fix(web): remediate orphan revival regressions
This commit is contained in:
master
@@ -0,0 +1,111 @@
|
||||
# Sprint 20260308-024 - FE Orphan Revival Regression Remediation
|
||||
|
||||
## Topic & Scope
|
||||
- Repair the concrete regressions found in review across the orphan-revival implementation batch before any more revival work proceeds.
|
||||
- Fix the frontend build break, restore canonical evidence-thread navigation, restore lost audit and trust filtering capabilities, and remove fabricated finding evidence from mounted shells.
|
||||
- Keep the remediation bounded to the shipped frontend and its verification/docs; do not reopen unrelated orphan candidates in this sprint.
|
||||
- Working directory: `src/Web/StellaOps.Web`.
|
||||
- Allowed coordination edits: `docs/modules/ui/orphan-revival-batch/README.md`, `docs/modules/ui/TASKS.md`, `docs/modules/ui/implementation_plan.md`, `docs/features/checked/web/`, `src/Web/StellaOps.Web/src/app/shared/components/policy/`, `src/Web/StellaOps.Web/src/app/shared/directives/`, `src/Web/StellaOps.Web/src/app/shared/ui/filter-bar/`, `src/Web/StellaOps.Web/src/app/routes/evidence.routes.ts`, `src/Web/StellaOps.Web/src/app/features/evidence-thread/`, `src/Web/StellaOps.Web/src/app/features/audit-log/`, `src/Web/StellaOps.Web/src/app/features/trust-admin/`, `src/Web/StellaOps.Web/src/app/features/findings/`, and `src/Web/StellaOps.Web/src/app/features/release-orchestrator/`.
|
||||
- Expected evidence: green Angular build, focused frontend tests for each repaired area, one checked-feature note, and sprint execution-log updates.
|
||||
|
||||
## Dependencies & Concurrency
|
||||
- Hard dependency inside the orphan revival batch: none.
|
||||
- External prerequisite already satisfied: the affected orphan-revival commits are already landed on `main` and are the baseline for this remediation.
|
||||
- Safe parallelism:
|
||||
- Do not staff this sprint in parallel with new orphan-revival implementation work on the same files.
|
||||
- This sprint owns remediation of the reviewed regressions across sprints `015`, `019`, `020`, and `021`.
|
||||
|
||||
## Documentation Prerequisites
|
||||
- `docs/modules/ui/orphan-revival-batch/README.md`
|
||||
- `docs/modules/ui/implementation_plan.md`
|
||||
- `src/Web/StellaOps.Web/AGENTS.md`
|
||||
- `src/Web/StellaOps.Web/src/app/shared/ui/filter-bar/filter-bar.component.ts`
|
||||
- `src/Web/StellaOps.Web/src/app/features/evidence-thread/evidence-thread.routes.ts`
|
||||
- `src/Web/StellaOps.Web/src/app/features/findings/container/findings-container.component.ts`
|
||||
- `src/Web/StellaOps.Web/src/app/features/release-orchestrator/releases/release-detail/release-detail.component.ts`
|
||||
|
||||
## Delivery Tracker
|
||||
|
||||
### FE-ORM-001 - Clear build blockers in revived shared policy and glossary code
|
||||
Status: DONE
|
||||
Dependency: none
|
||||
Owners: Developer (FE)
|
||||
Task description:
|
||||
- Repair the broken shared policy-widget imports and strict TypeScript issues introduced by the orphan revival batch so the Angular application builds again.
|
||||
- Keep the fix minimal and bounded to the revived components and directive; do not redesign the widgets in this task.
|
||||
|
||||
Completion criteria:
|
||||
- [x] `npm run build` succeeds in `src/Web/StellaOps.Web`.
|
||||
- [x] Shared policy widget imports resolve correctly.
|
||||
- [x] The glossary directive no longer violates strict-null or typing rules.
|
||||
|
||||
### FE-ORM-002 - Restore canonical evidence-thread navigation behavior
|
||||
Status: DONE
|
||||
Dependency: FE-ORM-001
|
||||
Owners: Developer (FE)
|
||||
Task description:
|
||||
- Repair the evidence-thread list/detail navigation so the reconnected `/evidence/threads/*` URLs are used consistently by row-click, back navigation, and any route-focused regression coverage.
|
||||
|
||||
Completion criteria:
|
||||
- [x] Evidence-thread list rows navigate to `/evidence/threads/:artifactDigest`.
|
||||
- [x] Evidence-thread detail back navigation returns to `/evidence/threads`.
|
||||
- [x] Focused route tests cover the repaired canonical URLs.
|
||||
|
||||
### FE-ORM-003 - Restore full mounted audit and trust filter semantics
|
||||
Status: DONE
|
||||
Dependency: FE-ORM-001
|
||||
Owners: Developer (FE), UX
|
||||
Task description:
|
||||
- Restore the filter capabilities lost during the shared filter-bar migration on mounted audit pages, including actor filtering, custom date support, and any multi-select semantics that the pages previously exposed.
|
||||
- The end result may extend the shared filter bar or use bounded page-local controls, but the mounted pages must regain their previously available filtering behavior.
|
||||
|
||||
Completion criteria:
|
||||
- [x] Audit log page supports actor filtering, custom date ranges, and multi-value module/action/severity filters again.
|
||||
- [x] Trust audit log page supports start and end date filtering again.
|
||||
- [x] Focused tests assert the restored filter-state behavior and request-shape wiring.
|
||||
|
||||
### FE-ORM-004 - Remove fabricated finding evidence from revived mounted consumers
|
||||
Status: DONE
|
||||
Dependency: FE-ORM-001
|
||||
Owners: Developer (FE), Product Manager
|
||||
Task description:
|
||||
- Eliminate fabricated timestamps, synthetic scores, and invented PURLs from the revived findings and release-security consumers.
|
||||
- If the shared finding-list contract cannot be satisfied truthfully for a mounted host, back that host out to its prior truthful presentation instead of synthesizing data.
|
||||
|
||||
Completion criteria:
|
||||
- [x] Mounted findings and release-security surfaces no longer fabricate `last_seen`, `risk_score`, or package identity fields.
|
||||
- [x] Any remaining revived shared finding-list adoption is backed by truthful source data.
|
||||
- [x] Focused tests assert truthful rendering or the bounded rollback decision for the affected hosts.
|
||||
|
||||
### FE-ORM-005 - Verify, document, and sync the remediation
|
||||
Status: DONE
|
||||
Dependency: FE-ORM-002
|
||||
Owners: Test Automation, Documentation author
|
||||
Task description:
|
||||
- Run the focused build and test matrix for the repaired areas, record the outcomes, and sync the UI plan/docs with the remediation result.
|
||||
|
||||
Completion criteria:
|
||||
- [x] Focused frontend tests cover policy build blockers, evidence-thread routing, audit/trust filtering, and findings/release-security behavior.
|
||||
- [x] Checked-feature note exists under `docs/features/checked/web/`.
|
||||
- [x] UI plan/task docs reflect the remediation status and any bounded rollback decisions.
|
||||
|
||||
## Execution Log
|
||||
| Date (UTC) | Update | Owner |
|
||||
| --- | --- | --- |
|
||||
| 2026-03-08 | Sprint created to remediate the concrete regressions found during review of orphan-revival sprints 015, 019, 020, and 021. | Project Manager |
|
||||
| 2026-03-08 | Repaired build blockers in revived policy widgets and glossary tooltip directive so the Angular production build compiles again. | Developer (FE) |
|
||||
| 2026-03-08 | Repaired evidence-thread row and back navigation to use canonical `/evidence/threads/*` URLs. | Developer (FE) |
|
||||
| 2026-03-08 | Restored full mounted audit and trust filter semantics by rolling the audit-log and trust-audit pages back to truthful page-local controls where the shared filter bar could not preserve behavior. | Developer (FE) |
|
||||
| 2026-03-08 | Removed fabricated finding evidence from mounted findings and release-security hosts by rolling those consumers back to their truthful bespoke list/table rendering. | Developer (FE) |
|
||||
| 2026-03-08 | Verified remediation with `npm run build` and focused Angular tests covering policy hosts, evidence-thread routing, audit/trust filtering, and truthful findings/release rendering. | Test Automation |
|
||||
|
||||
## Decisions & Risks
|
||||
- Decision: this sprint prioritizes truthful mounted behavior over preserving every individual orphan adoption. If a revived component forces fabricated data, the mounted host may be rolled back to its prior truthful UI.
|
||||
- Decision: `audit-log-table` and `trust-audit-log` keep page-local filter controls for now; the shared `FilterBarComponent` remains adopted only where it does not remove operator capabilities.
|
||||
- Decision: the shared `FindingListComponent` is no longer used on mounted findings and release-security hosts until a truthful data contract exists for those surfaces.
|
||||
- Risk: older checked-feature notes for orphan revival sprints can drift from current shipped behavior after bounded rollbacks.
|
||||
- Mitigation: record the remediation in a dedicated checked-feature note and sync the UI plan plus orphan-revival batch docs with the rollback decisions.
|
||||
|
||||
## Next Checkpoints
|
||||
- 2026-03-08: build blockers fixed and verified.
|
||||
- 2026-03-09: routing, filter, and findings regressions resolved with focused test evidence.
|
||||
Reference in New Issue
Block a user