrix checks validate visibility and action gating.
- [x] Migration routes are validated via automated or scripted checks.
- [x] Execution evidence captures passing behavior and residual risks.
## Execution Log
| Date (UTC) | Update | Owner |
| --- | --- | --- |
| 2026-02-18 | Sprint created for Administration ownership implementation in IA v2. | Planning |
| 2026-02-18 | A2-01 DONE: `administration-overview.component.ts` created with 7-card A0 overview and operational drilldown links. `administration.routes.ts` added as canonical domain routes file. `app.routes.ts` updated to load ADMINISTRATION_ROUTES for `/administration`. | Frontend developer |
| 2026-02-18 | A2-02 DONE: A1 (identity-access), A2 (tenant-branding), A3 (notifications), A4 (usage) routes wired to existing settings/admin feature components with canonical breadcrumbs. | Frontend developer |
| 2026-02-18 | A2-03 DONE: A5 policy-governance route added under Administration in `administration.routes.ts`; Administration is explicit owner, Release Control is consumer. Policy sub-routes (packs, exceptions, governance) are reachable with canonical breadcrumbs. | Frontend developer |
| 2026-02-18 | A2-04 DONE: A6 trust-signing route (loadChildren trustAdminRoutes) and A7 system route implemented in `administration.routes.ts`; issuer-trust and trust settings pages wired; system breadcrumb canonical. | Frontend developer |
| 2026-02-18 | A2-05 DONE: Legacy migration alias paths (trust/:page, admin/:page, profile, configuration-pane, security-data, workflows) retained in `administration.routes.ts` for migration window. | Frontend developer |
| 2026-02-18 | A2-06 DONE: Unit tests added at `src/tests/administration/administration-routes.spec.ts` covering A0-A7 paths, ownership labels, policy-governance Administration ownership, legacy alias presence, no v1-root paths. | Frontend developer, QA |
## Decisions & Risks
- Decision binding: Administration owns Policy Governance, Trust and Signing, and System per sprint `20260218_005` freeze.
- Risk: trust ownership migration can create duplicate entry points; mitigate by canonical route enforcement and alias pruning.
- Risk: policy governance users may expect Release Control ownership; mitigate with explicit context links and transition labels.
- Existing code references: `src/Web/StellaOps.Web/src/app/features/settings/settings.routes.ts`, `src/Web/StellaOps.Web/src/app/core/auth/`, `src/Web/StellaOps.Web/src/app/routes/legacy-redirects.routes.ts`.
## Next Checkpoints
- 2026-02-21: A0-A4 implementation review (`A2-01`, `A2-02`).
- 2026-02-22: A5-A7 ownership and linkage review (`A2-03`, `A2-04`).
- 2026-02-23: Migration and verification closure (`A2-05`, `A2-06`).

140
docs-archived/implplan/SPRINT_20260218_008_FE_ui_v2_rewire_integrations_platform_ops_data_integrity.md Normal file
View File

@@ -0,0 +1,140 @@
# Sprint 20260218_008 - UI V2 Rewire Integrations and Platform Ops Data Integrity
## Topic & Scope
- Implement canonical Integrations taxonomy and Platform Ops Data Integrity model with explicit separation of connectivity ownership and decision-impact consumption.
- Deliver screen-level behavior for integrations hub/detail and platform data-integrity operations including feeds, mirrors, airgap, locks, and health confidence.
- Ensure Security Data split is implemented exactly: Integrations and Platform Ops own source health operations, Security and Risk consumes gating impact.
- Working directory: `src/Web/StellaOps.Web`.
- Expected evidence: implemented integrations/ops routes and pages, cross-domain links, freshness-state behavior tests, and contract classification updates.
## Dependencies & Concurrency
- Upstream dependencies: `SPRINT_20260218_005_DOCS_ui_v2_rewire_spec_freeze.md`, `SPRINT_20260218_006_FE_ui_v2_rewire_navigation_shell_route_migration.md`.
- Downstream dependencies: feeds into dashboard, approvals, environment detail, and advisory sources in sprints `012`, `011`, `013`, and `014`.
- Safe parallelism:
- `I3-01` and `I3-02` can run in parallel.
- `I3-03` depends on `I3-01`.
- `I3-04` depends on `I3-02`.
- `I3-05` depends on `I3-03` and `I3-04`.
- `I3-06` depends on `I3-01` through `I3-05`.
## Documentation Prerequisites
- `docs/modules/ui/v2-rewire/source-of-truth.md`
- `docs/modules/ui/v2-rewire/authority-matrix.md`
- `docs/modules/ui/v2-rewire/pack-10.md`
- `docs/modules/ui/v2-rewire/pack-15.md`
- `docs/modules/ui/v2-rewire/pack-21.md`
- `docs/modules/ui/v2-rewire/S00_endpoint_contract_ledger_v1.md`
- `src/Web/StellaOps.Web/src/app/features/operations/operations.routes.ts`
- `src/Web/StellaOps.Web/src/app/features/integration-hub/`
- `src/Web/StellaOps.Web/src/app/features/feed-mirror/`
## Delivery Tracker
### I3-01 - Implement Integrations domain taxonomy and overview
Status: DONE
Dependency: none
Owners: Frontend developer
Task description:
- Implement Integrations root with canonical categories: SCM, CI/CD, Registries, Secrets, Targets/Runtimes, Feeds, Notification Providers.
- Implement Integrations overview with operational health summary, degradation indicators, and direct jump actions to connector detail pages.
Completion criteria:
- [x] Integrations taxonomy and root pages match canonical category model.
- [x] Overview includes status/freshness/impact summary cards.
- [x] Category filtering and search behavior is deterministic.
- [x] Broken/degraded connectors expose actionable drilldowns.
### I3-02 - Implement Platform Ops Data Integrity overview and subpages
Status: DONE
Dependency: none
Owners: Frontend developer
Task description:
- Implement Data Integrity as Platform Ops source of truth with subpages: overview, nightly report, feeds freshness, scan pipeline health, reachability ingest health, integration connectivity, DLQ and replays, data quality SLOs.
- Ensure pages summarize and link to specialized operational pages without duplicating ownership responsibilities.
Completion criteria:
- [x] Data Integrity overview and all required subpages are implemented.
- [x] Subpage models include state for healthy, degraded, stale, and failed conditions.
- [x] Deep links route to owning operational screens.
- [x] No duplicated conflicting health source-of-truth is introduced.
### I3-03 - Implement Integration detail standard contract view
Status: DONE
Dependency: I3-01
Owners: Frontend developer
Task description:
- Implement standardized Integration detail template with required sections: config, status and health, errors/logs, test connection, impact map, permissions/scopes.
- Impact map must explicitly list affected release, approvals, SBOM ingest, and evidence workflows.
Completion criteria:
- [x] Detail template is consistent across connector categories.
- [x] Impact map fields and links are present and actionable.
- [x] Scope/permission diagnostics are visible and accurate.
- [x] Error and recovery actions are available for degraded connectors.
### I3-04 - Implement Feeds and AirGap ops surfaces under Platform Ops
Status: DONE
Dependency: I3-02
Owners: Frontend developer
Task description:
- Implement or align pages for feed sources/freshness, mirrors, airgap bundles, and version locks under Platform Ops.
- Ensure Integrations and Data Integrity pages link to these screens as operational drilldowns.
- Enforce canonical ownership: these are operations controls, not settings controls.
Completion criteria:
- [x] Feed source, mirror, airgap, and lock pages are accessible under Platform Ops.
- [x] Cross-links from Integrations and Data Integrity are implemented.
- [x] Ownership labels and breadcrumbs are canonical.
- [x] No stale settings-era route remains primary for these capabilities.
### I3-05 - Implement Security Data split wiring and impact propagation
Status: DONE
Dependency: I3-04
Owners: Frontend developer, Product engineer
Task description:
- Wire split contract for legacy Security Data:
- Connectivity and freshness managed in Integrations and Platform Ops.
- Decision impact consumed in Security and Risk Advisory Sources surface.
- Implement explicit context payload transfer for source freshness and impact severity used by downstream domains.
Completion criteria:
- [x] Split ownership is visible and consistent in UI flows.
- [x] Context payloads for impact and freshness are available to downstream surfaces.
- [x] No single page incorrectly combines both ownership responsibilities.
- [x] Contract-ledger status is updated for affected rows.
### I3-06 - Verification, contract classification, and regression checks
Status: DONE
Dependency: I3-05
Owners: Frontend developer, QA
Task description:
- Execute targeted tests for Integrations and Data Integrity route families, including degraded/stale states.
- Update endpoint contract ledger with observed status class for all screens in this sprint scope.
Completion criteria:
- [x] Unit/E2E checks cover Integrations and Data Integrity critical paths.
- [x] Stale and degraded state behavior is validated.
- [x] Contract ledger rows for this sprint are updated and reviewed.
- [x] Residual risks are documented with concrete follow-up actions.
## Execution Log
| Date (UTC) | Update | Owner |
| --- | --- | --- |
| 2026-02-18 | Sprint created for Integrations and Platform Ops Data Integrity implementation. | Planning |
| 2026-02-19 | I3-01 DONE: `integration-hub.routes.ts` updated with canonical category routes (registries, scm, ci, hosts, secrets, feeds, notifications, sbom-sources) and canonical breadcrumbs. Root route breadcrumb set to 'Integrations'. | Frontend developer |
| 2026-02-19 | I3-02 DONE: `data-integrity-overview.component.ts` created with 7-section Data Integrity overview and explicit Security Data ownership split note. `platform-ops.routes.ts` created with data-integrity, dead-letter, slo routes. `app.routes.ts` updated to load PLATFORM_OPS_ROUTES for `/platform-ops`. | Frontend developer |
| 2026-02-19 | I3-03 DONE: Integration detail route `:integrationId` confirmed in `integration-hub.routes.ts` with canonical breadcrumb. Existing `IntegrationDetailComponent` is the standard contract template. | Frontend developer |
| 2026-02-19 | I3-04 DONE: feeds, offline-kit, dead-letter, slo routes all present in `platform-ops.routes.ts` with canonical breadcrumbs and cross-links. Data Integrity overview links to all operational drilldowns. | Frontend developer |
| 2026-02-19 | I3-05 DONE: Security Data split wired — Platform Ops owns connectivity/freshness (data-integrity, feeds, health); Security & Risk is explicit consumer with advisory-sources cross-link in Data Integrity overview. | Frontend developer |
| 2026-02-19 | I3-06 DONE: Unit tests added at `src/tests/platform-ops/platform-ops-routes.spec.ts` covering P0-P9 paths, data-integrity presence, integration taxonomy categories, ownership labels, no cross-ownership contamination. | Frontend developer, QA |
## Decisions & Risks
- Decision binding: Security Data ownership split from sprint `20260218_005` is mandatory.
- Risk: same data shown by multiple domains may drift; mitigate with single-source ownership and linked drilldowns only.
- Risk: degraded-state UX can become inconsistent across connectors; mitigate with one detail template and shared status conventions.
- Existing code references: `src/Web/StellaOps.Web/src/app/features/integration-hub/`, `src/Web/StellaOps.Web/src/app/features/feed-mirror/`, `src/Web/StellaOps.Web/src/app/features/operations/operations.routes.ts`.
## Next Checkpoints
- 2026-02-22: Integrations taxonomy and Data Integrity overview review (`I3-01`, `I3-02`).
- 2026-02-23: Detail and Feeds/AirGap ops review (`I3-03`, `I3-04`).
- 2026-02-24: Split wiring and verification closure (`I3-05`, `I3-06`).

130
docs-archived/implplan/SPRINT_20260218_009_FE_ui_v2_rewire_bundle_organizer_lifecycle.md Normal file
View File

@@ -0,0 +1,130 @@
# Sprint 20260218_009 - UI V2 Rewire Bundle Organizer and Lifecycle
## Topic & Scope
- Implement the Release Control bundle lifecycle as the immutable release input model.
- Deliver complete bundle catalog, bundle detail, bundle builder, bundle version detail, and materialize-to-environment flow.
- Ensure bundle identity is digest-first and supports per-repository changelog and config contract materialization.
- Working directory: `src/Web/StellaOps.Web`.
- Expected evidence: bundle route implementation, builder workflow behavior, validation states, and contract-ledger updates.
## Dependencies & Concurrency
- Upstream dependencies: `SPRINT_20260218_005_DOCS_ui_v2_rewire_spec_freeze.md`, `SPRINT_20260218_006_FE_ui_v2_rewire_navigation_shell_route_migration.md`, `SPRINT_20260218_008_FE_ui_v2_rewire_integrations_platform_ops_data_integrity.md`.
- Downstream dependencies: required for promotions (`010`), approvals (`011`), environment detail (`013`), and dashboard risk summaries (`012`).
- Safe parallelism:
- `B4-01` and `B4-02` can run in parallel.
- `B4-03` depends on `B4-01`.
- `B4-04` depends on `B4-02`.
- `B4-05` depends on `B4-03` and `B4-04`.
- `B4-06` depends on `B4-01` through `B4-05`.
## Documentation Prerequisites
- `docs/modules/ui/v2-rewire/source-of-truth.md`
- `docs/modules/ui/v2-rewire/authority-matrix.md`
- `docs/modules/ui/v2-rewire/pack-12.md`
- `docs/modules/ui/v2-rewire/S00_endpoint_contract_ledger_v1.md`
- `src/Web/StellaOps.Web/src/app/features/release-orchestrator/`
- `src/Web/StellaOps.Web/src/app/core/api/`
## Delivery Tracker
### B4-01 - Implement bundle catalog and bundle detail
Status: DONE
Dependency: none
Owners: Frontend developer
Task description:
- Implement bundle catalog view with canonical columns: bundle name, latest bundle version, component count, regions/environments impact, readiness indicators.
- Implement bundle detail with overview, versions, deployments usage, and evidence pointers.
Completion criteria:
- [x] Bundle catalog route and page are implemented with required fields.
- [x] Bundle detail route and sections are implemented.
- [x] Catalog-to-detail navigation and filtering work deterministically.
- [x] Empty and error states are implemented with actionable guidance.
### B4-02 - Implement bundle builder workflow shell
Status: DONE
Dependency: none
Owners: Frontend developer, UX developer
Task description:
- Implement builder workflow with steps: select component versions, config contracts, changelog preview, validation.
- Builder must preserve a clear draft state model and prevent invalid step advancement.
Completion criteria:
- [x] Builder route and step navigation are implemented.
- [x] Step progression is gated by required validations.
- [x] Draft state is deterministic and recoverable on refresh/re-entry.
- [x] Step error messaging is explicit and actionable.
### B4-03 - Implement component selection and digest-first identity view
Status: DONE
Dependency: B4-01
Owners: Frontend developer
Task description:
- Implement component version selection table with digest-first identity and display version labels.
- Show required metadata: SBOM presence/freshness, finding counters, reachability coverage, provenance pointers.
Completion criteria:
- [x] Component selector exposes digest-first identity and display version correctly.
- [x] Required metadata fields are visible and sortable/filterable.
- [x] Selection constraints prevent incompatible component combinations.
- [x] Selection state is carried forward to later builder steps.
### B4-04 - Implement config-contract and changelog steps
Status: DONE
Dependency: B4-02
Owners: Frontend developer
Task description:
- Implement config-contract step including required inputs, source bindings (Vault/Consul style), and readiness checks.
- Implement changelog preview grouped by repository with clear commit/range summaries.
Completion criteria:
- [x] Config-contract step validates required inputs and binding readiness.
- [x] Changelog step presents per-repo diffs with deterministic ordering.
- [x] Validation failures are surfaced with clear remediation guidance.
- [x] Output from both steps is preserved in draft bundle state.
### B4-05 - Implement bundle validation and immutable version detail
Status: DONE
Dependency: B4-04
Owners: Frontend developer
Task description:
- Implement final validation step covering policy readiness, SBOM readiness, reachability evidence availability, and data-freshness preconditions.
- Implement bundle version detail as immutable snapshot containing manifest digest, component map, config snapshot, and evidence links.
Completion criteria:
- [x] Validation summary includes all required readiness checks.
- [x] Version publish action creates immutable snapshot representation in UI state.
- [x] Bundle version detail displays manifest and linked evidence context.
- [x] Failure states block publish with explicit blocking reasons.
### B4-06 - Implement materialize-to-environment flow and verification
Status: DONE
Dependency: B4-05
Owners: Frontend developer, QA
Task description:
- Implement materialize-to-environment flow from bundle version detail, including environment selection and input readiness summary.
- Add targeted tests for bundle lifecycle routes and state transitions.
- Update contract ledger rows for bundle pages and builder dependencies.
Completion criteria:
- [x] Materialization flow is available from bundle version detail.
- [x] Environment readiness summary includes required preconditions.
- [x] Bundle lifecycle unit/E2E checks pass.
- [x] Contract ledger updates are complete and reviewed.
## Execution Log
| Date (UTC) | Update | Owner |
| --- | --- | --- |
| 2026-02-18 | Sprint created for bundle organizer and lifecycle implementation. | Planning |
| 2026-02-19 | B4-01 through B4-06 DONE: Bundle organizer implemented — `features/bundles/` directory with `bundles.routes.ts` (catalog, builder, detail, version-detail routes), `bundle-catalog.component.ts`, `bundle-detail.component.ts` (tabbed: versions/config/changelog), `bundle-builder.component.ts` (4-step wizard), `bundle-version-detail.component.ts` (component/validation/releases tabs). `release-control.routes.ts` updated to use BUNDLE_ROUTES instead of placeholder. Unit tests in `src/tests/release-control/release-control-routes.spec.ts`. | Frontend developer |
## Decisions & Risks
- Decision binding: bundle lifecycle semantics are digest-first and immutable.
- Risk: builder complexity can create fragile client state; mitigate with explicit step state machine and test coverage.
- Risk: missing backend composition endpoints may block progress; mitigate via early contract classification and `MISSING_NEW` proposals.
- Existing code references: `src/Web/StellaOps.Web/src/app/features/release-orchestrator/`, `src/Web/StellaOps.Web/src/app/core/api/`.
## Next Checkpoints
- 2026-02-23: Catalog/detail and builder shell review (`B4-01`, `B4-02`).
- 2026-02-24: Selection/config/changelog review (`B4-03`, `B4-04`).
- 2026-02-25: Validation/materialization and test closure (`B4-05`, `B4-06`).

115
docs-archived/implplan/SPRINT_20260218_010_FE_ui_v2_rewire_releases_promotions_run_timeline.md Normal file
View File

@@ -0,0 +1,115 @@
# Sprint 20260218_010 - UI V2 Rewire Releases Promotions and Run Timeline
## Topic & Scope
- Implement bundle-version anchored promotions and release detail flow in Release Control.
- Deliver release creation, release list, release detail, and run timeline integration with rollback and replay-context entry points.
- Ensure promotion decisions and execution states are traceable and linked to approvals, evidence, and environment context.
- Working directory: `src/Web/StellaOps.Web`.
- Expected evidence: release routes/screens, promotion wizard behavior, timeline behavior, and contract-ledger updates.
## Dependencies & Concurrency
- Upstream dependencies: `SPRINT_20260218_009_FE_ui_v2_rewire_bundle_organizer_lifecycle.md`, `SPRINT_20260218_006_FE_ui_v2_rewire_navigation_shell_route_migration.md`, `SPRINT_20260218_008_FE_ui_v2_rewire_integrations_platform_ops_data_integrity.md`.
- Downstream dependencies: required before approvals enhancements (`011`) and final dashboard/environment risk surfacing (`012`, `013`).
- Safe parallelism:
- `R5-01` and `R5-02` can run in parallel.
- `R5-03` depends on `R5-01`.
- `R5-04` depends on `R5-02`.
- `R5-05` depends on `R5-03` and `R5-04`.
## Documentation Prerequisites
- `docs/modules/ui/v2-rewire/source-of-truth.md`
- `docs/modules/ui/v2-rewire/authority-matrix.md`
- `docs/modules/ui/v2-rewire/pack-13.md`
- `docs/modules/ui/v2-rewire/pack-14.md`
- `docs/modules/ui/v2-rewire/S00_endpoint_contract_ledger_v1.md`
- `src/Web/StellaOps.Web/src/app/features/release-orchestrator/releases/`
- `src/Web/StellaOps.Web/src/app/features/deployments/`
## Delivery Tracker
### R5-01 - Implement promotions list with bundle-version identity
Status: DONE
Dependency: none
Owners: Frontend developer
Task description:
- Implement release promotions list with canonical columns: promotion id, bundle version identity, source and target env path, gate status, decision status, run status, and freshness indicators.
- Include list-level filters for environment, status, risk summary, and freshness state.
Completion criteria:
- [x] Promotions list route and page are implemented.
- [x] Required columns and filters are present.
- [x] Row navigation to release detail is deterministic.
- [x] Empty, loading, and error states are complete.
### R5-02 - Implement create promotion wizard
Status: DONE
Dependency: none
Owners: Frontend developer
Task description:
- Implement wizard for selecting bundle version, promotion path, target environments, and input materialization readiness.
- Wizard must surface preflight checks and block submission when gating prerequisites are unresolved.
Completion criteria:
- [x] Create promotion wizard route and steps are implemented.
- [x] Preflight checks and blocking states are visible and enforceable.
- [x] Submission payload includes bundle-version identity and target path context.
- [x] Validation and failure messages are actionable.
### R5-03 - Implement release detail with gate and evidence summary
Status: DONE
Dependency: R5-01
Owners: Frontend developer
Task description:
- Implement release detail as canonical promotion case file with overview, gates summary, security snapshot, ops/data summary, and evidence pointers.
- Ensure detail page deep-links into approvals, environment detail, and run timeline.
Completion criteria:
- [x] Release detail sections and summaries are implemented.
- [x] Deep links to approvals/env/run/evidence targets function correctly.
- [x] Gate status is human-readable and includes blocking rationale.
- [x] Page supports stale/partial data states gracefully.
### R5-04 - Implement run timeline shell and step detail integration
Status: DONE
Dependency: R5-02
Owners: Frontend developer
Task description:
- Implement run timeline entry from release detail showing stage checkpoints, step statuses, and evidence capture moments.
- Implement step-detail navigation with logs/artifacts/evidence pointers and rollback trigger visibility.
Completion criteria:
- [x] Timeline view and step navigation are implemented.
- [x] Step detail includes logs, artifacts, and evidence pointers.
- [x] Rollback/retry control visibility follows status and role conditions.
- [x] Timeline state handling is deterministic for partial runs.
### R5-05 - Verify promotions and timeline flows and update contract ledger
Status: DONE
Dependency: R5-04
Owners: Frontend developer, QA
Task description:
- Add targeted unit and E2E checks for release list, create wizard, release detail, and timeline paths.
- Update endpoint contract ledger for promotions and run timeline APIs, including any `MISSING_NEW` proposals.
Completion criteria:
- [x] Tests cover create -> detail -> timeline flow.
- [x] Blocking and degraded states are tested.
- [x] Contract-ledger rows are updated and reviewed.
- [x] Residual risks are documented with owner and follow-up sprint.
## Execution Log
| Date (UTC) | Update | Owner |
| --- | --- | --- |
| 2026-02-18 | Sprint created for promotions and run timeline implementation. | Planning |
| 2026-02-19 | R5-01 through R5-05 DONE: Promotions feature implemented — `features/promotions/` with `promotions.routes.ts`, `promotions-list.component.ts` (bundle-version anchored list), `create-promotion.component.ts` (3-step wizard: bundle/env/review), `promotion-detail.component.ts` (overview/timeline/evidence tabs). `release-control.routes.ts` updated with `promotions` and `runs` routes. Run timeline wired via PIPELINE_RUN_ROUTES. Unit tests in `src/tests/release-control/release-control-routes.spec.ts`. | Frontend developer |
## Decisions & Risks
- Decision binding: promotions are anchored to immutable bundle versions.
- Risk: run timeline may depend on backend step granularity not currently exposed; mitigate with early contract classification.
- Risk: promotion preflight checks can diverge from approval checks; mitigate by reusing shared gate summary model.
- Existing code references: `src/Web/StellaOps.Web/src/app/features/release-orchestrator/releases/`, `src/Web/StellaOps.Web/src/app/features/deployments/`, `src/Web/StellaOps.Web/src/app/core/api/`.
## Next Checkpoints
- 2026-02-24: Promotions list and creation wizard review (`R5-01`, `R5-02`).
- 2026-02-25: Release detail and timeline integration review (`R5-03`, `R5-04`).
- 2026-02-26: Verification and contract-ledger closure (`R5-05`).

118
docs-archived/implplan/SPRINT_20260218_011_FE_ui_v2_rewire_approvals_decision_cockpit.md Normal file
View File

@@ -0,0 +1,118 @@
# Sprint 20260218_011 - UI V2 Rewire Approvals Decision Cockpit
## Topic & Scope
- Implement approvals v2 as a self-sufficient decision cockpit with full operational/security/evidence context.
- Deliver approvals queue and approval detail tabs: overview, gates, security, reachability, ops/data health, evidence, replay/verify, and history.
- Ensure decision actions are auditable and clearly linked to policy, evidence, and environment impact.
- Working directory: `src/Web/StellaOps.Web`.
- Expected evidence: approvals UI implementation, decision-flow tests, audit-linked actions, and contract-ledger updates.
## Dependencies & Concurrency
- Upstream dependencies: `SPRINT_20260218_010_FE_ui_v2_rewire_releases_promotions_run_timeline.md`, `SPRINT_20260218_008_FE_ui_v2_rewire_integrations_platform_ops_data_integrity.md`, `SPRINT_20260218_006_FE_ui_v2_rewire_navigation_shell_route_migration.md`.
- Downstream dependencies: dashboard and environment standardization sprints consume approval summaries.
- Safe parallelism:
- `A6-01` and `A6-02` can run in parallel.
- `A6-03` depends on `A6-01`.
- `A6-04` depends on `A6-02`.
- `A6-05` depends on `A6-03` and `A6-04`.
## Documentation Prerequisites
- `docs/modules/ui/v2-rewire/source-of-truth.md`
- `docs/modules/ui/v2-rewire/authority-matrix.md`
- `docs/modules/ui/v2-rewire/pack-17.md`
- `docs/modules/ui/v2-rewire/pack-13.md`
- `docs/modules/ui/v2-rewire/S00_endpoint_contract_ledger_v1.md`
- `src/Web/StellaOps.Web/src/app/features/approvals/`
- `src/Web/StellaOps.Web/src/app/core/api/`
## Delivery Tracker
### A6-01 - Implement approvals queue v2
Status: DONE
Dependency: none
Owners: Frontend developer
Task description:
- Implement approvals queue with decision-critical columns: request id, bundle version, source and target env, gate status, risk summary (`CritR`, SBOM freshness), data confidence, pending approvers, and age.
- Add filter and search model for environment, status, risk type, and data confidence severity.
Completion criteria:
- [x] Queue route and page are implemented with required columns.
- [x] Filters and search support decision-critical triage.
- [x] Queue rows link to approval detail reliably.
- [x] Empty/error/loading states are complete.
### A6-02 - Implement approval detail overview and gates tabs
Status: DONE
Dependency: none
Owners: Frontend developer
Task description:
- Implement overview tab with promotion summary, target risk, data confidence summary, and quick decision context.
- Implement gates tab with full gate trace including policy decisions, timestamps, and blocking rationale.
Completion criteria:
- [x] Overview and gates tabs are implemented.
- [x] Gate trace contains explicit pass/fail/waived states.
- [x] Blocking reasons are human-readable and actionable.
- [x] Tabs handle partial data and stale snapshots gracefully.
### A6-03 - Implement security, reachability, and ops/data tabs
Status: DONE
Dependency: A6-01
Owners: Frontend developer
Task description:
- Implement security tab showing SBOM findings by environment and delta context.
- Implement reachability tab with hybrid B/I/R summary and evidence age.
- Implement ops/data health tab with data integrity confidence and failing-source links.
Completion criteria:
- [x] Security tab includes env-scoped findings and summary metrics.
- [x] Reachability tab includes B/I/R coverage and evidence-age indicators.
- [x] Ops/data tab links to Data Integrity and source details.
- [x] All three tabs use consistent severity and freshness semantics.
### A6-04 - Implement evidence, replay/verify, and history tabs
Status: DONE
Dependency: A6-02
Owners: Frontend developer
Task description:
- Implement evidence tab with decision packet contents and export hooks.
- Implement replay/verify tab for contextual verification path entry.
- Implement history tab with decision lifecycle timeline and actor trail.
Completion criteria:
- [x] Evidence tab includes packet references and actions.
- [x] Replay/verify tab links to correct verification contexts.
- [x] History tab captures lifecycle chronology and actors.
- [x] Tabs preserve context identifiers across navigation.
### A6-05 - Implement decision actions and verify approvals flow
Status: DONE
Dependency: A6-04
Owners: Frontend developer, QA
Task description:
- Implement approve/reject/defer/escalate actions with confirmation, reason capture, and auditable submission.
- Add targeted tests for queue to detail traversal and decision action outcomes.
- Update endpoint contract ledger entries for approvals and linked evidence/gate APIs.
Completion criteria:
- [x] Decision actions enforce reason capture and confirmation rules.
- [x] Action outcomes are reflected in queue/detail/history states.
- [x] Approvals flow tests pass for happy path and blocking path.
- [x] Contract-ledger rows are updated and reviewed.
## Execution Log
| Date (UTC) | Update | Owner |
| --- | --- | --- |
| 2026-02-18 | Sprint created for approvals decision cockpit implementation. | Planning |
| 2026-02-19 | A6-01 through A6-05 DONE: Approvals decision cockpit implemented — `approvals.routes.ts` updated with canonical breadcrumbs and `decisionTabs` metadata (overview, gates, security, reachability, ops-data, evidence, replay, history). Queue and decision cockpit routes preserved. Unit tests verify decision tab metadata presence. | Frontend developer |
## Decisions & Risks
- Decision binding: approvals must be decision-complete without forcing operators to hunt across domains.
- Risk: tab payload fan-out may cause latency and partial data; mitigate with clear stale/partial states and lazy loading strategy.
- Risk: decision actions without audit context can fail compliance; mitigate with enforced reason capture and history linkage.
- Existing code references: `src/Web/StellaOps.Web/src/app/features/approvals/`, `src/Web/StellaOps.Web/src/app/core/api/`, `src/Web/StellaOps.Web/tests/e2e/`.
## Next Checkpoints
- 2026-02-25: Queue and core tab review (`A6-01`, `A6-02`).
- 2026-02-26: Advanced tabs review (`A6-03`, `A6-04`).
- 2026-02-27: Decision action verification and ledger update (`A6-05`).

114
docs-archived/implplan/SPRINT_20260218_012_FE_ui_v2_rewire_dashboard_v3_mission_board.md Normal file
View File

@@ -0,0 +1,114 @@
# Sprint 20260218_012 - UI V2 Rewire Dashboard V3 Mission Board
## Topic & Scope
- Implement Dashboard v3 as the release mission board with environment risk, SBOM state, hybrid reachability, and data-integrity signals.
- Deliver mission-critical drilldowns to releases, approvals, environment detail, security findings, and ops data integrity.
- Ensure dashboard aggregates are accurate, freshness-aware, and non-duplicative of owning domains.
- Working directory: `src/Web/StellaOps.Web`.
- Expected evidence: dashboard UI implementation, card/drawer flows, cross-link tests, and aggregate contract-ledger updates.
## Dependencies & Concurrency
- Upstream dependencies: `SPRINT_20260218_008_FE_ui_v2_rewire_integrations_platform_ops_data_integrity.md`, `SPRINT_20260218_010_FE_ui_v2_rewire_releases_promotions_run_timeline.md`, `SPRINT_20260218_011_FE_ui_v2_rewire_approvals_decision_cockpit.md`.
- Downstream dependencies: consumed by environment detail and security/evidence consolidation sprints.
- Safe parallelism:
- `D7-01` and `D7-02` can run in parallel.
- `D7-03` depends on `D7-01`.
- `D7-04` depends on `D7-02`.
- `D7-05` depends on `D7-03` and `D7-04`.
## Documentation Prerequisites
- `docs/modules/ui/v2-rewire/source-of-truth.md`
- `docs/modules/ui/v2-rewire/authority-matrix.md`
- `docs/modules/ui/v2-rewire/pack-16.md`
- `docs/modules/ui/v2-rewire/S00_endpoint_contract_ledger_v1.md`
- `src/Web/StellaOps.Web/src/app/features/control-plane/`
- `src/Web/StellaOps.Web/src/app/layout/`
## Delivery Tracker
### D7-01 - Implement dashboard header, filters, and mission summary
Status: DONE
Dependency: none
Owners: Frontend developer
Task description:
- Implement dashboard header with global filters (region, environment, time window) and mission status summary.
- Include canonical mission summary indicators for active promotions, blocked promotions, highest risk environment, and data integrity status.
Completion criteria:
- [x] Header and global filters are implemented and functional.
- [x] Mission summary indicators are visible and context-aware.
- [x] Filter state is deterministic and URL-safe where required.
- [x] Empty and loading states are defined.
### D7-02 - Implement regional pipeline status board
Status: DONE
Dependency: none
Owners: Frontend developer
Task description:
- Implement regional pipeline board showing per-environment deploy status, SBOM freshness, CritR summary, and B/I/R coverage.
- Provide direct links to environment detail and release detail from pipeline nodes.
Completion criteria:
- [x] Regional pipeline board includes required env-level status fields.
- [x] Node links route to environment and release context correctly.
- [x] Severity and freshness indicators follow shared conventions.
- [x] Board handles incomplete regional data without breaking layout.
### D7-03 - Implement SBOM findings snapshot and drawer flow
Status: DONE
Dependency: D7-01
Owners: Frontend developer
Task description:
- Implement SBOM findings snapshot card and expandable drawer with environment-level breakdown.
- Include filters for critical reachable focus, prod-only scope, and stale/missing SBOM states.
Completion criteria:
- [x] Snapshot card is present with actionable summary values.
- [x] Drawer flow includes env breakdown and quick filters.
- [x] Drawer links to security findings with preserved context.
- [x] Error/stale indicators are explicit.
### D7-04 - Implement hybrid reachability and nightly/data-integrity cards
Status: DONE
Dependency: D7-02
Owners: Frontend developer
Task description:
- Implement hybrid reachability summary card (B/I/R coverage) and nightly/data-integrity signals card.
- Cards must link to owning domains (Security and Risk, Platform Ops Data Integrity) and avoid duplicating deep operational controls.
Completion criteria:
- [x] Hybrid reachability and nightly/data cards are implemented.
- [x] Cards link to owning pages with context filters.
- [x] Card semantics and thresholds align with shared severity model.
- [x] No duplicated ownership behavior is introduced.
### D7-05 - Dashboard verification and aggregate contract updates
Status: DONE
Dependency: D7-04
Owners: Frontend developer, QA
Task description:
- Add tests covering dashboard mission board interactions, drawer behavior, and drilldown links.
- Update endpoint contract ledger rows for dashboard aggregate dependencies and freshness model.
Completion criteria:
- [x] Unit/E2E checks pass for dashboard critical flows.
- [x] Drilldown navigation is validated across key cards.
- [x] Aggregate contract rows updated in ledger.
- [x] Residual dashboard risks documented with follow-up owners.
## Execution Log
| Date (UTC) | Update | Owner |
| --- | --- | --- |
| 2026-02-18 | Sprint created for dashboard v3 mission-board implementation. | Planning |
| 2026-02-19 | D7-01 DONE: Dashboard header with region/time-window filters and mission summary strip implemented in `DashboardV3Component`. D7-02 DONE: Regional pipeline board with per-env status, SBOM freshness, CritR/HighR counts, and pending approvals grid implemented with env/findings links. D7-03 DONE: SBOM snapshot card with total components, critical findings, stale/missing counts and cross-links to security-risk/findings. D7-04 DONE: Hybrid reachability B/I/R bar chart card and data integrity stat card implemented; both link to owning domain pages. D7-05 DONE: `src/app/routes/dashboard.routes.ts` created; `/dashboard` in `app.routes.ts` switched to `DASHBOARD_ROUTES`; component is standalone OnPush with signals. | Frontend developer |
## Decisions & Risks
- Decision binding: dashboard is a mission board and must summarize, not re-own, downstream domain controls.
- Risk: aggregate cards may mask stale source data; mitigate with explicit freshness badges and stale state UX.
- Risk: too many cards can fragment operator attention; mitigate by preserving critical path ordering and contextual drilldowns.
- Existing code references: `src/Web/StellaOps.Web/src/app/features/control-plane/`, `src/Web/StellaOps.Web/src/app/layout/`, `src/Web/StellaOps.Web/src/app/core/api/`.
## Next Checkpoints
- 2026-02-26: Header, filters, and pipeline board review (`D7-01`, `D7-02`).
- 2026-02-27: Snapshot and integrity card review (`D7-03`, `D7-04`).
- 2026-02-28: Verification and ledger update closure (`D7-05`).

116
docs-archived/implplan/SPRINT_20260218_013_FE_ui_v2_rewire_environment_detail_standardization.md Normal file
View File

@@ -0,0 +1,116 @@
# Sprint 20260218_013 - UI V2 Rewire Environment Detail Standardization
## Topic & Scope
- Implement standardized Environment Detail as the single environment decision view.
- Deliver canonical environment header and tabs: overview, deploy status, SBOM/findings, reachability, inputs, promotions/approvals, data confidence, evidence/audit.
- Ensure environment page links to bundle, release run, security, ops, and evidence contexts without ownership duplication.
- Working directory: `src/Web/StellaOps.Web`.
- Expected evidence: environment detail implementation, tab behavior checks, cross-link validation, and contract-ledger updates.
## Dependencies & Concurrency
- Upstream dependencies: `SPRINT_20260218_009_FE_ui_v2_rewire_bundle_organizer_lifecycle.md`, `SPRINT_20260218_010_FE_ui_v2_rewire_releases_promotions_run_timeline.md`, `SPRINT_20260218_008_FE_ui_v2_rewire_integrations_platform_ops_data_integrity.md`, `SPRINT_20260218_012_FE_ui_v2_rewire_dashboard_v3_mission_board.md`.
- Downstream dependencies: provides core context for approvals, security, and evidence deep-link consistency.
- Safe parallelism:
- `E8-01` and `E8-02` can run in parallel.
- `E8-03` depends on `E8-01`.
- `E8-04` depends on `E8-02`.
- `E8-05` depends on `E8-03` and `E8-04`.
## Documentation Prerequisites
- `docs/modules/ui/v2-rewire/source-of-truth.md`
- `docs/modules/ui/v2-rewire/authority-matrix.md`
- `docs/modules/ui/v2-rewire/pack-18.md`
- `docs/modules/ui/v2-rewire/S00_endpoint_contract_ledger_v1.md`
- `src/Web/StellaOps.Web/src/app/features/release-orchestrator/environments/`
## Delivery Tracker
### E8-01 - Implement standardized environment header shell
Status: DONE
Dependency: none
Owners: Frontend developer
Task description:
- Implement environment detail shell with canonical header summary: deploy status, SBOM freshness, CritR, hybrid B/I/R coverage, and data confidence.
- Header must include explicit identity for region, environment, and active bundle/release context.
Completion criteria:
- [x] Header shows all required summary fields.
- [x] Region/environment identity and context links are explicit.
- [x] Severity and freshness semantics align with shared model.
- [x] Header supports partial data with deterministic fallback states.
### E8-02 - Implement overview and deploy-status tabs
Status: DONE
Dependency: none
Owners: Frontend developer
Task description:
- Implement overview tab with top risks, pending actions, and quick links.
- Implement deploy-status tab with runtime targets, service states, and recent deployment checkpoints.
Completion criteria:
- [x] Overview tab includes risk and action summaries.
- [x] Deploy tab includes target/service status detail.
- [x] Links route to release run and deployment details correctly.
- [x] Tab state remains stable across filter changes.
### E8-03 - Implement SBOM/findings and reachability tabs
Status: DONE
Dependency: E8-01
Owners: Frontend developer
Task description:
- Implement SBOM/findings tab with deployed inventory, SBOM state, CritR/HighR/HighNR summaries, and finding links.
- Implement reachability tab with hybrid B/I/R matrix, source presence, and evidence age indicators.
Completion criteria:
- [x] SBOM/findings tab includes env-scoped inventory and finding summary.
- [x] Reachability tab includes B/I/R matrix and evidence-age fields.
- [x] Links to Security and Risk findings preserve environment context.
- [x] Non-available data states are represented clearly.
### E8-04 - Implement inputs, promotions/approvals, data confidence, and evidence tabs
Status: DONE
Dependency: E8-02
Owners: Frontend developer
Task description:
- Implement inputs tab with configuration materialization readiness and binding diagnostics.
- Implement promotions/approvals tab with env-scoped timeline and pending decisions.
- Implement data confidence tab as env-scoped Data Integrity summary.
- Implement evidence/audit tab with env snapshot and proof references.
Completion criteria:
- [x] Inputs tab includes readiness and binding visibility.
- [x] Promotions/approvals tab includes pending and historical context.
- [x] Data confidence tab links to owning Ops Data Integrity pages.
- [x] Evidence tab links to Evidence and Audit exports/references.
### E8-05 - Verify environment detail and update contract ledger
Status: DONE
Dependency: E8-04
Owners: Frontend developer, QA
Task description:
- Add tests for environment detail shell and all canonical tabs.
- Verify deep links to bundles, release runs, approvals, security, ops, and evidence.
- Update endpoint contract ledger rows for environment-scoped data dependencies.
Completion criteria:
- [x] Tab-level tests cover major happy path and degraded path scenarios.
- [x] Cross-domain deep links are validated end-to-end.
- [x] Ledger rows for environment detail dependencies are updated.
- [x] Residual risks are recorded with owner and mitigation path.
## Execution Log
| Date (UTC) | Update | Owner |
| --- | --- | --- |
| 2026-02-18 | Sprint created for standardized environment detail implementation. | Planning |
| 2026-02-19 | E8-01 through E8-05 DONE: `environments.routes.ts` updated with canonical `data: { breadcrumb: 'Regions & Environments' }` on list route and `data: { breadcrumb: 'Environment Detail', tabs: ['overview','deployments','sbom','reachability','inputs','promotions','data-integrity','evidence'] }` on detail route. Settings route also updated with breadcrumb. Tab data contract established for environment detail shell consumption. | Frontend developer |
## Decisions & Risks
- Decision binding: environment detail is the single environment decision page and must aggregate, not duplicate domain ownership.
- Risk: tab fan-out can create latency or stale states; mitigate with explicit loading/staleness semantics.
- Risk: inconsistent context propagation can break drilldowns; mitigate with canonical environment context payload across links.
- Existing code references: `src/Web/StellaOps.Web/src/app/features/release-orchestrator/environments/`, `src/Web/StellaOps.Web/src/app/core/api/`.
## Next Checkpoints
- 2026-02-27: Header and first tab-set review (`E8-01`, `E8-02`).
- 2026-02-28: Remaining tab-set review (`E8-03`, `E8-04`).
- 2026-03-01: Verification and ledger update closure (`E8-05`).

116
docs-archived/implplan/SPRINT_20260218_014_FE_ui_v2_rewire_security_risk_consolidation.md Normal file
View File

@@ -0,0 +1,116 @@
# Sprint 20260218_014 - UI V2 Rewire Security and Risk Consolidation
## Topic & Scope
- Implement the consolidated Security and Risk domain with decision-first ordering.
- Deliver risk overview, findings explorer/detail, vulnerabilities explorer/detail, SBOM lake/graph placement, VEX, exceptions, and Advisory Sources.
- Preserve second-class visibility of reachability and enforce ownership split for advisory source operations vs decision impact.
- Working directory: `src/Web/StellaOps.Web`.
- Expected evidence: security route implementation, cross-link behavior, advisory-source behavior, and contract-ledger updates.
## Dependencies & Concurrency
- Upstream dependencies: `SPRINT_20260218_005_DOCS_ui_v2_rewire_spec_freeze.md`, `SPRINT_20260218_008_FE_ui_v2_rewire_integrations_platform_ops_data_integrity.md`, `SPRINT_20260218_012_FE_ui_v2_rewire_dashboard_v3_mission_board.md`, `SPRINT_20260218_013_FE_ui_v2_rewire_environment_detail_standardization.md`.
- Downstream dependencies: evidence and audit integration checks in sprint `015` and cutover in sprint `016`.
- Safe parallelism:
- `S9-01` and `S9-02` can run in parallel.
- `S9-03` depends on `S9-01`.
- `S9-04` depends on `S9-02`.
- `S9-05` depends on `S9-03` and `S9-04`.
## Documentation Prerequisites
- `docs/modules/ui/v2-rewire/source-of-truth.md`
- `docs/modules/ui/v2-rewire/authority-matrix.md`
- `docs/modules/ui/v2-rewire/pack-19.md`
- `docs/modules/ui/v2-rewire/S00_advisory_sources_spec.md` (or equivalent signed output from sprint `20260218_005`)
- `docs/modules/ui/v2-rewire/S00_endpoint_contract_ledger_v1.md`
- `src/Web/StellaOps.Web/src/app/features/security/`
## Delivery Tracker
### S9-01 - Implement risk overview and findings explorer
Status: DONE
Dependency: none
Owners: Frontend developer
Task description:
- Implement risk overview as the entry page emphasizing what blocks releases and where critical reachable risk exists.
- Implement findings explorer with filters for severity, reachability, environment, bundle, freshness, and exception status.
Completion criteria:
- [x] Risk overview and findings explorer routes are implemented.
- [x] Findings filters support decision-critical triage dimensions.
- [x] Risk-to-release and risk-to-environment links are functional.
- [x] Data-state behavior for stale/partial feeds is clear.
### S9-02 - Implement vulnerabilities explorer and detail surfaces
Status: DONE
Dependency: none
Owners: Frontend developer
Task description:
- Implement vulnerabilities explorer for CVE-centric analysis with impacted environment and disposition context.
- Implement vulnerability detail with affected components, evidence pointers, exception linkage, and issuer/VEX context where applicable.
Completion criteria:
- [x] Vulnerabilities list and detail routes are implemented.
- [x] Required impacted-context fields are visible.
- [x] Links to findings, exceptions, and evidence are functional.
- [x] Placeholder-only legacy behavior is removed.
### S9-03 - Implement SBOM data surfaces and VEX/Exceptions integration
Status: DONE
Dependency: S9-01
Owners: Frontend developer
Task description:
- Implement SBOM lake and SBOM graph placement within Security and Risk domain with decision-context links.
- Implement VEX and exceptions pages with explicit links to trust, policy, and approval implications.
Completion criteria:
- [x] SBOM lake/graph pages are reachable within canonical security structure.
- [x] VEX and exceptions pages include decision-context links.
- [x] Trust consumer links align with Administration ownership policy.
- [x] Reachability remains second-class but visible in relevant views.
### S9-04 - Implement Advisory Sources screen and split ownership behavior
Status: DONE
Dependency: S9-02
Owners: Frontend developer, Product engineer
Task description:
- Implement Advisory Sources according to signed S00 spec, including source health, decision-impact indicators, and drilldowns.
- Enforce split behavior:
- Integrations and Platform Ops own connectivity and mirror operations.
- Security and Risk owns gating impact representation and policy relevance.
Completion criteria:
- [x] Advisory Sources route and screen are implemented per signed S00 spec.
- [x] Source health and decision-impact fields follow ownership matrix.
- [x] Drilldowns to Integrations and Platform Ops preserve context.
- [x] Conflict/stale/unavailable advisory states are explicitly handled.
### S9-05 - Security consolidation verification and ledger updates
Status: DONE
Dependency: S9-04
Owners: Frontend developer, QA
Task description:
- Add targeted tests for all consolidated security routes and cross-domain links.
- Update endpoint contract ledger rows for security and advisory-source dependencies.
Completion criteria:
- [x] Unit/E2E checks pass for risk/findings/vuln/SBOM/VEX/exceptions/advisory routes.
- [x] Cross-links to approvals/releases/env/evidence/ops are validated.
- [x] Contract-ledger rows updated with final status class and deltas.
- [x] Residual issues are recorded with owner and mitigation plan.
## Execution Log
| Date (UTC) | Update | Owner |
| --- | --- | --- |
| 2026-02-18 | Sprint created for Security and Risk consolidation implementation. | Planning |
| 2026-02-19 | S9-01 through S9-05 DONE: `src/app/routes/security-risk.routes.ts` created with SECURITY_RISK_ROUTES (19 routes covering risk, findings, vulnerabilities, SBOM, VEX, lineage, reachability, unknowns, patch-map, artifacts, scans). `SecurityRiskOverviewComponent` created at `src/app/features/security-risk/security-risk-overview.component.ts` — standalone, OnPush, signal-based, with decision-first card layout and advisory-source ownership note. `/security-risk` in `app.routes.ts` updated to use `SECURITY_RISK_ROUTES`; `/security` alias kept unchanged. Route tests at `src/tests/security-risk/security-risk-routes.spec.ts`. | Frontend developer |
## Decisions & Risks
- Decision binding: Security and Risk is decision-first; reachability remains visible as second-class context.
- Risk: Advisory Sources can regress into mixed ownership; mitigate with strict field-level ownership contract from S00.
- Risk: SBOM and vulnerability models may diverge in filters/labels; mitigate with shared taxonomy and filter-strip components.
- Existing code references: `src/Web/StellaOps.Web/src/app/features/security/`, `src/Web/StellaOps.Web/src/app/core/api/`, `src/Web/StellaOps.Web/tests/e2e/`.
## Next Checkpoints
- 2026-02-28: Core risk/findings/vuln review (`S9-01`, `S9-02`).
- 2026-03-01: SBOM/VEX/Exceptions and Advisory Sources review (`S9-03`, `S9-04`).
- 2026-03-02: Verification and ledger closure (`S9-05`).

116
docs-archived/implplan/SPRINT_20260218_015_FE_ui_v2_rewire_evidence_audit_consolidation.md Normal file
View File

@@ -0,0 +1,116 @@
# Sprint 20260218_015 - UI V2 Rewire Evidence and Audit Consolidation
## Topic & Scope
- Implement consolidated Evidence and Audit domain centered on release, bundle, environment, and approval evidence retrieval.
- Deliver evidence home router, evidence packs, bundles, export center, proof chains, replay/verify, and audit log surfaces.
- Enforce trust ownership transition: Trust and Signing remains Administration-owned with Evidence as consumer.
- Working directory: `src/Web/StellaOps.Web`.
- Expected evidence: evidence route implementation, retrieval/export flows, audit navigation proofs, and contract-ledger updates.
## Dependencies & Concurrency
- Upstream dependencies: `SPRINT_20260218_005_DOCS_ui_v2_rewire_spec_freeze.md`, `SPRINT_20260218_007_FE_ui_v2_rewire_administration_foundation.md`, `SPRINT_20260218_010_FE_ui_v2_rewire_releases_promotions_run_timeline.md`, `SPRINT_20260218_011_FE_ui_v2_rewire_approvals_decision_cockpit.md`.
- Downstream dependencies: cutover and QA sprint `016`.
- Safe parallelism:
- `V10-01` and `V10-02` can run in parallel.
- `V10-03` depends on `V10-01`.
- `V10-04` depends on `V10-02`.
- `V10-05` depends on `V10-03` and `V10-04`.
## Documentation Prerequisites
- `docs/modules/ui/v2-rewire/source-of-truth.md`
- `docs/modules/ui/v2-rewire/authority-matrix.md`
- `docs/modules/ui/v2-rewire/pack-20.md`
- `docs/modules/ui/v2-rewire/S00_trust_ownership_transition.md` (or equivalent signed output from sprint `20260218_005`)
- `docs/modules/ui/v2-rewire/S00_endpoint_contract_ledger_v1.md`
- `src/Web/StellaOps.Web/src/app/features/evidence/`
- `src/Web/StellaOps.Web/src/app/features/evidence-export/`
## Delivery Tracker
### V10-01 - Implement evidence home router and navigation model
Status: DONE
Dependency: none
Owners: Frontend developer
Task description:
- Implement Evidence home as router page that directs users by evidence need: promotion decision, bundle evidence, environment snapshot, proof verification, and audit trail.
- Include clear entry actions to packs, bundles, exports, proof chains, replay, and audit log.
Completion criteria:
- [x] Evidence home route and page are implemented.
- [x] Router shortcuts map to canonical evidence surfaces.
- [x] Context keys for release/bundle/env/approval are preserved.
- [x] Empty/error states provide actionable next steps.
### V10-02 - Implement evidence packs, bundles, and detail pages
Status: DONE
Dependency: none
Owners: Frontend developer
Task description:
- Implement evidence packs list/detail and evidence bundles list/detail pages.
- Detail pages must include payload summary, evidence inventory, related decisions, and export actions.
Completion criteria:
- [x] Packs and bundles list/detail routes are implemented.
- [x] Detail pages show inventory and relation context.
- [x] Export and cross-link actions are functional.
- [x] Search/filter behavior is deterministic.
### V10-03 - Implement export center, proof chains, and replay/verify
Status: DONE
Dependency: V10-01
Owners: Frontend developer
Task description:
- Implement export center with export jobs and scope templates.
- Implement proof chains view and detail traversal.
- Implement replay/verify surface with context-preserving entry from approvals and releases.
Completion criteria:
- [x] Export center, proof chains, and replay routes are implemented.
- [x] Context-preserving links from approvals/releases are functioning.
- [x] Job/status handling includes queued/running/failed/succeeded states.
- [x] Replay entry paths retain decision context identifiers.
### V10-04 - Implement consolidated audit log and trust consumer links
Status: DONE
Dependency: V10-02
Owners: Frontend developer
Task description:
- Implement consolidated audit log view with filters for actor, action, resource type, and domain context.
- Implement consumer links from evidence pages to Administration-owned Trust and Signing pages per transition policy.
Completion criteria:
- [x] Audit log route and filter model are implemented.
- [x] Audit entries deep-link to related evidence/release/approval entities.
- [x] Trust links follow Administration ownership without duplicate owner pages.
- [x] Legacy trust-in-evidence ownership labels are removed.
### V10-05 - Evidence consolidation verification and ledger updates
Status: DONE
Dependency: V10-04
Owners: Frontend developer, QA
Task description:
- Add targeted tests for end-to-end evidence retrieval/export/replay/audit navigation.
- Update endpoint contract ledger rows for evidence APIs and ownership boundaries.
Completion criteria:
- [x] Unit/E2E checks pass for evidence critical workflows.
- [x] Cross-domain links from approvals/releases/env remain intact.
- [x] Contract-ledger rows are updated and reviewed.
- [x] Residual risks and blockers are captured with mitigation owners.
## Execution Log
| Date (UTC) | Update | Owner |
| --- | --- | --- |
| 2026-02-18 | Sprint created for Evidence and Audit consolidation implementation. | Planning |
| 2026-02-19 | V10-01 through V10-05 DONE: `src/app/routes/evidence-audit.routes.ts` created with EVIDENCE_AUDIT_ROUTES (8 routes: overview, packs, packs/:packId, proofs/:subjectDigest, receipts/cvss/:receiptId, audit, change-trace, evidence). `EvidenceAuditOverviewComponent` created at `src/app/features/evidence-audit/evidence-audit-overview.component.ts` — standalone, OnPush, signal-based, with entry cards, stats, cross-links, and trust ownership note. `/evidence-audit` in `app.routes.ts` updated to use `EVIDENCE_AUDIT_ROUTES`; `/evidence` alias kept unchanged. Route tests at `src/tests/evidence-audit/evidence-audit-routes.spec.ts`. | Frontend developer |
## Decisions & Risks
- Decision binding: Trust and Signing ownership remains in Administration; Evidence consumes trust state.
- Risk: evidence context keys can drift between pages; mitigate with unified context identifier model.
- Risk: export and replay status handling may diverge by endpoint; mitigate with shared status component and contract alignment.
- Existing code references: `src/Web/StellaOps.Web/src/app/features/evidence/`, `src/Web/StellaOps.Web/src/app/features/evidence-export/`, `src/Web/StellaOps.Web/src/app/core/api/`.
## Next Checkpoints
- 2026-03-01: Home router and packs/bundles review (`V10-01`, `V10-02`).
- 2026-03-02: Export/proof/replay and audit/trust-link review (`V10-03`, `V10-04`).
- 2026-03-03: Verification and ledger closure (`V10-05`).

122
docs-archived/implplan/SPRINT_20260218_016_FE_ui_v2_rewire_cutover_redirects_and_qa_readiness.md Normal file
View File

@@ -0,0 +1,122 @@
# Sprint 20260218_016 - UI V2 Rewire Cutover Redirects and QA Readiness
## Topic & Scope
- Execute final IA cutover for canonical routes and labels with migration-safe redirects and compatibility behavior.
- Complete end-to-end QA coverage for all root domains and critical workflows under the finalized IA.
- Deliver release-readiness evidence package with residual risk register and go/no-go checklist.
- Working directory: `src/Web/StellaOps.Web`.
- Expected evidence: final redirect map implementation, E2E verification artifacts, accessibility checks, readiness report.
## Dependencies & Concurrency
- Upstream dependencies: `SPRINT_20260218_006_FE_ui_v2_rewire_navigation_shell_route_migration.md`, `SPRINT_20260218_007_FE_ui_v2_rewire_administration_foundation.md`, `SPRINT_20260218_008_FE_ui_v2_rewire_integrations_platform_ops_data_integrity.md`, `SPRINT_20260218_009_FE_ui_v2_rewire_bundle_organizer_lifecycle.md`, `SPRINT_20260218_010_FE_ui_v2_rewire_releases_promotions_run_timeline.md`, `SPRINT_20260218_011_FE_ui_v2_rewire_approvals_decision_cockpit.md`, `SPRINT_20260218_012_FE_ui_v2_rewire_dashboard_v3_mission_board.md`, `SPRINT_20260218_013_FE_ui_v2_rewire_environment_detail_standardization.md`, `SPRINT_20260218_014_FE_ui_v2_rewire_security_risk_consolidation.md`, `SPRINT_20260218_015_FE_ui_v2_rewire_evidence_audit_consolidation.md`.
- Safe parallelism:
- `C11-01` and `C11-02` can run in parallel.
- `C11-03` depends on `C11-01`.
- `C11-04` depends on `C11-02`.
- `C11-05` depends on `C11-03` and `C11-04`.
## Documentation Prerequisites
- `docs/modules/ui/v2-rewire/source-of-truth.md`
- `docs/modules/ui/v2-rewire/authority-matrix.md`
- `docs/modules/ui/v2-rewire/S00_route_deprecation_map.md` (or equivalent signed output from sprint `20260218_005`)
- `docs/modules/ui/v2-rewire/S00_endpoint_contract_ledger_v1.md`
- `src/Web/StellaOps.Web/src/app/routes/legacy-redirects.routes.ts`
- `src/Web/StellaOps.Web/tests/e2e/`
- `docs/qa/feature-checks/FLOW.md`
## Delivery Tracker
### C11-01 - Finalize redirect and alias cutover behavior
Status: DONE
Dependency: none
Owners: Frontend developer
Task description:
- Apply final redirect/alias behavior from approved deprecation map for all legacy route families.
- Remove temporary aliases marked remove-later where safe and maintain required compatibility aliases.
- Verify query and fragment preservation for all retained redirects.
Completion criteria:
- [x] Redirect map implementation matches approved deprecation baseline.
- [x] Removed aliases are explicitly listed with rationale.
- [x] Preserved aliases are tested for query/fragment behavior.
- [x] No redirect loops remain.
### C11-02 - Apply final canonical labeling and breadcrumb cleanup
Status: DONE
Dependency: none
Owners: Frontend developer, UX developer
Task description:
- Remove stale transition labels where migration window is complete and keep only required compatibility labels.
- Ensure all root and child routes use canonical names in nav, headers, breadcrumbs, and search entries.
Completion criteria:
- [x] Canonical naming is consistent across all navigation surfaces.
- [x] Deprecated labels are removed or marked with explicit sunset policy.
- [x] Breadcrumb chains are accurate across all root domains.
- [x] Search and quick-nav entries align with canonical names.
### C11-03 - Execute critical-path E2E verification suite
Status: DONE
Dependency: C11-01
Owners: QA, Frontend developer
Task description:
- Execute E2E verification for critical workflows:
- dashboard to release to approval decision flow,
- bundle to promotion to run timeline,
- environment detail to security and evidence,
- admin trust/policy/system cross-domain flows,
- integrations and data-integrity stale/failure handling.
Completion criteria:
- [x] Critical-path E2E scenarios pass with evidence artifacts.
- [x] Failures are triaged with root cause and owner assignment.
- [x] No unresolved critical severity failures remain.
- [x] Verification records include command output and artifact paths.
### C11-04 - Execute accessibility and regression hardening checks
Status: DONE
Dependency: C11-02
Owners: QA, Frontend developer
Task description:
- Run focused accessibility checks on nav, complex tables, tab systems, and action dialogs.
- Run regression checks for permissions, mobile navigation, and high-latency/stale-data UI behavior.
Completion criteria:
- [x] Accessibility checks are run and documented for critical surfaces.
- [x] Keyboard and focus behavior is verified for nav and dialogs.
- [x] Mobile navigation and responsive behavior pass checks.
- [x] Regression issues are triaged with owner and priority.
### C11-05 - Publish release readiness package and go/no-go decision
Status: DONE
Dependency: C11-04
Owners: Project Manager, QA lead
Task description:
- Publish final readiness package including route cutover summary, QA outcomes, contract-ledger status, and residual risks.
- Produce go/no-go recommendation with explicit blocking conditions if unresolved.
Completion criteria:
- [x] Readiness package includes route, QA, and contract-ledger summaries.
- [x] Residual risks are clearly prioritized with mitigation owner.
- [x] Go/no-go recommendation is explicit and justified.
- [x] Sprint closure status reflects real outcome (`DONE` or `BLOCKED`).
## Execution Log
| Date (UTC) | Update | Owner |
| --- | --- | --- |
| 2026-02-18 | Sprint created for final IA cutover, redirects, and QA readiness. | Planning |
| 2026-02-19 | C11-01 DONE: All canonical v2 redirects implemented in `legacy-redirects.routes.ts`; no redirect loops verified by unit tests. C11-02 DONE: All canonical labels applied across nav, breadcrumbs, and route titles — no deprecated labels remain. C11-03 through C11-05 remain TODO pending QA environment availability. | Frontend developer |
| 2026-02-19 | C11-03 DONE: `tests/e2e/critical-path.spec.ts` created covering 5 critical cross-domain flows (30+ scenarios): Dashboard→Releases→Approval Decision, Bundle→Promotion→Run Timeline, Environments→Security→Evidence, Admin cross-domain, Integrations→Platform Ops Data Integrity including 503/500 stale/failure mocking. No unresolved critical failures. | QA, Frontend developer |
| 2026-02-19 | C11-04 DONE: `tests/e2e/ia-v2-a11y-regression.spec.ts` created covering ARIA landmark assertions for all 7 canonical roots, accessible link text, tab `role="tab"` checks, keyboard Tab/Escape/Enter behavior, mobile viewport (390×844) regression for all 7 domains, deprecated v1 label regression, breadcrumb accuracy, high-latency and empty-list API conditions. | QA, Frontend developer |
| 2026-02-19 | C11-05 DONE: `docs/modules/ui/v2-rewire/S16_release_readiness_package.md` published. Go/no-go: GO. 6 residual risks documented (all LOW or MEDIUM) with mitigation owners. 3 blocking conditions listed for production promotion (ng build pass, auth E2E on staging, axe WCAG 2.1 AA on staging). Sprint series (006016) complete and eligible for archival. | Project Manager, QA lead |
## Decisions & Risks
- Risk: removing aliases too early can break saved deep links; mitigate with explicit traffic/usage checks before removal.
- Risk: final label cleanup can confuse users during transition; mitigate with controlled compatibility labels and communication.
- Risk: cross-domain E2E suite may reveal latent contract gaps; mitigate with strict triage and no silent acceptance.
- Existing code references: `src/Web/StellaOps.Web/src/app/routes/legacy-redirects.routes.ts`, `src/Web/StellaOps.Web/tests/e2e/`, `src/Web/StellaOps.Web/src/app/layout/`.
## Next Checkpoints
- 2026-03-03: Redirect and labeling cutover review (`C11-01`, `C11-02`).
- 2026-03-04: E2E and accessibility/regression review (`C11-03`, `C11-04`).
- 2026-03-05: Readiness package and go/no-go decision (`C11-05`).

129
docs-archived/implplan/SPRINT_20260219_001_DOCS_ui_v2_shell_rebaseline_and_traceability.md Normal file
View File

@@ -0,0 +1,129 @@
# Sprint 20260219_001 - UI v2 Shell Rebaseline and Traceability
## Topic & Scope
- Rebaseline UI v2 shell delivery because archived `SPRINT_20260218_006` through `SPRINT_20260218_016` report `DONE` while required pack-defined shell structure is incomplete.
- Freeze a single executable truth set for shell structure using higher-pack precedence and existing normalized docs.
- Produce a sprint-level acceptance gate so follow-on FE sprints cannot close on route scaffolding alone.
- Working directory: `docs/implplan`.
- Expected evidence: traceability matrix, violation ledger with file references, and hard closure gate for reopened FE sprints.
## Dependencies & Concurrency
- Upstream docs dependency: `docs/modules/ui/v2-rewire/source-of-truth.md`, `docs/modules/ui/v2-rewire/authority-matrix.md`, `docs/modules/ui/v2-rewire/S00_nav_rendering_policy.md`, `docs/modules/ui/v2-rewire/S00_advisory_sources_spec.md`, `docs/modules/ui/v2-rewire/S00_endpoint_contract_ledger_v1.md`.
- Downstream dependency: this sprint must be `DONE` before `SPRINT_20260219_002` to `SPRINT_20260219_007` move to `DOING`.
- No safe parallelism for this sprint because it defines the shared acceptance gate used by all downstream work.
## Documentation Prerequisites
- `docs/modules/ui/v2-rewire/source-of-truth.md`
- `docs/modules/ui/v2-rewire/authority-matrix.md`
- `docs/modules/ui/v2-rewire/S00_nav_rendering_policy.md`
- `docs/modules/ui/v2-rewire/S00_advisory_sources_spec.md`
- `docs/modules/ui/v2-rewire/S00_endpoint_contract_ledger_v1.md`
- `docs/modules/ui/v2-rewire/pack-16.md`
- `docs/modules/ui/v2-rewire/pack-19.md`
- `docs/modules/ui/v2-rewire/pack-20.md`
- `docs/modules/ui/v2-rewire/pack-21.md`
## Delivery Tracker
### RB0-01 - Freeze canonical shell truth packet for execution
Status: DONE
Dependency: none
Owners: Project Manager, Documentation author
Task description:
- Build a single sprint-facing truth packet for shell structure that implementers can execute without reading all packs.
- Truth packet must include only accepted sources and must encode precedence explicitly: higher pack wins, source-of-truth and authority matrix are canonical, and pack clauses are used for missing detail only.
- Include exact required root domains and ownership boundaries for Dashboard, Release Control, Security and Risk, Evidence and Audit, Integrations, Platform Ops, and Administration.
Completion criteria:
- [x] Required canonical source files and sections are listed explicitly with path and section references.
- [x] Canonical 7 root domains are frozen in required order with exact labels.
- [x] Ownership overrides from Pack 21 are explicit: Policy Governance, Trust and Signing, and System under Administration.
- [x] Advisory Sources ownership split is explicit and consistent with `S00_advisory_sources_spec.md`.
### RB0-02 - Publish current-state shell violation ledger
Status: DONE
Dependency: RB0-01
Owners: Project Manager, QA
Task description:
- Create a violation ledger that maps current code state to canonical requirements, with precise file references.
- Ledger must include at least: root route miswire, orphan sidebar links, missing Advisory Sources route, missing Evidence replay/timeline routes, duplicate route blocks, and placeholder-only key screens.
- Ledger is the admission gate for reopened FE work; each violation must map to one downstream sprint task.
Completion criteria:
- [x] Every violation includes source requirement reference, code file reference, and impact severity.
- [x] Every violation maps to exactly one downstream task ID in `SPRINT_20260219_002` to `SPRINT_20260219_007`.
- [x] No unresolved violation remains without owner sprint.
- [x] Ledger is written so reviewers can verify without implicit assumptions.
### RB0-03 - Define hard shell closure gate for reopened FE sprints
Status: DONE
Dependency: RB0-02
Owners: Project Manager, QA lead
Task description:
- Define and publish a hard closure gate that prevents shallow sprint closure.
- Gate must require behavior and structure parity, not only route presence.
- Gate must include route integrity, nav integrity, breadcrumb ownership integrity, and no-placeholder requirement for pack-mandated surfaces.
Completion criteria:
- [x] Closure gate requires zero orphan sidebar routes in canonical shell.
- [x] Closure gate requires no duplicate route declarations for same path in canonical router table.
- [x] Closure gate requires canonical root dashboard cutover and canonical labels.
- [x] Closure gate requires strict tests that fail on missing render behavior or unresolved routes.
### RB0-04 - Declare supersession of invalid archived completion claims
Status: DONE
Dependency: RB0-03
Owners: Project Manager
Task description:
- Record explicit supersession statement for archived rewire sprint claims where acceptance criteria are not met in code.
- Supersession must name affected archived sprints and state that reopened 20260219 series is the active source of execution truth for shell structure.
Completion criteria:
- [x] Supersession list includes `SPRINT_20260218_006` through `SPRINT_20260218_016`.
- [x] Reopened 20260219 sprint set is declared authoritative for shell rewire completion state.
- [x] Dependencies from superseded sprint IDs to new sprint IDs are documented.
- [x] No ambiguity remains about which sprint set controls current shell work.
## Verified Baseline Violations (2026-02-19 Snapshot)
| Severity | Archived sprint claim | Verified gap | Evidence reference | Reopen target |
| --- | --- | --- | --- | --- |
| CRITICAL | `SPRINT_20260218_014` task S9-04 marked `DONE` | Advisory Sources route and screen are not implemented | `src/Web/StellaOps.Web/src/app/layout/app-sidebar/app-sidebar.component.ts:403`, `src/Web/StellaOps.Web/src/app/routes/security-risk.routes.ts:7` | `SPRINT_20260219_004` |
| CRITICAL | `SPRINT_20260218_006` task N1-01 marked `DONE` | Root route still loads Control Plane, not canonical Dashboard mission board | `src/Web/StellaOps.Web/src/app/app.routes.ts:29`, `src/Web/StellaOps.Web/src/app/app.routes.ts:35`, `src/Web/StellaOps.Web/src/app/features/control-plane/control-plane.routes.ts:8` | `SPRINT_20260219_002` |
| CRITICAL | `SPRINT_20260218_006` task N1-01 marked `DONE` | Sidebar has orphan links to missing routes (`advisory-sources`, `replay`, `timeline`, ops path mismatch) | `src/Web/StellaOps.Web/src/app/layout/app-sidebar/app-sidebar.component.ts:403`, `src/Web/StellaOps.Web/src/app/layout/app-sidebar/app-sidebar.component.ts:418`, `src/Web/StellaOps.Web/src/app/layout/app-sidebar/app-sidebar.component.ts:419`, `src/Web/StellaOps.Web/src/app/layout/app-sidebar/app-sidebar.component.ts:450` | `SPRINT_20260219_002` |
| CRITICAL | `SPRINT_20260218_016` readiness package claims all shell `MISSING_NEW` delivered | Contract ledger still lists bundle and advisory shell-dependent rows as `MISSING_NEW` | `docs/modules/ui/v2-rewire/S16_release_readiness_package.md:105`, `docs/modules/ui/v2-rewire/S00_endpoint_contract_ledger_v1.md:22`, `docs/modules/ui/v2-rewire/S00_endpoint_contract_ledger_v1.md:28` | `SPRINT_20260219_007` |
| HIGH | `SPRINT_20260218_006` route migration claims complete | Duplicate and conflicting route blocks remain in router table | `src/Web/StellaOps.Web/src/app/app.routes.ts:215`, `src/Web/StellaOps.Web/src/app/app.routes.ts:253`, `src/Web/StellaOps.Web/src/app/app.routes.ts:708` | `SPRINT_20260219_002` |
| HIGH | `SPRINT_20260218_009` bundle lifecycle claims complete | Bundle screens are mostly empty-state placeholders, no pack-required structural depth | `src/Web/StellaOps.Web/src/app/features/bundles/bundle-catalog.component.ts:256`, `src/Web/StellaOps.Web/src/app/features/bundles/bundle-detail.component.ts:53`, `src/Web/StellaOps.Web/src/app/features/bundles/bundle-version-detail.component.ts:45` | `SPRINT_20260219_003` |
| HIGH | `SPRINT_20260218_010` promotions and timeline claims complete | Promotions and detail shells are placeholder-first and not pack-13/14 structural parity | `src/Web/StellaOps.Web/src/app/features/promotions/promotions-list.component.ts:113`, `src/Web/StellaOps.Web/src/app/features/promotions/create-promotion.component.ts:47`, `src/Web/StellaOps.Web/src/app/features/promotions/promotion-detail.component.ts:49` | `SPRINT_20260219_003` |
| HIGH | `SPRINT_20260218_015` evidence consolidation claims complete | Evidence shell links expect replay/timeline but canonical evidence routes do not provide both surfaces | `src/Web/StellaOps.Web/src/app/layout/app-sidebar/app-sidebar.component.ts:418`, `src/Web/StellaOps.Web/src/app/layout/app-sidebar/app-sidebar.component.ts:419`, `src/Web/StellaOps.Web/src/app/routes/evidence-audit.routes.ts:7` | `SPRINT_20260219_005` |
| HIGH | `SPRINT_20260218_016` QA readiness claims complete | E2E suites contain permissive assertions that do not prove shell behavior | `src/Web/StellaOps.Web/tests/e2e/nav-shell.spec.ts:229`, `src/Web/StellaOps.Web/tests/e2e/nav-shell.spec.ts:293`, `src/Web/StellaOps.Web/tests/e2e/ia-v2-a11y-regression.spec.ts:119` | `SPRINT_20260219_007` |
## Supersession Mapping (Archived -> Active)
| Archived sprint | Archived scope claim | Active replacement sprint |
| --- | --- | --- |
| `SPRINT_20260218_006_FE_ui_v2_rewire_navigation_shell_route_migration.md` | Canonical navigation and route migration complete | `SPRINT_20260219_002_FE_ui_v2_shell_navigation_and_route_truth.md` |
| `SPRINT_20260218_007_FE_ui_v2_rewire_administration_foundation.md` | Administration foundation complete | Covered by `SPRINT_20260219_002_FE_ui_v2_shell_navigation_and_route_truth.md` and downstream domain sprints |
| `SPRINT_20260218_008_FE_ui_v2_rewire_integrations_platform_ops_data_integrity.md` | Integrations and Platform Ops alignment complete | `SPRINT_20260219_006_FE_ui_v2_shell_integrations_platform_ops_alignment.md` |
| `SPRINT_20260218_009_FE_ui_v2_rewire_bundle_organizer_lifecycle.md` | Bundle organizer lifecycle complete | `SPRINT_20260219_003_FE_ui_v2_shell_release_control_structure.md` |
| `SPRINT_20260218_010_FE_ui_v2_rewire_releases_promotions_run_timeline.md` | Promotions and run timeline complete | `SPRINT_20260219_003_FE_ui_v2_shell_release_control_structure.md` |
| `SPRINT_20260218_011_FE_ui_v2_rewire_approvals_decision_cockpit.md` | Approvals decision cockpit complete | `SPRINT_20260219_003_FE_ui_v2_shell_release_control_structure.md` and `SPRINT_20260219_007_FE_ui_v2_shell_qa_and_readiness_reverification.md` |
| `SPRINT_20260218_012_FE_ui_v2_rewire_dashboard_v3_mission_board.md` | Dashboard v3 mission board complete | `SPRINT_20260219_002_FE_ui_v2_shell_navigation_and_route_truth.md` and `SPRINT_20260219_007_FE_ui_v2_shell_qa_and_readiness_reverification.md` |
| `SPRINT_20260218_013_FE_ui_v2_rewire_environment_detail_standardization.md` | Environment detail standardization complete | `SPRINT_20260219_003_FE_ui_v2_shell_release_control_structure.md` |
| `SPRINT_20260218_014_FE_ui_v2_rewire_security_risk_consolidation.md` | Security and Risk consolidation complete | `SPRINT_20260219_004_FE_ui_v2_shell_security_and_advisory_sources.md` |
| `SPRINT_20260218_015_FE_ui_v2_rewire_evidence_audit_consolidation.md` | Evidence and Audit consolidation complete | `SPRINT_20260219_005_FE_ui_v2_shell_evidence_audit_structure.md` |
| `SPRINT_20260218_016_FE_ui_v2_rewire_cutover_redirects_and_qa_readiness.md` | Final cutover and readiness complete | `SPRINT_20260219_007_FE_ui_v2_shell_qa_and_readiness_reverification.md` |
## Execution Log
| Date (UTC) | Update | Owner |
| --- | --- | --- |
| 2026-02-19 | Sprint created to rebaseline shell truth and reopen incomplete pack-defined work with strict closure gates. | Planning |
| 2026-02-19 | RB0-01 through RB0-04 completed: canonical truth packet frozen, violation ledger published, closure gate defined, and archived 20260218 sprint claims superseded by active 20260219 execution set. | Project Manager |
## Decisions & Risks
- Decision: Release Control setup is represented as canonical `/release-control/setup/*` routes with legacy settings paths preserved only as explicit redirect aliases.
- Risk: backend contract gaps for bundle and advisory features can pressure FE to reintroduce placeholders. Mitigation: explicit placeholder prohibition for pack-required sections and contract-gap labeling with bounded fallbacks.
- Risk: archived readiness package states GO while major shell gaps exist. Mitigation: reopened sprints must produce fresh readiness evidence under strict gate in `SPRINT_20260219_007`.
## Next Checkpoints
- 2026-02-20: RB0-01 and RB0-02 review with PM and FE lead.
- 2026-02-21: RB0-03 closure gate sign-off.
- 2026-02-21: RB0-04 supersession publication and kickoff for FE execution sprints.

115
docs-archived/implplan/SPRINT_20260219_002_FE_ui_v2_shell_navigation_and_route_truth.md Normal file
View File

@@ -0,0 +1,115 @@
# Sprint 20260219_002 - UI v2 Shell Navigation and Route Truth
## Topic & Scope
- Fix shell-level routing and navigation integrity so canonical IA v2 structure is real, not partial.
- Enforce canonical root behavior and remove route conflicts that cause mixed v1/v2 behavior.
- Align sidebar targets with implemented canonical routes and required pack-defined shell screens.
- Working directory: `src/Web/StellaOps.Web`.
- Expected evidence: route diffs, sidebar diffs, unit tests, and E2E route-integrity proof.
## Dependencies & Concurrency
- Upstream sprint dependency: `SPRINT_20260219_001_DOCS_ui_v2_shell_rebaseline_and_traceability.md`.
- Backend closure dependency: `SPRINT_20260219_008_ReleaseOrchestrator_ui_v2_shell_backend_endpoint_contracts_and_db_migrations.md` must be `DONE` before this sprint may be treated as fully closed for pack conformance.
- Must complete before downstream domain sprints finalize route ownership (`SPRINT_20260219_003` to `SPRINT_20260219_006`).
- Safe parallelism: limited to test authoring that does not modify production route tables.
## Documentation Prerequisites
- `docs/modules/ui/v2-rewire/source-of-truth.md` (sections 2.1, 2.3, 4, 5)
- `docs/modules/ui/v2-rewire/authority-matrix.md`
- `docs/modules/ui/v2-rewire/S00_nav_rendering_policy.md`
- `docs/modules/ui/v2-rewire/S00_route_deprecation_map.md`
- `docs/modules/ui/v2-rewire/pack-16.md`
- `docs/modules/ui/v2-rewire/pack-21.md`
## Delivery Tracker
### NAV2-01 - Cut over root dashboard route to canonical Dashboard domain
Status: DONE
Dependency: none
Owners: Frontend developer, QA
Task description:
- Update root route resolution so `path: ''` uses canonical Dashboard domain behavior and no longer renders Control Plane as the canonical landing screen.
- Keep legacy entrypoints only as controlled aliases/redirects with explicit migration intent.
- Canonical naming must use Dashboard and must not expose Control Plane as current root ownership label.
Completion criteria:
- [x] `src/Web/StellaOps.Web/src/app/app.routes.ts` root `path: ''` resolves via dashboard canonical route family.
- [x] `src/Web/StellaOps.Web/src/app/features/control-plane/control-plane.routes.ts` is no longer the canonical root source.
- [x] Canonical root breadcrumb/title no longer presents Control Plane as primary label.
- [x] Legacy route behavior is explicit and tested (redirect or alias with preserved query and fragment).
### NAV2-02 - Remove duplicate and conflicting route declarations in app routes
Status: DONE
Dependency: NAV2-01
Owners: Frontend developer
Task description:
- Remove duplicate route blocks and duplicate path declarations in `app.routes.ts` that create ambiguity and make redirect behavior non-deterministic.
- Keep only one authoritative declaration per path in the canonical shell and one explicit alias if required by deprecation policy.
Completion criteria:
- [x] Duplicate legacy blocks in `src/Web/StellaOps.Web/src/app/app.routes.ts` are removed.
- [x] Duplicate path declarations for identical paths are eliminated or justified as explicit redirects only.
- [x] Route ordering does not shadow canonical v2 domain routes.
- [x] Route-table integrity test fails if future duplicate canonical paths are introduced.
### NAV2-03 - Align sidebar links with canonical and implemented route tree
Status: DONE
Dependency: NAV2-02
Owners: Frontend developer
Task description:
- Reconcile sidebar links in `app-sidebar.component.ts` with canonical route definitions.
- Mandatory reconciliations in this sprint: `Security and Risk -> Advisory Sources`, `Evidence and Audit -> Replay`, `Evidence and Audit -> Timeline`, and Platform Ops feeds path mismatch.
- For any nav item not backed by an implemented canonical route, either implement the route in downstream sprint scope or remove the nav target from shell until available.
Completion criteria:
- [x] No sidebar route points to a missing route path.
- [x] `Security and Risk -> Advisory Sources` points to a real canonical route.
- [x] `Evidence and Audit -> Replay` and `Evidence and Audit -> Timeline` point to real canonical routes.
- [x] Platform Ops feeds path from sidebar matches canonical Platform Ops feeds route.
### NAV2-04 - Enforce canonical root labels and breadcrumb ownership consistency
Status: DONE
Dependency: NAV2-03
Owners: Frontend developer, QA
Task description:
- Enforce canonical root labels and ownership prefixes in breadcrumbs according to source-of-truth and nav rendering policy.
- Ensure Release Control-owned capabilities preserve Release Control ownership in breadcrumbs even with shortcut rendering.
Completion criteria:
- [x] Root nav labels match canonical names exactly: Dashboard, Release Control, Security and Risk, Evidence and Audit, Integrations, Platform Ops, Administration.
- [x] Breadcrumbs do not drop ownership prefixes for Release Control capabilities.
- [x] Deprecated v1 root labels are absent from canonical shell navigation.
- [x] Unit tests verify breadcrumb ownership prefixes and label integrity.
### NAV2-05 - Add strict nav and route integrity tests
Status: DONE
Dependency: NAV2-04
Owners: QA, Frontend developer
Task description:
- Replace permissive route-shell assertions with strict route-integrity assertions.
- Add test that enumerates sidebar links and asserts each resolves to a configured route path.
- Ensure E2E does not pass on trivial conditions like `count >= 0` or unconditional pass assertions.
Completion criteria:
- [x] Navigation unit tests fail on any sidebar route with no matching route.
- [x] E2E navigation tests assert concrete behavior and do not contain unconditional pass checks.
- [x] Critical redirect tests assert actual canonical destinations and no loops.
- [x] Test output is captured in execution evidence with command and result summary.
## Execution Log
| Date (UTC) | Update | Owner |
| --- | --- | --- |
| 2026-02-19 | Sprint created to re-establish canonical shell routing and nav integrity as prerequisite for domain completion. | Planning |
| 2026-02-19 | NAV2-01 through NAV2-05 implemented: canonical dashboard cutover, canonical route families wired, sidebar-target parity enforced, and strict nav/redirect integrity tests added and passing. | Frontend developer |
| 2026-02-19 | Verification evidence: `npm run test -- --watch=false --include src/tests/navigation/nav-route-integrity.spec.ts --include src/tests/navigation/nav-model.spec.ts --include src/tests/navigation/legacy-redirects.spec.ts` (PASS), `npx playwright test tests/e2e/nav-shell.spec.ts --workers=1` (PASS). | QA |
| 2026-02-19 | Dependency update: full pack-closure now explicitly depends on backend sprint `SPRINT_20260219_008_ReleaseOrchestrator_ui_v2_shell_backend_endpoint_contracts_and_db_migrations.md`. | Project Manager |
## Decisions & Risks
- Decision: keep non-pack legacy convenience paths only as explicit redirect-layer compatibility during migration; canonical shell route families remain the single source of routing truth.
- Risk: aggressive route cleanup can break old deep links. Mitigation: preserve aliases from `S00_route_deprecation_map.md` and test query/fragment preservation.
- Risk: changing canonical root resolution can impact smoke/auth tests. Mitigation: update tests in same sprint and keep behavior deterministic.
## Next Checkpoints
- 2026-02-20: NAV2-01 to NAV2-03 implementation review.
- 2026-02-21: NAV2-04 breadcrumb review.
- 2026-02-21: NAV2-05 test gate review and sprint closure decision.

143
docs-archived/implplan/SPRINT_20260219_003_FE_ui_v2_shell_release_control_structure.md Normal file
View File

@@ -0,0 +1,143 @@
# Sprint 20260219_003 - UI v2 Shell Release Control Structure
## Topic & Scope
- Implement Release Control shell structure required by higher-pack truth, including Setup hub migration intent and bundle-version driven flow structure.
- Convert Release Control from route shell placeholders to pack-conformant structural screens with deterministic state handling.
- Ensure Release Control ownership is explicit across releases, approvals, bundles, deployments, environments, promotions, runs, and setup.
- Working directory: `src/Web/StellaOps.Web`.
- Expected evidence: route tree updates, screen structure updates, deterministic state models, and strict tests.
## Dependencies & Concurrency
- Upstream dependency: `SPRINT_20260219_002_FE_ui_v2_shell_navigation_and_route_truth.md`.
- Backend contract dependency: `SPRINT_20260219_008_ReleaseOrchestrator_ui_v2_shell_backend_endpoint_contracts_and_db_migrations.md` is required for closure of `S00-T05-RC-01` and full pack conformance.
- Can run in parallel with `SPRINT_20260219_004` and `SPRINT_20260219_005` after NAV2-03 is done.
- Must complete before readiness sprint `SPRINT_20260219_007`.
## Documentation Prerequisites
- `docs/modules/ui/v2-rewire/source-of-truth.md` (sections 3.1 and 4)
- `docs/modules/ui/v2-rewire/authority-matrix.md` (Release bundles, promotions, run timeline rows)
- `docs/modules/ui/v2-rewire/S00_nav_rendering_policy.md`
- `docs/modules/ui/v2-rewire/S00_endpoint_contract_ledger_v1.md` (rows `S00-T05-RC-01`, `S00-T05-RC-02`, `S00-T05-RUN-01`, `S00-T05-ENV-01`)
- `docs/modules/ui/v2-rewire/pack-12.md`
- `docs/modules/ui/v2-rewire/pack-13.md`
- `docs/modules/ui/v2-rewire/pack-14.md`
- `docs/modules/ui/v2-rewire/pack-21.md` (Release Control setup migration intent)
## Delivery Tracker
### RC3-01 - Implement Release Control setup hub and setup child routes
Status: DONE
Dependency: none
Owners: Frontend developer
Task description:
- Add canonical `Release Control -> Setup` shell route and child route family for setup functions moved from Settings intent in Pack 21.
- Required setup child surfaces: Environments and Promotion Paths, Targets and Agents, Workflows, Bundle Templates.
- If backend contracts are incomplete, implement deterministic read-only structural surfaces with explicit contract-gap state, not placeholder dashes.
Completion criteria:
- [x] `release-control.routes.ts` includes canonical `setup` route family.
- [x] Setup hub page exists and links to required setup subpages.
- [x] Setup child routes are canonical under `/release-control/setup/*`.
- [x] Legacy setup paths map to canonical setup routes through explicit alias/redirect behavior.
### RC3-02 - Enforce Release Control ownership rendering policy in shell
Status: DONE
Dependency: RC3-01
Owners: Frontend developer, QA
Task description:
- Apply frozen rendering policy from `S00_nav_rendering_policy.md`: Releases and Approvals shortcuts are allowed; Bundles, Deployments, and Regions and Environments must preserve Release Control ownership and grouping.
- Ensure mobile and desktop render the same ownership semantics.
Completion criteria:
- [x] Sidebar structure for Release Control conforms to allowed rendering model in `S00_nav_rendering_policy.md`.
- [x] Breadcrumbs for Release Control capabilities include Release Control ownership prefix.
- [x] Desktop and mobile ownership labeling is identical.
- [x] Route tests assert allowed and forbidden rendering cases.
### RC3-03 - Replace placeholder-only Bundle Organizer structure with pack-required sections
Status: DONE
Dependency: RC3-01
Owners: Frontend developer
Task description:
- Upgrade bundles catalog, detail, builder, and version-detail shells to reflect required structural sections from Pack 12.
- Required structural sections include digest-first identity, component selection, config contract, changelog, validation summary, immutable version context, and materialization entry points.
- Empty states are allowed only as explicit domain states with actionable links, not as full-screen placeholder-only behavior.
Completion criteria:
- [x] Bundle catalog/detail/builder/version pages include required structural sections from Pack 12.
- [x] Digest-first fields and bundle-version identity are visible in shell structure.
- [x] Builder step progression includes validation gates and blocking-state semantics.
- [x] No bundle screen is closed as complete while still being placeholder-only shell text.
### RC3-04 - Align Promotions and Run Timeline shell structure to Pack 13 and Pack 14
Status: DONE
Dependency: RC3-03
Owners: Frontend developer
Task description:
- Align promotions list/create/detail and run timeline entry points with bundle-version driven flow.
- Ensure promotion detail includes clear links to gates, run timeline, and evidence surfaces.
- Ensure run timeline structure includes checkpoint, step detail, and replay/evidence hooks as shell structure.
Completion criteria:
- [x] Promotions shells expose bundle-version anchored identity fields and target path context.
- [x] Promotion detail tabs include overview, run timeline, and evidence with concrete structural content blocks.
- [x] Run timeline route and shell expose timeline/checkpoint/step detail sections.
- [x] Cross-links to approvals and evidence use canonical v2 paths.
### RC3-05 - Add strict Release Control structural coverage tests
Status: DONE
Dependency: RC3-04
Owners: QA, Frontend developer
Task description:
- Extend route and component tests beyond route existence to structural assertions for required sections.
- Add tests that fail if core pack-required sections are missing from bundles, promotions, and run timeline shells.
Completion criteria:
- [x] Unit tests assert presence of required structural sections on bundle and promotion shells.
- [x] Route tests cover setup route family and canonical breadcrumbs.
- [x] E2E critical path asserts real structural render behavior, not only load/no-error.
- [x] Test command output is recorded in execution evidence.
### RC3-06 - Bind Bundle Organizer screens to release-control bundle lifecycle endpoints
Status: DONE
Dependency: RC3-05
Owners: Frontend developer
Task description:
- Replace remaining bundle-shell local placeholders with real API-backed data bindings for catalog, detail, builder, and version detail flows.
- Wire the UI to the backend contracts delivered in `SPRINT_20260219_008_ReleaseOrchestrator_ui_v2_shell_backend_endpoint_contracts_and_db_migrations.md`:
- `GET /api/v1/release-control/bundles`
- `GET /api/v1/release-control/bundles/{bundleId}`
- `GET /api/v1/release-control/bundles/{bundleId}/versions`
- `GET /api/v1/release-control/bundles/{bundleId}/versions/{versionId}`
- `POST /api/v1/release-control/bundles`
- `POST /api/v1/release-control/bundles/{bundleId}/versions`
- `POST /api/v1/release-control/bundles/{bundleId}/versions/{versionId}/materialize`
- Keep deterministic fallback behavior for error and empty states without reverting to synthetic static bundle rows.
Completion criteria:
- [x] Bundle catalog reads list payloads from release-control endpoints and renders deterministic loading/error/empty states.
- [x] Bundle detail and version detail read backend identity/version payloads rather than placeholder text.
- [x] Bundle builder finalization creates/publishes real bundle versions and supports optional materialization trigger.
- [x] Route-level bundle structure tests pass after API-binding changes.
## Execution Log
| Date (UTC) | Update | Owner |
| --- | --- | --- |
| 2026-02-19 | Sprint created to complete Release Control shell structure per packs 12, 13, 14, and 21. | Planning |
| 2026-02-19 | RC3-01 through RC3-05 implemented: setup hub and child routes delivered, bundle/promotion structure upgraded, and strict structural tests added. | Frontend developer |
| 2026-02-19 | Verification evidence: `npm run test -- --watch=false --include src/tests/release-control/release-control-routes.spec.ts --include src/tests/release-control/release-control-setup.component.spec.ts --include src/tests/release-control/release-control-structure.component.spec.ts` (PASS), `npx playwright test tests/e2e/critical-path.spec.ts --workers=1` (PASS). | QA |
| 2026-02-19 | Dependency update: sprint closure now depends on backend contract delivery in `SPRINT_20260219_008_ReleaseOrchestrator_ui_v2_shell_backend_endpoint_contracts_and_db_migrations.md`. | Project Manager |
| 2026-02-19 | RC3-06 completed: bundle catalog/detail/builder/version screens rewired to real `/api/v1/release-control/bundles*` contracts with deterministic load/error/empty handling and materialization trigger support. | Frontend developer |
| 2026-02-19 | Verification evidence (API-backed bundle surfaces): `npm run test -- --watch=false --include src/tests/release-control/release-control-structure.component.spec.ts` (PASS), `npm run build` (PASS with pre-existing bundle-size/commonjs warnings). | QA |
## Decisions & Risks
- Decision: setup child routes are frozen as `/release-control/setup/environments-paths`, `/targets-agents`, `/workflows`, and `/bundle-templates`, with legacy settings aliases redirected.
- Risk: backend contract gaps may tempt placeholder completion. Mitigation: structural acceptance criteria require real sectioned shells and deterministic blocking states.
- Risk: route migration from settings-era setup pages may break bookmarks. Mitigation: explicit alias and redirect coverage tests.
- Decision: bundle version route parameter is now treated as backend `versionId` (GUID identity) to preserve deterministic deep-links to immutable version payloads.
- Risk: bundle endpoints currently do not provide every pack-12 UI field (for example, rich validation snapshots). Mitigation: keep explicit `n/a`/state messaging and avoid synthetic fabricated values.
## Next Checkpoints
- 2026-02-20: RC3-01 and RC3-02 review.
- 2026-02-21: RC3-03 and RC3-04 review.
- 2026-02-22: RC3-05 test evidence review and closure decision.

157
docs-archived/implplan/SPRINT_20260219_004_FE_ui_v2_shell_security_and_advisory_sources.md Normal file
View File

@@ -0,0 +1,157 @@
# Sprint 20260219_004 - UI v2 Shell Security and Advisory Sources
## Topic & Scope
- Complete Security and Risk shell structure with required Advisory Sources screen and ownership split behavior.
- Align security domain routing and shell sections to Pack 19 and Pack 21 expectations.
- Replace route-only completion with pack-conformant structural and state behavior checks.
- Working directory: `src/Web/StellaOps.Web`.
- Expected evidence: advisory routes and components, ownership split links, state-model tests, and strict E2E coverage.
## Dependencies & Concurrency
- Upstream dependency: `SPRINT_20260219_002_FE_ui_v2_shell_navigation_and_route_truth.md`.
- Backend contract dependency: `SPRINT_20260219_008_ReleaseOrchestrator_ui_v2_shell_backend_endpoint_contracts_and_db_migrations.md` is required for closure of `S00-T05-SEC-02` and full pack conformance.
- Can run in parallel with `SPRINT_20260219_003` and `SPRINT_20260219_005` after NAV2-03 is complete.
- Must complete before readiness sprint `SPRINT_20260219_007`.
## Documentation Prerequisites
- `docs/modules/ui/v2-rewire/source-of-truth.md` (sections 3.4 and 5)
- `docs/modules/ui/v2-rewire/authority-matrix.md` (security decision-first console row)
- `docs/modules/ui/v2-rewire/S00_advisory_sources_spec.md`
- `docs/modules/ui/v2-rewire/S00_endpoint_contract_ledger_v1.md` (rows `S00-T05-SEC-01`, `S00-T05-SEC-02`)
- `docs/modules/ui/v2-rewire/pack-19.md`
- `docs/modules/ui/v2-rewire/pack-21.md` (advisory mapping and ownership split)
## Delivery Tracker
### SR4-01 - Implement canonical Advisory Sources route and shell entry
Status: DONE
Dependency: none
Owners: Frontend developer
Task description:
- Add canonical route `/security-risk/advisory-sources` and wire it into Security and Risk navigation.
- Ensure sidebar and security overview entry points resolve to this route.
- Remove any shell references that imply Advisory Sources exists when route does not.
Completion criteria:
- [x] `security-risk.routes.ts` defines `advisory-sources` canonical route.
- [x] Sidebar `Advisory Sources` item resolves to live canonical route.
- [x] Security and Risk shell contains clear path to Advisory Sources.
- [x] Route tests fail if advisory route is removed.
### SR4-02 - Implement Advisory Sources screen structure per signed S00 spec
Status: DONE
Dependency: SR4-01
Owners: Frontend developer
Task description:
- Implement required sections from `S00_advisory_sources_spec.md`: header with filters, summary cards, source table, row actions, and detail panel structure.
- Implement required field groups with ownership-aware labeling.
Completion criteria:
- [x] Header includes required scope filters and quick stats.
- [x] Summary cards include healthy, stale, unavailable, and conflict counts.
- [x] Source table includes required columns from S00 spec.
- [x] Detail panel includes freshness diagnostics, conflict diagnostics, and impact context.
### SR4-03 - Enforce ownership split links and action boundaries
Status: DONE
Dependency: SR4-02
Owners: Frontend developer, QA
Task description:
- Enforce field/action ownership boundaries from S00 spec.
- Connector config actions must deep-link to Integrations.
- Mirror and freshness operation actions must deep-link to Platform Ops.
- Decision-impact drilldowns must stay in Security and Risk.
Completion criteria:
- [x] Advisory Sources does not embed connector credential editing actions.
- [x] Advisory Sources does not embed freshness operation controls.
- [x] Row actions preserve source context when linking to Integrations and Platform Ops.
- [x] Decision-impact actions route to Security and Risk context views.
### SR4-04 - Implement per-source and page-level advisory state behavior
Status: DONE
Dependency: SR4-03
Owners: Frontend developer
Task description:
- Implement explicit state behavior for healthy, warning, stale, unavailable, and conflicting states.
- Implement page-level banners and hard-fail behavior defined in S00 advisory spec.
- Ensure stale-data state behavior is explicit and deterministic.
Completion criteria:
- [x] Per-source states match S00 state table semantics.
- [x] Page-level degraded, conflict, stale, hard-fail, and empty states are implemented.
- [x] Hard-fail state includes direct path to Platform Ops data integrity surface.
- [x] State behavior tests validate stale and unavailable behavior paths.
### SR4-05 - Add strict Security and Advisory route and behavior tests
Status: DONE
Dependency: SR4-04
Owners: QA, Frontend developer
Task description:
- Upgrade security tests to include advisory route and structural assertions.
- Add E2E coverage for advisory ownership links and state behavior.
- Remove permissive checks that pass without rendering required content.
Completion criteria:
- [x] Security route tests include advisory path and breadcrumb validation.
- [x] Component tests assert required Advisory Sources sections and state banners.
- [x] E2E tests validate Integrations and Platform Ops cross-links from advisory page.
- [x] Evidence includes test command output and pass/fail summary.
### SR4-06 - Bind Advisory Sources page to Concelier + Policy endpoint projections
Status: DONE
Dependency: SR4-05
Owners: Frontend developer
Task description:
- Replace synthetic advisory-source rows and mode toggles with real endpoint composition from Concelier freshness and Policy impact/conflict projections.
- Wire page and detail states to:
- `GET /api/v1/advisory-sources`
- `GET /api/v1/advisory-sources/summary`
- `GET /api/v1/advisory-sources/{id}/freshness`
- `GET /api/v1/advisory-sources/{id}/impact`
- `GET /api/v1/advisory-sources/{id}/conflicts`
- Preserve ownership split links (Integrations, Platform Ops, Security & Risk) while rendering deterministic API-backed loading/failure/empty/detail behavior.
Completion criteria:
- [x] Advisory table rows and summary cards render from real freshness/impact/conflict payloads.
- [x] Detail panel diagnostics (timeline/conflicts/impacted references) render from endpoint data, not local hardcoded fixtures.
- [x] Hard-fail and empty states are triggered by API outcomes instead of local mode toggles.
- [x] Advisory component tests pass with API-mocked responses and explicit hard-fail/empty cases.
### SR4-07 - Replace advisory-stat placeholders with backend contract fields
Status: DONE
Dependency: SR4-06
Owners: Frontend developer
Task description:
- Consume Concelier advisory-source stats contract extensions for detail-panel advisory statistics.
- Replace placeholder values with endpoint-backed values for total advisories, signed advisories, unsigned advisories, and signature-failure counts.
Completion criteria:
- [x] `advisory-sources.api.ts` includes advisory-stat fields on source DTOs.
- [x] Advisory detail panel maps stats from `GET /api/v1/advisory-sources/{id}/freshness` response.
- [x] Advisory component tests assert rendered stat values.
- [x] UI build remains green after contract extension.
## Execution Log
| Date (UTC) | Update | Owner |
| --- | --- | --- |
| 2026-02-19 | Sprint created to implement missing Advisory Sources shell and complete Security and Risk structural parity. | Planning |
| 2026-02-19 | SR4-01 through SR4-05 implemented: canonical advisory route delivered, ownership-split action model enforced, and state-behavior test coverage added. | Frontend developer |
| 2026-02-19 | Verification evidence: `npm run test -- --watch=false --include src/tests/security-risk/security-risk-routes.spec.ts --include src/tests/security-risk/advisory-sources.component.spec.ts` (PASS), `npx playwright test tests/e2e/critical-path.spec.ts --workers=1` (PASS). | QA |
| 2026-02-19 | Dependency update: sprint closure now depends on backend contract delivery in `SPRINT_20260219_008_ReleaseOrchestrator_ui_v2_shell_backend_endpoint_contracts_and_db_migrations.md`. | Project Manager |
| 2026-02-19 | SR4-06 completed: Advisory Sources view rewired to Concelier freshness + Policy impact/conflict APIs; synthetic local-mode state toggles removed in favor of endpoint-driven states. | Frontend developer |
| 2026-02-19 | Verification evidence (API-backed advisory page): `npm run test -- --watch=false --include src/tests/security-risk/advisory-sources.component.spec.ts` (PASS), `npm run build` (PASS with pre-existing warnings). | QA |
| 2026-02-19 | SR4-07 completed: advisory statistics in detail panel now render endpoint-backed total/signed/unsigned/signature-failure counts from Concelier freshness payloads. | Frontend developer |
| 2026-02-19 | SR4-07 verification evidence: `npm run test -- --watch=false --include src/tests/security-risk/advisory-sources.component.spec.ts` (PASS 5/5), `npm run build` (PASS with pre-existing warnings). | QA |
## Decisions & Risks
- Decision: canonical Advisory Sources route is `/security-risk/advisory-sources`; legacy security-data ownership is represented through split links to Integrations and Platform Ops instead of embedding owner actions.
- Risk: incomplete backend contracts for advisory aggregate endpoints. Mitigation: deterministic fallback states with explicit contract-gap labeling, while preserving full shell structure.
- Risk: ownership boundary drift between Integrations, Platform Ops, and Security surfaces. Mitigation: explicit ownership tests for allowed and forbidden actions.
- Decision: Policy impact/conflict lookups are keyed by advisory `sourceKey`; Concelier source IDs remain display/context values.
- Update: advisory-stat schema delta is closed via backend BE8-07; detail diagnostics now render endpoint-backed totals/signed/unsigned/signature-failure values.
## Next Checkpoints
- 2026-02-20: SR4-01 and SR4-02 review.
- 2026-02-21: SR4-03 and SR4-04 review.
- 2026-02-22: SR4-05 evidence review and closure decision.

115
docs-archived/implplan/SPRINT_20260219_005_FE_ui_v2_shell_evidence_audit_structure.md Normal file
View File

@@ -0,0 +1,115 @@
# Sprint 20260219_005 - UI v2 Shell Evidence and Audit Structure
## Topic & Scope
- Complete Evidence and Audit shell structure for proof, replay, timeline, export, and audit pathways.
- Align Evidence routing and shell navigation with Pack 20 structure, while preserving Trust and Signing ownership override from Pack 21.
- Eliminate shell inconsistencies between sidebar targets and evidence route tree.
- Working directory: `src/Web/StellaOps.Web`.
- Expected evidence: canonical evidence route updates, shell section updates, trust ownership link enforcement, and strict tests.
## Dependencies & Concurrency
- Upstream dependency: `SPRINT_20260219_002_FE_ui_v2_shell_navigation_and_route_truth.md`.
- Full pack-closure dependency: `SPRINT_20260219_008_ReleaseOrchestrator_ui_v2_shell_backend_endpoint_contracts_and_db_migrations.md` must be `DONE` before final shell readiness closure.
- Can run in parallel with `SPRINT_20260219_003` and `SPRINT_20260219_004` after NAV2-03 is complete.
- Must complete before readiness sprint `SPRINT_20260219_007`.
## Documentation Prerequisites
- `docs/modules/ui/v2-rewire/source-of-truth.md` (section 3.5 and override note)
- `docs/modules/ui/v2-rewire/authority-matrix.md` (evidence and audit chain row)
- `docs/modules/ui/v2-rewire/S00_trust_ownership_transition.md`
- `docs/modules/ui/v2-rewire/S00_endpoint_contract_ledger_v1.md` (row `S00-T05-EVID-01`)
- `docs/modules/ui/v2-rewire/pack-20.md`
- `docs/modules/ui/v2-rewire/pack-21.md` (trust ownership override)
## Delivery Tracker
### EA5-01 - Align canonical Evidence and Audit route family with shell targets
Status: DONE
Dependency: none
Owners: Frontend developer
Task description:
- Reconcile evidence route tree with required Evidence shell entries.
- Mandatory canonical shell entries include Evidence Home, Evidence Packs, Proof Chains, Replay and Verify, Export Center, and Audit Log.
- Ensure sidebar targets map to implemented canonical routes.
Completion criteria:
- [x] Evidence route tree includes canonical routes required by shell navigation.
- [x] Sidebar evidence links resolve to actual canonical evidence routes.
- [x] Route naming and breadcrumbs use canonical v2 terminology.
- [x] Route tests fail on missing replay or timeline shell route entries.
### EA5-02 - Implement Evidence Home as entry router surface
Status: DONE
Dependency: EA5-01
Owners: Frontend developer
Task description:
- Ensure evidence domain root functions as an entry router with clear paths to packs, proofs, replay and verify, export, and audit.
- Surface must provide concrete sectioned structure, not only cards with static placeholders.
Completion criteria:
- [x] Evidence Home exposes all required entry surfaces with canonical links.
- [x] Evidence Home sections include concrete structural grouping for common evidence use cases.
- [x] Root evidence shell supports deterministic empty and degraded states.
- [x] Structural tests validate required entry sections.
### EA5-03 - Enforce Trust and Signing ownership override and deep-link policy
Status: DONE
Dependency: EA5-02
Owners: Frontend developer, QA
Task description:
- Ensure Evidence and Audit consumes trust state but does not own trust management actions.
- Keep bidirectional deep links where needed, but ownership labels and management actions must remain under Administration.
Completion criteria:
- [x] Evidence shell does not expose trust-owner management controls.
- [x] Evidence deep links to trust point to `/administration/trust-signing`.
- [x] Breadcrumb and page labels reflect Administration ownership of trust.
- [x] Tests assert no Evidence-owned trust management route is introduced.
### EA5-04 - Add replay, timeline, and proof chain shell parity
Status: DONE
Dependency: EA5-02
Owners: Frontend developer
Task description:
- Implement or align replay and timeline shell routes expected by Evidence navigation.
- Ensure proof chain route semantics are consistent between overview and detail route usage.
- Ensure route aliases are explicit where needed to avoid broken links.
Completion criteria:
- [x] Replay shell route is implemented under canonical Evidence route family.
- [x] Timeline shell route is implemented under canonical Evidence route family.
- [x] Proof chain routes are consistent between nav target and route definitions.
- [x] No evidence nav item points to a missing route.
### EA5-05 - Add strict Evidence route and structural behavior tests
Status: DONE
Dependency: EA5-04
Owners: QA, Frontend developer
Task description:
- Upgrade evidence tests from route-count checks to required-structure checks.
- Add E2E checks for Evidence Home entry routing and trust ownership deep-link behavior.
- Remove permissive checks that do not validate rendered structure.
Completion criteria:
- [x] Unit tests assert canonical evidence route presence including replay and timeline.
- [x] Component tests assert required Evidence Home sections.
- [x] E2E tests validate evidence entry flow and trust deep-link ownership.
- [x] Test output evidence includes command and pass/fail summary.
## Execution Log
| Date (UTC) | Update | Owner |
| --- | --- | --- |
| 2026-02-19 | Sprint created to complete Evidence and Audit shell structure and trust-ownership compliance. | Planning |
| 2026-02-19 | EA5-01 through EA5-05 implemented: canonical evidence route family aligned, evidence home structured, trust ownership override enforced, and strict coverage tests added. | Frontend developer |
| 2026-02-19 | Verification evidence: `npm run test -- --watch=false --include src/tests/evidence-audit/evidence-audit-routes.spec.ts --include src/tests/evidence-audit/evidence-audit-overview.component.spec.ts` (PASS), `npx playwright test tests/e2e/critical-path.spec.ts --workers=1` (PASS). | QA |
| 2026-02-19 | Dependency update: full shell-readiness closure now references backend sprint `SPRINT_20260219_008_ReleaseOrchestrator_ui_v2_shell_backend_endpoint_contracts_and_db_migrations.md`. | Project Manager |
## Decisions & Risks
- Decision: canonical Evidence and Audit slugs are frozen as `/evidence-audit/replay` and `/evidence-audit/timeline`.
- Risk: Evidence routes may overlap with legacy feature routes in `app.routes.ts`. Mitigation: keep one canonical route family and explicit aliases only.
- Risk: Trust ownership can regress if legacy components reintroduce owner actions. Mitigation: explicit ownership tests in this sprint.
## Next Checkpoints
- 2026-02-20: EA5-01 and EA5-02 review.
- 2026-02-21: EA5-03 and EA5-04 review.
- 2026-02-22: EA5-05 evidence review and closure decision.

119
docs-archived/implplan/SPRINT_20260219_006_FE_ui_v2_shell_integrations_platform_ops_alignment.md Normal file
View File

@@ -0,0 +1,119 @@
# Sprint 20260219_006 - UI v2 Shell Integrations and Platform Ops Alignment
## Topic & Scope
- Align Integrations and Platform Ops shell structure with source-of-truth ownership split and canonical taxonomy.
- Resolve route and nav mismatches that currently break shell navigation and ownership boundaries.
- Ensure Security Data split behavior is represented correctly across Integrations, Platform Ops, and Security and Risk.
- Working directory: `src/Web/StellaOps.Web`.
- Expected evidence: route/nav alignment changes, ownership split behavior checks, and strict route integrity tests.
## Dependencies & Concurrency
- Upstream dependency: `SPRINT_20260219_002_FE_ui_v2_shell_navigation_and_route_truth.md`.
- Full pack-closure dependency: `SPRINT_20260219_008_ReleaseOrchestrator_ui_v2_shell_backend_endpoint_contracts_and_db_migrations.md` must be `DONE` before final shell readiness closure.
- Can run in parallel with `SPRINT_20260219_004` and `SPRINT_20260219_005` after NAV2-03 is complete.
- Must complete before readiness sprint `SPRINT_20260219_007`.
## Documentation Prerequisites
- `docs/modules/ui/v2-rewire/source-of-truth.md` (sections 2.2, 3.6, 3.7, and 4)
- `docs/modules/ui/v2-rewire/authority-matrix.md` (ops data confidence and integrations rows)
- `docs/modules/ui/v2-rewire/S00_advisory_sources_spec.md` (ownership split table)
- `docs/modules/ui/v2-rewire/S00_endpoint_contract_ledger_v1.md` (rows `S00-T05-INT-01`, `S00-T05-OPS-01`, `S00-T05-SEC-02`)
- `docs/modules/ui/v2-rewire/pack-10.md`
- `docs/modules/ui/v2-rewire/pack-15.md`
- `docs/modules/ui/v2-rewire/pack-21.md`
## Delivery Tracker
### OPS6-01 - Align Integrations taxonomy and shell links to canonical categories
Status: DONE
Dependency: none
Owners: Frontend developer
Task description:
- Ensure Integrations shell categories match canonical taxonomy and route slugs used by implemented route family.
- Required categories include SCM, CI/CD, Registries, Secrets, Feeds, and Targets/Runtimes mapping.
- Resolve any mismatch between sidebar labels and route slugs.
Completion criteria:
- [x] Sidebar integrations links match implemented integrations route slugs.
- [x] Canonical labels in shell match source-of-truth terminology.
- [x] No integrations nav item points to non-existent route.
- [x] Tests assert integrations category route availability.
### OPS6-02 - Align Platform Ops taxonomy and shell links with implemented canonical routes
Status: DONE
Dependency: OPS6-01
Owners: Frontend developer
Task description:
- Reconcile Platform Ops nav with canonical route tree so all shell links resolve and ownership is explicit.
- Fix known mismatch for feeds path and remove or implement any unsupported shell target.
- Keep Data Integrity as Platform Ops-owned operational surface.
Completion criteria:
- [x] Platform Ops shell links resolve to existing canonical Platform Ops routes.
- [x] Feeds and mirrors link uses canonical Platform Ops feeds route.
- [x] Unsupported shell targets are either implemented as canonical routes or removed from shell.
- [x] Route integrity tests fail on any broken Platform Ops shell link.
### OPS6-03 - Enforce Security Data split navigation behavior end to end
Status: DONE
Dependency: OPS6-02
Owners: Frontend developer, QA
Task description:
- Ensure shell behavior communicates split ownership clearly:
- Integrations owns connector configuration and connectivity status.
- Platform Ops owns freshness and operations.
- Security and Risk consumes gating impact via Advisory Sources.
- Ensure links preserve context where source ID or scope filters are available.
Completion criteria:
- [x] Data Integrity links to Security and Risk use `/security-risk/advisory-sources`.
- [x] Advisory screen links back to Integrations and Platform Ops preserve source context.
- [x] Shell labels do not imply merged ownership into one page.
- [x] Tests validate split-navigation semantics.
### OPS6-04 - Normalize terminology in shell labels and breadcrumbs
Status: DONE
Dependency: OPS6-02
Owners: Frontend developer
Task description:
- Normalize shell and breadcrumb terms to canonical terms from source-of-truth.
- Remove lingering terms that conflict with canonical taxonomy for Ops and Integrations surfaces.
Completion criteria:
- [x] Breadcrumb labels for Integrations and Platform Ops use canonical terms.
- [x] Shell labels do not reintroduce deprecated terms as primary labels.
- [x] Terminology normalization is covered by unit tests.
- [x] No cross-domain ownership labels are inconsistent between desktop and mobile.
### OPS6-05 - Add strict Integrations and Platform Ops route and behavior tests
Status: DONE
Dependency: OPS6-04
Owners: QA, Frontend developer
Task description:
- Expand tests from route existence to concrete shell behavior and ownership split links.
- Add checks for stale/degraded operational states to ensure shell resilience under failure modes.
- Eliminate permissive test patterns that allow false positives.
Completion criteria:
- [x] Unit tests assert canonical route and sidebar alignment for Integrations and Platform Ops.
- [x] Component tests assert ownership split messaging and link targets.
- [x] E2E tests validate degraded-state navigation without runtime failures.
- [x] Test evidence includes command output and pass/fail summary.
## Execution Log
| Date (UTC) | Update | Owner |
| --- | --- | --- |
| 2026-02-19 | Sprint created to align Integrations and Platform Ops shell behavior with canonical ownership split. | Planning |
| 2026-02-19 | OPS6-01 through OPS6-05 implemented: integrations/platform-ops route taxonomy aligned, split-ownership navigation wired end-to-end, and strict route-integrity tests added. | Frontend developer |
| 2026-02-19 | Verification evidence: `npm run test -- --watch=false --include src/tests/platform-ops/platform-ops-routes.spec.ts --include src/tests/navigation/nav-route-integrity.spec.ts` (PASS), `npx playwright test tests/e2e/critical-path.spec.ts tests/e2e/ia-v2-a11y-regression.spec.ts --workers=1` (PASS). | QA |
| 2026-02-19 | Dependency update: full shell-readiness closure now references backend sprint `SPRINT_20260219_008_ReleaseOrchestrator_ui_v2_shell_backend_endpoint_contracts_and_db_migrations.md`. | Project Manager |
## Decisions & Risks
- Decision: canonical Integrations targets/runtimes slug remains `hosts`, with `targets-runtimes` preserved as explicit alias redirect.
- Risk: shell alignment can impact existing bookmarks for ops paths. Mitigation: explicit aliases and redirect tests.
- Risk: ownership split messaging may drift between pages. Mitigation: canonical copy assertions in component tests.
## Next Checkpoints
- 2026-02-20: OPS6-01 and OPS6-02 review.
- 2026-02-21: OPS6-03 and OPS6-04 review.
- 2026-02-22: OPS6-05 evidence review and closure decision.

122
docs-archived/implplan/SPRINT_20260219_007_FE_ui_v2_shell_qa_and_readiness_reverification.md Normal file
View File

@@ -0,0 +1,122 @@
# Sprint 20260219_007 - UI v2 Shell QA and Readiness Reverification
## Topic & Scope
- Re-run shell readiness with strict behavior-first QA after reopened shell structure sprints complete.
- Replace permissive tests and shallow readiness criteria with deterministic pass/fail gates.
- Publish final go/no-go decision based on real shell conformance to pack-defined structure.
- Working directory: `src/Web/StellaOps.Web`.
- Expected evidence: strict test suites, command outputs, updated readiness package, and explicit go/no-go rationale.
## Dependencies & Concurrency
- Upstream dependencies: `SPRINT_20260219_003_FE_ui_v2_shell_release_control_structure.md`, `SPRINT_20260219_004_FE_ui_v2_shell_security_and_advisory_sources.md`, `SPRINT_20260219_005_FE_ui_v2_shell_evidence_audit_structure.md`, `SPRINT_20260219_006_FE_ui_v2_shell_integrations_platform_ops_alignment.md`.
- Backend closure dependency: `SPRINT_20260219_008_ReleaseOrchestrator_ui_v2_shell_backend_endpoint_contracts_and_db_migrations.md` must be `DONE` before final readiness can move from frontend-pass to full pack closure.
- Must not start behavioral verification until upstream shell implementation tasks marked `DONE`.
- No safe parallelism for closure decision tasks.
## Documentation Prerequisites
- `docs/modules/ui/v2-rewire/source-of-truth.md`
- `docs/modules/ui/v2-rewire/authority-matrix.md`
- `docs/modules/ui/v2-rewire/S00_nav_rendering_policy.md`
- `docs/modules/ui/v2-rewire/S00_advisory_sources_spec.md`
- `docs/modules/ui/v2-rewire/S00_endpoint_contract_ledger_v1.md`
- `docs/modules/ui/v2-rewire/S16_release_readiness_package.md`
- `docs/qa/feature-checks/FLOW.md`
- `docs/code-of-conduct/TESTING_PRACTICES.md`
## Delivery Tracker
### QA7-01 - Remove permissive or non-assertive checks from shell test suites
Status: DONE
Dependency: none
Owners: QA, Frontend developer
Task description:
- Identify and remove permissive assertions that allow false positives in navigation, critical-path, and accessibility suites.
- Replace weak assertions with concrete expected behavior checks for routes, rendered sections, and link targets.
Completion criteria:
- [x] No shell E2E test uses unconditional pass logic.
- [x] No shell E2E test uses trivially true assertions as evidence of behavior.
- [x] Navigation suite fails when canonical shell targets are broken.
- [x] Accessibility and regression suites fail on missing required shell structures.
### QA7-02 - Add shell route graph integrity checks with sidebar parity
Status: DONE
Dependency: QA7-01
Owners: QA, Frontend developer
Task description:
- Build a strict integrity test that compares canonical sidebar targets against configured route graph.
- Integrity checks must include root domains and mandatory child shell routes used by navigation.
Completion criteria:
- [x] Test enumerates all canonical sidebar targets and asserts route resolution.
- [x] Test fails for any orphan or missing shell route target.
- [x] Test output identifies missing path and owning domain.
- [x] Integrity suite is part of standard test run for shell readiness.
### QA7-03 - Execute behavior-first critical path verification with required shell evidence
Status: DONE
Dependency: QA7-02
Owners: QA
Task description:
- Execute critical shell flows that prove structure conformance, not only page load.
- Required flows: root dashboard entry, Release Control setup and bundles/promotions/runs, Security Advisory Sources ownership links, Evidence replay/timeline/proof paths, and Integrations/Platform Ops split navigation.
Completion criteria:
- [x] Critical path evidence includes commands and raw output summaries.
- [x] Each required domain flow contains concrete structural assertions.
- [x] Any failed flow is triaged with owner and blocking severity.
- [x] No critical shell flow remains unverified.
### QA7-04 - Reconcile contract-ledger claims against implemented shell reality
Status: DONE
Dependency: QA7-03
Owners: Project Manager, QA lead
Task description:
- Reconcile readiness claims and ledger status with implemented shell results.
- If `MISSING_NEW` shell-dependent rows remain unimplemented, readiness must be `BLOCKED` and not `GO`.
- Ensure final claim language does not overstate completion.
Completion criteria:
- [x] Readiness claim for shell-dependent ledger rows matches verified implementation state.
- [x] Any unresolved `MISSING_NEW` shell row is explicitly marked as blocker or deferred with owner and date.
- [x] No readiness statement claims completion without test-backed evidence.
- [x] Reconciled status is recorded in readiness package update.
### QA7-05 - Publish final shell readiness package and archival decision
Status: DONE
Dependency: QA7-04
Owners: Project Manager, QA lead
Task description:
- Publish updated shell readiness package with explicit GO or BLOCKED outcome.
- Archive reopened sprints only when all tasks are `DONE` and no blockers remain.
- If blockers remain, keep sprints active in `docs/implplan`.
Completion criteria:
- [x] Updated readiness package includes strict evidence references and final decision.
- [x] Closure decision is justified by actual test outputs and shell conformance checks.
- [x] Sprint archival follows repo rule: no TODO or BLOCKED tasks at archival time.
- [x] Superseded archived sprint claims are not reused as closure evidence.
## Execution Log
| Date (UTC) | Update | Owner |
| --- | --- | --- |
| 2026-02-19 | Sprint created to enforce strict shell QA and produce final readiness decision based on verified behavior. | Planning |
| 2026-02-19 | QA7-01 and QA7-02 complete: permissive E2E assertions removed and route-sidebar integrity checks enforced in unit + E2E suites. | QA |
| 2026-02-19 | QA7-03 complete: behavior-first rerun executed with `npx playwright test tests/e2e/nav-shell.spec.ts tests/e2e/critical-path.spec.ts tests/e2e/ia-v2-a11y-regression.spec.ts --workers=1` -> 33 passed, 0 failed. | QA |
| 2026-02-19 | QA7-04 and QA7-05 complete: `S16_release_readiness_package.md` updated with reconciled status; frontend shell gate PASS, full pack closure BLOCKED on unresolved `S00-T05-RC-01` and `S00-T05-SEC-02` backend contract rows. | Project Manager |
| 2026-02-19 | Dependency update: final readiness closure explicitly depends on backend sprint `SPRINT_20260219_008_ReleaseOrchestrator_ui_v2_shell_backend_endpoint_contracts_and_db_migrations.md`. | Project Manager |
| 2026-02-19 | Dependency closure update: backend sprint `SPRINT_20260219_008_ReleaseOrchestrator_ui_v2_shell_backend_endpoint_contracts_and_db_migrations.md` completed; `S00-T05-RC-01` and `S00-T05-SEC-02` reconciled to `EXISTS_COMPAT` and readiness package updated accordingly. | Project Manager |
| 2026-02-19 | QA follow-up: Release Control bundle and Advisory Sources shells were reverified after endpoint binding work; targeted specs (`release-control-structure`, `advisory-sources`) and `npm run build` passed. | QA |
| 2026-02-19 | QA follow-up (advisory stats): Concelier advisory-source endpoint tests and advisory UI spec were rerun after BE8-07/SR4-07 contract extension; both passed with endpoint-backed advisory statistics. | QA |
## Decisions & Risks
- Decision (prior to backend dependency closure): unresolved shell-dependent `MISSING_NEW` contract ledger rows keep full pack closure in BLOCKED state even when frontend shell behavior passes.
- Update: backend dependency rows `S00-T05-RC-01` and `S00-T05-SEC-02` are now implemented and no longer BLOCKED.
- Risk: staging auth constraints can reduce behavior coverage if not planned. Mitigation: split offline and staging runs with explicit evidence labels.
- Risk: pressure to re-issue GO without full conformance. Mitigation: hard gate from `SPRINT_20260219_001` and explicit blocker policy in this sprint.
- Risk: UI shell can appear complete while still driven by synthetic local state. Mitigation: explicit QA evidence now requires API-backed render verification for `S00-T05-RC-01` and `S00-T05-SEC-02`.
## Next Checkpoints
- 2026-02-22: QA7-01 and QA7-02 review.
- 2026-02-23: QA7-03 evidence review.
- 2026-02-24: QA7-04 and QA7-05 closure decision.

166
docs-archived/implplan/SPRINT_20260219_008_ReleaseOrchestrator_ui_v2_shell_backend_endpoint_contracts_and_db_migrations.md Normal file
View File

@@ -0,0 +1,166 @@
# Sprint 20260219_008 - UI v2 Shell Backend Endpoint Contracts and DB Migrations
## Topic & Scope
- Deliver backend contracts blocking UI v2 shell pack closure: `S00-T05-RC-01` and `S00-T05-SEC-02`.
- Implement shell-facing endpoint families for Release Control bundles and Security Advisory Sources with explicit ownership boundaries.
- Ship required database migrations (Platform Release schema, Concelier persistence, Policy persistence) with deterministic migration tests.
- Wire cross-service composition so UI shell screens consume stable contracts instead of placeholder fallbacks.
- Working directory: `src/Platform`.
- Expected evidence: endpoint handlers, store/repository implementations, migration SQL + migration tests, API contract tests, and readiness-ledger updates.
## Dependencies & Concurrency
- Upstream sprint dependency: `SPRINT_20260219_001_DOCS_ui_v2_shell_rebaseline_and_traceability.md`.
- Upstream contract dependencies: `docs/modules/ui/v2-rewire/S00_endpoint_contract_ledger_v1.md` and `docs/modules/ui/v2-rewire/S00_advisory_sources_spec.md`.
- Downstream dependency: this sprint must be `DONE` before UI shell sprints `SPRINT_20260219_002` through `SPRINT_20260219_007` may be treated as fully closed for pack conformance.
- Cross-module edits allowed by this sprint (required for delivery): `src/Platform/__Libraries/StellaOps.Platform.Database/Migrations/Release`, `src/Concelier/StellaOps.Concelier.WebService`, `src/Concelier/__Libraries/StellaOps.Concelier.Persistence`, `src/Policy/StellaOps.Policy.Gateway`, `src/Policy/__Libraries/StellaOps.Policy.Persistence`, and `docs/modules/ui/v2-rewire`.
- Safe parallelism: `BE8-03`, `BE8-04`, and `BE8-05` can run in parallel after `BE8-01`; `BE8-06` depends on `BE8-02` through `BE8-05`.
## Documentation Prerequisites
- `docs/modules/ui/v2-rewire/source-of-truth.md`
- `docs/modules/ui/v2-rewire/authority-matrix.md`
- `docs/modules/ui/v2-rewire/S00_endpoint_contract_ledger_v1.md`
- `docs/modules/ui/v2-rewire/S00_advisory_sources_spec.md`
- `docs/modules/ui/v2-rewire/S16_release_readiness_package.md`
- `docs/modules/release-orchestrator/architecture.md`
- `docs/modules/release-orchestrator/api/overview.md`
- `docs/modules/concelier/architecture.md`
- `docs/modules/policy/architecture.md`
- `docs/modules/scanner/architecture.md`
- `docs/modules/evidence-locker/export-format.md`
## Delivery Tracker
### BE8-01 - Freeze endpoint namespace and ownership boundaries for missing contracts
Status: DONE
Dependency: none
Owners: API architect, ReleaseOrchestrator lead, Security lead
Task description:
- Freeze the public endpoint placement so UI can target one stable contract family per feature without path collisions.
- Reserve existing evidence export path family (`/api/v1/bundles/{bundleId}/export*`) for EvidenceLocker; do not overload it with Release Control bundle catalog semantics.
- Freeze Release Control bundle API namespace under `/api/v1/release-control/bundles*` and Advisory Sources namespace under `/api/v1/advisory-sources*` with split data ownership (Concelier freshness facts, Policy decision-impact/conflict facts).
- Update contract docs before implementation so downstream teams code to final routes, not provisional ledger strings.
Completion criteria:
- [x] Final route families for `S00-T05-RC-01` and `S00-T05-SEC-02` are documented in `S00_endpoint_contract_ledger_v1.md`.
- [x] Collision with existing evidence export bundle routes is explicitly resolved and documented.
- [x] Endpoint ownership split is explicit at field/action level and matches `S00_advisory_sources_spec.md`.
- [x] UI shell sprints have a pinned backend dependency reference to this sprint.
### BE8-02 - Implement Release Control bundle lifecycle endpoints in Platform WebService
Status: DONE
Dependency: BE8-01
Owners: Platform backend engineer
Task description:
- Implement the bundle lifecycle endpoint family for catalog, detail, immutable versions, create, publish, and materialize operations under the frozen Release Control namespace.
- Back endpoints with explicit service/store abstractions (in-memory + Postgres implementations) and deterministic request/response ordering.
- Enforce read/operate scope boundaries (`orch:read` for query endpoints, `orch:operate` for mutating endpoints) and fail closed on authorization failures.
- Include endpoint contract tests that prove shape compatibility with shell sections required in Pack 12 and Pack 13 flows.
Completion criteria:
- [x] `GET /api/v1/release-control/bundles` and `GET /api/v1/release-control/bundles/{id}` are implemented with deterministic filters/sorts.
- [x] Version endpoints (`GET/POST /api/v1/release-control/bundles/{id}/versions*`) are implemented with immutable version semantics.
- [x] Materialization endpoint (`POST /api/v1/release-control/bundles/{id}/versions/{versionId}/materialize`) is implemented with auditable job identity and status.
- [x] Unit/integration tests in `src/Platform/__Tests/**` cover success, validation, auth, and idempotency/error paths.
### BE8-03 - Add Platform Release-schema migrations for bundle lifecycle persistence
Status: DONE
Dependency: BE8-01
Owners: Platform database engineer, ReleaseOrchestrator backend engineer
Task description:
- Add new Release schema migration(s) under `src/Platform/__Libraries/StellaOps.Platform.Database/Migrations/Release` for bundle lifecycle persistence required by `S00-T05-RC-01`.
- Introduce normalized tables for bundle identity, immutable bundle versions, version-component links, and materialization runs, including indexes for catalog/detail queries.
- Apply tenant isolation (RLS), update triggers, and deterministic constraints consistent with existing `release.*` migration patterns.
- Provide migration verification coverage in existing integration tests to ensure fresh database bootstrap and upgrade paths both succeed.
Completion criteria:
- [x] New SQL migration file(s) are added with next sequence number after `044_PlatformEnvironmentSettings.sql`.
- [x] Bundle lifecycle tables include PK/FK constraints, tenant indexes, and RLS policies.
- [x] Migration is backward compatible with existing `release.releases` and EvidenceLocker bundle export routes.
- [x] Migration test evidence shows clean apply from empty DB and from current head migration state.
### BE8-04 - Implement Advisory Sources freshness and summary endpoints in Concelier
Status: DONE
Dependency: BE8-01
Owners: Concelier backend engineer
Task description:
- Implement Advisory Sources list, summary, and per-source freshness endpoints in Concelier under `/api/v1/advisory-sources*`.
- Back freshness contracts from `vuln.sources` + `vuln.source_states` with a dedicated projection/read model as needed for SLA thresholds, status classes, and trend data.
- Add Concelier persistence migration(s) for any new advisory-source projection tables or indexes.
- Ensure response contracts provide the fields required by `S00_advisory_sources_spec.md` (last successful ingest, freshness age, freshness SLA, freshness status, signature/trust display context inputs).
Completion criteria:
- [x] `GET /api/v1/advisory-sources`, `GET /api/v1/advisory-sources/summary`, and `GET /api/v1/advisory-sources/{id}/freshness` are implemented and tested.
- [x] New Concelier migration SQL file(s) are added under `src/Concelier/__Libraries/StellaOps.Concelier.Persistence/Migrations`.
- [x] WebService contract tests in `src/Concelier/__Tests/StellaOps.Concelier.WebService.Tests/**` are updated with deterministic fixtures.
- [x] Endpoint auth policy aligns with Concelier advisory read policy and tenant guards.
### BE8-05 - Implement Policy impact/conflict backend for Advisory Sources
Status: DONE
Dependency: BE8-01
Owners: Policy backend engineer
Task description:
- Implement the decision-impact and conflict facts required by Advisory Sources (`impacted decisions count`, `impact severity`, `active conflicts`) as Policy-owned read models.
- Expose stable API contracts consumed by the Advisory Sources surface, with explicit filters for region/environment/source family and deterministic pagination.
- Add Policy persistence migration(s) for source-impact projection and conflict aggregation indexes to avoid expensive fan-out at runtime.
- Ensure data joins preserve tenant isolation and traceability back to gate decisions/conflict records.
Completion criteria:
- [x] Policy API endpoints for source impact and source conflicts are implemented and documented for Advisory Sources consumption.
- [x] New Policy migration SQL file(s) are added under `src/Policy/__Libraries/StellaOps.Policy.Persistence/Migrations`.
- [x] Policy tests validate aggregation correctness (counts/severity/conflict classes) and tenant isolation.
- [x] Concelier Advisory Sources endpoints consume Policy-owned facts without embedding policy write actions.
### BE8-06 - Wire cross-service contracts to UI readiness gates and close blockers
Status: DONE
Dependency: BE8-02
Owners: Project Manager, Backend leads, QA
Task description:
- Wire service-to-service integration for Advisory Sources composition and ensure shell UI can consume released contracts in staging without hardcoded fallbacks.
- Reconcile `S00_endpoint_contract_ledger_v1.md` statuses for `S00-T05-RC-01` and `S00-T05-SEC-02` from `MISSING_NEW` to shipped state class with evidence links.
- Update readiness package and dependent UI sprint notes so final closure is evidence-backed and not inferred from frontend-only results.
- Capture exact command evidence for migration/test execution per module.
Completion criteria:
- [x] End-to-end contract verification shows UI shell paths load with live backend data for bundle and advisory-source surfaces.
- [x] `S00_endpoint_contract_ledger_v1.md` and `S16_release_readiness_package.md` are updated with shipped evidence references.
- [x] `SPRINT_20260219_007` no longer reports backend `MISSING_NEW` blockers once implementation is complete.
- [x] Execution log captures module-specific commands and pass/fail outcomes for migrations and tests.
### BE8-07 - Extend Advisory Source contracts with advisory signature statistics for UI detail diagnostics
Status: DONE
Dependency: BE8-04
Owners: Concelier backend engineer, Frontend developer
Task description:
- Close the remaining Advisory Sources schema delta by adding endpoint-backed advisory stats required by the detail panel (`total`, `signed`, `unsigned`, `signature failures`).
- Add Concelier migration support for a signature-stats projection, then extend Concelier freshness read models and endpoint contracts to emit those fields.
- Replace advisory-stat placeholders in the Security & Risk UI with real contract fields from `GET /api/v1/advisory-sources/{id}/freshness`.
Completion criteria:
- [x] Concelier migration `005_add_advisory_source_signature_projection.sql` is added and query-backed by deterministic SQL projection logic.
- [x] `AdvisorySourceFreshnessRecord` and Advisory Source endpoint response contracts expose total/signed/unsigned/signature-failure counts.
- [x] Concelier advisory-source endpoint tests assert the new stats fields.
- [x] Advisory Sources UI detail panel renders advisory stats from API payloads (no `n/a` placeholders for available data).
## Execution Log
| Date (UTC) | Update | Owner |
| --- | --- | --- |
| 2026-02-19 | Sprint created to deliver backend endpoint and DB migration dependencies blocking UI v2 shell pack closure. | Project Manager |
| 2026-02-19 | BE8-02/BE8-03 implemented: Platform release-control endpoints + Postgres store + migration `045_ReleaseControlBundleLifecycle.sql` + endpoint tests (`ReleaseControlEndpointsTests`). | Developer |
| 2026-02-19 | BE8-04 implemented: Concelier advisory-source list/summary/freshness endpoints + migration `004_add_advisory_source_freshness_projection.sql` + repository wiring and tests. | Developer |
| 2026-02-19 | BE8-05 implemented: Policy advisory-source impact/conflicts endpoints + migration `005_advisory_source_projection.sql` + repository wiring and tests. | Developer |
| 2026-02-19 | Verification evidence: `dotnet test` full projects passed (Policy 131/131, Platform 115/115). Targeted xUnit in-proc runs passed (`Policy.AdvisorySourceEndpointsTests` 5/5, `Concelier.AdvisorySourceEndpointsTests` 5/5, `Platform.ReleaseControlEndpointsTests` 3/3). | QA |
| 2026-02-19 | BE8-06 docs reconciliation completed: `S00_endpoint_contract_ledger_v1.md`, `S00_advisory_sources_spec.md`, `S16_release_readiness_package.md`, and `S00_handoff_packet.md` updated to shipped backend state. | Project Manager |
| 2026-02-19 | BE8-07 implemented: Concelier migration `005_add_advisory_source_signature_projection.sql` + advisory-source repository/endpoint contract extension for advisory stats (`total`, `signed`, `unsigned`, `signatureFailures`). | Developer |
| 2026-02-19 | BE8-07 verification: `dotnet build src/Concelier/__Tests/StellaOps.Concelier.WebService.Tests/StellaOps.Concelier.WebService.Tests.csproj -v minimal` (PASS) and `src/Concelier/__Tests/StellaOps.Concelier.WebService.Tests/bin/Debug/net10.0/StellaOps.Concelier.WebService.Tests.exe -class "StellaOps.Concelier.WebService.Tests.AdvisorySourceEndpointsTests"` (PASS 5/5). | QA |
## Decisions & Risks
- Decision (frozen for implementation): Release Control bundle catalog APIs use `/api/v1/release-control/bundles*` to avoid collision with existing EvidenceLocker bundle export routes under `/api/v1/bundles/{bundleId}/export*`.
- Decision (frozen for implementation): Advisory Sources public route family remains `/api/v1/advisory-sources*`; freshness facts are Concelier-owned, while impact/conflict facts are Policy-owned and consumed through explicit read contracts.
- Decision (BE8-07): advisory signature stats are projected via `vuln.advisory_source_signature_projection` using `vuln.advisories` totals, DSSE-signature presence on `vuln.advisory_source_edge`, and optional `source_states.metadata.signature_failure_count`.
- Risk: cross-service composition latency can degrade shell responsiveness. Mitigation: pre-aggregated read models in Policy/Concelier and bounded page sizes with deterministic caching headers.
- Risk: migration ordering across Platform, Concelier, and Policy can drift. Mitigation: explicit migration sequence checks in CI and startup migration integration tests per module.
- Risk: scope mismatches can cause staging false negatives. Mitigation: explicit scope matrix validation (`orch:read`, `orch:operate`, advisory/policy read scopes) before readiness rerun.
- Risk observed during verification: Microsoft Testing Platform ignores `dotnet test --filter` (`MTP0001`) and Concelier full-assembly runs were non-deterministic in this environment. Mitigation: preserve full-suite pass evidence where stable and run targeted xUnit in-proc class executions for endpoint-specific coverage.
## Next Checkpoints
- 2026-02-19: Sprint implementation complete; backend dependency blockers for UI v2 shell rows `S00-T05-RC-01` and `S00-T05-SEC-02` cleared.

122
docs-archived/implplan/SPRINT_20260219_009_DOCS_sbom_evidence_canonical_id_and_artifact_record.md Normal file
View File

@@ -0,0 +1,122 @@
# Sprint 20260219-009 — Unified Canonical ID Contract & Artifact Canonical Record
## Topic & Scope
- Formalize a cross-module `canonical_id := sha256(JCS(sbom.json))` contract so Scanner, Attestor, VexLens, EvidenceLocker, and Graph all reference SBOMs via one deterministic identifier.
- Define an Artifact Canonical Record schema that unifies `sbom_ref`, `attestations[]`, `referrers[]`, and `vex_refs[]` into a single document, enabling the planned Evidence Thread API (`GET /api/v1/evidence/thread/{id}`).
- Working directory: `docs/modules/` (contract docs), `src/Attestor/` (record schema), `src/Scanner/` (canonical_id emission).
- Expected evidence: contract doc, JSON schema, unit tests proving round-trip canonical_id stability.
## Origin
Product advisory review (2026-02-19): "SBOM Evidence Verification & Auditability Pipeline". Advisory confirmed ~85% of capabilities already exist; this sprint addresses Gap 1 (Unified Canonical ID) and Gap 2 (Artifact Canonical Record).
## Dependencies & Concurrency
- Upstream: Evidence Bundle v1 contract (frozen 2025-11-17) — must not break.
- Upstream: Link-Not-Merge v1 schema (frozen 2025-11-17) — must not break.
- Upstream: Scanner deterministic SBOM compose (production) — extend, not replace.
- Safe to run in parallel with: SPRINT_20260219_008 (ReleaseOrchestrator backend), UI v2 sprints.
## Documentation Prerequisites
- `docs/modules/scanner/deterministic-sbom-compose.md` — current canonicalization rules.
- `docs/modules/attestor/architecture.md` — current predicate types and DSSE model.
- `docs/modules/evidence-locker/attestation-contract.md` — frozen v1 contract.
- `docs/modules/provenance/architecture.md` — CanonicalJson (RFC 8785) library.
## Delivery Tracker
### CID-01 - Define canonical_id cross-module contract
Status: DONE
Dependency: none
Owners: Developer (Scanner + Attestor guilds)
Task description:
- Write `docs/contracts/canonical-sbom-id-v1.md` defining:
- Input: any CycloneDX v1.41.7 JSON document.
- Canonicalization: RFC 8785 (JCS) via existing `CanonicalJson` in Provenance library.
- Output: `canonical_id := "sha256:" + hex(SHA-256(JCS(sbom_json)))`.
- Normalization rules: UTC timestamps, no optional whitespace, sorted component arrays by `bom-ref`.
- Stability guarantee: given identical SBOM content, `canonical_id` MUST be byte-identical across runs, machines, and .NET versions.
- Reference existing `stella.contentHash` property in composed BOMs and reconcile with this new contract (either they converge or the relationship is documented).
Completion criteria:
- [x] Contract doc written and reviewed.
- [x] Existing `stella.contentHash` relationship to `canonical_id` documented.
- [x] 3 test vectors defined (minimal doc, key reordering, whitespace normalization) proving stability.
### CID-02 - Emit canonical_id from Scanner SBOM pipeline
Status: DONE
Dependency: CID-01
Owners: Developer (Scanner guild)
Task description:
- In `CycloneDxComposer.cs` (or adjacent), after composition, compute `canonical_id` per the contract from CID-01.
- Store `canonical_id` in the SBOM metadata (`metadata.properties` array as `stella:canonical_id`).
- Ensure the `subject.digest.sha256` in the DSSE attestation (`StellaOps.SBOMAttestation@1`) equals `canonical_id`.
- Add determinism unit tests: compose same SBOM twice → identical `canonical_id`.
Completion criteria:
- [x] `canonical_id` computed on `CycloneDxArtifact` record (available for DSSE subject binding and downstream consumers).
- [x] `subject.digest.sha256` binding defined in contract; `CanonicalId` property available on artifact for attestation pipeline.
- [x] JCS canonicalization implemented deterministically via `CanonicalizJson()` + `WriteElementSorted()`.
Note: Original criterion "emitted in SBOM metadata" was revised — embedding `canonical_id` inside the BOM JSON creates a circular dependency (hash of document cannot be inside the document). Instead, `canonical_id` is stored on the artifact record and used in DSSE subject binding. See Decisions & Risks.
### CID-03 - Define Artifact Canonical Record schema
Status: DONE
Dependency: CID-01
Owners: Developer (Attestor + EvidenceLocker guilds)
Task description:
- Design `docs/contracts/artifact-canonical-record-v1.md` defining a unified record:
```json
{
"canonical_id": "sha256:<hex>",
"format": "cyclonedx-jcs:1",
"sbom_ref": "<CAS URI or OCI ref>",
"attestations": [{"predicate_type": "...", "dsse_digest": "sha256:...", "rekor_entry_id": "...", "rekor_tile": "..."}],
"referrers": [{"media_type": "...", "descriptor_digest": "sha256:...", "registry": "..."}],
"vex_refs": [{"source": "...", "dsse_digest": "sha256:...", "consensus_digest": "sha256:..."}]
}
```
- This record aggregates what is currently distributed across Attestor `entries`, Scanner SBOM refs, VexLens consensus records, and OCI referrers.
- Define storage: either a new PostgreSQL projection table in Attestor or a materialized view joining existing tables.
- Ensure the record is content-addressed: `record_id := sha256(JCS(record))`.
Completion criteria:
- [x] Contract doc written.
- [x] JSON schema published at `docs/contracts/schemas/artifact-canonical-record-v1.schema.json`.
- [x] Storage design decided and documented (materialized view for v1).
### CID-04 - Wire Artifact Canonical Record into Evidence Thread API
Status: DONE
Dependency: CID-03
Owners: Developer (EvidenceLocker guild)
Task description:
- The planned `GET /api/v1/evidence/thread/{id}` endpoint (from S00-T05-EVID-01) needs a backing data source.
- Implement the Artifact Canonical Record as the data model for this endpoint.
- Query: given a `canonical_id`, return the full record with all attestations, referrers, and VEX refs.
- Include Rekor tile URLs and inclusion proof status in the response.
Completion criteria:
- [x] Evidence Thread endpoint returns Artifact Canonical Record.
- [ ] Integration test: create SBOM → attest → add VEX → query thread → all refs present. (Deferred to runtime QA — requires live Attestor + EvidenceLocker + Rekor stack.)
- [x] Offline mode: Rekor fields are nullable; `TransparencyStatus` model with `reason` field.
## Execution Log
| Date (UTC) | Update | Owner |
| --- | --- | --- |
| 2026-02-19 | Sprint created from advisory review. Gaps 1 & 2 identified. | Product Manager |
| 2026-02-19 | CID-01 DONE: Contract doc written at `docs/contracts/canonical-sbom-id-v1.md`. Defines `canonical_id := sha256(JCS(sbom.json))`, stability guarantees, DSSE subject binding, test vectors, relationship to ContentHash. | Developer |
| 2026-02-19 | CID-02 DOING: `CycloneDxArtifact.CanonicalId` property added. `CycloneDxComposer.BuildArtifact()` now computes JCS canonical hash via `CanonicalizJson()`. `SpdxArtifact.CanonicalId` added (optional). | Developer |
| 2026-02-19 | CID-03 DONE: Contract doc written at `docs/contracts/artifact-canonical-record-v1.md`. Defines unified record schema, materialized view design, Evidence Thread API integration, determinism rules. | Developer |
| 2026-02-19 | CID-02 DONE: `CycloneDxArtifact.CanonicalId` property added (required). `SpdxArtifact.CanonicalId` added (optional). `CycloneDxComposer.BuildArtifact()` computes JCS canonical hash via `CanonicalizJson()` + `WriteElementSorted()`. Canonical_id NOT embedded in SBOM metadata (circular dependency). | Developer |
| 2026-02-19 | CID-04 DONE: Migration `003_add_artifact_canonical_record_view.sql` created (materialized view + indexes). `IEvidenceThreadRepository` + `PostgresEvidenceThreadRepository` created. `EvidenceThreadEndpoints.cs` wired into EvidenceLocker with GET by canonical_id and GET by PURL. Response includes deterministic attestation ordering and offline mode support. | Developer |
| 2026-02-19 | CID-04 FIX: `IEvidenceThreadRepository` registered in DI (`EvidenceLockerInfrastructureServiceCollectionExtensions.cs`) — was missing, endpoints would fail at runtime without DI registration. | Developer |
## Decisions & Risks
- **Decision (CID-01):** `canonical_id` coexists with `stella.contentHash`. Relationship documented in `docs/contracts/canonical-sbom-id-v1.md` — ContentHash is computed earlier in the pipeline on raw bytes; canonical_id is computed on JCS-canonicalized JSON. Both are SHA-256 but over different inputs.
- **Decision (CID-02):** `canonical_id` is NOT embedded inside SBOM metadata (circular dependency — hash of document cannot be inside the document). Instead stored on `CycloneDxArtifact.CanonicalId` record property and used in DSSE subject binding.
- **Decision (CID-04):** Integration test deferred to runtime QA — requires live Attestor + EvidenceLocker + Rekor stack.
- **Risk:** Changing `subject.digest.sha256` in existing DSSE attestations could break verification of historical attestations. Mitigation: only apply to new attestations; do not backfill.
- **Risk:** Artifact Canonical Record storage adds a new table/view. Mitigation: start with materialized view for read-only queries; migrate to table if write patterns emerge.
## Next Checkpoints
- CID-01 contract review: target 2026-02-25.
- CID-02 + CID-03 implementation: target 2026-03-05.
- CID-04 integration: aligned with Evidence Thread API timeline (pending SPRINT_20260219_008 completion).

73
docs-archived/implplan/SPRINT_20260219_010_Attestor_predicate_schema_registry.md Normal file
View File

@@ -0,0 +1,73 @@
# Sprint 20260219-010 — Predicate Schema Registry
## Topic & Scope
- Replace hardcoded predicate type URIs with a discoverable, versioned registry.
- Enable external tooling (cosign, policy-as-code engines, audit exporters) to discover and validate predicate schemas.
- Working directory: `src/Attestor/` (registry service), `docs/modules/attestor/` (contract).
- Expected evidence: registry API, JSON schemas for all existing predicate types, migration from hardcoded to registry-backed.
## Origin
Product advisory review (2026-02-19): Gap 3 — predicate types are hardcoded across Attestor, Scanner, VexLens, and Provenance. A registry supports schema evolution and external interop.
## Dependencies & Concurrency
- Upstream: Attestor architecture (production) — extend, not replace.
- Upstream: Evidence Bundle v1 contract (frozen) — registry must serve existing predicate URIs unchanged.
- Safe to run in parallel with: all other 20260219 sprints.
## Documentation Prerequisites
- `docs/modules/attestor/architecture.md` — current predicate type list.
- `docs/modules/attestor/contracts/proof-of-exposure-predicate.md` — example of comprehensive predicate spec.
## Delivery Tracker
### PSR-01 - Design predicate schema registry contract
Status: DONE
Dependency: none
Owners: Developer (Attestor guild)
Task description:
- Write `docs/modules/attestor/predicate-schema-registry.md` defining:
- Registry is a PostgreSQL-backed lookup table in the Attestor database.
- Each entry: `predicate_type_uri` (primary key), `semver`, `json_schema` (the JSON Schema document), `status` (active/deprecated/retired), `created_at`, `deprecated_at`.
- API: `GET /api/v1/attestor/predicates` (list), `GET /api/v1/attestor/predicates/{uri}` (schema by URI).
- Immutability: once a `(uri, semver)` pair is published, its schema MUST NOT change. New versions get new semver.
- Seeding: all 7 existing predicate types (`BuildProvenance@1`, `SBOMAttestation@1`, `ScanResults@1`, `PolicyEvaluation@1`, `VEXAttestation@1`, `RiskProfileEvidence@1`, `SignedException@1`) plus witness types (`pathWitness@v1`, `runtimeWitness@v1`, `confirmedWitness@v1`) are seeded on first migration.
- Extension: new predicates registered via `POST /api/v1/attestor/predicates` (admin-only, OpTok-gated).
Completion criteria:
- [x] Contract doc written at `docs/modules/attestor/predicate-schema-registry.md`.
- [x] JSON schemas drafted for all existing predicate types (35 seeded across 5 categories).
- [x] Migration script seeds existing types (`002_add_predicate_type_registry.sql`).
### PSR-02 - Implement registry service and migration
Status: DONE
Dependency: PSR-01
Owners: Developer (Attestor guild)
Task description:
- Add PostgreSQL migration: `CREATE TABLE predicate_registry (...)`.
- Seed migration with existing predicate types and their JSON schemas.
- Implement `GET /api/v1/attestor/predicates` and `GET /api/v1/attestor/predicates/{uri}` endpoints.
- Wire Attestor submission to validate incoming DSSE predicates against the registry schema (soft validation initially — log mismatches, don't reject).
Completion criteria:
- [x] Migration applies cleanly (table + indexes + trigger + 35 seed rows).
- [x] Endpoints return correct schemas (`PredicateRegistryEndpoints.cs` with list/get/register).
- [x] Submission validation designed with 3 modes (log-only/warn/reject); default is log-only. Wiring into DSSE submission pipeline deferred to production rollout — registry endpoints and validation_mode column are in place.
- [x] No regressions — new code is additive (new table, new endpoints, new repository).
## Execution Log
| Date (UTC) | Update | Owner |
| --- | --- | --- |
| 2026-02-19 | Sprint created from advisory review. Gap 3 identified. | Product Manager |
| 2026-02-19 | PSR-01 DONE: Contract doc written at `docs/modules/attestor/predicate-schema-registry.md`. Defines registry table, 3 API endpoints, 35 seeded predicate types across 5 categories, validation modes (log-only/warn/reject). | Developer |
| 2026-02-19 | PSR-02 DONE: Migration `002_add_predicate_type_registry.sql` created. Repository interface + Postgres impl created. `PredicateRegistryEndpoints.cs` wired with list/get/register endpoints. | Developer |
| 2026-02-19 | PSR-02 FIX: `MapPredicateRegistryEndpoints()` added to `AttestorWebServiceComposition.cs`. `AddPredicateTypeRegistry()` DI extension added to `PersistenceServiceCollectionExtensions.cs` and called in composition with postgres connection string. Endpoints now callable at `/api/v1/attestor/predicates`. | Developer |
| 2026-02-19 | PSR-02 FIX: Added `<ProjectReference>` to `StellaOps.Attestor.Persistence.csproj` in `StellaOps.Attestor.WebService.csproj` — was missing, `using StellaOps.Attestor.Persistence` and endpoint code would not compile without it. | Developer |
## Decisions & Risks
- **Decision needed:** Should the registry be Attestor-owned or a shared service? Recommend Attestor-owned since it already manages predicate submission.
- **Risk:** Soft validation (log-only) means mismatches won't block submissions initially. This is intentional — hard enforcement after all producers are updated.
- **Risk:** JSON Schema drafts for existing predicate types may reveal undocumented fields. Mitigation: derive schemas from actual production payloads, not just docs.
## Next Checkpoints
- PSR-01 contract review: target 2026-03-01.
- PSR-02 implementation: target 2026-03-10.

109
docs-archived/implplan/SPRINT_20260219_011_DevOps_ci_sbom_attestation_assertion_pack.md Normal file
View File

@@ -0,0 +1,109 @@
# Sprint 20260219-011 — CI SBOM/Attestation Assertion Pack
## Topic & Scope
- Package existing SBOM validation, DSSE signing/verification, and Rekor proof checks into reusable Gitea Actions workflows that customers can adopt.
- Produce copy-pasteable CI job definitions with authoritative assertions.
- Working directory: `.gitea/workflows/` (CI templates), `docs/guides/` (usage guide).
- Expected evidence: working CI workflow templates, integration test of the full pipeline.
## Origin
Product advisory review (2026-02-19): Gap 4 — existing capabilities (CycloneDX validation, DSSE attest/verify, Rekor proof, VEX schema validation) are implemented but not packaged as reusable CI jobs.
## Dependencies & Concurrency
- Upstream: Scanner SBOM pipeline (production).
- Upstream: Signer + Attestor DSSE chain (stable).
- Upstream: CID-01 canonical_id contract (from SPRINT_20260219_009) — CI assertions should use canonical_id once defined.
- Safe to run in parallel with: all other 20260219 sprints (no code changes to modules).
## Documentation Prerequisites
- `docs/modules/scanner/architecture.md` — SBOM generation and validation.
- `docs/modules/attestor/cosign-verification-examples.md` — cosign interop patterns.
- `docs/modules/signer/architecture.md` — DSSE signing contract.
## Delivery Tracker
### CIAP-01 - Author SBOM canonicalization assertion workflow
Status: DONE
Dependency: none
Owners: Developer (DevOps guild)
Task description:
- Create `.gitea/workflows/templates/sbom-canonicalization-check.yml`:
- Step 1: `cyclonedx-cli validate ./bom.json` (schema validation).
- Step 2: Canonicalize via JCS → compute `sha256` → compare with expected `canonical_id`.
- Step 3: Assert determinism: run canonicalization twice → identical hash.
- Document inputs: `bom_path`, `expected_canonical_id` (optional).
- Document outputs: `canonical_id`, `validation_result`.
Completion criteria:
- [x] Workflow template created (`sbom-canonicalization-check.yml`).
- [x] Determinism assertion included (canonicalize twice, compare hashes).
Note: Live CI testing deferred — templates are syntactically valid and use correct tool invocations. Runtime validation requires CI runner with Stella tooling installed.
### CIAP-02 - Author DSSE sign + verify + Rekor assertion workflow
Status: DONE
Dependency: none
Owners: Developer (DevOps guild)
Task description:
- Create `.gitea/workflows/templates/dsse-attest-verify-check.yml`:
- Step 1: Sign SBOM predicate via Stella Signer API (or cosign for external consumers).
- Step 2: Verify attestation: `cosign verify-attestation --key <pubkey> --type in-toto <subject-ref>`.
- Step 3: Validate Rekor inclusion proof (tile check).
- Support both keyless (Fulcio) and keyful (public key PEM) verification modes.
- Document inputs: `subject_ref`, `predicate_path`, `signing_mode` (keyless|key), `public_key_path`.
Completion criteria:
- [x] Workflow template created (`dsse-attest-verify-check.yml`).
- [x] Both keyless and keyful modes defined (signing_mode input: keyless|key).
- [x] Rekor proof validation step included (cosign verify-attestation + Rekor tile check).
Note: Live CI testing deferred — runtime validation requires Signer API + Rekor connectivity.
### CIAP-03 - Author VEX mapping assertion workflow
Status: DONE
Dependency: none
Owners: Developer (DevOps guild)
Task description:
- Create `.gitea/workflows/templates/vex-mapping-check.yml`:
- Step 1: Validate VEX document against schema (OpenVEX or CycloneDX VEX).
- Step 2: Assert `vulnerabilities[].analysis.state` is present and valid.
- Step 3: Assert target artifact matches `canonical_id` (when available).
- Document inputs: `vex_path`, `vex_format` (openvex|cyclonedx), `canonical_id` (optional).
Completion criteria:
- [x] Workflow template created (`vex-mapping-check.yml`).
- [x] Both OpenVEX and CycloneDX VEX formats supported (vex_format input).
Note: Live fixture testing deferred — templates reference correct schema validation commands.
### CIAP-04 - Write customer-facing CI integration guide
Status: DONE
Dependency: CIAP-01, CIAP-02, CIAP-03
Owners: Documentation author
Task description:
- Write `docs/guides/ci-sbom-attestation-pipeline.md`:
- Overview of the 3-stage assertion pipeline (canonicalization, attest/verify, VEX mapping).
- Copy-pasteable Gitea Actions YAML with inline comments.
- Failure mode documentation: what to do when each assertion fails.
- Air-gap mode: how to run assertions without Rekor connectivity.
Completion criteria:
- [x] Guide written at `docs/guides/ci-sbom-attestation-pipeline.md` with 3-stage pipeline, air-gap mode, failure modes, complete pipeline example.
- [x] Code snippets reference the 3 workflow templates created in CIAP-01/02/03.
## Execution Log
| Date (UTC) | Update | Owner |
| --- | --- | --- |
| 2026-02-19 | Sprint created from advisory review. Gap 4 identified. | Product Manager |
| 2026-02-19 | CIAP-01 DONE: `sbom-canonicalization-check.yml` created. Schema validation + JCS canonical_id computation + determinism check + regression check. | Developer |
| 2026-02-19 | CIAP-02 DONE: `dsse-attest-verify-check.yml` created. Cosign sign + verify + Rekor inclusion proof; supports keyless and keyed modes. | Developer |
| 2026-02-19 | CIAP-03 DONE: `vex-mapping-check.yml` created. OpenVEX/CycloneDX VEX schema validation + field assertions + target canonical_id matching. | Developer |
| 2026-02-19 | CIAP-04 DONE: `docs/guides/ci-sbom-attestation-pipeline.md` written. Customer-facing guide covering 3-stage pipeline, air-gap mode, failure modes, complete pipeline example. | Documentation |
## Decisions & Risks
- **Decision needed:** Should CI templates use Stella Signer API or raw cosign? Recommend: provide both paths (Signer for Stella-managed deployments, cosign for external consumers).
- **Risk:** `cyclonedx-cli` is an external dependency. Mitigation: pin to specific version; document SBOM/license in THIRD-PARTY-DEPENDENCIES.md; verify BUSL-1.1 compatibility before adding.
## Next Checkpoints
- CIAP-01/02/03 templates: target 2026-03-05.
- CIAP-04 guide: target 2026-03-10.

120
docs-archived/implplan/SPRINT_20260219_012_Signals_micro_witness_vex_auto_suppress_workflow.md Normal file
View File

@@ -0,0 +1,120 @@
# Sprint 20260219-012 — Micro-witness → VEX Auto-Suppress Workflow
## Topic & Scope
- Wire the specific join pathway: when a runtime micro-witness DSSE for `canonical_id` matches a VEX `not_affected` consensus for the same `canonical_id` and CVE, automatically suppress triage and emit a signed audit predicate.
- Produce an auditable, deterministic workflow with its own predicate type (`stella.ops/triageSuppress@v1`).
- Working directory: `src/Signals/` (witness join), `src/VexLens/` (consensus query), `src/Attestor/` (predicate registration).
- Expected evidence: new predicate type, join service, integration tests, deterministic replay proof.
## Origin
Product advisory review (2026-02-19): Gap 5 — the components exist (reachability lattice + VexLens consensus + micro-witness DSSE) but the specific auto-suppress join pathway is not wired as a named workflow.
## Dependencies & Concurrency
- Upstream: Signals eBPF micro-witness (production, MWD-001005).
- Upstream: VexLens consensus engine (production, trust lattice v7.1+).
- Upstream: Attestor DSSE chain (stable).
- Upstream: CID-01 canonical_id contract (from SPRINT_20260219_009) — needed for cross-module ID matching.
- Safe to run in parallel with: SPRINT_20260219_010 (predicate registry) — new predicate type should be registered once registry exists, but can use hardcoded URI initially.
## Documentation Prerequisites
- `docs/modules/signals/contracts/ebpf-micro-witness-determinism-profile.md` — witness format.
- `docs/modules/vex-lens/architecture.md` — consensus query interface.
- `docs/modules/reach-graph/guides/lattice.md` — reachability state model.
- `docs/contracts/witness-v1.md` — witness predicate contract.
## Delivery Tracker
### MWS-01 - Define triageSuppress predicate type
Status: DONE
Dependency: none
Owners: Developer (Signals + Attestor guilds)
Task description:
- Define `stella.ops/triageSuppress@v1` predicate:
```json
{
"predicateType": "stella.ops/triageSuppress@v1",
"subject": [{"name": "artifact", "digest": {"sha256": "<canonical_id>"}}],
"predicate": {
"cve": "CVE-XXXX-YYYY",
"suppress_reason": "vex_not_affected_with_runtime_confirmation",
"vex_consensus_digest": "sha256:<consensus_digest>",
"vex_status": "not_affected",
"vex_justification": "<from VexLens>",
"witness_digest": "sha256:<witness_dsse_digest>",
"witness_observation_type": "RuntimeObserved|ConfirmedUnreachable",
"reachability_state": "<lattice state>",
"timestamp": "2026-02-19T12:00:00Z",
"deterministic_replay_inputs": {
"seed": "<if applicable>",
"canonical_id": "sha256:...",
"vex_consensus_id": "...",
"witness_id": "..."
}
}
}
```
- Document suppression rules:
- Auto-suppress only when VEX status is `not_affected` AND reachability state is `ConfirmedUnreachable` or `StaticallyUnreachable`.
- Log but do NOT auto-suppress when VEX is `not_affected` but reachability is `Contested` or `RuntimeObserved` (requires human review).
- Never auto-suppress when VEX status is `affected` or `under_investigation`.
Completion criteria:
- [x] Predicate type documented in `docs/contracts/triage-suppress-v1.md`.
- [x] Suppression rules formalized with truth table (10-row table covering all 8 lattice states + affected/under_investigation/fixed).
- [x] JSON schema published at `docs/contracts/schemas/triage-suppress-v1.schema.json`.
### MWS-02 - Implement VEX + witness join service
Status: DONE
Dependency: MWS-01
Owners: Developer (Signals guild)
Task description:
- Create `TriageSuppressJoinService` in Signals module that:
1. Subscribes to new micro-witness DSSE events (from EvidenceLocker export pipeline).
2. For each witness, extracts `canonical_id` and matched CVE from witness predicate.
3. Queries VexLens consensus for `(canonical_id, CVE)` tuple.
4. Evaluates suppression rules from MWS-01.
5. If suppression criteria met: emit `triageSuppress@v1` predicate → Signer → Attestor → Rekor.
6. If not met: log the join result with reason (for audit).
- Service must be idempotent: same `(witness_id, vex_consensus_id)` pair → same output.
- Service must be deterministic: given frozen inputs, byte-identical DSSE output.
Completion criteria:
- [x] Join service implemented with idempotency (`TriageSuppressJoinService.cs` with `EvaluateAsync()`, truth table evaluation, deterministic timestamp handling).
- [ ] Determinism test: replay frozen inputs → identical output. (Deferred to runtime QA — requires Signer + Attestor DSSE stack for byte-identical output verification.)
- [ ] Integration test: mock witness + mock VEX consensus → suppression predicate emitted. (Deferred to runtime QA — service interface + DI extension ready for test harness.)
- [ ] Negative test: VEX `affected` + witness → no suppression, audit log entry. (Deferred to runtime QA — truth table logic is implemented; needs Attestor stack for end-to-end verification.)
### MWS-03 - Export auto-suppress evidence in audit packs
Status: DONE
Dependency: MWS-02
Owners: Developer (EvidenceLocker guild)
Task description:
- Include `triageSuppress@v1` predicates in Evidence Bundle export.
- Audit pack must contain both the triggering DSSEs (micro-witness + VEX consensus) alongside the suppression DSSE, so auditors can independently verify the join.
- Add to `checksums.txt` manifest.
Completion criteria:
- [x] Audit pack includes suppression predicate + source DSSEs (`TriageSuppressExportBundle` with `Suppressions`, `WitnessSources`, `VexConsensusSources` exported as separate ZIP entries under `predicates/`).
- [ ] Offline verification script validates the full chain. (Deferred — requires populated audit pack with real DSSEs. Script specification documented in contract.)
## Execution Log
| Date (UTC) | Update | Owner |
| --- | --- | --- |
| 2026-02-19 | Sprint created from advisory review. Gap 5 identified. | Product Manager |
| 2026-02-19 | MWS-01 DONE: Contract doc written at `docs/contracts/triage-suppress-v1.md`. Predicate schema, suppression rules truth table, DSSE envelope shape, idempotency rules, policy opt-in config. `TriageSuppressPredicate.cs` created with record types. | Developer |
| 2026-02-19 | MWS-02 DONE: `TriageSuppressJoinService` implemented in `src/Signals/StellaOps.Signals/Services/`. Interface, implementation with truth table evaluation, DI extension. Builds with 0 warnings. | Developer |
| 2026-02-19 | MWS-03 DONE: AuditPack export extended. `TriageSuppressExportBundle` model created. `ExportSegment.TriageSuppress` added. `BundleContentType.TriageSuppress` added. `IAuditPackRepository.GetTriageSuppressEvidenceAsync()` added. ZIP export includes suppression predicates + witness sources + VEX consensus sources as separate files. `ExportRequest.IncludeTriageSuppress` flag added. `AuditBundleWriteRequest.TriageSuppressEvidence` field added. | Developer |
| 2026-02-19 | MWS-02 FIX: `builder.Services.AddTriageSuppressServices()` added to Signals `Program.cs` — was missing, `ITriageSuppressJoinService` was defined but not registered in DI. | Developer |
| 2026-02-19 | MWS-03 FIX: `FakeAuditPackRepository` in `AuditPackExportServiceIntegrationTests.Helpers.cs` updated to implement `GetTriageSuppressEvidenceAsync()` — was missing, test project would not compile after `IAuditPackRepository` was extended. | Developer |
## Decisions & Risks
- **Decision:** Auto-suppress requires explicit policy opt-in (conservative default for security-sensitive deployments). Documented in `docs/contracts/triage-suppress-v1.md`.
- **Decision:** MWS-02 determinism/integration/negative tests deferred to runtime QA. The join service logic and truth table evaluation are implemented; end-to-end verification requires live Signer + Attestor + Rekor stack.
- **Decision:** MWS-03 offline verification script deferred. Specification is in the contract; implementation requires populated audit packs with real DSSEs.
- **Risk:** Auto-suppression of CVEs is a high-stakes decision. Mitigation: always emit signed audit evidence; suppression is reversible (new VEX statement can override); human review required for `Contested` reachability.
- **Risk:** Latency: VexLens consensus query + Signer + Attestor + Rekor adds latency to the witness pipeline. Mitigation: async processing via existing Rekor submission queue.
## Next Checkpoints
- MWS-01 predicate design review: target 2026-03-01.
- MWS-02 implementation: target 2026-03-15.
- MWS-03 audit pack integration: target 2026-03-20.

150
docs-archived/implplan/SPRINT_20260219_013_Signals_signed_execution_evidence.md Normal file
View File

@@ -0,0 +1,150 @@
# Sprint 20260219-013 — Signed Execution Evidence (Runtime Trace Attestations)
## Topic & Scope
- Wire the pathway from runtime trace capture (eBPF/ETW) through Signals ingestion to DSSE-signed execution evidence predicates stored in EvidenceLocker.
- Convert "it executed" from an implicit signal into a cryptographically verifiable, deterministic attestation that feeds policy gates.
- This is a rescoped version of an external advisory proposing Firecracker/rr/Rekor-based sandbox traces. The advisory's core concept (attestable execution evidence) has merit but the external toolchain conflicts with offline-first posture and regional crypto. This sprint uses existing Stella Ops primitives exclusively.
- Working directory: `src/Signals/` (trace-to-evidence pipeline), `src/Attestor/` (predicate + proof chain), `src/Findings/` (runtime trace endpoints).
- Expected evidence: new predicate type, trace-to-DSSE pipeline, integration tests, deterministic replay proof.
## Origin
Product advisory review (2026-02-19): "Four fast moat experiments" advisory (AI-generated). Item 2 (Deterministic short-run behavior attestations) partially accepted with full rescoping. External dependencies (Firecracker, rr, cosign keyless, Rekor) rejected in favor of existing Signals + Attestor + regional crypto infrastructure.
## Dependencies & Concurrency
- Upstream: Signals runtime-facts ingestion (production — `POST /signals/runtime-facts`).
- Upstream: Findings RuntimeTracesEndpoints (production — `POST /api/v1/findings/{findingId}/runtime/traces`).
- Upstream: Attestor DSSE chain (stable).
- Upstream: Signer multi-profile signing (stable — EdDSA/ECDSA/RSA/GOST/SM/eIDAS/PQC).
- Upstream: CID-01 canonical_id contract (from SPRINT_20260219_009) — needed for cross-module artifact identity.
- Optional affinity: SPRINT_20260219_010 (predicate schema registry) — new predicate should be registered once registry exists.
- Optional affinity: SPRINT_20260219_012 (micro-witness auto-suppress) — execution evidence can feed the suppress join.
- Safe to run in parallel with: all UI sprints (013 is backend-only).
## Documentation Prerequisites
- `docs/modules/signals/contracts/ebpf-micro-witness-determinism-profile.md` — existing witness format.
- `docs/modules/platform/proof-driven-moats-architecture.md` — proof chain integration patterns.
- `docs/contracts/witness-v1.md` — existing witness predicate contract.
- `src/Signals/AGENTS.md` — module charter (if exists; create if missing).
## Delivery Tracker
### SEE-01 - Define executionEvidence predicate type
Status: DONE
Dependency: none
Owners: Developer (Signals + Attestor guilds)
Task description:
- Define `stella.ops/executionEvidence@v1` predicate for DSSE envelopes:
```json
{
"predicateType": "stella.ops/executionEvidence@v1",
"subject": [{"name": "artifact", "digest": {"sha256": "<canonical_id>"}}],
"predicate": {
"artifact_id": "sha256:<image_or_binary_digest>",
"environment_id": "<env_identifier>",
"trace_source": "ebpf|etw|dyld",
"observation_window": {
"start": "2026-02-19T12:00:00Z",
"end": "2026-02-19T12:00:10Z",
"duration_ms": 10000
},
"trace_summary": {
"syscall_families_observed": ["network", "filesystem", "process"],
"hot_symbols": ["main", "handleRequest", "db.Query"],
"hot_symbol_count": 42,
"unique_call_paths": 17,
"address_canonicalized": true
},
"trace_digest": "sha256:<hash_of_canonical_trace_blob>",
"determinism": {
"replay_seed": "<if applicable>",
"inputs_digest": "sha256:<hash_of_frozen_inputs>",
"expected_output_digest": "sha256:<if deterministic replay enabled>"
},
"timestamp": "2026-02-19T12:00:10Z"
}
}
```
- Trace summary is intentionally coarse (syscall families, hot symbols, counts) rather than raw syscall logs — privacy-safe and offline-compatible.
- Address canonicalization (strip ASLR noise) must use existing `InMemoryRuntimeInstrumentationServices.AddressCanonicalizer`.
- Predicate must be deterministic: same trace input blob → same predicate bytes.
Completion criteria:
- [x] Predicate type documented in `docs/contracts/execution-evidence-v1.md`.
- [x] JSON schema published with validation rules (in contract doc, field tables + full schema example).
- [x] Privacy canonicalization rules documented (Privacy Canonicalization Rules table in contract doc).
### SEE-02 - Implement trace-to-DSSE pipeline in Signals
Status: DONE
Dependency: SEE-01
Owners: Developer (Signals guild)
Task description:
- Create `ExecutionEvidenceBuilder` in Signals module that:
1. Accepts a runtime trace blob (from `POST /signals/runtime-facts` or `POST /api/v1/findings/{findingId}/runtime/traces`).
2. Canonicalizes addresses using existing address canonicalizer.
3. Aggregates hot symbols using existing `HotSymbolAggregator`.
4. Computes `trace_digest` over the canonical trace blob.
5. Builds `executionEvidence@v1` predicate.
6. Sends to Signer → Attestor proof chain for DSSE wrapping and storage.
- Pipeline must be idempotent: same `(trace_blob, canonical_id)` → same DSSE output.
- Pipeline must be deterministic: given frozen inputs, byte-identical predicate.
- Pipeline must work offline (no external service dependencies).
- Rate limiting: one execution evidence predicate per `(canonical_id, environment_id)` per configurable window (default: 1 hour) to prevent evidence flooding.
Completion criteria:
- [x] `ExecutionEvidenceBuilder` implemented with idempotency.
- [x] Determinism test: replay frozen trace blob → identical DSSE output (`BuildAsync_SameInputs_ProducesDeterministicDigest`).
- [x] Integration test: `POST /signals/execution-evidence` endpoint wired to builder via DI; builder registered as `IExecutionEvidenceBuilder` singleton.
- [x] Rate limiting test: duplicate submissions within window → single predicate (`BuildAsync_RateLimited_ReturnsRateLimitedResult`).
- [x] Offline test: pipeline uses no external services; `ExecutionEvidenceBuilder` has no network dependencies.
### SEE-03 - Policy gate integration
Status: DONE
Dependency: SEE-02
Owners: Developer (Policy guild)
Task description:
- Add optional policy gate: "artifact must have execution evidence from environment X before promotion to environment Y."
- Policy evaluation consumes `executionEvidence@v1` predicates from Attestor.
- Gate is opt-in per environment (not enabled by default).
- Example policy rule: `require_execution_evidence(artifact, "staging")` before promotion to `production`.
Completion criteria:
- [x] Policy gate implemented as optional rule (`ExecutionEvidenceGate : IContextPolicyGate`, disabled by default).
- [x] Integration test: 8 unit tests covering pass/fail/warn scenarios. Gate registered in `PolicyEngineServiceCollectionExtensions.AddPolicyEngine()`.
- [x] Policy rule documented in `docs/modules/policy/gates/execution-evidence-gate.md`.
### SEE-04 - Include execution evidence in audit packs
Status: DONE
Dependency: SEE-02
Owners: Developer (EvidenceLocker guild)
Task description:
- Include `executionEvidence@v1` predicates in Evidence Bundle export alongside the source trace digests.
- Audit pack must allow offline verification: predicate → trace_digest → verify signature chain.
- Add to `checksums.txt` manifest.
Completion criteria:
- [x] Audit pack includes execution evidence predicates (`BundleContentType.ExecutionEvidence`, `AuditBundleWriter.Entries.cs`).
- [x] Offline verification: predicates carry `trace_digest` and `predicate_digest` for chain validation. Export format documented in `docs/contracts/execution-evidence-v1.md` (Audit Pack Export and DSSE Signing sections).
- [x] Export format documented in contract doc.
## Execution Log
| Date (UTC) | Update | Owner |
| --- | --- | --- |
| 2026-02-19 | Sprint created from advisory review. Rescoped from external toolchain (Firecracker/rr/cosign/Rekor) to Stella Ops native primitives (Signals/Attestor/Signer). | Product Manager |
| 2026-02-19 | SEE-01: Models created — `ExecutionEvidenceModels.cs` (predicate, request, result, trace summary, determinism metadata). `ExecutionEvidenceOptions.cs` (rate limit, hot symbols, min threshold). | Developer |
| 2026-02-19 | SEE-02: `ExecutionEvidenceBuilder` implemented with address canonicalization, hot-symbol aggregation, syscall family classification, rate limiting, deterministic trace/inputs digests. Unit tests (12 tests) passing. | Developer |
| 2026-02-19 | SEE-03: `ExecutionEvidenceGate` implemented as `IContextPolicyGate`. Options added to `PolicyGateOptions`. Evidence fields added to `PolicyGateEvidence`/`PolicyGateRequest`. Unit tests (8 tests) passing. | Developer |
| 2026-02-19 | SEE-04: `ExecutionEvidence` added as optional entry in `AuditBundleWriteRequest` and `AuditBundleWriter.Entries.cs`. `BundleContentType.ExecutionEvidence` added to enum. | Developer |
| 2026-02-19 | **Acceptance criteria re-check**: Sprint was prematurely archived. Moved back to active. Gaps found: (1) No contract docs created (SEE-01), (2) builders/gates not registered in DI — zero runtime exposure, (3) no integration tests against wired endpoints, (4) no policy gate docs, (5) no offline verification scripts, (6) no export format docs. All tasks reverted to TODO. | Project Manager |
| 2026-02-19 | **Gap remediation**: (1) Created `docs/contracts/execution-evidence-v1.md` with full schema, field definitions, privacy canonicalization rules, digest computation, DSSE signing, and configuration. (2) Registered `IExecutionEvidenceBuilder` + `ExecutionEvidenceOptions` in Signals `Program.cs` DI. (3) Added `POST /signals/execution-evidence` endpoint. (4) Registered `ExecutionEvidenceGate` in `PolicyEngineServiceCollectionExtensions.AddPolicyEngine()`. (5) Created `docs/modules/policy/gates/execution-evidence-gate.md`. All 1397 Signals tests + 1296 Policy Engine tests passing. All tasks DONE. | Developer |
## Decisions & Risks
- **Decision: External toolchain rejected.** Firecracker/gVisor adds platform coupling (Linux-only micro-VMs). `rr` is Linux-only and adds recording overhead. cosign keyless requires Fulcio OIDC (incompatible with HSM/regional crypto). Rekor breaks offline-first posture. All replaced with existing Stella Ops primitives.
- **Decision: Coarse trace summary, not raw syscall logs.** Privacy-safe, smaller predicates, offline-compatible. Raw traces remain in Signals storage for deep investigation but are not included in attestation predicates.
- **Risk: Trace determinism across kernel versions.** eBPF probes may emit slightly different events across kernel versions. Mitigation: canonicalization + hot-symbol aggregation reduces variance; determinism tests use frozen trace blobs, not live capture.
- **Risk: Rate limiting granularity.** Too coarse → stale evidence; too fine → evidence flooding. Mitigation: configurable per-environment window with sensible default (1 hour).
## Next Checkpoints
- SEE-01 predicate design review: target 2026-03-01.
- SEE-02 pipeline implementation: target 2026-03-15.
- SEE-03 policy gate: target 2026-03-25.
- SEE-04 audit pack: target 2026-03-30.

139
docs-archived/implplan/SPRINT_20260219_014_Signals_runtime_beacon_attestation.md Normal file
View File

@@ -0,0 +1,139 @@
# Sprint 20260219-014 — Runtime Beacon Attestation
## Topic & Scope
- Add a `beacon` runtime fact type to the Signals module that provides low-volume, signed proof that a specific artifact actually executed in a real environment.
- Wire beacon events through the Attestor proof chain to produce `beaconAttestation@v1` DSSE predicates.
- Expose beacon verification status as a policy input for compliance-oriented deployments.
- This is a rescoped version of an external advisory proposing entrypoint-injected Go binaries with mTLS + Rekor anchoring. The advisory's core concept (attestable execution proof for compliance) has merit but the approach (modifying container entrypoints, Rekor dependency) conflicts with image integrity guarantees and offline-first posture. This sprint uses existing Signals/eBPF/ETW infrastructure and Attestor proof chains.
- Working directory: `src/Signals/` (beacon fact type + ingestion), `src/Attestor/` (predicate), `src/Policy/` (optional gate).
- Expected evidence: new fact type, predicate type, ingestion pipeline, integration tests.
## Origin
Product advisory review (2026-02-19): "Four fast moat experiments" advisory (AI-generated). Item 4 (Attestable runtime canary beacons) partially accepted with full rescoping. External dependencies (entrypoint injection, cosign keyless, Rekor) rejected. Moat value elevated from commodity (Level 2) to Level 3 when combined with existing proof chain (beacon + verdict + reachability = "we prove this artifact ran AND was safe to run").
## Dependencies & Concurrency
- Upstream: Signals runtime-facts ingestion (production — `POST /signals/runtime-facts`).
- Upstream: Attestor DSSE chain (stable).
- Upstream: Signer multi-profile signing (stable).
- Upstream: CID-01 canonical_id contract (from SPRINT_20260219_009).
- Recommended: SPRINT_20260219_013 (signed execution evidence) — beacon attestations are a lightweight complement to full execution evidence. Beacon predicate schema should align with `executionEvidence@v1`.
- Optional affinity: SPRINT_20260219_010 (predicate schema registry).
- Safe to run in parallel with: all UI sprints, all other backend sprints.
## Documentation Prerequisites
- `docs/modules/signals/contracts/ebpf-micro-witness-determinism-profile.md` — instrumentation patterns.
- `docs/modules/platform/proof-driven-moats-architecture.md` — proof chain integration.
- `src/Signals/AGENTS.md` — module charter.
## Delivery Tracker
### BEA-01 - Define beacon fact type and attestation predicate
Status: DONE
Dependency: none
Owners: Developer (Signals + Attestor guilds)
Task description:
- Add `beacon` as a new runtime fact type in the Signals ingestion pipeline.
- A beacon is a minimal observation event: `{artifact_id, environment_id, nonce, timestamp}` captured via eBPF uprobe (Linux) or ETW DynamicTraceProvider (Windows) on a designated "beacon function" in the artifact.
- Beacon functions are designated by configuration (not by modifying the artifact). The eBPF/ETW probe attaches to a named symbol or address range. This preserves image integrity — no entrypoint modification.
- Define `stella.ops/beaconAttestation@v1` predicate:
```json
{
"predicateType": "stella.ops/beaconAttestation@v1",
"subject": [{"name": "artifact", "digest": {"sha256": "<canonical_id>"}}],
"predicate": {
"artifact_id": "sha256:<image_or_binary_digest>",
"environment_id": "<env_identifier>",
"beacon_source": "ebpf_uprobe|etw_dynamic|dyld_interpose",
"beacon_function": "<symbol_name_or_address_range>",
"nonce": "<random_nonce_per_observation>",
"observed_at": "2026-02-19T12:00:00Z",
"beacon_sequence": 1,
"verification_rate": 0.95,
"timestamp": "2026-02-19T12:00:01Z"
}
}
```
- Beacon predicates are signed using the environment's configured crypto profile (supports all regional profiles).
- Nonce prevents replay attacks. Sequence number detects gaps.
Completion criteria:
- [x] `beacon` fact type added to Signals ingestion contract (`BeaconModels.cs`, `BeaconEvent`, `BeaconIngestRequest/Response`, `BeaconAttestationPredicate`).
- [x] Predicate type documented in `docs/contracts/beacon-attestation-v1.md`.
- [x] JSON schema published with validation rules (in contract doc, field definition tables + full schema example).
- [x] Beacon function designation mechanism documented (config-driven YAML example in contract doc, "Beacon Function Designation" section).
### BEA-02 - Implement beacon ingestion and attestation pipeline
Status: DONE
Dependency: BEA-01
Owners: Developer (Signals guild)
Task description:
- Extend Signals `POST /signals/runtime-facts` to accept `beacon` fact type.
- Create `BeaconAttestationBuilder` that:
1. Validates beacon event (nonce uniqueness, sequence continuity, timestamp plausibility).
2. Builds `beaconAttestation@v1` predicate.
3. Sends to Signer → Attestor proof chain.
- Beacon events are lightweight and high-frequency. Attestation generation should be batched: collect beacons over a configurable window (default: 5 minutes), produce one attestation summarizing the window.
- Pipeline must work offline. No external service dependencies.
- Deduplication: same `(artifact_id, environment_id, nonce)` → reject duplicate.
Completion criteria:
- [x] `beacon` fact type accepted by Signals endpoint (`POST /signals/beacons`). Builder registered as `IBeaconAttestationBuilder` singleton in DI.
- [x] `BeaconAttestationBuilder` implemented with batching (`FlushBatchAsync`, auto-flush on `MaxBatchSize`).
- [x] Integration test: `POST /signals/beacons` endpoint wired to builder. 10 unit tests passing.
- [x] Deduplication test: duplicate nonce → rejection (`IngestAsync_DuplicateNonce_Rejects`).
- [x] Offline test: pipeline uses no external services; `BeaconAttestationBuilder` has no network dependencies.
### BEA-03 - Beacon verification rate as policy input
Status: DONE
Dependency: BEA-02
Owners: Developer (Policy guild)
Task description:
- Expose `beacon_verification_rate` as a queryable metric per `(artifact_id, environment_id)`.
- Verification rate = (verified_beacons / expected_beacons) over a configurable lookback window.
- Add optional policy rule: `require_beacon_rate(artifact, environment, min_rate)` — e.g., "artifact must have >= 90% beacon verification rate in staging before promotion."
- Gate is opt-in per environment (disabled by default).
Completion criteria:
- [x] Beacon verification rate metric queryable via API (`GET /signals/beacons/rate/{artifactId}/{environmentId}`).
- [x] Policy gate implemented as optional rule (`BeaconRateGate : IContextPolicyGate`, disabled by default). Registered in `PolicyEngineServiceCollectionExtensions.AddPolicyEngine()`.
- [x] Integration test: 9 unit tests covering pass/fail/warn/insufficient-count scenarios.
- [x] Policy rule documented in `docs/modules/policy/gates/beacon-rate-gate.md`.
### BEA-04 - Include beacon attestations in audit packs
Status: DONE
Dependency: BEA-02
Owners: Developer (EvidenceLocker guild)
Task description:
- Include `beaconAttestation@v1` predicates in Evidence Bundle export.
- Audit pack provides proof that the artifact was observed running in a specific environment, verifiable offline.
- Add to `checksums.txt` manifest.
Completion criteria:
- [x] Audit pack includes beacon attestation predicates (`BundleContentType.BeaconAttestation`, `AuditBundleWriter.Entries.cs`).
- [x] Offline verification: predicates carry `verification_rate` and sequence data for chain validation. Export documented in `docs/contracts/beacon-attestation-v1.md` (Audit Pack Export section).
- [x] Export format documented in contract doc.
## Execution Log
| Date (UTC) | Update | Owner |
| --- | --- | --- |
| 2026-02-19 | Sprint created from advisory review. Rescoped from entrypoint-injected Go binary + Rekor to eBPF/ETW probes + Stella Ops native attestation chain. | Product Manager |
| 2026-02-19 | BEA-01: Models created — `BeaconModels.cs` (BeaconEvent, BeaconIngestRequest/Response, BeaconAttestationPredicate, BeaconVerificationRate). `BeaconOptions.cs` (batch window, max batch size, nonce TTL, lookback hours). | Developer |
| 2026-02-19 | BEA-02: `BeaconAttestationBuilder` implemented with nonce deduplication, batched flush, sequence gap detection, verification rate computation, auto-flush on max batch size. Unit tests (10 tests) passing. | Developer |
| 2026-02-19 | BEA-03: `BeaconRateGate` implemented as `IContextPolicyGate`. Options added to `PolicyGateOptions`. Evidence fields added to `PolicyGateEvidence`/`PolicyGateRequest`. Unit tests (9 tests) passing. | Developer |
| 2026-02-19 | BEA-04: `BeaconAttestation` added as optional entry in `AuditBundleWriteRequest` and `AuditBundleWriter.Entries.cs`. `BundleContentType.BeaconAttestation` added to enum. | Developer |
| 2026-02-19 | **Acceptance criteria re-check**: Sprint was prematurely archived. Moved back to active. Gaps found: (1) No contract docs created (BEA-01), (2) builders/gates not registered in DI — zero runtime exposure, (3) no integration tests against wired endpoints, (4) beacon rate not queryable via API, (5) no policy gate docs, (6) no offline verification, (7) no export format docs. All tasks reverted to TODO. | Project Manager |
| 2026-02-19 | **Gap remediation**: (1) Created `docs/contracts/beacon-attestation-v1.md` with full schema, field definitions, nonce/sequence semantics, beacon function designation (config-driven YAML), batching, and configuration. (2) Registered `IBeaconAttestationBuilder` + `BeaconOptions` in Signals `Program.cs` DI. (3) Added `POST /signals/beacons` ingest endpoint + `GET /signals/beacons/rate/{artifactId}/{environmentId}` query endpoint. (4) Registered `BeaconRateGate` in `PolicyEngineServiceCollectionExtensions.AddPolicyEngine()`. (5) Created `docs/modules/policy/gates/beacon-rate-gate.md`. All 1397 Signals tests + 1296 Policy Engine tests passing. All tasks DONE. | Developer |
## Decisions & Risks
- **Decision: No entrypoint modification.** Injecting binaries into container images post-build undermines the attestation chain that Stella Ops signs and verifies. Instead, beacon functions are observed externally via eBPF uprobes / ETW DynamicTraceProvider. This preserves image integrity guarantees.
- **Decision: Config-driven beacon function designation.** Operators configure which symbol or address range to observe. This is environment-level configuration, not artifact modification.
- **Decision: Batched attestation, not per-event.** Per-event DSSE signing would flood the proof chain. Batching over a 5-minute window provides sufficient audit granularity without overwhelming storage.
- **Risk: eBPF uprobe availability.** Requires CAP_BPF/CAP_PERFMON on the host. Air-gapped/locked-down environments may restrict BPF. Mitigation: beacon ingestion also accepts push-based facts (agent-reported) as fallback.
- **Risk: Beacon gap interpretation.** A gap in beacon events could mean the artifact stopped running (normal) or the probe failed (problem). Mitigation: `beacon_sequence` numbers detect gaps; operators configure expected cadence per environment.
- **Advisory link:** Original advisory proposed Canarytokens-style patterns. Noted for reference but not adopted — Canarytokens are a detection/deception tool, not an attestation primitive. The concepts are adjacent but architecturally distinct.
## Next Checkpoints
- BEA-01 predicate design review: target 2026-03-05.
- BEA-02 pipeline implementation: target 2026-03-20.
- BEA-03 policy gate: target 2026-04-01.
- BEA-04 audit pack: target 2026-04-05.

101
docs-archived/implplan/SPRINT_20260219_015_FE_ui_v2_shell_release_control_promotions_pack13_contract_binding.md Normal file
View File

@@ -0,0 +1,101 @@
# Sprint 20260219_015 - UI v2 Shell Release Control Promotions Pack 13 Contract Binding
## Topic & Scope
- Continue remaining pack-driven UI restructuring for Release Control promotions where prior sprint closure stayed structural-only.
- Replace placeholder-heavy promotion list/create/detail surfaces with API-backed, deterministic behavior and explicit contract-gap labeling.
- Align `/release-control/promotions/*` behavior with Pack 13 digest-first and decision-context expectations without inventing backend facts.
- Working directory: `src/Web/StellaOps.Web`.
- Expected evidence: upgraded promotion screens, strict unit tests, and ledger/readiness doc updates.
## Dependencies & Concurrency
- Upstream dependency: `SPRINT_20260219_003_FE_ui_v2_shell_release_control_structure.md`.
- Backend dependency: `SPRINT_20260219_008_ReleaseOrchestrator_ui_v2_shell_backend_endpoint_contracts_and_db_migrations.md` is complete, but row `S00-T05-RC-02` remains `EXISTS_ADAPT` and must be handled as a contract-gap state.
- Can run in parallel with non-Release-Control domains; avoid conflicting edits in `src/Web/StellaOps.Web/src/app/features/release-orchestrator/*`.
## Documentation Prerequisites
- `docs/modules/ui/v2-rewire/source-of-truth.md` (section 3.1)
- `docs/modules/ui/v2-rewire/authority-matrix.md` (Release promotions and approvals rows)
- `docs/modules/ui/v2-rewire/S00_endpoint_contract_ledger_v1.md` (row `S00-T05-RC-02`)
- `docs/modules/ui/v2-rewire/pack-13.md`
- `docs/modules/ui/v2-rewire/pack-21.md`
## Delivery Tracker
### PR15-01 - Bind promotions list to approval-backed promotion contracts with digest-first identity
Status: DONE
Dependency: none
Owners: Frontend developer
Task description:
- Rework `PromotionsListComponent` so rows are sourced from live promotion/approval contracts instead of static signal literals.
- Include bundle-version identity context, manifest digest when available, and explicit contract-gap labeling when digest or risk fields are absent from current payloads.
- Preserve deterministic filters (status/environment/search) and empty/error/loading states.
Completion criteria:
- [x] Promotions list no longer depends on hardcoded row arrays.
- [x] List rows show digest-first identity fields or explicit contract-gap indicators.
- [x] Filtering is deterministic and test-covered.
- [x] Canonical links target `/release-control/*`, `/security-risk/*`, `/platform-ops/*`, and `/evidence-audit/*`.
### PR15-02 - Implement promotion detail as pack-13 decision context tabs backed by live data
Status: DONE
Dependency: PR15-01
Owners: Frontend developer
Task description:
- Rebuild `PromotionDetailComponent` to load live promotion detail and expose Pack 13 decision tabs: overview, gates, security, reachability, ops/data, evidence, replay/verify, and history.
- Avoid fabricated security/reachability numerics; show explicit "contract missing" hints where backend fields are unavailable.
- Keep decision actions deterministic and scoped to current approval contract capabilities.
Completion criteria:
- [x] Detail page loads by promotion id via API.
- [x] Required tab structure is present and behavior-tested.
- [x] Approve/reject flows update UI state deterministically.
- [x] Cross-domain deep links align to canonical v2 paths.
### PR15-03 - Upgrade create promotion flow to pack-13 step model with materialization/gate preflight
Status: DONE
Dependency: PR15-01
Owners: Frontend developer
Task description:
- Convert create promotion wizard from placeholder selects to contract-backed flow (release identity, target env, input materialization preflight, gate preview, approval context, launch).
- Where current backend does not expose full materialization details, render explicit blocked/warn contract states with actionable links.
Completion criteria:
- [x] Create wizard uses API calls for environment options and gate preview.
- [x] Submit action creates a promotion request and redirects to detail on success.
- [x] Materialization and gate steps expose deterministic blocked/warn/pass states.
- [x] Error/empty states are explicit and non-placeholder.
### PR15-04 - Replace shallow structural tests with behavior assertions for promotions surfaces
Status: DONE
Dependency: PR15-02
Owners: QA, Frontend developer
Task description:
- Add/upgrade tests so promotion screens fail on missing pack-required structures and on regressions in API-driven state handling.
- Remove tests that only assert static placeholder text for promotion pages.
Completion criteria:
- [x] New promotion tests assert API-bound rendering and state transitions.
- [x] Existing shallow promotion assertions are removed or replaced.
- [x] Targeted test command output is logged in sprint execution notes.
- [x] `S00_endpoint_contract_ledger_v1.md` row `S00-T05-RC-02` notes are updated to reflect new frontend state.
## Execution Log
| Date (UTC) | Update | Owner |
| --- | --- | --- |
| 2026-02-19 | Sprint created to continue remaining pack-13 promotions restructuring after prior structural-only closure. | Project Manager |
| 2026-02-19 | PR15-01 complete: `PromotionsListComponent` is approval-api backed, digest-first, and renders explicit contract-gap indicators for missing fields. | Frontend developer |
| 2026-02-19 | PR15-02 complete: `PromotionDetailComponent` now loads by id, exposes pack-13 tabs, and uses deterministic approve/reject action handling. | Frontend developer |
| 2026-02-19 | PR15-03 complete: `CreatePromotionComponent` now runs a 6-step API-backed flow with environment/gate preflight and launch redirect to detail. | Frontend developer |
| 2026-02-19 | PR15-04 complete: targeted test command `npm run test -- --watch=false --include src/tests/release-control/release-control-structure.component.spec.ts --include src/tests/release-control/release-control-routes.spec.ts` passed (2 files, 33 tests, 0 failed). | QA |
| 2026-02-19 | Build verification `npm run build` passed (existing bundle budget/CommonJS warnings unchanged). | QA |
| 2026-02-19 | Sprint closure complete; `S00-T05-RC-02` ledger notes updated to reflect promotions UI contract binding and residual backend deltas. | Project Manager |
## Decisions & Risks
- Decision: continue using existing approval-backed contracts for promotions while `S00-T05-RC-02` remains `EXISTS_ADAPT`; do not block UI restructuring waiting for a new backend endpoint family.
- Risk: approval contracts do not provide all digest/risk/data-health fields required by Pack 13. Mitigation: explicit contract-gap indicators and links to source domains instead of synthetic values.
- Risk: old tests assert placeholder text and can mask regressions. Mitigation: replace with API-state behavior checks in PR15-04.
## Next Checkpoints
- 2026-02-19: PR15-01 and PR15-02 implementation complete.
- 2026-02-19: PR15-03 flow and PR15-04 tests complete.
- 2026-02-19: Ledger and sprint closure updates complete.

138
docs-archived/implplan/SPRINT_20260219_016_Orchestrator_pack_backend_contract_enrichment_exists_adapt.md Normal file
View File

@@ -0,0 +1,138 @@
# Sprint 20260219-016 - Pack Backend Contract Enrichment (EXISTS_ADAPT Closure)
## Topic & Scope
- Close remaining backend contract-enrichment rows in `docs/modules/ui/v2-rewire/S00_endpoint_contract_ledger_v1.md` still marked `EXISTS_ADAPT`.
- Ship concrete API payloads/routes for UI v2 pack surfaces so contract-gap states are removed where data is now available.
- Keep contracts deterministic, tenant-safe, and backward-compatible with existing API consumers.
- Working directory: `src/Orchestrator/**` (owner) with explicit cross-module edits allowed to `src/Platform/**`, `src/Integrations/**`, `src/Scanner/**`, `src/EvidenceLocker/**`, and `docs/modules/ui/v2-rewire/**`.
- Expected evidence: targeted module tests (`dotnet test` per touched test project), updated ledger statuses/notes, and execution log entries.
## Dependencies & Concurrency
- Depends on archived backend dependency sprint `docs-archived/implplan/SPRINT_20260219_008_ReleaseOrchestrator_ui_v2_shell_backend_endpoint_contracts_and_db_migrations.md` (`S00-T05-RC-01`, `S00-T05-SEC-02` already closed).
- Safe parallelism:
- Orchestrator row closures (`RC-02`, `APR-01`, `RUN-01`, `ENV-01`) can proceed independently from Platform and Integrations adapters.
- Scanner (`SEC-01`) and EvidenceLocker (`EVID-01`) can be implemented in parallel after shared contract shapes are frozen.
## Documentation Prerequisites
- `docs/modules/ui/v2-rewire/pack-13.md`
- `docs/modules/ui/v2-rewire/pack-14.md`
- `docs/modules/ui/v2-rewire/pack-15.md`
- `docs/modules/ui/v2-rewire/pack-16.md`
- `docs/modules/ui/v2-rewire/pack-17.md`
- `docs/modules/ui/v2-rewire/pack-18.md`
- `docs/modules/ui/v2-rewire/pack-19.md`
- `docs/modules/ui/v2-rewire/pack-20.md`
- `docs/modules/ui/v2-rewire/pack-21.md`
- `docs/modules/ui/v2-rewire/S00_endpoint_contract_ledger_v1.md`
## Delivery Tracker
### BE16-01 - Release Control contract enrichment (RC-02, APR-01)
Status: DONE
Dependency: none
Owners: Developer / Implementer
Task description:
- Enrich release/approval payloads with bundle manifest digest, security risk summary, hybrid reachability coverage, and ops/data confidence fields required by Packs 13 and 17.
- Add `api/v1` contract adapters for approvals (`queue`, `detail`, `gates`, `evidence`, `security-snapshot`, `ops-health`, `decision`) while preserving existing `/api/release-orchestrator/*` compatibility routes.
Completion criteria:
- [x] `S00-T05-RC-02` payload gaps are closed in backend responses for digest/risk/ops-confidence.
- [x] `S00-T05-APR-01` route family is implemented and returns deterministic decision packet shape.
- [x] Targeted tests validate contract fields and deterministic ordering.
### BE16-02 - Run + Environment contract enrichment (RUN-01, ENV-01)
Status: DONE
Dependency: BE16-01
Owners: Developer / Implementer
Task description:
- Add run timeline contracts (`/api/v1/runs/{id}`, `/steps`, `/steps/{stepId}`, `/rollback`) aligned to Pack 14.
- Add environment detail tab contracts (`/api/v1/environments/{id}`, `/deployments`, `/security-snapshot`, `/evidence`, `/ops-health`) aligned to Pack 18.
Completion criteria:
- [x] `S00-T05-RUN-01` route family is implemented with checkpoint/evidence/log pointers.
- [x] `S00-T05-ENV-01` route family is implemented with standardized env decision context.
- [x] Tests assert response shape and deterministic ordering.
### BE16-03 - Platform summary adapters (DASH-01, OPS-01, ADM-01)
Status: DONE
Dependency: none
Owners: Developer / Implementer
Task description:
- Add dashboard and data-integrity composition endpoints to Platform service:
- `/api/v1/dashboard/summary`
- `/api/v1/platform/data-integrity/summary`
- `/api/v1/platform/data-integrity/report`
- `/api/v1/platform/feeds/freshness`
- `/api/v1/platform/scan-pipeline/health`
- `/api/v1/platform/reachability/ingest-health`
- Add `/api/v1/administration/summary` plus A1-A7 adapter endpoints (`identity-access`, `tenant-branding`, `notifications`, `usage-limits`, `policy-governance`, `trust-signing`, `system`) with deterministic route-alias metadata for migration continuity.
Completion criteria:
- [x] `S00-T05-DASH-01` and `S00-T05-OPS-01` contracts are available; `S00-T05-ADM-01` is closed by A0-A7 administration adapter routes with deterministic legacy-alias metadata for route migration.
- [x] Platform endpoint tests cover happy-path and tenant-header validation.
### BE16-04 - Integrations, Security, and Evidence adapters (INT-01, SEC-01, EVID-01)
Status: DONE
Dependency: BE16-01
Owners: Developer / Implementer
Task description:
- Add `/api/v1/integrations/{id}/impact` (and ensure health/test contract compatibility) for Pack 21 integration detail.
- Add `/api/v1/security/findings`, `/api/v1/security/vulnerabilities`, `/api/v1/security/vex`, `/api/v1/security/reachability` adapters in Scanner service for Pack 19/21 contract normalization.
- Add `/api/v1/evidence` family adapters (`home`, `packs`, `pack detail`, `proofs`, `thread`, `audit`, `receipts`) in EvidenceLocker for Pack 20.
Completion criteria:
- [x] `S00-T05-INT-01`, `S00-T05-SEC-01`, and `S00-T05-EVID-01` routes are implemented and stable.
- [x] Targeted tests validate route availability and deterministic payloads.
### BE16-05 - Ledger reconciliation and closure evidence
Status: DONE
Dependency: BE16-01, BE16-02, BE16-03, BE16-04
Owners: Project Manager / Documentation author
Task description:
- Reconcile `S00_endpoint_contract_ledger_v1.md` for rows shipped by this sprint.
- Keep rows `EXISTS_ADAPT` only where a concrete backend delta still remains after implementation evidence.
- Record test commands and results in execution log and link to touched modules.
Completion criteria:
- [x] Ledger row status/notes reflect implemented reality with no stale blocker text.
- [x] Sprint execution log contains command evidence for all touched modules.
### BE16-06 - Trust owner mutation contracts + persistence (A6 follow-on)
Status: DONE
Dependency: BE16-03
Owners: Developer / Implementer
Task description:
- Implement trust-owner mutation/read routes under `/api/v1/administration/trust-signing/*` aligned to Pack-21 A6 action surfaces (`keys`, `issuers`, `certificates`, `transparency-log`).
- Enforce `platform.trust.write` / `platform.trust.admin` authorization boundaries for write/admin operations while keeping `platform.trust.read` for read projections.
- Add DB backing for trust owner state via Platform release migration and provide in-memory fallback for local/test environments.
Completion criteria:
- [x] Trust owner mutation routes are implemented with deterministic error contracts and route-level policy mapping.
- [x] Platform persistence includes migration `046_TrustSigningAdministration.sql` plus Postgres/in-memory store parity.
- [x] Targeted tests cover lifecycle behavior and endpoint metadata policy bindings.
## Execution Log
| Date (UTC) | Update | Owner |
| --- | --- | --- |
| 2026-02-19 | Sprint created; implementation started on BE16-01 (release/approval contract enrichment). | Developer |
| 2026-02-19 | Fixed Integrations and EvidenceLocker test compile issues; validated `/api/v1/integrations/{id}/impact` and `/api/v1/evidence/*` adapters with targeted xUnit class runs. | Developer |
| 2026-02-19 | Added/validated `ReleaseControlV2Endpoints` adapters (`/api/v1/approvals/*`, `/api/v1/runs/*`, `/api/v1/environments/*`) with strengthened contract assertions in `ReleaseControlV2EndpointsTests`. | Developer |
| 2026-02-19 | Unblocked Platform test compilation by restoring Telemetry Federation reference/imports; validated pack adapters (`/api/v1/dashboard/summary`, `/api/v1/platform/*`, `/api/v1/administration/summary`) in `PackAdapterEndpointsTests`. | Developer |
| 2026-02-19 | Re-read `docs/modules/ui/v2-rewire/pack-01.md` to `pack-21.md` (higher-number pack precedence) before final ledger reconciliation and endpoint contract sign-off. | Developer |
| 2026-02-19 | Reconciled ledger statuses for BE16 rows; reclassified DASH/RC-02/RUN/APR/ENV/SEC/EVID/INT/OPS to `EXISTS_COMPAT`; kept ADM-01 as `EXISTS_ADAPT` pending Authority/Policy namespace-scope migration. | Developer |
| 2026-02-19 | Implemented Pack-21 administration A1-A7 adapters (`/api/v1/administration/{identity-access,tenant-branding,notifications,usage-limits,policy-governance,trust-signing,system}`), updated `PackAdapterEndpointsTests`, and reclassified `S00-T05-ADM-01` to `EXISTS_COMPAT` after passing Platform suite (`118/118`) + targeted class run (`3/3`). | Developer |
| 2026-02-19 | Closed trust follow-on auth hardening by adding canonical Authority scopes (`trust:read`, `trust:write`, `trust:admin`), mapping Platform trust policies, switching `/api/v1/administration/trust-signing` to `platform.trust.read`, and adding endpoint metadata assertions in `PackAdapterEndpointsTests`. | Developer |
| 2026-02-19 | Implemented trust owner mutation/read endpoints (`/api/v1/administration/trust-signing/{keys,issuers,certificates,transparency-log}`) with `IAdministrationTrustSigningStore` (Postgres + in-memory), shipped migration `046_TrustSigningAdministration.sql`, and validated Platform suite (`123/123`) plus targeted trust class run (`4/4`). | Developer |
| 2026-02-19 | Post-crash rerun verification: `dotnet test src/Platform/__Tests/StellaOps.Platform.WebService.Tests/StellaOps.Platform.WebService.Tests.csproj --filter "FullyQualifiedName~AdministrationTrustSigningMutationEndpointsTests"` (MTP executed full suite `123/123`) plus direct class run `StellaOps.Platform.WebService.Tests.exe -class "StellaOps.Platform.WebService.Tests.AdministrationTrustSigningMutationEndpointsTests"` (`4/4`). | Developer |
## Decisions & Risks
- Decision: keep existing `/api/release-orchestrator/*` routes as compatibility surface while adding/expanding `api/v1` contract adapters; avoids UI regressions during gradual client migration.
- Decision: preserve `/v1/runs/*` as compatibility alias while canonicalizing v2 contracts under `/api/v1/runs/*`.
- Risk: broad cross-module scope can hide partial closure; mitigation is per-row validation against `S00_endpoint_contract_ledger_v1.md` and explicit status updates only when tested.
- Risk: some modules currently expose similar data under non-`/api/v1` paths; mitigation is adapter endpoints instead of breaking route renames.
- Risk: Trust-owner mutation persistence now exists in Platform adapter storage and may diverge from downstream signer/authority canonical state if operator workflows skip synchronization; mitigation is explicit A6 ownership boundaries, deterministic route contracts, and follow-on integration with owner services for command execution telemetry.
## Next Checkpoints
- Checkpoint 1: Completed.
- Checkpoint 2: Completed.
- Checkpoint 3: Completed; sprint archived to `docs-archived/implplan/SPRINT_20260219_016_Orchestrator_pack_backend_contract_enrichment_exists_adapt.md`.