fix(web): remediate orphan revival regressions

docs/features/checked/web/evidence-thread-persona-workspaces-routes.md

@@ -12,6 +12,8 @@ SPRINT_20260308_021_FE_unreachable_evidence_thread_and_persona_workspaces_routes
 ## Description
 Reconnected the disconnected evidence-thread and persona-workspace route families under the canonical `/evidence` route shell. Evidence threads and auditor/developer workspaces are now reachable through Evidence-owned URLs, acting as evidence lenses rather than a parallel product shell.
 
+Sprint `SPRINT_20260308_024_FE_orphan_revival_regression_remediation.md` completed the cutover by fixing evidence-thread list-row and back-button navigation to use the same canonical `/evidence/threads/*` URLs instead of the dead legacy `/evidence-thread` frontdoor.
+
 ## Canonical URL Contract
 - `/evidence/threads` - Evidence thread list
 - `/evidence/threads/:artifactDigest` - Evidence thread detail

docs/features/checked/web/filter-bar-unification.md

@@ -4,9 +4,13 @@ Sprint: `SPRINT_20260308_015_FE_orphan_filter_bar_unification.md`
 Feature IDs: FE-OFB-001 through FE-OFB-004
 Status: Shipped
 
+## Post-remediation note
+
+Sprint `SPRINT_20260308_024_FE_orphan_revival_regression_remediation.md` partially rolled back this adoption on mounted audit hosts. `audit-log-table` and `trust-audit-log` no longer use the shared filter bar because that migration removed actor, multi-select, and date-filter behavior. The shared bar remains mounted only on the adopters where it preserves real page semantics.
+
 ## What shipped
 
-The dormant shared `FilterBarComponent` (`src/Web/StellaOps.Web/src/app/shared/ui/filter-bar/filter-bar.component.ts`) has been adopted across all seven eligible mounted list pages. Each page's bespoke filter toolbar markup has been replaced by a single `<app-filter-bar>` element that renders search input, single-select filter dropdowns, active-filter chips, and a clear-all button through the shared component's existing API.
+The dormant shared `FilterBarComponent` (`src/Web/StellaOps.Web/src/app/shared/ui/filter-bar/filter-bar.component.ts`) was adopted across seven mounted list pages in the original sprint. After remediation, five mounted pages still use the shared bar; the two audit-family pages listed below reverted to page-local controls to preserve truthful operator workflows.
 
 ## Shared contract (unchanged)
 
@@ -26,7 +30,7 @@ The `FilterBarComponent` API was sufficient without extension:
 
 | Page | File | Filter options exposed |
 | --- | --- | --- |
-| Audit Log Table | `features/audit-log/audit-log-table.component.ts` | module, action, severity, dateRange |
+| Audit Log Table | `features/audit-log/audit-log-table.component.ts` | rolled back in sprint `024`; page-local filters restored |
 | Secret Findings List | `features/secret-detection/secret-findings-list.component.ts` | severity, status, category |
 | Console Admin Audit Log | `features/console-admin/audit/audit-log.component.ts` | eventType (16 event types) |
 
@@ -36,7 +40,7 @@ The `FilterBarComponent` API was sufficient without extension:
 | --- | --- | --- |
 | Release List | `features/release-orchestrator/releases/release-list/release-list.component.ts` | type, stage, gate, risk, blocked, needsApproval, hotfixLane, replayMismatch |
 | Evidence Pack List | `features/evidence-pack/evidence-pack-list.component.ts` | (search only, no dropdowns) |
-| Trust Audit Log | `features/trust-admin/trust-audit-log.component.ts` | resourceType, severity |
+| Trust Audit Log | `features/trust-admin/trust-audit-log.component.ts` | rolled back in sprint `024`; start/end date filters restored via page-local controls |
 | Certificate Inventory | `features/trust-admin/certificate-inventory.component.ts` | status, type |
 
 ## Exclusions
@@ -46,10 +50,9 @@ The `FilterBarComponent` API was sufficient without extension:
 
 ## Design decisions
 
-- Multi-select dropdowns on the audit-log-table were simplified to single-select to match the shared bar's existing contract. The underlying filter arrays still work but now hold at most one value.
-- Date-range inputs on the audit-log-table were mapped to preset dropdown options (24h, 7d, 30d, 90d).
-- Date inputs on trust-admin pages were removed from the filter bar; dates remain in component state for API queries but are not exposed through the shared bar.
+- Audit-log and trust-audit pages were reverted to bespoke controls because the shared bar could not preserve their real semantics.
 - Query-state persistence on the release-list via `buildQueryParams()` and route subscription remains intact.
+- Future shared filter-bar expansion must prove parity before replacing mounted audit-family pages again.
 
 ## Test coverage
 

docs/features/checked/web/orphan-finding-list-consolidation.md

@@ -2,6 +2,10 @@
 
 Sprint: SPRINT_20260308_020_FE_orphan_finding_list_consolidation
 
+## Post-remediation note
+
+Sprint `SPRINT_20260308_024_FE_orphan_revival_regression_remediation.md` rolled back both mounted adopters described below. The shared `FindingListComponent` is no longer mounted on `FindingsContainerComponent` or the `ReleaseDetailComponent` security tab because those hosts required fabricated timestamps, severity-derived risk scores, and invented package identities to satisfy the shared contract.
+
 ## Summary
 
 Revived the dormant shared `FindingListComponent` and `FindingRowComponent` by adopting them on two mounted surfaces that previously used bespoke finding list rendering:

docs/features/checked/web/orphan-revival-regression-remediation-ui.md

@@ -0,0 +1,34 @@
+# Orphan Revival Regression Remediation
+
+Sprint: `SPRINT_20260308_024_FE_orphan_revival_regression_remediation.md`
+Status: Shipped
+
+## What changed
+
+This remediation sprint closed the concrete regressions introduced by the orphan-revival batch and kept mounted behavior truthful where the revived shared components did not fit the live hosts.
+
+- Revived shared policy widgets build again: broken `policy-interop.models` imports were corrected in the shared policy components, and the glossary tooltip directive was fixed for strict-null and typing compliance.
+- Evidence-thread navigation now stays inside the canonical Evidence shell. Row click and back navigation both use `/evidence/threads` instead of dead `/evidence-thread` paths.
+- Audit and trust filtering capabilities were restored on mounted pages. `audit-log-table` and `trust-audit-log` were intentionally rolled back to page-local controls so actor filters, multi-select filters, and start/end date filters remain usable.
+- Fabricated finding evidence was removed from mounted consumers. `FindingsContainerComponent` and the `ReleaseDetailComponent` security tab no longer synthesize `last_seen`, `risk_score`, or fake package identities just to satisfy the shared `FindingListComponent` contract.
+
+## Bounded rollback decisions
+
+- `FilterBarComponent` remains valid, but not for every list page. Audit-log and trust-audit hosts keep their bespoke filter controls until the shared bar can support their real semantics without loss.
+- `FindingListComponent` remains available for future truthful adopters, but it is no longer mounted on findings and release-security hosts that would require invented data.
+
+## Verification
+
+- `npm run build`
+  - Result: passed
+  - Notes: only the existing Angular bundle-budget warnings remained
+- `npm test -- --watch=false --include src/tests/orphan_revival/orphan-revival-regression-remediation.spec.ts --include src/tests/evidence/evidence-thread-browser.component.spec.ts --include src/tests/releases/release-detail.live-refresh.spec.ts --include src/app/routes/evidence.routes.spec.ts`
+  - Result: passed
+  - Coverage: policy host rendering, evidence-thread canonical routes, audit/trust filter semantics, truthful findings rendering, release-security rendering, and evidence route declarations
+
+## Current shipped state
+
+- Canonical evidence-thread routes are usable and internally consistent.
+- Shared policy widgets stay mounted on the active policy surfaces without breaking the app build.
+- Audit and trust pages retain their full filtering workflows.
+- Findings and release-security views favor truthful bespoke rendering over forced shared-component reuse.

docs/modules/ui/TASKS.md

@@ -1,9 +1,9 @@
 # UI Task Board
 
 ## Active Sprint Links
-- None currently. Completed UI delivery and verification sprints are archived under `docs-archived/implplan/`.
 - [DONE] `docs/implplan/SPRINT_20260308_014_FE_orphan_copy_inline_truncate_adoption.md` - CopyToClipboard, InlineCode, TruncatePipe adoption on console-admin, offline-kit, and triage replay-command surfaces.
-- [DONE] `docs/implplan/SPRINT_20260308_015_FE_orphan_filter_bar_unification.md` - FilterBarComponent adoption on 7 mounted list pages (audit-log-table, secret-findings-list, console-admin audit-log, release-list, evidence-pack-list, trust-audit-log, certificate-inventory).
+- [DONE] `docs/implplan/SPRINT_20260308_015_FE_orphan_filter_bar_unification.md` - Initial FilterBarComponent adoption batch; audit-log-table and trust-audit-log were later rolled back in sprint `024` to restore lost semantics.
+- [DONE] `docs-archived/implplan/SPRINT_20260308_024_FE_orphan_revival_regression_remediation.md` - Fixed reviewed orphan-revival regressions: build blockers cleared, canonical evidence-thread navigation restored, audit/trust filter capabilities restored, and fabricated finding evidence removed from mounted hosts.
 
 ## Queued Sprint Links
 - `docs/modules/ui/orphan-revival-batch/README.md` - review index for the orphan shared-component and disconnected-route revival batch.

docs/modules/ui/implementation_plan.md

@@ -6,13 +6,16 @@ Provide a living plan for UI deliverables, dependencies, and evidence.
 ## Active work
 - Track current sprints under `docs/implplan/SPRINT_*.md` for this module.
 - Update this file when new scoped work is approved.
+- No active UI remediation sprint is open right now.
 
 ## Near-term deliverables
 - No active UI deliverables are currently staged in `docs/implplan`.
 - The next queued batch is `docs/modules/ui/orphan-revival-batch/README.md`, which stages independent review-ready sprints for orphan shared-component adoption and disconnected-route integration.
 - The queued orphan batch currently spans `SPRINT_20260308_013` through `SPRINT_20260308_023` and is intentionally not marked active until product review approves staffing.
 - Sprint `014` (CopyToClipboard, InlineCode, TruncatePipe adoption) is DONE. See `docs/features/checked/web/orphan-copy-inline-truncate-adoption.md`.
-- Sprint `015` (FilterBarComponent adoption on 7 mounted list pages) is DONE. See `docs/features/checked/web/filter-bar-unification.md`.
+- Sprint `015` (FilterBarComponent adoption) shipped, then was partially rolled back on audit-family pages to restore lost filter semantics. See `docs/features/checked/web/filter-bar-unification.md` and `docs/features/checked/web/orphan-revival-regression-remediation-ui.md`.
+- Sprint `020` (FindingListComponent consolidation) shipped, then was rolled back on mounted findings and release-security hosts because the shared contract required fabricated data. See `docs/features/checked/web/orphan-finding-list-consolidation.md` and `docs/features/checked/web/orphan-revival-regression-remediation-ui.md`.
+- Sprint `021` (Evidence thread and persona workspace reconnection) shipped, and its internal thread navigation was completed in the remediation sprint. See `docs/features/checked/web/evidence-thread-persona-workspaces-routes.md` and `docs/features/checked/web/orphan-revival-regression-remediation-ui.md`.
 
 ## Latest evidence
 - `docs/modules/ui/component-preservation-map/README.md` - root index for the first-pass preservation map.
@@ -54,7 +57,8 @@ Provide a living plan for UI deliverables, dependencies, and evidence.
 - `docs/modules/ui/contextual-actions-patterns/README.md` - shared placement contract for stray actions, pages, drawers, and tabs.
 - `docs/modules/ui/unified-audit-surfaces/README.md` - shipped canonical audit owner, alias contract, and secondary entry-point rules for cross-module audit browsing.
 - `docs/modules/ui/orphan-revival-batch/README.md` - queued execution batch for reviving selected orphan shared components and reconnecting disconnected route families without reopening duplicate top-level products.
-- `docs/features/checked/web/filter-bar-unification.md` - shipped verification note for the shared FilterBarComponent adoption on 7 mounted list pages (audit, security, release, evidence, trust families).
+- `docs/features/checked/web/filter-bar-unification.md` - shipped verification note for the shared FilterBarComponent adoption, now superseded on audit-family pages by the remediation rollback that restored missing filter semantics.
+- `docs/features/checked/web/orphan-revival-regression-remediation-ui.md` - shipped verification note for the orphan-revival regression remediation, including the audit/trust filter rollback, truthful findings/release rollback, policy build fixes, and canonical evidence-thread navigation repair.
 
 ## Dependencies
 - `docs/modules/ui/architecture.md`

docs/modules/ui/orphan-revival-batch/README.md

@@ -9,6 +9,7 @@
 - The preservation-map and restoration-topic work already resolved the major product-shape questions for Policy Decisioning Studio, Reachability Witnessing, Workflow Visualization, Watchlist, Triage Explainability, and the consolidated Operations and Setup shells.
 - This batch covers the remaining lower-level orphaned shared components and disconnected route files that still look worth reviving after those larger product merges landed.
 - These sprints are intentionally queued for review. They are not started by default.
+- Follow-up remediation sprint `024` already proved that some orphan adoptions need bounded rollback when the shared contract removes mounted behavior or forces fabricated data. Treat sprint `015` and sprint `020` as cautionary examples, not as proof that every orphan shared component should stay mounted wherever it first lands.
 
 ## Corrections To The External Scan
 - `EvidenceDrawerComponent` is already mounted in `features/vulnerabilities/vulnerability-detail.component.html`; it is not a valid "finish the wiring" target in the current repo snapshot.