stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity

Harden live frontdoor authentication harness

Browse Source
This commit is contained in:
master
2026-03-10 07:39:58 +02:00
parent 425bccf10a
commit f0535bcdf6
2 changed files with 43 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
docs/implplan/SPRINT_20260309_002_FE_live_frontdoor_canonical_route_sweep.md
View File

@@ -70,6 +70,7 @@ Completion criteria:
| 2026-03-09 | After the full image rebuild and the next web-only repair pass, reran the authenticated 111-route sweep. The live backlog moved to 24 failing routes, with the earlier title regressions and feeds-airgap issue cleared while new backend/runtime failures remained concentrated in analytics, JobEngine, integrations, policy governance, notifications, and trust authorization. | Developer |
| 2026-03-10 | Full rebuild and redeploy completed cleanly, but the deeper live `ops/policy` action sweep stalled after authentication without writing a result file. This iteration is hardening the sweep itself with per-action watchdogs, progress persistence, and explicit failure semantics so the next scratch loops do not burn hours on a silent Playwright hang. | Developer |
| 2026-03-10 | Completed the hardening pass on `live-ops-policy-action-sweep.mjs`: the script now persists progress while it runs, reports blocked actions with step-level snapshots, and exits non-zero on action/runtime failures. After the policy frontdoor fix, the same sweep completed cleanly on the rebuilt stack with zero runtime issues. | Developer |
| 2026-03-10 | Hardened `live-frontdoor-auth.mjs` so it waits for a real authority transition or established shell session before declaring authentication complete. This prevents false-positive sign-in clicks on rebuilt stacks where the login form appears asynchronously or the welcome page lingers after the CTA. | Developer |
## Decisions & Risks
- Decision: keep this sprint focused on broad route-level live verification and action inventory, not on fixing specific route defects before the rebuilt stack is actually exercised.
@@ -78,6 +79,7 @@ Completion criteria:
- Decision: treat documented/canonical redirects as valid route outcomes in the live sweep (`/releases`, `/releases/promotion-queue`, `/ops/policy`, `/ops/policy/audit`, `/ops/platform-setup/trust-signing`, `/setup/topology`) because those aliases are intentional product behavior, not regressions.
- Risk: many remaining failures are real frontdoor contract mismatches rather than simple UI copy/render issues, so the next iterations need backend/frontend contract inspection, not just surface-level error-banner suppression.
- Decision: the deep live sweeps must be self-diagnosing. A hanging Playwright command is a harness defect because it blocks the problem-first loop from collecting the full issue set.
- Decision: authentication success in the live harness is defined by an established Stella Ops session or a completed authority redirect, not by a single successful CTA click on `/welcome`.
## Next Checkpoints
- 2026-03-09: land the reusable live canonical route sweep script.