Align live evidence export with audit bundles

2026-03-11 18:21:47 +02:00
parent 8cf132798d
commit f0b2ef3319
17 changed files with 1621 additions and 439 deletions
--- a/docs/implplan/SPRINT_20260311_006_FE_live_evidence_export_bundle_contract_alignment.md
+++ b/docs/implplan/SPRINT_20260311_006_FE_live_evidence_export_bundle_contract_alignment.md
@@ -0,0 +1,77 @@
+# Sprint 20260311_006 - FE Live Evidence Export Bundle Contract Alignment
+
+## Topic & Scope
+- Reproduce the live evidence export journeys on the scratch-built `https://stella-ops.local` stack using real Playwright interaction across Export Center, Evidence Bundles, Provenance, and Verify Replay.
+- Fix the root cause behind the empty bundle inventory and fake `View details` handoff after `Export StellaBundle`: the UI was claiming success from a mock flow instead of generating a real audit bundle.
+- Align the surrounding evidence pages so actions are truthful on the live stack: bundle download fallback, provenance verify/export, replay comparison, and quick-verify sequencing.
+- Update module documentation so the web quick action is explicitly tied to the audit-bundle contract and canonical `bundleId` routing.
+- Working directory: `src/Web/StellaOps.Web`.
+- Expected evidence: focused Angular coverage, rebuilt web bundle synced into `compose_console-dist`, live Playwright evidence for `/evidence/exports*` and `/evidence/verify-replay`, updated export-center docs, and a scoped local commit.
+
+## Dependencies & Concurrency
+- Depends on the healthy scratch-built compose deployment on `https://stella-ops.local`.
+- Safe parallelism: implementation stays in `src/Web/StellaOps.Web`; documentation updates are limited to `docs/modules/export-center/**` and this sprint file.
+
+## Documentation Prerequisites
+- `AGENTS.md`
+- `docs/qa/feature-checks/FLOW.md`
+- `docs/code-of-conduct/TESTING_PRACTICES.md`
+- `docs/modules/export-center/AGENTS.md`
+- `docs/modules/export-center/architecture.md`
+- `docs/modules/export-center/implementation_plan.md`
+
+## Delivery Tracker
+
+### FE-EVIDENCE-EXPORT-001 - Reproduce the live evidence export failures
+Status: DONE
+Dependency: none
+Owners: QA, 3rd line support
+Task description:
+- Run the authenticated live evidence-export action sweep against Export Center, Bundles, Provenance, and Replay. Separate harness defects from product defects so only real contract failures drive fixes.
+
+Completion criteria:
+- [x] Live Playwright captures the failing behaviors with route/action evidence.
+- [x] Harness-only issues are identified and not misreported as product regressions.
+- [x] The real failing contract is traced to a concrete UI/backend mismatch.
+
+### FE-EVIDENCE-EXPORT-002 - Replace the fake StellaBundle success path with the real audit-bundle flow
+Status: DONE
+Dependency: FE-EVIDENCE-EXPORT-001
+Owners: Product Manager, Architect, Developer
+Task description:
+- Remove the mock StellaBundle export success simulation and bind the quick action to the live audit-bundle API. The UI must poll for completion, emit the canonical `bundleId`, and navigate to the bundle inventory using identifiers the bundles page can actually resolve.
+
+Completion criteria:
+- [x] `Export StellaBundle` creates a real audit bundle through `POST /v1/audit-bundles`.
+- [x] Success results carry `bundleId` and route handoffs search by the canonical bundle identifier.
+- [x] The bundles inventory shows the newly created bundle on the live stack.
+
+### FE-EVIDENCE-EXPORT-003 - Make adjacent evidence actions truthful and reverify the live slice
+Status: DONE
+Dependency: FE-EVIDENCE-EXPORT-002
+Owners: QA, Developer
+Task description:
+- Repair adjacent page behaviors exposed during the sweep so bundle download, provenance verify/export, replay comparison, and quick verify behave as real user actions instead of inert placeholders or blocked overlays. Rebuild, deploy, and rerun the live Playwright sweep end to end.
+
+Completion criteria:
+- [x] Focused Angular evidence-export tests pass.
+- [x] `npm run build` passes and the rebuilt bundle is synced into `compose_console-dist`.
+- [x] Live Playwright records `failedActionCount=0` and `runtimeIssueCount=0` for the evidence-export action sweep.
+- [x] Export Center module docs record the quick action -> audit-bundle contract.
+
+## Execution Log
+| Date (UTC) | Update | Owner |
+| --- | --- | --- |
+| 2026-03-11 | Sprint created after the live evidence-export action sweep showed a mix of harness-ordering issues and one real product defect: `Export StellaBundle` reported success without creating a real audit bundle, leaving `/evidence/exports/bundles` empty. | QA / 3rd line support |
+| 2026-03-11 | Root cause confirmed from live browser/network evidence: the bundles page was truthfully reading `GET /v1/audit-bundles` and returning an empty list, while the StellaBundle quick action still emitted a synthetic mock export result and routed using a fake export id. | 3rd line support |
+| 2026-03-11 | Replaced the mock StellaBundle flow with the real audit-bundle client, added polling/completion handling, propagated canonical `bundleId` through Export Center routing, and restored truthful bundle/provenance/replay actions with focused regression coverage. | Product / Architect / Developer |
+| 2026-03-11 | Focused verification passed: Angular slice `134/134`, `npm run build`, bundle sync into `compose_console-dist`, router restart healthy, and live Playwright `live-evidence-export-action-sweep.json` recorded `failedActionCount=0` and `runtimeIssueCount=0`. | QA |
+
+## Decisions & Risks
+- Decision: fix the defect at the contract boundary by making `Export StellaBundle` call the live audit-bundle surface, not by seeding fake bundle cards or weakening the bundles page.
+- Decision: route handoff must use canonical `bundleId`. The prior `exportId` placeholder created a structurally unrecoverable dead-end because the bundles page only knows real bundle identifiers.
+- Decision: keep bundle download resilient with a manifest fallback when the live bundle download stream is unavailable, so operators still get truthful artifact metadata instead of a dead button.
+- Risk: the evidence-export area still contains several demo-backed surfaces. Each future action sweep in this family must keep separating acceptable demo behavior from fake success paths that block real operator flows.
+
+## Next Checkpoints
+- Commit the evidence-export repair iteration locally, clear transient Playwright output noise, then continue the next live route/action sweep from a clean output folder.
--- a/docs/modules/export-center/architecture.md
+++ b/docs/modules/export-center/architecture.md
@@ -78,18 +78,20 @@ All endpoints require Authority-issued JWT + DPoP tokens with scopes `export:run
 | `export_distributions` | Distribution artefacts. | `run_id`, `type` (`http`, `oci`, `object`), `location`, `sha256`, `size_bytes`, `expires_at`. | `expires_at` used for retention policies and automatic pruning. |
 | `export_events` | Timeline of state transitions and metrics. | `run_id`, `event_type`, `message`, `at`, `metrics`. | Feeds SSE stream and audit trails. |

-## Audit bundles (immutable triage exports)
-
-Audit bundles are a specialized Export Center output: a deterministic, immutable evidence pack for a single subject (and optional time window) suitable for audits and incident response.
-
- **Schema**: `docs/modules/evidence-locker/schemas/audit-bundle-index.schema.json` (bundle index/manifest with integrity hashes and referenced artefacts).
+## Audit bundles (immutable triage exports)
+
+Audit bundles are a specialized Export Center output: a deterministic, immutable evidence pack for a single subject (and optional time window) suitable for audits and incident response.
+
+- **Schema**: `docs/modules/evidence-locker/schemas/audit-bundle-index.schema.json` (bundle index/manifest with integrity hashes and referenced artefacts).
 - The index must list Rekor entry ids and RFC3161 timestamp tokens when present; offline bundles record skip reasons in predicates.
 - **Core APIs**:
  - `POST /v1/audit-bundles` - Create a new bundle (async generation).
  - `GET /v1/audit-bundles` - List previously created bundles.
  - `GET /v1/audit-bundles/{bundleId}` - Returns job metadata (`Accept: application/json`) or streams bundle bytes (`Accept: application/octet-stream`).
- **Typical contents**: vuln reports, SBOM(s), VEX decisions, policy evaluations, and DSSE attestations, plus an integrity root hash and optional OCI reference.
- **Reference**: `docs/product/advisories/archived/27-Nov-2025-superseded/28-Nov-2025 - Vulnerability Triage UX & VEX-First Decisioning.md`.
+- **Typical contents**: vuln reports, SBOM(s), VEX decisions, policy evaluations, and DSSE attestations, plus an integrity root hash and optional OCI reference.
+- **Reference**: `docs/product/advisories/archived/27-Nov-2025-superseded/28-Nov-2025 - Vulnerability Triage UX & VEX-First Decisioning.md`.
+
+The Web Export Center quick action for `Export StellaBundle` is expected to use this audit-bundle surface directly. On successful completion the UI must carry the canonical `bundleId` through the `/evidence/exports/bundles` handoff, not a synthetic export-run placeholder, so the operator lands on the real generated bundle inventory and can immediately download, verify, or inspect provenance.

 ## Adapter responsibilities
 - **JSON (`json:raw`, `json:policy`).**
--- a/docs/modules/export-center/implementation_plan.md
+++ b/docs/modules/export-center/implementation_plan.md
@@ -8,7 +8,8 @@ Provide a living plan for Export Center deliverables, dependencies, and evidence
 - Update this file when new scoped work is approved.

 ## Near-term deliverables
- TBD (add when sprint is staffed).
+- Live evidence-export bundle contract alignment and truthful web action handoffs:
+  - `docs/implplan/SPRINT_20260311_006_FE_live_evidence_export_bundle_contract_alignment.md`

 ## Dependencies
 - `docs/modules/export-center/architecture.md`