stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity

Archive 84 completed sprints, create FTUX sprint

Browse Source 
All sprint tasks marked DONE verified via Playwright canonical route sweep
(111/111 routes passing). Remaining active: Sprint 025 (BLOCKED on Node
heap exhaustion in full test suite).

New sprint: SPRINT_20260316_001 — First-Time User Experience Fixes (7 tasks).

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
master
2026-03-16 02:04:59 +02:00
parent 0aedf787fe
commit f4d3ef76db
92 changed files with 781 additions and 17 deletions
Download Patch File Download Diff File Expand all files Collapse all files

91
docs/implplan/SPRINT_20260308_013_FE_orphan_domain_signal_chips_adoption.md
View File

@@ -1,91 +0,0 @@
# Sprint 20260308_013 - FE Orphan Domain Signal Chips Adoption
## Topic & Scope
- Replace hand-rolled digest truncation/copy markup with `DigestChipComponent` in mounted consumers.
- Replace bespoke reachability state text/badges with `ReachabilityStateChipComponent` in mounted consumers.
- Working directory: `src/Web/StellaOps.Web`.
- Expected evidence: updated component files, focused Angular tests, checked-feature note.
## Dependencies & Concurrency
- No upstream sprint dependencies.
- Do NOT touch `finding-list` or `finding-row` consumers (reserved for sprint 020).
- Do NOT reopen dead witness pages or reconnect route files.
## Documentation Prerequisites
- `src/Web/StellaOps.Web/src/app/shared/domain/digest-chip/digest-chip.component.ts`
- `src/Web/StellaOps.Web/src/app/shared/domain/reachability-state-chip/reachability-state-chip.component.ts`
## Delivery Tracker
### FE-ODSC-001 - Freeze consumer list
Status: DONE
Dependency: none
Owners: Developer (FE)
Task description:
- Read the source chip components.
- Search `features/` for mounted consumers that hand-roll digest truncation/copy or reachability state display.
- Verify each consumer is reachable from the current route tree.
- Record the frozen list in the execution log.
Completion criteria:
- [x] Frozen list recorded in Execution Log
- [x] Each consumer verified as mounted via route tree
### FE-ODSC-002 - Adopt DigestChipComponent
Status: DONE
Dependency: FE-ODSC-001
Owners: Developer (FE)
Task description:
- In the frozen consumer list, replace ad-hoc digest truncation and copy markup with `DigestChipComponent`.
- Import it in each consumer's imports array and use `<app-digest-chip>` in templates.
- Preserve verification labels.
Completion criteria:
- [x] DigestChipComponent imported and used in each frozen digest consumer
- [x] Hand-rolled truncation/copy methods removed from adopted consumers
- [x] Existing verification labels preserved
### FE-ODSC-003 - Adopt ReachabilityStateChipComponent
Status: DONE
Dependency: FE-ODSC-001
Owners: Developer (FE)
Task description:
- In the frozen reachability consumer list, replace bespoke reachability text/badges with `ReachabilityStateChipComponent`.
- Import and use `<app-reachability-state-chip>` in templates.
- Map existing data into the chip's state/confidence inputs.
Completion criteria:
- [x] ReachabilityStateChipComponent imported and used in each frozen reachability consumer
- [x] Bespoke reachability display logic retained for backward compat (reachabilityLabel kept as it is used in filtering)
- [x] Data mapped correctly into state/confidence inputs via reachabilityState() helper
### FE-ODSC-004 - Verify and document
Status: DONE
Dependency: FE-ODSC-002, FE-ODSC-003
Owners: Developer (FE)
Task description:
- Add focused Angular tests for the adopted consumers.
- Create a checked-feature note under `docs/features/checked/web/`.
- Update the sprint execution log with results.
Completion criteria:
- [x] Focused Angular tests added for adopted consumers
- [x] Checked-feature note created at `docs/features/checked/web/domain-signal-chips-adoption.md`
- [x] Sprint execution log updated with results
## Execution Log
| Date (UTC) | Update | Owner |
| --- | --- | --- |
| 2026-03-08 | Sprint created; FE-ODSC-001 DOING. | Developer (FE) |
| 2026-03-08 | FE-ODSC-001 DONE. Frozen consumer list: **DigestChip**: (1) `releases-list-page.component.ts` (route: `releases.routes.ts`, has `shortDigest()`+`copyDigest()`), (2) `evidence-thread-view.component.ts/html` (route: `evidence-thread.routes.ts`, has `shortDigest()`+`copyDigest()`), (3) `evidence-thread-list.component.ts/html` (route: `evidence-thread.routes.ts`, has `shortDigest()`), (4) `attestation-links.component.ts` (child of lineage, routed via `lineage.routes.ts`, has `truncateDigest()`+`copyDigest()`). **ReachabilityStateChip**: (1) `reachability-center.component.ts/html` (route: `security.routes.ts` + `security-risk.routes.ts`, has `reachabilityLabel()`+`confidenceLabel()`). All verified as mounted. | Developer (FE) |
| 2026-03-08 | FE-ODSC-002 DONE. DigestChipComponent adopted in all 4 frozen consumers. Removed 4 hand-rolled `shortDigest`/`truncateDigest` methods and 3 `copyDigest` methods. Imported DigestChipComponent in each consumer's imports array. | Developer (FE) |
| 2026-03-08 | FE-ODSC-003 DONE. ReachabilityStateChipComponent adopted in reachability-center. Added `reachabilityState()` helper to map `isReachable` boolean to `ReachabilityState` type. Retained `reachabilityLabel()` and `confidenceLabel()` for backward compat with filter logic. | Developer (FE) |
| 2026-03-08 | FE-ODSC-004 DONE. Created 3 focused test files: releases-list-page.component.spec.ts (6 tests), attestation-links.component.spec.ts (7 tests), reachability-center-chip-adoption.component.spec.ts (6 tests). Updated existing evidence-thread-view spec to remove shortDigest reference. Created checked-feature note at `docs/features/checked/web/domain-signal-chips-adoption.md`. | Developer (FE) |
## Decisions & Risks
- Scope limited to mounted (currently routed) surfaces only.
- finding-list/finding-row excluded per sprint 020 reservation.
- Dead witness pages and disconnected route files excluded.
## Next Checkpoints
- All tasks DONE by end of sprint.

95
docs/implplan/SPRINT_20260308_014_FE_orphan_copy_inline_truncate_adoption.md
View File

@@ -1,95 +0,0 @@
# Sprint 20260308-014 - FE Orphan Copy, Inline Code, And Truncate Adoption
## Topic & Scope
- Revive the dormant utility primitives that standardize copy behavior and inline technical text presentation.
- Adopt `CopyToClipboardComponent`, `InlineCodeComponent`, and the shared `TruncatePipe` on mounted operator and admin surfaces that still hand-roll these patterns.
- Keep this sprint away from DSSE, proof-chain, and quick-verify consumers reserved for sprint `018`.
- Working directory: `src/Web/StellaOps.Web`.
- Allowed coordination edits: `docs/modules/ui/orphan-revival-batch/README.md`, `docs/modules/ui/TASKS.md`, `docs/modules/ui/implementation_plan.md`, `docs/features/checked/web/`, `src/Web/StellaOps.Web/src/app/shared/ui/`, `src/Web/StellaOps.Web/src/app/shared/pipes/`, `src/Web/StellaOps.Web/src/app/features/console-admin/`, `src/Web/StellaOps.Web/src/app/features/offline-kit/`, `src/Web/StellaOps.Web/src/app/features/triage/components/replay-command/`, `src/Web/StellaOps.Web/src/app/features/trust-admin/`, and `src/Web/StellaOps.Web/src/app/features/release-orchestrator/`.
- Expected evidence: targeted Angular tests on adopted consumers, one checked-feature note, and sprint execution-log updates.
## Dependencies & Concurrency
- Hard dependency inside the orphan revival batch: none.
- External prerequisite already satisfied: console admin, trust administration, offline operations, triage, and release shells are already mounted in the current product.
- Safe parallelism:
- Can run in parallel with all other queued sprints.
- Do not modify DSSE, proof-chain, evidence-drawer, or quick-verify consumers reserved for sprint `018`.
## Documentation Prerequisites
- `docs/modules/ui/orphan-revival-batch/README.md`
- `src/Web/StellaOps.Web/AGENTS.md`
- `src/Web/StellaOps.Web/src/app/shared/ui/copy-to-clipboard/copy-to-clipboard.component.ts`
- `src/Web/StellaOps.Web/src/app/shared/ui/inline-code/inline-code.component.ts`
- `src/Web/StellaOps.Web/src/app/shared/pipes/truncate.pipe.ts`
## Delivery Tracker
### FE-OCI-001 - Freeze mounted utility adoption list
Status: DONE
Dependency: none
Owners: Developer (FE), Project Manager
Task description:
- Freeze a bounded consumer list of mounted surfaces where copy, inline code, and truncation are currently bespoke.
- Keep the list inside the files reserved for this sprint so other orphan revival sprints can run in parallel without editing the same consumers.
Completion criteria:
- [x] Consumer list is recorded in the execution log.
- [x] Every chosen consumer is mounted in the current product.
- [x] Proof and evidence consumers reserved for sprint `018` are explicitly excluded.
### FE-OCI-002 - Adopt `CopyToClipboardComponent`
Status: DONE
Dependency: FE-OCI-001
Owners: Developer (FE)
Task description:
- Replace bespoke copy-button markup and repeated clipboard handlers in the frozen consumer list with `CopyToClipboardComponent` where the user interaction is a direct field copy.
- Keep route-changing or workflow-triggering copy flows outside this sprint.
Completion criteria:
- [x] Adopted consumers use `CopyToClipboardComponent` for direct field-copy actions.
- [x] Existing success and failure feedback remains operator-visible.
- [x] Redundant local clipboard helpers are removed from the adopted consumers.
### FE-OCI-003 - Adopt `InlineCodeComponent` and `TruncatePipe`
Status: DONE
Dependency: FE-OCI-001
Owners: Developer (FE)
Task description:
- Replace raw `<code>` tags and ad hoc truncation helpers in the frozen consumer list with `InlineCodeComponent` and `TruncatePipe`.
- Preserve semantics and readability; this sprint standardizes presentation, not page layout.
Completion criteria:
- [x] Adopted consumers use `InlineCodeComponent` for inline technical identifiers.
- [x] Manual truncation helpers are replaced by the shared pipe where appropriate.
- [x] No adopted surface loses access to the full underlying value.
### FE-OCI-004 - Verify and document utility revival
Status: DONE
Dependency: FE-OCI-002
Owners: Test Automation, Documentation author
Task description:
- Add focused Angular coverage for the adopted consumers and document the shipped utility-adoption slice.
Completion criteria:
- [x] Focused Angular tests cover the adopted utility consumers.
- [x] Checked-feature note exists under `docs/features/checked/web/`.
- [x] UI plan/task docs reflect the shipped utility revival.
## Execution Log
| Date (UTC) | Update | Owner |
| --- | --- | --- |
| 2026-03-08 | Sprint created from the orphan-revival batch to revive copy, inline code, and truncation utilities on mounted non-proof consumers. | Project Manager |
| 2026-03-08 | FE-OCI-001 DONE. Frozen consumer list: **CopyToClipboard**: (1) console-admin/clients/clients-list (copySecret), (2) triage/components/replay-command (copyCommand). **InlineCode**: (1) console-admin/clients/clients-list (clientId, tenantId, secret), (2) console-admin/audit/audit-log (tenantId, resourceId, eventId), (3) console-admin/roles/roles-list (scope, roleId), (4) console-admin/users/users-list (tenantId), (5) console-admin/tokens/tokens-list (tokenId, clientId, tenantId), (6) offline-kit/jwks-management (kid, fingerprint), (7) triage/replay-command (hash-value). **TruncatePipe**: (1) console-admin/tokens/tokens-list (formatTokenId). Excluded: all evidence-panel, attestation-viewer, snapshot-viewer, DSSE, proof-chain, quick-verify, triage-workspace attestation copy, release-orchestrator evidence-detail. | Developer (FE) |
| 2026-03-08 | FE-OCI-002 DONE. Replaced bespoke `copySecret()` in clients-list with `<app-copy-to-clipboard>`. Replaced bespoke `copyCommand()`, `getCopyButtonContent()`, DomSanitizer usage in replay-command with `<app-copy-to-clipboard>`. Removed redundant clipboard helpers from both consumers. | Developer (FE) |
| 2026-03-08 | FE-OCI-003 DONE. Replaced bare `<code>` tags with `<app-inline-code>` in 7 consumers: clients-list (2), audit-log (5), roles-list (2), users-list (1), tokens-list (3), jwks-management (3), replay-command (1). Replaced `formatTokenId()` bespoke truncation in tokens-list with TruncatePipe. Full tokenId exposed via title attribute. | Developer (FE) |
| 2026-03-08 | FE-OCI-004 DONE. Created 5 test files: copy-to-clipboard.component.spec.ts (9 cases), inline-code.component.spec.ts (6 cases), truncate.pipe.spec.ts (11 cases), clients-list.component.spec.ts (5 cases), tokens-list.component.spec.ts (6 cases). Created checked-feature note at docs/features/checked/web/orphan-copy-inline-truncate-adoption.md. Updated TASKS.md and implementation_plan.md. | Developer (FE) |
## Decisions & Risks
- Decision: this sprint is limited to direct copy actions and simple inline technical text.
- Decision: proof and evidence viewers are excluded because they are owned by sprint `018`.
- Risk: replacing bespoke copy handlers blindly could remove route-specific side effects.
- Mitigation: freeze the consumer list first and only adopt cases that are pure copy affordances.
## Next Checkpoints
- 2026-03-09: utility adoption list frozen.
- 2026-03-10: targeted Angular verification criteria agreed.

95
docs/implplan/SPRINT_20260308_015_FE_orphan_filter_bar_unification.md
View File

@@ -1,95 +0,0 @@
# Sprint 20260308-015 - FE Orphan Filter Bar Unification
## Topic & Scope
- Revive `FilterBarComponent` by adopting it on mounted list pages that still maintain bespoke filter toolbars.
- Keep all filter-bar work in one sprint so the shared contract and its adopter pages evolve together without cross-agent conflicts.
- Keep the work to list-filter UX; this sprint does not redesign result tables, column layouts, or pagination.
- Working directory: `src/Web/StellaOps.Web`.
- Allowed coordination edits: `docs/modules/ui/orphan-revival-batch/README.md`, `docs/modules/ui/TASKS.md`, `docs/modules/ui/implementation_plan.md`, `docs/features/checked/web/`, `src/Web/StellaOps.Web/src/app/shared/ui/filter-bar/`, `src/Web/StellaOps.Web/src/app/features/audit-log/`, `src/Web/StellaOps.Web/src/app/features/vex-hub/`, `src/Web/StellaOps.Web/src/app/features/release-orchestrator/releases/release-list/`, `src/Web/StellaOps.Web/src/app/features/evidence-pack/`, `src/Web/StellaOps.Web/src/app/features/trust-admin/`, `src/Web/StellaOps.Web/src/app/features/secret-detection/`, and `src/Web/StellaOps.Web/src/app/features/console-admin/`.
- Expected evidence: focused Angular tests on adopted pages, one checked-feature note, and sprint execution-log updates.
## Dependencies & Concurrency
- Hard dependency inside the orphan revival batch: none.
- External prerequisite already satisfied: the list pages named in scope already exist inside mounted shells.
- Safe parallelism:
- Runs in parallel with every other queued sprint.
- No other sprint in this batch should edit `shared/ui/filter-bar` while this sprint is active.
## Documentation Prerequisites
- `docs/modules/ui/orphan-revival-batch/README.md`
- `src/Web/StellaOps.Web/src/app/shared/ui/filter-bar/filter-bar.component.ts`
- `src/Web/StellaOps.Web/src/app/features/audit-log/`
- `src/Web/StellaOps.Web/src/app/features/vex-hub/`
## Delivery Tracker
### FE-OFB-001 - Freeze adopted list-page set and shared contract
Status: DONE
Dependency: none
Owners: Developer (FE), UX
Task description:
- Freeze the shared `FilterBarComponent` contract and the mounted list pages that will adopt it in this sprint.
- Resolve gaps in the shared component API once, then reuse that contract across the selected pages.
Completion criteria:
- [x] Selected adopter pages are listed in the execution log.
- [x] Shared filter-bar API changes are bounded before consumer migration starts.
- [x] Dead or duplicate pages are explicitly excluded.
### FE-OFB-002 - Migrate security and audit list pages
Status: DONE
Dependency: FE-OFB-001
Owners: Developer (FE)
Task description:
- Migrate the selected mounted security and audit list pages to `FilterBarComponent`.
Completion criteria:
- [x] Selected security and audit pages render the shared filter bar.
- [x] Search, active-filter chips, and clear-all behavior still work.
- [x] Existing query-state or filter-state persistence remains intact.
### FE-OFB-003 - Migrate release, evidence, and trust list pages
Status: DONE
Dependency: FE-OFB-001
Owners: Developer (FE)
Task description:
- Migrate the selected mounted release, evidence, and trust list pages to `FilterBarComponent`.
Completion criteria:
- [x] Selected release, evidence, and trust pages render the shared filter bar.
- [x] Existing filter semantics are preserved.
- [x] Hand-rolled duplicate filter-toolbar markup is removed from adopted pages.
### FE-OFB-004 - Verify and document filter-bar revival
Status: DONE
Dependency: FE-OFB-002
Owners: Test Automation, Documentation author
Task description:
- Add focused Angular coverage for the adopted pages and document the shipped filter-bar unification slice.
Completion criteria:
- [x] Focused Angular tests cover the shared filter bar and at least one adopter from each migrated page family.
- [x] Checked-feature note exists under `docs/features/checked/web/`.
- [x] UI plan/task docs reflect the shipped filter-bar adoption.
## Execution Log
| Date (UTC) | Update | Owner |
| --- | --- | --- |
| 2026-03-08 | Sprint created from the orphan-revival batch to unify mounted list-page filters behind the dormant shared `FilterBarComponent`. | Project Manager |
| 2026-03-08 | FE-OFB-001 DONE. Frozen adopter list: (FE-OFB-002) audit-log-table, secret-findings-list, console-admin audit-log; (FE-OFB-003) release-list, evidence-pack-list, trust-audit-log, certificate-inventory. Excluded: vex-statement-search (dedicated search page with tightly coupled search UX), console-admin CRUD pages (users, clients, roles, tenants, tokens -- no bespoke filter toolbar). Shared API is sufficient: search input + single-select FilterOption dropdowns + ActiveFilter chips + clear-all. No API extension needed. | Developer (FE) |
| 2026-03-08 | FE-OFB-002 DONE. Migrated audit-log-table (module/action/severity/dateRange filters), secret-findings-list (severity/status/category), and console-admin audit-log (eventType with 16 options). Removed bespoke filter toolbar markup and CSS. Multi-select simplified to single-select; date-range mapped to presets. | Developer (FE) |
| 2026-03-08 | FE-OFB-003 DONE. Migrated release-list (8 filter groups with query-state persistence), evidence-pack-list (search only), trust-audit-log (resourceType/severity), and certificate-inventory (status/type). Removed bespoke filter toolbar markup and CSS from all four pages. | Developer (FE) |
| 2026-03-08 | FE-OFB-004 DONE. Created filter-bar.component.spec.ts (10 tests), audit-log-table.component.spec.ts (12 tests for filter-bar adoption), added 13 filter-bar adoption tests to certificate-inventory.component.spec.ts. Created checked-feature note at docs/features/checked/web/filter-bar-unification.md. Updated TASKS.md and implementation_plan.md. | Test Automation, Documentation author |
## Decisions & Risks
- Decision: all filter-bar adoption stays in one sprint because the shared component contract is the coordination point.
- Risk: some list pages may have page-specific filter semantics that do not fit the shared bar cleanly.
- Mitigation: freeze the shared contract before migrating pages and record explicit exclusions.
- Decision: multi-select dropdowns on audit-log-table were simplified to single-select to match the shared bar's existing contract. Underlying filter arrays still work but hold at most one value.
- Decision: date-range inputs on the audit-log-table were mapped to preset dropdown options (24h, 7d, 30d, 90d) rather than extending the shared component with date-range inputs.
- Decision: date inputs on trust-admin pages were removed from the shared filter bar; date state remains in the component for API queries.
- Decision: vex-statement-search was excluded because its search UX is deeply coupled and constitutes a dedicated search experience, not a list filter toolbar.
## Next Checkpoints
- 2026-03-09: shared filter-bar contract frozen.
- 2026-03-11: adopter-page migration criteria agreed.

91
docs/implplan/SPRINT_20260308_016_FE_orphan_persona_visibility_directives.md
View File

@@ -1,91 +0,0 @@
# Sprint 20260308-016 - FE Orphan Persona Visibility Directives
## Topic & Scope
- Revive `stellaAuditorOnly` and `stellaOperatorOnly` by adopting them in mounted shells that already present persona-specific decisions or detail density.
- Keep the sprint focused on conditional visibility and view-mode behavior, not on introducing separate persona route trees.
- Limit the first rollout to active release, evidence, and promotion workflows so this sprint stays independent from findings and policy component adoption.
- Working directory: `src/Web/StellaOps.Web`.
- Allowed coordination edits: `docs/modules/ui/orphan-revival-batch/README.md`, `docs/modules/ui/TASKS.md`, `docs/modules/ui/implementation_plan.md`, `docs/features/checked/web/`, `src/Web/StellaOps.Web/src/app/shared/directives/`, `src/Web/StellaOps.Web/src/app/shared/components/view-mode-toggle/`, `src/Web/StellaOps.Web/src/app/core/services/view-mode.service.ts`, `src/Web/StellaOps.Web/src/app/features/evidence-audit/`, `src/Web/StellaOps.Web/src/app/features/release-orchestrator/releases/release-detail/`, `src/Web/StellaOps.Web/src/app/features/promotions/`, and `src/Web/StellaOps.Web/src/app/features/evidence-export/`.
- Expected evidence: focused Angular tests, one checked-feature note, and sprint execution-log updates.
## Dependencies & Concurrency
- Hard dependency inside the orphan revival batch: none.
- External prerequisite already satisfied: the host shells are already mounted and the existing `ViewModeService` contract exists.
- Safe parallelism:
- Can run in parallel with all route reconnection sprints.
- Can run in parallel with sprints `017`, `018`, `019`, and `020` because this sprint excludes their primary consumer files.
## Documentation Prerequisites
- `docs/modules/ui/orphan-revival-batch/README.md`
- `src/Web/StellaOps.Web/src/app/shared/directives/auditor-only.directive.ts`
- `src/Web/StellaOps.Web/src/app/shared/directives/operator-only.directive.ts`
- `src/Web/StellaOps.Web/src/app/core/services/view-mode.service.ts`
## Delivery Tracker
### FE-OPV-001 - Freeze mounted persona-sensitive consumer list
Status: DONE
Dependency: none
Owners: Developer (FE), Product Manager
Task description:
- Freeze the mounted consumer list where persona-specific visibility is already implied by the product, such as evidence detail, release actions, or promotion review.
- Keep the first adoption set small and high-signal.
Completion criteria:
- [x] Consumer list is recorded in the execution log.
- [x] Every consumer belongs to a mounted shell.
- [x] Consumers are selected because the persona distinction is operationally meaningful, not cosmetic.
### FE-OPV-002 - Adopt persona visibility directives
Status: DONE
Dependency: FE-OPV-001
Owners: Developer (FE)
Task description:
- Replace imperative persona toggling or always-on dense detail with `stellaAuditorOnly` and `stellaOperatorOnly` in the frozen consumer list.
Completion criteria:
- [x] Adopted consumers render persona-specific sections via the shared directives.
- [x] View-mode changes update the UI deterministically.
- [x] No adopted screen loses required operator actions.
### FE-OPV-003 - Surface the existing view-mode toggle where needed
Status: DONE
Dependency: FE-OPV-002
Owners: Developer (FE), UX
Task description:
- Expose `ViewModeToggleComponent` on the selected mounted shells if the mode switch is not already reachable from the page context.
Completion criteria:
- [x] Every adopted consumer has a clear way to switch persona mode.
- [x] Toggle placement matches current shell or header patterns.
- [x] Mode state persists according to the existing `ViewModeService` contract.
### FE-OPV-004 - Verify and document persona revival
Status: DONE
Dependency: FE-OPV-002
Owners: Test Automation, Documentation author
Task description:
- Add focused Angular coverage for directive-driven visibility and document the shipped persona slice.
Completion criteria:
- [x] Angular tests cover mode switching and conditional rendering on adopted consumers.
- [x] Checked-feature note exists under `docs/features/checked/web/`.
- [x] UI plan/task docs reflect the shipped persona adoption.
## Execution Log
| Date (UTC) | Update | Owner |
| --- | --- | --- |
| 2026-03-08 | Sprint created from the orphan-revival batch to adopt dormant persona-visibility directives on mounted evidence, release, and promotion shells. | Project Manager |
| 2026-03-08 | FE-OPV-001: Frozen consumer list -- 6 mounted shells: evidence-audit-overview, release-detail, promotion-detail, provenance-visualization, evidence-bundles, export-center. 12 directive placements total (7 auditor-only, 5 operator-only). All consumers are operationally meaningful: auditor sections show proof chains/checksums/replay, operator sections show decision actions/promote/deploy. | Developer (FE) |
| 2026-03-08 | FE-OPV-002: Applied `*stellaAuditorOnly` and `*stellaOperatorOnly` structural directives on all frozen consumers. Imported directives as standalone. View-mode changes update visibility deterministically via Angular signal-driven effects. | Developer (FE) |
| 2026-03-08 | FE-OPV-003: Surfaced `ViewModeToggleComponent` on all 6 adopted shells in header/action-bar positions consistent with existing layout patterns. Mode state persists via localStorage through `ViewModeService`. | Developer (FE) |
| 2026-03-08 | FE-OPV-004: Created `evidence-audit-overview.component.spec.ts` with 5 focused tests (toggle rendering, operator/auditor stat visibility, deterministic toggle cycle). Created checked-feature note at `docs/features/checked/web/persona-visibility-directive-adoption.md`. | Test Automation |
## Decisions & Risks
- Decision: this sprint revives persona visibility, not persona-specific route trees.
- Risk: teams may overuse the directives and hide content that should remain common to both personas.
- Mitigation: freeze the first adoption set and require operationally meaningful persona value in the execution log.
## Next Checkpoints
- 2026-03-09: consumer set frozen. (DONE)
- 2026-03-10: directive adoption criteria agreed. (DONE)

78
docs/implplan/SPRINT_20260308_017_FE_orphan_glossary_tooltips_adoption.md
View File

@@ -1,78 +0,0 @@
# Sprint 20260308-017 - FE Orphan Glossary Tooltip Adoption
## Topic & Scope
- Revive the dormant `stellaopsGlossaryTooltip` directive on mounted jargon-heavy shells.
- Use the existing plain-language and glossary services to reduce operator learning cost without creating a second documentation system.
- Keep the adoption focused on policy, trust, and findings terminology already visible in current UI so this sprint stays independent from the persona-visibility rollout.
- Working directory: `src/Web/StellaOps.Web`.
- Allowed coordination edits: `docs/modules/ui/orphan-revival-batch/README.md`, `docs/modules/ui/TASKS.md`, `docs/modules/ui/implementation_plan.md`, `docs/features/checked/web/`, `src/Web/StellaOps.Web/src/app/shared/directives/`, `src/Web/StellaOps.Web/src/app/shared/services/`, `src/Web/StellaOps.Web/src/app/features/policy-decisioning/`, `src/Web/StellaOps.Web/src/app/features/findings/`, `src/Web/StellaOps.Web/src/app/features/trust-admin/`, and `src/Web/StellaOps.Web/src/app/features/vex-hub/`.
- Expected evidence: focused Angular tests, one checked-feature note, and sprint execution-log updates.
## Dependencies & Concurrency
- Hard dependency inside the orphan revival batch: none.
- External prerequisite already satisfied: the plain-language service and glossary term store already exist.
- Safe parallelism:
- Can run in parallel with every other queued sprint.
- Do not edit the exact same templates chosen by another sprint if staffing changes the consumer set.
## Documentation Prerequisites
- `docs/modules/ui/orphan-revival-batch/README.md`
- `src/Web/StellaOps.Web/src/app/shared/directives/glossary-tooltip.directive.ts`
- `src/Web/StellaOps.Web/src/app/shared/services/plain-language.service.ts`
## Delivery Tracker
### FE-OGT-001 - Freeze term and consumer set
Status: DONE
Dependency: none
Owners: Developer (FE), UX
Task description:
- Freeze the mounted consumer templates and glossary terms to be enriched in this sprint.
- Keep the first adoption set bounded to current high-friction policy, trust, and findings jargon.
Completion criteria:
- [x] Consumer templates are listed in the execution log.
- [x] Adopted terms already exist in the current glossary service or are explicitly added within sprint scope.
- [x] No dead route trees or deprecated shells are included.
### FE-OGT-002 - Adopt glossary tooltips on mounted shells
Status: DONE
Dependency: FE-OGT-001
Owners: Developer (FE)
Task description:
- Apply the tooltip directive to the frozen mounted consumers using current template copy and glossary entries.
Completion criteria:
- [x] Selected mounted shells render glossary tooltips on the chosen terms.
- [x] Tooltip behavior is additive and does not block current actions.
- [x] Tooltip copy stays plain-language and operator-facing.
### FE-OGT-003 - Verify and document glossary revival
Status: DONE
Dependency: FE-OGT-002
Owners: Test Automation, Documentation author
Task description:
- Add focused Angular coverage around directive rendering and document the shipped glossary slice.
Completion criteria:
- [x] Angular tests cover directive attachment and tooltip availability on adopted consumers.
- [x] Checked-feature note exists under `docs/features/checked/web/`.
- [x] UI plan/task docs reflect the shipped glossary adoption.
## Execution Log
| Date (UTC) | Update | Owner |
| --- | --- | --- |
| 2026-03-08 | Sprint created from the orphan-revival batch to adopt dormant glossary tooltips on mounted jargon-heavy shells. | Project Manager |
| 2026-03-08 | FE-OGT-001: Frozen consumer set -- 3 mounted shells: vex-hub-dashboard, trust-admin, policy-decisioning-overview-page. 7 directive placements total (2 specific-term VEX, 1 specific-term CVE, 4 autoDetect). Findings excluded: all jargon is behind TranslatePipe i18n keys, not raw template text suitable for DOM-level auto-detection. | Developer (FE) |
| 2026-03-08 | FE-OGT-002: Applied `stellaopsGlossaryTooltip` attribute directive on all frozen consumers. VEX-hub uses `[term]` for targeted VEX/CVE terms. Trust-admin and policy-decisioning use `[autoDetect]="true"` for broader term scanning. Tooltip behavior is additive (hover/focus) and does not interfere with existing click handlers or navigation. | Developer (FE) |
| 2026-03-08 | FE-OGT-003: Created `policy-decisioning-overview-page.component.spec.ts` with 5 focused tests (directive attachment on h2, hero copy, card descriptions; term wrapping when plain language enabled; no wrapping when disabled). Created checked-feature note at `docs/features/checked/web/glossary-tooltip-directive-adoption.md`. | Test Automation |
## Decisions & Risks
- Decision: glossary tooltips are additive UX help, not a replacement for page copy.
- Risk: over-applying the directive could create noisy tooltip density.
- Mitigation: freeze the initial term set and limit the first rollout to high-friction jargon.
- Decision: findings-list excluded from this sprint because its visible text is fully i18n-driven via TranslatePipe; glossary auto-detect operates on DOM text content and would not detect terms embedded in translation keys.
## Next Checkpoints
- 2026-03-09: term set frozen. (DONE)
- 2026-03-10: directive adoption criteria agreed. (DONE)

95
docs/implplan/SPRINT_20260308_018_FE_orphan_evidence_proof_component_adoption.md
View File

@@ -1,95 +0,0 @@
# Sprint 20260308-018 - FE Orphan Evidence Proof Component Adoption
## Topic & Scope
- Revive the dormant proof and verification widgets that still fit naturally inside already shipped Evidence, Triage, and Releases experiences.
- Adopt `EvidenceChecklistComponent`, `QuickVerifyDrawerComponent`, `ProofChainViewerComponent`, and `DsseEnvelopeViewerComponent` on mounted evidence-investigation flows.
- Explicit non-goal: do not create a second evidence product shell and do not reopen the already-corrected `EvidenceDrawerComponent` claim unless a fresh mounted-gap check proves a real missing integration.
- Working directory: `src/Web/StellaOps.Web`.
- Allowed coordination edits: `docs/modules/ui/orphan-revival-batch/README.md`, `docs/modules/ui/TASKS.md`, `docs/modules/ui/implementation_plan.md`, `docs/features/checked/web/`, `src/Web/StellaOps.Web/src/app/shared/components/evidence-checklist/`, `src/Web/StellaOps.Web/src/app/shared/components/quick-verify-drawer/`, `src/Web/StellaOps.Web/src/app/shared/components/proof-chain-viewer.component.ts`, `src/Web/StellaOps.Web/src/app/shared/components/dsse-envelope-viewer.component.ts`, `src/Web/StellaOps.Web/src/app/features/evidence-audit/`, `src/Web/StellaOps.Web/src/app/features/evidence-export/`, `src/Web/StellaOps.Web/src/app/features/triage/`, and `src/Web/StellaOps.Web/src/app/features/release-orchestrator/evidence/`.
- Expected evidence: focused Angular tests, one checked-feature note, and sprint execution-log updates.
## Dependencies & Concurrency
- Hard dependency inside the orphan revival batch: none.
- External prerequisite already satisfied: the canonical Evidence shell, release evidence flows, and triage evidence hosts are already shipped.
- Safe parallelism:
- Can run in parallel with sprints `013`, `014`, `015`, `021`, `022`, and `023`.
- This sprint exclusively owns proof-chain, DSSE, quick-verify, and evidence-checklist adoption targets while staffed.
## Documentation Prerequisites
- `docs/modules/ui/orphan-revival-batch/README.md`
- `src/Web/StellaOps.Web/AGENTS.md`
- `src/Web/StellaOps.Web/src/app/shared/components/evidence-checklist/evidence-checklist.component.ts`
- `src/Web/StellaOps.Web/src/app/shared/components/quick-verify-drawer/quick-verify-drawer.component.ts`
- `src/Web/StellaOps.Web/src/app/shared/components/proof-chain-viewer.component.ts`
- `src/Web/StellaOps.Web/src/app/shared/components/dsse-envelope-viewer.component.ts`
## Delivery Tracker
### FE-OEP-001 - Freeze mounted proof-verification adopter list
Status: DONE
Dependency: none
Owners: Developer (FE), Project Manager
Task description:
- Freeze the mounted host pages that will adopt the dormant proof-verification widgets.
- Recheck the current repo snapshot so the sprint only targets real gaps and explicitly records why `EvidenceDrawerComponent` is not the primary adoption target.
Completion criteria:
- [x] Mounted adopter list is recorded in the execution log.
- [x] Every adopted host belongs to an already shipped Evidence, Triage, or Releases flow.
- [x] The evidence-drawer correction and any related exclusions are recorded.
### FE-OEP-002 - Adopt quick verification and checklist flows
Status: DONE
Dependency: FE-OEP-001
Owners: Developer (FE)
Task description:
- Wire `QuickVerifyDrawerComponent` and `EvidenceChecklistComponent` into the frozen mounted hosts where they complete real operator verification workflows.
- Ensure the revived widgets open from current evidence actions rather than from orphan navigation.
Completion criteria:
- [x] Quick verify is reachable from the adopted mounted hosts.
- [x] Evidence checklist content is shown in a real evidence or VEX-completeness workflow.
- [x] The adopted flows use current route or drawer patterns instead of legacy dead-shell affordances.
### FE-OEP-003 - Adopt proof-chain and DSSE viewers
Status: DONE
Dependency: FE-OEP-001
Owners: Developer (FE)
Task description:
- Wire `ProofChainViewerComponent` and `DsseEnvelopeViewerComponent` into the frozen mounted hosts where proof-chain or attestation detail is currently weaker than the dormant component capability.
Completion criteria:
- [x] Adopted hosts render the shared proof-chain viewer or DSSE viewer instead of bespoke partial implementations.
- [x] Proof-chain and envelope detail remain contextual to the parent flow.
- [x] No new top-level route is introduced for these widgets.
### FE-OEP-004 - Verify and document proof-component revival
Status: DONE
Dependency: FE-OEP-002
Owners: Test Automation, Documentation author
Task description:
- Add focused Angular coverage for the revived proof-verification components in their mounted hosts and document the shipped slice.
Completion criteria:
- [x] Angular tests cover the revived proof-verification widgets in mounted consumers.
- [x] Checked-feature note exists under `docs/features/checked/web/`.
- [x] UI plan/task docs reflect the proof-verification adoption.
## Execution Log
| Date (UTC) | Update | Owner |
| --- | --- | --- |
| 2026-03-08 | Sprint created from the orphan-revival batch to revive dormant proof-verification widgets inside mounted Evidence, Triage, and Releases flows. | Project Manager |
| 2026-03-08 | FE-OEP-001 DONE. Frozen adopter list: (1) evidence-bundles.component.ts: QuickVerifyDrawerComponent, (2) replay-controls.component.ts: QuickVerifyDrawerComponent, (3) vex-decision-modal.component.ts: EvidenceChecklistComponent, (4) provenance-visualization.component.ts: ProofChainViewerComponent, (5) triage-attestation-detail-modal.component.ts: DsseEnvelopeViewerComponent, (6) evidence-detail.component.ts: ProofChainViewerComponent + DsseEnvelopeViewerComponent + QuickVerifyDrawerComponent. EvidenceDrawerComponent (EvidencePacketDrawerComponent) confirmed already mounted in evidence-list.component.ts and evidence-center-page.component.ts -- no gap, excluded from this sprint. | Developer (FE) |
| 2026-03-08 | FE-OEP-002 DONE. QuickVerifyDrawerComponent wired into evidence-bundles (opens from bundle verify action), replay-controls (opens from result Quick Verify button), and evidence-detail (opens from header Quick Verify button). EvidenceChecklistComponent wired into vex-decision-modal (new Required Evidence section before Review, driven by VexStatus-to-checklist-status computed). All flows use current drawer/signal patterns. | Developer (FE) |
| 2026-03-08 | FE-OEP-003 DONE. ProofChainViewerComponent wired into provenance-visualization (maps ProvenanceNode to ChainNode via computed) and evidence-detail (maps gate results + approvals to ChainNode[]). DsseEnvelopeViewerComponent wired into triage-attestation-detail-modal (replaces raw JSON section, maps raw attestation data to DsseEnvelope) and evidence-detail (builds DsseEnvelope from signature data). No new routes introduced. Build verified clean on all modified files. | Developer (FE) |
| 2026-03-08 | FE-OEP-004 DONE. Added focused Angular tests to 6 spec files: vex-decision-modal (checklistStatus mapping + template rendering), triage-attestation-detail-modal (dsseEnvelope/dsseDisplayData computed + DSSE viewer rendering + fallback), provenance-visualization (proofChainNodes mapping + filtering + verification status + rendering), evidence-bundles (quick-verify open/close/complete), replay-controls (quick-verify open/close/complete), evidence-detail (new spec: signatureDsseEnvelope, proofChainNodes, quick-verify lifecycle). Created checked-feature note at docs/features/checked/web/orphan-evidence-proof-component-adoption.md. Fixed VerifyResult.passed -> .verified type error in evidence-detail. All tasks DONE. Sprint complete. | Test Automation, Documentation |
## Decisions & Risks
- Decision: proof and verification widgets must be absorbed into current Evidence, Triage, and Releases flows rather than restored as a separate product shell.
- Decision: `EvidenceDrawerComponent` is not assumed to be missing; the sprint must explicitly confirm any current gap before touching it.
- Risk: the proof widgets may overlap with bespoke evidence UI already shipped in triage or release detail.
- Mitigation: freeze mounted hosts first and record explicit exclusions where the current shell already provides an equivalent or better UX.
## Next Checkpoints
- 2026-03-09: mounted adopter list frozen.
- 2026-03-11: widget-adoption criteria agreed.

96
docs/implplan/SPRINT_20260308_019_FE_orphan_policy_component_adoption.md
View File

@@ -1,96 +0,0 @@
# Sprint 20260308-019 - FE Orphan Policy Component Adoption
## Topic & Scope
- Revive the dormant shared policy widgets that still fit the current Policy Decisioning Studio and release-context policy workflows.
- Adopt `PolicyEvaluatePanelComponent`, `PolicyPackEditorComponent`, and `RemediationHintComponent` inside the shipped `/ops/policy` shell and current release decisioning surfaces.
- Keep the sprint inside the canonical policy shell; do not restore Policy Studio as a separate navigation branch.
- Working directory: `src/Web/StellaOps.Web`.
- Allowed coordination edits: `docs/modules/ui/orphan-revival-batch/README.md`, `docs/modules/ui/TASKS.md`, `docs/modules/ui/implementation_plan.md`, `docs/features/checked/web/`, `src/Web/StellaOps.Web/src/app/shared/components/policy/`, `src/Web/StellaOps.Web/src/app/features/policy-decisioning/`, `src/Web/StellaOps.Web/src/app/features/policy-gates/`, and `src/Web/StellaOps.Web/src/app/features/release-orchestrator/`.
- Expected evidence: focused Angular tests, one checked-feature note, and sprint execution-log updates.
## Dependencies & Concurrency
- Hard dependency inside the orphan revival batch: none.
- External prerequisite already satisfied: the canonical Policy Decisioning Studio shell and release-context policy entry points are already shipped.
- Safe parallelism:
- Can run in parallel with every other queued sprint.
- This sprint exclusively owns adoption of the shared policy widget family while staffed.
## Documentation Prerequisites
- `docs/modules/ui/policy-decisioning-studio/README.md`
- `docs/modules/ui/orphan-revival-batch/README.md`
- `src/Web/StellaOps.Web/AGENTS.md`
- `src/Web/StellaOps.Web/src/app/shared/components/policy/policy-evaluate-panel.component.ts`
- `src/Web/StellaOps.Web/src/app/shared/components/policy/policy-pack-editor.component.ts`
- `src/Web/StellaOps.Web/src/app/shared/components/policy/remediation-hint.component.ts`
- `src/Web/StellaOps.Web/src/app/features/policy-decisioning/policy-decisioning.routes.ts`
## Delivery Tracker
### FE-OPC-001 - Freeze mounted policy host pages and data contracts
Status: DONE
Dependency: none
Owners: Developer (FE), Product Manager
Task description:
- Freeze the mounted host pages inside the current policy and release decisioning flows that will adopt the dormant shared policy widgets.
- Confirm that the current API contracts provide enough data for the widgets or explicitly scope any contract gaps.
Completion criteria:
- [x] Mounted policy hosts are recorded in the execution log.
- [x] Data-contract assumptions for each adopted widget are recorded.
- [x] Dead policy-studio pages are explicitly excluded.
### FE-OPC-002 - Adopt evaluation and remediation widgets
Status: DONE
Dependency: FE-OPC-001
Owners: Developer (FE)
Task description:
- Wire `PolicyEvaluatePanelComponent` and `RemediationHintComponent` into the frozen mounted policy and release-context hosts where they make gate outcomes and next actions more usable.
Completion criteria:
- [x] Mounted hosts render the shared evaluation panel or remediation hints where appropriate.
- [x] Current gate verdict semantics remain consistent with the shipped policy shell.
- [x] Remediation content stays contextual to the gate or release decision being viewed.
### FE-OPC-003 - Adopt pack editor on canonical policy authoring paths
Status: DONE
Dependency: FE-OPC-001
Owners: Developer (FE)
Task description:
- Wire `PolicyPackEditorComponent` into the frozen mounted policy authoring or editing flows if it improves the canonical policy shell without reviving a parallel editor branch.
Completion criteria:
- [x] The shared pack editor is adopted only on canonical authoring paths inside `/ops/policy`.
- [x] There is no second editor route tree outside the canonical policy shell.
- [x] Any editor exclusions are recorded if the current shell already has a stronger purpose-built editor.
### FE-OPC-004 - Verify and document policy-widget revival
Status: DONE
Dependency: FE-OPC-002
Owners: Test Automation, Documentation author
Task description:
- Add focused Angular coverage for the revived policy widgets and document the shipped adoption slice.
Completion criteria:
- [x] Angular tests cover the adopted policy widgets in their mounted hosts.
- [x] Checked-feature note exists under `docs/features/checked/web/`.
- [x] UI plan/task docs reflect the shared policy-widget adoption.
## Execution Log
| Date (UTC) | Update | Owner |
| --- | --- | --- |
| 2026-03-08 | Sprint created from the orphan-revival batch to revive dormant shared policy widgets inside the canonical Policy Decisioning and release-context flows. | Project Manager |
| 2026-03-08 | FE-OPC-001: Frozen mounted host matrix. Hosts: (1) `PolicyDecisioningGatesPageComponent` at `/ops/policy/gates/*` - adopts PolicyEvaluatePanelComponent + RemediationHintComponent; (2) `PolicyEditorComponent` at `/ops/policy/packs/:packId/edit` - adopts PolicyPackEditorComponent as visual gate config sidebar. Excluded: `features/releases/release-flow.component` already has its own bespoke `RemediationHintsComponent` with domain-specific step/action/copy semantics. Data contracts: PolicyEvaluateResponse and PolicyPackDocument from policy-interop.models.ts are compatible. The gates page derives PolicyEvaluateResponse from its existing GateResult[] data. The pack editor derives PolicyPackDocument from PolicyPack metadata. | Developer (FE) |
| 2026-03-08 | FE-OPC-002: Wired PolicyEvaluatePanelComponent and RemediationHintComponent (via evaluate panel's imports) into PolicyDecisioningGatesPageComponent. Added policyEvaluateResult computed signal that maps GateResult[] to PolicyEvaluateResponse with decision banner, gate table, and remediation hints. | Developer (FE) |
| 2026-03-08 | FE-OPC-003: Wired PolicyPackEditorComponent into PolicyEditorComponent sidebar at `/ops/policy/packs/:packId/edit`. Visual gate config complements the Monaco DSL editor. No second editor route tree created. Exclusion recorded: the Monaco editor is the purpose-built authoring tool; the shared pack editor provides visual gate configuration alongside it. | Developer (FE) |
| 2026-03-08 | FE-OPC-004: Added focused Angular tests for both adoption hosts. Created checked-feature note. | Developer (FE) |
## Decisions & Risks
- Decision: this sprint strengthens the canonical policy shell instead of restoring Policy Studio as a sibling product.
- Risk: some shared policy widgets may lag behind the current policy shell's route model or data contract.
- Mitigation: freeze host pages first and record any widget that should remain dormant because it no longer fits the canonical experience.
- Decision: PolicyPackEditorComponent is adopted as a sidebar visual config tool within the existing `/ops/policy/packs/:packId/edit` route, not as a replacement for the Monaco DSL editor.
- Decision: The release-flow's bespoke RemediationHintsComponent (features/releases/) is excluded because it uses a different data contract (PolicyGateResult/RemediationStep from release.models) with domain-specific step actions, automated triggers, and copy-to-clipboard that the shared RemediationHintComponent does not support.
## Next Checkpoints
- 2026-03-09: mounted policy hosts frozen.
- 2026-03-11: widget-adoption criteria agreed.

96
docs/implplan/SPRINT_20260308_020_FE_orphan_finding_list_consolidation.md
View File

@@ -1,96 +0,0 @@
# Sprint 20260308-020 - FE Orphan Finding List Consolidation
## Topic & Scope
- Revive `FindingListComponent` and `FindingRowComponent` by adopting them on mounted findings, triage, and release-review surfaces that still maintain separate bespoke lists.
- Use this sprint to consolidate the shared finding-list family, not to redesign every findings workflow.
- Explicit non-goals: do not touch vulnerability-explorer consumers reserved for sprint `013`, and do not absorb unrelated filter-toolbar work reserved for sprint `015`.
- Working directory: `src/Web/StellaOps.Web`.
- Allowed coordination edits: `docs/modules/ui/orphan-revival-batch/README.md`, `docs/modules/ui/TASKS.md`, `docs/modules/ui/implementation_plan.md`, `docs/features/checked/web/`, `src/Web/StellaOps.Web/src/app/shared/components/finding-list.component.ts`, `src/Web/StellaOps.Web/src/app/shared/components/finding-row.component.ts`, `src/Web/StellaOps.Web/src/app/features/findings/`, `src/Web/StellaOps.Web/src/app/features/triage/`, and `src/Web/StellaOps.Web/src/app/features/release-orchestrator/`.
- Expected evidence: focused Angular tests, one checked-feature note, and sprint execution-log updates.
## Dependencies & Concurrency
- Hard dependency inside the orphan revival batch: none.
- External prerequisite already satisfied: findings, triage, and release-review shells are already mounted.
- Safe parallelism:
- Can run in parallel with sprint `013` because vulnerability-explorer consumers are excluded.
- Can run in parallel with route-reconnection sprints because this sprint does not own router parent files.
- This sprint exclusively owns `finding-list` and `finding-row` while staffed.
## Documentation Prerequisites
- `docs/modules/ui/orphan-revival-batch/README.md`
- `src/Web/StellaOps.Web/AGENTS.md`
- `src/Web/StellaOps.Web/src/app/shared/components/finding-list.component.ts`
- `src/Web/StellaOps.Web/src/app/shared/components/finding-row.component.ts`
- `src/Web/StellaOps.Web/src/app/features/findings/findings-list.component.ts`
- `src/Web/StellaOps.Web/src/app/features/triage/triage-workspace.component.ts`
## Delivery Tracker
### FE-OFL-001 - Freeze mounted list-host matrix
Status: DONE
Dependency: none
Owners: Developer (FE), Project Manager
Task description:
- Freeze the mounted findings, triage, and release-review hosts that will adopt the shared finding-list family.
- Record any list host that should stay bespoke because its interaction model is materially different.
Completion criteria:
- [x] Mounted host matrix is recorded in the execution log.
- [x] Hosts reserved for other sprints are explicitly excluded.
- [x] Compatibility notes for each adopted host are recorded.
### FE-OFL-002 - Adopt shared finding list on canonical findings surfaces
Status: DONE
Dependency: FE-OFL-001
Owners: Developer (FE)
Task description:
- Replace bespoke list rendering on the selected canonical findings surfaces with the shared `FindingListComponent` and `FindingRowComponent` where the interaction model aligns.
Completion criteria:
- [x] Selected findings surfaces render the shared list family.
- [x] Sorting, expansion, and core status affordances remain usable.
- [x] Any required host-level adapters stay bounded to the findings family.
### FE-OFL-003 - Adopt shared finding list on triage and release-review surfaces
Status: DONE
Dependency: FE-OFL-001
Owners: Developer (FE)
Task description:
- Extend the shared finding-list family to the frozen triage and release-review hosts where that consolidation improves consistency without flattening domain-specific actions.
Completion criteria:
- [x] Selected triage and release-review hosts render the shared list family.
- [x] Domain-specific actions remain available in the adopted hosts.
- [x] Hosts that do not fit the shared list are explicitly excluded with reasons.
### FE-OFL-004 - Verify and document finding-list revival
Status: DONE
Dependency: FE-OFL-002
Owners: Test Automation, Documentation author
Task description:
- Add focused Angular coverage for the shared finding-list adoption and document the shipped consolidation slice.
Completion criteria:
- [x] Angular tests cover the shared finding-list family in mounted consumers.
- [x] Checked-feature note exists under `docs/features/checked/web/`.
- [x] UI plan/task docs reflect the finding-list consolidation.
## Execution Log
| Date (UTC) | Update | Owner |
| --- | --- | --- |
| 2026-03-08 | Sprint created from the orphan-revival batch to revive the dormant shared finding-list family across mounted findings, triage, and release-review surfaces. | Project Manager |
| 2026-03-08 | FE-OFL-001: Frozen mounted host matrix. Shared FindingListComponent/FindingRowComponent accept FindingEvidenceResponse[] from triage-evidence.models.ts. ADOPT: (1) FindingsContainerComponent at features/findings/container/ — currently uses bespoke FindingsListComponent (app-findings-list) with Finding[] interface; will map Finding to FindingEvidenceResponse via host adapter. (2) ReleaseDetailComponent at features/release-orchestrator/releases/release-detail/ — currently uses inline table with SecurityFindingProjection; will map SecurityFindingProjection to FindingEvidenceResponse via host adapter. EXCLUDED (bespoke stays): (3) FindingsDetailPageComponent at features/triage/components/findings-detail-page/ — card-based layout with triage lane toggle, gated buckets, gating reason filter; interaction model is materially different from shared tabular list. (4) TriageWorkspaceComponent at features/triage/ — uses FindingCardModel (Vulnerability + AffectedComponent) with deeply integrated keyboard navigation, VEX decision modals, AI recommendations, reachability drawers, bulk VEX; interaction model is materially different. (5) VulnerabilityExplorerComponent at features/vulnerabilities/ — reserved for sprint 013, explicitly excluded. | Developer (FE) |
| 2026-03-08 | FE-OFL-002: Replaced bespoke FindingsListComponent (app-findings-list) usage in FindingsContainerComponent with shared FindingListComponent (stella-finding-list). Added findingEvidenceItems computed signal that maps Finding[] to FindingEvidenceResponse[] via mapFindingToEvidence() adapter. Severity maps to risk_score (critical=90, high=70, medium=45, low=20). Status maps to VEX status where applicable (fixed -> fixed, excepted -> not_affected). Sorting and expansion provided by shared component. | Developer (FE) |
| 2026-03-08 | FE-OFL-003: Adopted shared FindingListComponent on ReleaseDetailComponent security-inputs tab. Replaced bespoke inline HTML table with stella-finding-list. Added securityFindingEvidenceItems computed signal that maps SecurityFindingProjection[] to FindingEvidenceResponse[] via mapSecurityFindingToEvidence() adapter. Reachability is mapped to reachable_path. VEX status is forwarded where not under_investigation. Added onSecurityFindingSelected handler that navigates to triage workspace with release context. Triage surfaces (FindingsDetailPageComponent, TriageWorkspaceComponent) excluded per host matrix — interaction models are materially different. | Developer (FE) |
| 2026-03-08 | FE-OFL-004: Added focused Angular tests for both adoption hosts. Created findings-container-finding-list-adoption.component.spec.ts (11 tests) and release-detail-finding-list-adoption.component.spec.ts (10 tests). Created checked-feature note at docs/features/checked/web/orphan-finding-list-consolidation.md. All four tasks DONE. | Developer (FE) |
## Decisions & Risks
- Decision: this sprint consolidates the shared finding-list family across mounted shells instead of restoring any dead findings prototype wholesale.
- Risk: some hosts may rely on bespoke actions or lane semantics that do not fit the shared list without awkward adapters.
- Mitigation: freeze the host matrix first and explicitly record any host that should remain purpose-built.
- Decision: FindingsDetailPageComponent and TriageWorkspaceComponent stay bespoke because their card-based layouts, lane filtering, gating reason display, keyboard triage shortcuts, and VEX decision modals are materially different from the shared tabular finding-list family. Adopting the shared list would require flattening these domain-specific interaction models.
- Decision: FindingsContainerComponent and ReleaseDetailComponent adopt the shared list because their rendering is simple tabular display that aligns with the shared component's table-based layout. Host-level adapters will bridge their data contracts (Finding/SecurityFindingProjection) to FindingEvidenceResponse.
## Next Checkpoints
- 2026-03-09: mounted host matrix frozen.
- 2026-03-11: consolidation criteria agreed.

94
docs/implplan/SPRINT_20260308_021_FE_unreachable_evidence_thread_and_persona_workspaces_routes.md
View File

@@ -1,94 +0,0 @@
# Sprint 20260308-021 - FE Unreachable Evidence Thread And Persona Workspaces Routes
## Topic & Scope
- Reconnect the disconnected evidence-centric route files that still fit the current Evidence shell.
- Mount `EVIDENCE_THREAD_ROUTES` and the auditor or developer workspace routes under the canonical `/evidence` route family.
- Keep these routes inside the Evidence product; do not create separate top-level persona navigation.
- Working directory: `src/Web/StellaOps.Web`.
- Allowed coordination edits: `docs/modules/ui/orphan-revival-batch/README.md`, `docs/modules/ui/TASKS.md`, `docs/modules/ui/implementation_plan.md`, `docs/features/checked/web/`, `src/Web/StellaOps.Web/src/app/routes/evidence.routes.ts`, `src/Web/StellaOps.Web/src/app/features/evidence-thread/`, `src/Web/StellaOps.Web/src/app/features/workspaces/auditor/`, `src/Web/StellaOps.Web/src/app/features/workspaces/developer/`, and the mounted Evidence host components that expose entry points.
- Expected evidence: route-focused Angular tests, one checked-feature note, and sprint execution-log updates.
## Dependencies & Concurrency
- Hard dependency inside the orphan revival batch: none.
- External prerequisite already satisfied: the current `/evidence` shell is already canonical and mounted.
- Safe parallelism:
- Can run in parallel with sprints `013` through `020`.
- Can run in parallel with sprints `022` and `023` because the route-parent ownership does not overlap.
## Documentation Prerequisites
- `docs/modules/ui/orphan-revival-batch/README.md`
- `src/Web/StellaOps.Web/AGENTS.md`
- `src/Web/StellaOps.Web/src/app/routes/evidence.routes.ts`
- `src/Web/StellaOps.Web/src/app/features/evidence-thread/evidence-thread.routes.ts`
- `src/Web/StellaOps.Web/src/app/features/workspaces/auditor/auditor-workspace.routes.ts`
- `src/Web/StellaOps.Web/src/app/features/workspaces/developer/developer-workspace.routes.ts`
## Delivery Tracker
### FE-UET-001 - Freeze mount points and URL contract
Status: DONE
Dependency: none
Owners: Developer (FE), Product Manager
Task description:
- Freeze the canonical URLs, breadcrumb behavior, and owning entry points for evidence threads and persona workspaces before reconnecting any routes.
- Keep the URL contract under `/evidence` so the routes remain anchored in the shipped Evidence shell.
Completion criteria:
- [x] Canonical URL contract is recorded in the execution log.
- [x] Evidence-thread and persona-workspace host entry points are identified.
- [x] No separate top-level persona menu is introduced.
### FE-UET-002 - Reconnect evidence-thread routes
Status: DONE
Dependency: FE-UET-001
Owners: Developer (FE)
Task description:
- Mount `EVIDENCE_THREAD_ROUTES` under the canonical Evidence route family and wire entry points from current evidence surfaces where the drill-in is meaningful.
Completion criteria:
- [x] Evidence threads are reachable from the canonical `/evidence` route family.
- [x] Entry points come from mounted evidence surfaces instead of dead navigation.
- [x] Route titles and breadcrumbs align with current Evidence-shell patterns.
### FE-UET-003 - Reconnect auditor and developer workspace routes
Status: DONE
Dependency: FE-UET-001
Owners: Developer (FE)
Task description:
- Mount the auditor and developer workspace routes under the canonical Evidence route family with an explicit role segment or equivalent bounded pattern.
- Ensure the workspaces behave as alternate evidence lenses, not as a parallel product shell.
Completion criteria:
- [x] Auditor and developer workspaces are reachable from canonical Evidence-owned URLs.
- [x] Route ownership remains inside the Evidence shell.
- [x] Persona workspace entry points are bounded to relevant mounted evidence contexts.
### FE-UET-004 - Verify and document route reconnection
Status: DONE
Dependency: FE-UET-002
Owners: Test Automation, Documentation author
Task description:
- Add focused route and host-integration coverage for the reconnected evidence routes and document the shipped slice.
Completion criteria:
- [x] Route-focused Angular tests cover the reconnected evidence-thread and persona-workspace URLs.
- [x] Checked-feature note exists under `docs/features/checked/web/`.
- [x] UI plan/task docs reflect the evidence-route reconnection.
## Execution Log
| Date (UTC) | Update | Owner |
| --- | --- | --- |
| 2026-03-08 | Sprint created from the orphan-revival batch to reconnect evidence threads and persona workspaces under the canonical Evidence shell. | Project Manager |
| 2026-03-08 | FE-UET-001: Canonical URL contract frozen. Threads at /evidence/threads, workspaces at /evidence/workspaces/{auditor,developer}/:artifactDigest. No top-level persona menu. | Developer (FE) |
| 2026-03-08 | FE-UET-002: EVIDENCE_THREAD_ROUTES mounted under /evidence/threads via loadChildren in evidence.routes.ts. Breadcrumb data added to thread routes. | Developer (FE) |
| 2026-03-08 | FE-UET-003: AUDITOR_WORKSPACE_ROUTES and DEVELOPER_WORKSPACE_ROUTES mounted under /evidence/workspaces/{auditor,developer} via loadChildren. Breadcrumb data added. | Developer (FE) |
| 2026-03-08 | FE-UET-004: Route-focused tests created at evidence.routes.spec.ts. Checked-feature note at docs/features/checked/web/evidence-thread-persona-workspaces-routes.md. | Developer (FE) |
## Decisions & Risks
- Decision: evidence threads and persona workspaces remain Evidence-owned drill-ins, not standalone products.
- Risk: persona workspace routes could sprawl into a parallel persona-navigation scheme if mounted carelessly.
- Mitigation: freeze the URL contract first and require all routes to live under `/evidence`.
## Next Checkpoints
- 2026-03-09: Evidence-owned URL contract frozen.
- 2026-03-11: route-reconnection criteria agreed.

96
docs/implplan/SPRINT_20260308_022_FE_unreachable_release_investigation_routes.md
View File

@@ -1,96 +0,0 @@
# Sprint 20260308-022 - FE Unreachable Release Investigation Routes
## Topic & Scope
- Integrate the disconnected release-investigation route files into the canonical Releases product instead of reviving them as separate legacy products.
- Cover the disconnected `timeline`, `deploy-diff`, and `change-trace` route families.
- Important correction: the old timeline route cannot reclaim `/releases/runs/:runId/timeline` because that path is already owned by the shipped run workspace. This sprint must decide whether timeline functionality is absorbed into the current run workspace or mounted as a bounded secondary investigation route.
- Working directory: `src/Web/StellaOps.Web`.
- Allowed coordination edits: `docs/modules/ui/orphan-revival-batch/README.md`, `docs/modules/ui/TASKS.md`, `docs/modules/ui/implementation_plan.md`, `docs/features/checked/web/`, `src/Web/StellaOps.Web/src/app/routes/releases.routes.ts`, `src/Web/StellaOps.Web/src/app/features/timeline/`, `src/Web/StellaOps.Web/src/app/features/deploy-diff/`, `src/Web/StellaOps.Web/src/app/features/change-trace/`, `src/Web/StellaOps.Web/src/app/features/deployments/`, and mounted release or deployment host components that expose entry points.
- Expected evidence: route-focused Angular tests, one checked-feature note, and sprint execution-log updates.
## Dependencies & Concurrency
- Hard dependency inside the orphan revival batch: none.
- External prerequisite already satisfied: the current `/releases` run workspace and deployment history are already canonical and mounted.
- Safe parallelism:
- Can run in parallel with sprints `013` through `020`.
- Can run in parallel with sprints `021` and `023` because route-parent ownership does not overlap.
## Documentation Prerequisites
- `docs/modules/ui/workflow-visualization-replay/README.md`
- `docs/modules/ui/orphan-revival-batch/README.md`
- `src/Web/StellaOps.Web/AGENTS.md`
- `src/Web/StellaOps.Web/src/app/routes/releases.routes.ts`
- `src/Web/StellaOps.Web/src/app/features/timeline/timeline.routes.ts`
- `src/Web/StellaOps.Web/src/app/features/deploy-diff/deploy-diff.routes.ts`
- `src/Web/StellaOps.Web/src/app/features/change-trace/change-trace.routes.ts`
## Delivery Tracker
### FE-URI-001 - Freeze canonical release-investigation URL contract
Status: DONE
Dependency: none
Owners: Developer (FE), Product Manager
Task description:
- Freeze the canonical URLs, entry points, and ownership rules for timeline, deploy diff, and change trace before reconnecting anything.
- Resolve the timeline duplication explicitly by choosing absorb-into-current-run-workspace or bounded-secondary-route, then record the decision.
Completion criteria:
- [x] Canonical URL contract is recorded in the execution log.
- [x] Timeline absorb-vs-secondary-route decision is recorded.
- [x] Deploy-diff and change-trace hosts are identified inside the Releases product.
### FE-URI-002 - Reconnect deploy-diff and change-trace
Status: DONE
Dependency: FE-URI-001
Owners: Developer (FE)
Task description:
- Mount the disconnected deploy-diff and change-trace routes under canonical Releases-owned URLs and wire entry points from current deployment history or release detail contexts.
Completion criteria:
- [x] Deploy diff is reachable from a canonical Releases-owned URL.
- [x] Change trace is reachable from a canonical Releases-owned URL.
- [x] Entry points come from mounted deployment or release surfaces, not legacy dead navigation.
### FE-URI-003 - Integrate timeline investigation flow
Status: DONE
Dependency: FE-URI-001
Owners: Developer (FE)
Task description:
- Implement the recorded timeline decision by either absorbing the disconnected timeline capability into the current run workspace or mounting it as a bounded secondary route that does not collide with the shipped run tab.
Completion criteria:
- [x] Timeline functionality is reachable through the canonical Releases shell without colliding with the shipped run tab contract.
- [x] The final shape matches the decision recorded in `FE-URI-001`.
- [x] Any deliberately excluded legacy timeline behaviors are documented.
### FE-URI-004 - Verify and document release-investigation reconnection
Status: DONE
Dependency: FE-URI-002
Owners: Test Automation, Documentation author
Task description:
- Add focused route and host-integration coverage for the reconnected release-investigation routes and document the shipped slice.
Completion criteria:
- [x] Route-focused Angular tests cover the canonical release-investigation URLs.
- [x] Checked-feature note exists under `docs/features/checked/web/`.
- [x] UI plan/task docs reflect the release-investigation reconnection.
## Execution Log
| Date (UTC) | Update | Owner |
| --- | --- | --- |
| 2026-03-08 | Sprint created from the orphan-revival batch to integrate disconnected release-investigation routes into the canonical Releases product. | Project Manager |
| 2026-03-08 | FE-URI-001: URL contract frozen. Timeline decision: bounded-secondary-route at /releases/investigation/timeline (not absorb). Rationale: investigation timeline is correlation-based across services, distinct from run workspace timeline tab showing execution flow. Deploy-diff at /releases/investigation/deploy-diff, change-trace at /releases/investigation/change-trace. | Developer (FE) |
| 2026-03-08 | FE-URI-002: DEPLOY_DIFF_ROUTES and changeTraceRoutes mounted under /releases/investigation/ via loadChildren. Breadcrumb data added to both route files. | Developer (FE) |
| 2026-03-08 | FE-URI-003: TIMELINE_ROUTES mounted at /releases/investigation/timeline as bounded secondary route. No collision with shipped runs/:runId/timeline tab. Legacy standalone /timeline route not revived. | Developer (FE) |
| 2026-03-08 | FE-URI-004: Route-focused tests created at releases.routes.spec.ts. Checked-feature note at docs/features/checked/web/release-investigation-routes.md. | Developer (FE) |
## Decisions & Risks
- Decision: disconnected timeline, deploy-diff, and change-trace flows must live under the canonical Releases product.
- Risk: the old timeline route duplicates a shipped run-tab path and cannot be re-mounted blindly.
- Mitigation: freeze the URL contract first and require an explicit absorb-vs-secondary-route decision before implementation.
- Decision (FE-URI-001): Timeline mounted as bounded-secondary-route at /releases/investigation/timeline. Rationale: the investigation timeline is a correlation-based tool (keyed by correlationId, spans multiple services) that is conceptually different from the run workspace timeline tab (keyed by runId, shows execution flow). Absorbing would force two distinct UIs into one component. The /releases/investigation/ prefix clearly signals these are cross-cutting analysis tools, not run-specific tabs.
- Deliberately excluded: the old standalone /timeline top-level route is not revived; users access investigation timeline through the Releases shell.
## Next Checkpoints
- 2026-03-09: release-investigation URL contract frozen.
- 2026-03-11: route-integration criteria agreed.

92
docs/implplan/SPRINT_20260308_023_FE_unreachable_registry_admin_route.md
View File

@@ -1,92 +0,0 @@
# Sprint 20260308-023 - FE Unreachable Registry Admin Route
## Topic & Scope
- Reconnect the disconnected registry-admin route family under the canonical integration hub.
- Mount the route as an integration-management capability instead of reviving a standalone registry-admin product branch.
- Keep the scope to route ownership, host placement, entry points, and usable list or editor flows inside the canonical Integrations shell.
- Working directory: `src/Web/StellaOps.Web`.
- Allowed coordination edits: `docs/modules/ui/orphan-revival-batch/README.md`, `docs/modules/ui/TASKS.md`, `docs/modules/ui/implementation_plan.md`, `docs/features/checked/web/`, `src/Web/StellaOps.Web/src/app/features/integration-hub/integration-hub.routes.ts`, `src/Web/StellaOps.Web/src/app/features/registry-admin/`, and mounted integration-hub host components that expose entry points or overview cards.
- Expected evidence: route-focused Angular tests, one checked-feature note, and sprint execution-log updates.
## Dependencies & Concurrency
- Hard dependency inside the orphan revival batch: none.
- External prerequisite already satisfied: the integration hub is already canonical and mounted under both Ops and Setup ownership paths.
- Safe parallelism:
- Can run in parallel with sprints `013` through `022`.
- No other sprint in this batch owns the integration-hub route parent.
## Documentation Prerequisites
- `docs/modules/ui/orphan-revival-batch/README.md`
- `src/Web/StellaOps.Web/AGENTS.md`
- `src/Web/StellaOps.Web/src/app/features/integration-hub/integration-hub.routes.ts`
- `src/Web/StellaOps.Web/src/app/features/registry-admin/registry-admin.routes.ts`
## Delivery Tracker
### FE-URG-001 - Freeze canonical registry-admin placement contract
Status: DONE
Dependency: none
Owners: Developer (FE), Product Manager
Task description:
- Freeze the canonical registry-admin placement inside the integration hub, including URL shape, breadcrumb behavior, and overview entry points.
- Keep ownership inside Integrations so the feature does not become a stray top-level menu.
Completion criteria:
- [x] Canonical placement contract is recorded in the execution log.
- [x] URL ownership stays inside the integration hub.
- [x] Overview entry points and breadcrumb behavior are identified.
### FE-URG-002 - Reconnect registry-admin routes under Integrations
Status: DONE
Dependency: FE-URG-001
Owners: Developer (FE)
Task description:
- Mount the disconnected registry-admin route family inside the integration hub and make the primary plan-list, plan-editor, and audit flows reachable from canonical URLs.
Completion criteria:
- [x] Registry-admin routes are reachable from canonical Integrations-owned URLs.
- [x] The primary list, editor, and audit flows are reachable from mounted navigation or overview entry points.
- [x] There is no duplicate standalone registry-admin branch outside Integrations.
### FE-URG-003 - Wire host entry points and guardrails
Status: DONE
Dependency: FE-URG-001
Owners: Developer (FE), UX
Task description:
- Add bounded entry points from the integration overview or relevant registry pages so the reconnected routes are discoverable.
- Preserve current integration-hub navigation and context rather than dropping users into a disconnected legacy shell.
Completion criteria:
- [x] Registry-admin entry points are discoverable from mounted integration surfaces.
- [x] Navigating into registry-admin preserves integration-hub context.
- [x] Legacy duplicate navigation is not introduced.
### FE-URG-004 - Verify and document registry-admin reconnection
Status: DONE
Dependency: FE-URG-002
Owners: Test Automation, Documentation author
Task description:
- Add focused route and host-integration coverage for the reconnected registry-admin routes and document the shipped slice.
Completion criteria:
- [x] Route-focused Angular tests cover the canonical registry-admin URLs.
- [x] Checked-feature note exists under `docs/features/checked/web/`.
- [x] UI plan/task docs reflect the registry-admin reconnection.
## Execution Log
| Date (UTC) | Update | Owner |
| --- | --- | --- |
| 2026-03-08 | Sprint created from the orphan-revival batch to reconnect the disconnected registry-admin routes under the canonical Integrations shell. | Project Manager |
| 2026-03-08 | FE-URG-001: Placement contract frozen. Registry-admin mounted as child of integration-hub shell at /registry-admin. Accessible via /ops/integrations/registry-admin and /setup/integrations/registry-admin. Breadcrumb: Integrations > Registry Admin > Plans/Audit. | Developer (FE) |
| 2026-03-08 | FE-URG-002: registryAdminRoutes mounted inside integrationHubRoutes children via loadChildren, positioned before the catch-all :integrationId route. Breadcrumb and title data added to all child routes. | Developer (FE) |
| 2026-03-08 | FE-URG-003: Registry-admin is discoverable from integration hub navigation via the registry-admin child route. Integration shell context preserved since registry-admin renders inside the IntegrationShellComponent outlet. No standalone branch created. | Developer (FE) |
| 2026-03-08 | FE-URG-004: Route-focused tests created at integration-hub.routes.spec.ts. Checked-feature note at docs/features/checked/web/registry-admin-integration-routes.md. | Developer (FE) |
## Decisions & Risks
- Decision: registry-admin is treated as an integration-management capability, not as a separate product branch.
- Risk: the disconnected route family may assume a shell or breadcrumb pattern that no longer matches the current integration hub.
- Mitigation: freeze placement and entry-point rules before reconnecting the route family.
## Next Checkpoints
- 2026-03-09: registry-admin placement contract frozen.
- 2026-03-10: route-reconnection criteria agreed.

76
docs/implplan/SPRINT_20260308_024_FE_live_frontdoor_playwright_auth_and_changed_surface_recheck.md
View File

@@ -1,76 +0,0 @@
# Sprint 20260308_024 - FE Live Frontdoor Playwright Auth And Changed Surface Recheck
## Topic & Scope
- Establish a reusable Playwright path that authenticates against the real `https://stella-ops.local` front door instead of seeded in-browser stub auth.
- Recheck heavily changed web and search surfaces with that live session so defects are promoted from suspected harness noise to confirmed product failures.
- Keep the work scoped to web QA/developer iteration assets and evidence, without repo-wide automation churn.
- Working directory: `src/Web/StellaOps.Web`.
- Expected evidence: focused Playwright live-auth harness, targeted route/action verification output, sprint log updates.
## Dependencies & Concurrency
- Depends on the compose stack already being reachable at `https://stella-ops.local`.
- Safe to run in parallel with unrelated backend/search feature work as long as web route/auth contracts are not being rewritten at the same time.
- Avoid touching unrelated in-flight files from the component-revival and search-consolidation agents.
## Documentation Prerequisites
- `AGENTS.md`
- `docs/qa/feature-checks/FLOW.md`
- `docs/code-of-conduct/TESTING_PRACTICES.md`
- `devops/compose/README.md`
## Delivery Tracker
### FE-LIVE-AUTH - Add reusable real-auth Playwright entrypoint
Status: DONE
Dependency: none
Owners: QA, Developer
Task description:
- Replace ad hoc scratch probing with a reusable Playwright flow that signs into the real front door using the documented compose bootstrap account, waits for the SPA to settle, and can be reused by targeted page/action checks.
Completion criteria:
- [x] A focused live-auth helper or fixture exists under `src/Web/StellaOps.Web` and authenticates through `https://stella-ops.local/connect/authorize`.
- [x] The helper captures enough evidence to distinguish auth failures from product defects.
### FE-LIVE-CHANGED-SURFACES - Recheck changed mission-control and search surfaces with real auth
Status: DONE
Dependency: FE-LIVE-AUTH
Owners: QA
Task description:
- Use the real-auth browser path to recheck mission-control and search-adjacent surfaces that were rebuilt this turn, including degraded banners, route fallbacks, dead actions, and request failures that survive a genuine session.
Completion criteria:
- [x] Focused Playwright evidence exists for mission-control board plus changed search-related surfaces.
- [x] Remaining failures are written down as confirmed defects with enough detail for implementation.
### FE-LIVE-LOG - Record findings and next fix slice
Status: DONE
Dependency: FE-LIVE-CHANGED-SURFACES
Owners: Project Manager, QA
Task description:
- Record what was verified, what failed, and which slice should be fixed next so subsequent iterations do not regress into shallow “all clear” sweeps.
Completion criteria:
- [x] Sprint execution log captures the live-auth setup and the changed-surface recheck outcome.
- [x] Decisions & Risks lists any residual blockers or assumptions.
## Execution Log
| Date (UTC) | Update | Owner |
| --- | --- | --- |
| 2026-03-08 | Sprint created to replace stub-auth probing with reusable real-auth Playwright verification against `stella-ops.local` after web and AdvisoryAI/search rebuilds. | Codex |
| 2026-03-08 | Added reusable live-auth and changed-surface Playwright helpers under `src/Web/StellaOps.Web/scripts`, using the real Authority login flow and persisted session storage evidence so browser verification no longer depends on stub auth. | Codex |
| 2026-03-08 | Refined the changed-surface sweep to exercise real page actions: mission-board navigation, registry-admin audit-tab routing, Evidence Threads PURL search/empty-result flow, and missing-detail/back-navigation handling. | Codex |
| 2026-03-08 | Refreshed live evidence after the auth and contract fixes: mission-control, advisories/VEX, policy overview, Evidence Threads, timeline, deploy diff guard state, change trace, and registry-admin routes now complete without confirmed frontdoor defects in the scoped sweep. | Codex |
| 2026-03-11 | Reused the live-auth path after a full scratch rebuild and reran the canonical frontdoor sweep on the fresh stack; authenticated route coverage passed `111/111`, proving the rebuilt environment was stable enough for deeper action verification instead of only presence checks. | Codex |
| 2026-03-11 | Investigated fresh-stack action failures on mission-control and ops/policy and confirmed they were Playwright harness false positives, not product regressions: the pages lazy-rendered valid controls after the original selectors/timing windows had already declared failure. Hardened the sweeps with bounded element waits and product-specific selector disambiguation, then reran both slices cleanly with `0` failed actions and `0` runtime issues. | Codex |
## Decisions & Risks
- Current scratch probes proved the compose bootstrap Authority account exists and can reach the real `/connect/authorize` login page, but they are too ad hoc for sustained iteration.
- `net::ERR_ABORTED` during the authorize redirect is expected browser navigation churn and is captured separately from product failures in the live-auth report.
- The changed-surface harness needed product-aware checks to avoid false negatives: registry-admin is identified by its workspace heading rather than the surrounding Integrations shell heading; Evidence Threads is PURL-driven and must be exercised through search plus missing-detail guard flows instead of phantom row clicks; deploy diff without digests is a guarded state, not a broken route.
- The compose demo stack currently exposes no seeded EvidenceLocker thread rows, so the live browser pass covers empty-result and missing-detail flows while positive-path detail normalization remains covered by focused frontend tests.
- If the real auth/session flow changes under parallel agent work, the live-auth helper must be updated instead of falling back to stub auth.
- Decision: live Playwright sweeps for cold-loaded pages must poll for expected controls within bounded time and prefer product-specific href disambiguation over generic first-match selectors, otherwise QA will mislabel lazy-rendered routes as product defects.
## Next Checkpoints
- Carry the same real-auth Playwright path into the next page/action iteration instead of regressing into status-code sweeps.
- Promote any newly confirmed failures into the next narrow implementation sprint.

89
docs/implplan/SPRINT_20260308_025_FE_live_contract_alignment_for_timeline_evidence_and_registry.md
View File

@@ -1,89 +0,0 @@
# Sprint 20260308_025 - FE Live Contract Alignment For Timeline Evidence And Registry
## Topic & Scope
- Repair the confirmed live defects from the real authenticated Playwright pass on `https://stella-ops.local`.
- Realign revived web surfaces to the contracts that actually ship today instead of preserving stale UI assumptions.
- Keep the implementation centered in `src/Web/StellaOps.Web` while allowing the minimal Authority, Router, and compose edits needed to make the live stack authorize and route correctly.
- Working directory: `src/Web/StellaOps.Web`.
- Allowed coordination edits: `src/Authority/**`, `src/Router/**`, `devops/compose/**`, `docs/features/checked/web/**`, `docs/contracts/**`, and the live-auth sprint log in `docs/implplan/SPRINT_20260308_024_FE_live_frontdoor_playwright_auth_and_changed_surface_recheck.md`.
- Expected evidence: focused Angular/unit coverage, targeted rebuilds, live Playwright rechecks, and sprint execution-log updates.
## Dependencies & Concurrency
- Depends on Sprint `20260308_024` live-auth findings and evidence artifacts.
- Safe to run in parallel with search improvements as long as the shared frontdoor auth helper remains intact.
- Avoid unrelated revived-component files outside the touched route families.
## Documentation Prerequisites
- `AGENTS.md`
- `docs/qa/feature-checks/FLOW.md`
- `docs/contracts/artifact-canonical-record-v1.md`
- `docs/implplan/SPRINT_20260308_021_FE_unreachable_evidence_thread_and_persona_workspaces_routes.md`
- `src/Registry/AGENTS.md`
## Delivery Tracker
### FE-LCA-001 - Fix investigation timeline runtime contract
Status: DONE
Dependency: none
Owners: Developer (FE), QA
Task description:
- Repair the `Timeline` page runtime error caused by an incomplete standalone component import set and add focused regression coverage so the same break cannot silently return in future route revivals.
Completion criteria:
- [x] `/releases/investigation/timeline` renders without Angular Material runtime errors.
- [x] Focused test coverage exists for the filter component import/runtime path.
### FE-LCA-002 - Realign Evidence Threads UI to the canonical EvidenceLocker API
Status: DONE
Dependency: FE-LCA-001
Owners: Product Manager, Developer (FE), Documentation author
Task description:
- Replace the stale revived evidence-thread browser assumptions with the real shipped EvidenceLocker contract: PURL-based list lookup and canonical-id detail records.
- Remove or replace unsupported UI actions so the route exposes only functionality backed by the live product.
Completion criteria:
- [x] `/evidence/threads` works against `/api/v1/evidence/thread` without console errors.
- [x] Evidence-thread detail routes handle missing and found canonical records without runtime failures.
- [x] Feature/docs notes are updated to describe the actual supported evidence-thread behavior.
### FE-LCA-003 - Make Registry Admin routable and authorized from the live frontdoor
Status: DONE
Dependency: FE-LCA-001
Owners: Developer (FE), Developer (Authority), Developer (Router)
Task description:
- Add the missing frontdoor route specificity for registry admin and align the authority/UI scope contract so admin users can actually reach the plan endpoints from the browser session used by the console.
Completion criteria:
- [x] `/api/admin/plans*` is routed to `registry-token` ahead of the generic platform `/api/admin` mapping.
- [x] The live `stella-ops-ui` auth path can request and receive `registry.admin`.
- [x] `/ops/integrations/registry-admin` and `/ops/integrations/registry-admin/audit` render their intended workspace without 404/403 failures.
### FE-LCA-004 - Rebuild and rerun live Playwright verification
Status: DONE
Dependency: FE-LCA-002
Owners: QA, Test Automation
Task description:
- Rebuild the touched web and auth/router surfaces, refresh the live stack, and rerun the real frontdoor Playwright checks for the repaired routes before marking this slice done.
Completion criteria:
- [x] Focused builds/tests pass for the touched modules.
- [x] Live Playwright evidence is refreshed for timeline, evidence threads, and registry admin.
- [x] Residual defects, if any, are logged instead of waved through.
## Execution Log
| Date (UTC) | Update | Owner |
| --- | --- | --- |
| 2026-03-08 | Sprint created from live Playwright findings: timeline runtime failure, evidence-thread contract drift, and registry-admin gateway/auth drift. | Codex |
| 2026-03-08 | Fixed the timeline runtime import gap, rewired Evidence Threads to the shipped EvidenceLocker PURL/canonical-id contract, and refreshed the focused frontend coverage around the list/view/service behavior. | Codex |
| 2026-03-08 | Added the missing `registry.admin` Authority scope, durable bootstrap-client reconciliation, frontdoor route specificity for `/api/admin/plans*`, and fresh-database seed coverage so the from-scratch stack converges without manual Authority patches. | Codex |
| 2026-03-08 | Rebuilt the web bundle, rebuilt the Authority image, refreshed the live stack, and reran the real frontdoor Playwright sweep. Timeline, Evidence Threads, Registry Admin, Registry Audit, and the adjacent changed surfaces are clean in the refreshed live evidence. | Codex |
## Decisions & Risks
- Evidence Threads will be aligned to the shipped EvidenceLocker API rather than preserving the revived but unsupported graph/transcript/export assumptions.
- Registry Admin is not a frontend-only defect: live evidence shows both gateway routing drift and missing UI token scope coverage.
- The `registry.admin` scope defect required an actual Authority image rebuild because the compose service is image-based, not source-mounted. Restarting the old container was insufficient even after the code/config changes landed.
- The compose demo stack currently exposes no seeded EvidenceLocker rows, so live browser verification covers the supported search, empty-result, missing-detail, and back-navigation flows while positive-path detail normalization remains covered by focused frontend tests.
## Next Checkpoints
- Continue the next page/action iteration with the same real-auth Playwright path.
- Treat any newly discovered route/action defect as a fresh narrow implementation slice instead of expanding this sprint.

69
docs/implplan/SPRINT_20260308_026_FE_live_releases_deployments_route_and_action_repair.md
View File

@@ -1,69 +0,0 @@
# Sprint 20260308-026 - FE Live Releases Deployments Route And Action Repair
## Topic & Scope
- Repair the canonical `/releases/deployments` subtree so deployment detail routes render under the Releases shell instead of falling through to unrelated fallback content.
- Remove or replace dead actions inside the currently mounted deployment history/detail surfaces so visible UI affordances are either functional or explicitly not presented.
- Keep the repair inside the active Web shell and document the live contract boundary while the legacy deployment API remains unavailable.
- Working directory: `src/Web/StellaOps.Web`.
- Allowed coordination edits: `docs/features/checked/web/`, `docs/modules/ui/orphan-revival-batch/README.md`, `docs/modules/ui/TASKS.md`, `src/Web/StellaOps.Web/src/app/routes/releases.routes.ts`, `src/Web/StellaOps.Web/src/app/features/deployments/`, `src/Web/StellaOps.Web/scripts/`.
- Expected evidence: targeted Angular coverage, rebuilt web bundle synced to the compose frontdoor volume, and live Playwright verification against `https://stella-ops.local`.
## Dependencies & Concurrency
- Depends on the current Releases shell remaining canonical for deployment history under `/releases`.
- Safe parallelism: avoid unrelated search, package, and setup areas; keep edits limited to the releases route tree and `features/deployments`.
## Documentation Prerequisites
- `src/Web/StellaOps.Web/AGENTS.md`
- `docs/modules/platform/architecture-overview.md`
- `docs/technical/architecture/console-admin-rbac.md`
- `docs/technical/architecture/console-branding.md`
- `docs/modules/ui/orphan-revival-batch/README.md`
- `docs/features/checked/web/deployment-monitoring-ui.md`
- `docs/features/checked/web/deployment-detail-with-workflow-dag-visualization.md`
## Delivery Tracker
### FE-LIVE-DEP-001 - Reconnect canonical Releases deployment detail routing
Status: DONE
Dependency: none
Owners: Developer (FE), QA
Task description:
- Mount the full deployments route tree under `/releases/deployments` so detail URLs resolve inside the canonical Releases shell.
- Verify that the deployment list no longer links to unreachable routes or invalid release-version URLs.
Completion criteria:
- [x] `/releases/deployments/:deploymentId` renders the deployment detail workspace instead of fallback content.
- [x] Deployment list actions do not point at non-existent `/releases/:version` routes.
- [x] Route-focused regression coverage exists for the canonical Releases mount.
### FE-LIVE-DEP-002 - Make deployment detail actions functional or remove them
Status: DONE
Dependency: FE-LIVE-DEP-001
Owners: Developer (FE), Product Manager
Task description:
- Replace console-log-only deployment detail actions with real operator flows where safe, and remove misleading actions where no live contract exists yet.
- Keep the detail workspace internally consistent in the canonical `/releases` host even while the legacy deployment API remains unavailable.
Completion criteria:
- [x] Visible deployment detail actions either navigate/download/copy successfully or are no longer shown.
- [x] Legacy `/deployments` path assumptions are removed from the mounted detail workspace.
- [x] Checked-feature documentation records the repaired live contract and any intentionally deferred capability.
## Execution Log
| Date (UTC) | Update | Owner |
| --- | --- | --- |
| 2026-03-08 | Sprint created after live Playwright found `/releases/deployments/:deploymentId` falling through to fallback content and the deployment list generating dead release links. | Developer (FE) |
| 2026-03-08 | Re-mounted `/releases/deployments` as the full lazy route tree, removed dead release-version anchors from the list surface, and added route/list regression coverage. | Developer (FE) |
| 2026-03-08 | Replaced console-log-only detail actions with real evidence-tab, replay, proof-chain, artifact, and log flows; removed rollback from the mounted UI because the live deployment operate API is still absent. | Developer (FE) |
| 2026-03-08 | Verified targeted Angular coverage (`15/15`), rebuilt the web bundle, synced `dist/stellaops-web/browser` into `compose_console-dist`, and passed the live Playwright regression script `scripts/live-releases-deployments-check.mjs` against `https://stella-ops.local`. | QA |
## Decisions & Risks
- Decision: keep the current deployment detail workspace as a bounded, read-only `/releases/deployments/:deploymentId` surface because the Releases shell still owns deployment history, but avoid implying live operate/rollback contracts that the backend does not currently provide.
- Risk: the legacy deployment HTTP API (`/api/v1/release-orchestrator/deployments`) is currently unavailable in the live stack, so this sprint must avoid binding visible routes to dead backend contracts.
- Mitigation: repair route ownership first, then keep the detail page honest about which actions are available in the current canonical host.
- Decision: `Open Evidence` now focuses the local evidence tab, while evidence/proof-chain hand-offs route to canonical `/evidence/capsules` and `/evidence/proofs` entry points instead of fabricating a capsule-detail deep link that may not exist in live data.
- Decision: the evidence workspace and proof-chain links preserve `returnTo` so operators can jump back to the deployment detail route without losing the canonical Releases host.
## Next Checkpoints
- 2026-03-08: route tree reconnected and live detail render verified.
- 2026-03-08: detail actions rechecked with Playwright after bundle sync.

145
docs/implplan/SPRINT_20260308_026_FE_settings_information_architecture_rationalization.md
View File

@@ -1,145 +0,0 @@
# Sprint 20260308_026 - FE Settings Information Architecture Rationalization
## Topic & Scope
- Rationalize the current `/settings/*` tree so it becomes a truthful personal-settings surface instead of a mixed bucket of user preferences, admin consoles, setup pages, and redirect shims.
- Preserve backward compatibility for existing links through explicit redirects where needed, but move ownership and discoverability back to the correct shells.
- Treat this as a UX-first IA rewrite with detailed implementation sequencing, not as a shallow route rename.
- Working directory: `src/Web/StellaOps.Web`.
- Allowed coordination edits: `docs/modules/ui/TASKS.md`, `docs/modules/ui/implementation_plan.md`, `src/Web/StellaOps.Web/src/app/features/settings/**`, `src/Web/StellaOps.Web/src/app/core/navigation/navigation.config.ts`, relevant canonical owner routes under `src/Web/StellaOps.Web/src/app/routes/**`, and checked-feature/docs output under `docs/features/checked/web/` plus `docs/modules/ui/**`.
- Expected evidence: route inventory, IA contract, Angular route/nav tests, UX verification notes, and execution-log updates.
## Dependencies & Concurrency
- Depends on the current route inventory and the review that classified settings leaves into personal, admin/setup, and alias buckets.
- Should not run in parallel with other routing rewrites that touch `settings.routes.ts`, user-menu navigation, or canonical Setup/Admin ownership paths.
- Safe parallelism: pure shared-component derivation sprints can proceed in parallel if they do not edit settings routes or settings host templates.
## Documentation Prerequisites
- `AGENTS.md`
- `docs/modules/ui/AGENTS.md`
- `docs/modules/ui/architecture.md`
- `src/Web/StellaOps.Web/AGENTS.md`
- `src/Web/StellaOps.Web/src/app/features/settings/settings.routes.ts`
- `src/Web/StellaOps.Web/src/app/core/navigation/navigation.config.ts`
## Delivery Tracker
### FE-SETIA-001 - Audit and classify every settings route
Status: DONE
Dependency: none
Owners: Product Manager, Developer (FE)
Task description:
- Produce the source-of-truth route inventory for every child of `/settings`, classifying each leaf as one of: personal preference, admin or tenant configuration, canonical-owner alias, or dead wrapper.
- Capture whether each leaf is already visible somewhere else in the product, whether it overlaps an existing page, and whether its current label truthfully matches what the page actually does.
Completion criteria:
- [x] Every mounted `/settings/*` route is classified into a single ownership bucket.
- [x] Existing visible entry points outside Settings are identified for admin/setup leaves.
- [x] Duplicate or misleading leaves are called out explicitly before implementation begins.
### FE-SETIA-002 - Freeze the target IA and backward-compatibility contract
Status: DONE
Dependency: FE-SETIA-001
Owners: Product Manager, UX
Task description:
- Define the target contract for Settings so the shell only owns true personal preferences, while admin, tenant, policy, trust, and operations configuration live under their canonical Setup, Ops, or Console Admin owners.
- Decide which current URLs remain as redirects, which URLs are removed entirely, and which labels need to change for operator clarity.
Completion criteria:
- [x] A final ownership decision exists for each current settings leaf.
- [x] Redirect-vs-removal behavior is defined for every legacy or misleading route.
- [x] The target IA is concise enough to explain in one operator-facing diagram or note.
### FE-SETIA-003 - Build the personal-settings shell and navigation model
Status: DONE
Dependency: FE-SETIA-002
Owners: UX, Developer (FE)
Task description:
- Redesign the Settings shell around personal preferences only, with explicit sections such as Appearance, Language, Assistant, and Navigation/Layout.
- Replace the current "global sidebar owns navigation" fiction with either an in-page settings nav or a sectioned preferences page that is visibly self-contained and understandable.
Completion criteria:
- [x] The Settings shell has a truthful navigation model for personal preferences.
- [x] The shell works on desktop and mobile without relying on hidden URL-only leaves.
- [x] User-menu entry points land in a settings experience that is obviously personal, not administrative.
### FE-SETIA-004 - Merge overlapping personal preference leaves
Status: DONE
Dependency: FE-SETIA-003
Owners: Developer (FE), UX
Task description:
- Consolidate `language` and any other overlapping preference leaves into the primary User Preferences experience so personal settings are not split across near-duplicate pages.
- Preserve deep-link compatibility with redirects or anchored sections where helpful, but remove duplicate editing surfaces.
Completion criteria:
- [x] Language preferences are owned by the personal settings experience instead of a duplicate page.
- [x] Duplicate personal-preference pages are removed or converted into thin redirects.
- [x] Preference-saving behavior remains intact after the merge.
### FE-SETIA-005 - Rehome admin, tenant, and operations configuration leaves
Status: DONE
Dependency: FE-SETIA-002
Owners: Developer (FE), Product Manager
Task description:
- Move or redirect `integrations`, `admin`, `branding`, `notifications`, `usage`, `system`, `security-data`, `identity-providers`, `policy`, `offline`, and related leaves to their correct canonical owners.
- Ensure these pages are discoverable from the correct Setup/Ops/Admin entry points instead of surviving only as hidden Settings URLs.
Completion criteria:
- [x] Admin/setup leaves no longer present themselves as user settings.
- [x] Canonical owner routes expose visible entry points for the rehomed capabilities.
- [x] Legacy `/settings/*` bookmarks still resolve through controlled redirects where required.
### FE-SETIA-006 - Remove or collapse wrapper and alias-only settings pages
Status: DONE
Dependency: FE-SETIA-005
Owners: Developer (FE)
Task description:
- Delete or collapse any settings pages that only exist as wrapper launchpads into other shells and do not provide independent value.
- Keep the compatibility surface focused on redirects, not on maintaining duplicate shells with duplicated copy.
Completion criteria:
- [x] Alias-only settings pages are reduced to redirects or removed.
- [x] No standalone wrapper remains if its only action is to link elsewhere.
- [x] Route ownership becomes obvious from the code tree.
### FE-SETIA-007 - Add focused route, nav, and UX regression coverage
Status: DONE
Dependency: FE-SETIA-004
Owners: Test Automation, Developer (FE)
Task description:
- Add regression coverage for the new Settings IA, including user-menu entry, redirected legacy URLs, and canonical owner entry points for rehomed admin/setup pages.
- Include tests that prove hidden pages are now either visible from the right place or intentionally redirected.
Completion criteria:
- [x] Angular route/nav tests cover the new personal settings shell and key redirects.
- [x] Regression coverage exists for at least the current user-menu entry plus representative admin/setup redirects.
- [x] Known IA edge cases are documented in the sprint log or feature note.
### FE-SETIA-008 - Sync docs and ship the IA decision
Status: DONE
Dependency: FE-SETIA-007
Owners: Documentation author, Project Manager
Task description:
- Record the final Settings IA contract in the UI docs, update the UI task board and implementation plan, and add a checked-feature note once the implementation ships.
- Ensure future dead-code or preservation reviews have a truthful owner map for Settings.
Completion criteria:
- [x] UI docs reflect the final Settings ownership model.
- [x] UI task/plan docs reference the shipped IA.
- [x] A checked-feature note exists for the implemented settings rationalization.
## Execution Log
| Date (UTC) | Update | Owner |
| --- | --- | --- |
| 2026-03-08 | Sprint created to rationalize Settings into a truthful personal-preferences surface and rehome admin/setup leaves to their canonical owners. | Codex |
| 2026-03-08 | All tasks DONE. Audited 20 settings child routes and classified into 3 personal-preference, 11 admin/tenant-config, and 6 ops/wrapper buckets. Settings default changed from Integrations to User Preferences. 14 admin/ops leaves converted to redirects pointing at their canonical owners (administration, setup, ops). Language merged into user-preferences via redirect. Identity-providers rehomed from settings to administration as canonical owner. Navigation config updated. 22 new route tests added. All 35 settings+trust tests pass. Build clean. | Developer (FE) |
## Decisions & Risks
- Current risk: the existing Settings shell mixes user preferences with admin/setup pages, making most leaves either URL-only or misleadingly named.
- UX principle: Settings must answer "what can I personalize for myself?" while Setup/Admin answer "what do I configure for the installation or tenant?"
- Compatibility risk: old bookmarks may point to `/settings/*` admin leaves; mitigate with explicit redirects and route tests instead of duplicate shells.
- Decision: `/administration/identity-providers` now loads the component directly instead of redirecting back to `/settings/identity-providers`, breaking the redirect loop.
- Decision: Settings default route changed from Integrations to User Preferences, which is the correct personal-settings landing page.
- Decision: `release-control` and `configuration-pane` wrapper pages converted to redirects to their canonical setup/ops owners since they only linked elsewhere.
## Next Checkpoints
- Archived. All tasks shipped.

95
docs/implplan/SPRINT_20260308_027_FE_page_header_context_header_derivation.md
View File

@@ -1,95 +0,0 @@
# Sprint 20260308_027 - FE Page Header To Context Header Derivation
## Topic & Scope
- Replace the unused generic `PageHeaderComponent` with a stronger canonical header pattern derived from the already-mounted `ContextHeaderComponent`.
- Improve operator UX by standardizing title, eyebrow, chips, return action, contextual note, and header actions across admin and setup surfaces.
- Keep this sprint focused on header semantics, layout, and adoption, not on broader page redesign.
- Working directory: `src/Web/StellaOps.Web`.
- Allowed coordination edits: `docs/modules/ui/TASKS.md`, `docs/modules/ui/implementation_plan.md`, `src/Web/StellaOps.Web/src/app/shared/ui/**`, target mounted pages that adopt the header, and checked-feature/docs output under `docs/features/checked/web/` plus `docs/modules/ui/**`.
- Expected evidence: shared-header contract, focused component tests, adopted target pages, and docs updates.
## Dependencies & Concurrency
- Depends on the current shared-UI inventory and the existence of mounted `ContextHeaderComponent` usage in Watchlist, Reachability, Workflow Replay, and Policy shells.
- Safe parallelism: may run in parallel with settings IA work if it avoids editing `settings.routes.ts`; coordinate carefully if Settings adopts the derived header.
## Documentation Prerequisites
- `docs/modules/ui/architecture.md`
- `src/Web/StellaOps.Web/src/app/shared/ui/page-header/page-header.component.ts`
- `src/Web/StellaOps.Web/src/app/shared/ui/context-header/context-header.component.ts`
## Delivery Tracker
### FE-PHD-001 - Freeze the canonical header contract
Status: DONE
Dependency: none
Owners: UX, Developer (FE)
Task description:
- Compare `PageHeaderComponent` against the mounted `ContextHeaderComponent` and define the single canonical header contract the product should keep.
- Document which capabilities remain mandatory: contextual eyebrow, chips, back action, action slot strategy, supportive note, and responsive stacking behavior.
Completion criteria:
- [x] A single canonical header API is defined.
- [x] Unused or redundant `PageHeaderComponent` behavior is either absorbed or rejected explicitly.
- [x] Header semantics are described in UX terms, not only implementation terms.
### FE-PHD-002 - Derive the reusable header primitive
Status: DONE
Dependency: FE-PHD-001
Owners: Developer (FE)
Task description:
- Extend or refine the canonical header primitive so it can serve the pages that previously would have used the generic page header without regressing the richer contextual flows.
- Keep the API small and expressive; avoid two near-identical shared header components.
Completion criteria:
- [x] The canonical header primitive supports the required title, metadata, and action variants.
- [x] `PageHeaderComponent` is either removed or reduced to a compatibility wrapper with a clear migration path.
- [x] Header behavior remains responsive and accessible.
### FE-PHD-003 - Adopt the derived header on target pages
Status: DONE
Dependency: FE-PHD-002
Owners: Developer (FE), UX
Task description:
- Adopt the derived header on carefully chosen mounted surfaces that currently rely on ad hoc title/subtitle/action markup, prioritizing pages that need contextual clarity.
- Use adoption to prove the pattern works for both dense operator surfaces and simpler settings/admin pages.
Completion criteria:
- [x] At least one simple settings/admin page and one richer operational page adopt the derived header pattern.
- [x] Repeated header markup is removed from adopted surfaces.
- [x] The adopted pages gain clearer context and action placement.
### FE-PHD-004 - Verify, document, and retire the orphan path
Status: DONE
Dependency: FE-PHD-003
Owners: Test Automation, Documentation author
Task description:
- Add focused tests for the canonical header behavior and record the derivation decision in UI docs so future reviews treat the old generic header as intentionally superseded.
Completion criteria:
- [x] Component or host tests cover the canonical header behavior.
- [x] UI docs explain the header derivation and adoption targets.
- [x] The old orphan path is no longer ambiguous in the shared inventory.
## Execution Log
| Date (UTC) | Update | Owner |
| --- | --- | --- |
| 2026-03-08 | Sprint created to derive the unused generic page header into the mounted context-header pattern and adopt one canonical header primitive. | Codex |
| 2026-03-08 | FE-PHD-001: Frozen the canonical header contract. `ContextHeaderComponent` is the single canonical header. `PageHeaderComponent` had only title, subtitle, and action slots; all useful bits absorbed. Canonical API: title (required), eyebrow (optional), subtitle (optional), contextNote (optional), chips (optional status indicators), backLabel+backClick (optional return action), headingLevel (1/2/3 for semantic HTML), testId (optional), header-actions content projection slot. | Developer (FE) |
| 2026-03-08 | FE-PHD-002: Enhanced `ContextHeaderComponent` with configurable heading level (h1/h2/h3), testId, arrow in return button, ARIA labels on return button and chip list, JSDoc on all inputs. `PageHeaderComponent` reduced to deprecated compatibility wrapper delegating to `ContextHeaderComponent`. | Developer (FE) |
| 2026-03-08 | FE-PHD-003: Adopted canonical header on 4 target pages: `RegistryAdminComponent` (admin/setup page), `PackRegistryBrowserComponent` (operational page), `DeadLetterDashboardComponent` (operational page), `OfflineKitComponent` (operational page). Removed repeated ad-hoc header markup from all 4. Each page now has eyebrow breadcrumb, consistent subtitle, and projected actions via the shared header. | Developer (FE) |
| 2026-03-08 | FE-PHD-004: Added 15 focused component tests covering title rendering, eyebrow/subtitle display, chips with ARIA roles, back action behavior, action slot projection, heading level configurability (h1/h2/h3), testId attribute, and responsive layout structure. All 15 pass. Updated sprint and docs. Marked `PageHeaderComponent` as deprecated in the shared index. | Test Automation |
| 2026-03-08 | Post-integration hardening: widened `ContextHeaderComponent` action-slot projection to accept legacy `primary-actions` and `secondary-actions` selectors, and added a dedicated `PageHeaderComponent` compatibility spec so wrapper behavior is now explicitly verified instead of assumed. | Developer (FE) |
## Decisions & Risks
- **Decision: Single canonical header.** `ContextHeaderComponent` is the sole canonical header primitive. `PageHeaderComponent` is deprecated to a thin compatibility wrapper.
- **Decision: Heading level configurability.** Added `headingLevel` input (1, 2, or 3) to support pages nested inside shells that already provide an h1. Default remains h1.
- **Decision: Back button arrow.** Added a left arrow indicator to the return button for improved affordance and accessibility.
- **Decision: testId support.** Added `testId` input that maps to `data-testid` on the header element for Playwright/test targeting.
- **Decision: Adopted pages.** Registry Admin (admin/setup), Pack Registry Browser (operational), Dead-Letter Dashboard (operational), Offline Kit (operational). These four prove the pattern works across both simple admin and richer operational surfaces.
- **Decision: Compatibility selectors remain supported.** `ContextHeaderComponent` now accepts `[header-actions]`, `[secondary-actions]`, and `[primary-actions]` in its projection slot so the deprecated wrapper continues to behave correctly during migration.
- Risk: overfitting the header API to too many page variants could make the primitive hard to use.
- Mitigation: validated the API on a bounded 4-page adoption set. Future rollout should proceed incrementally.
## Next Checkpoints
- Broader rollout of canonical header to remaining pages with ad-hoc headers (not scoped to this sprint).
- Eventual removal of `PageHeaderComponent` once no references remain.

118
docs/implplan/SPRINT_20260308_028_FE_metric_card_dashboard_card_derivation.md
View File

@@ -1,118 +0,0 @@
# Sprint 20260308_028 - FE Metric Card Dashboard Derivation
## Topic & Scope
- Derive the unused `MetricCardComponent` into a truthful canonical KPI card pattern for mounted ops, admin, quota, and system dashboards.
- Improve UX by standardizing deltas, directional semantics, health coloring, and supporting context instead of leaving each dashboard to invent its own card shape.
- Keep scope to KPI card behavior and adoption, not entire dashboard rewrites.
- Working directory: `src/Web/StellaOps.Web`.
- Allowed coordination edits: `docs/modules/ui/TASKS.md`, `docs/modules/ui/implementation_plan.md`, shared UI card primitives, selected dashboard hosts, and checked-feature/docs output under `docs/features/checked/web/` plus `docs/modules/ui/**`.
- Expected evidence: canonical KPI card contract, bounded adoption set, focused tests, and docs updates.
## Dependencies & Concurrency
- Depends on the mounted overview surfaces already present across Operations, Administration, Usage, System, and related overview pages.
- Safe parallelism: may run alongside settings IA work if adoptions do not edit the same settings-owned templates; coordinate if Usage/System pages are part of both efforts.
## Documentation Prerequisites
- `docs/modules/ui/architecture.md`
- `src/Web/StellaOps.Web/src/app/shared/ui/metric-card/metric-card.component.ts`
- Mounted dashboard or overview pages chosen for adoption
## Delivery Tracker
### FE-MCD-001 - Freeze KPI semantics and visual rules
Status: DONE
Dependency: none
Owners: UX, Product Manager
Task description:
- Define what a canonical StellaOps KPI card must communicate: label, value, unit, trend/delta, severity or health state, supporting subtitle, and empty/loading/error behaviors.
- Decide when positive deltas are good vs bad, so the shared component does not encode misleading green/red assumptions.
Completion criteria:
- [x] KPI card semantic fields are explicitly defined.
- [x] Delta direction rules are documented for operational contexts where "higher" can be either good or bad.
- [x] The visual contract includes empty/loading/error states where needed.
**Frozen semantic model:**
| Field | Type | Required | Description |
|---|---|---|---|
| `label` | `string` | yes | Metric name, displayed uppercase |
| `value` | `string \| number` | yes | Current metric value |
| `unit` | `string` | no | Display unit (ms, %, /hr, GB, etc.) |
| `delta` | `number` | no | Percentage change; sign determines arrow |
| `deltaDirection` | `'up-is-good' \| 'up-is-bad' \| 'neutral'` | no (default: `up-is-good`) | Controls green/red semantics |
| `severity` | `'healthy' \| 'warning' \| 'critical' \| 'unknown'` | no | Left-border accent color |
| `subtitle` | `string` | no | Supporting context line below value |
| `loading` | `boolean` | no | Skeleton placeholder state |
| `empty` | `boolean` | no | No-data state (shows `--`) |
| `error` | `string` | no | Error message state (shows `--` + message) |
**Delta direction rules:**
- `up-is-good`: uptime, throughput, scan completion, healthy service count, feedback score
- `up-is-bad`: error rate, latency, vulnerability count, failure count, zero-result rate
- `neutral`: informational metrics without value judgment (total count, signal volume)
### FE-MCD-002 - Derive the shared KPI card primitive
Status: DONE
Dependency: FE-MCD-001
Owners: Developer (FE)
Task description:
- Rework the current `MetricCardComponent` into the canonical dashboard card pattern with the agreed semantics, layout, and accessibility behavior.
- Keep the API reusable across quota, health, system, and admin overview surfaces without requiring ad hoc wrappers.
Completion criteria:
- [x] The shared KPI card supports the agreed semantic model.
- [x] Directional styling does not assume all positive movement is good.
- [x] The component is accessible and responsive in dense dashboard grids.
### FE-MCD-003 - Adopt the derived KPI card on representative dashboards
Status: DONE
Dependency: FE-MCD-002
Owners: Developer (FE), UX
Task description:
- Adopt the new KPI card on a representative mix of mounted dashboard pages so the shared primitive proves itself in real product surfaces.
- Prioritize pages with repeated bespoke KPI tiles or weak visual consistency.
Completion criteria:
- [x] A bounded set of mounted dashboard pages use the shared KPI card.
- [x] Repeated bespoke KPI tile markup is reduced on adopted surfaces.
- [x] The adopted dashboards present clearer health/trend information.
**Adopted surfaces (3):**
1. `signals-runtime-dashboard.component.ts` - 3 bespoke metric articles replaced with `<app-metric-card>`
2. `search-quality-dashboard.component.ts` - 4 bespoke metric divs replaced with `<app-metric-card>`
3. `delivery-analytics.component.ts` - 5 of 6 bespoke metric divs replaced with `<app-metric-card>` (success-rate card kept bespoke due to specialized progress bar)
### FE-MCD-004 - Verify and document the derivation
Status: DONE
Dependency: FE-MCD-003
Owners: Test Automation, Documentation author
Task description:
- Add focused component or host tests for semantic delta handling and document the shared KPI-card contract in the UI docs.
Completion criteria:
- [x] Tests cover the critical semantic cases for delta and state rendering.
- [x] Docs record the adopted KPI-card contract and target surfaces.
- [x] Future audits can classify the old unused component as intentionally derived, not forgotten.
**Test evidence:** 40 tests pass covering normal rendering, delta direction semantics (up-is-good, up-is-bad, neutral), loading/empty/error states, severity accents, and ARIA accessibility.
## Execution Log
| Date (UTC) | Update | Owner |
| --- | --- | --- |
| 2026-03-08 | Sprint created to derive the orphan metric-card into a canonical KPI card pattern for mounted dashboards and overview surfaces. | Codex |
| 2026-03-08 | FE-MCD-001: Froze KPI semantic model with 10 fields including deltaDirection and severity. Delta direction rules codified for up-is-good, up-is-bad, and neutral scenarios. | Developer (FE) |
| 2026-03-08 | FE-MCD-002: Rewrote MetricCardComponent with full semantic model, ARIA labels, loading/empty/error states, severity accents, and responsive dense-grid support. Exported DeltaDirection and MetricSeverity types from shared/ui/index.ts. | Developer (FE) |
| 2026-03-08 | FE-MCD-003: Adopted canonical card on 3 representative dashboards: signals-runtime (3 cards), search-quality (4 cards), delivery-analytics (5 cards). 12 bespoke inline tiles replaced total. | Developer (FE) |
| 2026-03-08 | FE-MCD-004: Added 40 focused tests covering all semantic cases. Build verified clean. Docs updated. | Developer (FE) |
| 2026-03-08 | Post-integration hardening: replaced non-reactive `computed()` state that was reading plain `@Input()` fields with synchronous helper methods, and added a regression spec that mutates inputs after first render to prove dashboard bindings stay current. | Developer (FE) |
## Decisions & Risks
- Key risk: dashboard metrics have different "good/bad" semantics, so a naive green-for-up, red-for-down treatment would be wrong.
- Mitigation: freeze semantic rules before component API design and test both positive-is-good and positive-is-bad cases.
- Decision: `deltaDirection` defaults to `'up-is-good'` for backward compatibility with existing callers.
- Decision: success-rate card in delivery-analytics kept bespoke because its progress bar visualization goes beyond the KPI card contract scope.
- Decision: existing `StatsCardComponent` and `StatCardComponent` are not merged in this sprint; they serve different visual patterns (trend+sparkline vs. KPI). Consolidation is a separate future sprint.
- Decision: input-derived presentation state is computed synchronously from current inputs rather than Angular signals. The card is input-driven, and helper methods keep it truthful when async dashboard data arrives after first render.
## Next Checkpoints
- All tasks DONE. Sprint ready for archive after review.

99
docs/implplan/SPRINT_20260308_029_FE_timeline_list_audit_timeline_derivation.md
View File

@@ -1,99 +0,0 @@
# Sprint 20260308_029 - FE Timeline List Audit Timeline Derivation
## Topic & Scope
- Derive the unused `TimelineListComponent` into a canonical event-stream pattern for mounted audit, evidence, release investigation, and triage chronology surfaces.
- Improve UX by standardizing chronology rendering, severity markers, timestamp treatment, and expandable contextual payloads.
- Keep scope to the timeline primitive plus bounded adoptions, not a full redesign of every evidence or run-detail screen.
- Working directory: `src/Web/StellaOps.Web`.
- Allowed coordination edits: `docs/modules/ui/TASKS.md`, `docs/modules/ui/implementation_plan.md`, shared timeline primitives, selected mounted timeline hosts, and checked-feature/docs output under `docs/features/checked/web/` plus `docs/modules/ui/**`.
- Expected evidence: canonical timeline contract, bounded adoption set, regression coverage, and docs updates.
## Dependencies & Concurrency
- Depends on the mounted evidence, release, and triage chronology surfaces already present in the product.
- Safe parallelism: may run with settings or header/card derivation work if it avoids editing the same host templates.
## Documentation Prerequisites
- `docs/modules/ui/architecture.md`
- `src/Web/StellaOps.Web/src/app/shared/ui/timeline-list/timeline-list.component.ts`
- Relevant mounted timeline/audit hosts chosen for adoption
## Delivery Tracker
### FE-TLD-001 - Freeze the canonical event model
Status: DONE
Dependency: none
Owners: UX, Product Manager
Task description:
- Define the canonical event model for StellaOps timelines, including timestamp precision, actor/source metadata, severity or event kind, optional evidence links, and empty/loading states.
- Decide where relative time, absolute time, and grouping should appear so audit and ops surfaces remain truthful and scannable.
Completion criteria:
- [x] A canonical event model exists for mounted timeline surfaces.
- [x] Rules for relative vs absolute time display are documented.
- [x] Grouping or expansion expectations are defined before implementation.
### FE-TLD-002 - Derive the shared timeline primitive
Status: DONE
Dependency: FE-TLD-001
Owners: Developer (FE)
Task description:
- Rework `TimelineListComponent` so it can serve real audit/evidence use cases: richer markers, deterministic timestamp formatting, optional metadata slots, and expandable event detail.
- Avoid keeping a toy timeline component that cannot carry actual operator evidence.
Completion criteria:
- [x] The shared timeline primitive supports the agreed event model.
- [x] Timestamp rendering is deterministic and appropriate for audit-grade surfaces.
- [x] The component supports richer detail than the current orphan implementation.
### FE-TLD-003 - Adopt the derived timeline on mounted chronology surfaces
Status: DONE
Dependency: FE-TLD-002
Owners: Developer (FE), UX
Task description:
- Adopt the derived timeline on a small set of mounted chronology surfaces where it improves consistency without flattening domain-specific meaning.
- Use the adoption set to validate both compact event streams and denser evidence timelines.
Adoption surfaces:
1. **Incident Timeline** (`features/platform-health/incident-timeline.component.ts`) - replaced bespoke inline timeline with canonical component, preserving domain-specific affected-services chips and correlated-events expandable.
2. **Audit Timeline Search** (`features/audit-log/audit-timeline-search.component.ts`) - replaced bespoke inline timeline with canonical component, preserving module/action badge rendering via content projection.
3. **Releases Activity** (`features/releases/releases-activity.component.ts`) - replaced the timeline view mode (which was rendering a table identical to the table view) with the canonical timeline, preserving lane/environment/outcome chips via content projection.
Completion criteria:
- [x] A bounded set of mounted chronology surfaces adopt the shared timeline.
- [x] Timeline UX improves on scanability and event meaning.
- [x] Domain-specific context is preserved, not lost to over-generalization.
### FE-TLD-004 - Verify and document the derivation
Status: DONE
Dependency: FE-TLD-003
Owners: Test Automation, Documentation author
Task description:
- Add focused regression coverage for timeline formatting and document the canonical timeline contract and adoption choices.
Completion criteria:
- [x] Tests cover core timeline rendering and timestamp behavior.
- [x] Docs explain where the shared timeline is appropriate and where bespoke views still make sense.
- [x] The old orphan classification becomes intentional and documented.
## Execution Log
| Date (UTC) | Update | Owner |
| --- | --- | --- |
| 2026-03-08 | Sprint created to derive the unused timeline-list into a canonical event-stream pattern for mounted audit and evidence chronologies. | Codex |
| 2026-03-08 | FE-TLD-001 DONE: Frozen canonical event model with TimelineEvent interface (id, timestamp, title, description, actor, eventKind, icon, evidenceLink, metadata, expandable). Time display rules: relative <24h, absolute UTC ISO-8601 >=24h, full ISO on tooltip. Date grouping supported. | Developer |
| 2026-03-08 | FE-TLD-002 DONE: Derived TimelineListComponent with vertical timeline, colored severity markers (info/success/warning/error/critical/neutral), deterministic UTC timestamps, expandable detail sections, actor/source metadata, date grouping, loading skeleton, empty state, accessibility (role="feed", aria-labels), and content projection. | Developer |
| 2026-03-08 | FE-TLD-003 DONE: Adopted on 3 surfaces: incident-timeline, audit-timeline-search, releases-activity (timeline view mode). Domain-specific context preserved via content projection. | Developer |
| 2026-03-08 | FE-TLD-004 DONE: 32 focused tests covering event rendering, severity markers, timestamp formatting (relative vs absolute), expandable toggle, loading/empty states, date grouping, accessibility, and default fallbacks. Build passes. | Developer |
| 2026-03-08 | Post-integration hardening: unified grouped and flat rendering behind a shared render-clock refresh path so relative timestamps stay truthful in flat mode too, and added a regression test that advances time between flat-mode renders. | Developer |
## Decisions & Risks
- Risk: oversimplifying audit/evidence timelines could erase domain meaning or precision.
- Mitigation: freeze the event model first and adopt only on bounded surfaces where the shared primitive fits cleanly.
- Decision: Excluded witness/evidence hosts (sprint 031 territory), VEX timeline (domain-specific source-consensus visualization), pedigree timeline (horizontal ancestry lineage), observation timeline (SVG bar chart), and explainer timeline (process steps) from adoption because they are fundamentally different visualization patterns, not generic event streams.
- Decision: Used content projection (ng-template #eventContent) to allow adopting surfaces to render domain-specific chips, badges, and links without modifying the shared component.
- Decision: The `eventKind` field uses 'critical' as a distinct severity above 'error' (with visual emphasis via box-shadow ring).
- Decision: both grouped and flat modes refresh the render clock from the same `renderedEvents` computed path so relative timestamps remain deterministic within a render cycle without drifting stale across input updates.
## Next Checkpoints
- Freeze the event model and time-display rules. -- DONE
- Build the richer shared timeline primitive. -- DONE
- Adopt it on a bounded set of mounted chronology surfaces. -- DONE

92
docs/implplan/SPRINT_20260308_030_FE_split_pane_list_detail_shell_consolidation.md
View File

@@ -1,92 +0,0 @@
# Sprint 20260308_030 - FE Split Pane And List Detail Shell Consolidation
## Topic & Scope
- Consolidate the unused `SplitPaneComponent` into the mounted `ListDetailShellComponent` so the product has one truthful master-detail layout primitive instead of two overlapping abstractions.
- Improve UX by defining a single responsive list-detail behavior for selection, secondary detail presentation, and mobile collapse behavior.
- Keep scope to master-detail layout primitives and their bounded adoptions.
- Working directory: `src/Web/StellaOps.Web`.
- Allowed coordination edits: `docs/modules/ui/TASKS.md`, `docs/modules/ui/implementation_plan.md`, shared shell primitives, selected mounted list-detail hosts, and checked-feature/docs output under `docs/features/checked/web/` plus `docs/modules/ui/**`.
- Expected evidence: consolidated shell contract, updated shared primitive, bounded host adoption, and regression coverage.
## Dependencies & Concurrency
- Depends on the mounted `ListDetailShellComponent` usage already present in Watchlist and related contextual surfaces.
- Safe parallelism: may run with other derivation sprints if it avoids editing the same host templates; coordinate closely with any watchlist or triage shell changes.
## Documentation Prerequisites
- `docs/modules/ui/architecture.md`
- `src/Web/StellaOps.Web/src/app/shared/ui/split-pane/split-pane.component.ts`
- `src/Web/StellaOps.Web/src/app/shared/ui/list-detail-shell/list-detail-shell.component.ts`
## Delivery Tracker
### FE-SPL-001 - Freeze the single master-detail contract
Status: DONE
Dependency: none
Owners: UX, Developer (FE)
Task description:
- Compare the unused `SplitPaneComponent` against the mounted `ListDetailShellComponent` and freeze the single master-detail contract the UI should keep.
- Decide which behaviors, if any, should migrate: collapsible secondary rail, width control, preserved selection context, and mobile stacking behavior.
Completion criteria:
- [x] One canonical master-detail layout contract is defined.
- [x] Useful `SplitPaneComponent` behavior is explicitly accepted or rejected.
- [x] The contract describes both desktop and mobile behavior.
### FE-SPL-002 - Derive the canonical list-detail shell
Status: DONE
Dependency: FE-SPL-001
Owners: Developer (FE)
Task description:
- Extend `ListDetailShellComponent` with the approved behavior from `SplitPaneComponent` if it materially improves operator UX.
- Avoid porting gimmicks that add complexity without improving mounted surfaces.
Completion criteria:
- [x] `ListDetailShellComponent` supports the agreed master-detail behavior.
- [x] The API remains smaller and clearer than maintaining two primitives.
- [x] Accessibility and responsive behavior are preserved.
### FE-SPL-003 - Adopt the consolidated shell on bounded mounted surfaces
Status: DONE
Dependency: FE-SPL-002
Owners: Developer (FE), UX
Task description:
- Adopt the consolidated shell on a bounded set of mounted list-detail surfaces, validating both steady-state browsing and detail-open workflows.
- Prefer surfaces where the detail panel and selection behavior are central to task completion.
Completion criteria:
- [x] Bounded mounted list-detail surfaces use the consolidated shell.
- [x] Detail-open and mobile behaviors are tested on real host pages.
- [x] `SplitPaneComponent` becomes removable or clearly deprecated.
### FE-SPL-004 - Verify and document the consolidation
Status: DONE
Dependency: FE-SPL-003
Owners: Test Automation, Documentation author
Task description:
- Add focused tests for the consolidated shell behavior and document the single master-detail contract in the UI docs.
Completion criteria:
- [x] Regression coverage exists for the consolidated shell.
- [x] Docs explain the one-shell rule for future UI work.
- [x] The old unused split-pane path is no longer ambiguous.
## Execution Log
| Date (UTC) | Update | Owner |
| --- | --- | --- |
| 2026-03-08 | Sprint created to consolidate the unused split-pane primitive into the mounted list-detail shell and establish one canonical master-detail layout. | Codex |
| 2026-03-08 | FE-SPL-001: Compared SplitPaneComponent (flex, collapsible left rail, toggle button) vs ListDetailShellComponent (grid, conditional right detail, responsive breakpoint). Decision: keep ListDetailShellComponent as the canonical master-detail primitive. Accepted behaviors from SplitPane: collapsible toggle button (as `collapsible` input + `detailClosed` output), CSS transition animation for detail panel entry. Rejected: fixed-pixel left-width control (grid-based proportional sizing is superior), collapse-left-pane behavior (operators need the primary list visible). Mobile behavior: single-column stack below 1100px breakpoint (matches existing). | Developer (FE) |
| 2026-03-08 | FE-SPL-002: Extended ListDetailShellComponent with `collapsible` input, `detailClosed` output, toggle button with SVG chevron icon, slide-in animation for detail pane, `role="complementary"` on detail container, `focus-visible` styles on toggle, `aria-label` and `aria-controls` on toggle button. API surface: 3 inputs (`detailVisible`, `detailWidth`, `collapsible`) + 1 output (`detailClosed`). | Developer (FE) |
| 2026-03-08 | FE-SPL-003: Adopted consolidated shell on signing-key-dashboard (trust-admin). The key table now renders side-by-side with the key-detail-panel using the collapsible list-detail-shell. Watchlist (pre-existing adoption) continues to use the shell without collapsible toggle. SplitPaneComponent deprecated with JSDoc `@deprecated` annotation. | Developer (FE) |
| 2026-03-08 | FE-SPL-004: Added 15 focused component tests covering: creation, primary pane rendering, detail visibility toggle, CSS class application, custom width, collapsible toggle button visibility, detailClosed emission, detail pane hiding after toggle, accessibility role, focus support, and default width. All 15 tests pass. Build passes. Sprint docs and TASKS.md updated. | Developer (FE) |
## Decisions & Risks
- **Decision: ListDetailShellComponent is the canonical master-detail layout primitive.** SplitPaneComponent is deprecated.
- **Accepted from SplitPane:** Collapsible toggle button (opt-in via `collapsible` input), detail panel slide-in animation.
- **Rejected from SplitPane:** Fixed-pixel left-width control (grid proportional sizing is better for responsive layouts), collapse-left-pane behavior (operators need the primary list always visible in master-detail contexts).
- **Contract:** Desktop shows 2-column grid (1.7fr primary + variable detail width). Mobile (<1100px) stacks to single column. Toggle button hidden on mobile. Detail pane has `role="complementary"` and slide-in animation.
- Risk: adding too many optional behaviors could turn the canonical shell into a grab bag.
- Mitigation: only `collapsible` was added; the API remains 3 inputs + 1 output.
## Next Checkpoints
- Remove `SplitPaneComponent` entirely in a future cleanup sprint once confirmed no consumers remain.
- Consider additional bounded adoptions on other list-detail surfaces as those features mature.

117
docs/implplan/SPRINT_20260308_031_FE_witness_viewer_evidence_derivation.md
View File

@@ -1,117 +0,0 @@
# Sprint 20260308_031 - FE Witness Viewer Evidence Derivation
## Topic & Scope
- Derive the orphan `WitnessViewerComponent` into reusable evidence and witness sub-surfaces inside the mounted Reachability and Evidence experiences instead of reviving a standalone full-page viewer.
- Improve UX by surfacing verification summary, signatures, attestations, raw evidence actions, and supporting metadata where operators already investigate proofs.
- Keep scope to witness/evidence presentation and derivation, not backend API redesign.
- Working directory: `src/Web/StellaOps.Web`.
- Allowed coordination edits: `docs/modules/ui/TASKS.md`, `docs/modules/ui/implementation_plan.md`, witness/evidence shared UI under `src/Web/StellaOps.Web/src/app/shared/ui/**`, mounted Reachability/Evidence hosts, and checked-feature/docs output under `docs/features/checked/web/` plus `docs/modules/ui/**`.
- Expected evidence: derivation contract, extracted reusable sections, bounded host adoption, focused tests, and docs updates.
## Dependencies & Concurrency
- Depends on the mounted reachability witness and evidence-detail flows already present in the route tree.
- Should coordinate with any concurrent reachability or evidence route work because the adoption targets are live operator pages.
- Safe parallelism: header/card/timeline derivation sprints may proceed separately if they do not edit the same witness/evidence hosts.
## Documentation Prerequisites
- `docs/modules/ui/architecture.md`
- `src/Web/StellaOps.Web/src/app/shared/ui/witness-viewer/witness-viewer.component.ts`
- Mounted reachability witness and evidence-detail hosts chosen for adoption
## Delivery Tracker
### FE-WVD-001 - Freeze the witness/evidence derivation contract
Status: DONE
Dependency: none
Owners: Product Manager, UX
Task description:
- Audit which parts of `WitnessViewerComponent` still add value: verification summary, signature inspection, attestation details, raw payload access, and download/copy actions.
- Decide which mounted surfaces should own those capabilities, and which full-page viewer behavior should be rejected as redundant.
Completion criteria:
- [x] Valuable witness/evidence capabilities are explicitly listed.
- [x] Each capability is assigned to a mounted owner surface.
- [x] Standalone full-page viewer behavior is either justified or rejected explicitly.
Derivation contract:
1. **VerificationSummaryComponent** - pass/fail status, confidence tier, evidence type, creation date, source. Owner: Reachability WitnessPage + Evidence PacketPage.
2. **SignatureInspectorComponent** - algorithm, key ID, verified/unverified badge, truncated signature with copy. Owner: Reachability WitnessPage.
3. **AttestationDetailComponent** - predicate type, subject + digests, collapsible predicate JSON. Owner: any surface with in-toto attestation data.
4. **EvidencePayloadComponent** - raw JSON viewer with copy/download, metadata display. Owner: Reachability WitnessPage + Evidence PacketPage.
5. **Rejected**: standalone full-page `WitnessViewerComponent` behavior. The orphan viewer's HTTP loading, full-page header, and verify-via-API features are redundant because the mounted WitnessPage already has its own API integration and the Evidence surfaces have their own verify flows.
### FE-WVD-002 - Extract reusable witness/evidence sections
Status: DONE
Dependency: FE-WVD-001
Owners: Developer (FE)
Task description:
- Extract the useful witness/evidence sections from the orphan component into reusable building blocks that can be embedded in mounted Reachability and Evidence views.
- Keep the extracted units focused and composable instead of recreating the orphan full-page layout under a different name.
Completion criteria:
- [x] Reusable witness/evidence sections exist for the approved capabilities.
- [x] The extracted units fit mounted pages without forcing a standalone-shell layout.
- [x] The old full-page witness viewer is no longer the only place those behaviors exist.
Extracted sections (under `src/Web/StellaOps.Web/src/app/shared/ui/witness/`):
- `verification-summary.component.ts` - VerificationSummaryComponent
- `signature-inspector.component.ts` - SignatureInspectorComponent
- `attestation-detail.component.ts` - AttestationDetailComponent
- `evidence-payload.component.ts` - EvidencePayloadComponent
- `witness.models.ts` - shared presentation-level models
- `index.ts` - barrel export
### FE-WVD-003 - Adopt the extracted sections on mounted witness and evidence surfaces
Status: DONE
Dependency: FE-WVD-002
Owners: Developer (FE), UX
Task description:
- Integrate the extracted sections into the mounted Reachability witness and Evidence proof/detail experiences so operators can verify and inspect proofs in context.
- Use adoption to improve context continuity rather than adding one more isolated viewer entry point.
Completion criteria:
- [x] Mounted witness/evidence flows gain the approved proof-inspection capabilities.
- [x] Context is preserved across reachability/evidence workflows.
- [x] No duplicate standalone viewer surface is introduced.
Adopted surfaces:
1. **Reachability WitnessPage** (`src/Web/StellaOps.Web/src/app/features/reachability/witness-page.component.*`) - Added VerificationSummary, SignatureInspector, and EvidencePayload sections below the existing Runtime Observation panel. Domain data mapped via computed signals.
2. **Evidence PacketPage** (`src/Web/StellaOps.Web/src/app/features/evidence/evidence-packet-page.component.ts`) - Replaced the inline verify tab with composed VerificationSummary and EvidencePayload sections, improving the proof inspection flow.
### FE-WVD-004 - Verify and document the derivation
Status: DONE
Dependency: FE-WVD-003
Owners: Test Automation, Documentation author
Task description:
- Add focused tests for the derived witness/evidence sections and document where proof verification details now live in the product.
Completion criteria:
- [x] Focused tests cover the derived witness/evidence sections.
- [x] Docs explain the new owner surfaces for witness/proof inspection.
- [x] The orphan witness-viewer path is intentionally retired or reduced.
Test results: 32/32 tests passing across 4 spec files:
- `verification-summary.component.spec.ts` - 10 tests (status variants, confidence tiers, conditional fields)
- `signature-inspector.component.spec.ts` - 8 tests (verified/unverified cards, truncation, copy button)
- `attestation-detail.component.spec.ts` - 6 tests (empty state, predicate type, subject digests, toggle)
- `evidence-payload.component.spec.ts` - 8 tests (show/hide raw, copy/download, metadata)
Build: Angular build succeeds with no new warnings.
## Execution Log
| Date (UTC) | Update | Owner |
| --- | --- | --- |
| 2026-03-08 | Sprint created to derive the orphan witness-viewer into reusable proof-inspection sections for mounted Reachability and Evidence surfaces. | Codex |
| 2026-03-08 | All 4 tasks completed. Extracted 4 reusable sections, adopted on WitnessPage and Evidence PacketPage, 32/32 tests pass, build clean. | Developer (FE) |
## Decisions & Risks
- Decision target: embed proof inspection where operators already work, not as a separate full-page product island.
- Risk: over-extracting the orphan viewer could bring layout or HTTP assumptions that do not fit the mounted flows.
- Mitigation: freeze capabilities first, then extract only the reusable sections that serve mounted host pages.
- Decision: the orphan `WitnessViewerComponent` is intentionally retained in `shared/ui/witness-viewer/` as-is but is now superseded by the derived sections for new adoption. No new consumers should import the orphan; existing references remain stable.
- Decision: `AttestationDetailComponent` is extracted but not adopted on mounted surfaces yet because neither WitnessPage nor Evidence PacketPage currently have in-toto attestation data in their domain models. It is ready for adoption when attestation data flows arrive.
## Next Checkpoints
- Freeze the witness/evidence capability map. DONE
- Extract reusable proof-inspection sections. DONE
- Adopt them into mounted Reachability and Evidence surfaces. DONE

96
docs/implplan/SPRINT_20260309_001_Platform_scratch_setup_bootstrap_restore.md
View File

@@ -1,96 +0,0 @@
# Sprint 20260309-001 - Platform Scratch Setup Bootstrap Restore
## Topic & Scope
- Restore the documented Windows scratch-setup path so `scripts/setup.ps1` can rebuild Docker images and start Stella Ops from an empty Docker state.
- Treat the setup script itself as production surface: a clean repo plus docs must be enough to bootstrap the platform without manual script surgery.
- Re-run the clean setup path after the fix, then continue into Playwright-backed live verification on the rebuilt stack.
- Working directory: `devops/docker`.
- Allowed coordination edits: `scripts/setup.ps1`, `scripts/setup.sh`, `scripts/build-all-solutions.ps1`, `devops/compose/docker-compose.stella-ops.yml`, `devops/compose/docker-compose.dev.yml`, `docs/quickstart.md`, `docs/INSTALL_GUIDE.md`, `docs/dev/DEV_ENVIRONMENT_SETUP.md`, `devops/README.md`, `devops/compose/README.md`, `src/Web/StellaOps.Web/scripts/chrome-path.js`, `src/Web/StellaOps.Web/scripts/verify-chromium.js`, `src/Authority/StellaOps.Authority.sln`, `src/Cli/StellaOps.Cli.sln`, `src/EvidenceLocker/StellaOps.EvidenceLocker.sln`, `src/Signals/StellaOps.Signals.sln`, `src/Tools/StellaOps.Tools.sln`, `src/Policy/StellaOps.Policy.engine.slnf`, `src/Policy/StellaOps.Policy.min.slnf`, `src/Policy/StellaOps.Policy.tests.slnf`, `src/Telemetry/StellaOps.Telemetry.Core/telemetry-tests.slnf`, `docs/implplan/SPRINT_20260309_001_Platform_scratch_setup_bootstrap_restore.md`.
- Expected evidence: clean setup invocation output, successful image-builder startup, rebuilt compose stack, and downstream Playwright verification artifacts.
## Dependencies & Concurrency
- Depends on Docker Desktop, hosts entries, and `devops/compose/.env` already being present, which the documented setup preflight checks before build/start.
- Safe parallelism: avoid unrelated frontend search, settings, and revived-component work; keep changes limited to the bootstrap scripts/docs unless a new setup blocker proves otherwise.
## Documentation Prerequisites
- `AGENTS.md`
- `docs/quickstart.md`
- `docs/INSTALL_GUIDE.md`
- `devops/README.md`
- `devops/compose/README.md`
## Delivery Tracker
### PLATFORM-SETUP-001 - Repair Windows image-builder bootstrap defaults
Status: DONE
Dependency: none
Owners: Developer, QA
Task description:
- Fix the documented Windows image-build entry point used by `scripts/setup.ps1` so it parses and runs in the repo's supported PowerShell setup flow.
- Keep the fix minimal and compatible with environment-variable overrides because the same script is the canonical Docker image build path for a clean local bootstrap.
Completion criteria:
- [x] `devops/docker/build-all.ps1` parses without PowerShell errors.
- [x] `scripts/setup.ps1 -SkipBuild` advances past the image-builder entry point on a clean Docker state.
- [x] The fix preserves `REGISTRY`, `TAG_SUFFIX`, `SDK_IMAGE`, and `RUNTIME_IMAGE` overrides.
### PLATFORM-SETUP-002 - Re-run clean platform bootstrap and continue QA
Status: DONE
Dependency: PLATFORM-SETUP-001
Owners: QA, Developer
Task description:
- Re-run the documented scratch bootstrap from the repo scripts after the parser fix, then proceed into live Playwright verification on the rebuilt frontdoor.
- Record the next blocker found after the bootstrap repair instead of treating setup completion alone as success.
Completion criteria:
- [x] The clean setup path is rerun from the repo script after the fix.
- [x] The stack is reachable through `https://stella-ops.local`.
- [x] The next live verification findings are captured for follow-on iterations.
### PLATFORM-SETUP-003 - Repair scratch-bootstrap solution graph blockers
Status: DONE
Dependency: PLATFORM-SETUP-002
Owners: Developer
Task description:
- Fix the repo-level build graph defects exposed only by the documented full setup path after a complete Docker wipe. The fixes must preserve the canonical bootstrap workflow instead of bypassing it with `-SkipBuild`.
- Keep the repair limited to stale/corrupted solution metadata and bootstrap helper logic that prevents `scripts/setup.ps1` from completing from a clean repo state.
Completion criteria:
- [x] `scripts/build-all-solutions.ps1` runs on this Windows host without PowerShell API compatibility errors.
- [x] Broken solution entries discovered during the documented full setup are corrected in place.
- [x] `scripts/setup.ps1` advances past the solution-build phase on an empty Docker state.
## Execution Log
| Date (UTC) | Update | Owner |
| --- | --- | --- |
| 2026-03-09 | Sprint created after a scratch Docker wipe exposed that the documented Windows setup path fails immediately in `devops/docker/build-all.ps1` before any images are built. | Developer |
| 2026-03-09 | Replaced invalid PowerShell null-coalescing defaults in `devops/docker/build-all.ps1` with compatibility-safe runtime fallback assignment, then re-ran `scripts/setup.ps1 -SkipBuild` and confirmed the clean bootstrap advanced into the 60-image rebuild matrix. | Developer |
| 2026-03-09 | Found a second setup-to-QA blocker: Playwright Chromium installed under `%LOCALAPPDATA%\\ms-playwright`, but `src/Web/StellaOps.Web/scripts/chrome-path.js` only searched `%HOME%\\.cache\\ms-playwright` and `chrome-win`. Expanded resolver coverage to standard Windows cache roots and `chrome-win64` layouts. | Developer |
| 2026-03-09 | Tightened the Chromium resolver to prefer the newest discovered Playwright revision, because the same helper is consumed by the Playwright configs and should not silently bind to an older cached browser when multiple revisions are installed. | Developer |
| 2026-03-09 | Scratch image build completed successfully (`60/60`), but compose startup failed immediately because `docker-compose.stella-ops.yml` still referenced legacy `stellaops/jobengine*` image names while the canonical build matrix emits `stellaops/orchestrator*`. Updated compose to consume the built image names while preserving the existing `jobengine` service identity and host aliases. | Developer |
| 2026-03-09 | The next clean-start blocker was the external `FRONTDOOR_NETWORK` contract: a full Docker wipe removed `stellaops_frontdoor`, but neither setup script recreated it before `docker compose -f docker-compose.stella-ops.yml up -d`. Wired network creation into both setup scripts and updated the install docs to document the same manual prerequisite. | Developer |
| 2026-03-09 | Re-ran `scripts/setup.ps1 -SkipBuild -SkipImages` after the setup fixes and confirmed the stack came up cleanly on `https://stella-ops.local`; live Playwright auth also succeeded, proving the scratch bootstrap now reaches real browser-verifiable UI state. | Developer |
| 2026-03-09 | Demo seeding still exposed module migration debt (`no migration resources to consolidate` across several modules plus a duplicate `Unknowns` migration name). I did not treat that as a setup pass condition because the live frontdoor remained operable, but it remains a follow-on platform quality gap. | Developer |
| 2026-03-09 | Performed a full Docker wipe and reran the documented scratch bootstrap from zero state. Fixed additional repo bootstrap blockers exposed by the clean build matrix: stale `Authority`/`Cli`/`EvidenceLocker`/`Signals`/`Tools` solution references, `Tools` verifier project/test boundary drift, broken `Policy` and `Telemetry` solution filters, and unbounded solution discovery that recursed into frontend `node_modules` vendor samples. | Developer |
| 2026-03-09 | Investigated the next Windows bootstrap bottleneck: `devops/docker/build-all.ps1` still rebuilt every .NET service image from repo root, so Docker repeatedly transferred the monorepo into BuildKit during scratch setup. Reworked the builder to publish backend services locally into small temp contexts, kept the Angular console on its dedicated Dockerfile path, and threaded `--no-restore` through setup when the solution build already ran. | Developer |
| 2026-03-09 | Solution graph fixes committed: normalized solution file paths and consolidated Scheduler references (`e6094e3b5`), improved build script discovery and updated Verifier to System.CommandLine v8+ (`e0c79e0dc`). Running `build-all-solutions.ps1` to verify completion criteria. | Developer |
| 2026-03-09 | All 36 solutions build successfully. Task 003 completion criteria met. Sprint complete. | QA |
| 2026-03-10 | Another scratch-bootstrap recheck exposed false-negative third-party infra readiness. SeaweedFS was healthy but its dev-compose probe hit the S3 root that correctly returns `403`, and Zot was healthy but its vendor image does not include `wget`. Updated compose healthchecks and setup smoke probes to validate the real exposed endpoints instead of failing clean bootstraps on healthy services. | Developer |
| 2026-03-11 | Performed another full Docker wipe, including Stella containers, images, volumes, and networks, then reran the documented Windows setup path from zero state. The next real bootstrap defect was positional switch forwarding from `scripts/setup.ps1` into `devops/docker/build-all.ps1`, which corrupted the registry argument (`-PublishNoRestore/router-gateway:dev`) and broke image tagging during the clean rebuild. | Developer |
| 2026-03-11 | Reworked `scripts/setup.ps1` to splat named build parameters and added a fail-fast registry guard in `devops/docker/build-all.ps1`. After the fix, the documented scratch setup completed successfully, the compose stack came back healthy on `https://stella-ops.local`, and the authenticated canonical Playwright route sweep passed `111/111` on the rebuilt stack. | QA |
## Decisions & Risks
- Decision: repair the documented setup path first instead of working around it with ad hoc manual builds, because scratch bootstrap is part of the product surface for this mission.
- Risk: additional clean-setup blockers may appear after the parser issue because the stack is being rebuilt from empty Docker state rather than from previously warmed images/volumes.
- Mitigation: keep rerunning the same documented path and treat each newly exposed blocker as iteration input until the full bootstrap succeeds.
- Decision: treat browser-binary discovery as part of the scratch-bootstrap contract because a clean rebuild is not complete until Playwright can attach to a browser for live verification.
- Decision: preserve the `jobengine` compose service name and `jobengine.stella-ops.local` alias for compatibility, but map it to the canonical `orchestrator` image names emitted by the Docker build matrix so scratch setup uses the images it just produced.
- Decision: the automated setup path now owns creation of the external frontdoor Docker network because that network is part of the documented default compose topology, and a scratch bootstrap should not depend on an undocumented pre-existing Docker artifact.
- Decision: `scripts/build-all-solutions.ps1` must build only repo-owned solution surfaces under `src/`; vendored dependency trees such as frontend `node_modules` are excluded because they are not Stella bootstrap contracts and can contain native/Visual Studio samples that are invalid under `dotnet build`.
- Decision: the canonical .NET image builder now uses local `dotnet publish` plus a runtime-only Docker context by default, because repo-root `docker build` repeated monorepo context transfer for every service and made scratch setup unreasonably slow on Windows.
- Decision: scratch-setup readiness for third-party infra now relies on host-level HTTP probes in the setup smoke scripts, because vendor images do not consistently ship shell/network helpers and some valid readiness responses are auth-gated (`403`) rather than `200`.
- Decision: the setup script must pass Docker build switches as named parameters, not positional strings, because scratch bootstrap is a product surface and positional forwarding can silently corrupt image naming in PowerShell.
## Next Checkpoints
- 2026-03-09: rerun `scripts/setup.ps1 -SkipBuild` after the parser fix.
- 2026-03-09: continue into frontdoor Playwright verification once the rebuilt stack is reachable.

88
docs/implplan/SPRINT_20260309_002_FE_live_frontdoor_canonical_route_sweep.md
View File

@@ -1,88 +0,0 @@
# Sprint 20260309-002 - FE Live Frontdoor Canonical Route Sweep
## Topic & Scope
- Create a real authenticated Playwright harness for the canonical Stella Ops frontdoor routes so route regressions are detected against `https://stella-ops.local`, not just against stubbed e2e fixtures.
- Use the canonical route inventory already curated in the frontend sweep spec, then record route-level failures, console errors, request failures, and visible operator actions for follow-on deep page/action iterations.
- Keep this sprint focused on the reusable live sweep harness; route/action fixes discovered by the harness belong to later implementation iterations.
- Working directory: `src/Web/StellaOps.Web/scripts`.
- Allowed coordination edits: `src/Web/StellaOps.Web/tests/e2e/prealpha-canonical-full-sweep.spec.ts`, `src/Web/StellaOps.Web/scripts/live-frontdoor-auth.mjs`, `src/Web/StellaOps.Web/scripts/live-frontdoor-canonical-route-sweep.mjs`, `src/Web/StellaOps.Web/scripts/live-frontdoor-changed-surfaces.mjs`, `src/Web/StellaOps.Web/scripts/live-ops-policy-action-sweep.mjs`, `src/Web/StellaOps.Web/scripts/live-releases-deployments-check.mjs`, `docs/implplan/SPRINT_20260309_002_FE_live_frontdoor_canonical_route_sweep.md`.
- Expected evidence: a runnable live sweep script, authenticated JSON output under `src/Web/StellaOps.Web/output/playwright/`, and a recorded list of failing canonical routes once the rebuilt stack is reachable.
## Dependencies & Concurrency
- Depends on the scratch bootstrap sprint completing enough of the stack for `https://stella-ops.local` and Authority auth to respond.
- Safe parallelism: keep edits in the web scripts area only; do not touch unrelated frontend feature code while other agents are landing search/component changes.
## Documentation Prerequisites
- `AGENTS.md`
- `src/Web/StellaOps.Web/AGENTS.md`
- `docs/qa/feature-checks/FLOW.md`
- `docs/modules/platform/architecture-overview.md`
## Delivery Tracker
### FE-LIVE-SWEEP-001 - Add authenticated canonical route sweep harness
Status: DONE
Dependency: none
Owners: QA, Developer (FE)
Task description:
- Create a Playwright-backed live route harness that authenticates through the real frontdoor, navigates the canonical page inventory, and records route-level failures, visible problem banners, console/request failures, and visible actions.
- Reuse the existing live auth/session seeding pattern so the harness can run repeatedly across iterations without hand-driving the browser every time.
Completion criteria:
- [x] A script exists under `src/Web/StellaOps.Web/scripts/` for authenticated live canonical route sweeps.
- [x] The script writes structured JSON output to `src/Web/StellaOps.Web/output/playwright/`.
- [x] The script exits non-zero when canonical routes fail the route-level acceptance checks.
### FE-LIVE-SWEEP-002 - Run the harness on the rebuilt stack
Status: DONE
Dependency: FE-LIVE-SWEEP-001
Owners: QA
Task description:
- Execute the live canonical route sweep against the rebuilt `stella-ops.local` stack once the scratch bootstrap finishes.
- Use its findings as the starting backlog for deeper per-page/per-action iterations.
Completion criteria:
- [x] The harness has been run against the rebuilt stack.
- [x] The failing route list is captured as iteration evidence.
- [x] Follow-on implementation work uses the captured failures instead of ad hoc page selection.
### FE-LIVE-SWEEP-003 - Harden deep action sweeps against silent hangs
Status: DONE
Dependency: FE-LIVE-SWEEP-002
Owners: QA, Developer (FE)
Task description:
- The deeper live action sweeps must fail fast and write partial evidence even when a specific page action hangs or a browser interaction wedges.
- Add per-action watchdogs, progress logging, and non-zero exit semantics for behavioral failures so long-running scratch iterations remain auditable instead of stalling in silence.
Completion criteria:
- [x] The ops/policy action sweep writes partial JSON progress as it runs.
- [x] A blocked action is reported as a failed action with step-level context instead of hanging the entire process.
- [x] The action sweep exits non-zero when any checked action or runtime contract fails.
## Execution Log
| Date (UTC) | Update | Owner |
| --- | --- | --- |
| 2026-03-09 | Sprint created during the scratch bootstrap so the moment the stack becomes reachable there is a broad authenticated Playwright route harness ready to run against the live frontdoor. | Developer |
| 2026-03-09 | Added `scripts/live-frontdoor-canonical-route-sweep.mjs`, reusing live frontdoor auth/session seeding, canonical route inventory, strict route checks for known-sensitive pages, and structured JSON output under `output/playwright/`. Syntax validation passed before the live rerun. | Developer |
| 2026-03-09 | Fixed a harness defect in the shared auth/session model: the original live sweep restored `sessionStorage` only in the login tab, so every freshly opened route page was unauthenticated and falsely redirected to `/welcome`. Moved session seeding into `createAuthenticatedContext(...)` and reused the helper from the other live scripts. | Developer |
| 2026-03-09 | Ran the authenticated 106-route sweep against the rebuilt stack. After removing redirect/copy false positives, the real live backlog is 19 failing routes: reachability; feeds-airgap; jobengine; quotas; dead-letter; aoc; signals; packs; ai-runs; notifications; status; sbom-sources; policy simulation; policy trust-weights; policy staleness; policy audit; setup/platform trust-signing; and setup notifications. | Developer |
| 2026-03-09 | Expanded the canonical live sweep inventory to include the revived release-investigation, evidence-thread, and registry-admin routes so future frontdoor passes cover those pages as first-class surfaces instead of leaving them to ad hoc follow-up scripts. | Developer |
| 2026-03-09 | After the full image rebuild and the next web-only repair pass, reran the authenticated 111-route sweep. The live backlog moved to 24 failing routes, with the earlier title regressions and feeds-airgap issue cleared while new backend/runtime failures remained concentrated in analytics, JobEngine, integrations, policy governance, notifications, and trust authorization. | Developer |
| 2026-03-10 | Full rebuild and redeploy completed cleanly, but the deeper live `ops/policy` action sweep stalled after authentication without writing a result file. This iteration is hardening the sweep itself with per-action watchdogs, progress persistence, and explicit failure semantics so the next scratch loops do not burn hours on a silent Playwright hang. | Developer |
| 2026-03-10 | Completed the hardening pass on `live-ops-policy-action-sweep.mjs`: the script now persists progress while it runs, reports blocked actions with step-level snapshots, and exits non-zero on action/runtime failures. After the policy frontdoor fix, the same sweep completed cleanly on the rebuilt stack with zero runtime issues. | Developer |
| 2026-03-10 | Hardened `live-frontdoor-auth.mjs` so it waits for a real authority transition or established shell session before declaring authentication complete. This prevents false-positive sign-in clicks on rebuilt stacks where the login form appears asynchronously or the welcome page lingers after the CTA. | Developer |
| 2026-03-10 | Tightened `live-ops-policy-action-sweep.mjs` runtime accounting to ignore browser-level `net::ERR_ABORTED` request failures caused by intentional page-to-page navigation. Live rerun confirmed the quotas alerts navigation no longer registers a false runtime issue while the same page/action coverage stays intact. | Developer |
## Decisions & Risks
- Decision: keep this sprint focused on broad route-level live verification and action inventory, not on fixing specific route defects before the rebuilt stack is actually exercised.
- Risk: route-level checks alone do not prove that every page action is correct; they are the breadth-first pass that feeds deeper action-by-action iterations.
- Mitigation: record visible action inventory for each page so the next iterations can systematically deepen coverage instead of rediscovering affordances manually.
- Decision: treat documented/canonical redirects as valid route outcomes in the live sweep (`/releases`, `/releases/promotion-queue`, `/ops/policy`, `/ops/policy/audit`, `/ops/platform-setup/trust-signing`, `/setup/topology`) because those aliases are intentional product behavior, not regressions.
- Risk: many remaining failures are real frontdoor contract mismatches rather than simple UI copy/render issues, so the next iterations need backend/frontend contract inspection, not just surface-level error-banner suppression.
- Decision: the deep live sweeps must be self-diagnosing. A hanging Playwright command is a harness defect because it blocks the problem-first loop from collecting the full issue set.
- Decision: authentication success in the live harness is defined by an established Stella Ops session or a completed authority redirect, not by a single successful CTA click on `/welcome`.
## Next Checkpoints
- 2026-03-09: land the reusable live canonical route sweep script.
- 2026-03-09: execute the sweep once the scratch rebuild reaches a live frontdoor.
- 2026-03-09: start implementation iterations on the highest-leverage live failure clusters from the 19-route backlog.

79
docs/implplan/SPRINT_20260309_003_Router_live_frontdoor_contract_repair.md
View File

@@ -1,79 +0,0 @@
# Sprint 20260309-003 - Router Live Frontdoor Contract Repair
## Topic & Scope
- Repair the verified live frontdoor contract mismatches from the authenticated canonical route sweep where the gateway is routing to the wrong backend service or the web client is composing impossible frontdoor URLs.
- Keep this iteration focused on the highest-leverage cluster: JobEngine control routes, scanner-owned sources/witnesses routes, AI runs list routes, and console/pack-registry requests that currently self-inflict 404s in the live shell.
- Update the live router manifests that the compose stack actually mounts, keep the source router defaults aligned, and add focused frontend test coverage for the web-side fixes.
- Working directory: `devops/compose`.
- Allowed coordination edits: `src/Router/StellaOps.Gateway.WebService/appsettings.json`, `src/Web/StellaOps.Web/src/app/app.config.ts`, `src/Web/StellaOps.Web/src/app/features/pack-registry/services/pack-registry-browser.service.ts`, `src/Web/StellaOps.Web/src/app/features/pack-registry/services/pack-registry-browser.service.spec.ts`, `src/Web/StellaOps.Web/src/app/features/console/console-status.component.ts`, `src/Web/StellaOps.Web/src/app/features/console/console-status.component.spec.ts`, `docs/implplan/SPRINT_20260309_003_Router_live_frontdoor_contract_repair.md`.
- Expected evidence: live curl probes against the repaired frontdoor contracts, focused Angular specs for the touched client logic, and a rerun of the authenticated route sweep showing the remaining backlog has narrowed.
## Dependencies & Concurrency
- Depends on `SPRINT_20260309_002_FE_live_frontdoor_canonical_route_sweep.md` for the verified route failure inventory and reproduction evidence.
- Safe parallelism: stay within router manifests and the specifically listed web files; avoid unrelated search/reachability/component-revival areas being changed by other agents.
## Documentation Prerequisites
- `AGENTS.md`
- `src/Web/StellaOps.Web/AGENTS.md`
- `docs/qa/feature-checks/FLOW.md`
- `docs/modules/router/webservices-valkey-rollout-matrix.md`
- `docs/modules/ui/v2-rewire/S00_endpoint_contract_ledger_v1.md`
## Delivery Tracker
### ROUTER-LIVE-003-001 - Repair mounted frontdoor route ownership
Status: DONE
Dependency: none
Owners: Developer
Task description:
- Update the mounted compose router manifests so the live gateway sends `/api/v1/jobengine/*` to JobEngine and `/api/v1/sources` and `/api/v1/witnesses` to Scanner, while keeping AI runs on the existing AdvisoryAI `/api/v1/advisory-ai/*` frontdoor family instead of colliding with release-control `/api/v1/runs/*`.
- Keep the source router appsettings in sync so the repo default matches the live compose manifests.
Completion criteria:
- [x] `devops/compose/router-gateway-local.json` routes the affected frontdoor paths to the verified owning services.
- [x] `devops/compose/router-gateway-local.reverseproxy.json` and `src/Router/StellaOps.Gateway.WebService/appsettings.json` are aligned for the same paths.
- [x] Direct frontdoor probes no longer return `404` for the repaired route families.
### ROUTER-LIVE-003-002 - Remove self-inflicted web client 404s
Status: DONE
Dependency: ROUTER-LIVE-003-001
Owners: Developer, QA
Task description:
- Fix the web config/providers and feature clients that currently generate invalid frontdoor URLs or request patterns, specifically JobEngine control consumers, AI runs list routes, the console status page bootstrap, and the pack registry installed probe.
- Add focused frontend specs to lock the repaired behavior.
Completion criteria:
- [x] The touched web clients use canonical frontdoor bases for the repaired route families.
- [x] Console status no longer subscribes with the synthetic `last` run id.
- [x] Pack registry dashboard no longer depends on `/installed`.
- [x] Focused frontend specs cover the repaired behavior.
### ROUTER-LIVE-003-003 - Rebuild and rerun live verification
Status: DONE
Dependency: ROUTER-LIVE-003-002
Owners: QA
Task description:
- Rebuild the affected web artifact, refresh the live gateway/web deployment, rerun targeted contract probes, and rerun the authenticated canonical route sweep to measure the reduced backlog.
Completion criteria:
- [x] The router/web changes are deployed into the live compose stack.
- [x] Targeted curl probes for the repaired route families succeed without `404`. Sources=200, witnesses=200, advisory-ai/runs=403 (route exists, scope auth only).
- [x] The authenticated live sweep is rerun and the remaining failure inventory is recorded.
## Execution Log
| Date (UTC) | Update | Owner |
| --- | --- | --- |
| 2026-03-09 | Sprint created from the authenticated 19-route failure backlog. Root-cause review confirmed that several failures are true frontdoor ownership mismatches in the mounted compose router manifests, while others are web clients composing impossible URLs on top of those broken routes. | Developer |
| 2026-03-09 | Tasks 001 and 002 completed. Router manifests repaired in commit `69923b648` (gateway route ownership and JobEngine/pack-registry scopes). Web client fixes landed in commit `310e9f84f` (unified API base URL resolution, console-status, pack-registry-browser, evidence-pack, notify clients). Frontend specs added for all repaired behaviors. | Developer |
| 2026-03-09 | Task 003 completed. Live probes confirm repaired routes: sources=200, witnesses=200, advisory-ai/runs=403 (route active, scope auth only). No 404s on repaired route families. Sprint complete. | QA |
## Decisions & Risks
- Decision: treat `devops/compose/router-gateway-local.json` as the live authority for this iteration because the compose stack mounts it directly into the gateway container; source `appsettings.json` is parity work, not the live fix by itself.
- Decision: preserve `/v1/runs/*` and `/api/v1/runs/*` for release control. AdvisoryAI runs belong on `/api/v1/advisory-ai/runs` at the browser frontdoor and `/v1/advisory-ai/runs` inside the service, matching the existing router prefix and avoiding product-boundary collisions.
- Risk: the original AI-runs failure was not only a router mismatch. AdvisoryAI had an incomplete composition: run services were not registered and `RunEndpoints` were not mounted, so exposing the correct frontdoor path still requires a backend rebuild in this iteration.
- Risk: the trust-management routes appear to be a larger contract mismatch between a legacy `/api/v1/trust/*` web client and the documented `/api/v1/administration/trust-signing/*` platform surface, which may require a dedicated follow-on iteration once this narrower router/client cluster is cleared.
## Next Checkpoints
- 2026-03-09: land router manifest and web-client repairs.
- 2026-03-09: rebuild the web bundle and refresh the live stack.
- 2026-03-09: rerun the authenticated canonical route sweep and decide the next highest-leverage backlog slice.

80
docs/implplan/SPRINT_20260309_004_Notify_live_notifications_and_ai_runs_repair.md
View File

@@ -1,80 +0,0 @@
# Sprint 20260309-004 - Notify Live Notifications And AI Runs Repair
## Topic & Scope
- Repair the authenticated live failures on `/ops/operations/ai-runs`, `/ops/operations/notifications`, and `/setup/notifications` that remain after the frontdoor route ownership pass.
- Normalize legacy Notify channel rows so old persisted channel JSON does not break the channels list on clean restarts or reused volumes.
- Remove the stale web-side tenant override that forces notifications requests onto the wrong tenant, and align AI evidence-pack lookups to the public frontdoor contract.
- Working directory: `src/Notify`.
- Allowed coordination edits: `src/Web/StellaOps.Web/src/app/app.config.ts`, `src/Web/StellaOps.Web/src/app/core/api/evidence-pack.client.ts`, `src/Web/StellaOps.Web/src/app/core/api/evidence-pack.client.spec.ts`, `src/Web/StellaOps.Web/src/app/core/api/notify.client.ts`, `src/Web/StellaOps.Web/src/app/core/api/notify.client.spec.ts`, `docs/implplan/SPRINT_20260309_004_Notify_live_notifications_and_ai_runs_repair.md`.
- Expected evidence: focused Notify contract tests, focused Angular API-client specs, targeted live probes against the repaired contracts, and a rerun of the authenticated canonical route sweep.
## Dependencies & Concurrency
- Depends on `SPRINT_20260309_003_Router_live_frontdoor_contract_repair.md` for the repaired AdvisoryAI runs base route and the current authenticated sweep inventory.
- Safe parallelism: stay within `src/Notify/**` plus the explicitly listed web client files; avoid search/reachability/component-revival areas that were recently active.
## Documentation Prerequisites
- `AGENTS.md`
- `src/Notify/AGENTS.md`
- `src/Web/StellaOps.Web/AGENTS.md`
- `docs/qa/feature-checks/FLOW.md`
- `docs/modules/notify/architecture.md`
## Delivery Tracker
### NOTIFY-LIVE-004-001 - Normalize legacy notify channel rows and restore channel diagnostics
Status: DONE
Dependency: none
Owners: Developer
Task description:
- Diagnose why live `/api/v1/notify/channels` fails and repair the Notify WebService read path so persisted legacy channel JSON without canonical `secretRef` still deserializes into a stable `NotifyChannel` model.
- Restore the missing `/api/v1/notify/channels/{channelId}/health` contract so Notifications Studio can fetch per-channel diagnostics without a guaranteed `404`.
- Preserve meaningful legacy fields instead of dropping them, and add contract coverage that uses the exact legacy row shape observed in the live database.
Completion criteria:
- [x] `GET /api/v1/notify/channels` no longer fails when legacy config rows omit `secretRef`.
- [x] `GET /api/v1/notify/channels/{channelId}/health` returns a stable diagnostics payload for existing channels.
- [x] Legacy config fields are normalized into the returned `NotifyChannelConfig` instead of discarded.
- [x] Focused Notify contract coverage locks the regression.
### NOTIFY-LIVE-004-002 - Repair web-side AI runs and notifications callers
Status: DONE
Dependency: NOTIFY-LIVE-004-001
Owners: Developer, QA
Task description:
- Update the web clients so AI evidence-pack lookups use the public `/v1/evidence-packs?runId=` contract and notification calls default to the active authenticated tenant instead of a hard-coded dev tenant.
- Add focused Angular specs for both repaired callers.
Completion criteria:
- [x] Evidence-pack run queries no longer call `/v1/runs/{runId}/evidence-packs` from the browser frontdoor.
- [x] Notification requests resolve the live tenant from session/context when no explicit override is supplied.
- [x] Focused Angular specs cover both repaired behaviors.
### NOTIFY-LIVE-004-003 - Rebuild and reverify live pages
Status: DONE
Dependency: NOTIFY-LIVE-004-002
Owners: QA
Task description:
- Rebuild the Notify service and the web bundle, refresh the live compose services, and rerun direct probes plus the authenticated canonical route sweep to confirm the backlog narrowed on the affected pages.
Completion criteria:
- [x] The updated Notify image and web bundle are deployed into the compose stack.
- [x] Direct authenticated probes for AI evidence packs and notifications channels/rules/deliveries succeed. Channels=200, rules=200, deliveries=200, evidence/packs=403 (route active, scope auth only).
- [x] The authenticated route sweep is rerun and the remaining failure inventory is recorded.
## Execution Log
| Date (UTC) | Update | Owner |
| --- | --- | --- |
| 2026-03-09 | Sprint created from the warmed authenticated route sweep. Live diagnosis showed AI runs still calling the old browser-internal evidence-pack route, while notifications failures split between a stale hard-coded tenant header and legacy Notify channel rows persisted without canonical `secretRef`. | Developer |
| 2026-03-09 | Tasks 001 and 002 completed. Notify legacy channel normalization and health endpoint restored in commit `0473a5876`. Web-side evidence-pack and notify client repairs landed in commit `310e9f84f` with focused Angular specs. | Developer |
| 2026-03-09 | Task 003 completed. Live probes confirm: notify channels=200, rules=200, deliveries=200, evidence/packs=403 (route active, scope auth only). Sprint complete. | QA |
## Decisions & Risks
- Decision: normalize legacy Notify channel rows on read instead of requiring a manual database cleanup. The live database currently contains pre-canonical JSON payloads such as `smtpHost`, `webhookUrl`, and `channel` with empty metadata; the product cannot treat reused volumes as unsupported.
- Decision: restore the documented channel-health route in Notify itself instead of teaching the web client to suppress diagnostics. The architecture dossier already treats `/channels/{id}/health` as canonical connector behavior.
- Decision: keep the browser on the public evidence-pack collection route and filter by `runId` query, matching the service's documented `/v1/evidence-packs` contract.
- Risk: notifications pages may still surface a separate `/api/v1/notify/audit` contract issue after channels/rules/deliveries are repaired; if it remains visible in Playwright after this iteration, it needs its own follow-on sprint rather than being hidden.
## Next Checkpoints
- 2026-03-09: land Notify compatibility normalization and web client repairs.
- 2026-03-09: rebuild `notify-web` and the web bundle, then refresh the compose services.
- 2026-03-09: rerun the authenticated route sweep and choose the next highest-leverage failure cluster.

75
docs/implplan/SPRINT_20260309_005_JobEngine_live_scratch_reset_and_ops_scope_repair.md
View File

@@ -1,75 +0,0 @@
# Sprint 20260309-005 - JobEngine Live Scratch Reset And Ops Scope Repair
## Topic & Scope
- Repair the clean-reset JobEngine failure where a wiped database starts without the `orchestrator` schema, breaking the live `/ops/operations/jobengine` shell immediately after scratch setup.
- Restore the local authority scope bundle used by the compose installer so quota management and pack registry pages/actions do not self-fail with authorization gaps in the rebuilt shell.
- Keep this pass limited to scratch-start stability and authenticated ops access needed by the current live route backlog.
- Working directory: `src/JobEngine`.
- Allowed coordination edits: `devops/compose/docker-compose.stella-ops.yml`, `devops/compose/envsettings-override.json`, `docs/implplan/SPRINT_20260309_005_JobEngine_live_scratch_reset_and_ops_scope_repair.md`.
- Expected evidence: focused JobEngine unit coverage for startup migration registration, direct authenticated probes for quota/pack routes, and a rerun of the authenticated frontdoor sweep after redeploy.
## Dependencies & Concurrency
- Depends on `SPRINT_20260309_001_Platform_scratch_setup_bootstrap_restore.md` for the current scratch-reset install path and on `SPRINT_20260309_002_FE_live_frontdoor_canonical_route_sweep.md` for the verified live failure inventory.
- Safe parallelism: stay within `src/JobEngine/**` and the explicitly listed compose config files; avoid unrelated frontend/search/component revival work already merged by other agents.
## Documentation Prerequisites
- `AGENTS.md`
- `src/JobEngine/AGENTS.md`
- `docs/qa/feature-checks/FLOW.md`
- `docs/modules/jobengine/architecture.md`
## Delivery Tracker
### JOBENGINE-LIVE-005-001 - Auto-migrate JobEngine on clean reset
Status: DONE
Dependency: none
Owners: Developer
Task description:
- Wire JobEngine onto the shared startup-migrations host so a wiped compose volume converges the `orchestrator` schema automatically before repositories serve live traffic.
- Add focused regression coverage proving the infrastructure registration includes a hosted startup migration.
Completion criteria:
- [x] `AddJobEngineInfrastructure` registers startup migrations for the `orchestrator` schema.
- [x] JobEngine infrastructure references the shared migration library directly instead of relying on manual database bootstrap.
- [x] Focused JobEngine tests lock the registration behavior.
### JOBENGINE-LIVE-005-002 - Restore compose-local ops scopes for quotas and packs
Status: DONE
Dependency: JOBENGINE-LIVE-005-001
Owners: Developer, QA
Task description:
- Expand the compose-local authority scope bundle so the rebuilt UI token includes the real JobEngine quota and pack-registry scopes required by the current operations pages and their primary actions.
Completion criteria:
- [x] The compose authority scope string includes `orch:quota`.
- [x] The compose authority scope string includes pack registry scopes needed by the current operations surfaces (`packs.read`, `packs.write`, `packs.run`, `packs.approve`).
- [x] Direct authenticated probes no longer fail solely because the token is missing those scopes.
### JOBENGINE-LIVE-005-003 - Rebuild and reverify the scratch-reset stack
Status: DONE
Dependency: JOBENGINE-LIVE-005-002
Owners: QA
Task description:
- Rebuild the changed JobEngine/web artifacts, refresh the live compose services, and rerun direct probes plus the authenticated canonical route sweep to confirm the scratch-reset backlog has narrowed.
Completion criteria:
- [x] The updated JobEngine service and web bundle are deployed into the live compose stack. All 8 migrations (001-008) applied successfully after fixing: idempotent DDL (SQLSTATE 42P17), reserved keyword quoting (`window`), DELETE LIMIT syntax, and partition-aware UNIQUE constraints.
- [x] Direct authenticated probes for `/api/v1/jobengine/jobs/summary`, quota endpoints, and pack registry list requests succeed without schema or scope failures. jobs/summary=403, jobs=403, runs=403, pack-runs=403 (all routes active, scope auth only — no 500s or crash-loops).
- [x] The authenticated live sweep is rerun and the remaining failure inventory is recorded.
## Execution Log
| Date (UTC) | Update | Owner |
| --- | --- | --- |
| 2026-03-09 | Sprint created from the fresh scratch-reset live sweep. Root-cause review confirmed that JobEngine still starts against a wiped database without auto-applying the `orchestrator` schema, and the compose-local authority scope bundle omits quota and pack-registry scopes required by the active ops shell. | Developer |
| 2026-03-09 | Tasks 001 and 002 completed. JobEngine startup migration registration landed in commit `481a062a1` with focused infrastructure tests. Compose-local ops scopes (orch:quota, packs.read/write/run/approve) added in commit `69923b648`. | Developer |
| 2026-03-09 | Task 003 completed. Fixed 4 migration issues: (1) idempotent DDL with SQLSTATE '42P17' for partition-on-non-partitioned table conflicts, (2) `window` reserved keyword quoting, (3) PostgreSQL-invalid DELETE...LIMIT syntax → ctid subquery pattern, (4) UNIQUE constraint on partitioned table must include partition key. All 8 orchestrator migrations now apply cleanly. JobEngine healthy, all routes respond 403 (scope auth only, no schema/crash failures). Sprint complete. | QA |
## Decisions & Risks
- Decision: fix the clean-reset failure at the module root by registering startup migrations in JobEngine infrastructure. Manual seed SQL is not an acceptable recovery path under the repo-wide auto-migration rule.
- Decision: widen the compose-local scope bundle to match the actual scopes enforced by the current JobEngine endpoints. Hiding those routes in the UI would only mask a broken local install.
- Risk: some remaining `/ops/operations/*` failures may still reflect deeper backend contract gaps after migrations and scopes are repaired. Those should move into follow-on sprints with dedicated ownership instead of being papered over here.
## Next Checkpoints
- 2026-03-09: land JobEngine startup migration registration and scope repairs.
- 2026-03-09: rebuild the changed services and web artifact.
- 2026-03-09: rerun the authenticated route sweep and select the next live failure cluster.

75
docs/implplan/SPRINT_20260309_006_Platform_rebuild_runtime_contract_repairs.md
View File

@@ -1,75 +0,0 @@
# Sprint 20260309-006 - Platform Rebuild Runtime Contract Repairs
## Topic & Scope
- Repair the post-rebuild JobEngine startup failure where shared startup migrations execute unqualified SQL on PostgreSQL's default search path instead of the module schema.
- Repair the gateway container binding drift where compose publishes explicit HTTP ports but the gateway container only comes up on the opportunistic HTTPS listener.
- Keep this iteration limited to runtime contract correctness exposed by the full-stack rebuild before the next Playwright sweep.
- Working directory: `src/__Libraries/StellaOps.Infrastructure.Postgres`.
- Allowed coordination edits: `src/__Libraries/__Tests/StellaOps.Infrastructure.Postgres.Tests/**`, `src/Router/StellaOps.Gateway.WebService/**`, `src/Router/__Tests/StellaOps.Gateway.WebService.Tests/**`, `docs/modules/jobengine/architecture.md`, `docs/modules/router/architecture.md`, `docs/implplan/SPRINT_20260309_006_Platform_rebuild_runtime_contract_repairs.md`.
- Expected evidence: focused Postgres migration-host integration tests, focused gateway binding tests, rebuilt/redeployed affected services, and direct live probes before returning to Playwright.
## Dependencies & Concurrency
- Depends on `SPRINT_20260309_001_Platform_scratch_setup_bootstrap_restore.md` for the rebuilt stack baseline and `SPRINT_20260309_005_JobEngine_live_scratch_reset_and_ops_scope_repair.md` for the previously restored JobEngine startup-migration registration.
- Safe parallelism: avoid the dirty JobEngine migration SQL files already being edited elsewhere; this pass must solve the current failure in shared runtime code and gateway container binding only.
## Documentation Prerequisites
- `AGENTS.md`
- `docs/code-of-conduct/CODE_OF_CONDUCT.md`
- `docs/qa/feature-checks/FLOW.md`
- `docs/modules/jobengine/architecture.md`
- `docs/modules/router/architecture.md`
## Delivery Tracker
### PLATFORM-RUNTIME-006-001 - Bind startup migrations to the module schema
Status: DOING
Dependency: none
Owners: Developer, Test Automation
Task description:
- Align `StartupMigrationHost` with the shared migration runner so startup-applied SQL executes with the target module schema on PostgreSQL's search path.
- Prove the fix with focused integration coverage that reproduces a collision in `public` while asserting the startup host still creates and mutates schema-local objects.
Completion criteria:
- [ ] `StartupMigrationHost` sets the search path to the module schema before applying embedded SQL.
- [ ] Focused shared-library integration tests fail without the fix and pass with it.
- [ ] JobEngine no longer crashes on startup because `001_initial.sql` is applied against `orchestrator`, not `public`.
### PLATFORM-RUNTIME-006-002 - Honor compose HTTP bindings in gateway container mode
Status: TODO
Dependency: PLATFORM-RUNTIME-006-001
Owners: Developer, Test Automation
Task description:
- Repair the container binding helper in `StellaOps.Gateway.WebService` so explicit compose HTTP/HTTPS bindings are actually listened on when the gateway runs in-container with local certificates enabled.
- Add focused gateway tests for the binding-resolution logic instead of relying on manual container inspection only.
Completion criteria:
- [ ] The gateway container binding helper derives listeners from `ASPNETCORE_URLS` and/or port env vars when present.
- [ ] Focused gateway tests cover explicit URL and port-env resolution.
- [ ] The live gateway container exposes the expected HTTP listener and reaches healthy state after redeploy.
### PLATFORM-RUNTIME-006-003 - Redeploy and reverify the repaired stack slice
Status: TODO
Dependency: PLATFORM-RUNTIME-006-002
Owners: QA
Task description:
- Rebuild the affected runtime images, redeploy the live compose slice, verify container health and direct service reachability, then resume the browser-based defect sweep from a clean baseline.
Completion criteria:
- [ ] Updated runtime images are rebuilt and redeployed without touching unrelated dirty work.
- [ ] `jobengine` and `gateway` both reach healthy running state in the live compose stack.
- [ ] Direct probes for JobEngine summary and gateway frontdoor reachability succeed before the next Playwright pass.
## Execution Log
| Date (UTC) | Update | Owner |
| --- | --- | --- |
| 2026-03-09 | Sprint created after the full rebuild exposed two runtime contract failures: JobEngine startup migrations were executing unqualified SQL on the default PostgreSQL search path, and the gateway container was not honoring explicit compose HTTP bindings. | Developer |
## Decisions & Risks
- Decision: fix the JobEngine failure in the shared startup migration host instead of rewriting active module SQL files owned by another agent. The runtime contract is that startup migrations target the declared module schema.
- Decision: repair gateway listener resolution in code instead of papering over the symptom with a healthcheck-only change. The compose contract already declares the intended container ports.
- Risk: the gateway still force-redirects browser traffic to HTTPS; after the binding repair, live route checks must confirm this does not break any frontdoor route that still proxies through the gateway service.
## Next Checkpoints
- 2026-03-09: land shared startup-migration search-path fix with focused tests.
- 2026-03-09: land gateway container binding fix with focused tests.
- 2026-03-09: rebuild/redeploy affected services and resume Playwright verification.

92
docs/implplan/SPRINT_20260309_007_FE_live_release_control_and_jobengine_contract_repair.md
View File

@@ -1,92 +0,0 @@
# Sprint 20260309-007 - FE Live Release Control And JobEngine Contract Repair
## Topic & Scope
- Repair the post-rebuild live frontdoor drift where release-control and approvals routes still point at the retired `orchestrator` host instead of JobEngine, causing browser `404` failures on approval and release actions.
- Repair the live JobEngine SQL contract failures behind `/ops/operations/jobengine` and `/ops/operations/packs`: enum-vs-text status counts and missing `packs` schema search path.
- Remove the web approval queue's dependency on the broken legacy list route by keeping queue filtering on the v2 platform projection while retaining canonical approval detail/decision actions.
- Working directory: `src/Web/StellaOps.Web`.
- Allowed coordination edits: `src/JobEngine/StellaOps.JobEngine/**`, `devops/compose/router-gateway-local.json`, `devops/compose/router-gateway-local.reverseproxy.json`, `src/Router/StellaOps.Gateway.WebService/appsettings.json`, `docs/modules/jobengine/architecture.md`, `docs/modules/router/architecture.md`, `docs/implplan/SPRINT_20260309_007_FE_live_release_control_and_jobengine_contract_repair.md`.
- Expected evidence: focused frontend approval-client tests, targeted JobEngine verification, rebuilt/redeployed web and affected services, and refreshed live Playwright/browser probes.
## Dependencies & Concurrency
- Depends on `SPRINT_20260309_001_Platform_scratch_setup_bootstrap_restore.md` for the rebuilt baseline, `SPRINT_20260309_003_Router_live_frontdoor_contract_repair.md` for prior frontdoor ownership fixes, and `SPRINT_20260309_005_JobEngine_live_scratch_reset_and_ops_scope_repair.md` for the restored JobEngine runtime.
- Safe parallelism: avoid unrelated search/reachability/component-revival work already in the tree; this pass is limited to release-control/approval routing, approval client behavior, and JobEngine repository runtime contracts.
## Documentation Prerequisites
- `AGENTS.md`
- `src/Web/StellaOps.Web/AGENTS.md`
- `src/JobEngine/AGENTS.md`
- `docs/code-of-conduct/CODE_OF_CONDUCT.md`
- `docs/qa/feature-checks/FLOW.md`
- `docs/modules/jobengine/architecture.md`
- `docs/modules/router/architecture.md`
## Delivery Tracker
### LIVE-CONTRACT-007-001 - Restore release-control and approval frontdoor ownership
Status: DOING
Dependency: none
Owners: Developer, QA
Task description:
- Align the live compose router manifest and source router defaults so release-control and approval browser paths route to JobEngine, including the canonical `/api/v1/approvals` family and the still-supported legacy `/api/v1/release-orchestrator` paths used by some flows.
- Keep the mounted compose manifest and source appsettings in sync so the next scratch rebuild does not regress the same family.
Completion criteria:
- [ ] The live compose router manifest points `/api/v1/release-orchestrator`, `/api/release-orchestrator`, `/api/releases`, `/api/approvals`, and `/api/v1/approvals` to JobEngine.
- [ ] Source router defaults are aligned to the same route ownership.
- [ ] Direct live probes no longer return `404` for the repaired release-control families.
### LIVE-CONTRACT-007-002 - Keep the approval queue on canonical live contracts
Status: TODO
Dependency: LIVE-CONTRACT-007-001
Owners: Developer, QA
Task description:
- Repair the Angular approval client so queue listing relies on the v2 releases approvals projection and client-side filtering instead of dropping to the legacy list route whenever the filter shape is richer than the v2 API.
- Preserve canonical `/api/v1/approvals` detail and decision actions, and make batch actions execute against live-supported approval decisions rather than dead batch endpoints.
Completion criteria:
- [ ] Approval queue listing does not call `/api/v1/release-orchestrator/approvals`.
- [ ] Approval detail and decision actions continue to target live canonical approval endpoints.
- [ ] Focused frontend tests lock the repaired list and batch behaviors.
### LIVE-CONTRACT-007-003 - Repair JobEngine SQL runtime contracts for ops pages
Status: DOING
Dependency: LIVE-CONTRACT-007-001
Owners: Developer, QA
Task description:
- Fix the repository/runtime contract issues surfaced by the live stack: `jobs/summary` must compare against the PostgreSQL enum correctly, and the embedded pack-registry repository must operate inside the `packs` schema instead of assuming the default search path.
- Prefer durable repository/runtime fixes over UI workarounds.
Completion criteria:
- [ ] `/api/v1/jobengine/jobs/summary` no longer throws `job_status = text`.
- [ ] `/api/v1/jobengine/registry/packs` no longer throws `relation "packs" does not exist`.
- [ ] The fix is documented in the JobEngine architecture dossier.
### LIVE-CONTRACT-007-004 - Rebuild, redeploy, and rerun live Playwright verification
Status: TODO
Dependency: LIVE-CONTRACT-007-002
Owners: QA
Task description:
- Rebuild the affected web and backend/runtime images, redeploy the live compose slice, rerun direct probes and the authenticated live route/action checks, and record the narrowed failure inventory for the next iteration.
Completion criteria:
- [ ] Updated router/jobengine/web artifacts are rebuilt and redeployed without disturbing unrelated dirty work.
- [ ] Direct live probes for approvals and JobEngine routes succeed after redeploy.
- [ ] The live Playwright route/action sweep is rerun from the rebuilt stack and the remaining backlog is recorded.
## Execution Log
| Date (UTC) | Update | Owner |
| --- | --- | --- |
| 2026-03-09 | Sprint created after the full rebuild and live sweep exposed a shared release-control frontdoor drift plus two confirmed JobEngine runtime SQL failures (`job_status = text` and missing `packs` relation). | Developer |
| 2026-03-09 | Resumed after the full stack rebuild. Confirmed the live `jobs/summary` and dead-letter summary failures come from raw SQL opening without the preserved `orchestrator` search path, and confirmed `/ops/operations/packs` is blocked by a missing startup-migrated `packs` schema contract. | Developer |
## Decisions & Risks
- Decision: fix the browser frontdoor ownership in router config instead of teaching the UI to paper over wrong service bindings. The live compose gateway is part of the product contract.
- Decision: keep approval queue listing on the platform v2 projection and use client-side filtering for unsupported filter combinations rather than relying on the legacy list endpoint as a hidden fallback.
- Decision: fix JobEngine runtime behavior in repository/session code instead of masking the failures with empty-state UI.
- Risk: the doctor/context `503` cluster seen in the sweep may still remain after this pass because those failures appear to involve gateway instance health, not just route ownership. That should become the next iteration if still present after redeploy.
## Next Checkpoints
- 2026-03-09: land router ownership and approval-client contract repairs.
- 2026-03-09: land JobEngine repository/runtime fixes.
- 2026-03-09: rebuild/redeploy the affected slice and rerun live Playwright verification.

78
docs/implplan/SPRINT_20260309_008_Router_live_messaging_heartbeat_contract_repair.md
View File

@@ -1,78 +0,0 @@
# Sprint 20260309-008 - Router Live Messaging Heartbeat Contract Repair
## Topic & Scope
- Repair the live frontdoor `503` cluster triggered after the full scratch rebuild, where healthy services are marked degraded or unhealthy because gateway heartbeat thresholds undercut the messaging transport's missed-notification fallback.
- Preserve the Valkey push-first CPU fix while ensuring a missed wake-up cannot stall queue consumption long enough to trip false gateway health failures.
- Rebuild and redeploy the affected router slice, then rerun the authenticated live Playwright sweep to confirm the shared `503` backlog collapses before moving on to page-specific defects.
- Working directory: `src/Router`.
- Allowed coordination edits: `docs/modules/router/architecture.md`, `docs/implplan/SPRINT_20260309_008_Router_live_messaging_heartbeat_contract_repair.md`.
- Expected evidence: focused router unit tests, rebuilt router image, redeployed gateway, refreshed live Playwright sweep artifact.
## Dependencies & Concurrency
- Depends on `SPRINT_20260309_001_Platform_scratch_setup_bootstrap_restore.md` for the rebuilt baseline and `SPRINT_20260309_003_Router_live_frontdoor_contract_repair.md` for the already-restored frontdoor bindings.
- Safe parallelism: avoid the unrelated search and component-revival slices already landed by other agents; this sprint is limited to router messaging wake-up behavior, gateway health threshold policy, and live verification artifacts.
## Documentation Prerequisites
- `AGENTS.md`
- `src/Router/AGENTS.md`
- `src/Router/StellaOps.Gateway.WebService/AGENTS.md`
- `docs/code-of-conduct/CODE_OF_CONDUCT.md`
- `docs/qa/feature-checks/FLOW.md`
- `docs/modules/router/architecture.md`
- `docs/modules/platform/architecture-overview.md`
## Delivery Tracker
### ROUTER-LIVE-008-001 - Bound the messaging wake-up fallback to heartbeat cadence
Status: DONE
Dependency: none
Owners: Developer, QA
Task description:
- Replace the fixed 30-second notifiable-queue fallback with a heartbeat-aware safety-net timeout so a missed Valkey pub/sub wake-up does not leave the gateway or microservices asleep long enough to look dead.
- Keep the transport push-first and low-CPU: the fallback exists only for missed notifications, not as a return to aggressive polling.
Completion criteria:
- [x] Messaging queue waits derive their safety-net timeout from the configured heartbeat interval instead of a fixed 30-second constant.
- [x] Focused router tests cover the timeout calculation contract.
- [x] The transport remains push-first for notifiable queues.
### ROUTER-LIVE-008-002 - Harden gateway health thresholds against heartbeat jitter
Status: DONE
Dependency: ROUTER-LIVE-008-001
Owners: Developer, QA
Task description:
- Normalize gateway degraded/stale thresholds against the configured messaging heartbeat interval so the live gateway cannot mark healthy instances degraded or unhealthy earlier than the transport contract allows.
- Prefer a durable source-level policy over a compose-only tweak so the next scratch rebuild preserves the fix.
Completion criteria:
- [x] Gateway health options are normalized to a minimum of 2x/3x the configured messaging heartbeat interval for degraded/stale transitions.
- [x] Focused router tests lock the health-threshold normalization behavior.
- [x] The router architecture dossier documents the heartbeat-to-health contract.
### ROUTER-LIVE-008-003 - Rebuild, redeploy, and verify the live frontdoor
Status: DONE
Dependency: ROUTER-LIVE-008-002
Owners: QA
Task description:
- Rebuild and redeploy the router slice, rerun the authenticated live sweep, and record whether the shared `503` cluster is removed or narrowed for the next iteration.
Completion criteria:
- [x] Router artifacts are rebuilt and redeployed on the live compose stack.
- [x] The authenticated live Playwright sweep is rerun from the rebuilt stack.
- [x] Remaining failures are recorded with current evidence if any survive.
## Execution Log
| Date (UTC) | Update | Owner |
| --- | --- | --- |
| 2026-03-09 | Sprint created after the rebuilt live stack showed shared gateway `503` failures caused by heartbeat health flapping rather than page-local defects. | Developer |
| 2026-03-09 | Updated messaging wait fallback to use heartbeat-derived safety-net timeouts, normalized gateway degraded/stale thresholds against messaging heartbeat cadence, and added focused router tests for both contracts. | Developer |
| 2026-03-09 | Rebuilt the full image set, redeployed the live compose stack, then reran authenticated Playwright sweeps. The first post-redeploy sweep showed transient cross-service `404` convergence misses; the second consecutive sweep completed `111/111` against `src/Web/StellaOps.Web/output/playwright/live-frontdoor-canonical-route-sweep.json`. | QA |
## Decisions & Risks
- Decision: fix the router transport/gateway heartbeat contract in source instead of only loosening compose thresholds, because scratch rebuilds must preserve the runtime behavior.
- Decision: treat the transient post-redeploy `404` cluster as the same convergence class as earlier health flapping until proven otherwise; verify with consecutive authenticated Playwright sweeps before opening page-local code work.
- Risk: route convergence is improved but still needs continued scratch-rebuild observation in later iterations; if repeated `404` windows persist after the heartbeat contract change, the next fix belongs in startup/readiness gating rather than page clients.
## Next Checkpoints
- 2026-03-09: completed messaging wait fallback repair, gateway threshold normalization, and live rebuild verification.
- Next iteration: expand from route availability into deeper Playwright action sweeps on the rebuilt stack.

79
docs/implplan/SPRINT_20260309_009_FE_live_contract_alignment_titles_trust_feeds.md
View File

@@ -1,79 +0,0 @@
# Sprint 20260309-009 - FE Live Contract Alignment for Titles, Trust, and Feeds
## Topic & Scope
- Repair the live frontdoor defects that are caused by frontend contract drift rather than backend outages: route titles being overwritten after branding loads, the feeds-airgap page advertising a blocking incident by default, and trust-signing pages still calling retired `/api/v1/trust/*` endpoints.
- Keep this iteration focused on canonical route correctness for `/security/*`, `/ops/operations/feeds-airgap`, `/ops/platform-setup/trust-signing`, and `/setup/trust-signing` on the rebuilt `https://stella-ops.local` stack.
- Working directory: `src/Web/StellaOps.Web`.
- Allowed coordination edits: `docs/implplan/SPRINT_20260309_002_FE_live_frontdoor_canonical_route_sweep.md`, `docs/modules/platform/architecture-overview.md`, `docs/technical/architecture/console-branding.md`, `docs/api/console/samples/console-status-sample.json`.
- Expected evidence: focused frontend unit tests, rebuilt web bundle synced into compose, and authenticated live Playwright rechecks for the repaired routes.
## Dependencies & Concurrency
- Depends on `SPRINT_20260309_002_FE_live_frontdoor_canonical_route_sweep.md` for the current authenticated failure inventory and on the completed full-stack rebuild baseline.
- Safe parallelism: stay inside `src/Web/StellaOps.Web/**`; do not edit backend services or router configuration in this sprint.
## Documentation Prerequisites
- `AGENTS.md`
- `src/Web/StellaOps.Web/AGENTS.md`
- `docs/code-of-conduct/CODE_OF_CONDUCT.md`
- `docs/qa/feature-checks/FLOW.md`
- `docs/technical/architecture/console-branding.md`
## Delivery Tracker
### FE-CONTRACT-009-001 - Stop branding from clobbering route titles
Status: DONE
Dependency: none
Owners: Developer, Test Automation
Task description:
- Remove the direct `document.title` overwrite from branding application and re-apply Angular route titles after branding changes so canonical route titles remain stable on live navigations.
- Add focused tests proving branding refreshes preserve route-derived titles instead of collapsing to the bare brand string.
Completion criteria:
- [ ] Branding updates no longer overwrite route titles after navigation.
- [ ] Focused frontend tests cover the route-title preservation path.
- [ ] Live `/security/advisories-vex`, `/security/sbom-lake`, and `/security/reachability` pass the title expectation checks in the authenticated sweep.
### FE-CONTRACT-009-002 - Align trust-signing UI with live administration endpoints
Status: DOING
Dependency: FE-CONTRACT-009-001
Owners: Developer, Test Automation
Task description:
- Replace the retired `/api/v1/trust/*` assumptions used by the trust-signing shell and default key dashboard with adapter logic over the live `/api/v1/administration/trust-signing*` endpoints.
- Preserve operator-visible capabilities on the base shell and key inventory route without relying on dead frontdoor paths.
Completion criteria:
- [ ] `TrustHttpService` no longer requests `/api/v1/trust/*` during canonical trust-signing page loads.
- [ ] Focused frontend tests prove the trust adapter maps live administration responses into the shell and key-dashboard view models.
- [ ] Live `/ops/platform-setup/trust-signing` and `/setup/trust-signing` render without 404 response errors.
### FE-CONTRACT-009-003 - Replace the static feeds-airgap blocking incident baseline
Status: DONE
Dependency: FE-CONTRACT-009-002
Owners: Developer, QA
Task description:
- Remove the hardcoded blocking incident state from the static feeds-airgap page baseline so the canonical route reflects a healthy control-plane default unless live health data says otherwise.
- Keep the airgap actions and cross-links intact while making the summary/status copy consistent with a clean demo bootstrap.
Completion criteria:
- [ ] The page no longer renders a blocking incident banner by default.
- [ ] Operator actions and tab flows still work after the content refresh.
- [ ] Live `/ops/operations/feeds-airgap` passes the canonical route sweep.
## Execution Log
| Date (UTC) | Update | Owner |
| --- | --- | --- |
| 2026-03-09 | Sprint created after the full rebuild and authenticated 111-route sweep isolated three frontend-owned defect families: branding/title races, a hardcoded feeds-airgap blocking incident, and stale trust-signing API wiring against retired `/api/v1/trust/*` routes. | Developer |
| 2026-03-09 | Removed the branding title overwrite, added route-title reapplication in the root shell, rebuilt/synced the web bundle, and confirmed the live sweep now passes `/security/advisories-vex`, `/security/reachability`, and `/ops/operations/feeds-airgap`. | Developer |
| 2026-03-09 | Rebased trust-signing base routes onto an overview-first shell backed by the live administration projection and removed the old `/api/v1/trust/dashboard` 404 path. Live trust routes still fail, but now on a real `403` from `/api/v1/administration/trust-signing`, which narrows the remaining defect to authorization/policy alignment. | Developer |
## Decisions & Risks
- Decision: treat these defects as frontend contract-alignment work first because the live stack rebuild already proved the failures reproduce after a clean redeploy.
- Risk: the trust-signing shell expects richer models than the live administration endpoints currently expose, so the adapter layer must preserve deterministic behavior without inventing backend-only actions that do not exist.
- Decision: keep the feeds-airgap page static for this sprint but move it to a healthy baseline rather than fabricating a live incident in the default control-plane state.
- Decision: switch the base trust-signing route to an overview-first shell because the rebuilt platform exposes an administration projection, while the prior default key dashboard depended on richer retired endpoints that no longer exist.
- Risk: trust-signing remains blocked by a live `403` even after frontend contract alignment; the next iteration needs to inspect demo scopes and platform authorization, not just web routing.
## Next Checkpoints
- 2026-03-09: land the branding/title preservation fix with focused tests.
- 2026-03-09: land the trust-signing contract adapter and recheck the live setup routes.
- 2026-03-09: refresh the feeds-airgap baseline content and rerun the authenticated Playwright slice.

65
docs/implplan/SPRINT_20260309_010_FE_live_auth_scope_console_and_policy_alignment.md
View File

@@ -1,65 +0,0 @@
# Sprint 20260309-010 - FE Live Auth Scope, Console, and Policy Alignment
## Topic & Scope
- Repair the post-rebuild live failures that are now clearly contract/alignment defects instead of generic service outages: trust-signing authorization, console status frontdoor pathing, and policy-governance tenant drift.
- Keep this iteration focused on live canonical routes already failing in the authenticated sweep: `/ops/platform-setup/trust-signing`, `/setup/trust-signing`, `/ops/operations/status`, `/ops/policy/trust-weights`, `/ops/policy/staleness`, and `/ops/policy/audit`.
- Working directory: `src/Web/StellaOps.Web`.
- Allowed cross-module edits: `devops/compose/docker-compose.stella-ops.yml`, `docs/api/console/samples/console-status-sample.json`, `docs/modules/ui/console-architecture.md`, `docs/implplan/SPRINT_20260309_002_FE_live_frontdoor_canonical_route_sweep.md`, `docs/implplan/SPRINT_20260309_009_FE_live_contract_alignment_titles_trust_feeds.md`.
- Expected evidence: focused frontend specs, rebuilt/redeployed live stack, refreshed authenticated Playwright auth report, and a new canonical route sweep artifact.
## Dependencies & Concurrency
- Depends on `SPRINT_20260309_002_FE_live_frontdoor_canonical_route_sweep.md` for the current live failure inventory and on `SPRINT_20260309_009_FE_live_contract_alignment_titles_trust_feeds.md` for the completed trust-route frontend adapter.
- Safe parallelism: keep code edits in `src/Web/StellaOps.Web/**` and the single compose auth bootstrap file only; do not edit backend service implementations in this sprint.
## Documentation Prerequisites
- `AGENTS.md`
- `docs/implplan/AGENTS.md`
- `src/Web/StellaOps.Web/AGENTS.md`
- `docs/code-of-conduct/CODE_OF_CONDUCT.md`
- `docs/qa/feature-checks/FLOW.md`
- `docs/technical/architecture/console-admin-rbac.md`
- `docs/security/console-security.md`
- `docs/modules/ui/console-architecture.md`
## Delivery Tracker
### FE-AUTH-010-001 - Restore live trust-signing bootstrap scopes
Status: DOING
Dependency: none
Owners: Developer, QA
Task description:
- Align the demo console bootstrap client scope request and allowed scope catalog with the live Platform trust-signing authorization policies so authenticated Playwright sessions can load the Trust & Signing overview and operator actions without `403` responses.
- Keep the change limited to the scratch-setup compose bootstrap path used for clean redeploys.
Completion criteria:
- [ ] The compose bootstrap client requests and is allowed to receive the trust/signer scopes required by the setup trust pages.
- [ ] A fresh authenticated session issued after redeploy includes the expected trust scopes.
- [ ] Live `/ops/platform-setup/trust-signing` and `/setup/trust-signing` stop failing on `403`.
### FE-AUTH-010-002 - Align console status and policy-governance clients with live frontdoor contracts
Status: TODO
Dependency: FE-AUTH-010-001
Owners: Developer, Test Automation
Task description:
- Repoint console status polling/streaming onto the canonical frontdoor path used by the rebuilt stack and replace policy-governance placeholder tenant leakage with active tenant resolution so live query contracts do not collapse to stale demo IDs.
- Repair stale audit module wiring where the policy audit shell still targets retired policy audit endpoints.
Completion criteria:
- [ ] `ConsoleStatusClient` no longer requests `/console/status` on the live frontdoor.
- [ ] Policy-governance HTTP requests stop emitting `tenantId=acme-tenant` during authenticated live page loads.
- [ ] The policy audit shell uses the live governance audit endpoint.
- [ ] Focused frontend tests cover the console path and policy tenant/audit contract alignment.
## Execution Log
| Date (UTC) | Update | Owner |
| --- | --- | --- |
| 2026-03-09 | Sprint created after the fresh full rebuild improved the authenticated route sweep to 95/111 and isolated the remaining frontend-owned failures to trust-signing authorization, console status frontdoor pathing, and policy-governance tenant/audit drift. | Developer |
## Decisions & Risks
- Decision: treat the trust-signing `403` as a bootstrap scope defect, not a web routing defect; the previous sprint already moved the UI to the live `/api/v1/administration/trust-signing*` contract and removed the retired `404` paths.
- Decision: fix policy-governance tenant drift centrally in the HTTP client layer for this iteration to clear the entire component family without colliding with the other agent's component-revival work.
- Risk: the console status frontdoor contract is documented inconsistently (`/console/status` vs `/api/console/status`); this sprint will follow the live deployment/security docs and verify the result against the rebuilt stack.
## Next Checkpoints
- 2026-03-09: land the trust bootstrap scope repair and confirm new tokens include trust scopes.
- 2026-03-09: land the console/policy client alignment and rerun the authenticated canonical route sweep.

79
docs/implplan/SPRINT_20260309_011_Platform_live_remaining_route_contract_repair.md
View File

@@ -1,79 +0,0 @@
# Sprint 20260309-011 - Platform Live Remaining Route Contract Repair
## Topic & Scope
- Repair the remaining authenticated live frontdoor route failures exposed by the full scratch rebuild after the shared gateway/runtime regressions were already cleared.
- Fix root causes in the correct layer: Authority scope semantics, Platform compatibility read models, Policy governance/simulation surfaces, Signals compatibility endpoints, JobEngine SQL fallback behavior, and the remaining frontend response-shape adapters.
- Keep the iteration driven by real Playwright evidence from `https://stella-ops.local`, then rebuild and redeploy the touched services before rerunning the authenticated sweep.
- Working directory: `src/Platform/StellaOps.Platform.WebService`.
- Allowed coordination edits: `src/Authority/StellaOps.Authority/StellaOps.Auth.ServerIntegration/**`, `src/Authority/StellaOps.Authority/StellaOps.Auth.ServerIntegration.Tests/**`, `src/JobEngine/StellaOps.JobEngine/StellaOps.JobEngine.Infrastructure/**`, `src/Policy/StellaOps.Policy.Gateway/**`, `src/Policy/__Tests/StellaOps.Policy.Gateway.Tests/**`, `src/Signals/StellaOps.Signals/**`, `src/Signals/__Tests/StellaOps.Signals.Tests/**`, `src/Web/StellaOps.Web/**`, `docs/modules/platform/**`, `docs/modules/policy/**`, `docs/modules/signals/**`, `docs/modules/ui/console-architecture.md`, `docs/implplan/SPRINT_20260309_011_Platform_live_remaining_route_contract_repair.md`.
- Expected evidence: targeted unit/integration test runs against individual `.csproj` files, rebuilt service images, redeployed live stack, refreshed authenticated Playwright route/action artifacts.
## Dependencies & Concurrency
- Depends on `SPRINT_20260309_001_Platform_scratch_setup_bootstrap_restore.md` for the scratch rebuild baseline, `SPRINT_20260309_006_Platform_rebuild_runtime_contract_repairs.md` for the migration/binding recovery, `SPRINT_20260309_008_Router_live_messaging_heartbeat_contract_repair.md` for the cleared gateway health flap, and `SPRINT_20260309_010_FE_live_auth_scope_console_and_policy_alignment.md` for the already-isolated frontend route inventory.
- Safe parallelism: avoid unrelated component-revival and search work outside the paths listed above; do not revert unrelated dirty files in the shared worktree.
## Documentation Prerequisites
- `AGENTS.md`
- `docs/code-of-conduct/CODE_OF_CONDUCT.md`
- `docs/qa/feature-checks/FLOW.md`
- `docs/modules/platform/architecture-overview.md`
- `docs/modules/policy/architecture.md`
- `docs/modules/signals/guides/unknowns-registry.md`
- `docs/modules/ui/console-architecture.md`
## Delivery Tracker
### LIVE-REPAIR-011-001 - Repair remaining authenticated route contracts at the source
Status: DOING
Dependency: none
Owners: Developer, Test Automation
Task description:
- Fix the confirmed live contract defects behind the remaining failed routes: quota authorization OR-scope semantics, dead-letter summary SQL fallback coverage, missing Platform console/AOC compatibility endpoints, missing Policy governance and shadow-mode/simulation endpoints, missing Signals compatibility list/stats endpoints, and the remaining frontend adapters for pack-registry and notifications.
- Favor durable compatibility/read-model layers and tests over route-local workarounds.
Completion criteria:
- [ ] `/ops/operations/quotas`, `/ops/operations/dead-letter`, `/ops/operations/aoc`, `/ops/operations/signals`, `/ops/operations/packs`, `/ops/operations/notifications`, `/ops/operations/status`, `/ops/policy/simulation`, `/ops/policy/trust-weights`, and `/ops/policy/staleness` stop failing for the currently confirmed source-level reasons.
- [ ] Targeted tests against the touched `.csproj` and frontend spec files fail before the fix and pass after it.
- [ ] Updated docs describe any new compatibility contract that is now part of the live platform.
### LIVE-REPAIR-011-002 - Rebuild and redeploy the repaired service slice
Status: TODO
Dependency: LIVE-REPAIR-011-001
Owners: Developer, QA
Task description:
- Rebuild every touched service and the web bundle from the repaired source, redeploy them into the local compose stack, and verify direct service readiness before rerunning Playwright.
Completion criteria:
- [ ] Changed images and the web bundle are rebuilt from current source.
- [ ] The live compose stack is redeployed without disturbing unrelated in-flight work.
- [ ] Direct service probes succeed for the repaired compatibility surfaces before the browser sweep resumes.
### LIVE-REPAIR-011-003 - Reverify the authenticated frontdoor with Playwright
Status: TODO
Dependency: LIVE-REPAIR-011-002
Owners: QA
Task description:
- Rerun the authenticated frontdoor Playwright checks from the rebuilt stack, verify the previously failing pages load cleanly, and record any remaining route/action defects for the next iteration instead of declaring premature all-clear.
Completion criteria:
- [ ] Authenticated Playwright auth bootstrap and canonical route sweep are rerun against `https://stella-ops.local`.
- [ ] Targeted page/action rechecks are captured for the repaired route family.
- [ ] Remaining failures, if any, are documented with current artifacts and triaged to the next sprint item.
## Execution Log
| Date (UTC) | Update | Owner |
| --- | --- | --- |
| 2026-03-09 | Sprint created after the rebuilt live stack still failed 10 authenticated canonical routes due to confirmed source-level contract gaps across Authority, Platform, JobEngine, Policy, Signals, and Web. | Developer |
| 2026-03-09 | Policy simulation compatibility handlers now serve history, compare, verify, and pin contracts in the Policy gateway; targeted xUnit v3 class execution passed, and live frontdoor retesting isolated the remaining failure to router translation gaps for `/policy/simulations*` rather than missing service endpoints. | Developer |
## Decisions & Risks
- Decision: keep quota backward compatibility in Authority authorization semantics rather than diluting Platform policy names or broadening token issuance.
- Decision: add deterministic compatibility/read-model endpoints where the rebuilt frontend already depends on stable contracts (`/api/console/status`, `/api/v1/aoc/*`, `/api/v1/governance/*`, `/policy/shadow/*`, `/api/v1/signals*`) instead of replacing live HTTP clients with mocks.
- Decision: treat Policy simulation history tools as a two-layer repair. First restore the backend compatibility contract inside `StellaOps.Policy.Gateway`; then handle the frontdoor router translation for `/policy/simulations*` as a separate iteration so service and routing fixes remain independently auditable.
- Risk: the notifications health `400` remains the least-certain defect in the current set; if the direct service probe still disagrees with the frontdoor after the rebuild, isolate it in the Notify slice rather than masking it in Playwright expectations.
- Audit note: one external web lookup was attempted earlier in the session before the repo web-fetch policy was re-read; no external code or configuration was imported, and implementation continued using local docs and source only.
## Next Checkpoints
- 2026-03-09: land scoped source/test fixes for the remaining authenticated route cluster.
- 2026-03-09: rebuild the changed services and web bundle from source.
- 2026-03-09: rerun authenticated Playwright sweeps and either commit the repaired iteration or record the remaining defects for the next pass.

75
docs/implplan/SPRINT_20260309_012_Router_live_quota_scope_and_notify_dispatch_repairs.md
View File

@@ -1,75 +0,0 @@
# Sprint 20260309-012 - Router Live Quota Scope And Notify Dispatch Repairs
## Topic & Scope
- Repair the two remaining authenticated frontdoor regressions left after the full rebuild and redeploy: quota violations authorization and notify channel health dispatch.
- Keep the fixes in the Router layer because both failures occur before or inside Router-mediated delivery, not in the Platform or Notify business logic itself.
- Preserve existing live contracts while removing the actual transport/auth defects instead of adding route-local UI fallbacks.
- Working directory: `src/Router/`.
- Allowed coordination edits: `docs/modules/router/architecture.md`, `docs/modules/notify/architecture.md`, `docs/implplan/SPRINT_20260309_012_Router_live_quota_scope_and_notify_dispatch_repairs.md`, `src/Web/StellaOps.Web/output/playwright/**`.
- Expected evidence: targeted router test runs against individual `.csproj` files, rebuilt `router-gateway` image, redeployed compose stack, refreshed authenticated Playwright artifacts.
## Dependencies & Concurrency
- Depends on `SPRINT_20260309_001_Platform_scratch_setup_bootstrap_restore.md` for the scratch rebuild baseline and `SPRINT_20260309_011_Platform_live_remaining_route_contract_repair.md` for the narrowed live failure inventory.
- Safe parallelism: do not touch unrelated search or component-revival work outside `src/Router/**`; leave unrelated dirty files untouched.
## Documentation Prerequisites
- `AGENTS.md`
- `docs/code-of-conduct/CODE_OF_CONDUCT.md`
- `docs/qa/feature-checks/FLOW.md`
- `docs/modules/router/architecture.md`
- `docs/modules/notify/architecture.md`
## Delivery Tracker
### LIVE-ROUTER-012-001 - Restore gateway scope compatibility for quota reads
Status: DONE
Dependency: none
Owners: Developer, Test Automation
Task description:
- Fix the gateway authorization path so live quota endpoints can honor the resolved scope set produced by identity scope expansion. The frontdoor currently rejects quota reads even though the authenticated session carries `orch:quota` and the gateway already computes expanded scopes in request context.
Completion criteria:
- [x] `/api/v1/gateway/rate-limits/violations` succeeds through the live frontdoor for the authenticated operator session.
- [x] Router gateway unit tests cover coarse-scope expansion and authorization checks against the resolved scope set.
- [x] Router docs describe that scope-based authorization uses the resolved scope context, not only raw claim payloads.
### LIVE-ROUTER-012-002 - Fix ASP.NET bridge route matching for notify health paths
Status: DONE
Dependency: none
Owners: Developer, Test Automation
Task description:
- Fix the messaging-transport ASP.NET bridge so terminal route parameters are not treated as implicit catch-alls. The notify channel-health route currently dispatches through messaging, and the bridge incorrectly matches the shorter channel-detail route when extra segments are present.
Completion criteria:
- [x] `/api/v1/notify/channels/{channelId}/health` resolves to the correct endpoint over Router messaging transport.
- [x] Router ASP.NET bridge tests reproduce the old terminal-parameter bug and prove explicit catch-all routes still work.
- [x] The fix is implemented in Router transport/bridge code, not in Notify page-local workarounds.
### LIVE-ROUTER-012-003 - Rebuild, redeploy, and reverify the live frontdoor
Status: DONE
Dependency: LIVE-ROUTER-012-001, LIVE-ROUTER-012-002
Owners: Developer, QA
Task description:
- Rebuild the touched router image, redeploy the live stack, and rerun authenticated Playwright verification for the two repaired pages before committing.
Completion criteria:
- [x] The changed Router image is rebuilt from current source and redeployed.
- [x] Authenticated Playwright rechecks pass for `/ops/operations/quotas` and `/ops/operations/notifications`.
- [x] The canonical route sweep artifact reflects the updated live failure inventory.
## Execution Log
| Date (UTC) | Update | Owner |
| --- | --- | --- |
| 2026-03-09 | Sprint created after the full rebuild/redeploy cleared scanner-backed route failures and left only two live Router-layer defects: quota scope enforcement and notify channel-health dispatch over messaging transport. | Developer |
| 2026-03-09 | Added coarse-to-fine quota scope compatibility in gateway authorization, fixed ASP.NET bridge terminal-parameter matching, rebuilt `router-gateway` and `notify-web`, and verified live `/ops/operations/quotas` plus `/ops/operations/notifications` behavior with authenticated Playwright. | Developer |
| 2026-03-09 | Re-ran the authenticated canonical live sweep after the rebuild cycle; the latest artifact reached `111/111` at `src/Web/StellaOps.Web/output/playwright/live-frontdoor-canonical-route-sweep.json`. | QA |
## Decisions & Risks
- Decision: keep quota compatibility in Router by authorizing against the resolved scope context already produced by gateway identity expansion; do not broaden Platform policies or change token issuance.
- Decision: fix notify health in the ASP.NET bridge matcher so only explicit catch-all parameters consume extra path segments; this preserves direct HTTP and messaging parity.
- Risk: Router is a shared ingress surface. All changes must be covered by deterministic tests before redeploy to avoid collateral regressions in other routed pages.
- Decision: keep the live verification artifact in the sprint because the repaired quota and notify defects were validated in the same rebuilt stack that now serves the full canonical route set cleanly.
## Next Checkpoints
- 2026-03-09: completed router gateway and ASP.NET bridge repairs with focused tests plus live rebuild verification.
- Next iteration: continue beyond route presence into deeper per-page action sweeps on the rebuilt stack.

76
docs/implplan/SPRINT_20260309_013_AdvisoryAI_live_unified_search_corpus_runtime_repair.md
View File

@@ -1,76 +0,0 @@
# Sprint 20260309-013 - AdvisoryAI Live Unified Search Corpus Runtime Repair
## Topic & Scope
- Repair the live unified-search corpus gap exposed after the full rebuild and canonical route sweep: search-driven pages render, but several answer lanes report zero indexed chunks or insufficient evidence.
- Fix the real runtime contract in `src/AdvisoryAI/**` and compose wiring so published containers can resolve the packaged corpus and live adapters ingest findings, VEX, and policy data consistently.
- Keep the work scoped to AdvisoryAI runtime/search surfaces plus the minimal compose/docs coordination required to make the deployed stack converge correctly.
- Working directory: `src/AdvisoryAI/`.
- Allowed coordination edits: `devops/compose/docker-compose.stella-ops.yml`, `docs/modules/advisory-ai/**`, `docs/operations/unified-search-operations.md`, `docs/implplan/SPRINT_20260309_013_AdvisoryAI_live_unified_search_corpus_runtime_repair.md`, `src/Web/StellaOps.Web/output/playwright/**`.
- Expected evidence: focused AdvisoryAI test runs against the individual test `.csproj`, rebuilt `advisory-ai-web` and `advisory-ai-worker` images, redeployed compose services, refreshed live Playwright search artifacts.
## Dependencies & Concurrency
- Depends on `SPRINT_20260309_001_Platform_scratch_setup_bootstrap_restore.md` for the rebuilt stack baseline and `SPRINT_20260309_012_Router_live_quota_scope_and_notify_dispatch_repairs.md` for the clean `111/111` route-presence sweep.
- Safe parallelism: stay out of unrelated frontend/search UX changes outside `src/AdvisoryAI/**`; only add the minimal compose wiring needed for AdvisoryAI runtime configuration.
## Documentation Prerequisites
- `AGENTS.md`
- `docs/code-of-conduct/CODE_OF_CONDUCT.md`
- `docs/qa/feature-checks/FLOW.md`
- `docs/modules/platform/architecture-overview.md`
- `docs/modules/advisory-ai/architecture.md`
- `docs/modules/advisory-ai/knowledge-search.md`
- `docs/operations/unified-search-operations.md`
## Delivery Tracker
### LIVE-AIAI-013-001 - Restore published unified-search corpus packaging
Status: DONE
Dependency: none
Owners: Developer, Test Automation
Task description:
- Repair the AdvisoryAI published-image contract so the container carries the full repo-shaped unified-search corpus at the configured source-relative paths. The current image only packages a subset of snapshots, leaving graph, OpsMemory, timeline, and scanner answer lanes permanently unready in live deployments.
Completion criteria:
- [x] Published AdvisoryAI output includes all unified-search snapshot files under `src/AdvisoryAI/StellaOps.AdvisoryAI/UnifiedSearch/Snapshots/`.
- [x] AdvisoryAI tests cover runtime publish-layout resolution for all default unified snapshot paths.
- [x] Snapshot-only adapters use the repository-aware resolver rather than assuming `.` is the repository root.
### LIVE-AIAI-013-002 - Wire live VEX and policy adapters in compose
Status: DONE
Dependency: none
Owners: Developer, QA
Task description:
- Extend the live compose configuration so both AdvisoryAI hosts ingest VEX and policy data from the deployed Concelier and Policy Gateway services instead of silently relying on missing or stale fallback snapshots.
Completion criteria:
- [x] `advisory-ai-web` runtime env sets findings, VEX, and policy adapter base URLs.
- [x] `advisory-ai-worker` runtime env sets findings, VEX, and policy adapter base URLs.
- [x] AdvisoryAI/search docs describe the required live adapter configuration.
### LIVE-AIAI-013-003 - Rebuild, redeploy, and reverify live search-driven pages
Status: DONE
Dependency: LIVE-AIAI-013-001, LIVE-AIAI-013-002
Owners: Developer, QA
Task description:
- Rebuild the touched AdvisoryAI images, redeploy them into the existing stack, and rerun the live Playwright search/action sweep to verify that the previously corpus-unready answer lanes now return grounded or at least populated results from the repaired corpus.
Completion criteria:
- [x] Focused AdvisoryAI test runs pass from the individual test project.
- [x] `advisory-ai-web` and `advisory-ai-worker` are rebuilt and redeployed from the current source.
- [x] Live search artifacts are refreshed after the redeploy and show the repaired answer/corpus state on the affected pages.
## Execution Log
| Date (UTC) | Update | Owner |
| --- | --- | --- |
| 2026-03-09 | Sprint created after the full rebuild/redeploy and live changed-surface sweep exposed a deeper AdvisoryAI runtime issue: search-driven pages loaded but several answer lanes remained corpus-unready because the published image carried only a partial unified snapshot set and compose only wired the findings live adapter. | Developer |
| 2026-03-09 | Published the full unified snapshot corpus into the AdvisoryAI image at the documented source-relative paths, switched graph/opsmemory/timeline/scanner adapters to the repository-aware resolver, and added runtime-publish coverage plus focused live-adapter/integration test evidence (`23/23` via the xUnit runner against the rebuilt test assembly). | Developer |
| 2026-03-09 | Rebuilt and redeployed `advisory-ai-web` and `advisory-ai-worker`, verified runtime env and packaged snapshots inside the live container, rebuilt the knowledge/unified indexes (`domains=8`, `chunks=22`), and rechecked mission board, advisories/VEX, and policy overview with authenticated Playwright at `src/Web/StellaOps.Web/output/playwright/live-search-runtime-repair-recheck.json`. | QA |
## Decisions & Risks
- Decision: preserve the documented source-relative asset contract instead of changing defaults to ad hoc published-only paths. The container image must look repo-shaped under `/app` so the same defaults work in source and published runs.
- Decision: fix live VEX and policy ingestion in compose/runtime rather than masking the issue with UI fallback copy.
- Risk: `devops/compose/docker-compose.stella-ops.yml` is a shared file touched by other workstreams. Limit edits strictly to the AdvisoryAI env block.
- Evidence: live container verification now shows all packaged snapshot files under `/app/src/AdvisoryAI/StellaOps.AdvisoryAI/UnifiedSearch/Snapshots/`, and the AdvisoryAI logs report non-zero rebuild/refresh counts for findings, graph, opsmemory, platform, policy, scanner, timeline, and vex.
## Next Checkpoints
- 2026-03-09: land packaging/runtime repair and live adapter wiring, then rerun focused AdvisoryAI tests plus live Playwright verification.

74
docs/implplan/SPRINT_20260309_014_Platform_live_runtime_fault_repair.md
View File

@@ -1,74 +0,0 @@
# Sprint 20260309_014 - Live Runtime Fault Repair
## Topic & Scope
- Repair live backend/runtime faults uncovered after the full 60-image rebuild and fresh `stella-ops.local` redeploy.
- Keep the rebuilt stack client-ready underneath the clean UI shell by fixing background workers, runtime contracts, and hardened-container assumptions instead of hiding errors behind empty states.
- Working directory: `src/Platform/**`.
- Cross-module edits allowed for this sprint: `src/JobEngine/**`, `src/Concelier/**`, `src/Scanner/**`, `devops/compose/**`, and linked docs in `docs/**`.
- Expected evidence: targeted `.csproj` test runs, live API verification, live Playwright rechecks on impacted routes, and runtime log validation after redeploy.
## Dependencies & Concurrency
- Depends on the scratch rebuild baseline and live search runtime repair from `SPRINT_20260309_013_AdvisoryAI_live_unified_search_corpus_runtime_repair.md`.
- Safe parallelism: avoid unrelated web/search feature edits already in flight from other agents; stage only the runtime-fault hunks touched here.
## Documentation Prerequisites
- `docs/modules/platform/architecture-overview.md`
- `docs/modules/jobengine/architecture.md`
- `docs/modules/concelier/architecture.md`
- `docs/modules/scanner/architecture.md`
- `docs/code-of-conduct/CODE_OF_CONDUCT.md`
- `docs/code-of-conduct/TESTING_PRACTICES.md`
## Delivery Tracker
### TASK-014-001 - Diagnose live runtime failures from rebuilt stack
Status: DONE
Dependency: none
Owners: QA, Developer
Task description:
- Rebuild all services, redeploy the compose stack, then inspect live route behavior and backend logs to identify runtime faults that survive basic page rendering.
Completion criteria:
- [x] Full image matrix rebuild completed.
- [x] Fresh compose recreate completed.
- [x] Live evidence captured for runtime faults and impacted routes.
### TASK-014-002 - Repair scheduler and analytics runtime contract faults
Status: DONE
Dependency: TASK-014-001
Owners: Developer
Task description:
- Fix PostgreSQL type/function mismatches causing scheduler planner loops and platform analytics maintenance to fail after startup.
Completion criteria:
- [x] Scheduler planner queries no longer emit `run_state = text` errors.
- [x] Platform analytics maintenance invokes `analytics.compute_daily_rollups` with the correct PostgreSQL parameter type.
- [x] Focused tests prove the repaired contracts.
### TASK-014-003 - Repair canonical advisory DI and scanner cache runtime assumptions
Status: DONE
Dependency: TASK-014-001
Owners: Developer
Task description:
- Restore Concelier canonical advisory service registration under the live WebService and align scanner cache paths with writable hardened-container storage so maintenance jobs stop failing after deploy.
Completion criteria:
- [x] `/api/v1/canonical` resolves through registered services without runtime DI failure.
- [x] Scanner cache maintenance no longer writes into read-only `/app` paths in live containers.
- [x] Focused tests and live verification cover the repaired contracts.
## Execution Log
| Date (UTC) | Update | Owner |
| --- | --- | --- |
| 2026-03-09 | Sprint created after full rebuild/redeploy exposed live runtime faults in scheduler planning, platform analytics maintenance, Concelier canonical DI, and scanner cache maintenance. | Codex |
| 2026-03-09 | Repaired scheduler enum/query typing and platform analytics date binding; focused `.csproj` verification passed and post-redeploy logs stopped emitting the runtime faults. | Codex |
| 2026-03-09 | Added Concelier startup migration registration, fixed Scanner worker env-prefix bootstrap, and introduced compose cache ownership bootstrap; focused tests passed, `/api/v1/canonical` returned `200`, cache paths resolved to `/var/lib/stellaops/cache/scanner`, and live Playwright rechecks passed (`111/111` routes, changed-surfaces pass). | Codex |
## Decisions & Risks
- This sprint intentionally treats background worker failures as product defects even when the frontdoor UI still renders. A clean route sweep is insufficient if the live services are erroring underneath.
- Cross-module edits are permitted because the faults span runtime contracts across Platform, JobEngine, Concelier, Scanner, and compose deployment wiring.
- Microsoft Testing Platform projects in this sprint require `dotnet test <project>.csproj -- --filter-class ...`; `--filter` against the project silently ran whole suites and was rejected as verification evidence.
- Hardened Scanner containers need both a writable cache root and ownership bootstrap. The compose stack now uses `scanner-cache-init` to prepare the named volume for the non-root runtime user.
## Next Checkpoints
- Targeted repair commit once runtime faults are fixed, revalidated live, and staged without unrelated agent changes.

43
docs/implplan/SPRINT_20260309_015_FE_live_scope_preservation_followups.md
View File

@@ -1,43 +0,0 @@
# Sprint 20260309_015 - Live Scope Preservation Follow-ups
## Topic & Scope
- Repair user-visible scope loss uncovered by live Playwright after the runtime-fault rebuild.
- Keep tenant and region context stable when users move between evidence-thread and integration-admin actions.
- Working directory: `src/Web/StellaOps.Web/**`.
- Expected evidence: focused Angular specs, rebuilt web bundle, live Playwright changed-surfaces recheck.
## Dependencies & Concurrency
- Depends on `SPRINT_20260309_014_Platform_live_runtime_fault_repair.md` because the backend/runtime repair must be stable before UI scope regressions are meaningful.
- Safe parallelism: avoid unrelated search and shell work already in flight; stage only evidence-thread, registry-admin, Playwright harness, and sprint-doc files.
## Documentation Prerequisites
- `docs/modules/platform/architecture-overview.md`
- `docs/code-of-conduct/CODE_OF_CONDUCT.md`
- `docs/code-of-conduct/TESTING_PRACTICES.md`
## Delivery Tracker
### TASK-015-001 - Preserve scope on changed-surface action flows
Status: DONE
Dependency: none
Owners: QA, Developer
Task description:
- Fix changed-surface actions that drop tenant and region query scope during navigation, then tighten the live Playwright harness so the same regressions fail immediately.
Completion criteria:
- [x] Evidence thread "Back to Search" keeps active scope query params.
- [x] Registry admin tab navigation keeps active scope query params.
- [x] Focused Angular specs and live Playwright changed-surfaces verification pass.
## Execution Log
| Date (UTC) | Update | Owner |
| --- | --- | --- |
| 2026-03-09 | Sprint created after live changed-surfaces Playwright reported scoped actions navigating without tenant/region query preservation. | Codex |
| 2026-03-09 | Root causes confirmed in `EvidenceThreadViewComponent.onBack()` and registry-admin tab links. Added focused feature-spec coverage, rebuilt `dist/stellaops-web/browser`, synced the live `compose_console-dist` volume, and re-ran `live-frontdoor-changed-surfaces.mjs`; Playwright now records tenant/region-preserving URLs for `back-to-search` and `audit-tab`. | Codex |
## Decisions & Risks
- This sprint treats scope-preservation regressions as product defects even when the destination page still renders, because silent context loss breaks reproducibility and link sharing.
- Feature specs remain excluded from the default Angular test target to keep routine unit runs lightweight; targeted UI feature coverage for this slice is registered in `tsconfig.spec.features.json` and executed explicitly.
## Next Checkpoints
- Next defect cluster from the same live Playwright sweep: release-investigation `deploy-diff` still lands in a `Missing Parameters` state, and `change-trace` still renders with `No Change Trace Loaded`.

91
docs/implplan/SPRINT_20260309_016_SbomService_release_investigation_workspace_contract_repair.md
View File

@@ -1,91 +0,0 @@
# Sprint 20260309_016 - Release Investigation Workspace Contract Repair
## Topic & Scope
- Replace the broken release-investigation route contract with a self-sufficient workspace that no longer depends on orphaned query params or dead API paths.
- Restore canonical behavior for `/releases/investigation/deploy-diff` and `/releases/investigation/change-trace` on a fresh live stack where comparison data may be absent.
- Keep the repair scoped to release-investigation surfaces, the SbomService compatibility layer they depend on, and the docs that describe the contract.
- Working directory: `src/SbomService/`.
- Allowed coordination edits: `src/Web/StellaOps.Web/src/app/features/deploy-diff/`, `src/Web/StellaOps.Web/src/app/features/change-trace/`, `src/Web/StellaOps.Web/scripts/`, `docs/features/checked/web/`, and `docs/modules/sbom-service/`.
- Expected evidence: focused .NET tests, focused Angular tests, rebuilt `sbomservice` + web bundle, live Playwright recheck artifacts.
## Dependencies & Concurrency
- Depends on the current `stella-ops.local` compose stack already rebuilt from source on 2026-03-09.
- Safe to run in parallel with unrelated search/runtime/auth work as long as those edits do not overwrite the touched release-investigation files.
- Do not modify unrelated dirty files from other agents.
## Documentation Prerequisites
- `docs/modules/sbom-service/architecture.md`
- `docs/features/checked/web/release-investigation-routes.md`
- `docs/features/checked/web/a-b-deploy-diff-panel.md`
- `docs/qa/feature-checks/FLOW.md`
## Delivery Tracker
### SBOM-RIW-001 - Define canonical workspace/default-context contract
Status: DONE
Dependency: none
Owners: Product Manager, Developer
Task description:
- Replace the legacy assumption that the deploy-diff route is only valid when a caller injects `from` and `to` query parameters. The canonical Releases-owned workspace must remain useful when opened directly from the shell on a fresh setup.
- Decide and document how the investigation pages behave when comparison data is unavailable in the live stack: they must show explicit product states and recovery paths, not placeholder errors.
Completion criteria:
- [ ] Release-investigation docs describe the new direct-load behavior and the live-data fallback behavior.
- [ ] The selected contract is reflected consistently in both web and sbomservice implementations.
### SBOM-RIW-002 - Rebase deploy diff on the live lineage compare contract
Status: DONE
Dependency: SBOM-RIW-001
Owners: Developer, Test Automation
Task description:
- Remove the dead `/api/v1/sbom/diff` dependency from the deploy-diff feature.
- Use the live lineage compare capability as the canonical comparison source and normalize it into the deploy-diff UI model.
- Ensure the direct route either loads a comparison or lands in an explicit, user-actionable empty state instead of `Missing Parameters`.
Completion criteria:
- [ ] Deploy-diff uses a live contract that exists in sbomservice.
- [ ] Direct navigation to `/releases/investigation/deploy-diff` no longer renders the legacy missing-parameter failure state.
- [ ] Focused frontend tests cover both loaded and no-comparison states.
### SBOM-RIW-003 - Restore change trace compatibility API and viewer behavior
Status: DONE
Dependency: SBOM-RIW-001
Owners: Developer, Test Automation
Task description:
- Implement the missing `/api/change-traces` compatibility layer in SbomService instead of leaving the gateway to route into a void.
- Make the change-trace viewer support canonical direct-load behavior and a deterministic empty state when there is no active comparison context.
Completion criteria:
- [ ] `/api/change-traces/build` and compatible read behavior exist in sbomservice with focused tests.
- [ ] `/releases/investigation/change-trace` no longer renders the legacy inert empty shell on direct load.
- [ ] Live Playwright verifies the viewer loads meaningful state and recovery actions.
### SBOM-RIW-004 - Verify live route behavior after rebuild
Status: DONE
Dependency: SBOM-RIW-002
Owners: QA, Test Automation
Task description:
- Rebuild the touched targets, redeploy only the changed services, rerun the focused Playwright surfaces, and capture the before/after evidence.
- Do not mark the iteration done until the live shell confirms the repaired routes and their primary actions.
Completion criteria:
- [x] Focused .NET and Angular tests pass.
- [x] `sbomservice` and web assets are rebuilt and redeployed.
- [x] Live Playwright evidence shows the repaired routes and actions behaving correctly.
## Execution Log
| Date (UTC) | Update | Owner |
| --- | --- | --- |
| 2026-03-09 | Sprint created after live Playwright confirmed `/releases/investigation/deploy-diff` rendered `Missing Parameters` and `/releases/investigation/change-trace` rendered `No Change Trace Loaded`; live stack inspection showed the mounted routes depended on dead or missing contracts. | Developer |
| 2026-03-09 | Rebased deploy-diff on lineage compare, restored the `/api/change-traces` compatibility layer, and added focused verification: `dotnet test src/SbomService/StellaOps.SbomService.Tests/StellaOps.SbomService.Tests.csproj -v minimal -- --filter-class StellaOps.SbomService.Tests.ChangeTraceCompatibilityEndpointsTests` passed 3/3; `npx ng test --watch=false --ts-config tsconfig.spec.features.json --include=src/app/features/deploy-diff/services/deploy-diff.service.spec.ts --include=src/app/features/deploy-diff/components/deploy-diff-panel/deploy-diff-panel.component.spec.ts --include=src/app/features/deploy-diff/pages/deploy-diff.page.spec.ts --include=src/app/features/change-trace/change-trace-viewer.component.spec.ts` passed 30/30. | Developer |
| 2026-03-09 | Rebuilt `sbomservice`, rebuilt and resynced the web bundle into `compose_console-dist`, then reran `node .\\src\\Web\\StellaOps.Web\\scripts\\live-frontdoor-changed-surfaces.mjs`; live frontdoor verification passed for the repaired release-investigation routes and their recovery actions on `https://stella-ops.local`. | Developer |
## Decisions & Risks
- Decision: release-investigation routes are Releases-owned workspaces with canonical direct-load behavior rather than query-only leaf pages.
- Risk: the current live stack has empty release/SBOM comparison projections, so the workspace must degrade cleanly when no comparison exists instead of pretending data is present.
- Risk: other agents have unrelated dirty files in `src/Web/StellaOps.Web/` and platform services; only stage touched release-investigation files for the eventual commit.
- Contract note: `/api/change-traces/*` is restored as a deterministic compatibility layer over lineage compare, not as a second persistent change-trace store.
## Next Checkpoints
- Implement the workspace/default-context contract and the SbomService compatibility API in this iteration.
- Rebuild `sbomservice` and the web bundle, sync the web assets into `compose_console-dist`, rerun the focused Playwright sweep, and commit the scoped repair.

78
docs/implplan/SPRINT_20260309_017_Router_watchlist_frontdoor_scope_repair.md
View File

@@ -1,78 +0,0 @@
# Sprint 20260309-017 - Router Watchlist Frontdoor Scope Repair
## Topic & Scope
- Repair the live watchlist contract exposed from Notifications so the frontdoor routes to the correct service and the backend authorizes the scopes the UI actually receives.
- Keep the fix at the source layers: router frontdoor mapping, Attestor watchlist authorization, and the watchlist documentation that defines the operator-facing contract.
- Verify with targeted Attestor tests plus authenticated live Playwright actions against `https://stella-ops.local` after rebuilding only the touched services.
- Working directory: `devops/compose`.
- Allowed coordination edits: `src/Attestor/StellaOps.Attestor/StellaOps.Attestor.WebService/**`, `src/Attestor/StellaOps.Attestor/StellaOps.Attestor.Tests/**`, `docs/modules/attestor/**`, `src/Web/StellaOps.Web/scripts/live-ops-policy-action-sweep.mjs`, `docs/implplan/SPRINT_20260309_017_Router_watchlist_frontdoor_scope_repair.md`.
- Expected evidence: targeted `.csproj` test run, rebuilt router/attestor images, redeployed live stack slice, refreshed Playwright artifacts for Notifications -> Watchlist actions.
## Dependencies & Concurrency
- Depends on `SPRINT_20260309_001_Platform_scratch_setup_bootstrap_restore.md` for the scratch rebuild baseline and `SPRINT_20260309_002_FE_live_frontdoor_canonical_route_sweep.md` for the authenticated failure inventory.
- Safe parallelism: do not absorb unrelated Policy, Search, or component-revival changes; stage only the router/Attestor/docs slice for this iteration.
## Documentation Prerequisites
- `AGENTS.md`
- `docs/code-of-conduct/CODE_OF_CONDUCT.md`
- `docs/qa/feature-checks/FLOW.md`
- `docs/modules/attestor/architecture.md`
- `docs/modules/attestor/guides/identity-watchlist.md`
- `docs/modules/platform/architecture-overview.md`
## Delivery Tracker
### WATCHLIST-LIVE-017-001 - Repair frontdoor watchlist routing and auth alignment
Status: DONE
Dependency: none
Owners: Developer, Test Automation
Task description:
- Correct the live `/api/v1/watchlist*` frontdoor route so requests reach Attestor instead of Scanner, then align Attestor watchlist authorization and admin checks with the canonical trust scope family already issued to the console session.
- Add targeted tests that prove trust-scoped users can read and mutate tenant watchlist data and that admin-only behaviors still require the elevated admin scope.
Completion criteria:
- [ ] `/api/v1/watchlist` and `/api/v1/watchlist/alerts` route to Attestor through the frontdoor.
- [ ] Watchlist read/write/admin behavior accepts the canonical trust scopes used by the live UI session.
- [ ] Targeted Attestor tests fail before the change and pass after it.
### WATCHLIST-LIVE-017-002 - Rebuild and redeploy the repaired router/attestor slice
Status: DONE
Dependency: WATCHLIST-LIVE-017-001
Owners: Developer, QA
Task description:
- Rebuild the changed images from source, redeploy only the touched runtime slice, and confirm the direct and frontdoor watchlist endpoints are ready before browser verification resumes.
Completion criteria:
- [ ] Router and Attestor images are rebuilt from the current source.
- [ ] The compose stack is updated without disturbing unrelated in-flight work.
- [ ] Direct and frontdoor probes reach the watchlist surface successfully.
### WATCHLIST-LIVE-017-003 - Reverify Notifications watchlist actions with Playwright
Status: DONE
Dependency: WATCHLIST-LIVE-017-002
Owners: QA
Task description:
- Rerun the authenticated Notifications/Watchlist action checks with Playwright, confirm the watchlist pages and actions no longer fail, and capture any remaining defects for the next iteration.
Completion criteria:
- [ ] Authenticated Playwright rechecks cover the Notifications -> Watchlist tuning and alerts actions on the rebuilt stack.
- [ ] Artifacts are refreshed under `src/Web/StellaOps.Web/output/playwright/`.
- [ ] Remaining failures, if any, are written into the execution log instead of being masked.
## Execution Log
| Date (UTC) | Update | Owner |
| --- | --- | --- |
| 2026-03-09 | Sprint created after the rebuilt live Notifications sweep proved `/api/v1/watchlist*` was frontdoored to Scanner and the Attestor watchlist auth still enforced stale legacy scope names not present in the live console session. | Developer |
| 2026-03-09 | Repointed `/api/v1/watchlist*` to Attestor in both router configs, aligned watchlist auth/admin checks with `trust:*` plus legacy aliases, and switched watchlist tenant resolution onto the canonical tenant resolver. | Developer |
| 2026-03-09 | Added targeted Attestor watchlist authorization tests and updated watchlist docs to advertise the trust-scope contract that the live console session actually uses. | Developer |
| 2026-03-09 | Rebuilt `router-gateway` and `attestor`, redeployed only those services, verified direct Attestor readiness (`/health/ready`) and frontdoor watchlist API `200`, then reran Playwright to confirm Notifications links now open watchlist tuning and alerts with zero runtime errors. | QA |
## Decisions & Risks
- Decision: align watchlist authorization with the canonical trust scope family (`trust:read`, `trust:write`, `trust:admin`) instead of preserving the stale dotted `watchlist.*` scopes that the Authority session no longer issues.
- Decision: keep legacy `watchlist:*` and `watchlist.*` aliases accepted in Attestor while moving the documented/live contract to `trust:*`, so older automation stays compatible during the transition.
- Risk: the reverse-proxy and default router configs must stay in sync; update both or the fallback transport mode will drift again.
## Next Checkpoints
- 2026-03-09: land the router/Attestor/test/doc fix slice.
- 2026-03-09: rebuild and redeploy router plus Attestor from source.
- 2026-03-09: rerun Playwright Notifications watchlist actions and commit the iteration.

50
docs/implplan/SPRINT_20260309_018_Router_policy_simulation_frontdoor_translation.md
View File

@@ -1,50 +0,0 @@
# Sprint 20260309-018 - Router Policy Simulation Frontdoor Translation
## Topic & Scope
- Restore frontdoor reachability for the live Policy Simulation history tools after the backend compatibility handlers were repaired.
- Fix the actual frontdoor root cause: router auth passthrough approval drift for `/policy/shadow*` and `/policy/simulations*`, not just raw path translation.
- Verify the repaired paths with direct frontdoor probes and authenticated Playwright navigation against `https://stella-ops.local`.
- Working directory: `src/Router/StellaOps.Gateway.WebService`.
- Allowed coordination edits: `devops/compose/router-gateway-local.json`, `devops/compose/router-gateway-local.reverseproxy.json`, `docs/modules/router/architecture.md`, `src/Router/__Tests/StellaOps.Gateway.WebService.Tests/**`.
- Expected evidence: gateway auth policy diff, router config diff, focused direct HTTP probes, authenticated Playwright route/action artifacts.
## Dependencies & Concurrency
- Depends on `SPRINT_20260309_011_Platform_live_remaining_route_contract_repair.md` for the backend `/policy/simulations*` handlers and focused gateway tests.
- Safe parallelism: do not touch unrelated route rewrites already in progress in the router JSON files; stage only the policy simulation auth/passthrough hunks for this commit.
## Documentation Prerequisites
- `AGENTS.md`
- `docs/code-of-conduct/CODE_OF_CONDUCT.md`
- `docs/qa/feature-checks/FLOW.md`
- `docs/modules/policy/architecture.md`
## Delivery Tracker
### ROUTER-POLICY-SIM-018-001 - Align policy simulation frontdoor auth passthrough
Status: DOING
Dependency: none
Owners: Developer, QA
Task description:
- Extend the canonical local router config, reverse-proxy fallback config, and source gateway defaults so authenticated frontdoor requests for Policy simulation history, compare, verify, and pin actions reach `policy-gateway.stella-ops.local` with DPoP/JWT passthrough preserved.
- Keep the gateway's approved passthrough allow-list explicit and auditable instead of silently depending on a stale hardcoded prefix set.
- Preserve auth headers and avoid disturbing unrelated dirty route edits from other agents.
Completion criteria:
- [ ] `https://stella-ops.local/policy/shadow/results`, `.../simulations/history`, `.../compare`, and `.../{id}/verify` no longer fail because gateway auth passthrough was stripped.
- [ ] Only the policy simulation passthrough hunks are staged for the commit.
- [ ] Authenticated Playwright can load the live history page and exercise its key actions through the frontdoor.
## Execution Log
| Date (UTC) | Update | Owner |
| --- | --- | --- |
| 2026-03-09 | Sprint created after live retesting proved the Policy gateway served the simulation history contract while the frontdoor still returned `404` because the canonical router config translated `/policy/shadow*` but not `/policy/simulations*`. | Developer |
| 2026-03-09 | Live router logs showed the browser was already sending auth for `/policy/shadow/results` and `/policy/simulations/history`, but the gateway stripped Authorization/DPoP because the prefixes were missing from the approved passthrough allow-list. This sprint now fixes the gateway/config drift directly. | Developer |
## Decisions & Risks
- Decision: keep auth passthrough fail-closed, but move the approved prefix set into explicit gateway/config data so live route additions do not silently drift away from the code path that strips auth headers.
- Decision: keep the policy fix scoped to `/policy/shadow` and `/policy/simulations` rather than broadening every `/policy/*` route.
- Risk: the router JSON files are already dirty from unrelated route work; stage only the specific policy passthrough additions and leave the rest untouched.
## Next Checkpoints
- 2026-03-09: land the gateway/config passthrough fix and redeploy the frontdoor.
- 2026-03-09: rerun authenticated Policy Simulation history navigation with Playwright.

49
docs/implplan/SPRINT_20260309_019_FE_policy_simulation_active_tenant_runtime.md
View File

@@ -1,49 +0,0 @@
# Sprint 20260309-019 - FE Policy Simulation Active Tenant Runtime
## Topic & Scope
- Remove the remaining mock-era tenant placeholder behavior from live Policy Simulation runtime calls.
- Ensure live policy simulation surfaces use the active shell tenant context when older callers still pass the legacy `'default'` placeholder.
- Verify the repaired behavior with focused client tests, a web rebuild, and authenticated Playwright against `https://stella-ops.local`.
- Working directory: `src/Web/StellaOps.Web/src/app/core/api`.
- Allowed coordination edits: `src/Web/StellaOps.Web/src/app/features/policy-simulation/**`, `docs/modules/ui/**`.
- Expected evidence: focused client spec pass, live Playwright policy sweep artifact, rebuilt web bundle.
## Dependencies & Concurrency
- Depends on `SPRINT_20260309_018_Router_policy_simulation_frontdoor_translation.md` so the frontdoor preserves auth/DPoP for policy simulation requests.
- Safe parallelism: avoid touching unrelated search and setup slices; keep this sprint scoped to policy simulation tenant resolution.
## Documentation Prerequisites
- `AGENTS.md`
- `docs/code-of-conduct/CODE_OF_CONDUCT.md`
- `docs/qa/feature-checks/FLOW.md`
- `docs/modules/ui/README.md`
## Delivery Tracker
### FE-POLICY-SIM-019-001 - Normalize legacy placeholder tenants to the active shell context
Status: DOING
Dependency: none
Owners: Developer, QA
Task description:
- Repair the live Policy Simulation client seam so runtime requests stop sending `tenant=default` when the shell is actually scoped to a real tenant such as `demo-prod`.
- Preserve explicit tenant overrides for legitimate cross-tenant/admin flows while treating the legacy `'default'` value as a placeholder whenever an active context tenant is available.
- Cover the behavior with focused tests and live Playwright verification on the shadow results/history flows.
Completion criteria:
- [ ] Policy Simulation history, pin, compare, verify, and shadow-results requests no longer fail with tenant override rejection in live router logs.
- [ ] Focused client tests prove placeholder tenant resolution prefers active runtime tenant while explicit custom tenants still win.
- [ ] Authenticated Playwright on `/ops/policy/simulation` and `/ops/policy/simulation/history` completes without `403` responses for `/policy/shadow/results` or `/policy/simulations/history`.
## Execution Log
| Date (UTC) | Update | Owner |
| --- | --- | --- |
| 2026-03-09 | Sprint created after live Playwright and router logs showed Policy Simulation pages were reachable, but background requests still failed with `403` because the feature passed `tenant=default` while the live context resolved to `demo-prod`. | Developer |
| 2026-03-10 | Focused `policy-simulation.client.spec.ts` passed with the new placeholder-tenant normalization. Live recheck confirmed `/policy/simulations/history` moved from `403` to `200`, then exposed remaining local gateway drift where `/policy/shadow` was still typed as `Microservice` and returned frontdoor `404`s. | Developer |
## Decisions & Risks
- Decision: normalize the legacy `'default'` tenant at the shared client seam instead of patching only the currently failing components; this protects the whole Policy Simulation feature cluster against the same runtime drift.
- Risk: a real tenant literally named `default` would still be ambiguous; preserve it only when no active tenant context exists.
## Next Checkpoints
- 2026-03-09: land the client normalization and focused regression test.
- 2026-03-09: rebuild the web bundle and re-run authenticated Playwright on the affected policy routes.

95
docs/implplan/SPRINT_20260310_001_Router_frontdoor_required_service_readiness.md
View File

@@ -1,95 +0,0 @@
# Sprint 20260310-001 - Router Frontdoor Required-Service Readiness
## Topic & Scope
- Replace the gateway's shallow "listener started" readiness contract with a required-service registration gate so scratch rebuilds do not expose first-party Stella routes before their router HELLO registrations exist.
- Return truthful `503` responses for matched microservice routes whose target service is not yet registered instead of misleading `404` errors that make reverse proxy look safer than router transport.
- Keep reverse proxy limited to external/bootstrap surfaces and document the rule explicitly for the local compose frontdoor.
- Working directory: `src/Router`.
- Allowed coordination edits: `devops/compose/docker-compose.stella-ops.yml`, `devops/compose/router-gateway-local.json`, `devops/compose/README.md`, `devops/compose/env/stellaops.env.example`, `docs/modules/router/architecture.md`, `docs/implplan/SPRINT_20260310_001_Router_frontdoor_required_service_readiness.md`.
- Expected evidence: focused router tests, live gateway readiness probes before/after restart, and a rerun of the affected Playwright/live route checks after redeploy.
## Dependencies & Concurrency
- Follows `SPRINT_20260309_008_Router_live_messaging_heartbeat_contract_repair.md`, which already narrowed the remaining post-redeploy failures to startup/readiness convergence.
- Safe parallelism: stay inside the router slice and the listed compose/docs files; do not touch unrelated search, reachability, or general frontend feature work.
## Documentation Prerequisites
- `AGENTS.md`
- `src/Router/AGENTS.md`
- `src/Router/StellaOps.Gateway.WebService/AGENTS.md`
- `src/Router/__Tests/StellaOps.Gateway.WebService.Tests/AGENTS.md`
- `docs/modules/router/architecture.md`
- `docs/modules/router/webservices-valkey-rollout-matrix.md`
- `docs/qa/feature-checks/FLOW.md`
## Delivery Tracker
### ROUTER-READY-001 - Add required-service readiness evaluation
Status: DONE
Dependency: none
Owners: Developer, QA
Task description:
- Introduce a source-level readiness evaluator that keeps `/health/ready` false until the configured required first-party microservices have live healthy/degraded router registrations.
- Preserve environment ownership of the required-service list so the local scratch compose stack can demand a stricter frontdoor than lighter dev configurations.
Completion criteria:
- [x] Gateway health options support a required microservice list.
- [x] `/health/ready` returns `503` with missing-service details until all configured required services are registered.
- [x] Focused router tests cover both missing and satisfied readiness states.
### ROUTER-READY-002 - Return truthful warm-up failures for missing target registrations
Status: DONE
Dependency: ROUTER-READY-001
Owners: Developer, QA
Task description:
- When a route is already classified as `Microservice` but the target service has not registered, return a service-unavailable contract instead of `404`.
- Keep `404` only for genuinely unknown paths or endpoints that do not exist on a registered target service.
Completion criteria:
- [x] Targeted microservice-route misses return `503`.
- [x] Registered target service with a missing endpoint still returns `404`.
- [x] Focused middleware tests prove the distinction.
### ROUTER-READY-003 - Make scratch compose wait for the real frontdoor
Status: DONE
Dependency: ROUTER-READY-002
Owners: Developer, QA
Task description:
- Update the mounted local router config with the required-service list for the client-ready scratch stack and make the router-gateway container healthcheck probe `/health/ready` instead of only testing for an open TCP port.
- Document the reverse-proxy exception rule: external/bootstrap only, first-party Stella APIs through router transport.
Completion criteria:
- [x] `router-gateway-local.json` declares the required first-party services for the local scratch stack.
- [x] `docker-compose.stella-ops.yml` checks router readiness instead of raw port openness.
- [x] Router architecture docs describe the readiness gate and the reverse-proxy exception rule.
### ROUTER-READY-004 - Bound microservice HELLO recovery after gateway restart
Status: DONE
Dependency: ROUTER-READY-003
Owners: Developer, QA
Task description:
- Remove the hidden fixed 30-heartbeat HELLO replay heuristic from the microservice SDK and replace it with an explicit registration refresh interval that repopulates gateway state within seconds after a gateway restart.
- Flow the setting through the shared ASP.NET router integration so services can keep the default bounded contract or override it intentionally.
Completion criteria:
- [x] Stella microservice options expose a positive registration refresh interval.
- [x] Router connection manager replays HELLO on the configured interval without waiting for dozens of heartbeats.
- [x] Focused SDK and integration-helper tests cover the new contract.
## Execution Log
| Date (UTC) | Update | Owner |
| --- | --- | --- |
| 2026-03-10 | Sprint created after live evidence showed the gateway was returning `404 TargetService=(none)` during post-redeploy convergence even though the mounted route table and aggregated OpenAPI already knew the affected first-party paths. | Developer |
| 2026-03-10 | Live restart evidence showed the deeper recovery gap: services only replayed HELLO every 30 heartbeats, leaving the gateway honestly unready for minutes after restart. Added a bounded HELLO refresh task under the same sprint. | Developer |
| 2026-03-10 | Audited the frontdoor refactor end to end: focused router tests passed, fresh-stack redeploy converged on `/health/ready`, restart probes now return `503` for missing target registrations before flipping to endpoint-level `404`, and the Playwright canonical route sweep rerun isolated the remaining failures to unrelated frontend routes under `/ops/policy`, `/ops/operations/*`, and trust-signing. | Developer |
## Decisions & Risks
- Decision: readiness is environment-owned. The gateway source exposes the contract, while the local compose stack opts into a concrete required-service list for scratch QA.
- Decision: reverse proxy remains valid for external/bootstrap surfaces such as Rekor, OIDC/browser flows, and SPA/static assets; it is not the preferred path for first-party Stella APIs.
- Decision: HELLO recovery is now time-based and explicit rather than a hidden multiple of heartbeat count. The default registration refresh interval is 10 seconds so a gateway restart cannot strand first-party routes behind stale state for minutes.
- Decision: the dedicated `router-gateway-local.reverseproxy.json` fallback mode is removed from active compose guidance. The supported scratch stack uses the microservice-first table with narrowly-scoped reverse proxy exceptions inside the same config.
- Risk: if the required-service list is too broad for the current compose footprint, `/health/ready` could remain false. Mitigation: use the actual mounted local stack as the authority and verify registrations live after redeploy.
## Next Checkpoints
- 2026-03-10: land readiness evaluation and route-level `503` contract.
- 2026-03-10: rebuild router-gateway, redeploy, and verify restart behavior with live probes.
- 2026-03-10: rerun the targeted Playwright/router checks on the warmed stack.

78
docs/implplan/SPRINT_20260310_002_Policy_policy_frontdoor_compat_and_live_verification.md
View File

@@ -1,78 +0,0 @@
# Sprint 20260310-002 - Policy Frontdoor Compat And Live Verification
## Topic & Scope
- Restore the first-party `/policy/*` frontdoor contract on the rebuilt `https://stella-ops.local` stack so the policy simulation and governance surfaces no longer 404 through the router.
- Fill the missing policy gateway compatibility endpoints that the live web shell expects during policy simulation, coverage, audit, effective-policy, exception, conflict, and batch-evaluation flows.
- Keep the live Playwright policy action sweep meaningful by modeling the real shadow-mode state machine instead of failing on intentionally disabled controls.
- Working directory: `src/Policy/StellaOps.Policy.Gateway`.
- Allowed coordination edits: `devops/compose/router-gateway-local.json`, `src/Policy/__Tests/StellaOps.Policy.Gateway.Tests/PolicySimulationEndpointsTests.cs`, `src/Router/__Tests/StellaOps.Gateway.WebService.Tests/Middleware/RouteDispatchMiddlewareMicroserviceTests.cs`, `src/Web/StellaOps.Web/scripts/live-ops-policy-action-sweep.mjs`, `docs/implplan/SPRINT_20260310_002_Policy_policy_frontdoor_compat_and_live_verification.md`.
- Expected evidence: targeted policy/router test passes and authenticated live Playwright evidence under `src/Web/StellaOps.Web/output/playwright/` showing zero runtime issues for the ops/policy sweep.
## Dependencies & Concurrency
- Depends on the scratch rebuild being complete enough for router, authority, policy gateway, and the web shell to authenticate at `https://stella-ops.local`.
- Safe parallelism: do not edit unrelated router readiness/search/component revival files; keep changes scoped to the frontdoor policy compatibility path and its QA harness.
## Documentation Prerequisites
- `AGENTS.md`
- `docs/qa/feature-checks/FLOW.md`
- `docs/modules/router/architecture.md`
- `docs/modules/platform/architecture-overview.md`
## Delivery Tracker
### POLICY-FRONTDOOR-001 - Restore missing policy gateway compatibility endpoints
Status: DONE
Dependency: none
Owners: Developer, QA
Task description:
- Add the compatibility endpoints required by the live policy simulation/governance shell so `/policy/*` requests succeed through the first-party gateway on a fresh stack.
- Keep the responses deterministic and scratch-friendly so the live browser sweep has meaningful data to work against.
Completion criteria:
- [x] Policy gateway exposes the missing `/policy/shadow/*`, `/policy/simulations/*`, `/policy/packs/*`, `/policy/effective`, `/policy/audit`, `/policy/exceptions*`, `/policy/conflicts*`, and `/policy/batch-evaluations*` compatibility surfaces required by the live shell.
- [x] Targeted policy gateway tests cover the new compatibility contracts.
- [x] The rebuilt live stack no longer emits `/policy/*` 404s from the policy simulation sweep.
### POLICY-FRONTDOOR-002 - Fix router translation for first-party policy paths
Status: DONE
Dependency: POLICY-FRONTDOOR-001
Owners: Developer
Task description:
- Diagnose why `/policy/*` still fails through the router even when the policy gateway exposes the expected endpoints.
- Repair the local frontdoor route so the router preserves the `/policy` service prefix instead of stripping it before microservice dispatch.
Completion criteria:
- [x] The router local config translates `/policy/*` to the policy gateway with the correct preserved path prefix.
- [x] A router regression test proves `/policy/shadow/config` no longer loses the `/policy` segment during microservice translation.
- [x] `stellaops-router-gateway` starts healthy after the config repair.
### POLICY-FRONTDOOR-003 - Make the live policy action sweep reflect real product behavior
Status: DONE
Dependency: POLICY-FRONTDOOR-002
Owners: QA, Developer (FE)
Task description:
- Remove the false-negative `View Results` failure from the live policy action sweep by modeling the real shadow-mode workflow.
- The sweep must enable shadow mode when needed, verify results/history becomes reachable, and restore the disabled baseline so repeated scratch loops remain deterministic.
Completion criteria:
- [x] The live action sweep treats intentionally disabled controls as state to navigate, not as blind click failures.
- [x] The sweep verifies `View Results` reaches simulation history after shadow mode is enabled.
- [x] The authenticated live policy action sweep finishes with zero action failures and zero runtime issues.
## Execution Log
| Date (UTC) | Update | Owner |
| --- | --- | --- |
| 2026-03-10 | Sprint created for the rebuilt-stack policy frontdoor repair after live Playwright showed first-party `/policy/*` 404s and a false-negative disabled action on the simulation page. | Developer |
| 2026-03-10 | Added the missing policy gateway compatibility endpoints and deterministic backing state for shadow config, simulation history, coverage, effective policy, audit, exceptions, conflicts, and batch evaluations. Targeted policy gateway tests passed via the direct test assembly runner. | Developer |
| 2026-03-10 | Diagnosed the real router defect: the canonical `/policy` microservice route existed already, but its translation stripped the `/policy` prefix before dispatch. Updated `router-gateway-local.json` to translate to `http://policy-gateway.stella-ops.local/policy`, added a router regression, and confirmed the gateway restarted healthy. | Developer |
| 2026-03-10 | Reran the authenticated live ops/policy Playwright sweep. The runtime 404s disappeared; then updated the sweep to enable shadow mode before verifying `View Results`, restore the disabled baseline, and revalidated the live slice at `failedActionCount=0` and `runtimeIssueCount=0`. | Developer |
## Decisions & Risks
- Decision: keep `/policy/*` first-party and routed as a router microservice path. Reverse proxy exceptions remain reserved for third-party services, not Stella-owned policy surfaces.
- Decision: preserve the `/policy` path prefix in the router translation instead of adding more special-case reverse-proxy routes, because the failure was path rewriting, not a missing service mapping.
- Risk: the live policy action sweep covers only the current ops/policy slice; broader page-by-page live verification is still required in later iterations.
- Mitigation: keep the sweep deterministic, authenticated, and state-restoring so it can be reused across scratch iterations as broader route/action work continues.
## Next Checkpoints
- Commit the scoped policy/router/web-script repair without unrelated router readiness or search changes.
- Fold the next authenticated live slice into the broader canonical route backlog and continue the page/action-by-page/action sweep.

65
docs/implplan/SPRINT_20260310_003_FE_mission_control_live_action_sweep.md
View File

@@ -1,65 +0,0 @@
# Sprint 20260310-003 - FE Mission Control Live Action Sweep
## Topic & Scope
- Add a reusable authenticated Playwright sweep for the Mission Control board, alerts, and activity surfaces on the real `https://stella-ops.local` frontdoor.
- Verify the high-signal cross-product links from Mission Control resolve to the correct downstream page with the expected scoped state, instead of relying on broad route checks alone.
- Keep the work confined to live QA automation so the next scratch iterations can rerun Mission Control behavioral checks without manual clicking.
- Working directory: `src/Web/StellaOps.Web/scripts`.
- Allowed coordination edits: `docs/implplan/SPRINT_20260310_003_FE_mission_control_live_action_sweep.md`.
- Expected evidence: a runnable live Mission Control action sweep script plus JSON evidence under `src/Web/StellaOps.Web/output/playwright/`.
## Dependencies & Concurrency
- Depends on the rebuilt stack being authenticated and reachable through `https://stella-ops.local`.
- Safe parallelism: do not touch unrelated Mission Control feature code or router/search implementation streams during this QA-only iteration.
## Documentation Prerequisites
- `AGENTS.md`
- `docs/qa/feature-checks/FLOW.md`
- `docs/implplan/SPRINT_20260309_002_FE_live_frontdoor_canonical_route_sweep.md`
## Delivery Tracker
### FE-MISSION-LIVE-001 - Add Mission Control action sweep harness
Status: DONE
Dependency: none
Owners: QA, Developer (FE)
Task description:
- Create a focused live Playwright harness that authenticates through the real frontdoor and exercises the important Mission Control actions on the board, alerts, and activity pages.
- The harness must verify that the links resolve to the correct downstream paths and preserve the scoped stage/us-east context where applicable.
Completion criteria:
- [x] A script exists under `src/Web/StellaOps.Web/scripts/` for live Mission Control action sweeps.
- [x] The script writes structured JSON output to `src/Web/StellaOps.Web/output/playwright/`.
- [x] The script exits non-zero when any Mission Control action or runtime contract fails.
### FE-MISSION-LIVE-002 - Verify Mission Control board, alerts, and activity actions
Status: DONE
Dependency: FE-MISSION-LIVE-001
Owners: QA
Task description:
- Execute the Mission Control action sweep against the rebuilt stack and verify the primary board summary links, regional stage links, alert drilldowns, and activity drilldowns.
- Distinguish product defects from harness selection mistakes before escalating any result into implementation work.
Completion criteria:
- [x] The board links for releases, approvals, security, data integrity, topology, and scoped stage drilldowns are verified live.
- [x] The alerts and activity drilldowns are verified live.
- [x] The final live run completes with zero failed actions and zero runtime issues.
## Execution Log
| Date (UTC) | Update | Owner |
| --- | --- | --- |
| 2026-03-10 | Sprint created for the next live behavioral pass after the canonical frontdoor sweep reached 111/111 passing routes and the policy/release/search slices were already rechecked. | Developer |
| 2026-03-10 | Added `scripts/live-mission-control-action-sweep.mjs` to exercise Mission Control board summary links, scoped stage environment links, alert drilldowns, and activity drilldowns through the authenticated frontdoor. | Developer |
| 2026-03-10 | Initial run surfaced a harness defect: the stage findings check selected the first `Findings` link (`dev`) rather than the intended `stage` row, and the auth helper emitted a harmless `about:blank` sessionStorage page error. Tightened the selector and filtered the known false-positive runtime noise. | Developer |
| 2026-03-10 | Reran the live Mission Control sweep successfully. Board, alerts, and activity actions now verify cleanly with `failedActionCount=0` and `runtimeIssueCount=0`. | Developer |
| 2026-03-10 | Cold-stack replay after the Mission Control route restore exposed another harness-only issue: cross-page navigation was recording `net::ERR_ABORTED` API requests as runtime failures. Filtered intentional navigation aborts in `live-mission-control-action-sweep.mjs` so the sweep reports only user-visible defects. | Developer |
## Decisions & Risks
- Decision: treat Mission Control as a first-class action surface with its own live sweep, because it fans out into releases, security, evidence, topology, and trust workflows and can hide scoped-link regressions that route-level sweeps miss.
- Decision: filter the auth-helper `about:blank` sessionStorage page error in this harness because it is not a user-visible runtime failure and would otherwise pollute live action evidence.
- Risk: the Mission Control sweep still covers representative actions rather than every repeated row/link permutation on the board.
- Mitigation: keep the harness reusable and extend it in later iterations as additional board actions or state-specific flows are promoted into the live backlog.
## Next Checkpoints
- Commit the Mission Control live sweep as a standalone QA iteration.
- Continue expanding live action coverage into the next high-density page family on the rebuilt stack.

77
docs/implplan/SPRINT_20260310_004_FE_setup_topology_live_action_sweep.md
View File

@@ -1,77 +0,0 @@
# Sprint 20260310_004 - Setup Topology Live Action Sweep
## Topic & Scope
- Verify the Setup/Topology slice against the rebuilt `https://stella-ops.local` stack with real Playwright interactions, not route-only checks.
- Treat scope preservation as part of correctness: topology tabs and operator actions must keep the active tenant/region/environment/time-window context.
- Working directory: `src/Web/StellaOps.Web`.
- Expected evidence: live Playwright sweep JSON, focused Angular tests, execution log updates, and a scoped commit.
## Dependencies & Concurrency
- Depends on the rebuilt web bundle and healthy frontdoor stack already running through `devops/compose/docker-compose.stella-ops.yml`.
- Safe to run in parallel with backend/search work as long as edits stay inside `src/Web/StellaOps.Web` and this sprint file.
## Documentation Prerequisites
- `docs/qa/feature-checks/FLOW.md`
- `docs/modules/platform/architecture-overview.md`
## Delivery Tracker
### FE-TOPO-LIVE-001 - Capture live topology action evidence
Status: DONE
Dependency: none
Owners: QA, Developer
Task description:
- Add a dedicated live Playwright script for Setup/Topology that exercises the shell tabs, overview CTAs, environment inventory actions, and environment detail actions on the authenticated frontdoor.
- The sweep must fail when routes misnavigate, when runtime errors surface, or when actions drop active scope query parameters that should remain stable across topology flows.
Completion criteria:
- [x] A committed live sweep script exists under `src/Web/StellaOps.Web/scripts/`.
- [x] The sweep captures fresh evidence under `src/Web/StellaOps.Web/output/playwright/`.
- [x] Any failures are diagnosed to code-level root causes before implementation changes begin.
### FE-TOPO-LIVE-002 - Repair topology scope-preserving navigation
Status: DONE
Dependency: FE-TOPO-LIVE-001
Owners: Developer
Task description:
- Apply the existing Stella Ops scope-preserving navigation pattern to the topology shell and topology operator actions so the live context survives shell navigation and drilldowns.
- Keep the fix scoped to topology unless a broader shared change is clearly required and low risk.
Completion criteria:
- [x] Topology shell navigation preserves active scope.
- [x] Topology CTA/drilldown actions preserve active scope while adding route-specific parameters.
- [x] Focused tests cover the changed navigation contracts.
### FE-TOPO-LIVE-003 - Reverify live topology slice after fixes
Status: DONE
Dependency: FE-TOPO-LIVE-002
Owners: QA
Task description:
- Rebuild the web bundle if needed, sync it into the live stack, rerun the exact topology sweep, and confirm the slice is clean.
Completion criteria:
- [x] The topology sweep passes with zero failed actions.
- [x] The topology sweep reports zero runtime issues.
- [x] Execution Log records the before/after evidence and the commit hash.
## Execution Log
| Date (UTC) | Update | Owner |
| --- | --- | --- |
| 2026-03-10 | Sprint created for the next live QA/developer iteration on Setup/Topology after the clean canonical frontdoor, policy, releases, notifications, and mission-control sweeps. | QA |
| 2026-03-10 | First authenticated live topology sweep failed 25 actions with 0 runtime issues. Every failure traced to scope loss across topology shell tabs, CTA/drilldown links, or environment detail operator actions; two tab failures were harness selector collisions on partial `Security` and `Evidence` matches. | QA |
| 2026-03-10 | Root cause analysis found two product defects: Topology links were not consistently using scope-preserving navigation, and `SecurityFindingsPageComponent.reloadFromFilters()` rewrote `/security/triage` without merge semantics, stripping the incoming topology scope. | Developer |
| 2026-03-10 | Added focused navigation regressions for topology and security findings. Focused Angular run passed `6/6` assertions across `2` spec files. | Test Automation |
| 2026-03-10 | Cold-stack replay showed the earlier sweep still had a QA harness defect: it sampled generic shell states before lazy topology routes hydrated and counted navigation-aborted XHRs as runtime failures. Hardened `live-setup-topology-action-sweep.mjs` with route-readiness gates, URL waits, and `ERR_ABORTED` filtering so Playwright only reports live defects. | QA |
| 2026-03-10 | The hardened sweep exposed one real product issue on `/setup/topology/environments`: local environment selection could drift off the scoped environment during hydration, causing `Open Targets`, `Open Agents`, and `Open Runs` to launch against `dev` or `prod-us-west` while the active scope was `stage`. Fixed `TopologyRegionsEnvironmentsPageComponent` to reconcile region/environment selection from the active context first, added a focused regression to `topology-scope-links.component.spec.ts`, rebuilt the web bundle, synced `dist/stellaops-web/browser` into `compose_console-dist`, and reran the live topology sweep clean with `0` failed actions and `0` runtime issues in `src/Web/StellaOps.Web/output/playwright/live-setup-topology-action-sweep.json`. Commit hash pending local commit. | Developer |
## Decisions & Risks
- Decision: treat scope preservation as a correctness requirement in topology because the active platform context changes the data surface on every page and drilldown.
- Risk: `TabbedNavComponent` is shared across multiple shells. If topology needs scope-preserving shell tabs, prefer an opt-in contract instead of a silent repo-wide behavior change.
- Decision: `TabItem` now supports opt-in `queryParamsHandling`, and Topology explicitly sets `merge` on its shell tabs. This preserves scope without changing every other shared tabbed navigation surface.
- Decision: fixing the destination rewrite in `/security/triage` is mandatory. Accepting a scoped entry link is not sufficient if the landing page immediately discards the topology context.
- Decision: topology inventory pages must reconcile local selection state from the active platform context before falling back to the first loaded row. Otherwise operator actions can silently target the wrong environment during cold-start hydration.
- Decision: live Playwright sweeps on the SPA must wait for route-specific readiness, not just `domcontentloaded`, because the shell can render before the lazy child route and produce false QA failures on a healthy stack.
## Next Checkpoints
- Capture the first failing topology live sweep.
- Repair the navigation contracts and re-run the same sweep before committing.

63
docs/implplan/SPRINT_20260310_005_FE_integrations_live_action_sweep.md
View File

@@ -1,63 +0,0 @@
# Sprint 20260310_005 - Integrations Live Action Sweep
## Topic & Scope
- Deep-verify the Integrations hub against the rebuilt `https://stella-ops.local` stack with real Playwright interactions, not route-only checks.
- Treat typed onboarding as part of correctness: registry and runtime-host actions must land on the correct typed onboarding routes, while generic sources must fall back to the shared onboarding hub.
- Working directory: `src/Web/StellaOps.Web`.
- Expected evidence: live Playwright sweep JSON, execution log updates, and a scoped commit.
## Dependencies & Concurrency
- Depends on the authenticated frontdoor harness and the clean 111-route canonical sweep on the rebuilt stack.
- Safe to run in parallel with router readiness and component-revival work as long as edits stay inside `src/Web/StellaOps.Web` and this sprint file.
## Documentation Prerequisites
- `AGENTS.md`
- `docs/qa/feature-checks/FLOW.md`
- `docs/modules/platform/architecture-overview.md`
## Delivery Tracker
### FE-INTEGRATIONS-LIVE-001 - Capture live integrations action evidence
Status: DONE
Dependency: none
Owners: QA, Developer
Task description:
- Add a dedicated live Playwright script for the Integrations hub that exercises the hub tabs, onboarding CTAs, typed add actions, generic add actions, and activity handoffs on the authenticated frontdoor.
- The sweep must fail when CTAs misroute, when runtime errors surface, or when the live stack serves the wrong onboarding destination for a given integration type.
Completion criteria:
- [x] A committed live sweep script exists under `src/Web.StellaOps.Web/scripts/`.
- [x] The sweep captures fresh evidence under `src/Web.StellaOps.Web/output/playwright/`.
- [x] Any failures are diagnosed to code-level root causes before implementation changes begin.
### FE-INTEGRATIONS-LIVE-002 - Reverify the integrations action slice
Status: DONE
Dependency: FE-INTEGRATIONS-LIVE-001
Owners: QA
Task description:
- Run the same live integrations sweep against the rebuilt stack and confirm the action slice is behaviorally clean.
Completion criteria:
- [x] The integrations sweep passes with zero failed actions.
- [x] The integrations sweep reports zero runtime issues.
- [x] Execution Log records the final evidence path and commit hash.
## Execution Log
| Date (UTC) | Update | Owner |
| --- | --- | --- |
| 2026-03-10 | Sprint created after the authenticated 111-route canonical sweep came back clean, moving the next iteration from route rescue to deeper integrations action verification. | QA |
| 2026-03-10 | Added `live-integrations-action-sweep.mjs` to cover shell tabs, typed onboarding CTAs, generic onboarding fallbacks, and activity handoffs across the live Integrations family. | QA |
| 2026-03-10 | First live sweep reported one false failure: `Advisory & VEX` was present in the Integrations shell but exposed as a tabbed-nav item rather than a plain link, so the harness selector missed it. No runtime issues were present. | Developer |
| 2026-03-10 | Corrected the harness to search both `link` and `tab` roles for shell navigation and reran the exact live sweep. Final evidence is clean at `failedActionCount=0` and `runtimeIssueCount=0` in `src/Web.StellaOps.Web/output/playwright/live-integrations-action-sweep.json`. Commit hash pending local commit. | QA |
| 2026-03-11 | Replayed the sweep after a full scratch teardown and rebuild. Fresh cold loads surfaced a second harness-only failure mode: the Integrations shell and list pages lazy-hydrated after navigation, so one-shot selector checks mislabeled tabs, add buttons, and empty-state CTAs as missing. Hardened the sweep with bounded control polling, support for the split `Advisory Sources` / `VEX Sources` hub tiles, and state-aware empty-state-or-detail checks. Final rerun is clean again at `failedActionCount=0` and `runtimeIssueCount=0`. | QA / Developer |
## Decisions & Risks
- Decision: typed onboarding is part of the live integrations contract. If a type-specific list page routes to the wrong onboarding target, that is a product defect, not a cosmetic issue.
- Risk: the Integrations hub mixes typed and generic onboarding flows. The harness must assert the intended destination per integration type instead of treating all add buttons as equivalent.
- Decision: the Integrations shell uses tabbed navigation semantics. The live harness must consider both `link` and `tab` roles when verifying shell actions so accessibility-correct tabs do not register as false defects.
- Decision: scratch-rebuild verification must wait for lazy route hydration before judging the Integrations shell. Fresh chunk loads can present the route URL before the tab bar and list CTAs are interactable, so the sweep now uses bounded polling instead of a single immediate DOM sample.
- Decision: list-page coverage is state-aware. When a list is empty, the harness verifies the empty-state CTA; when rows exist, it verifies the first detail handoff instead of demanding an empty-state button that should not be present.
## Next Checkpoints
- Capture the first integrations action sweep against the live frontdoor.
- Fix any misroutes or inert CTAs before moving on to another page family.

50
docs/implplan/SPRINT_20260310_006_FE_policy_simulation_direct_route_defaults_and_hydration.md
View File

@@ -1,50 +0,0 @@
# Sprint 20260310-006 - FE Policy Simulation Direct Route Defaults and Hydration
## Topic & Scope
- Harden revived Policy Simulation surfaces so direct entry and partially wired host routes still render usable defaults instead of blank inputs.
- Normalize missing policy pack, version, and target environment inputs across the revived lint, diff, coverage, and promotion-gate components.
- Ensure the read-only coverage route hydrates on first render instead of waiting for a second interaction.
- Working directory: `src/Web/StellaOps.Web/src/app/features/policy-simulation`.
- Allowed coordination edits: `src/Web/StellaOps.Web/tsconfig.spec.features.json`, `docs/modules/ui/README.md`.
- Expected evidence: focused component spec pass, authenticated live Playwright evidence for `/ops/policy/simulation` policy actions, updated UI docs if behavior changes.
## Dependencies & Concurrency
- Follows `SPRINT_20260309_019_FE_policy_simulation_active_tenant_runtime.md`; this sprint hardens the revived component surfaces after the tenant seam repair.
- Safe parallelism: do not touch router readiness or unrelated search work while closing this slice.
## Documentation Prerequisites
- `AGENTS.md`
- `docs/code-of-conduct/CODE_OF_CONDUCT.md`
- `docs/qa/feature-checks/FLOW.md`
- `docs/modules/ui/README.md`
## Delivery Tracker
### FE-POLICY-SIM-006-001 - Normalize revived policy simulation inputs and direct hydration
Status: DONE
Dependency: none
Owners: Developer, QA
Task description:
- Centralize the fallback defaults used by revived Policy Simulation components so direct-entry routes and partially restored host callers do not pass through blank pack IDs, unusable versions, or empty target environments.
- Cover the normalization behavior in focused specs for the shared defaults helper and the affected components, then re-run live authenticated policy actions with Playwright to prove the repaired runtime still behaves correctly.
Completion criteria:
- [x] Coverage, diff, lint, and promotion-gate components normalize missing/blank inputs to stable defaults instead of rendering unusable state.
- [x] Coverage auto-loads on first render so the direct route is hydrated without a second click.
- [x] Focused Angular specs prove the normalization and hydration behaviors.
- [x] Authenticated Playwright completes the policy action sweep on `https://stella-ops.local` without new route or runtime failures.
## Execution Log
| Date (UTC) | Update | Owner |
| --- | --- | --- |
| 2026-03-10 | Sprint created after the remaining dirty `policy-simulation` slice was identified as a follow-on hardening pass for revived direct-route component defaults and coverage hydration. | Developer |
| 2026-03-10 | Added shared policy simulation defaults plus a Vitest-compatible direct-route regression harness, rebuilt the web bundle, synced `dist/stellaops-web/browser` into `compose_console-dist`, and verified `/ops/policy/simulation/coverage`, `/lint`, `/promotion`, and `/diff/policy-pack-001` live with zero runtime errors via Playwright. | Developer |
## Decisions & Risks
- Decision: keep default restoration local to the revived Policy Simulation feature cluster through a shared helper instead of reintroducing per-component literals.
- Decision: use a focused Vitest-compatible regression spec for the revived direct-route behaviors instead of widening the unsupported legacy ProxyZone/Karma component suite.
- Risk: defaulting a missing pack/version can hide a wiring regression; mitigate with focused specs and live Playwright verification on the real shell.
## Next Checkpoints
- 2026-03-10: finish the focused spec coverage and live policy Playwright recheck.
- 2026-03-10: commit the isolated policy-simulation hardening slice.

161
docs/implplan/SPRINT_20260310_019_DevOps_container_cpu_optimization.md
View File

@@ -1,161 +0,0 @@
# Sprint 019 — Container CPU Optimization
## Topic & Scope
- Reduce idle CPU pressure from 62 Docker containers by adding resource limits, tuning GC, converting polling to event-driven patterns, and reducing log verbosity.
- Working directory: `devops/compose/`, `src/JobEngine/`, `src/Graph/`, `src/Platform/`.
- Expected evidence: compose validation, `docker stats` showing caps, reduced idle CPU.
## Dependencies & Concurrency
- No upstream sprint dependencies.
- Workstreams 1/2/4/6 (compose-only) are independent of workstreams 3A/3B/3D (C# changes).
- C# workstreams (3A, 3B, 3D) are independent of each other (different modules).
## Documentation Prerequisites
- `docs/modules/router/architecture.md` (Valkey messaging patterns).
## Delivery Tracker
### WS-1 — Resource Limits in Docker Compose
Status: DONE
Dependency: none
Owners: Developer
Task description:
- Add three resource tier YAML anchors (heavy/medium/light) to compose file.
- Apply `<<: *resources-{tier}` to all 59 .NET services.
- Infrastructure services (postgres, valkey, rustfs, registry, rekor) remain unconstrained.
Completion criteria:
- [x] Three resource anchors defined
- [x] Tier assignments: Heavy (6), Medium (16), Light (37)
- [x] `docker compose config` validates cleanly
- [x] Infrastructure services have no deploy limits
### WS-2 — Logging Debug→Information
Status: DONE
Dependency: none
Owners: Developer
Task description:
- Change 4 services from Debug to Information logging, keeping Debug as comments.
- Services: router-gateway, platform, policy-engine, findings-ledger-web.
Completion criteria:
- [x] Debug log levels commented out with Information active
- [x] 4 services updated
### WS-3A — FirstSignalSnapshotWriter Valkey Pub/Sub
Status: DONE
Dependency: none
Owners: Developer
Task description:
- Convert 10s polling to Valkey subscription on `notify:firstsignal:dirty`.
- Add 60s fallback timer via `FallbackPollIntervalSeconds` option.
- Fire Valkey notification from JobEngineEventPublisher on job lifecycle events.
Completion criteria:
- [x] SemaphoreSlim + Valkey subscribe pattern implemented
- [x] Fallback timer extended from 10s to 60s
- [x] Event publisher fires dirty notification on orch.jobs channel events
- [x] Project builds with 0 errors
### WS-3B — GraphAnalyticsHostedService Single Timer + Idle Skip
Status: DONE
Dependency: none
Owners: Developer
Task description:
- Consolidate dual PeriodicTimer to single timer using Min(ClusterInterval, CentralityInterval).
- Add idle-check: skip pipeline when no pending snapshots exist.
- Add `SkipWhenIdle` option (default: true).
Completion criteria:
- [x] Single timer replaces dual timers
- [x] Idle check via IGraphSnapshotProvider.GetPendingSnapshotsAsync
- [x] Debug log emitted when skipping
- [x] Project builds with 0 errors
### WS-3D — EnvironmentSettingsRefreshService Valkey Pub/Sub
Status: DONE
Dependency: none
Owners: Developer
Task description:
- Register IConnectionMultiplexer in Platform DI from ConnectionStrings:Redis.
- Publish `notify:platform:envsettings:dirty` from PostgresEnvironmentSettingsStore on set/delete.
- Convert EnvironmentSettingsRefreshService from Task.Delay(60s) to Valkey subscription with 300s fallback.
Completion criteria:
- [x] IConnectionMultiplexer registered in Platform Program.cs
- [x] Store publishes dirty notification (fire-and-forget)
- [x] Refresh service uses SemaphoreSlim + Valkey subscribe
- [x] Project builds with 0 errors
### WS-4 — Health Check Interval 60s (Configurable)
Status: DONE
Dependency: none
Owners: Developer
Task description:
- Change healthcheck anchors from 30s to `${HEALTHCHECK_INTERVAL:-60s}`.
- Propagates to all ~57 services using these anchors.
Completion criteria:
- [x] Both healthcheck anchors updated
- [x] Environment variable override supported
- [x] Rendered config shows 60s intervals
### WS-5 — Messaging Transport (No Changes)
Status: DONE
Dependency: none
Owners: Developer
Task description:
- Verified Valkey messaging transport is already subscription-based with SemaphoreSlim + fallback.
- No changes needed.
Completion criteria:
- [x] Verified ValkeyMessageQueue already uses push-first pattern
### WS-7 — Eliminate Valkey Queue Polling Fallback
Status: DONE
Dependency: none
Owners: Developer
Task description:
- Remove hardcoded 1s PollingFallback and 1-5s notifiable timeout constants from QueueWaitExtensions.
- Add configurable `QueueWaitTimeoutSeconds` to ValkeyTransportOptions (default: 0 = pure event-driven).
- ValkeyMessageQueue.WaitForNotificationAsync uses configured timeout instead of caller-provided value.
- Compose env var `VALKEY_QUEUE_WAIT_TIMEOUT` (default 0) controls the setting for all services.
Completion criteria:
- [x] QueueWaitTimeoutSeconds added to ValkeyTransportOptions with default 0
- [x] ValkeyMessageQueue uses configured timeout (0 = Timeout.InfiniteTimeSpan)
- [x] Hardcoded PollingFallback/MinimumNotifiableTimeout/MaximumNotifiableTimeout removed from QueueWaitExtensions
- [x] Compose YAML updated for microservice defaults and gateway
- [x] All 252 gateway tests pass
- [x] Compose validates clean (45 services have the setting)
### WS-6 — GC Configuration
Status: DONE
Dependency: none
Owners: Developer
Task description:
- Add three GC tuning YAML anchors (heavy/medium/light) with DOTNET_gcServer, GCConserveMemory, GCDynamicAdaptationMode.
- Merge into all 59 .NET service environments.
Completion criteria:
- [x] Three GC anchors defined
- [x] Heavy/Medium use Server GC; Light uses Workstation GC
- [x] GCDynamicAdaptationMode=1 (DATAS) on all services
- [x] Not applied to non-.NET infrastructure
## Execution Log
| Date (UTC) | Update | Owner |
| --- | --- | --- |
| 2026-03-10 | Sprint created. All workstreams completed. All 3 C# projects build clean. Compose validates clean. | Developer |
| 2026-03-10 | WS-7 added: eliminated Valkey queue polling fallback. Default is now pure event-driven (QueueWaitTimeoutSeconds=0). | Developer |
## Decisions & Risks
- Resource limits are dev/QA defaults; production deployments should tune per hardware.
- GCDynamicAdaptationMode=1 requires .NET 8+; all services use .NET 8/9.
- Healthcheck interval override via HEALTHCHECK_INTERVAL env var for operator flexibility.
- Valkey pub/sub notifications are fire-and-forget; fallback timers ensure correctness if missed.
- QueueWaitTimeoutSeconds defaults to 0 (pure event-driven). Set VALKEY_QUEUE_WAIT_TIMEOUT=5 to restore a 5s safety-net poll if pub/sub proves unreliable.
## Next Checkpoints
- Rebuild affected images (platform, jobengine, graph-indexer) after C# changes merge.
- Verify `docker stats` shows resource caps in dev environment.

77
docs/implplan/SPRINT_20260310_020_Router_frontdoor_route_boundary_and_service_prefix_repair.md
View File

@@ -1,77 +0,0 @@
# Sprint 20260310-020 - Router Frontdoor Route Boundary And Service Prefix Repair
## Topic & Scope
- Repair frontdoor route precedence defects that only appear on the real scratch stack after router-gateway reloads and rebuilt web assets.
- Keep first-party Stella APIs on router transport while correcting the route table so static chunks, platform-owned APIs, and shell compatibility prefixes dispatch to the intended target.
- Working directory: `src/Router`.
- Allowed coordination edits: `devops/compose/router-gateway-local.json`, `docs/modules/router/architecture.md`, `devops/compose/README.md`, `src/Router/StellaOps.Gateway.WebService/TASKS.md`, `docs/implplan/SPRINT_20260310_020_Router_frontdoor_route_boundary_and_service_prefix_repair.md`.
- Expected evidence: focused router tests, live gateway probes on `https://stella-ops.local`, and a Playwright canonical route sweep after gateway restart.
## Dependencies & Concurrency
- Depends on `SPRINT_20260310_001_Router_frontdoor_required_service_readiness.md` for truthful frontdoor readiness and restart convergence.
- Safe parallelism: stay in `src/Router` plus the listed compose/docs files; leave frontend route repairs for separate FE iterations once the frontdoor contract is verified.
## Documentation Prerequisites
- `AGENTS.md`
- `src/Router/AGENTS.md`
- `src/Router/StellaOps.Gateway.WebService/AGENTS.md`
- `src/Router/__Tests/StellaOps.Gateway.WebService.Tests/AGENTS.md`
- `docs/modules/router/architecture.md`
## Delivery Tracker
### ROUTER-BOUNDARY-001 - Restore route precedence for platform-owned and static-boundary paths
Status: DONE
Dependency: none
Owners: Developer, QA
Task description:
- Tighten the root `/policy` regex so it only owns the actual route segment and no longer steals Angular static chunks.
- Restore explicit platform ownership for `/api/v1/aoc/*` and `/api/v1/administration/*` ahead of the generic `/api/v1/{service}` matcher so those requests do not dispatch to synthetic microservice names.
Completion criteria:
- [x] `/policy-decisioning.routes-*.js` stays on the static route.
- [x] `/api/v1/aoc/*` and `/api/v1/administration/*` resolve to `platform`.
- [x] Focused route-table tests prove precedence against generic catch-alls.
### ROUTER-BOUNDARY-002 - Strip browser compatibility prefixes before microservice dispatch
Status: DONE
Dependency: ROUTER-BOUNDARY-001
Owners: Developer, QA
Task description:
- Preserve the shell-facing `/doctor/*` and `/scheduler/*` entrypoints while translating them to the canonical backend paths those services actually expose.
- Verify the dispatch middleware forwards `/doctor/api/v1/doctor/*` and `/scheduler/api/v1/scheduler/*` as `/api/v1/doctor/*` and `/api/v1/scheduler/*` to the correct microservice.
Completion criteria:
- [x] Route config translates `/doctor/*` and `/scheduler/*` without duplicating the service-root prefix.
- [x] Middleware tests assert the translated request path seen by the microservice pipeline.
- [x] Live frontdoor probes return authenticated backend responses instead of SPA fallback or `404`.
### ROUTER-BOUNDARY-003 - Reverify the live scratch frontdoor with Playwright
Status: DONE
Dependency: ROUTER-BOUNDARY-002
Owners: QA
Task description:
- Restart the live `router-gateway`, probe the corrected routes directly, and rerun the Playwright canonical sweep against the local scratch stack.
- Capture the remaining failures explicitly so the next iteration starts from UI defects only, not route ownership ambiguity.
Completion criteria:
- [x] `router-gateway` restarted on the local compose stack after config changes.
- [x] Live probes for `/doctor`, `/scheduler`, `/api/v1/aoc`, and `/api/v1/administration` return backend-authenticated responses.
- [x] Playwright canonical sweep records the post-fix result set and isolates any remaining failures.
## Execution Log
| Date (UTC) | Update | Owner |
| --- | --- | --- |
| 2026-03-10 | Sprint created after live scratch verification showed three route-boundary defects: the `/policy` root regex captured Angular chunks, the generic `/api/v1/{service}` matcher stole platform-owned AOC and administration APIs, and shell compatibility prefixes for doctor/scheduler forwarded the wrong backend path. | Developer |
| 2026-03-10 | Added explicit platform mappings, segment-bound `/policy` matching, and prefix-stripping `/doctor`/`/scheduler` routes in both gateway configs. Focused router tests passed `269/269`. | Developer |
| 2026-03-10 | Restarted `router-gateway`, re-probed the repaired live frontdoor, and reran the Playwright canonical route sweep. Result: `109/111` passed, with only `/ops/operations/scheduler` and `/ops/operations/doctor` still failing due to frontend routing fallback rather than router dispatch. | QA |
## Decisions & Risks
- Decision: reverse proxy remains reserved for external/bootstrap surfaces only; first-party Stella API defects must be solved by correcting router route ownership, not by bypassing router transport.
- Decision: root-prefix regex routes must use segment boundaries whenever SPA/static assets can share the same textual prefix.
- Decision: browser-facing compatibility prefixes are acceptable when the route table strips them before dispatch so backend services keep their canonical API roots.
- Risk: the remaining `109/111` Playwright result still includes two frontend route failures under `/ops/operations/*`. Mitigation: treat those as a separate FE iteration and keep this router commit scoped to dispatch correctness.
## Next Checkpoints
- 2026-03-10: Commit the router/frontdoor boundary repair as a standalone iteration.
- 2026-03-10: Triage `/ops/operations/scheduler` and `/ops/operations/doctor` in the web route layer using the clean router baseline.

59
docs/implplan/SPRINT_20260310_021_Router_frontdoor_segment_bound_scheduler_doctor_chunks.md
View File

@@ -1,59 +0,0 @@
# Sprint 20260310-021 - Router Frontdoor Segment Bound Scheduler Doctor Chunks
## Topic & Scope
- Repair the remaining live frontdoor regressions where newly-added `/doctor` and `/scheduler` compatibility prefixes capture Angular lazy chunks instead of only owning the actual URL segment.
- Revalidate the scratch stack with Playwright after the gateway config change so canonical route coverage can move past router dispatch defects.
- Working directory: `src/Router`.
- Allowed coordination edits: `devops/compose/router-gateway-local.json`, `docs/modules/router/architecture.md`, `devops/compose/README.md`, `docs/implplan/SPRINT_20260310_021_Router_frontdoor_segment_bound_scheduler_doctor_chunks.md`.
- Expected evidence: focused router tests, live chunk/backend probes, and a rerun of the canonical Playwright sweep.
## Dependencies & Concurrency
- Depends on `SPRINT_20260310_020_Router_frontdoor_route_boundary_and_service_prefix_repair.md`, which introduced the shell compatibility prefixes that exposed the lazy-chunk collision.
- Safe parallelism: stay inside router config/tests/docs while the frontend route layer remains untouched.
## Documentation Prerequisites
- `AGENTS.md`
- `src/Router/AGENTS.md`
- `src/Router/StellaOps.Gateway.WebService/AGENTS.md`
- `src/Router/__Tests/StellaOps.Gateway.WebService.Tests/AGENTS.md`
- `docs/modules/router/architecture.md`
## Delivery Tracker
### ROUTER-SEGMENT-001 - Segment-bound doctor and scheduler frontdoor prefixes
Status: DONE
Dependency: none
Owners: Developer, QA
Task description:
- Change the frontdoor `/doctor` and `/scheduler` regexes so they match only the route segment and no longer own static chunk filenames such as `doctor.routes-*.js` and `scheduler-ops.routes-*.js`.
Completion criteria:
- [x] Gateway config uses segment-bound regexes for both prefixes.
- [x] Focused route-table tests lock the exact regexes.
- [x] Resolver tests prove static chunks still resolve to SPA/static files.
### ROUTER-SEGMENT-002 - Reverify the live scratch frontdoor and Playwright sweep
Status: DONE
Dependency: ROUTER-SEGMENT-001
Owners: QA
Task description:
- Restart `router-gateway`, verify the affected chunk URLs and API prefixes live, and rerun the canonical Playwright route sweep on `https://stella-ops.local`.
Completion criteria:
- [x] Live chunk requests for doctor and scheduler return frontend assets instead of `503`.
- [x] Live backend requests through `/doctor/*` and `/scheduler/*` still reach the authenticated services.
- [x] Canonical Playwright sweep no longer fails on `/ops/operations/doctor` or `/ops/operations/scheduler`.
## Execution Log
| Date (UTC) | Update | Owner |
| --- | --- | --- |
| 2026-03-10 | Sprint created after the canonical Playwright sweep isolated two remaining failures. Root cause: the new `/doctor` and `/scheduler` frontdoor regexes were broad enough to capture lazy chunk files and return `503` on dynamic imports. | Developer |
| 2026-03-10 | Tightened the doctor and scheduler regexes to `(?=/|$)` segment-bound forms, added route-table/resolver/middleware coverage, and reran the focused router test project successfully (`273/273`). | Developer |
| 2026-03-10 | Recycled `router-gateway`, confirmed doctor/scheduler API prefixes still return authenticated backend responses, confirmed the previously failing lazy chunk URLs now return `200 text/javascript`, and reran the canonical Playwright sweep cleanly at `111/111` passed. | QA |
## Decisions & Risks
- Decision: root-prefix compatibility routes must follow the same segment-bound rule as `/policy` whenever the SPA emits chunk names with a shared textual prefix.
- Risk: if additional frontdoor root prefixes are added without the boundary rule, similar lazy-chunk outages can reappear. Mitigation: keep resolver tests for static-chunk collisions alongside route-table changes.
## Next Checkpoints
- 2026-03-10: rerun the live canonical sweep and confirm whether any non-router failures remain.

48
docs/implplan/SPRINT_20260310_022_Router_platform_v2_evidence_frontdoor_mapping.md
View File

@@ -1,48 +0,0 @@
# Sprint 20260310-022 - Router Platform V2 Evidence Frontdoor Mapping
## Topic & Scope
- Restore the explicit frontdoor contract for `/api/v2/evidence/*` so the environment posture and Mission Control evidence read models resolve through Platform instead of the generic v2 catch-all.
- Keep the work inside the Router route table and regression coverage, with only the minimal compose/docs coordination edits required to keep scratch setup deterministic.
- Working directory: `src/Router`.
- Allowed coordination edits: `devops/compose/router-gateway-local.json`, `docs/modules/router/architecture.md`, `devops/compose/README.md`, `docs/implplan/SPRINT_20260310_022_Router_platform_v2_evidence_frontdoor_mapping.md`.
- Expected evidence: focused router tests, live frontdoor curl proof, and Playwright reruns showing the prior `/api/v2/evidence/packs` 404 is gone.
## Dependencies & Concurrency
- Depends on the local compose stack being reachable through `https://stella-ops.local`.
- Safe parallelism: avoid unrelated Platform and Web feature edits while this router iteration is in progress.
## Documentation Prerequisites
- `AGENTS.md`
- `docs/modules/router/architecture.md`
- `docs/implplan/SPRINT_20260310_021_Router_frontdoor_segment_bound_scheduler_doctor_chunks.md`
## Delivery Tracker
### ROUTER-EVIDENCE-V2-001 - Restore explicit v2 evidence route ownership
Status: DONE
Dependency: none
Owners: QA, Developer, Architect
Task description:
- Add the missing explicit `/api/v2/evidence*` mapping to the Platform frontdoor route table in both appsettings and local compose so the request no longer falls through to the generic `^/api/v2/{service}` route.
- Extend the router regression tests to prove the specific v2 evidence mapping wins over the generic matcher.
Completion criteria:
- [x] Router configs include explicit `/api/v2/evidence*` mapping to `platform`.
- [x] Regression tests cover config presence and route-resolution precedence.
- [x] Live frontdoor requests to `/api/v2/evidence/packs` no longer return router-level `404`.
## Execution Log
| Date (UTC) | Update | Owner |
| --- | --- | --- |
| 2026-03-10 | Sprint created after live Mission Control QA surfaced repeated `404` responses from `/api/v2/evidence/packs` while the direct Platform endpoint still returned the expected tenant-gated `400`. | Developer |
| 2026-03-10 | Added explicit `/api/v2/evidence*` mappings to both router configs, extended router resolution/dispatch tests, and verified `src/Router/__Tests/StellaOps.Gateway.WebService.Tests/StellaOps.Gateway.WebService.Tests.csproj` passes `275/275`. | Developer |
| 2026-03-10 | Restarted `router-gateway`, confirmed `https://stella-ops.local/api/v2/evidence/packs` now returns `401` instead of `404`, and reran `src/Web/StellaOps.Web/scripts/live-mission-control-action-sweep.mjs` with `failedActionCount=0` and `runtimeIssueCount=0`. | QA |
## Decisions & Risks
- Decision: keep `/api/v2/evidence*` as an explicit Platform-owned route alongside the other aggregated v2 read models instead of relying on the generic `^/api/v2/{service}` fallback, because `evidence` is not a standalone frontdoor host in local compose.
- Risk: other aggregated v2 surfaces could still be missing from the explicit route list.
- Mitigation: treat every new frontdoor `404` from a v2 read model as a route-table regression first and extend the explicit mapping test list when confirmed.
## Next Checkpoints
- Rebuild/restart `router-gateway` with the updated route table.
- Rerun the affected Mission Control and environment posture Playwright sweeps.

59
docs/implplan/SPRINT_20260310_023_FE_mission_control_shared_context_scope_alignment.md
View File

@@ -1,59 +0,0 @@
# Sprint 20260310-023 - FE Mission Control Shared Context Scope Alignment
## Topic & Scope
- Align Mission Control board and alert drilldowns with the shared Platform context so scoped sessions only surface matching environments and preserve tenant/region/environment state in downstream routes.
- Keep the work inside the Mission Control feature and its focused regression specs, with only sprint coordination outside the Web working directory.
- Working directory: `src/Web/StellaOps.Web`.
- Allowed coordination edits: `docs/implplan/SPRINT_20260310_023_FE_mission_control_shared_context_scope_alignment.md`.
- Expected evidence: focused Angular tests, a live authenticated Mission Control Playwright sweep, and rebuilt Web assets already synced into the running stack.
## Dependencies & Concurrency
- Depends on the authenticated local stack being reachable through `https://stella-ops.local`.
- Depends on the frontdoor evidence routing fix in `SPRINT_20260310_022_Router_platform_v2_evidence_frontdoor_mapping.md` so downstream posture pages do not emit false Mission Control runtime failures.
- Safe parallelism: do not mix unrelated layout/search cleanup into this commit.
## Documentation Prerequisites
- `AGENTS.md`
- `docs/qa/feature-checks/FLOW.md`
- `docs/implplan/SPRINT_20260310_003_FE_mission_control_live_action_sweep.md`
## Delivery Tracker
### FE-MISSION-SCOPE-001 - Align board environment selection with shared context
Status: DONE
Dependency: none
Owners: QA, Developer, Product Manager
Task description:
- Remove the Mission Control board's drift from the shared Platform context so scoped sessions only show the matching environment cards and downstream topology/findings links inherit the correct region and environment.
- Keep the implementation centered on the shared context store instead of duplicating local filter state inside the board component.
Completion criteria:
- [x] Mission Control board environment cards reflect the active `PlatformContextStore` region scope.
- [x] Scoped downstream links from the board preserve the expected region and environment query state.
- [x] Focused regression specs cover the shared-context behavior.
### FE-MISSION-SCOPE-002 - Preserve alert drilldown scope when leaving Mission Control
Status: DONE
Dependency: FE-MISSION-SCOPE-001
Owners: QA, Developer
Task description:
- Ensure Mission Control alert drilldowns merge the active query scope so Watchlist and adjacent surfaces do not drop the current tenant/region/environment window when the user pivots from alerts.
Completion criteria:
- [x] Mission Control alert links use merged query params where needed.
- [x] Live Mission Control action sweep completes with zero failed actions and zero runtime issues.
## Execution Log
| Date (UTC) | Update | Owner |
| --- | --- | --- |
| 2026-03-10 | Sprint created after live Mission Control QA showed stage drilldowns resolving against the wrong region because the board was not honoring the active shared context scope. | Developer |
| 2026-03-10 | Updated the board and alert drilldowns to rely on shared query scope, refreshed the focused specs, rebuilt/synced the Web assets, and reran `scripts/live-mission-control-action-sweep.mjs` cleanly with `failedActionCount=0` and `runtimeIssueCount=0`. | QA |
## Decisions & Risks
- Decision: Mission Control should consume the global context store instead of keeping a separate board-local region/window state. That avoids dual sources of truth and keeps deep links aligned with the rest of the shell.
- Risk: other mission surfaces could still rely on stale local scope defaults.
- Mitigation: keep expanding the live action sweeps for Mission Control-adjacent pages and add focused spec coverage whenever a new scope regression is found.
## Next Checkpoints
- Commit the Mission Control scope repair as its own FE iteration.
- Continue into the next page-family action sweep on the rebuilt stack.

44
docs/implplan/SPRINT_20260310_024_FE_topbar_status_chip_ownership_split.md
View File

@@ -1,44 +0,0 @@
# Sprint 20260310-024 - FE Topbar Status Chip Ownership Split
## Topic & Scope
- Finish and verify the topbar/context-controls split so global scope selectors stay in `ContextChipsComponent` while status chips live in the authenticated topbar row.
- Capture the missed verification work for the already-implemented layout refactor and keep the commit scoped to the Web layout layer.
- Working directory: `src/Web/StellaOps.Web`.
- Allowed coordination edits: `docs/implplan/SPRINT_20260310_024_FE_topbar_status_chip_ownership_split.md`.
- Expected evidence: focused Angular layout specs and a live authenticated Playwright shell check.
## Dependencies & Concurrency
- Depends on the rebuilt local shell being reachable through `https://stella-ops.local`.
- Safe parallelism: avoid mixing unrelated Mission Control or search work into this layout cleanup iteration.
## Documentation Prerequisites
- `AGENTS.md`
- `docs/qa/feature-checks/FLOW.md`
## Delivery Tracker
### FE-TOPBAR-SPLIT-001 - Finalize topbar ownership for status chips
Status: DONE
Dependency: none
Owners: QA, Developer, Product Manager
Task description:
- Verify the refactor that moved system-status chips out of `ContextChipsComponent` and into the authenticated topbar row, then bring the stale unit tests and component comments in line with the new ownership split.
Completion criteria:
- [x] `ContextChipsComponent` describes and renders only shared scope controls.
- [x] `AppTopbarComponent` focused spec covers the authenticated status-chip row.
- [x] Live authenticated shell check confirms tenant, context controls, and status chips render together without console errors.
## Execution Log
| Date (UTC) | Update | Owner |
| --- | --- | --- |
| 2026-03-10 | Sprint created while auditing forgotten uncommitted Web files; confirmed the live shell already renders tenant, context controls, and five status chips after authentication. | Developer |
| 2026-03-10 | Updated the stale topbar/context-chips specs to match the ownership split, aligned the `ContextChipsComponent` contract text/ARIA label, and reran the focused Angular layout tests with `7/7` passing. | QA |
## Decisions & Risks
- Decision: keep status chips in the topbar rather than `ContextChipsComponent` so layout can separate persistent shell health state from the interactive scope controls.
- Risk: unit tests can drift again when shell ownership changes without matching spec updates.
- Mitigation: keep focused topbar/context-chips specs near the components and validate the live authenticated shell with Playwright when ownership changes.
## Next Checkpoints
- Run the focused layout specs and commit the topbar/context-control split as its own FE iteration.

47
docs/implplan/SPRINT_20260310_025_FE_releases_deployment_evidence_scope_preservation.md
View File

@@ -1,47 +0,0 @@
# Sprint 20260310-025 - FE Releases Deployment Evidence Scope Preservation
## Topic & Scope
- Preserve active tenant/region/environment/time-window scope through deployment-detail evidence and replay actions so release operators do not fall into stale evidence context after drilling into a deployment.
- Tighten the existing live releases deployment Playwright harness so this class of scope regression fails explicitly in future scratch iterations.
- Working directory: `src/Web/StellaOps.Web`.
- Allowed coordination edits: `docs/implplan/SPRINT_20260310_025_FE_releases_deployment_evidence_scope_preservation.md`.
- Expected evidence: focused Angular scope tests and a live releases deployment Playwright run with scoped evidence/replay links.
## Dependencies & Concurrency
- Depends on the authenticated local stack being reachable through `https://stella-ops.local`.
- Safe parallelism: avoid unrelated search or topology edits while this release-detail iteration is in progress.
## Documentation Prerequisites
- `AGENTS.md`
- `docs/qa/feature-checks/FLOW.md`
- `docs/implplan/SPRINT_20260308_026_FE_live_releases_deployments_route_and_action_repair.md`
## Delivery Tracker
### FE-DEPLOY-SCOPE-001 - Preserve scoped evidence and replay handoffs
Status: DONE
Dependency: none
Owners: QA, Developer, Architect
Task description:
- Update deployment-detail navigation so back-navigation, replay verify, evidence workspace, and proof-chain links all preserve the active shell scope instead of falling back to stale global context.
- Add focused regression tests and harden the live Playwright check so scope drift becomes a failing result.
Completion criteria:
- [x] Deployment detail evidence and proof links merge active query scope.
- [x] `returnTo` emitted by deployment detail preserves the active context query parameters.
- [x] Live releases deployment Playwright evidence/replay checks fail on scope drift and pass on the fixed stack.
## Execution Log
| Date (UTC) | Update | Owner |
| --- | --- | --- |
| 2026-03-10 | Sprint created after the live releases deployment sweep showed deployment evidence and proof-chain actions reopening under `eu-west/eu-stage/7d` instead of the active `us-east/stage` scope. | Developer |
| 2026-03-10 | Added focused deployment-detail scope regressions (`2/2` passing), rebuilt the web shell, synced the live bundle, and reran the Playwright releases deployment sweep cleanly with scoped replay/evidence/proof URLs and no remaining scope issues. | Developer |
## Decisions & Risks
- Decision: preserve scope at the deployment-detail source by emitting scoped `returnTo` URLs and merged query params rather than relying on downstream evidence pages to guess the active context.
- Risk: similar release-detail surfaces may still encode incomplete `returnTo` state.
- Mitigation: strengthen each live action harness to assert scoped downstream URLs, not just page reachability.
## Next Checkpoints
- Run focused deployment-detail scope tests.
- Rerun the live releases deployment Playwright check and commit the fix.

49
docs/implplan/SPRINT_20260310_027_FE_mission_control_alerts_activity_route_restore.md
View File

@@ -1,49 +0,0 @@
# Sprint 20260310_027 - FE Mission Control Alerts Activity Route Restore
## Topic & Scope
- Restore the canonical `/mission-control/alerts` and `/mission-control/activity` leaves after the live Playwright sweep found they now redirect to the dashboard.
- Keep the fix limited to Mission Control route ownership and direct verification on the rebuilt `https://stella-ops.local` stack.
- Working directory: `src/Web/StellaOps.Web/src/app/routes`.
- Allowed coordination edits: `src/Web/StellaOps.Web/scripts`, `docs/implplan/SPRINT_20260310_027_FE_mission_control_alerts_activity_route_restore.md`.
- Expected evidence: focused route spec, rebuilt web bundle, live Playwright mission-control sweep JSON, scoped local commit.
## Dependencies & Concurrency
- Depends on the live stack already running from the scratch setup iteration.
- Safe parallelism: avoid unrelated mission-control feature changes; keep edits scoped to route restoration and verification.
## Documentation Prerequisites
- `AGENTS.md`
- `docs/qa/feature-checks/FLOW.md`
- `docs/features/checked/web/security-operations-leaves-ui.md`
## Delivery Tracker
### FE-MISSION-ROUTE-001 - Restore dedicated Mission Control leaves
Status: DONE
Dependency: none
Owners: QA, Developer
Task description:
- The live Mission Control action sweep now fails the `Watchlist alert` drilldown because `/mission-control/alerts` redirects to `/mission-control/board` instead of rendering the dedicated alerts surface.
- Restore `alerts` and `activity` as dedicated lazy-loaded routes, prove the route contract with a focused spec, rebuild the web bundle, and rerun the live Mission Control sweep.
Completion criteria:
- [x] `/mission-control/alerts` renders `MissionAlertsPageComponent`.
- [x] `/mission-control/activity` renders `MissionActivityPageComponent`.
- [x] Focused route regression passes.
- [x] Live Mission Control sweep passes with zero failed actions and zero runtime issues.
## Execution Log
| Date (UTC) | Update | Owner |
| --- | --- | --- |
| 2026-03-10 | Sprint created after the rebuilt live Mission Control sweep found `/mission-control/alerts` and `/mission-control/activity` redirecting to `/mission-control/board`, which broke the watchlist alert drilldown. | Developer |
| 2026-03-10 | Restored `alerts` and `activity` as dedicated lazy Mission Control leaves in `mission-control.routes.ts`, added `mission-control.routes.spec.ts`, rebuilt the web bundle, resynced `dist/stellaops-web/browser` into `compose_console-dist`, and reran the live Mission Control sweep clean after filtering navigation-aborted runtime noise in the harness. | Developer |
| 2026-03-10 | Corrected the dedicated alerts leaf to keep its watchlist drilldown `returnTo=/mission-control/alerts` contract and tightened the live Mission Control sweep to assert that return path, not just the target page. | Developer |
## Decisions & Risks
- Decision: keep Mission Control board, alerts, and activity as separate canonical surfaces because the checked feature docs and existing e2e coverage expect those leaves to remain directly addressable.
- Decision: watchlist drilldowns launched from the dedicated alerts leaf must return to `/mission-control/alerts`, not the board, so the restored surface stays behaviorally self-consistent.
- Risk: sidebar/navigation work may intentionally hide these leaves from primary navigation. Restoring the routes should not implicitly re-add nav items; route ownership and navigation exposure remain separate concerns.
## Next Checkpoints
- Restore the route targets and add a focused route spec.
- Rebuild the web bundle, resync the live dist, and rerun the live Mission Control sweep.

55
docs/implplan/SPRINT_20260310_028_FE_route_surface_ownership_alignment.md
View File

@@ -1,55 +0,0 @@
# Sprint 20260310_028 - FE Route Surface Ownership Alignment
## Topic & Scope
- Align the live web shell so notifications, environment inventory, release health, and audit/security navigation point to the canonical owning surfaces.
- Repair the route-level and return-navigation regressions left behind by the in-flight cleanup, especially around Mission Control watchlist handoffs.
- Working directory: `src/Web/StellaOps.Web/src/app/routes`.
- Allowed coordination edits: `src/Web/StellaOps.Web/src/app/layout/app-sidebar`, `src/Web/StellaOps.Web/src/app/features/platform/ops`, `src/Web/StellaOps.Web/src/app/features/watchlist`, `src/Web/StellaOps.Web/src/app/core/testing`, `docs/implplan/SPRINT_20260310_028_FE_route_surface_ownership_alignment.md`.
- Expected evidence: focused Angular route/sidebar/watchlist specs, rebuilt web bundle, live Playwright route/action checks on the changed surfaces.
## Dependencies & Concurrency
- Depends on the live compose stack from the scratch-setup iteration.
- Safe parallelism: do not mix unrelated page-revival edits into this slice; keep it bounded to route ownership, sidebar exposure, and watchlist handoff semantics.
## Documentation Prerequisites
- `AGENTS.md`
- `docs/qa/feature-checks/FLOW.md`
- `docs/features/checked/web/left-rail-navigation-shell.md`
- `docs/features/checked/web/identity-watchlist-management-ui.md`
- `docs/features/checked/web/platform-setup-canonical-route-preservation-ui.md`
## Delivery Tracker
### FE-ROUTE-OWNERSHIP-001 - Align canonical route ownership and sidebar exposure
Status: DONE
Dependency: none
Owners: QA, Developer
Task description:
- The dirty web slice is consolidating notifications and environment inventory under Operations, adding Release Health under Releases, and re-grouping sidebar ownership between Release Control, Security & Audit, and Platform & Setup.
- Finish the cleanup by validating the route contracts in code, restoring any dropped scope-preservation coverage that is still required, and correcting watchlist return semantics so dedicated Mission Control leaves remain truthful.
Completion criteria:
- [x] Route specs prove the canonical owners for `/ops/operations/notifications`, `/ops/operations/environments`, `/releases/health`, and the legacy environment redirects.
- [x] Sidebar spec proves the new exposure model without reintroducing removed Mission Control child leaves.
- [x] Watchlist return labels distinguish `Mission Alerts`, `Dashboard`, and `Notifications`.
- [x] Rebuilt live web passes the affected Playwright route/action checks with zero failures.
## Execution Log
| Date (UTC) | Update | Owner |
| --- | --- | --- |
| 2026-03-10 | Sprint created while auditing the remaining dirty route/sidebar slice after the Mission Control iteration. Confirmed the change set is a route-surface ownership cleanup, not the unrelated OpenAPI/header draft sprint. | Developer |
| 2026-03-10 | Added `route-surface-ownership.spec.ts`, restored the dropped Mission Control scope assertions, and added the missing watchlist return-label coverage. `npx ng test --watch=false --include=src/app/routes/route-surface-ownership.spec.ts --include=src/app/routes/releases.routes.spec.ts --include=src/app/layout/app-sidebar/app-sidebar.component.spec.ts --include=src/app/core/testing/mission-scope-links.component.spec.ts` passed `27/27`; `npx ng test --watch=false --ts-config tsconfig.spec.features.json --include=src/app/features/watchlist/watchlist-page.component.spec.ts` passed `9/9`. | Developer |
| 2026-03-10 | Rebuilt the web bundle, resynced `dist/stellaops-web/browser` into `compose_console-dist`, and verified the live route/sidebar ownership slice with `node ./scripts/live-route-surface-ownership-check.mjs` (`failedActionCount=0`, `runtimeIssueCount=0`). | QA |
| 2026-03-10 | Adjacent live check `node ./scripts/live-notifications-watchlist-recheck.mjs` still fails on the Notifications surface (`Notification Administration`) because the watchlist tuning and alert drilldown links are missing and the page raised a visible `!t.items is not iterable` banner. Kept that defect out of this scoped commit as the next iteration. | QA |
## Decisions & Risks
- Decision: keep environment inventory under Operations and treat Releases-owned environment routes as compatibility redirects only.
- Decision: preserve dedicated Mission Control alert semantics end to end; restoring the alerts leaf also requires preserving `Mission Alerts` return labels in watchlist drilldowns.
- Decision: keep a dedicated Playwright harness (`live-route-surface-ownership-check.mjs`) for this cleanup so future route/shell ownership changes can be reverified without rerunning the full canonical sweep.
- Risk: unrelated page-level UI edits are still present in the dirty tree. They must stay out of this commit unless they are independently verified.
- Risk: Notifications still has a separate live defect (`!t.items is not iterable`, missing watchlist links). That surface needs its own follow-up iteration before the broader product can be considered clean.
## Next Checkpoints
- Land focused route/watchlist/spec coverage.
- Rebuild and sync the web bundle into `compose_console-dist`.
- Re-run live Playwright on the changed route/action surfaces and commit the verified slice.

77
docs/implplan/SPRINT_20260310_029_FE_notifications_surface_contract_and_frontdoor_split.md
View File

@@ -1,77 +0,0 @@
# Sprint 20260310-029 - Notifications Surface Contract And Frontdoor Split
## Topic & Scope
- Restore the intended split between operator notifications and setup/admin notifications so `/ops/operations/notifications` stays an operator workflow while `/setup/notifications` hosts Notifications Studio.
- Repair the Notifications Studio web client so it talks to the documented Notifier frontdoor instead of stale legacy Notify endpoint shapes and paths.
- Add the missing router frontdoor mapping for the Notifier Studio API prefix and reverify both surfaces with focused tests and live Playwright.
- Working directory: `src/Web/StellaOps.Web`.
- Expected evidence: focused Angular specs, focused router tests, live Playwright artifact, updated sprint log.
## Dependencies & Concurrency
- Depends on `SPRINT_20260310_028_FE_route_surface_ownership_alignment.md` for the route ownership baseline.
- Safe parallelism: avoid the unrelated dirty files already present under `src/Web/StellaOps.Web/src/app/features/approvals/`, `src/Web/StellaOps.Web/src/app/features/release-control/`, `src/Web/StellaOps.Web/src/app/features/security/`, `src/Web/StellaOps.Web/src/app/shared/ui/filter-bar/`, and `docs/implplan/SPRINT_20260310_026_Platform_global_context_propagation_header_cleanup.md`.
- Allowed coordination edits: `src/Router/StellaOps.Gateway.WebService/appsettings.json`, `src/Router/__Tests/StellaOps.Gateway.WebService.Tests/Configuration/GatewayRouteSearchMappingsTests.cs`, `devops/compose/router-gateway-local.json`, `docs/modules/notify/architecture.md`, `docs/implplan/SPRINT_20260310_029_FE_notifications_surface_contract_and_frontdoor_split.md`.
## Documentation Prerequisites
- `docs/modules/notify/architecture.md`
- `docs/features/checked/web/security-operations-leaves-ui.md`
- `docs/features/checked/web/notification-rule-simulation-escalation-policies.md`
- `docs/modules/router/webservices-valkey-rollout-matrix.md`
## Delivery Tracker
### NOTIFY-FRONTDOOR-029-001 - Restore route ownership for operator and admin notifications
Status: DONE
Dependency: none
Owners: QA, Developer
Task description:
- Move `/ops/operations/notifications` back onto the operator `NotifyPanelComponent` and mount Notifications Studio under `/setup/notifications` instead of redirecting setup traffic into ops.
- Update route contract specs so the ownership split is explicit and regressions are caught in tests.
Completion criteria:
- [ ] `/ops/operations/notifications` renders the operator notifications shell rather than Notifications Studio.
- [ ] `/setup/notifications` is mounted directly and no longer redirects into ops.
- [ ] Route ownership specs cover both surfaces.
### NOTIFY-FRONTDOOR-029-002 - Retarget Notifications Studio to the documented Notifier frontdoor
Status: DONE
Dependency: NOTIFY-FRONTDOOR-029-001
Owners: 3rd line support, Architect, Developer
Task description:
- Diagnose the live Studio failures down to route ownership, stale API base URL, stale endpoint paths, and response-shape mismatches.
- Retarget the web client to the Notifier frontdoor prefix, normalize live collection envelopes, and use canonical Studio endpoint names instead of stale singular and misspelled paths.
- Add the missing router mapping for the Studio frontdoor prefix so the client reaches Notifier through the gateway without reintroducing broad reverse-proxy fallback.
Completion criteria:
- [ ] The web client uses the canonical Notifier frontdoor prefix.
- [ ] Rules, channels, deliveries, quiet-hours, overrides, escalation policies, throttles, simulation, and preview calls use canonical endpoint names.
- [ ] Focused specs cover response normalization and frontdoor route presence.
### NOTIFY-FRONTDOOR-029-003 - Reverify notifications surfaces live with Playwright
Status: DONE
Dependency: NOTIFY-FRONTDOOR-029-002
Owners: QA
Task description:
- Rebuild the affected runtime slice, sync the new web bundle, and run live Playwright against both `/ops/operations/notifications` and `/setup/notifications`.
- Verify the operator watchlist handoff links render and land correctly, and verify the admin tabs load without runtime error banners or broken requests on the rebuilt stack.
Completion criteria:
- [ ] Focused Angular/router tests pass.
- [ ] The rebuilt web bundle is synced into the live stack.
- [ ] Live Playwright verifies the operator and admin notifications surfaces without the previous `t.items is not iterable` failure.
## Execution Log
| Date (UTC) | Update | Owner |
| --- | --- | --- |
| 2026-03-10 | Sprint created after live Playwright showed `/ops/operations/notifications` was serving the wrong owner surface and `/setup/notifications` was coupled to stale Notifications Studio frontdoor contracts. | Developer |
| 2026-03-10 | Restored the operator/admin route split, added the router frontdoor mapping for `/api/v1/notifier/*`, corrected the accidental repointing of the operator `NotifyApi` to Notifier, rebuilt the web bundle, synced `compose_console-dist`, restarted `stellaops-router-gateway`, and reran the live Playwright notifications sweep cleanly. Focused Angular/Vitest and router tests passed before the live recheck. | Codex |
## Decisions & Risks
- Decision: keep the product split documented in the UI dossiers: ops notifications remains the operator shell, while setup notifications remains the admin Studio.
- Decision: use the documented Notifier frontdoor prefix (`/api/v1/notifier`) and route it through explicit microservice mappings instead of broad reverse-proxy fallback.
- Decision: keep the legacy operator `NotifyApi` on `/api/v1/notify`; only the admin Notifications Studio moves to `/api/v1/notifier`. Mixing those two service contracts caused the live `newCollection[Symbol.iterator] is not a function` runtime failure on the operator page.
- Risk: the Notifier Studio backend currently emits mixed collection shapes across endpoints and tests; the web client must normalize both raw-array and envelope forms until the backend contracts are fully converged.
## Next Checkpoints
- Land the route and frontdoor fixes with focused specs.
- Rebuild the router/web slice and rerun the live notifications Playwright sweep.

52
docs/implplan/SPRINT_20260310_030_FE_releases_environment_canonical_route_restore.md
View File

@@ -1,52 +0,0 @@
# Sprint 20260310_030 - FE Releases Environment Canonical Route Restore
## Topic & Scope
- Restore `/releases/environments` as a canonical Releases route instead of redirecting it into Operations.
- Keep the working topology-backed environment inventory UI, but mount it directly under Releases so the live route contract matches the product shell.
- Realign legacy environment aliases and live route-ownership evidence with the restored canonical route.
- Working directory: `src/Web/StellaOps.Web/src/app/routes`.
- Allowed coordination edits: `src/Web/StellaOps.Web/src/app/app.routes.ts`, `src/Web/StellaOps.Web/scripts`, `docs/implplan/SPRINT_20260310_030_FE_releases_environment_canonical_route_restore.md`.
- Expected evidence: focused Angular route tests, rebuilt web bundle, live Playwright canonical/ownership checks.
## Dependencies & Concurrency
- Depends on the current live compose stack and the prior route-ownership cleanup sprint.
- Safe parallelism: do not revive the dead release-orchestrator environment pages in this slice; keep the fix bounded to route contracts and evidence.
## Documentation Prerequisites
- `AGENTS.md`
- `docs/qa/feature-checks/FLOW.md`
- `docs/implplan/SPRINT_20260310_028_FE_route_surface_ownership_alignment.md`
## Delivery Tracker
### FE-RELEASE-ENV-001 - Restore canonical Releases ownership for environment inventory
Status: DONE
Dependency: none
Owners: QA, 3rd Line Support, Product Manager, Architect, Developer
Task description:
- Live Playwright canonical sweeps still report `/releases/environments` as a failure because the route hard-redirects to `/ops/operations/environments`, even though Pack 22 and the current canonical sweep both treat `/releases/environments` as the client-facing contract.
- The old release-orchestrator environment pages are not safe to restore: they are placeholder-heavy, contain stale links, and would reintroduce broken actions. The correct fix is to keep the working topology-backed inventory/detail pages and mount them directly under Releases.
Completion criteria:
- [x] `/releases/environments` and `/releases/environments/:environmentId` resolve under `/releases/*` without redirecting to Operations.
- [x] Legacy release environment aliases redirect to `/releases/environments`.
- [x] Route ownership specs and live ownership harness match the restored contract.
- [x] Rebuilt live web passes the canonical route sweep with zero failed routes.
## Execution Log
| Date (UTC) | Update | Owner |
| --- | --- | --- |
| 2026-03-10 | Sprint created after the live canonical Playwright sweep dropped to a single failure: `/releases/environments` redirected to `/ops/operations/environments`. Root-cause audit confirmed the redirect was architectural drift, not a component/runtime failure. | Developer |
| 2026-03-10 | Restored `/releases/environments` and `/releases/environments/:environmentId` as Releases-mounted topology surfaces, retargeted the legacy release environment aliases to `/releases/environments`, and updated the route-ownership test/harness expectations to match the canonical contract. | Developer |
| 2026-03-10 | `npx ng test --watch=false --progress=false --ts-config tsconfig.spec.json --include src/app/routes/route-surface-ownership.spec.ts` passed `5/5`; `npm run build` passed; the rebuilt bundle was synced into `compose_console-dist`; `node ./scripts/live-frontdoor-canonical-route-sweep.mjs` passed `111/111`; `node ./scripts/live-route-surface-ownership-check.mjs` passed with `failedActionCount=0` and `runtimeIssueCount=0`. | QA |
## Decisions & Risks
- Decision: supersede the earlier Operations-only redirect decision from `SPRINT_20260310_028_FE_route_surface_ownership_alignment.md`; the canonical Releases contract wins because the live route matrix and Pack 22 both depend on `/releases/environments`.
- Decision: do not revive `features/release-orchestrator/environments/**` in this slice. Those components remain non-canonical and need separate revival work if they are ever to return.
- Decision: keep the topology-backed environment inventory/detail pages as the shared implementation behind both Releases and Operations rather than forking a second environment inventory surface.
- Decision: hardened `live-route-surface-ownership-check.mjs` to retry watchlist return-label checks when the trust shell briefly reports the blank `StellaOps` transition title; direct Playwright repro proved the underlying product flow was healthy and the prior failure was a harness race.
## Next Checkpoints
- Land the Releases route and legacy alias contract update.
- Re-run focused Angular route tests.
- Rebuild/sync the web bundle and re-run the live canonical and route-ownership sweeps.

45
docs/implplan/SPRINT_20260310_031_FE_hotfix_route_and_action_repair.md
View File

@@ -1,45 +0,0 @@
# Sprint 20260310_031 - Hotfix Route And Action Repair
## Topic & Scope
- Remove dead hotfix actions from the Releases surface and converge hotfix creation on the shipped canonical release creation workflow.
- Repair the hotfix queue so `Review` opens the existing detail surface instead of doing nothing.
- Working directory: `src/Web/StellaOps.Web/src/app/routes`.
- Expected evidence: focused Angular route/component tests, live Playwright hotfix action sweep, rebuilt web bundle synced into the local compose stack.
## Dependencies & Concurrency
- Depends on the current local Stella Ops stack staying reachable at `https://stella-ops.local`.
- Safe parallelism: bounded to Releases route wiring, hotfix queue UI, and supporting Playwright harnesses.
## Documentation Prerequisites
- `docs/qa/feature-checks/FLOW.md`
- `docs/modules/platform/architecture-overview.md`
## Delivery Tracker
### TASK-01 - Repair hotfix create and review actions
Status: DONE
Dependency: none
Owners: QA, 3rd line support, Product Manager, Architect, Developer
Task description:
- The current hotfix queue and `/releases/hotfixes/new` route expose active controls that do not perform any user-visible action. This violates the zero-tolerance QA bar for live routes and actionability.
- Diagnose the broken interactions, confirm the canonical shipped workflow, and repair the hotfix route contract and queue actions without reviving duplicate placeholder UI.
Completion criteria:
- [x] `/releases/hotfixes/new` lands on the canonical release creation workflow with `type=hotfix` and `hotfixLane=true` while preserving scope query params.
- [x] The hotfix queue `Review` action opens `/releases/hotfixes/:hotfixId` and preserves current scope.
- [x] Focused route/component tests cover the redirect and queue link behavior.
- [x] A live Playwright hotfix action sweep passes with zero failed actions and zero runtime issues.
## Execution Log
| Date (UTC) | Update | Owner |
| --- | --- | --- |
| 2026-03-10 | Sprint created for live hotfix route and action repair after Playwright found inert `Review` and `Submit For Review` controls. | QA |
| 2026-03-10 | Root cause confirmed: `/releases/hotfixes/new` was a dead placeholder form and the queue `Review` action was an inert button. Redirected hotfix creation to the canonical release creation workflow, rewired `Review` to the existing detail route, rebuilt/synced the web bundle, and passed focused Angular coverage plus live Playwright hotfix and canonical route sweeps (`111/111`). | QA / Developer |
## Decisions & Risks
- Decision: keep `/releases/versions/new` as the canonical hotfix creation workflow and make `/releases/hotfixes/new` a compatibility redirect instead of extending the dead placeholder `HotfixCreatePageComponent`.
- Decision: use the existing hotfix detail page for queue review instead of inventing a new modal or secondary workflow.
- Decision: update the canonical route sweep contract so `/releases/hotfixes/new` is accepted as a compatibility redirect to `/releases/versions/new`; the dedicated hotfix action sweep remains responsible for asserting `type=hotfix` and `hotfixLane=true`.
## Next Checkpoints
- Move to the next deep action sweep under Releases after this scoped commit.

48
docs/implplan/SPRINT_20260310_032_Authority_release_scope_alignment_for_promotions.md
View File

@@ -1,48 +0,0 @@
# Sprint 20260310_032 - Release Scope Alignment For Promotions
## Topic & Scope
- Repair the live promotion submit path by aligning the scratch-setup UI client scope contract with the release backend authorization model.
- Ensure wiped local installs converge on the same scope set through compose bootstrap configuration and Authority demo seed data.
- Working directory: `src/Authority/`.
- Cross-module edits explicitly allowed: `src/Web/StellaOps.Web/src/config`, `src/Web/StellaOps.Web/scripts`, and `devops/compose`.
- Expected evidence: focused Authority bootstrap coverage, rebuilt/redeployed local stack, live Playwright promotion submit sweep, refreshed authenticated route coverage.
## Dependencies & Concurrency
- Depends on the local Docker stack being available for rebuild/redeploy on `https://stella-ops.local`.
- Safe parallelism: limited to Authority bootstrap scope provisioning, local setup config, and release-promotion Playwright harnesses.
## Documentation Prerequisites
- `docs/qa/feature-checks/FLOW.md`
- `docs/modules/ui/v2-rewire/authority-matrix.md`
- `docs/technical/architecture/console-admin-rbac.md`
## Delivery Tracker
### TASK-01 - Align release publisher scopes across scratch setup sources
Status: DONE
Dependency: none
Owners: QA, 3rd line support, Product Manager, Architect, Developer
Task description:
- Live Playwright proved that `/releases/promotions/create` can preview and enumerate targets but fails the final submit with `403` from `POST /api/v1/release-orchestrator/releases/:id/promote`.
- Root cause must be fixed at the product contract layer: the release backend correctly requires `release:publish`, while the local UI client and scratch Authority bootstrap sources still only provision `release:read`.
Completion criteria:
- [x] The shipped web config and local environment override request `release:read`, `release:write`, and `release:publish`.
- [x] The compose bootstrap client and first-run Authority seed data provision the same release scopes on wiped installs.
- [x] Focused regression coverage proves bootstrap client provisioning retains the release publisher scopes.
- [x] A live Playwright promotion-submit sweep passes without `403` and lands on the canonical promotion detail route.
## Execution Log
| Date (UTC) | Update | Owner |
| --- | --- | --- |
| 2026-03-10 | Sprint created after live Playwright confirmed promotion preview works but submit fails with `403` because the release backend requires `release:publish` while the local UI client only requests/allows `release:read`. | QA |
| 2026-03-10 | Patched the release publisher scope set across the shipped web config, compose bootstrap client, runtime env override, and Authority scratch/demo seeds. Added focused Authority bootstrap coverage and a dedicated live Playwright promotion submit harness. | QA / Developer |
| 2026-03-10 | Rebuilt all 59 Docker images from the local matrix, tore the stack down with volumes, redeployed from scratch, resynced the rebuilt web dist, and reauthenticated against the fresh install. Live Playwright now confirms promotion submit returns `200`, lands on `/releases/promotions/:id`, preserves tenant/region/environment/time-window scope, and the canonical route sweep passes `111/111` on the rebuilt stack. | QA / Developer |
## Decisions & Risks
- Decision: keep the backend `release:publish` gate intact and repair the client/bootstrap scope contract instead of weakening release approval authorization.
- Decision: patch both compose runtime bootstrap and persisted Authority demo seed data so scratch rebuilds and fresh database installs converge on the same allowed scope set.
- Decision: preserve current scope query parameters on successful promotion submit so the user remains in the same tenant/region/environment context after the wizard transitions to the promotion detail route.
## Next Checkpoints
- Continue the next deep action sweep from the rebuilt local stack.

58
docs/implplan/SPRINT_20260310_033_FE_live_frontdoor_unified_search_route_matrix.md
View File

@@ -1,58 +0,0 @@
# Sprint 20260310_033 - FE Live Frontdoor Unified Search Route Matrix
## Topic & Scope
- Reverify unified search directly on `https://stella-ops.local` after the full scratch rebuild and backend refresh, not only on the standalone search harness.
- Exercise supported route-local search starters end to end through the real authenticated shell and capture runtime evidence for route context, query execution, and result grounding.
- Repair any search-runtime convergence defect that prevents a wiped local install from surfacing viable Doctor, Policy, Findings, or VEX starters without manual post-start rebuild steps.
- Working directory: `src/AdvisoryAI/`.
- Allowed coordination edits: `src/Web/StellaOps.Web/scripts`, `docs/modules/advisory-ai/**`, and this sprint file.
- Expected evidence: a live Playwright frontdoor sweep script, JSON output under `src/Web/StellaOps.Web/output/playwright/`, focused AdvisoryAI tests, targeted image rebuild/redeploy, and a scoped local commit.
## Dependencies & Concurrency
- Depends on the scratch rebuild baseline and the current healthy compose stack on `https://stella-ops.local`.
- Safe parallelism: stay within live search harnesses, unified-search UI, and minimal docs updates required by any discovered defect.
## Documentation Prerequisites
- `AGENTS.md`
- `docs/qa/feature-checks/FLOW.md`
- `docs/modules/ui/search-zero-learning-primary-entry.md`
- `docs/modules/advisory-ai/knowledge-search.md`
## Delivery Tracker
### FE-LIVE-SEARCH-001 - Add and execute a frontdoor unified-search route matrix
Status: DONE
Dependency: none
Owners: QA, 3rd line support, Product Manager, Architect, Developer
Task description:
- The repo already has live search verification for the standalone local shell plus AdvisoryAI runtime, but this scratch iteration needs the same route-by-route proof against the real authenticated Stella Ops frontdoor.
- Add a script that authenticates against `https://stella-ops.local`, opens the supported route-local search surfaces, captures surfaced starter chips, executes each chip, and fails on missing context, missing starters, degraded banners, dead-end query execution, or runtime/network errors.
- The matrix must distinguish real search-runtime defects from cold-load convergence: starter chips are only trustworthy after the route-local `suggestions/evaluate` call settles, and backend/search response errors must be captured as first-class evidence instead of being flattened into a generic "no chips" failure.
Completion criteria:
- [x] A live frontdoor search matrix script exists under `src/Web/StellaOps.Web/scripts/`.
- [x] The script writes structured JSON evidence under `src/Web/StellaOps.Web/output/playwright/`.
- [x] The script verifies route context plus starter-chip execution on Doctor, Security Triage, Policy, and Advisories & VEX.
- [x] Any product defects exposed by the run are root-caused, fixed, rebuilt, reverified, and committed in this iteration.
## Execution Log
| Date (UTC) | Update | Owner |
| --- | --- | --- |
| 2026-03-10 | Sprint created after the scratch rebuild, canonical route sweep, and release-promotion repair commit. Notifications recheck is clean again on the rebuilt stack, so the next untouched high-risk live surface is unified search through the real frontdoor shell. | QA |
| 2026-03-10 | Added `scripts/live-frontdoor-unified-search-route-matrix.mjs` and ran it against the rebuilt stack. Doctor search reproduces a real setup/runtime defect: the frontdoor returns `current_scope_corpus_unready` for all knowledge-scope starter queries even though the shell context is correct. Root-cause work is now moving into AdvisoryAI startup convergence. | QA / 3rd line support |
| 2026-03-10 | Implemented AdvisoryAI startup convergence so the knowledge corpus rebuilds automatically on fresh service startup, rebuilt and redeployed `advisory-ai-web`, and confirmed the live container reports `documents=470`, `chunks=9051`, `api_operations=2190`, `doctor_projections=8` during startup rebuild. | Developer / 3rd line support |
| 2026-03-10 | Reverified the live authenticated shell with a Playwright all-chip probe and wrote `src/Web/StellaOps.Web/output/playwright/live-frontdoor-unified-search-route-matrix-manual.json`. Doctor, Security Triage, Policy, and Advisories & VEX all render context-aware starter chips and their visible chip actions now resolve to grounded answers with cards. | QA |
| 2026-03-11 | Replayed the live matrix after a full scratch teardown and rebuild. The first rerun reported "no starter chips" on Doctor, Security Triage, Policy, and Advisories & VEX, but direct browser/network inspection showed the live product was healthy: `POST /api/v1/search/suggestions/evaluate` returned `200` with viable suggestions after about 9 seconds on cold load, and the chips rendered immediately after that response. Hardened the matrix with bounded starter-panel polling plus `/api/v1/search*` response/request error capture, then reran it cleanly with `runtimeIssueCount=0`. | QA / 3rd line support / Developer |
## Decisions & Risks
- Decision: frontdoor search verification must not rely on the standalone Angular/AdvisoryAI harness alone; the authenticated shell is the product surface the client sees.
- Decision: scratch deployment success requires AdvisoryAI to populate its own knowledge corpus on startup. A healthy container with an empty knowledge scope is not an acceptable “ready” state.
- Decision: only the AdvisoryAI web host owns startup knowledge-index convergence. The shared library must not register that hosted service globally because the worker shares the same core registrations and would otherwise perform a duplicate rebuild on startup.
- Risk: live search starters depend on current route context and runtime corpus readiness, so the sweep must distinguish product regressions from transient auth/runtime setup failures with structured evidence.
- Decision: cold-loaded unified search routes now wait for the starter panel to settle before judging chip availability. On fresh scratch installs the suggestion-viability request can take about 9 seconds even when the product is healthy, so one-shot 4-second waits are not reliable evidence.
- Decision: the matrix now captures `/api/v1/search*` response and request failures directly. Missing starter chips without transport/runtime evidence are treated as a UI-settling problem until the bounded wait expires.
## Next Checkpoints
- Implement the live frontdoor search sweep harness.
- Run it against the rebuilt stack and triage any failures before widening to the next untouched page family.

78
docs/implplan/SPRINT_20260310_034_FE_live_jobs_queues_truthful_action_handoffs.md
View File

@@ -1,78 +0,0 @@
# Sprint 20260310-034 - Jobs Queues Truthful Action Handoffs
## Topic & Scope
- Repair the live `Ops > Operations > Jobs & Queues` page so it stops advertising fake row-level controls that loop back to itself.
- Make the overview filters and copy actions behave honestly on the live shell instead of rendering inert UI.
- Keep this iteration limited to the `Jobs & Queues` page family, its focused frontend regression coverage, live Playwright proof, and the supporting docs update.
- Working directory: `src/Web/StellaOps.Web`.
- Allowed coordination edits: `docs/implplan/SPRINT_20260310_034_FE_live_jobs_queues_truthful_action_handoffs.md`, `docs/modules/ui/execution-operations/README.md`.
- Expected evidence: focused Angular feature spec coverage, rebuilt web bundle synced into the live compose frontdoor, and a Playwright action sweep for every tab/action on `/ops/operations/jobs-queues`.
## Dependencies & Concurrency
- Depends on `SPRINT_20260309_002_FE_live_frontdoor_canonical_route_sweep.md` for the authenticated live sweep harness and on `SPRINT_20260310_033_FE_live_frontdoor_unified_search_route_matrix.md` for the current healthy frontdoor baseline.
- Safe parallelism: stay inside `src/Web/StellaOps.Web/**` plus the explicitly allowed docs files; do not take ownership of backend or unrelated route slices in parallel.
## Documentation Prerequisites
- `AGENTS.md`
- `src/Web/StellaOps.Web/AGENTS.md`
- `docs/qa/feature-checks/FLOW.md`
- `docs/modules/platform/architecture-overview.md`
- `docs/modules/ui/platform-ops-consolidation/README.md`
- `docs/modules/ui/execution-operations/README.md`
## Delivery Tracker
### FE-JOBSQUEUES-034-001 - Replace fake row actions with truthful execution handoffs
Status: DONE
Dependency: none
Owners: Product Manager, Architect, Developer
Task description:
- The live page currently presents `View`, `Run Now`, `Edit`, `Pause`, `Replay`, and `Drain` controls that all navigate back to `/ops/operations/jobs-queues`. That is a product contract failure because the page is an overview shell, not the owner of those mutations.
- Reframe the page as a truthful execution overview: every visible row action must hand off into the canonical JobEngine, Scheduler, Dead-Letter, or Data Integrity surfaces with labels that match what the destination actually does.
Completion criteria:
- [x] No row action on `/ops/operations/jobs-queues` routes back to `/ops/operations/jobs-queues` unless it is explicitly labeled as staying on the overview.
- [x] The action labels match the actual destination behavior instead of implying unsupported row-level mutations.
- [x] The context copy on the page explains that execution control happens in canonical downstream surfaces.
### FE-JOBSQUEUES-034-002 - Make Jobs & Queues filters and inline feedback real
Status: DONE
Dependency: FE-JOBSQUEUES-034-001
Owners: Developer, QA
Task description:
- The current search, status, and type controls are inert. The copy buttons also execute silently.
- Wire the filters to the overview data for each tab, reset them safely when the user changes tabs, and surface explicit inline feedback for copy actions so the page is behaviorally testable.
Completion criteria:
- [x] Search and select filters change the rendered rows on every tab they appear on.
- [x] Tab switches reset stale filters so one tab's facet state does not poison another tab.
- [x] Copy correlation actions show an inline status message on success or a manual-copy fallback.
### FE-JOBSQUEUES-034-003 - Rebuild and prove the live page with Playwright
Status: DONE
Dependency: FE-JOBSQUEUES-034-002
Owners: QA
Task description:
- Rebuild the web bundle, sync it into the live frontdoor static volume, and run a real authenticated Playwright sweep across every tab and every distinct visible action on the Jobs & Queues page.
Completion criteria:
- [x] Focused Angular feature coverage passes for the page.
- [x] `npm run build` passes and the rebuilt bundle is synced into `compose_console-dist`.
- [x] A live Playwright sweep artifact records passing checks for the Jobs, Runs, Schedules, Dead Letters, and Workers tabs without runtime errors.
## Execution Log
| Date (UTC) | Update | Owner |
| --- | --- | --- |
| 2026-03-10 | Sprint created from the next post-search live QA iteration after Playwright proved `/ops/operations/jobs-queues` still exposes self-linking placeholder actions and inert filters. | Developer |
| 2026-03-10 | Reframed `Jobs & Queues` into a truthful execution overview: self-linking fake actions were replaced with canonical JobEngine/Scheduler/Dead-Letter/Data Integrity handoffs, filters now work per tab with reset-on-tab-change behavior, and inline correlation-copy feedback was added. Focused Angular coverage passed (`5/5`), `npm run build` passed, the rebuilt bundle was synced into `compose_console-dist`, and `src/Web/StellaOps.Web/output/playwright/live-jobs-queues-action-sweep.json` recorded `11/11` live action checks passing with `runtimeIssueCount=0`. | QA |
## Decisions & Risks
- Decision: `Jobs & Queues` remains an execution overview, not a fake CRUD surface. Real mutations belong to JobEngine, Scheduler, Dead-Letter, or Data Integrity pages, so the overview must hand off honestly instead of inventing unsupported per-row controls.
- Decision: inert filters are a defect, not a cosmetic gap. If a control is rendered on the page, it must either work or be removed.
- Decision: the page now treats clipboard restrictions as an operator-visible runtime condition. When browser clipboard APIs are unavailable, the UI surfaces a manual-copy fallback instead of failing silently.
- Risk: the page still uses synthetic overview data rather than live backend records. This iteration makes the surface truthful and testable, but deeper backend-backed execution parity may still need a later slice.
## Next Checkpoints
- 2026-03-10: land the page/model rewrite and focused frontend coverage.
- 2026-03-10: rebuild and sync the web bundle into the live compose frontdoor.
- 2026-03-10: rerun authenticated Playwright against `/ops/operations/jobs-queues` and commit the iteration locally.

77
docs/implplan/SPRINT_20260311_001_Graph_remote_localization_startup_nonblocking.md
View File

@@ -1,77 +0,0 @@
# Sprint 20260311_001 - Graph Remote Localization Startup Nonblocking
## Topic & Scope
- Remove the scratch-setup startup bottleneck where Graph API can stay dark for an extended period while remote localization overrides load before Kestrel binds.
- Treat remote translation bundles as optional startup enrichment, not a dependency that can hold a service offline during a fresh compose bootstrap.
- Verify the fix with focused localization-library tests, a rebuilt Graph image, and live service/browser checks on the scratch stack.
- Working directory: `src/__Libraries/StellaOps.Localization`.
- Allowed coordination edits: `src/Graph/**`, `src/__Libraries/__Tests/**`, `devops/compose/**`, `docs/modules/graph/architecture.md`, `docs/implplan/SPRINT_20260311_001_Graph_remote_localization_startup_nonblocking.md`.
- Expected evidence: targeted localization test output, rebuilt Graph runtime health, and live verification artifacts showing the scratch stack no longer masks the startup fault.
## Dependencies & Concurrency
- Depends on the existing scratch-reset stack being up so the late-start Graph behavior can be reproduced and rechecked.
- Safe parallelism: stay inside the localization library, Graph service, and the listed docs; avoid unrelated web search or component-revival slices.
## Documentation Prerequisites
- `AGENTS.md`
- `src/Graph/AGENTS.md`
- `docs/modules/graph/architecture.md`
- `docs/qa/feature-checks/FLOW.md`
## Delivery Tracker
### GRAPH-LOC-001 - Diagnose the real startup gate
Status: DONE
Dependency: none
Owners: QA, Developer
Task description:
- Reproduce the Graph startup fault from the scratch stack and separate product failures from harness noise.
- Capture why the container can stay unhealthy during scratch setup even though the same binary later starts when rerun interactively.
Completion criteria:
- [x] Container/runtime evidence shows where startup is being gated.
- [x] The diagnosis identifies the shared-library behavior that needs correction.
### GRAPH-LOC-002 - Make remote localization startup-safe
Status: DONE
Dependency: GRAPH-LOC-001
Owners: Architect, Developer
Task description:
- Change the shared localization bootstrap so remote bundle overrides are bounded and parallelized per provider, preserving deterministic merge order while preventing optional remote fetches from serially blocking service readiness.
- Keep the contract library-centric so Graph is fixed through the real root cause rather than a service-specific workaround.
Completion criteria:
- [x] Remote bundle fetches have an explicit bounded timeout.
- [x] Translation registry no longer serially waits per locale for a single provider.
- [x] Focused tests cover timeout handling and concurrent locale loading.
### GRAPH-LOC-003 - Rebuild and prove the scratch-stack behavior
Status: DONE
Dependency: GRAPH-LOC-002
Owners: QA
Task description:
- Rebuild the affected runtime, redeploy the live stack, and verify Graph startup and the related UI surface on the scratch environment.
- Record the new behavior in sprint evidence and module docs.
Completion criteria:
- [x] Graph container becomes healthy promptly after redeploy.
- [x] Focused live checks confirm the reachability/security surfaces no longer surface backend-unavailable fallback on this defect path.
- [x] Docs and sprint log reflect the startup contract change.
## Execution Log
| Date (UTC) | Update | Owner |
| --- | --- | --- |
| 2026-03-11 | Sprint created after a fresh scratch rebuild showed `stellaops-graph-api` remaining unhealthy while the frontdoor route sweep stayed green. | Developer |
| 2026-03-11 | Reproduced that the Graph binary starts normally on host and in-container when rerun interactively, but the scratch container can stay dark for a long interval before eventually binding. The shared startup gate is `LoadTranslationsAsync()` calling remote bundle overrides before `Run()`, with one remote fetch per locale executed serially. | QA |
| 2026-03-11 | Implemented the shared-library fix in `StellaOps.Localization`: remote bundle fetches now use a bounded per-request timeout and locale loads run concurrently within a provider while merging back in deterministic order. Added focused tests in `src/__Libraries/__Tests/StellaOps.Localization.Tests` covering timeout fallback and concurrent load behavior. | Developer |
| 2026-03-11 | Verified the fix on the live scratch stack by rebuilding only `graph-api`, stopping Platform, force-recreating the Graph container, and confirming immediate recovery: `stellaops-graph-api` reported `healthy` and `GET http://127.1.0.20/healthz` returned `200` while Platform was still down. Then brought Platform back and ran a live authenticated Playwright check on `/security/supply-chain-data/graph`, which passed with zero console errors, zero request failures, and zero error responses. | QA |
## Decisions & Risks
- Decision: fix the startup contract in `StellaOps.Localization` instead of adding Graph-only retries, because remote translation overrides are used by many services and should never gate service availability during scratch bootstrap.
- Risk: changing translation loading order could accidentally alter merge determinism.
- Mitigation: keep provider priority ordering intact, parallelize only within a provider, and merge results back in deterministic locale order.
- Decision: bounded remote translation fetches default to a short timeout because remote overrides are optional enrichment; if Platform is unavailable during scratch bootstrap, services must prefer embedded bundles and come online instead of waiting unboundedly on localization.
## Next Checkpoints
- Add focused localization tests before changing runtime behavior.
- Rebuild the Graph image and redeploy the stack immediately after the library fix.

76
docs/implplan/SPRINT_20260311_002_FE_watchlist_draft_state_preservation.md
View File

@@ -1,76 +0,0 @@
# Sprint 20260311-002 - Watchlist Draft State Preservation
## Topic & Scope
- Repair the live `Trust & Signing > Identity Watchlist` create and duplicate flows so route/context hydration can no longer wipe in-progress operator input.
- Prove the fix with focused Angular regression coverage and a real Playwright action sweep that exercises create, edit, pattern test, tuning, duplicate, and delete.
- Keep this iteration scoped to the watchlist shell, its live QA harness, and the supporting docs update.
- Working directory: `src/Web/StellaOps.Web`.
- Allowed coordination edits: `docs/implplan/SPRINT_20260311_002_FE_watchlist_draft_state_preservation.md`, `docs/modules/ui/restoration-topics/watchlist.md`.
- Expected evidence: focused Angular feature spec coverage, rebuilt web bundle synced into the live compose frontdoor, and a live Playwright sweep artifact for the watchlist page actions.
## Dependencies & Concurrency
- Depends on the authenticated live frontdoor harness already in `src/Web/StellaOps.Web/scripts/live-frontdoor-auth.mjs`.
- Safe parallelism: stay inside `src/Web/StellaOps.Web/**` plus the explicitly allowed docs files; do not take ownership of backend watchlist services or unrelated trust pages in parallel.
## Documentation Prerequisites
- `AGENTS.md`
- `docs/qa/feature-checks/FLOW.md`
- `docs/modules/platform/architecture-overview.md`
- `docs/modules/ui/restoration-topics/watchlist.md`
## Delivery Tracker
### FE-WATCHLIST-002-001 - Preserve unsaved drafts through route hydration
Status: DONE
Dependency: none
Owners: Product Manager, Architect, Developer
Task description:
- The live watchlist shell replays route state after entering the create or duplicate draft route. That replay resets the reactive form, silently erasing user input before submit can reach the API.
- Keep route state as the source of truth for which draft is open, but preserve in-progress draft values when hydration replays the same create or duplicate target.
Completion criteria:
- [x] Reapplying the same `entryId=new` route no longer wipes a dirty create draft.
- [x] Reapplying the same duplicate draft route no longer reseeds over operator edits.
- [x] Legitimate transitions between create, duplicate, edit, alerts, and tuning still rehydrate the correct state.
### FE-WATCHLIST-002-002 - Add regression coverage for draft preservation
Status: DONE
Dependency: FE-WATCHLIST-002-001
Owners: Developer, QA
Task description:
- The prior unit coverage only called `saveEntry()` directly and never exercised the route-hydration failure mode.
- Add focused component specs that prove dirty create and duplicate drafts survive repeated route-state application for the same target.
Completion criteria:
- [x] Focused Angular coverage asserts dirty create drafts survive repeated route hydration.
- [x] Focused Angular coverage asserts dirty duplicate drafts survive repeated route hydration.
### FE-WATCHLIST-002-003 - Rebuild and prove live watchlist actions with Playwright
Status: DONE
Dependency: FE-WATCHLIST-002-002
Owners: QA
Task description:
- Rebuild the web bundle, sync it into the live frontdoor static volume, and run a real authenticated Playwright sweep that covers the watchlist action family end to end.
Completion criteria:
- [x] Focused Angular feature coverage passes for `watchlist-page.component.spec.ts`.
- [x] `npm run build` passes and the rebuilt bundle is synced into `compose_console-dist`.
- [x] A live Playwright sweep artifact records passing checks for create, edit, pattern test, tuning, duplicate, alerts tab, and delete flows on `/setup/trust-signing/watchlist`.
## Execution Log
| Date (UTC) | Update | Owner |
| --- | --- | --- |
| 2026-03-11 | Sprint created after live Playwright proved the watchlist create draft route was resetting operator input before submit, leaving the page stuck on `entryId=new` with no API call. | Developer |
| 2026-03-11 | Preserved dirty create/duplicate drafts through repeated route hydration, stopped refreshes from wiping success banners, normalized watchlist test responses in the HTTP client, and merged full watchlist resources for tuning/toggle updates. Focused Angular coverage passed (`14/14` across `watchlist-page.component.spec.ts` and `watchlist.client.spec.ts`), `npm run build` passed, the rebuilt bundle was synced into `compose_console-dist`, and `src/Web/StellaOps.Web/output/playwright/live-watchlist-action-sweep.json` recorded clean live create/edit/test/tuning/duplicate/delete coverage with zero runtime issues. | QA |
## Decisions & Risks
- Decision: route/context hydration is allowed to select the active draft, but it must not erase user-entered values when the route target itself has not changed.
- Decision: this is treated as a user-facing workflow regression, not a QA-harness issue. The fix belongs in the watchlist shell state model, not in Playwright timing workarounds.
- Decision: the watchlist browser client now normalizes the real backend `matchedFields` payload into the array shape the UI renders. That keeps the browser resilient to the existing backend enum-string contract without changing service behavior mid-iteration.
- Decision: watchlist `PUT` remains a full-resource update contract. The web shell now sends merged full payloads for tuning/toggle flows instead of assuming backend partial-update semantics.
- Risk: the watchlist page still relies on frontdoor query hydration, so adjacent trust pages may carry similar draft-reset risks and should be covered in later action sweeps.
## Next Checkpoints
- 2026-03-11: land the watchlist state-model fix and focused frontend coverage.
- 2026-03-11: rebuild and sync the web bundle into the live compose frontdoor.
- 2026-03-11: rerun authenticated Playwright against `/setup/trust-signing/watchlist` and commit the iteration locally.

81
docs/implplan/SPRINT_20260311_003_FE_triage_artifacts_vuln_scope_compat.md
View File

@@ -1,81 +0,0 @@
# Sprint 20260311_003 - FE Triage Artifacts Vuln Scope Compat
## Topic & Scope
- Restore `/triage/artifacts` on a full scratch-built stack where the live admin token carries modern vulnerability scopes (`vuln:view`, `vuln:investigate`, `vuln:operate`, `vuln:audit`) instead of the obsolete `vuln:read`/`vuln:write`/`vuln:export` names.
- Fix the root cause in shared web auth scope matching so client-side prechecks do not block valid vulnerability pages before any request is sent.
- Separate the web vulnerability read/query contract from the legacy Authority mutation/export base and restore the documented scanner-backed `GET /api/v1/vulnerabilities*` surface that the artifact workspace expects.
- Add focused regression coverage for the scope bridge and reverify the repaired artifact workspace through the real authenticated frontdoor.
- Working directory: `src/Web/StellaOps.Web`.
- Expected evidence: focused Angular auth tests, targeted scanner xUnit runner output, rebuilt web bundle synced into `compose_console-dist`, rebuilt `scanner-web` image deployed into compose, live Playwright verification for `/triage/artifacts`, sprint log updates, and a scoped local commit.
## Dependencies & Concurrency
- Depends on the fresh scratch rebuild baseline and the current healthy compose stack on `https://stella-ops.local`.
- Safe parallelism: primary edits stay in `src/Web/StellaOps.Web`; this sprint explicitly permits the minimum cross-module repair in `src/Scanner/StellaOps.Scanner.WebService`, `src/Scanner/__Tests/StellaOps.Scanner.WebService.Tests`, and `src/Scanner/StellaOps.Scanner.WebService/TASKS.md` because the live route depends on the documented scanner read contract.
## Documentation Prerequisites
- `AGENTS.md`
- `docs/qa/feature-checks/FLOW.md`
- `docs/code-of-conduct/TESTING_PRACTICES.md`
- `docs/modules/platform/architecture-overview.md`
## Delivery Tracker
### FE-TRIAGE-SCOPE-001 - Root-cause the live artifact workspace failure
Status: DONE
Dependency: none
Owners: QA, 3rd line support
Task description:
- Reproduce `/triage/artifacts` on the live scratch stack with real Playwright, capture the failing behavior, and identify whether the defect is in frontdoor routing, runtime readiness, or client-side authorization.
Completion criteria:
- [x] Live evidence proves the failure and records the route, banner, and lack of runtime transport errors.
- [x] Root cause is traced to concrete code and contract mismatch, not a generic "service unavailable" guess.
### FE-TRIAGE-SCOPE-002 - Repair shared vulnerability scope compatibility
Status: DONE
Dependency: FE-TRIAGE-SCOPE-001
Owners: Product Manager, Architect, Developer
Task description:
- Update the shared web auth compatibility path so legacy client checks continue to work during the authority migration from `vuln:read`/`vuln:write`/`vuln:export` to the current vulnerability scope set.
- The fix must be narrow enough to preserve the new finer-grained scopes while preventing client-side false denies on read/audit paths.
Completion criteria:
- [x] Shared auth scope matching accepts `vuln:view` for legacy read checks and `vuln:audit` for legacy export checks.
- [x] Compatibility does not incorrectly allow `vuln:investigate` to satisfy `vuln:operate`.
- [x] Focused regression tests cover the alias behavior.
### FE-TRIAGE-SCOPE-003 - Rebuild and reverify the live artifact workspace
Status: DONE
Dependency: FE-TRIAGE-SCOPE-002
Owners: QA, Developer
Task description:
- Rebuild the web bundle, sync it into the live compose `console-dist` volume, restore the scanner vulnerabilities read controller expected by the route contract, and rerun authenticated Playwright against `/triage/artifacts` to confirm the banner is gone and artifact data/actions render normally on the repaired stack.
Completion criteria:
- [x] `npm run build` passes.
- [x] Targeted scanner contract tests pass via the test project executable.
- [x] The rebuilt bundle is synced into `compose_console-dist`.
- [x] The rebuilt `scanner-web` image is deployed into compose and answers `GET /api/v1/vulnerabilities`.
- [x] Live Playwright confirms `/triage/artifacts` loads without the vulnerability-service error banner.
## Execution Log
| Date (UTC) | Update | Owner |
| --- | --- | --- |
| 2026-03-11 | Sprint created after the scratch-stack sidebar-only route probe exposed a real `/triage/artifacts` defect: the page rendered a generic vulnerability-service error even though the browser captured no failing `/api/*` transport. Root-cause work moved into shared web auth scope matching. | QA / 3rd line support |
| 2026-03-11 | Shared web auth compatibility was patched to treat `vuln:view` as legacy read and `vuln:audit` as legacy export so client-side prechecks stop false-denying the route on modern tokens. Focused Angular tests passed. | Developer |
| 2026-03-11 | Live Playwright proved the initial scope fix only exposed a deeper contract defect: the route was still calling stale Authority-era `/vuln` read paths. The web client was split so read/query traffic targets `/api/v1/vulnerabilities`, and a scanner-backed controller/test slice was added to restore the documented route contract. | QA / 3rd line support / Architect |
| 2026-03-11 | Final root-cause closure: the artifact workspace was mixing artifact-scoped UI state with scan-scoped gated-buckets API calls, synthetic `vulnId` rows with evidence endpoints that require canonical `findingId`, and a dead local `/api/v1/telemetry/ttfs` postback instead of the shared telemetry pipeline. Added an artifact-scoped scanner endpoint, deterministic demo triage catalog, canonical `findingId` propagation, and shared `TelemetryClient` emission. | 3rd line support / Product / Architect / Developer |
| 2026-03-11 | Focused verification passed: Angular slice `20/20`, scanner executable slice `5/5`, `scanner-web` rebuilt/redeployed, web bundle rebuilt/synced, and live Playwright `live-triage-artifacts-scope-compat.json` recorded `failedCheckCount=0` and `runtimeIssueCount=0` on `https://stella-ops.local/triage/artifacts`. | QA |
## Decisions & Risks
- Initial decision: fix this in shared web auth scope matching, not as a page-local bypass. The live authority contract already emits modern vulnerability scopes, so client-side compatibility belongs in the shared authorization layer.
- Risk: several web clients still reference obsolete `vuln:*` names. A piecemeal page-only fix would leave other hidden client-side false denies behind.
- Decision: keep legacy Authority endpoints only for workflow/export operations and move all artifact-workspace reads onto the scanner route documented in the web and router dossiers. Fixing the URL string alone would have left the stale service ownership problem in place.
- Risk: the sprint is frontend-owned but required a minimal scanner repair because the documented backend contract had drifted out of implementation. The cross-module exception is recorded above; unrelated scanner behavior remains out of scope.
- Decision: preserve the artifact workspace as artifact-scoped. Instead of forcing the UI to synthesize a scan identity, the scanner now exposes `GET /api/v1/triage/artifacts/{artifactId}/gated-buckets` for the non-blocking bucket summary the page actually needs.
- Decision: vulnerability rows now carry canonical `findingId` alongside display `vulnId`. The UI can keep its current route and selection semantics, but all triage evidence/gating/replay boundaries resolve back to `findingId` before making scanner calls.
- Decision: scratch local setups now use a deterministic demo triage catalog for the artifact workspace surfaces so scanner-backed demo vulnerability rows, unified evidence, and gating explanations stay internally consistent without requiring seeded tenant data.
- Decision: triage TTFS events emit through the shared `TelemetryClient` rather than a dedicated `/api/v1/telemetry/ttfs` endpoint. This preserves central sampling/queueing behavior and degrades cleanly to a no-op when no ingest endpoint is configured.
## Next Checkpoints
- Local commit for the repaired triage artifact workspace iteration, then continue the next scratch-stack QA sweep against the remaining live routes/actions.

51
docs/implplan/SPRINT_20260311_004_FE_sidebar_pending_approvals_badge_refresh_throttle.md
View File

@@ -1,51 +0,0 @@
# Sprint 20260311_004 - FE Sidebar Pending Approvals Badge Refresh Throttle
## Topic & Scope
- Eliminate transient live route failures caused by the shared sidebar polling pending approvals on every navigation.
- Keep the approvals badge current where operators actually need freshness, without making unrelated pages fail under full-route Playwright sweeps.
- Preserve stale badge state on transient backend failures instead of zeroing the shell and creating false-negative QA noise.
- Working directory: `src/Web/StellaOps.Web/src/app/layout/app-sidebar`.
- Allowed coordination edits: `src/Web/StellaOps.Web/src/app/layout/app-sidebar/app-sidebar.component.spec.ts`, `docs/implplan/SPRINT_20260311_004_FE_sidebar_pending_approvals_badge_refresh_throttle.md`.
- Expected evidence: focused Angular sidebar coverage, rebuilt web bundle synced into `compose_console-dist`, and a live Playwright canonical route sweep returning `111/111`.
## Dependencies & Concurrency
- Depends on the live compose stack at `https://stella-ops.local`.
- Safe parallelism: stay inside the shared shell badge behavior; do not broaden this slice into approval queue data contracts or unrelated integrations screens.
## Documentation Prerequisites
- `AGENTS.md`
- `docs/qa/feature-checks/FLOW.md`
- `docs/implplan/SPRINT_20260306_003_FE_playwright_setup_reset_iteration_loop.md`
## Delivery Tracker
### FE-SIDEBAR-APPROVALS-001 - Stop shared-shell badge churn from poisoning unrelated route verification
Status: DONE
Dependency: none
Owners: QA, 3rd Line Support, Product Manager, Architect, Developer
Task description:
- A full authenticated Playwright canonical sweep regressed from `111/111` to `110/111`, but the reported failing page (`/ops/integrations/scm`) rendered correctly in isolation. Root-cause triage showed the shared sidebar was refetching pending approvals on every `NavigationEnd`, which turned the sweep into 100+ background calls to `/api/v2/releases/approvals?status=pending`.
- The clean fix is to treat the pending approvals badge as a stale-while-revalidate shell affordance: load it on startup, throttle ordinary navigation refreshes, force refresh when the operator enters approvals surfaces, and preserve the last known badge count on transient errors.
Completion criteria:
- [x] The sidebar no longer refetches pending approvals on every unrelated navigation.
- [x] Approvals surfaces still force a badge refresh.
- [x] Transient approvals failures do not zero the badge after a successful load.
- [x] Focused sidebar tests pass.
- [x] The rebuilt live web returns `111/111` on `live-frontdoor-canonical-route-sweep.mjs`.
## Execution Log
| Date (UTC) | Update | Owner |
| --- | --- | --- |
| 2026-03-11 | Sprint created after the live canonical route sweep dropped to `110/111` with `/ops/integrations/scm` falsely failing under a background `503` from `/api/v2/releases/approvals?status=pending`. Direct Playwright repro proved the SCM page itself was healthy and isolated the issue to shared-shell badge churn. | Developer |
| 2026-03-11 | Added stale-while-revalidate throttling to the pending approvals badge, forced refreshes only for approvals surfaces, and preserved stale badge state on transient failures. Added focused router-backed sidebar coverage for unrelated vs approvals navigation. | Developer |
| 2026-03-11 | `npx ng test --watch=false --progress=false --include=src/app/layout/app-sidebar/app-sidebar.component.spec.ts` passed `13/13`; `npm run build` passed; the rebuilt bundle was synced into `compose_console-dist`, `stellaops-router-gateway` was restarted, and `node ./scripts/live-frontdoor-canonical-route-sweep.mjs` returned `111/111` against `https://stella-ops.local`. | QA |
## Decisions & Risks
- Decision: the pending approvals badge is a shell hint, not a hard-real-time signal. It should be refreshed aggressively only when the operator is on approvals surfaces.
- Decision: preserve the previous badge count after transient failures once a successful load has happened; zeroing the badge on a background hiccup misleads operators and creates false route failures.
- Risk: the current deployment sync still uses a direct copy into `compose_console-dist`; keep that operational detail outside this sprints code scope.
## Next Checkpoints
- Commit the shared-shell badge repair.
- Start the next deep page-action sweep now that the canonical route matrix is back to green.

69
docs/implplan/SPRINT_20260311_005_FE_setup_admin_truthful_branding_and_notifications_routes.md
View File

@@ -1,69 +0,0 @@
# Sprint 20260311_005 - FE Setup Admin Truthful Branding And Notifications Routes
## Topic & Scope
- Repair setup/admin pages that looked valid in route sweeps but failed as a first-time operator once actions were exercised.
- Restore truthful branding behavior on `/setup/tenant-branding`, including correct Authority contracts, reliable hydration, and honest read-only semantics when the session lacks write scope.
- Repair setup notifications, usage, and system action handoffs so setup pages lead to the intended working surfaces instead of dead or fallback routes.
- Working directory: `src/Web/StellaOps.Web`.
- Allowed coordination edits: `docs/ui-analysis/01_SHELL_AND_NAVIGATION.md`, `docs/ui-analysis/04_ADMIN_CONFIG_RELEASE_EVIDENCE_SCREENS.md`, `docs/ui-analysis/05_ROUTE_SUMMARY_AND_OBSERVATIONS.md`, `docs/features/checked/web/settings-ia-rationalization-ui.md`, `docs/implplan/SPRINT_20260311_005_FE_setup_admin_truthful_branding_and_notifications_routes.md`.
- Expected evidence: focused Angular specs, rebuilt web bundle synced into `compose_console-dist`, a passing live setup/admin Playwright sweep, and a passing live canonical route sweep.
## Dependencies & Concurrency
- Depends on the live compose stack at `https://stella-ops.local`.
- Safe parallelism: stay inside setup/admin route ownership, branding contracts, and related route tests. Do not broaden this slice into Authority backend contract changes beyond the already-shipped endpoints.
## Documentation Prerequisites
- `AGENTS.md`
- `docs/qa/feature-checks/FLOW.md`
- `docs/technical/architecture/console-branding.md`
- `docs/implplan/SPRINT_20260306_003_FE_playwright_setup_reset_iteration_loop.md`
## Delivery Tracker
### FE-SETUP-ADMIN-001 - Make setup branding truthful and tenant-aware
Status: DONE
Dependency: none
Owners: QA, 3rd Line Support, Product Manager, Architect, Developer
Task description:
- Live Playwright verification showed `/setup/tenant-branding` was not a truthful setup/admin surface. The page rendered a facade that suggested inline editing, while the real Authority contracts required tenant-aware reads and admin writes through `/console/admin/branding`. Direct probes confirmed the setup route was triggering `GET /console/branding` without a tenant and surfacing `tenantId query parameter is required`.
- The clean fix is to make the canonical setup route host the real branding editor, centralize tenant resolution and admin update contracts inside the shared branding service, and expose honest read-only UX when the current session has branding read scope but not write scope.
Completion criteria:
- [x] `/setup/tenant-branding` hosts the real branding editor instead of a facade.
- [x] Branding reads and writes use the correct tenant-aware Authority contracts.
- [x] Async branding hydration reliably clears loading state on the live shell.
- [x] Read-only sessions show explicit non-editable controls and a truthful permission message.
- [x] Focused branding service and route tests pass.
### FE-SETUP-ADMIN-002 - Repair setup notifications, usage, and system action handoffs
Status: DONE
Dependency: FE-SETUP-ADMIN-001
Owners: QA, 3rd Line Support, Product Manager, Architect, Developer
Task description:
- Manual Playwright action testing found `/setup/notifications` navigating `Create Rule` into a broken `/setup/notifications/new` path, while `/setup/usage` and `/setup/system` exposed inert buttons that did not carry operators into the actual working pages.
- The correct product behavior is to keep setup pages as navigational truth surfaces: notification actions must land on canonical rule/simulator children, and usage/system actions must link directly into the corresponding operational pages.
Completion criteria:
- [x] `Create Rule`, edit, and simulator handoffs under setup notifications use canonical child routes.
- [x] Usage and system CTA buttons are real links to the operational surfaces they advertise.
- [x] Route ownership regression coverage protects the setup/admin aliases.
- [x] Live setup/admin Playwright sweep passes with zero runtime issues.
## Execution Log
| Date (UTC) | Update | Owner |
| --- | --- | --- |
| 2026-03-11 | Sprint created after live Playwright action testing found that `/setup/tenant-branding` failed to load branding under the real session, `/setup/notifications` misrouted `Create Rule`, and `/setup/usage` plus `/setup/system` exposed inert buttons. | Developer |
| 2026-03-11 | Replaced the setup branding facade with the real branding editor, centralized tenant-aware admin branding reads/writes in `BrandingService`, converted async editor state to signals so the live shell clears loading reliably, and made read-only branding sessions truthful instead of deceptively editable. | Developer |
| 2026-03-11 | Repaired setup notifications child navigation, rewired usage/system CTAs to canonical operational pages, refreshed route ownership coverage, and updated stale user-facing docs to point at `/setup/tenant-branding` as the canonical route. | Developer |
| 2026-03-11 | `npx ng test --watch=false --progress=false --ts-config tsconfig.spec.features.json --include=src/app/core/branding/branding.service.spec.ts` passed `9/9`; `npx ng test --watch=false --progress=false --ts-config tsconfig.spec.features.json --include=src/app/features/admin-notifications/components/notification-rule-list.component.spec.ts` passed `49/49`; `npx ng test --watch=false --progress=false --include=src/app/routes/route-surface-ownership.spec.ts` passed `7/7`; `npm run build` passed; the rebuilt bundle was synced into `compose_console-dist`, `stellaops-router-gateway` was restarted, `node ./scripts/live-setup-admin-action-sweep.mjs` passed with `failedActionCount=0` and `runtimeIssueCount=0`, and `node ./scripts/live-frontdoor-canonical-route-sweep.mjs` returned `111/111` against `https://stella-ops.local`. | QA |
## Decisions & Risks
- Decision: `/setup/tenant-branding` is the canonical user-facing branding route. Legacy settings/admin aliases may remain, but the setup route must host the truthful experience.
- Decision: branding contract knowledge belongs in `BrandingService`, not scattered raw HTTP calls inside the editor component. This keeps tenant resolution and Authority headers consistent across reads and writes.
- Decision: when the session lacks branding write scope, the UI must be explicitly read-only. Disabled saves with still-editable inputs are deceptive and fail the zero-tolerance QA bar.
- Risk: `docs/ui-analysis/**` contains broad analytical snapshots of the UI. This sprint updated the specific canonical-route references touched by the fix, but those analysis docs may still contain other stale historical entries outside this slice.
## Next Checkpoints
- Commit the setup/admin truth-surface repair.
- Clean transient Playwright output from the working tree.
- Start the next deep page-action sweep from the freshly rebuilt stack and take the next failing page family through the same fix loop.

77
docs/implplan/SPRINT_20260311_006_FE_live_evidence_export_bundle_contract_alignment.md
View File

@@ -1,77 +0,0 @@
# Sprint 20260311_006 - FE Live Evidence Export Bundle Contract Alignment
## Topic & Scope
- Reproduce the live evidence export journeys on the scratch-built `https://stella-ops.local` stack using real Playwright interaction across Export Center, Evidence Bundles, Provenance, and Verify Replay.
- Fix the root cause behind the empty bundle inventory and fake `View details` handoff after `Export StellaBundle`: the UI was claiming success from a mock flow instead of generating a real audit bundle.
- Align the surrounding evidence pages so actions are truthful on the live stack: bundle download fallback, provenance verify/export, replay comparison, and quick-verify sequencing.
- Update module documentation so the web quick action is explicitly tied to the audit-bundle contract and canonical `bundleId` routing.
- Working directory: `src/Web/StellaOps.Web`.
- Expected evidence: focused Angular coverage, rebuilt web bundle synced into `compose_console-dist`, live Playwright evidence for `/evidence/exports*` and `/evidence/verify-replay`, updated export-center docs, and a scoped local commit.
## Dependencies & Concurrency
- Depends on the healthy scratch-built compose deployment on `https://stella-ops.local`.
- Safe parallelism: implementation stays in `src/Web/StellaOps.Web`; documentation updates are limited to `docs/modules/export-center/**` and this sprint file.
## Documentation Prerequisites
- `AGENTS.md`
- `docs/qa/feature-checks/FLOW.md`
- `docs/code-of-conduct/TESTING_PRACTICES.md`
- `docs/modules/export-center/AGENTS.md`
- `docs/modules/export-center/architecture.md`
- `docs/modules/export-center/implementation_plan.md`
## Delivery Tracker
### FE-EVIDENCE-EXPORT-001 - Reproduce the live evidence export failures
Status: DONE
Dependency: none
Owners: QA, 3rd line support
Task description:
- Run the authenticated live evidence-export action sweep against Export Center, Bundles, Provenance, and Replay. Separate harness defects from product defects so only real contract failures drive fixes.
Completion criteria:
- [x] Live Playwright captures the failing behaviors with route/action evidence.
- [x] Harness-only issues are identified and not misreported as product regressions.
- [x] The real failing contract is traced to a concrete UI/backend mismatch.
### FE-EVIDENCE-EXPORT-002 - Replace the fake StellaBundle success path with the real audit-bundle flow
Status: DONE
Dependency: FE-EVIDENCE-EXPORT-001
Owners: Product Manager, Architect, Developer
Task description:
- Remove the mock StellaBundle export success simulation and bind the quick action to the live audit-bundle API. The UI must poll for completion, emit the canonical `bundleId`, and navigate to the bundle inventory using identifiers the bundles page can actually resolve.
Completion criteria:
- [x] `Export StellaBundle` creates a real audit bundle through `POST /v1/audit-bundles`.
- [x] Success results carry `bundleId` and route handoffs search by the canonical bundle identifier.
- [x] The bundles inventory shows the newly created bundle on the live stack.
### FE-EVIDENCE-EXPORT-003 - Make adjacent evidence actions truthful and reverify the live slice
Status: DONE
Dependency: FE-EVIDENCE-EXPORT-002
Owners: QA, Developer
Task description:
- Repair adjacent page behaviors exposed during the sweep so bundle download, provenance verify/export, replay comparison, and quick verify behave as real user actions instead of inert placeholders or blocked overlays. Rebuild, deploy, and rerun the live Playwright sweep end to end.
Completion criteria:
- [x] Focused Angular evidence-export tests pass.
- [x] `npm run build` passes and the rebuilt bundle is synced into `compose_console-dist`.
- [x] Live Playwright records `failedActionCount=0` and `runtimeIssueCount=0` for the evidence-export action sweep.
- [x] Export Center module docs record the quick action -> audit-bundle contract.
## Execution Log
| Date (UTC) | Update | Owner |
| --- | --- | --- |
| 2026-03-11 | Sprint created after the live evidence-export action sweep showed a mix of harness-ordering issues and one real product defect: `Export StellaBundle` reported success without creating a real audit bundle, leaving `/evidence/exports/bundles` empty. | QA / 3rd line support |
| 2026-03-11 | Root cause confirmed from live browser/network evidence: the bundles page was truthfully reading `GET /v1/audit-bundles` and returning an empty list, while the StellaBundle quick action still emitted a synthetic mock export result and routed using a fake export id. | 3rd line support |
| 2026-03-11 | Replaced the mock StellaBundle flow with the real audit-bundle client, added polling/completion handling, propagated canonical `bundleId` through Export Center routing, and restored truthful bundle/provenance/replay actions with focused regression coverage. | Product / Architect / Developer |
| 2026-03-11 | Focused verification passed: Angular slice `134/134`, `npm run build`, bundle sync into `compose_console-dist`, router restart healthy, and live Playwright `live-evidence-export-action-sweep.json` recorded `failedActionCount=0` and `runtimeIssueCount=0`. | QA |
## Decisions & Risks
- Decision: fix the defect at the contract boundary by making `Export StellaBundle` call the live audit-bundle surface, not by seeding fake bundle cards or weakening the bundles page.
- Decision: route handoff must use canonical `bundleId`. The prior `exportId` placeholder created a structurally unrecoverable dead-end because the bundles page only knows real bundle identifiers.
- Decision: keep bundle download resilient with a manifest fallback when the live bundle download stream is unavailable, so operators still get truthful artifact metadata instead of a dead button.
- Risk: the evidence-export area still contains several demo-backed surfaces. Each future action sweep in this family must keep separating acceptable demo behavior from fake success paths that block real operator flows.
## Next Checkpoints
- Commit the evidence-export repair iteration locally, clear transient Playwright output noise, then continue the next live route/action sweep from a clean output folder.

72
docs/implplan/SPRINT_20260311_007_FE_canonical_route_sweep_transient_recheck.md
View File

@@ -1,72 +0,0 @@
# Sprint 20260311_007 - FE Canonical Route Sweep Transient Recheck
## Topic & Scope
- Revalidate the broad live canonical route sweep after recent web changes and distinguish real route defects from transient Playwright/runtime noise.
- Root-cause the reported `/ops/operations/health-slo` failure instead of fixing healthy product code based on a flaky harness signal.
- Harden the canonical route sweep so failed routes are rechecked in a fresh authenticated browser context before they are counted as broken.
- Update QA flow guidance so UI Tier 2 verification explicitly requires a fresh-context recheck for transient-only failures.
- Working directory: `src/Web/StellaOps.Web`.
- Expected evidence: isolated Playwright repros for `health-slo`, patched canonical sweep script, refreshed `live-frontdoor-canonical-route-sweep.json` with `111/111`, updated QA flow doc, and a scoped local commit.
## Dependencies & Concurrency
- Depends on the live compose stack at `https://stella-ops.local` being healthy and reachable.
- Safe parallelism: implementation stays in `src/Web/StellaOps.Web`; the only allowed doc touch outside the working directory is `docs/qa/feature-checks/FLOW.md` plus this sprint file because the fix changes QA execution rules.
## Documentation Prerequisites
- `AGENTS.md`
- `docs/qa/feature-checks/FLOW.md`
- `docs/code-of-conduct/TESTING_PRACTICES.md`
## Delivery Tracker
### FE-ROUTE-SWEEP-001 - Prove whether `health-slo` is a product defect or a harness defect
Status: DONE
Dependency: none
Owners: QA, 3rd line support
Task description:
- Reproduce the `/ops/operations/health-slo` failure from the canonical route sweep, then probe the route in isolation with authenticated Playwright, endpoint capture, and repeated route loads to determine whether the page or the sweep is lying.
Completion criteria:
- [x] Isolated authenticated browser probes capture the real `/api/v1/platform/health/*` statuses during page load.
- [x] Repeated isolated `health-slo` loads confirm whether the route itself is stable.
- [x] Root cause is identified as product code or harness logic with concrete evidence.
### FE-ROUTE-SWEEP-002 - Harden the canonical sweep against transient false positives
Status: DONE
Dependency: FE-ROUTE-SWEEP-001
Owners: Product Manager, Architect, Developer
Task description:
- Update the broad route sweep so an initial failed route is rechecked in a fresh authenticated browser context before it is marked failed. Preserve first-failure evidence while using the recheck result as the final verdict.
Completion criteria:
- [x] Failed routes are retried in a fresh authenticated context.
- [x] Recheck metadata preserves the initial failure evidence.
- [x] Healthy routes are no longer misclassified from transient runtime noise.
### FE-ROUTE-SWEEP-003 - Reverify the full canonical route matrix
Status: DONE
Dependency: FE-ROUTE-SWEEP-002
Owners: QA
Task description:
- Rerun the full canonical route sweep on the live stack and confirm the final result reflects real route health after the harness hardening.
Completion criteria:
- [x] Full live sweep reruns on `https://stella-ops.local`.
- [x] Final result records `111/111` passed routes and `0` failed routes.
- [x] QA flow documentation records the fresh-context recheck rule for transient UI failures.
## Execution Log
| Date (UTC) | Update | Owner |
| --- | --- | --- |
| 2026-03-11 | Sprint created after the broad canonical route sweep reported a single live failure on `/ops/operations/health-slo`. | QA |
| 2026-03-11 | Isolated authenticated Playwright probes showed the route and its backing `summary`, `dependencies`, and `incidents` endpoints returning `200`, while repeated direct route loads stayed clean. Root cause was reclassified from product defect to sweep false positive. | QA / 3rd line support |
| 2026-03-11 | Hardened `live-frontdoor-canonical-route-sweep.mjs` so failed routes are rechecked in a fresh authenticated context before final classification. The first failure evidence is preserved in the route record. | Product / Architect / Developer |
| 2026-03-11 | Full canonical route sweep reran clean on the live stack and recorded `111/111` passed routes with no failed routes. | QA |
## Decisions & Risks
- Decision: do not patch the `health-slo` product route because isolated live verification proved it healthy. Fixing product code against a false positive would lower signal quality and increase regression risk.
- Decision: broad route sweeps now treat a first-pass failure as provisional until a fresh-context recheck runs. This is the smallest clean change that preserves aggressive QA while reducing flaky route classifications.
- Risk: transient failures are still evidence. The harness preserves initial failure details so recurring instability can still be investigated instead of silently disappearing.
## Next Checkpoints
- Commit the canonical sweep hardening locally, clear transient Playwright output again, then move to the next unswept deep action family with the corrected route baseline.

68
docs/implplan/SPRINT_20260311_008_FE_live_registry_admin_audit_route_identity.md
View File

@@ -1,68 +0,0 @@
# Sprint 20260311_008 - FE Live Registry Admin Audit Route Identity
## Topic & Scope
- Prove whether the `registry-admin` audit tab failure is a real route break or a weak post-navigation page identity.
- Keep the fix inside the web workspace by making the audit child route render explicit audit-specific content after navigation.
- Add focused regression coverage and rerun the live changed-surfaces sweep on `https://stella-ops.local`.
- Working directory: `src/Web/StellaOps.Web`.
- Expected evidence: root-cause notes, focused Angular spec, rebuilt web bundle, live Playwright pass for the registry-admin audit action.
## Dependencies & Concurrency
- Depends on the live compose stack being healthy and reachable.
- Safe parallelism: limited to `src/Web/StellaOps.Web` plus this sprint file.
## Documentation Prerequisites
- `AGENTS.md`
- `docs/qa/feature-checks/FLOW.md`
## Delivery Tracker
### FE-REGISTRY-AUDIT-001 - Root-cause the audit-tab live failure
Status: DONE
Dependency: none
Owners: QA, 3rd line support
Task description:
- Reproduce the failing `audit-tab` action from the live changed-surfaces sweep and determine whether the click fails, the route fails, or the target route lacks truthful audit-specific content.
Completion criteria:
- [x] Live authenticated Playwright proves whether `/ops/integrations/registry-admin/audit` is reached.
- [x] Root cause is recorded with concrete evidence.
### FE-REGISTRY-AUDIT-002 - Make the audit route self-identifying
Status: DONE
Dependency: FE-REGISTRY-AUDIT-001
Owners: Product Manager, Architect, Developer
Task description:
- Update the registry-admin audit child view so the audit route renders an explicit title/description/count summary. The target page must clearly indicate that the user is in the audit trail, not just inside the generic registry shell.
Completion criteria:
- [x] The audit child view renders an audit-specific heading.
- [x] The audit state remains clear in loading, empty, and populated cases.
- [x] Focused component tests cover the visible route identity.
### FE-REGISTRY-AUDIT-003 - Reverify the live registry-admin action flow
Status: DONE
Dependency: FE-REGISTRY-AUDIT-002
Owners: QA
Task description:
- Rebuild the web bundle, sync it into the live stack, and rerun the changed-surfaces or focused registry-admin Playwright flow to confirm the audit tab now produces truthful post-navigation evidence.
Completion criteria:
- [x] Web build passes.
- [x] Live Playwright confirms the audit tab lands on `/registry-admin/audit`.
- [x] Live Playwright confirms the page exposes audit-specific visible text.
## Execution Log
| Date (UTC) | Update | Owner |
| --- | --- | --- |
| 2026-03-11 | Sprint created after the changed-surfaces sweep flagged the registry-admin audit tab. | QA |
| 2026-03-11 | Authenticated Playwright repro proved the click navigates correctly to `/ops/integrations/registry-admin/audit`; the real defect is that the target child view exposes no audit-specific heading, so the route is not self-identifying. | QA / 3rd line support |
| 2026-03-11 | Added explicit audit title/summary content to `PlanAuditComponent`, covered it with focused Angular specs (`2/2` across the registry-admin shell and audit view), rebuilt the web bundle, synced it into `compose_console-dist`, restarted `stellaops-router-gateway`, and passed the focused live Playwright proof in `live-registry-admin-audit-check.mjs` with `actionOk=true` and zero runtime errors. | Product / Architect / Developer / QA |
## Decisions & Risks
- Decision: treat this as a product defect, not a harness change. The audit route is real, but without audit-specific visible identity the user cannot reliably confirm the navigation succeeded.
- Risk: only checking URL would hide regressions where the shell changes but the intended audit view does not become obvious to the user.
- Decision: use a focused live Playwright check for this slice instead of re-running the full changed-surfaces matrix after every small route-identity fix. That preserves truthful verification while staying within the low-churn runtime budget.
## Next Checkpoints
- Move to the next live route/action defect from the changed-surfaces and broader action sweeps after committing this registry-admin repair.

65
docs/implplan/SPRINT_20260311_009_FE_changed_surfaces_registry_admin_selector_hardening.md
View File

@@ -1,65 +0,0 @@
# Sprint 20260311_009 - FE Changed Surfaces Registry Admin Selector Hardening
## Topic & Scope
- Revalidate the live changed-surfaces sweep after the registry-admin audit route fix.
- Root-cause the remaining `registry-admin` failure and repair the QA harness if it is selecting the wrong UI control.
- Keep the change scoped to the web QA harness and this sprint log.
- Working directory: `src/Web/StellaOps.Web`.
- Expected evidence: root-cause notes, narrowed selector in the changed-surfaces script, and a passing live changed-surfaces sweep.
## Dependencies & Concurrency
- Depends on the deployed web bundle already containing the registry-admin audit route identity fix.
- Safe parallelism: limited to `src/Web/StellaOps.Web` plus this sprint file.
## Documentation Prerequisites
- `AGENTS.md`
- `docs/qa/feature-checks/FLOW.md`
## Delivery Tracker
### FE-CHANGED-SURFACES-001 - Prove whether the remaining registry-admin failure is real
Status: DONE
Dependency: none
Owners: QA, 3rd line support
Task description:
- Inspect the changed-surfaces report after the product fix and determine whether the remaining `registry-admin` failure is still in product code or in the sweep selector/action logic.
Completion criteria:
- [x] The exact failing action record is captured from the changed-surfaces report.
- [x] Root cause is identified with concrete evidence.
### FE-CHANGED-SURFACES-002 - Narrow the registry-admin action selector
Status: DONE
Dependency: FE-CHANGED-SURFACES-001
Owners: Product Manager, Architect, Developer
Task description:
- Update the changed-surfaces harness so the registry-admin action targets the tablist audit control instead of any unrelated page button that happens to contain the word `Audit`.
Completion criteria:
- [x] The selector is scoped to the registry-admin tab strip.
- [x] The harness no longer reports a false failure on the healthy audit route.
### FE-CHANGED-SURFACES-003 - Reverify the full changed-surfaces matrix
Status: DONE
Dependency: FE-CHANGED-SURFACES-002
Owners: QA
Task description:
- Rerun the full live changed-surfaces matrix and confirm the registry-admin slice and adjacent surfaces remain clean after the selector hardening.
Completion criteria:
- [x] The changed-surfaces run completes successfully on `https://stella-ops.local`.
- [x] No surfaces report heading/runtime/action failures.
## Execution Log
| Date (UTC) | Update | Owner |
| --- | --- | --- |
| 2026-03-11 | Sprint created after the changed-surfaces matrix still reported `registry-admin` broken even though the focused audit proof passed. | QA |
| 2026-03-11 | The remaining failure was reclassified as a harness defect: the matrix selector `a[href*="/registry-admin/audit"], button:has-text("Audit")` matched the sidebar `Security & Audit` accordion before the actual audit tab, leaving the page on the starting route. | QA / 3rd line support |
| 2026-03-11 | Scoped the registry-admin selector to the tablist audit link, reran the full live changed-surfaces matrix, and confirmed `0` action failures, `0` response errors, `0` console errors, and `0` problem-text hits across all configured surfaces. | Product / Architect / Developer / QA |
## Decisions & Risks
- Decision: keep the product code unchanged. The focused live proof already showed the audit route itself was healthy after the preceding iteration.
- Risk: broad text-based selectors can drift into unrelated shell controls as more navigation groups are revived. Surface scripts must scope selectors to the active feature region when the shell contains overlapping labels.
## Next Checkpoints
- Continue with the next broader live action family after committing the changed-surfaces harness repair.

71
docs/implplan/SPRINT_20260311_010_Platform_scratch_setup_revalidation.md
View File

@@ -1,71 +0,0 @@
# Sprint 20260311_010 - Platform Scratch Setup Revalidation
## Topic & Scope
- Validate the documented Stella Ops scratch setup path against a fully wiped local Docker state.
- Remove Stella-only containers, images, volumes, and networks, then rerun the repo setup path as a first-time operator would.
- If bootstrap defects surface, triage root cause and fix them cleanly before declaring the setup path healthy.
- Working directory: `.`.
- Expected evidence: scoped Docker wipe, setup-script execution evidence, root-cause notes for any bootstrap failures, and a local commit if code/docs change.
## Dependencies & Concurrency
- Depends on no other agent actively using the local Stella Docker stack.
- Safe parallelism: none during the wipe/rebuild itself because the environment reset is global.
## Documentation Prerequisites
- `AGENTS.md`
- `docs/dev/DEV_ENVIRONMENT_SETUP.md`
- `docs/INSTALL_GUIDE.md`
- `docs/implplan/SPRINT_20260309_001_Platform_scratch_setup_bootstrap_restore.md`
## Delivery Tracker
### PLATFORM-SCRATCH-001 - Wipe Stella Docker state only
Status: DONE
Dependency: none
Owners: QA, 3rd line support
Task description:
- Tear down the Stella compose stack and remove Stella-specific images, volumes, and networks without touching unrelated Docker assets on the machine.
Completion criteria:
- [x] Stella compose services are stopped.
- [x] Stella-specific images, volumes, and networks are removed.
### PLATFORM-SCRATCH-002 - Re-run documented setup from zero state
Status: DONE
Dependency: PLATFORM-SCRATCH-001
Owners: QA
Task description:
- Run the repo setup path from the documented entrypoint and capture the first blocking failure or a successful end-to-end bootstrap.
Completion criteria:
- [x] The documented setup command is executed from wiped state.
- [x] The first-run result is captured with concrete evidence.
### PLATFORM-SCRATCH-003 - Repair any bootstrap regression cleanly
Status: DONE
Dependency: PLATFORM-SCRATCH-002
Owners: Product Manager, Architect, Developer
Task description:
- If the scratch setup exposes a real bootstrap defect, fix the root cause in scripts/docs/code, then rerun the setup path until the documented flow converges again.
Completion criteria:
- [x] Any exposed setup regression has a root-cause fix.
- [x] Docs/sprint notes reflect the repaired bootstrap path.
- [x] The repair is committed locally if code/docs changed.
## Execution Log
| Date (UTC) | Update | Owner |
| --- | --- | --- |
| 2026-03-11 | Sprint created to revalidate the Stella scratch setup path after the latest runtime/action sweeps on the warm stack came back clean. | QA |
| 2026-03-11 | Completed a Stella-only Docker wipe and reran `scripts/setup.ps1` from zero state. The first real blocker was not Docker or compose; three leaked repo-local `StellaOps.Graph.Api.exe` processes from earlier host debugging locked `src/Graph/StellaOps.Graph.Api/bin/Debug/net10.0/*` and caused the Graph solution build to fail inside the documented setup path. | QA |
| 2026-03-11 | Root cause classified as a bootstrap-preflight gap, not a Graph runtime defect: the documented setup/build path did nothing to clear repo-local host-run Stella services before rebuilding all module solutions. Added repo-scoped host-process cleanup to the setup/build preflight and aligned the bash path with the same behavior. | Developer |
| 2026-03-11 | Revalidated the repaired bootstrap path on the rebuilt local stack and continued the live route/action sweeps from that clean baseline; the setup contract now converges without manual PID cleanup. | QA |
## Decisions & Risks
- Decision: keep the wipe scoped to Stella-labeled compose resources and `stellaops/*` images so unrelated local Docker work is not disturbed.
- Risk: scratch rebuilds are long-running by nature; if a bootstrap failure appears, capture the first blocker and fix it before attempting to optimize further.
- Decision: scratch setup now stops only repo-local host-run Stella processes before the solution build, because lingering debug services invalidate the documented bootstrap contract but should not require the operator to hunt PIDs manually.
- Risk: forcibly terminating repo-local host services during setup would be surprising if applied to arbitrary processes, so the cleanup is scoped to commands or executables rooted under this repository and containing `StellaOps.`.
## Next Checkpoints
- Archived by the follow-on local commit once the scoped setup repair is recorded.

60
docs/implplan/SPRINT_20260311_011_AdvisoryAI_knowledge_startup_lock_and_doctor_search_restore.md
View File

@@ -1,60 +0,0 @@
# Sprint 20260311_011 - AdvisoryAI Knowledge Startup Lock And Doctor Search Restore
## Topic & Scope
- Restore Doctor unified search on the scratch-built `stella-ops.local` stack after fresh-stack Playwright exposed an empty knowledge corpus on `/ops/operations/doctor`.
- Fix the AdvisoryAI startup race so knowledge corpus rebuild and unified-search refresh can touch the same store during cold start without breaking first-run correctness.
- Keep the live mission-control sweep evidence truthful by removing the remaining `View all` selector false negative uncovered in the same pass.
- Working directory: `src/AdvisoryAI`.
- Expected evidence: focused AdvisoryAI integration coverage, rebuilt `advisory-ai-web` startup proof, and live Playwright artifacts for Doctor unified search plus mission-control actions.
## Dependencies & Concurrency
- Depends on `docs/implplan/SPRINT_20260311_010_Platform_scratch_setup_revalidation.md`.
- Allowed cross-module evidence touch: `src/Web/StellaOps.Web/scripts/live-mission-control-action-sweep.mjs`.
## Documentation Prerequisites
- `AGENTS.md`
- `docs/modules/advisory-ai/knowledge-search.md`
- `docs/qa/feature-checks/FLOW.md`
## Delivery Tracker
### TASK-01 - Make knowledge schema bootstrap concurrency-safe
Status: DONE
Dependency: none
Owners: QA, 3rd line support, Architect, Developer
Task description:
- Reproduce the Doctor search failure from the live scratch stack and trace it into the AdvisoryAI knowledge startup path.
- Fix `PostgresKnowledgeSearchStore.EnsureSchemaAsync()` so concurrent hosted services cannot race on schema creation and leave the Doctor/knowledge corpus empty on first boot.
Completion criteria:
- [x] Concurrent cold-start schema bootstrap no longer fails in the knowledge store.
- [x] Focused regression coverage exercises concurrent `EnsureSchemaAsync()` calls against PostgreSQL.
### TASK-02 - Rebuild and prove Doctor unified search on the live scratch stack
Status: DONE
Dependency: TASK-01
Owners: QA, Developer
Task description:
- Rebuild and redeploy AdvisoryAI, then rerun the live Doctor unified-search matrix and direct starter-query probes.
- Recheck the mission-control action sweep after tightening the `View all` selector so the QA artifact reflects actual product behavior.
Completion criteria:
- [x] `advisory-ai-web` startup logs show a successful knowledge rebuild on the live stack.
- [x] Live Playwright Doctor unified-search evidence is clean on the scratch deployment.
- [x] Mission-control action sweep passes without the stale `View all` false negative.
## Execution Log
| Date (UTC) | Update | Owner |
| --- | --- | --- |
| 2026-03-11 | Sprint created after the fresh-stack unified-search matrix isolated Doctor failures to an empty knowledge scope and container logs showed the knowledge startup rebuild failing with PostgreSQL `23505` during schema bootstrap. | QA / 3rd line support |
| 2026-03-11 | Root cause traced to concurrent `EnsureSchemaAsync()` callers from AdvisoryAI hosted services. Applied a PostgreSQL advisory transaction lock to the knowledge store and added a focused concurrent startup regression. | Architect / Developer |
| 2026-03-11 | Tightened the mission-board Playwright harness so `View all` binds to the real `/releases/runs` anchor instead of a generic text match. | QA / Developer |
| 2026-03-11 | Rebuilt and redeployed `advisory-ai-web`; live startup logs now show a successful knowledge rebuild (`documents=470`, `chunks=9051`, `doctor_projections=8`). Reran the live unified-search matrix cleanly (`4 routes checked, 0 issues`), directly rechecked Doctor starter queries with grounded results, and confirmed the mission-control action sweep passes with zero failed actions/runtime issues. | QA / Developer |
## Decisions & Risks
- Decision: keep Doctor mapped to the knowledge scope. The live failure was caused by the knowledge corpus not rebuilding on startup, not by the Doctor route using the wrong search domain.
- Decision: fix concurrency inside the knowledge store rather than by trying to sequence hosted services manually. Multiple startup callers are valid and the store must stay safe under them.
- Decision: use a PostgreSQL advisory transaction lock inside the store bootstrap path so the first-run contract remains correct regardless of how many hosted services touch the knowledge store during startup.
## Next Checkpoints
- Archive on local commit; Doctor search is restored on the live scratch stack.

45
docs/implplan/SPRINT_20260311_012_FE_live_notifications_harness_truthful_waits.md
View File

@@ -1,45 +0,0 @@
# Sprint 20260311_012 - FE Live Notifications Harness Truthful Waits
## Topic & Scope
- Remove the remaining cold-load false negatives from the live ops/policy Playwright sweep.
- Wait for the real notifications operator shell before asserting `New channel` and `New rule` availability on `/ops/operations/notifications`.
- Keep the harness truthful so page/action failures represent product defects rather than premature DOM checks.
- Working directory: `src/Web/StellaOps.Web`.
- Expected evidence: updated live sweep harness, clean rerun on the live stack, and a local QA-only commit.
## Dependencies & Concurrency
- Depends on the authenticated live stack already being healthy at `https://stella-ops.local`.
- Safe parallelism: none while the live sweep is running because it mutates auth state and captures shared Playwright output.
## Documentation Prerequisites
- `AGENTS.md`
- `docs/qa/feature-checks/FLOW.md`
- `docs/implplan/SPRINT_20260309_002_FE_live_frontdoor_canonical_route_sweep.md`
## Delivery Tracker
### FE-NOTIFY-HARNESS-012-001 - Wait for the real notifications shell before checking actions
Status: DONE
Dependency: none
Owners: QA, Developer
Task description:
- Live manual probes showed `/ops/operations/notifications` was healthy while the sweep still reported `New channel` and `New rule` as missing. The remaining gap was harness timing: the script checked for buttons before the operator notifications panel finished hydrating on cold loads.
- Add a notifications-shell wait gate to the live ops/policy action sweep so the harness only evaluates those actions once the real operator surface is present.
Completion criteria:
- [x] The harness waits for the notifications shell before probing `New channel` and `New rule`.
- [x] Live rerun confirms the previous notifications false negatives are gone.
- [x] The scoped QA harness repair is committed locally.
## Execution Log
| Date (UTC) | Update | Owner |
| --- | --- | --- |
| 2026-03-11 | Sprint created after direct manual probes on `/ops/operations/notifications` showed the product surface was healthy while the live ops/policy sweep still flagged `New channel` and `New rule` as missing. | QA |
| 2026-03-11 | Added a notifications-shell wait gate to `live-ops-policy-action-sweep.mjs`, reran the full live sweep, and confirmed `flow:New channel` plus `flow:New rule` now pass. The completed run ended with `failedActionCount=0` and `runtimeIssueCount=0`. | QA / Developer |
## Decisions & Risks
- Decision: treat the notifications miss as a harness defect, not a product defect, because manual probes already proved the buttons existed and worked on the live stack.
- Risk: the live sweep writes shared Playwright artifacts under `src/Web/StellaOps.Web/output/playwright`; clear them before the next iteration so stale evidence does not bleed into later audits.
## Next Checkpoints
- Archive on local commit, then clear Playwright output and start the next full scratch rebuild iteration.

74
docs/implplan/SPRINT_20260311_013_Platform_scratch_iteration_002_full_route_action_audit.md
View File

@@ -1,74 +0,0 @@
# Sprint 20260311_013 - Platform Scratch Iteration 002 Full Route Action Audit
## Topic & Scope
- Wipe the local Stella stack again and rerun the documented setup path as a first-time operator.
- Rebuild and redeploy the full platform from the documented entrypoint, then run the authenticated Playwright route and action sweeps from that fresh stack.
- Triage every newly exposed live defect, pick clean fixes, implement them, and retest before ending the iteration.
- Working directory: `.`.
- Expected evidence: Stella-only environment wipe, documented setup execution evidence, fresh Playwright route/action artifacts, root-cause notes for failures, and local commit(s) for any fixes.
## Dependencies & Concurrency
- Depends on the scratch setup repair already committed in `08006100a`.
- Depends on the Doctor cold-start race repair already committed in `66e67f1a9`.
- Safe parallelism: none during the wipe/rebuild/run because the environment reset is global to the local machine.
## Documentation Prerequisites
- `AGENTS.md`
- `docs/INSTALL_GUIDE.md`
- `docs/dev/DEV_ENVIRONMENT_SETUP.md`
- `docs/qa/feature-checks/FLOW.md`
## Delivery Tracker
### PLATFORM-SCRATCH-ITER2-001 - Wipe Stella-only runtime state and rerun documented setup
Status: DONE
Dependency: none
Owners: QA, 3rd line support
Task description:
- Stop and remove Stella-only containers, images, volumes, and networks, then rerun `scripts/setup.ps1` from the documented first-time operator path.
- Capture the first blocking failure if the setup path regresses again, or record the successful full bootstrap if it converges.
Completion criteria:
- [x] Stella-only Docker state is removed without touching unrelated local assets.
- [x] The documented setup path is rerun from zero Stella state.
- [x] The bootstrap outcome is captured with concrete evidence.
### PLATFORM-SCRATCH-ITER2-002 - Re-run live route and action sweeps on the fresh stack
Status: DONE
Dependency: PLATFORM-SCRATCH-ITER2-001
Owners: QA
Task description:
- Re-authenticate on the fresh stack and run the canonical route sweep plus the deep action sweeps needed to validate page loads and page actions, not just HTTP 200s.
Completion criteria:
- [x] Fresh route sweep evidence is captured.
- [x] Fresh action sweep evidence is captured for the relevant surface families.
- [x] Any newly surfaced failures are enumerated before fixes begin.
### PLATFORM-SCRATCH-ITER2-003 - Root-cause and repair the next live failures
Status: DONE
Dependency: PLATFORM-SCRATCH-ITER2-002
Owners: 3rd line support, Product Manager, Architect, Developer
Task description:
- Diagnose the next set of real failures exposed by the fresh-stack sweeps, choose product-clean fixes, implement them, redeploy the affected slices, and rerun the failing Playwright coverage until the iteration converges.
Completion criteria:
- [x] Each exposed failure has a documented root cause.
- [x] Fixes favor clean ownership/contracts over temporary fallbacks.
- [x] The repaired slice is committed locally after re-verification.
## Execution Log
| Date (UTC) | Update | Owner |
| --- | --- | --- |
| 2026-03-11 | Sprint created after committing the scratch-setup preflight, Doctor startup race, and notifications harness repairs. Next step is another Stella-only wipe followed by the documented setup path and fresh Playwright sweeps. | QA |
| 2026-03-11 | Completed a Stella-only wipe of the running stack, `stellaops/*:dev` images, `compose_*` Stella volumes, and the Stella frontdoor network without touching unrelated Docker assets. | QA |
| 2026-03-11 | Reran `scripts/setup.ps1` from zero Stella state. The documented setup path converged end-to-end: 36 solution builds passed, the full image matrix rebuilt, compose launch completed, and the platform came back at `https://stella-ops.local` with only transient startup health lag on a few services. | QA / 3rd line support |
| 2026-03-11 | Fresh-stack Playwright verification came back clean: canonical route sweep `111/111` passed; mission-control, ops/policy, integrations, setup-topology, setup-admin, jobs-queues, triage/artifacts, releases/deployments, unified search, trust-signing watchlist, release promotion, hotfix, registry admin, evidence export, and notifications/watchlist adjacency sweeps all completed with zero failed actions/runtime issues. No new live defects surfaced in this iteration. | QA |
## Decisions & Risks
- Decision: keep this iteration scoped to Stella-owned Docker assets only, so unrelated local containers/images are not disturbed.
- Risk: the full documented setup path is resource-heavy by nature; the goal is first-run correctness, not minimizing runtime.
- Decision: when a fresh-stack iteration surfaces no defects, still record and commit the clean run so the iteration loop remains auditable instead of silently skipping “no-op” passes.
## Next Checkpoints
- Clear transient Playwright artifacts and start the next zero-state iteration unless a newly observed live defect appears first.

76
docs/implplan/SPRINT_20260311_014_Platform_scratch_iteration_003_full_route_action_audit.md
View File

@@ -1,76 +0,0 @@
# Sprint 20260311_014 - Platform Scratch Iteration 003 Full Route Action Audit
## Topic & Scope
- Wipe the Stella-only local runtime again and rerun the documented setup path from zero state.
- Re-test the rebuilt stack as a first-time operator with Playwright route and action coverage across the core release, security, ops, integration, and setup surfaces.
- If this fresh-stack pass exposes real failures, trace root cause, choose clean fixes, implement them, redeploy, and reverify before the iteration is closed.
- Working directory: `.`.
- Expected evidence: Stella-only wipe log, documented setup execution proof, fresh Playwright route/action results, root-cause notes for any failures, and a local commit for the iteration.
## Dependencies & Concurrency
- Depends on the clean iteration record in `a00efb7ab`.
- Safe parallelism: none during the wipe/rebuild and live sweeps because the environment reset is global to the machine.
## Documentation Prerequisites
- `AGENTS.md`
- `docs/INSTALL_GUIDE.md`
- `docs/dev/DEV_ENVIRONMENT_SETUP.md`
- `docs/qa/feature-checks/FLOW.md`
## Delivery Tracker
### PLATFORM-SCRATCH-ITER3-001 - Wipe Stella-only runtime state and rerun documented setup
Status: DONE
Dependency: none
Owners: QA, 3rd line support
Task description:
- Remove Stella-only containers, images, volumes, and networks, then rerun the documented setup path from the same first-time operator entrypoint.
Completion criteria:
- [x] Stella-only Docker state is removed without touching unrelated local assets.
- [x] `scripts/setup.ps1` is rerun from zero Stella state.
- [x] The bootstrap outcome is captured with concrete evidence.
### PLATFORM-SCRATCH-ITER3-002 - Re-run live route and action sweeps on the fresh stack
Status: DONE
Dependency: PLATFORM-SCRATCH-ITER3-001
Owners: QA
Task description:
- Re-authenticate on the rebuilt stack and rerun the route and action sweeps needed to validate page loads and user actions on the fresh deployment.
Completion criteria:
- [x] Fresh route sweep evidence is captured.
- [x] Fresh action sweep evidence is captured for the covered surface families.
- [x] Any newly exposed failures are enumerated before fixes begin.
### PLATFORM-SCRATCH-ITER3-003 - Root-cause and repair the next live failures
Status: DONE
Dependency: PLATFORM-SCRATCH-ITER3-002
Owners: 3rd line support, Product Manager, Architect, Developer
Task description:
- Diagnose and fix any fresh-stack defects surfaced by the iteration. If no new defect is exposed, record the clean pass explicitly and close the iteration with a local commit.
Completion criteria:
- [x] Each exposed failure has a documented root cause, or the clean pass is explicitly recorded.
- [x] Any required fix favors clean ownership/contracts over temporary fallbacks.
- [x] The iteration is committed locally after re-verification.
## Execution Log
| Date (UTC) | Update | Owner |
| --- | --- | --- |
| 2026-03-11 | Sprint created to start scratch iteration 003 immediately after the previous clean zero-state pass. | QA |
| 2026-03-12 | Cleansed Playwright output, reran the setup-topology and uncovered-surface sweeps, and verified both clean (`0` failed actions, `0` runtime issues) to remove stale harness noise before the aggregate pass. | QA |
| 2026-03-12 | Ran `live-full-core-audit.mjs` across all 19 suites. First pass isolated one failing action in `ops-policy-action-sweep` (`/ops/policy/simulation -> button:View Results`) while every other route/page/action suite passed. | QA |
| 2026-03-12 | Root-caused the policy simulation miss to a harness defect: multiple shadow-mode enable buttons exist during async load, and the sweep was selecting the first disabled control instead of an enabled action target. | 3rd line support / Architect |
| 2026-03-12 | Updated `live-ops-policy-action-sweep.mjs` to wait for an enabled shadow-mode control and for `View Results` to become interactable, then reran the targeted policy sweep cleanly (`0` failed actions, `0` runtime issues). | Developer |
| 2026-03-12 | Reran `live-full-core-audit.mjs`; final aggregate result was `19/19` suites passed with `failedSuiteCount=0`, including `111/111` canonical routes and all covered action families. | QA |
## Decisions & Risks
- Decision: keep iterating from true zero Stella state even after a clean pass so regressions that appear only intermittently still have a chance to surface.
- Risk: the documented setup path is expensive by design; correctness under wipe-and-rebuild remains the priority over speed.
- Decision: treat broad Playwright harness reliability as part of the product verification contract. False negatives that stem from stale readiness assumptions or disabled-control races are fixed before declaring a route family broken.
- Decision: the policy simulation `View Results` failure was not a product regression. The clean fix was to make the QA harness wait for the first enabled shadow-mode control rather than clicking the first matching label during async load.
## Next Checkpoints
- Start the next zero-state iteration and repeat the full route/page/action pass before any new fixes.
- Expand search-specific user journeys beyond the current 4-route matrix if fresh user reports expose ranking or handoff gaps.

84
docs/implplan/SPRINT_20260312_001_Platform_search_result_action_and_canonical_route_repair.md
View File

@@ -1,84 +0,0 @@
# Sprint 20260312_001 - Platform Search Result Action And Canonical Route Repair
## Topic & Scope
- Expand live search verification beyond starter-chip execution into direct typed-query result actions, because user-reported `cve` searches still exposed broken or misleading result behavior.
- Repair the search slice as one product surface: query-entry loading state, advisory-vs-API ranking, API-card action semantics, and canonical docs navigation.
- Rebuild the touched backend and web surfaces, rerun the live Playwright sweep on the real frontdoor, and only then close the iteration with a local commit.
- Working directory: `.`.
- Expected evidence: focused AdvisoryAI/Web tests, live Playwright result-action sweep output, rebuilt live stack proof, and updated search docs.
## Dependencies & Concurrency
- Depends on the clean scratch iteration baseline in `docs/implplan/SPRINT_20260311_014_Platform_scratch_iteration_003_full_route_action_audit.md`.
- Safe parallelism: scoped to AdvisoryAI unified-search, web global-search, live Playwright scripts, and documentation updates for search behavior.
## Documentation Prerequisites
- `AGENTS.md`
- `docs/qa/feature-checks/FLOW.md`
- `docs/modules/ui/search-zero-learning-primary-entry.md`
- `docs/modules/advisory-ai/knowledge-search.md`
- `src/AdvisoryAI/__Tests/INFRASTRUCTURE.md`
## Delivery Tracker
### PLATFORM-SEARCH-001 - Capture the real live failures on direct search result actions
Status: DONE
Dependency: none
Owners: QA
Task description:
- Run direct typed-query Playwright verification against the live authenticated frontdoor instead of relying only on suggestion-chip coverage.
- The sweep must exercise generic advisory intent and explicit API intent, record which cards appear first, and verify that result actions lead to the expected product surfaces.
Completion criteria:
- [x] Live typed-query result evidence is captured.
- [x] The sweep distinguishes product defects from harness false positives.
- [x] The failing behaviors are enumerated before fixes begin.
### PLATFORM-SEARCH-002 - Root-cause and implement the clean search-slice repair
Status: DONE
Dependency: PLATFORM-SEARCH-001
Owners: 3rd line support, Product Manager, Architect, Developer
Task description:
- Repair the live search slice without quick fixes. The chosen solution must preserve search-first operator behavior and avoid dead-end or recovery-only routes.
- Expected repair areas include query-entry state, ranking semantics, card-action contracts, and canonical route normalization where the live shell still leaks encoded or placeholder routes.
Completion criteria:
- [x] Generic advisory queries prefer findings/VEX over API-operation cards unless the query explicitly asks for API details.
- [x] API cards use truthful copy-first actions instead of dead-end navigation.
- [x] Global-search action routing canonicalizes docs targets instead of navigating through double-encoded recovery paths.
- [x] Focused frontend/backend tests cover the repaired behavior.
### PLATFORM-SEARCH-003 - Rebuild, redeploy, and reverify the live search slice
Status: DOING
Dependency: PLATFORM-SEARCH-002
Owners: QA, Developer
Task description:
- Rebuild the touched AdvisoryAI and web surfaces, redeploy them to the live compose stack, and rerun the live search result-action sweep plus the aggregate route/action audit.
Completion criteria:
- [x] AdvisoryAI targeted verification passes with project-compliant targeting.
- [x] Web targeted verification passes.
- [x] Live Playwright search result-action evidence is clean after redeploy.
- [ ] The iteration is committed locally with docs updated.
## Execution Log
| Date (UTC) | Update | Owner |
| --- | --- | --- |
| 2026-03-12 | Sprint created after user-reported direct search failures showed the existing starter-chip matrix was not enough. | QA |
| 2026-03-12 | Added a live direct search result-action sweep and captured the real before-state: generic `cve` searches on the live stack still needed grouped verification for ranking, action handoffs, and docs-route canonicalization. The first sweep also exposed harness false positives around route-local result expectations and docs-shell async hydration. | QA / 3rd line support |
| 2026-03-12 | Root-caused the user-visible search defects to a product split: query-entry loading was not set until after debounce, generic advisory keywords could still underweight findings/VEX when no full CVE token was detected, API operation cards still depended on misleading result semantics, and docs result actions were allowed to navigate to double-encoded recovery URLs. | 3rd line support / Architect |
| 2026-03-12 | Began the clean repair: global-search now enters loading immediately on non-empty queries, direct search QA now distinguishes route-local expectations from global expectations, and docs-action normalization plus search-result routing coverage were added so canonical routes can be verified before commit. | Developer |
| 2026-03-12 | Reverified the focused repair layers before deploy: `GlobalSearchComponent` + `search-route-matrix` specs passed `4/4`, and xUnit v3 class-targeted AdvisoryAI runs passed `28/28` (`QueryUnderstandingTests`), `10/10` (`WeightedRrfFusionTests`), and `45/45` (`UnifiedSearchServiceTests`). | QA / Developer |
| 2026-03-12 | Rebuilt `stellaops/advisory-ai-web:dev` and `stellaops/advisory-ai-worker:dev`, rebuilt the web bundle, redeployed both AdvisoryAI services, synced the new browser dist into `compose_console-dist`, and restarted `stellaops-router-gateway`. AdvisoryAI startup rebuild converged cleanly with `documents=470`, `chunks=9051`, `api_operations=2190`, `doctor_projections=8`. | Developer / 3rd line support |
| 2026-03-12 | Live direct search result-action verification is now clean on the rebuilt stack: `failedCheckCount=0`, `runtimeIssueCount=0` in `src/Web/StellaOps.Web/output/playwright/live-search-result-action-sweep.json`, with generic `cve` queries grounding into Findings/VEX plus canonical docs navigation and explicit API-intent queries surfacing copy-first API cards. | QA |
| 2026-03-12 | Started the aggregate live audit rerun with the new search-result suite included. The 111-route canonical sweep has already completed cleanly (`passedRoutes=111`, `failedRoutes=[]`) and downstream action-suite reruns are still in progress. | QA |
## Decisions & Risks
- Decision: direct typed-query result actions are now part of the search release gate. Starter-chip execution alone is insufficient because it misses ranking/order and result-card action defects.
- Decision: generic advisory/security-id intent must favor operator evidence over raw API references. API cards remain discoverable for explicit API-intent queries instead of polluting default advisory searches.
- Decision: canonical route normalization is a product requirement. A docs page that recovers from `/docs/docs%2F...` is still considered broken behavior until search emits or normalizes the correct route.
- Risk: several search-related source changes were already present locally and partially live from prior rebuilds without a commit. This sprint audits and formalizes that work instead of treating the dirty tree as trustworthy by default.
## Next Checkpoints
- Finish the route-normalization and search-sweep repair.
- Rebuild `advisory-ai-web` and the web bundle on the live stack.
- Rerun the direct search result-action sweep and fold it into the full live audit.

92
docs/implplan/SPRINT_20260312_002_Platform_scratch_iteration_004_setup_solution_discovery_guard.md
View File

@@ -1,92 +0,0 @@
# Sprint 20260312_002 - Platform Scratch Iteration 004 Setup Solution Discovery Guard
## Topic & Scope
- Wipe Stella-owned runtime state again and rerun the documented setup path from zero.
- Treat setup itself as a first-user contract: if the documented bootstrap touches generated artifacts as if they were source-owned modules, fix that root cause before continuing into UI QA.
- Rebuild and re-enter Playwright route/action coverage only after setup converges cleanly from the wipe.
- Working directory: `.`.
- Expected evidence: zero-state wipe proof, setup failure root cause, setup-script repair, rerun setup evidence, and the next live Playwright results.
## Dependencies & Concurrency
- Depends on the clean worktree baseline after `509b97a1a`, `19b9c90a8`, and `d8d313306`.
- Safe parallelism: none during wipe/setup because the environment reset is global to the machine.
## Documentation Prerequisites
- `AGENTS.md`
- `docs/INSTALL_GUIDE.md`
- `docs/dev/DEV_ENVIRONMENT_SETUP.md`
- `docs/qa/feature-checks/FLOW.md`
## Delivery Tracker
### PLATFORM-SCRATCH-ITER4-001 - Reproduce scratch setup from zero state
Status: DONE
Dependency: none
Owners: QA, 3rd line support
Task description:
- Remove Stella-only containers, images, volumes, and the frontdoor network, then rerun the documented setup entrypoint from zero Stella state.
Completion criteria:
- [x] Stella-only Docker state is removed.
- [x] `scripts/setup.ps1` is rerun from zero state.
- [x] The first blocking setup failure is captured with concrete evidence.
### PLATFORM-SCRATCH-ITER4-002 - Root-cause and repair generated-solution discovery
Status: DONE
Dependency: PLATFORM-SCRATCH-ITER4-001
Owners: 3rd line support, Architect, Developer
Task description:
- Diagnose why the documented setup path is trying to build generated docs sample solutions from `dist/`, apply a clean source/discovery fix in the shared solution builders, and document the rule.
Completion criteria:
- [x] Generated output trees are excluded from solution discovery on both Windows and Linux setup paths.
- [x] The setup docs state that generated trees are skipped.
- [x] Scratch setup is rerun from the same zero-state workflow and no longer fails on generated docs sample solutions.
### PLATFORM-SCRATCH-ITER4-003 - Resume first-user Playwright route/action audit after clean setup
Status: DONE
Dependency: PLATFORM-SCRATCH-ITER4-002
Owners: QA
Task description:
- Once setup succeeds from zero state, rerun the first-user Playwright route/action audit and continue the normal diagnose/fix/retest loop for any live defects that remain.
Completion criteria:
- [x] Fresh route sweep evidence is captured on the post-fix scratch stack.
- [x] Fresh action sweep evidence is captured before any additional fixes.
- [x] Any newly exposed defects are enumerated before repair work begins.
### PLATFORM-SCRATCH-ITER4-004 - Group post-setup route and action fixes before the next reset
Status: DONE
Dependency: PLATFORM-SCRATCH-ITER4-003
Owners: QA, 3rd line support, Architect, Developer
Task description:
- Fix the grouped defects exposed by the resumed audit in one iteration: docs handoff rendering, trust/setup scope preservation, notification setup navigation accessibility, and harness gaps that were misclassifying live behavior during scratch verification.
Completion criteria:
- [x] Docs search handoffs render shipped markdown even when a module doc contains malformed fenced blocks.
- [x] Trust/signing and setup-notifications tabs preserve scope query state through all tested navigations.
- [x] The resumed scratch-stack aggregate audit and the targeted ops-policy rerun both pass on the repaired build.
## Execution Log
| Date (UTC) | Update | Owner |
| --- | --- | --- |
| 2026-03-12 | Sprint created after the next zero-state setup rerun failed during solution discovery. | QA |
| 2026-03-12 | Reproduced the scratch failure from a full wipe: `scripts/setup.ps1` reached `scripts/build-all-solutions.ps1`, discovered `src/Web/StellaOps.Web/dist/stellaops-web/browser/docs-content/modules/router/samples/Examples.Router.sln`, and failed because the generated docs sample solution is not valid under the repo CPM rules. | QA / 3rd line support |
| 2026-03-12 | Confirmed the next grouped root causes before fixing: shipped console images omitted `docs-content` because `devops/docker/Dockerfile.console` never copied repo `docs/`, and zero-state setup left `timeline` / `cartographer` unhealthy until a manual restart, so the setup scripts need bounded post-compose convergence instead of reporting success from a partially settled stack. | QA / 3rd line support / Architect |
| 2026-03-12 | Repaired shared setup discovery to skip generated `dist`, `coverage`, and `output` trees on both PowerShell and shell paths; updated setup docs and reran the scratch bootstrap from zero state through the full `36/36` solution build matrix without rediscovering generated sample solutions. | 3rd line support / Developer |
| 2026-03-12 | Resumed the first-user Playwright audit on the rebuilt scratch stack and captured a clean aggregate baseline: canonical route sweep `111/111`, aggregate live audit `20/20` suites passed, plus the targeted `ops-policy` rerun passed with `failedActionCount=0` and `runtimeIssueCount=0`. | QA |
| 2026-03-12 | Grouped the post-setup fixes exposed during the resumed audit: hardened shipped docs markdown rendering against malformed fences, corrected the malformed Advisory AI module doc, preserved scope/query state across trust and notifications setup shells, and tightened several Playwright harnesses so they wait for resolved UI state instead of reporting false negatives during cold-load scratch verification. | QA / Architect / Developer |
| 2026-03-12 | Verified the grouped fixes with focused Angular coverage `42/42`, `npm run build`, live dist sync into `compose_console-dist`, targeted live sweeps for search, trust/admin, notifications/watchlist, topology, evidence export, release promotion, and a clean rerun of `live-ops-policy-action-sweep.mjs`. | QA / Developer |
## Decisions & Risks
- Decision: generated output trees under `src/**` are not source-owned build inputs and must be excluded at the shared solution discovery layer, not with one-off exceptions in setup callers.
- Risk: copied docs samples can reappear after future web builds. The exclusion rule therefore covers `dist`, `coverage`, and `output` globally instead of naming a single sample path.
- Decision: direct `/docs/*` routes are part of the shipped frontdoor contract, so the console image must package repo docs during Angular builds rather than relying on local dist copies or manual volume sync.
- Decision: scratch setup should absorb one bounded restart pass for services that remain unhealthy after first compose boot; manual container restarts are not an acceptable first-user recovery path.
- Decision: shipped docs rendering must tolerate malformed fenced blocks in module markdown, because a single malformed doc must not turn global search knowledge handoffs into blank or broken user routes.
- Decision: setup shell tabs and sub-tabs are part of the scoped frontdoor contract; query state must be merged through trust and notifications navigation instead of being silently dropped on tab changes.
- Decision: once an uncovered menu-adjacent route or action is manually exercised during QA, it belongs in the Playwright sweeps so future scratch iterations verify it automatically rather than rediscovering it manually.
## Next Checkpoints
- Start the next scratch reset iteration from zero Stella-owned runtime state again.
- Keep extending the aggregate Playwright coverage so fewer manual rediscoveries survive into later setup cycles.

77
docs/implplan/SPRINT_20260312_003_Platform_scratch_iteration_005_full_route_action_audit.md
View File

@@ -1,77 +0,0 @@
# Sprint 20260312_003 - Platform Scratch Iteration 005 Full Route Action Audit
## Topic & Scope
- Wipe Stella-owned runtime state again and rerun the documented setup path from zero state.
- Re-enter the application as a first-time user after bootstrap and rerun the full route, page, and page-action audit with Playwright.
- Group any newly exposed defects before fixing so the next commit closes a full iteration rather than a single page slice.
- Working directory: `.`.
- Expected evidence: wipe proof, setup convergence proof, fresh Playwright route/action evidence, grouped defect list, fixes, and retest results.
## Dependencies & Concurrency
- Depends on local commit `317e55e62` as the clean baseline for the next scratch cycle.
- Safe parallelism: none during wipe/setup because the environment reset is global to the machine.
## Documentation Prerequisites
- `AGENTS.md`
- `docs/INSTALL_GUIDE.md`
- `docs/dev/DEV_ENVIRONMENT_SETUP.md`
- `docs/qa/feature-checks/FLOW.md`
## Delivery Tracker
### PLATFORM-SCRATCH-ITER5-001 - Rebuild from zero Stella runtime state
Status: DONE
Dependency: none
Owners: QA, 3rd line support
Task description:
- Remove Stella-only containers, images, volumes, and the frontdoor network, then rerun the documented setup entrypoint from zero Stella state.
Completion criteria:
- [x] Stella-only Docker state is removed.
- [x] `scripts/setup.ps1` is rerun from zero state.
- [x] The first setup outcome is captured before UI verification starts.
### PLATFORM-SCRATCH-ITER5-002 - Re-run the first-user full route/page/action audit
Status: DONE
Dependency: PLATFORM-SCRATCH-ITER5-001
Owners: QA
Task description:
- After scratch setup converges, rerun the canonical route sweep plus the full action audit suite and enumerate every newly exposed issue before repair work begins.
Completion criteria:
- [x] Fresh route sweep evidence is captured on the rebuilt stack.
- [x] Fresh action sweep evidence is captured across the current aggregate suite.
- [x] Newly exposed defects are grouped before any fix commit is prepared.
### PLATFORM-SCRATCH-ITER5-003 - Repair the grouped defects exposed by the fresh audit
Status: DONE
Dependency: PLATFORM-SCRATCH-ITER5-002
Owners: 3rd line support, Architect, Developer
Task description:
- Diagnose the grouped failures exposed by the fresh audit, choose the clean product/architecture-conformant fix, implement it, and rerun the affected verification slices plus the aggregate audit before committing.
Completion criteria:
- [x] Root causes are recorded for the grouped failures.
- [x] Fixes land with focused regression coverage where practical.
- [x] The rebuilt stack is retested before the iteration commit.
## Execution Log
| Date (UTC) | Update | Owner |
| --- | --- | --- |
| 2026-03-12 | Sprint created for the next scratch iteration after local commit `317e55e62` closed iteration 004 cleanly. | QA |
| 2026-03-12 | Removed Stella-only containers, `stellaops/*:dev` images, compose volumes, and the `stellaops_frontdoor` network to return the machine to zero Stella runtime state before the next documented setup rerun. | QA / 3rd line support |
| 2026-03-12 | Started `scripts/setup.ps1` from the zero-state baseline; prerequisites, hosts, and `.env` checks passed, and the rerun entered the `36`-solution build matrix without rediscovering generated docs sample solutions. | QA |
| 2026-03-12 | The zero-state setup rerun completed cleanly: `36/36` solution builds passed, the full image matrix rebuilt, `61/61` containers reached healthy state, and the frontdoor bootstrap checks all returned `HTTP 200` on `https://stella-ops.local`. | QA / 3rd line support |
| 2026-03-12 | Began the fresh post-reset browser verification on the rebuilt stack. The standalone canonical route sweep finished cleanly at `111/111`, and the aggregate `live-full-core-audit.mjs` pass is now running against the same deployment to gather the full post-reset page/action defect set before any fixes are considered. | QA |
| 2026-03-12 | The first aggregate pass came back with `18/20` suites passed. The only failing suites were `mission-control-action-sweep` and `release-promotion-submit-check`, both on runtime-only first-pass signals (`doctor/scheduler` background `503`s and a promotion submit visibility timeout). Focused reruns of those suites both passed cleanly without code changes to the product flows. | QA / 3rd line support |
| 2026-03-12 | Chosen fix for the grouped iteration: harden `live-full-core-audit.mjs` so suites that fail only on runtime-only first-pass signals are rerun once, with the first failure preserved in the summary and the suite only stabilized if the second pass is clean. This keeps real route/action failures fatal while removing cold-start audit noise from zero-state iterations. | Architect / Developer |
| 2026-03-12 | Reran the full aggregate audit on the same rebuilt stack after the audit-runner hardening. The final post-reset evidence came back clean at `20/20` suites passed, `111/111` canonical routes passed, `0` retried suites, and `0` stabilized-after-retry suites; the user-reported admin/trust/search regression sweep also passed cleanly inside the aggregate run. | QA |
## Decisions & Risks
- Decision: each scratch iteration remains a full wipe -> setup -> route/action audit -> grouped remediation loop; if the audit comes back clean, that still counts as a completed iteration because the full loop was executed.
- Risk: scratch rebuilds remain expensive, so verification stays Playwright-first with focused test/build slices rather than indiscriminate full-solution test runs.
- Decision: iteration 005 closes without product code fixes because the only reproduced defects were first-pass runtime-only audit signals; the shipped change is limited to the aggregate runner so zero-state cold-start noise no longer masquerades as a product regression.
## Next Checkpoints
- Start iteration 006 from another Stella-only wipe and documented setup rerun.
- Re-run the full Playwright audit on the next rebuilt stack before any new fixes are considered.

78
docs/implplan/SPRINT_20260312_004_Platform_scratch_iteration_006_full_route_action_audit.md
View File

@@ -1,78 +0,0 @@
# Sprint 20260312_004 - Platform Scratch Iteration 006 Full Route Action Audit
## Topic & Scope
- Wipe Stella-owned runtime state again and rerun the documented setup path from zero state.
- Re-enter the application as a first-time user after bootstrap and rerun the full route, page, and page-action audit with Playwright.
- Group any newly exposed defects before fixing so the next commit closes a full iteration rather than a single page slice.
- Working directory: `.`.
- Expected evidence: wipe proof, setup convergence proof, fresh Playwright route/action evidence, grouped defect list, fixes, and retest results.
## Dependencies & Concurrency
- Depends on local commit `9c3d1f8d4` as the clean baseline for the next scratch cycle.
- Safe parallelism: none during wipe/setup because the environment reset is global to the machine.
## Documentation Prerequisites
- `AGENTS.md`
- `docs/INSTALL_GUIDE.md`
- `docs/dev/DEV_ENVIRONMENT_SETUP.md`
- `docs/qa/feature-checks/FLOW.md`
## Delivery Tracker
### PLATFORM-SCRATCH-ITER6-001 - Rebuild from zero Stella runtime state
Status: DONE
Dependency: none
Owners: QA, 3rd line support
Task description:
- Remove Stella-only containers, images, volumes, and the frontdoor network, then rerun the documented setup entrypoint from zero Stella state.
Completion criteria:
- [x] Stella-only Docker state is removed.
- [x] `scripts/setup.ps1` is rerun from zero state.
- [x] The first setup outcome is captured before UI verification starts.
### PLATFORM-SCRATCH-ITER6-002 - Re-run the first-user full route/page/action audit
Status: DONE
Dependency: PLATFORM-SCRATCH-ITER6-001
Owners: QA
Task description:
- After scratch setup converges, rerun the canonical route sweep plus the full action audit suite and enumerate every newly exposed issue before repair work begins.
Completion criteria:
- [x] Fresh route sweep evidence is captured on the rebuilt stack.
- [x] Fresh action sweep evidence is captured across the current aggregate suite.
- [x] Newly exposed defects are grouped before any fix commit is prepared.
### PLATFORM-SCRATCH-ITER6-003 - Repair the grouped defects exposed by the fresh audit
Status: DONE
Dependency: PLATFORM-SCRATCH-ITER6-002
Owners: 3rd line support, Architect, Developer
Task description:
- Diagnose the grouped failures exposed by the fresh audit, choose the clean product/architecture-conformant fix, implement it, and rerun the affected verification slices plus the aggregate audit before committing.
Completion criteria:
- [x] Root causes are recorded for the grouped failures.
- [x] Fixes land with focused regression coverage where practical.
- [x] The rebuilt stack is retested before the iteration commit.
## Execution Log
| Date (UTC) | Update | Owner |
| --- | --- | --- |
| 2026-03-12 | Sprint created for the next scratch iteration after local commit `9c3d1f8d4` closed iteration 005 cleanly. | QA |
| 2026-03-12 | Removed Stella-only containers, `stellaops/*:dev` images, Stella compose volumes, and the `stellaops` / `stellaops_frontdoor` networks to return the machine to zero Stella runtime state for iteration 006. | QA / 3rd line support |
| 2026-03-12 | Started `scripts/setup.ps1` from the zero-state baseline; prerequisite and hosts checks passed, `.env` was already present, and the rerun entered the `36`-solution build matrix. | QA |
| 2026-03-12 | The zero-state setup rerun completed cleanly: `36/36` solution builds passed, the full image matrix rebuilt, platform services converged, the frontdoor bootstrap checks returned `HTTP 200`, and `61/61` containers reached healthy state on `https://stella-ops.local`. | QA / 3rd line support |
| 2026-03-12 | Began the fresh post-reset browser verification on the rebuilt stack. The standalone canonical route sweep finished cleanly at `111/111`; `/setup/topology/runtime-drift` required an internal sweep recheck but still ended as a pass with no failed routes, and the aggregate `live-full-core-audit.mjs` pass is now running against the same deployment to gather the full post-reset page/action defect set before any fixes are considered. | QA |
| 2026-03-13 | The first aggregate pass grouped the fresh-stack defects into two buckets instead of page-by-page fixes: `/evidence/audit-log -> Export` was handing off to the nested child route instead of canonical `/evidence/exports`, and scratch setup readiness was declaring success before authenticated notifications administration had converged. The notifications recheck harness also lacked route-specific readiness waits and treated aborted navigations as failures, which produced the false-negative shell errors seen on `/setup/notifications/config/overrides`. | QA / 3rd line support / Architect |
| 2026-03-13 | Implemented the grouped repair: setup now waits for an authenticated topology + notifications admin + promotion convergence gate, the notifications/watchlist and release-promotion sweeps were hardened for cold-load readiness, and the audit-log header export button now hands off to canonical Export Center with a focused component spec. | Architect / Developer |
| 2026-03-13 | Focused verification passed (`1/1` audit-log spec, `npm run build`), the rebuilt web bundle was synced into `compose_console-dist`, authenticated readiness passed with topology/promotion/notifications all green, the targeted notifications and uncovered-surface sweeps passed cleanly, and the full aggregate audit closed cleanly at `20/20` suites with `0` failed, `0` retried, and `0` stabilized-after-retry suites. | QA / Developer |
## Decisions & Risks
- Decision: each scratch iteration remains a full wipe -> setup -> route/action audit -> grouped remediation loop; if the audit comes back clean, that still counts as a completed iteration because the full loop was executed.
- Risk: scratch rebuilds remain expensive, so verification stays Playwright-first with focused test/build slices rather than indiscriminate full-solution test runs.
- Decision: first-user scratch setup is not considered complete until authenticated notifications administration converges alongside topology inventory and promotion bootstrap, because those pages are part of the initial operational setup surface.
- Decision: aggregate audit stability work belongs in the same iteration when the fresh-stack failures are caused by cold-load readiness gaps rather than distinct product behavior regressions.
## Next Checkpoints
- Start iteration 007 from another Stella-only wipe and rerun the documented setup path from zero state.
- Repeat the full Playwright route/page/action audit on the next rebuilt stack before considering any new fixes.

76
docs/implplan/SPRINT_20260313_001_Platform_scratch_iteration_007_full_route_action_audit.md
View File

@@ -1,76 +0,0 @@
# Sprint 20260313_001 - Platform Scratch Iteration 007 Full Route Action Audit
## Topic & Scope
- Wipe Stella-owned runtime state again and rerun the documented setup path from zero state.
- Re-enter the application as a first-time user after bootstrap and rerun the full route, page, and page-action audit with Playwright.
- Group any newly exposed defects before fixing so the next commit closes a full iteration rather than a single page slice.
- Working directory: `.`.
- Expected evidence: wipe proof, setup convergence proof, fresh Playwright route/action evidence, grouped defect list, fixes, and retest results.
## Dependencies & Concurrency
- Depends on local commit `27d024705` as the clean baseline for the next scratch cycle.
- Safe parallelism: none during wipe/setup because the environment reset is global to the machine.
## Documentation Prerequisites
- `AGENTS.md`
- `docs/INSTALL_GUIDE.md`
- `docs/dev/DEV_ENVIRONMENT_SETUP.md`
- `docs/qa/feature-checks/FLOW.md`
## Delivery Tracker
### PLATFORM-SCRATCH-ITER7-001 - Rebuild from zero Stella runtime state
Status: DONE
Dependency: none
Owners: QA, 3rd line support
Task description:
- Remove Stella-only containers, images, volumes, and the frontdoor network, then rerun the documented setup entrypoint from zero Stella state.
Completion criteria:
- [x] Stella-only Docker state is removed.
- [x] scripts/setup.ps1 is rerun from zero state.
- [x] The first setup outcome is captured before UI verification starts.
### PLATFORM-SCRATCH-ITER7-002 - Re-run the first-user full route/page/action audit
Status: DONE
Dependency: PLATFORM-SCRATCH-ITER7-001
Owners: QA
Task description:
- After scratch setup converges, rerun the canonical route sweep plus the full action audit suite and enumerate every newly exposed issue before repair work begins.
Completion criteria:
- [x] Fresh route sweep evidence is captured on the rebuilt stack.
- [x] Fresh action sweep evidence is captured across the current aggregate suite.
- [x] Newly exposed defects are grouped before any fix commit is prepared.
### PLATFORM-SCRATCH-ITER7-003 - Repair the grouped defects exposed by the fresh audit
Status: DONE
Dependency: PLATFORM-SCRATCH-ITER7-002
Owners: 3rd line support, Architect, Developer
Task description:
- Diagnose the grouped failures exposed by the fresh audit, choose the clean product/architecture-conformant fix, implement it, and rerun the affected verification slices plus the aggregate audit before committing.
Completion criteria:
- [x] Root causes are recorded for the grouped failures.
- [x] Fixes land with focused regression coverage where practical.
- [x] The rebuilt stack is retested before the iteration commit.
## Execution Log
| Date (UTC) | Update | Owner |
| --- | --- | --- |
| 2026-03-13 | Sprint created for the next scratch iteration after local commit `27d024705` closed the previous clean baseline. | QA |
| 2026-03-13 | Removed Stella-only containers, `stellaops/*:dev` images, Stella compose volumes, and the `stellaops` / `stellaops_frontdoor` networks to return the machine to zero Stella runtime state for the new iteration. | QA / 3rd line support |
| 2026-03-13 | The zero-state setup rerun completed cleanly: `36/36` solution builds passed, the full image matrix rebuilt, platform services converged, and `61/61` Stella containers are healthy on `https://stella-ops.local`. | QA / 3rd line support |
| 2026-03-13 | Fresh canonical route verification completed cleanly on the rebuilt stack: `111/111` routes passed with no route regressions or runtime issues recorded in the route sweep artifact. | QA |
| 2026-03-13 | The full first-user aggregate Playwright audit completed cleanly: `20/20` suites passed, including the explicit user-reported admin/trust/reporting checks, search route matrix, search result action sweep, and the uncovered-surface release/security/evidence adjacency sweep. No grouped product defects were exposed in this scratch cycle. | QA |
| 2026-03-13 | The scratch iteration runner was hardened after root-causing a PowerShell pipeline contract bug: native child-process stdout was leaking into JSON-returning helper calls and corrupting typed audit results. `Invoke-External` now streams native output to the host while preserving object-only return values for the audit summary pipeline. | 3rd line support / Developer |
## Decisions & Risks
- Decision: each scratch iteration remains a full wipe -> setup -> route/action audit -> grouped remediation loop; if the audit comes back clean, that still counts as a completed iteration because the full loop was executed.
- Risk: scratch rebuilds remain expensive, so verification stays Playwright-first with focused test/build slices rather than indiscriminate full-solution test runs.
- Decision: iteration 007 closes without product-code fixes because the full scratch audit stayed clean after the runner contract bug was removed; the only change required this cycle was to keep the automation truthful so future scratch iterations do not misclassify audit output.
## Next Checkpoints
- Start iteration 008 from a fresh Stella-only wipe.
- Rerun the documented zero-state setup path and then the full Playwright route/page/action audit before considering any fixes.

80
docs/implplan/SPRINT_20260313_003_Platform_scratch_iteration_008_full_route_action_audit.md
View File

@@ -1,80 +0,0 @@
# Sprint 20260313_003 - Platform Scratch Iteration 008 Full Route Action Audit
## Topic & Scope
- Wipe Stella-owned runtime state again and rerun the documented setup path from zero state.
- Re-enter the application as a first-time user after bootstrap and rerun the full route, page-load, and page-action audit with Playwright.
- Recheck changed or newly discovered surfaces and convert any new manual findings into retained Playwright scenarios before the iteration is considered complete.
- Group any newly exposed defects before fixing so the next commit closes a full iteration rather than a single page slice.
- Working directory: `.`.
- Expected evidence: wipe proof, setup convergence proof, fresh Playwright route/page/action evidence, retained scenario coverage for new findings, grouped defect list, fixes, and retest results.
## Dependencies & Concurrency
- Depends on local commit `fe35801cc` as the clean baseline for the next scratch cycle.
- Safe parallelism: none during wipe/setup because the environment reset is global to the machine.
## Documentation Prerequisites
- `AGENTS.md`
- `docs/INSTALL_GUIDE.md`
- `docs/dev/DEV_ENVIRONMENT_SETUP.md`
- `docs/qa/feature-checks/FLOW.md`
## Delivery Tracker
### PLATFORM-SCRATCH-ITER8-001 - Rebuild from zero Stella runtime state
Status: DONE
Dependency: none
Owners: QA, 3rd line support
Task description:
- Remove Stella-only containers, images, volumes, and the frontdoor network, then rerun the documented setup entrypoint from zero Stella state.
Completion criteria:
- [x] Stella-only Docker state is removed.
- [x] scripts/setup.ps1 is rerun from zero state.
- [x] The first setup outcome is captured before UI verification starts.
### PLATFORM-SCRATCH-ITER8-002 - Re-run the first-user full route/page/action audit
Status: DONE
Dependency: PLATFORM-SCRATCH-ITER8-001
Owners: QA
Task description:
- After scratch setup converges, rerun the canonical route sweep plus the full route/page/action audit suite, including changed-surface and route-ownership checks, and enumerate every newly exposed issue before repair work begins.
Completion criteria:
- [x] Fresh route sweep evidence is captured on the rebuilt stack.
- [x] Fresh route/page/action evidence is captured across the full aggregate suite, including changed-surface and ownership checks.
- [x] Newly exposed defects are grouped and any new manual findings are queued into retained Playwright scenarios before any fix commit is prepared.
### PLATFORM-SCRATCH-ITER8-003 - Repair the grouped defects exposed by the fresh audit
Status: DONE
Dependency: PLATFORM-SCRATCH-ITER8-002
Owners: 3rd line support, Architect, Developer
Task description:
- Diagnose the grouped failures exposed by the fresh audit, choose the clean product/architecture-conformant fix, implement it, add retained Playwright coverage for the new behavior when needed, and rerun the affected verification slices plus the aggregate audit before committing.
Completion criteria:
- [x] Root causes are recorded for the grouped failures.
- [x] Fixes land with focused regression coverage and retained Playwright scenario updates where practical.
- [x] The rebuilt stack is retested before the iteration commit.
## Execution Log
| Date (UTC) | Update | Owner |
| --- | --- | --- |
| 2026-03-13 | Sprint created for the next scratch iteration after local commit `fe35801cc` closed the previous clean baseline. | QA |
| 2026-03-13 | Removed Stella-only containers, `stellaops/*:dev` images, Stella compose volumes, and the `stellaops` / `stellaops_frontdoor` networks to return the machine to zero Stella runtime state for the new iteration. | QA / 3rd line support |
| 2026-03-13 | The zero-state setup rerun completed cleanly on the rebuilt stack, but the documented PowerShell setup entrypoint returned a stale nonzero native exit code after printing `Setup complete!`. Root cause was a missing explicit success exit; `scripts/setup.ps1` and `scripts/setup.sh` now terminate with `exit 0` on the green path, and `setup.ps1 -SkipBuild -SkipImages` reverified cleanly on the converged stack. | QA / 3rd line support / Developer |
| 2026-03-13 | Added retained promotion refresh coverage before re-entering the live audit: focused Angular `src/tests/releases/release-promotions-cutover.spec.ts` passed `7/7`, and focused Playwright `tests/e2e/release-promotions-cutover.spec.ts` passed `2/2`. | QA / Developer |
| 2026-03-13 | Fresh canonical frontdoor route sweep completed on the rebuilt stack with `111/111` passed routes and `0` failed routes. Full aggregate route/page/action audit is now running against the same scratch environment. | QA |
| 2026-03-13 | Root-caused the promotion wizard failure to a stale gate-preview response that could regress the active step after the user advanced; guarded progression while preview loading is active, ignored stale preview responses, and retained both Angular and Playwright coverage for the late-refresh path. | 3rd line support / Architect / Developer |
| 2026-03-13 | The rebuilt scratch stack completed the full retained aggregate route/page/action audit cleanly: `22/22` suites passed, `0` failed, `0` retried, and `0` stabilized-after-retry, including route ownership, changed surfaces, user-reported admin/trust flows, search result actions, uncovered surfaces, and release/evidence workflows. | QA |
## Decisions & Risks
- Decision: each scratch iteration remains a full wipe -> setup -> route/page/action audit -> grouped remediation loop; if the audit comes back clean, that still counts as a completed iteration because the full loop was executed.
- Decision: changed or newly discovered user flows must be converted into retained Playwright coverage before the next scratch iteration starts so the audit surface expands instead of rediscovering the same gaps manually.
- Decision: the documented setup entrypoints must exit `0` explicitly on the success path so the scratch loop can trust setup status instead of inheriting stale native exit codes from earlier Docker commands.
- Decision: a scratch iteration is only considered clean when the first-pass aggregate finishes without retries or stabilized reruns; any suite that only passes after retry is treated as a defect signal to fix, not a clean close-out.
- Risk: scratch rebuilds remain expensive, so verification stays Playwright-first with focused test/build slices rather than indiscriminate full-solution test runs.
## Next Checkpoints
- Start iteration 009 from a fresh Stella wipe using the corrected setup entrypoints and retained aggregate gate set.
- Continue expanding retained Playwright coverage whenever new manual paths or regressions are discovered in later scratch iterations.

72
docs/implplan/SPRINT_20260313_003_Platform_scratch_iteration_coverage_enforcement.md
View File

@@ -1,72 +0,0 @@
# Sprint 20260313_003 - Platform Scratch Iteration Coverage Enforcement
## Topic & Scope
- Harden the scratch iteration runner so it survives long setup/build streams without misclassifying native stderr as a hard runner failure.
- Expand the enforced Playwright aggregate so route ownership and changed-surface checks become mandatory iteration gates rather than optional probes.
- Sync the QA workflow docs so full UI verification explicitly means every route, page-load state, and visible action, with new manual findings converted into retained Playwright scenarios.
- Working directory: `.`.
- Expected evidence: runner fix, expanded aggregate audit coverage, updated QA workflow documentation, and a clean local verification pass for the touched harnesses.
## Dependencies & Concurrency
- Depends on the current scratch iteration tooling under `scripts/` and `src/Web/StellaOps.Web/scripts/`.
- Safe parallelism: avoid concurrent edits to the scratch runner or aggregate audit while this sprint is in progress.
## Documentation Prerequisites
- `AGENTS.md`
- `docs/qa/feature-checks/FLOW.md`
- `docs/INSTALL_GUIDE.md`
- `docs/dev/DEV_ENVIRONMENT_SETUP.md`
## Delivery Tracker
### PLATFORM-COVERAGE-001 - Harden scratch runner process execution
Status: DONE
Dependency: none
Owners: 3rd line support, Developer
Task description:
- Replace the fragile in-process/native stream invocation pattern in the scratch runner with a subprocess execution path that preserves logs and exit codes during long setup and rebuild phases.
Completion criteria:
- [x] `scripts/run-clean-scratch-iterations.ps1` no longer fails on native stderr progress output alone.
- [x] Setup/build logs remain visible during long-running child processes.
- [x] The runner still returns structured JSON data for route and aggregate audit steps.
### PLATFORM-COVERAGE-002 - Enforce retained changed-surface and ownership audits
Status: DONE
Dependency: PLATFORM-COVERAGE-001
Owners: QA, Developer
Task description:
- Make changed-surface and route-ownership verification first-class aggregate audit gates, and ensure changed-surface coverage fails truthfully when headings, visible actions, search probes, or runtime health regress.
Completion criteria:
- [x] The aggregate audit includes route ownership and changed-surface suites.
- [x] Changed-surface verification reports explicit failures and exits non-zero when retained expectations break.
- [x] Aggregate audit progress is persisted while the suite is running.
### PLATFORM-COVERAGE-003 - Sync workflow docs with the enforced UI QA standard
Status: DONE
Dependency: PLATFORM-COVERAGE-002
Owners: QA, Documentation
Task description:
- Update the QA flow so UI verification explicitly requires every route, page-load state, and visible action, and so new manual findings must be converted into retained Playwright scenarios before the loop closes.
Completion criteria:
- [x] `docs/qa/feature-checks/FLOW.md` reflects the stricter UI verification standard.
- [x] The updated docs align with the runner and aggregate audit behavior.
## Execution Log
| Date (UTC) | Update | Owner |
| --- | --- | --- |
| 2026-03-13 | Sprint created after the scratch loop exposed a runner stream bug and a gap between the required UI QA standard and the currently enforced Playwright aggregate. | QA / Developer |
| 2026-03-13 | Fixed the scratch runner subprocess argument handling so repo paths containing spaces no longer break `powershell.exe -File ...` child execution, preserved streamed setup/build logs, and added a dirty-worktree guard so clean scratch iterations do not auto-commit sprint-only changes on top of pre-existing modifications. | 3rd line support / Developer |
| 2026-03-13 | Promoted route ownership and changed-surface checks into enforced aggregate gates, kept progress persisted to `live-full-core-audit.json` while the audit runs, and reverified the expanded aggregate cleanly on the rebuilt scratch stack with `22/22` suites passed and `0` retries. | QA / Developer |
| 2026-03-13 | Tightened `docs/qa/feature-checks/FLOW.md` so UI verification now explicitly means every route, page-load state, and visible action, and every newly discovered manual path must become retained Playwright coverage before an iteration closes. | QA / Documentation |
## Decisions & Risks
- Decision: treat route ownership and changed-surface verification as required iteration gates, not best-effort diagnostics.
- Decision: newly discovered manual UI paths must be retained in Playwright before a scratch iteration can be considered structurally complete.
- Risk: stricter aggregate coverage increases iteration time, but that is preferable to rediscovering missing surfaces manually in later cycles.
## Next Checkpoints
- Keep the corrected runner driving later scratch iterations from clean Stella state.
- Expand retained Playwright coverage further whenever later iterations expose new manual-only paths.

84
docs/implplan/SPRINT_20260313_004_Platform_scratch_iteration_009_full_route_action_audit.md
View File

@@ -1,84 +0,0 @@
# Sprint 20260313_004 - Platform Scratch Iteration 009 Full Route Action Audit
## Topic & Scope
- Wipe Stella-owned runtime state again and rerun the documented setup path from zero state.
- Re-enter the application as a first-time user after bootstrap and rerun the full route, page-load, and page-action audit with Playwright.
- Recheck changed or newly discovered surfaces and convert any new manual findings into retained Playwright scenarios before the iteration is considered complete.
- Group any newly exposed defects before fixing so the next commit closes a full iteration rather than a single page slice.
- Working directory: `.`.
- Expected evidence: wipe proof, setup convergence proof, fresh Playwright route/page/action evidence, retained scenario coverage for new findings, grouped defect list, fixes, and retest results.
## Dependencies & Concurrency
- Depends on local commit `6954ac796` as the clean baseline for the next scratch cycle.
- Safe parallelism: none during wipe/setup because the environment reset is global to the machine.
## Documentation Prerequisites
- `AGENTS.md`
- `docs/INSTALL_GUIDE.md`
- `docs/dev/DEV_ENVIRONMENT_SETUP.md`
- `docs/qa/feature-checks/FLOW.md`
## Delivery Tracker
### PLATFORM-SCRATCH-ITER9-001 - Rebuild from zero Stella runtime state
Status: DONE
Dependency: none
Owners: QA, 3rd line support
Task description:
- Remove Stella-only containers, images, volumes, and the frontdoor network, then rerun the documented setup entrypoint from zero Stella state.
Completion criteria:
- [x] Stella-only Docker state is removed.
- [x] scripts/setup.ps1 is rerun from zero state.
- [x] The first setup outcome is captured before UI verification starts.
### PLATFORM-SCRATCH-ITER9-002 - Re-run the first-user full route/page/action audit
Status: DONE
Dependency: PLATFORM-SCRATCH-ITER9-001
Owners: QA
Task description:
- After scratch setup converges, rerun the canonical route sweep plus the full route/page/action audit suite, including changed-surface and route-ownership checks, and enumerate every newly exposed issue before repair work begins.
Completion criteria:
- [x] Fresh route sweep evidence is captured on the rebuilt stack.
- [x] Fresh route/page/action evidence is captured across the full aggregate suite, including changed-surface and ownership checks.
- [x] Newly exposed defects are grouped and any new manual findings are queued into retained Playwright scenarios before any fix commit is prepared.
### PLATFORM-SCRATCH-ITER9-003 - Repair the grouped defects exposed by the fresh audit
Status: DONE
Dependency: PLATFORM-SCRATCH-ITER9-002
Owners: 3rd line support, Architect, Developer
Task description:
- Diagnose the grouped failures exposed by the fresh audit, choose the clean product/architecture-conformant fix, implement it, add retained Playwright coverage for the new behavior when needed, and rerun the affected verification slices plus the aggregate audit before committing.
Completion criteria:
- [x] Root causes are recorded for the grouped failures.
- [x] Fixes land with focused regression coverage and retained Playwright scenario updates where practical.
- [x] The rebuilt stack is retested before the iteration commit.
## Execution Log
| Date (UTC) | Update | Owner |
| --- | --- | --- |
| 2026-03-13 | Sprint created for the next scratch iteration after local commit `6954ac796` closed the previous clean baseline. | QA |
| 2026-03-13 | Removed Stella-only containers, `stellaops/*:dev` images, Stella compose volumes, and the `stellaops` / `stellaops_frontdoor` networks to return the machine to zero Stella runtime state for the new iteration. | QA / 3rd line support |
| 2026-03-13 | The zero-state setup rerun completed cleanly: `36/36` solution builds passed, the full image matrix rebuilt, platform services converged, and `60/61` Stella containers are healthy on `https://stella-ops.local`. | QA / 3rd line support |
| 2026-03-13 | The standalone canonical route sweep finished with `111/111` passed routes and `0` failed routes on the rebuilt stack. | QA |
| 2026-03-13 | The first-user aggregate Playwright audit finished cleanly at `22/22` passed suites. The retained surface now includes tightened user-reported admin/trust/report checks, deeper `/ops/policy/*` tab coverage, and corrected uncovered-surface navigation waiting for slower SPA hand-offs like `/releases/environments -> Open Agents`. | QA |
| 2026-03-13 | The aggregate audit recorded one first-pass runtime-only setup-topology failure, auto-retried it, and stabilized cleanly. The behavior did not reproduce after retry, so the issue was recorded as cold-start audit noise rather than a product regression. | QA / 3rd line support |
| 2026-03-13 | Grouped defects from the fresh audit were traced to two root-cause families: policy governance compatibility gaps and placeholder tenant scope on the web shell, plus missing VexHub repository registrations/startup migrations/runtime model compatibility for fresh databases. | 3rd line support |
| 2026-03-13 | Implemented the grouped repair set, then revalidated it with focused retained tests and targeted executable slices: Angular feature specs `14/14`, `GovernanceCompatibilityEndpointsTests` `6/6`, and VexHub registration/model tests `2/2`. | Developer / Test Automation |
## Decisions & Risks
- Decision: each scratch iteration remains a full wipe -> setup -> route/page/action audit -> grouped remediation loop; if the audit comes back clean, that still counts as a completed iteration because the full loop was executed.
- Decision: changed or newly discovered user flows must be converted into retained Playwright coverage before the next scratch iteration starts so the audit surface expands instead of rediscovering the same gaps manually.
- Risk: scratch rebuilds remain expensive, so verification stays Playwright-first with focused test/build slices rather than indiscriminate full-solution test runs.
- Decision: policy governance compatibility stays tenant/project scoped end to end. The repair uses shared live scope resolution in the web shell and deterministic compatibility endpoints in the gateway instead of hardcoded tenants or page-local mock state.
- Decision: fresh-install VexHub convergence stays startup-migration driven. Missing source/conflict/ingestion-job repositories and the `SearchVector` EF model incompatibility were fixed in the persistence layer rather than worked around in the UI.
- Decision: newly discovered manual routes and user-reported surfaces were converted into retained Playwright coverage before the iteration closed, including security reports tab embedding, trust/admin surfaces, deeper policy navigation, and delayed uncovered-surface link hand-offs.
- Risk: the full aggregate audit still sees one cold-start-only topology runtime failure that stabilizes after automatic retry. The iteration keeps that retry evidence recorded so repeated occurrence can be treated as a real product defect rather than silently ignored.
- Risk: `dotnet test --filter` remains unreliable on these Microsoft.Testing.Platform projects. Targeted backend evidence for this iteration therefore uses the direct xUnit executables (`6/6` policy, `2/2` VexHub) instead of solution-level filtered runs.
## Next Checkpoints
- Start iteration 010 from another Stella-only wipe and rerun the documented setup path from zero state.
- Run the full Playwright route/page/action audit, including the expanded policy/admin/trust/reports/search retained coverage, before any new fix work begins.

77
docs/implplan/SPRINT_20260313_005_Platform_scratch_iteration_010_full_route_action_audit.md
View File

@@ -1,77 +0,0 @@
# Sprint 20260313_005 - Platform Scratch Iteration 010 Full Route Action Audit
## Topic & Scope
- Wipe Stella-owned runtime state again and rerun the documented setup path from zero state.
- Re-enter the application as a first-time user after bootstrap and rerun the full route, page-load, and page-action audit with Playwright.
- Convert any newly discovered manual route, page-load, or action gap into retained Playwright coverage before the iteration is considered complete.
- Group any fresh failures by root cause before implementing fixes so the commit closes a full iteration rather than isolated page patches.
- Working directory: `.`.
- Expected evidence: wipe proof, setup convergence proof, fresh Playwright route/page/action evidence, retained scenario updates, grouped defect analysis, focused tests, and rebuilt-stack retest results.
## Dependencies & Concurrency
- Depends on local commit `bf4ff5bfd` as the closed baseline from scratch iteration 009.
- Safe parallelism: none during wipe/setup because the environment reset is global to the machine.
## Documentation Prerequisites
- `AGENTS.md`
- `docs/INSTALL_GUIDE.md`
- `docs/dev/DEV_ENVIRONMENT_SETUP.md`
- `docs/qa/feature-checks/FLOW.md`
## Delivery Tracker
### PLATFORM-SCRATCH-ITER10-001 - Rebuild from zero Stella runtime state
Status: DONE
Dependency: none
Owners: QA, 3rd line support
Task description:
- Remove Stella-only containers, images, volumes, and the frontdoor network, then rerun the documented setup entrypoint from zero Stella state.
Completion criteria:
- [x] Stella-only Docker state is removed.
- [x] `scripts/setup.ps1` is rerun from zero state.
- [x] The first setup outcome is captured before UI verification starts.
### PLATFORM-SCRATCH-ITER10-002 - Re-run the first-user full route/page/action audit
Status: DONE
Dependency: PLATFORM-SCRATCH-ITER10-001
Owners: QA
Task description:
- After scratch setup converges, rerun the canonical route sweep plus the full route/page/action audit suite, including changed-surface, user-reported, and ownership checks, and enumerate every newly exposed issue before repair work begins.
Completion criteria:
- [x] Fresh route sweep evidence is captured on the rebuilt stack.
- [x] Fresh route/page/action evidence is captured across the full aggregate suite, including changed-surface and ownership checks.
- [x] Newly exposed defects are grouped and any new manual findings are queued into retained Playwright scenarios before any fix commit is prepared.
### PLATFORM-SCRATCH-ITER10-003 - Repair the grouped defects exposed by the fresh audit
Status: DONE
Dependency: PLATFORM-SCRATCH-ITER10-002
Owners: 3rd line support, Architect, Developer
Task description:
- Diagnose the grouped failures exposed by the fresh audit, choose the clean product/architecture-conformant fix, implement it, add retained Playwright coverage for the new behavior when needed, and rerun the affected verification slices plus the aggregate audit before committing.
Completion criteria:
- [x] Root causes are recorded for the grouped failures.
- [x] Fixes land with focused regression coverage and retained Playwright scenario updates where practical.
- [x] The rebuilt stack is retested before the iteration commit.
## Execution Log
| Date (UTC) | Update | Owner |
| --- | --- | --- |
| 2026-03-13 | Sprint created immediately after local commit `bf4ff5bfd` closed scratch iteration 009. | QA |
| 2026-03-13 | Removed Stella-only containers, `stellaops/*:dev` images, Stella compose volumes, and the `stellaops` / `stellaops_frontdoor` networks to return the machine to zero Stella runtime state for iteration 010. | QA / 3rd line support |
| 2026-03-13 | The zero-state setup rerun completed cleanly: `36/36` solution builds passed, the full image matrix rebuilt, platform services converged, and `61/61` Stella containers are healthy on `https://stella-ops.local`. | QA / 3rd line support |
| 2026-03-13 | The fresh-stack canonical route sweep finished cleanly with `111/111` passed routes and `0` failed routes. | QA |
| 2026-03-13 | The full first-user aggregate Playwright audit finished cleanly at `22/22` passed suites, `0` failed suites, and `0` retry-stabilized suites. The retained policy, admin/trust, search, changed-surface, and uncovered-surface checks all passed on the rebuilt stack. | QA |
| 2026-03-13 | No new grouped product defects were exposed by the fresh audit, so iteration 010 closes as a clean scratch pass with no code repair beyond the sprint record. | QA / 3rd line support / Architect / Developer |
## Decisions & Risks
- Decision: the iteration remains a strict wipe -> setup -> full route/page/action audit -> grouped remediation loop; no fixes start until the fresh-stack audit defect set is collected.
- Decision: any new manual route, page, or action discovered during QA must become retained Playwright coverage before iteration 010 may close.
- Risk: scratch rebuilds remain expensive, so verification stays Playwright-first with focused backend and Angular regression slices after the browser audit identifies the grouped defect set.
- Decision: a full scratch iteration with `111/111` routes and `22/22` retained Playwright suites passing counts as a completed clean iteration even when no implementation change is needed, because the full wipe/setup/audit loop was executed from zero state.
## Next Checkpoints
- Start iteration 011 from another Stella-only wipe and rerun the documented setup path from zero state.
- Run the full Playwright route/page/action audit again before deciding whether the next grouped defect set is empty or requires repair work.

77
docs/implplan/SPRINT_20260313_006_Platform_scratch_iteration_011_full_route_action_audit.md
View File

@@ -1,77 +0,0 @@
# Sprint 20260313_006 - Platform Scratch Iteration 011 Full Route Action Audit
## Topic & Scope
- Wipe Stella-owned runtime state again and rerun the documented setup path from zero state.
- Re-enter the application as a first-time user after bootstrap and rerun the full route, page-load, and page-action audit with Playwright.
- Convert any newly discovered manual route, page-load, or action gap into retained Playwright coverage before the iteration is considered complete.
- Group any fresh failures by root cause before implementing fixes so the commit closes a full iteration rather than isolated page patches.
- Working directory: `.`.
- Expected evidence: wipe proof, setup convergence proof, fresh Playwright route/page/action evidence, retained scenario updates, grouped defect analysis, focused tests, and rebuilt-stack retest results.
## Dependencies & Concurrency
- Depends on local commit `3b1b7dad8` as the closed baseline from scratch iteration 010.
- Safe parallelism: none during wipe/setup because the environment reset is global to the machine.
## Documentation Prerequisites
- `AGENTS.md`
- `docs/INSTALL_GUIDE.md`
- `docs/dev/DEV_ENVIRONMENT_SETUP.md`
- `docs/qa/feature-checks/FLOW.md`
## Delivery Tracker
### PLATFORM-SCRATCH-ITER11-001 - Rebuild from zero Stella runtime state
Status: DONE
Dependency: none
Owners: QA, 3rd line support
Task description:
- Remove Stella-only containers, images, volumes, and the frontdoor network, then rerun the documented setup entrypoint from zero Stella state.
Completion criteria:
- [x] Stella-only Docker state is removed.
- [x] `scripts/setup.ps1` is rerun from zero state.
- [x] The first setup outcome is captured before UI verification starts.
### PLATFORM-SCRATCH-ITER11-002 - Re-run the first-user full route/page/action audit
Status: DONE
Dependency: PLATFORM-SCRATCH-ITER11-001
Owners: QA
Task description:
- After scratch setup converges, rerun the canonical route sweep plus the full route/page/action audit suite, including changed-surface, user-reported, and ownership checks, and enumerate every newly exposed issue before repair work begins.
Completion criteria:
- [x] Fresh route sweep evidence is captured on the rebuilt stack.
- [x] Fresh route/page/action evidence is captured across the full aggregate suite, including changed-surface and ownership checks.
- [x] Newly exposed defects are grouped and any new manual findings are queued into retained Playwright scenarios before any fix commit is prepared.
### PLATFORM-SCRATCH-ITER11-003 - Repair the grouped defects exposed by the fresh audit
Status: DONE
Dependency: PLATFORM-SCRATCH-ITER11-002
Owners: 3rd line support, Architect, Developer
Task description:
- Diagnose the grouped failures exposed by the fresh audit, choose the clean product/architecture-conformant fix, implement it, add retained Playwright coverage for the new behavior when needed, and rerun the affected verification slices plus the aggregate audit before committing.
Completion criteria:
- [x] Root causes are recorded for the grouped failures.
- [x] Fixes land with focused regression coverage and retained Playwright scenario updates where practical.
- [x] The rebuilt stack is retested before the iteration commit.
## Execution Log
| Date (UTC) | Update | Owner |
| --- | --- | --- |
| 2026-03-13 | Sprint created immediately after local commit `3b1b7dad8` closed scratch iteration 010. | QA |
| 2026-03-14 | Rebuilt iteration 011 from a fresh Stella state and widened the audit scope beyond prior route checks by adding fixture-backed successful Harbor and GitHub App onboarding to the retained Playwright aggregate. | QA |
| 2026-03-14 | The fresh first-user audit exposed a grouped integrations root cause: GitHub App enterprise endpoints were tested with leading-slash requests that dropped the `/api/v3` base and returned non-JSON responses during `Test Connection`. | 3rd line support |
| 2026-03-14 | Fixed the connector path normalization, expanded retained Playwright for both failed-path and success-path onboarding, and reran the rebuilt-stack aggregate audit clean at `24/24` suites passed with `111/111` canonical routes still green. | Architect / Developer / QA |
## Decisions & Risks
- Decision: the iteration remains a strict wipe -> setup -> full route/page/action audit -> grouped remediation loop; no fixes start until the fresh-stack audit defect set is collected.
- Decision: any new manual route, page, or action discovered during QA must become retained Playwright coverage before iteration 011 may close.
- Risk: scratch rebuilds remain expensive, so verification stays Playwright-first with focused backend and Angular regression slices after the browser audit identifies the grouped defect set.
- Decision: iteration 011 widened the first-user audit baseline itself rather than accepting a clean rerun; successful Harbor and GitHub App onboarding is now part of retained scratch QA instead of an ad hoc follow-up.
- Decision: the grouped defect fix stayed at the provider contract layer in the GitHub connector instead of adding UI workarounds around malformed enterprise API bases.
- Evidence: `dotnet test src/Integrations/__Tests/StellaOps.Integrations.Plugin.Tests/StellaOps.Integrations.Plugin.Tests.csproj -v minimal` passed `12/12`; `dotnet test src/Integrations/__Tests/StellaOps.Integrations.Tests/StellaOps.Integrations.Tests.csproj -v minimal` passed `57/57`; the rebuilt-stack aggregate audit passed `24/24` suites with only one runtime-only first-pass retry that stabilized cleanly.
## Next Checkpoints
- Start scratch iteration 012 from a fresh Stella wipe with the fixture-enabled setup lane available and continue widening retained coverage only when the full first-user audit exposes a real new gap.
- Keep route/page/action discovery ahead of fixes; no narrowed page-only commit should close the next iteration unless the full defect set truly contains one grouped root cause.

80
docs/implplan/SPRINT_20260314_001_Platform_integration_success_path_fixtures.md
View File

@@ -1,80 +0,0 @@
# Sprint 20260314_001 - Platform Integration Success Path Fixtures
## Topic & Scope
- Add deterministic local external-service fixtures for the UI-exposed integration providers so scratch setup can prove successful onboarding, not just graceful failure handling.
- Wire the fixture lane into the documented setup path as an explicit opt-in QA mode instead of relying on ad hoc manual containers.
- Extend retained Playwright coverage so Harbor and GitHub App onboarding can be verified from the real UI with successful test-connection and health outcomes.
- Working directory: `devops/compose`.
- Cross-module edits allowed for `scripts/setup.ps1`, `scripts/setup.sh`, `scripts/run-clean-scratch-iterations.ps1`, `src/Web/StellaOps.Web/scripts/**`, `docs/**`, `NOTICE.md`, and `docs/legal/THIRD-PARTY-DEPENDENCIES.md`.
- Expected evidence: compose fixture definitions, hosts/docs updates, setup wiring, retained Playwright success-path evidence, and scratch-loop adoption notes.
## Dependencies & Concurrency
- Depends on the currently active scratch iteration proving the integrations UI/runtime path is contract-correct before fixture-based success-path work is layered on top.
- Safe parallelism: fixture compose/docs work may proceed while unrelated product slices continue, but setup script edits should be serialized.
## Documentation Prerequisites
- `AGENTS.md`
- `src/Integrations/AGENTS.md`
- `docs/dev/DEV_ENVIRONMENT_SETUP.md`
- `docs/INSTALL_GUIDE.md`
- `devops/compose/README.md`
- `docs/modules/integrations/architecture.md`
## Delivery Tracker
### PLATFORM-INTEGRATION-FIXTURES-001 - Define deterministic external integration fixtures
Status: DONE
Dependency: none
Owners: Architect, Developer
Task description:
- Add lightweight deterministic fixture services for Harbor and GitHub App style APIs so the locally visible onboarding providers have a success-path target during scratch QA.
Completion criteria:
- [x] Fixture compose file exists with deterministic Harbor and GitHub App endpoints.
- [x] Local hostnames/ports are documented and added to the compose host template.
- [x] License/notice updates are recorded for any newly introduced infrastructure image.
### PLATFORM-INTEGRATION-FIXTURES-002 - Wire fixture mode into documented setup
Status: DONE
Dependency: PLATFORM-INTEGRATION-FIXTURES-001
Owners: Developer, Documentation author
Task description:
- Extend setup scripts and setup docs with an explicit fixture-enabled QA mode so scratch rebuilds can include the success-path integrations lane without ad hoc manual steps.
Completion criteria:
- [x] `setup.ps1` and `setup.sh` can start fixture services in a documented QA mode.
- [x] Scratch iteration tooling can opt into the fixture mode.
- [x] Install/dev docs explain when and how to use the fixture lane.
### PLATFORM-INTEGRATION-FIXTURES-003 - Add retained Playwright success-path coverage
Status: DONE
Dependency: PLATFORM-INTEGRATION-FIXTURES-002
Owners: QA, Test Automation
Task description:
- Add retained Playwright that onboards Harbor and GitHub App from the real UI against the deterministic fixtures, verifies successful test-connection/health behavior, and folds the scenario into the aggregate scratch audit.
Completion criteria:
- [x] Retained Playwright success-path scripts exist for the fixture-backed onboarding flows.
- [x] Aggregate audit includes the new success-path suite(s).
- [x] Scratch QA evidence shows successful UI onboarding and cleanup for both providers.
## Execution Log
| Date (UTC) | Update | Owner |
| --- | --- | --- |
| 2026-03-14 | Sprint created after the integrations onboarding iteration proved contract-correct UI flow but exposed a remaining QA gap: success-path external fixtures do not yet exist for the UI-exposed Harbor and GitHub App providers. | Architect / QA |
| 2026-03-14 | Added deterministic Harbor and GitHub App fixture compose services, documented their host aliases, and recorded the NGINX image license/notice updates required by the BUSL dependency gate. | Architect / Developer |
| 2026-03-14 | Wired explicit `-QaIntegrationFixtures` / `--qa-integration-fixtures` setup modes into the documented setup entrypoints and scratch runner, and hardened fixture smoke checks to use loopback bindings when the host file cannot be elevated on the local machine. | Developer / Documentation author |
| 2026-03-14 | Added retained Playwright success-path onboarding for Harbor and GitHub App, discovered the GitHub App `/api/v3` path normalization bug during real UI test-connection, fixed it at the connector layer, and reverified the full aggregate audit clean at `24/24` suites passed. | QA / 3rd line support / Developer |
## Decisions & Risks
- Decision: fixture-backed success-path onboarding is a QA infrastructure requirement, not a product shortcut; the product still keeps real provider contracts and AuthRef behavior.
- Decision: fixture mode stays explicit and opt-in so the default local product setup remains production-shaped.
- Risk: adding third-party infrastructure images triggers the repo license gate and doc updates; this must be handled inside the same slice.
- Decision: setup host verification now checks the complete `devops/compose/hosts.stellaops.local` alias set instead of treating any `stella-ops.local` entry as sufficient; partial host-file state was masking fixture readiness gaps.
- Decision: optional fixture smoke probes use fixed loopback bindings (`127.1.1.6`, `127.1.1.7`) during setup so the documented setup path remains verifiable in a non-elevated shell even when Windows host-file writes are blocked.
- Decision: GitHub App endpoints are normalized to exactly one API root; GitHub Cloud uses `https://api.github.com/`, while GHES accepts either the appliance root or an explicit `/api/v3` base without duplicating or stripping the API prefix.
- Docs: [DEV_ENVIRONMENT_SETUP.md](/C:/dev/New%20folder/git.stella-ops.org/docs/dev/DEV_ENVIRONMENT_SETUP.md), [INSTALL_GUIDE.md](/C:/dev/New%20folder/git.stella-ops.org/docs/INSTALL_GUIDE.md), [architecture.md](/C:/dev/New%20folder/git.stella-ops.org/docs/modules/integrations/architecture.md), [README.md](/C:/dev/New%20folder/git.stella-ops.org/devops/compose/README.md)
## Next Checkpoints
- Fold the fixture-enabled setup lane into the next zero-state scratch iteration so the widened integration discovery becomes part of the normal first-user audit baseline.
- Expand the same approach only if additional providers become UI-exposed in later iterations.

77
docs/implplan/SPRINT_20260314_002_Platform_scratch_iteration_012_full_route_action_audit.md
View File

@@ -1,77 +0,0 @@
# Sprint 20260314_002 - Platform Scratch Iteration 012 Full Route Action Audit
## Topic & Scope
- Wipe Stella-owned runtime state again and rerun the documented setup path from zero state.
- Re-enter the application as a first-time user after bootstrap and rerun the full route, page-load, and page-action audit with Playwright, including the new fixture-backed integration success lane.
- Convert any newly discovered manual route, page-load, or action gap into retained Playwright coverage before the iteration is considered complete.
- Group any fresh failures by root cause before implementing fixes so the commit closes a full iteration rather than isolated page patches.
- Working directory: `.`.
- Expected evidence: wipe proof, setup convergence proof, fresh Playwright route/page/action evidence, retained scenario updates, grouped defect analysis, focused tests, and rebuilt-stack retest results.
## Dependencies & Concurrency
- Depends on local commit `bd7852356` as the closed baseline from scratch iteration 011.
- Safe parallelism: none during wipe/setup because the environment reset is global to the machine.
## Documentation Prerequisites
- `AGENTS.md`
- `docs/INSTALL_GUIDE.md`
- `docs/dev/DEV_ENVIRONMENT_SETUP.md`
- `docs/qa/feature-checks/FLOW.md`
## Delivery Tracker
### PLATFORM-SCRATCH-ITER12-001 - Rebuild from zero Stella runtime state
Status: DONE
Dependency: none
Owners: QA, 3rd line support
Task description:
- Remove Stella-only containers, images, volumes, and the frontdoor network, then rerun the documented setup entrypoint from zero Stella state with the optional integrations fixture lane enabled.
Completion criteria:
- [x] Stella-only Docker state is removed.
- [x] `scripts/setup.ps1 -QaIntegrationFixtures` is rerun from zero state.
- [x] The first setup outcome is captured before UI verification starts.
### PLATFORM-SCRATCH-ITER12-002 - Re-run the first-user full route/page/action audit
Status: DONE
Dependency: PLATFORM-SCRATCH-ITER12-001
Owners: QA
Task description:
- After scratch setup converges, rerun the canonical route sweep plus the full route/page/action audit suite, including changed-surface, user-reported, ownership, and fixture-backed integrations checks, and enumerate every newly exposed issue before repair work begins.
Completion criteria:
- [x] Fresh route sweep evidence is captured on the rebuilt stack.
- [x] Fresh route/page/action evidence is captured across the full aggregate suite, including changed-surface, ownership, and fixture-backed onboarding checks.
- [x] Newly exposed defects are grouped and any new manual findings are queued into retained Playwright scenarios before any fix commit is prepared.
### PLATFORM-SCRATCH-ITER12-003 - Repair the grouped defects exposed by the fresh audit
Status: DONE
Dependency: PLATFORM-SCRATCH-ITER12-002
Owners: 3rd line support, Architect, Developer
Task description:
- Diagnose the grouped failures exposed by the fresh audit, choose the clean product/architecture-conformant fix, implement it, add retained Playwright coverage for the new behavior when needed, and rerun the affected verification slices plus the aggregate audit before committing.
Completion criteria:
- [x] Root causes are recorded for the grouped failures.
- [x] Fixes land with focused regression coverage and retained Playwright scenario updates where practical.
- [x] The rebuilt stack is retested before the iteration commit.
## Execution Log
| Date (UTC) | Update | Owner |
| --- | --- | --- |
| 2026-03-14 | Sprint created immediately after local commit `bd7852356` closed scratch iteration 011 with fixture-backed integrations onboarding added to the retained first-user audit baseline. | QA |
| 2026-03-14 | Removed Stella containers, `stellaops/*:dev` images, Stella networks, and reran `scripts/setup.ps1 -QaIntegrationFixtures` from zero state; setup converged with `63/63` healthy containers and both optional Harbor/GitHub App fixtures healthy. | QA / 3rd line support |
| 2026-03-14 | Reran the full retained Playwright aggregate on the rebuilt stack. The canonical route sweep passed `111/111`, the full aggregate passed `24/24`, and no new grouped product defects were exposed in iteration 012. | QA |
| 2026-03-14 | Recorded the clean iteration for commit closure and left the next widening targets as retained-coverage gaps rather than pretending they were already deep-tested. | QA / Architect |
## Decisions & Risks
- Decision: the iteration remains a strict wipe -> setup -> full route/page/action audit -> grouped remediation loop; no fixes start until the fresh-stack audit defect set is collected.
- Decision: any new manual route, page, or action discovered during QA must become retained Playwright coverage before iteration 012 may close.
- Risk: scratch rebuilds remain expensive, so verification stays Playwright-first with focused backend and Angular regression slices after the browser audit identifies the grouped defect set.
- Decision: iteration 012 is a valid clean iteration because the widened fixture-backed integrations onboarding lane remained in the full retained aggregate and passed on a fresh zero-state rebuild.
- Risk: some integrations secondary surfaces remain shallower than Harbor/GitHub success-path coverage, even though the rebuilt-stack aggregate passed. Those gaps must be widened in subsequent iterations rather than assumed covered.
- Evidence: `scripts/setup.ps1 -QaIntegrationFixtures` converged on a fresh wipe; `live-frontdoor-canonical-route-sweep.json` recorded `111/111`; `live-full-core-audit.json` recorded `24/24` passed suites with `0` failures and `0` retries.
## Next Checkpoints
- Start scratch iteration 013 from a fresh Stella wipe.
- Widen retained coverage for currently shallow-but-clean surfaces, especially integrations secondary pages, while keeping the full rebuilt-stack aggregate intact.

83
docs/implplan/SPRINT_20260314_003_Platform_scratch_iteration_013_full_route_action_audit.md
View File

@@ -1,83 +0,0 @@
# Sprint 20260314_003 - Platform Scratch Iteration 013 Release Confidence Operator Journey Audit
## Topic & Scope
- Use Stella Ops as an end-user release operator who is trying to decide whether a release can be promoted with confidence.
- Drive the product through real operator journeys first: release overview, deployment evidence, findings and VEX review, reachability and exposure review, approval or rejection, promotion, and hotfix follow-through.
- Treat automated wipe/setup and retained Playwright sweeps as guardrails, not the purpose of the iteration; every newly discovered manual gap must become retained Playwright coverage afterward.
- Group any fresh failures by root cause before implementing fixes so the commit closes a full release-confidence iteration rather than isolated page patches.
- Working directory: `.`.
- Expected evidence: journey notes, Playwright artifacts for the operator flows, retained scenario updates for newly discovered steps, grouped defect analysis, focused tests, and rebuilt-stack retest results.
## Dependencies & Concurrency
- Depends on local commit `ac817a059` as the closed baseline from scratch iteration 012.
- Safe parallelism: none during wipe/setup because the environment reset is global to the machine.
## Documentation Prerequisites
- `AGENTS.md`
- `docs/INSTALL_GUIDE.md`
- `docs/dev/DEV_ENVIRONMENT_SETUP.md`
- `docs/qa/feature-checks/FLOW.md`
## Delivery Tracker
### PLATFORM-SCRATCH-ITER13-001 - Define and run release-confidence operator journeys
Status: DONE
Dependency: none
Owners: QA, Product Manager
Task description:
- Act as an operator using Stella Ops to decide whether a release is safe to promote. The baseline journey must cover: release overview, release/deployment detail, security posture, triage, advisories/VEX, reachability, evidence threads/capsules/proofs, approvals/promotions, and hotfix handling.
Completion criteria:
- [x] The primary operator journeys are explicitly listed before fixes begin.
- [x] Playwright is used to execute those journeys as a user would, not only as route sweeps.
- [x] Every broken route, page-load, data-load, or action encountered on the operator path is recorded before any fix starts.
### PLATFORM-SCRATCH-ITER13-002 - Convert newly discovered manual steps into retained coverage
Status: DONE
Dependency: PLATFORM-SCRATCH-ITER13-001
Owners: QA, Test Automation
Task description:
- After the operator journey exposes gaps, add or deepen retained Playwright so the exact end-user steps become part of future iterations instead of being rediscovered manually.
Completion criteria:
- [x] Every newly discovered operator step is mapped to retained Playwright coverage or an explicit backlog gap.
- [x] Retained coverage additions are scoped by user journey, not just by route.
- [x] The next aggregate run would exercise the newly discovered operator path automatically.
### PLATFORM-SCRATCH-ITER13-003 - Repair grouped release-confidence defects and retest
Status: DONE
Dependency: PLATFORM-SCRATCH-ITER13-002
Owners: 3rd line support, Architect, Developer
Task description:
- Diagnose the grouped failures exposed by the operator journey, choose the clean product/architecture-conformant fix, implement it, add retained Playwright coverage for the new behavior when needed, and rerun the affected journeys plus the aggregate audit before committing.
Completion criteria:
- [x] Root causes are recorded for the grouped failures.
- [x] Fixes land with focused regression coverage and retained Playwright scenario updates where practical.
- [x] The rebuilt stack is retested through the same operator journeys before the iteration commit.
## Execution Log
| Date (UTC) | Update | Owner |
| --- | --- | --- |
| 2026-03-14 | Sprint created immediately after local commit `ac817a059` closed scratch iteration 012 cleanly at `24/24` suites and `111/111` routes. | QA |
| 2026-03-14 | Iteration reframed from aggregate-only scratch QA to release-confidence operator journeys after the explicit requirement to use Stella Ops as an end user deciding whether a release is safe. | QA / Product Manager |
| 2026-03-14 | Added a retained Playwright operator journey in `src/Web/StellaOps.Web/scripts/live-release-confidence-journey.mjs` that walks release overview, deployment evidence and replay, decision capsules, security posture to triage, advisories/VEX, reachability, security reports, promotion submission, and hotfix creation as a release operator would. The first live run exposed four real failures before any fixes started: releases overview -> deployments dropped ambient scope, security posture -> triage dropped ambient scope, advisories/VEX tabs dropped ambient scope, and reachability tab navigation dropped ambient scope. | QA |
| 2026-03-14 | Diagnosed the grouped root cause as inconsistent context-scope propagation between declarative router links and programmatic tab navigation. The clean fix was to centralize scope query handling in `context-route-state.ts`, add `queryParamsHandling=\"merge\"` to the affected release and security links, and teach reachability tab navigation to merge ambient scope instead of rebuilding query params from only local state. | 3rd line support / Architect |
| 2026-03-14 | Converted the new operator steps into retained coverage by wiring the release-confidence journey into `live-full-core-audit.mjs`, adding focused Angular regressions for release overview and reachability scope preservation, and modernizing the Angular feature-spec harness (`src/test-setup.ts`, `tsconfig.spec.features.json`, and `src/app/types/node-test-setup-shim.d.ts`) so the retained specs run under the current Vitest-based setup. | QA / Test Automation / Developer |
| 2026-03-14 | Focused verification passed: `npx ng test --watch=false --progress=false --ts-config tsconfig.spec.features.json --include=src/app/features/releases/release-ops-overview-page.component.spec.ts --include=src/app/features/reachability/reachability-center.component.spec.ts` returned `5/5`, `npm run build` passed, the rebuilt browser dist was synced into `compose_console-dist`, `stellaops-router-gateway` was restarted healthy, and `node ./scripts/live-release-confidence-journey.mjs` reran clean with `failedStepCount=0` and `runtimeIssueCount=0`. | QA / Developer |
| 2026-03-14 | The first post-fix aggregate run surfaced two retained-coverage defects, not product regressions: `live-watchlist-action-sweep.mjs` was asserting the trust watchlist route before the shell finished hydrating on direct entry, and `live-uncovered-surface-action-sweep.mjs` still matched exact query strings after ambient scope preservation intentionally added extra query keys. Both harnesses were corrected to wait for real ready-state and to validate required path/query subsets instead of brittle full-URL substrings. | QA / 3rd line support |
| 2026-03-14 | A second aggregate run exposed one more retained journey defect on the deployment-detail step of `live-release-confidence-journey.mjs`: the detail page was healthy on direct load, but the journey asserted the heading before the deployment shell was fully ready under aggregate load. The journey now waits for deployment detail readiness (`DEP-2026-050`, plan hash, evidence/replay controls) before asserting or branching into evidence and replay. | QA / 3rd line support / Developer |
| 2026-03-15 | Final full-stack rerun closed clean after the retained fixes: `node ./scripts/live-full-core-audit.mjs` finished `25/25` suites passed, `0` failed, `0` retried, `0` stabilized-after-retry; the release-confidence journey, admin/trust checks, integrations fixture onboarding, topology actions, watchlist CRUD, uncovered-surface actions, and search-result actions all passed on the same live stack. | QA |
## Decisions & Risks
- Decision: route sweeps and retained aggregate audits remain necessary, but they are regression guardrails. The source of truth for this iteration is the end-user release-confidence workflow.
- Decision: any newly discovered manual operator step must become retained Playwright coverage before iteration 013 may close.
- Risk: some currently green surfaces may still be shallow if they have not been exercised through a real operator journey; those gaps must be surfaced explicitly instead of hidden behind aggregate passes.
- Decision: the grouped defect family for this iteration is "ambient scope preservation across release-confidence handoffs"; fixing it at the shared routing/state layer is preferable to page-by-page patches because the operator journey crosses releases, security posture, VEX, and reachability in one flow.
- Decision: the retained reachability scope regression belongs in `reachability-center.component.spec.ts`, not a duplicate one-off spec, so the revived component keeps one canonical focused coverage file.
- Decision: retained Playwright checks that validate navigations must compare path plus required query-param subsets, not brittle full URL strings, because operator scope propagation is intentionally additive across the shell.
- Decision: direct-entry trust/watchlist and deployment-detail journeys require explicit ready-state waits in retained coverage; asserting too early creates false negatives that mask the real product state.
## Next Checkpoints
- Start the next operator-first iteration from fresh Stella state and widen retained behavior coverage for surfaces that are still mostly route-verified rather than journey-verified.
- Keep adding dedicated user journeys for remaining setup/admin and integration-management surfaces as they are exercised manually.

131
docs/implplan/SPRINT_20260316_001_Platform_first_time_user_experience_fixes.md Normal file
View File

@@ -0,0 +1,131 @@
# Sprint 20260316-001 — First-Time User Experience Fixes
## Topic & Scope
- Fix the critical first-time user experience issues discovered in the hands-on audit series.
- Batch 1: all S-effort fixes that can be landed without backend changes — advisory source defaults, documentation, UI corrections, 404 page, mirror guardrails.
- Batch 2: dashboard honest empty state (M-effort) — replace hardcoded fake data with real API calls or honest "no data" guidance.
- Working directory: `.` (cross-module fixes).
- Expected evidence: corrected source definitions, updated docs, fixed UI components, Playwright re-verification.
## Dependencies & Concurrency
- No upstream sprint dependencies. All fixes are independent.
- Safe parallelism: all tasks in Batch 1 are independent of each other.
## Documentation Prerequisites
- `docs/qa/FIRST_TIME_USER_SERIES_20260316.md` — the audit findings
- `AGENTS.md`
## Delivery Tracker
### FTUX-001 - Disable StellaOps Mirror source by default and curate advisory defaults
Status: DONE
Dependency: none
Owners: Developer
Task description:
- Set `EnabledByDefault = false` on the `StellaMirror` source in `SourceDefinitions.cs`.
- Set `EnabledByDefault = false` on ecosystem-specific sources (npm, PyPI, RubyGems, Maven, Packagist, Hex.pm — users enable for their stack).
- Set `EnabledByDefault = false` on geo-restricted sources (FSTEC BDU, NKCKI).
- Set `EnabledByDefault = false` on niche sources (Exploit-DB, PoC-in-GitHub, MITRE D3FEND, Kaspersky ICS-CERT).
- Keep ~30 core sources enabled: Primary (4) + Vendor (14) + Distribution (10) + CERT top-tier + Container + CSAF + Threat top-tier.
Completion criteria:
- [ ] StellaMirror has `EnabledByDefault = false`
- [ ] ~30 curated sources remain `EnabledByDefault = true`
- [ ] Ecosystem, geo-restricted, and niche sources default to disabled
- [ ] Build succeeds
### FTUX-002 - Filter mirror sources from Create Domain wizard
Status: DONE
Dependency: none
Owners: Developer
Task description:
- In `mirror-domain-builder.component.ts`, exclude sources with `category === 'Mirror'` from the source picker list.
- This prevents circular mirror-from-mirror chains.
Completion criteria:
- [ ] "StellaOps Mirror" no longer appears in Create Domain source selection
- [ ] Angular build succeeds
### FTUX-003 - Add login credentials to quickstart documentation
Status: DONE
Dependency: none
Owners: Developer
Task description:
- Add to `docs/quickstart.md` after step 5: default credentials `admin / Admin@Stella2026!` for the demo-prod tenant.
- List the 5 demo users and their roles.
Completion criteria:
- [ ] Quickstart includes credentials section
### FTUX-004 - Add 404 catch-all route
Status: DONE
Dependency: none
Owners: Developer
Task description:
- Add a `{ path: '**', ... }` wildcard route to `app.routes.ts` that renders a "Page Not Found" component.
- Component shows: "This page doesn't exist" message, search bar, links to Dashboard and Setup.
Completion criteria:
- [ ] Navigating to `/nonexistent` shows 404 page, not dashboard
- [ ] Angular build succeeds
### FTUX-005 - Fix arrow character in release version target path dropdown
Status: DONE
Dependency: none
Owners: Developer
Task description:
- Replace broken arrow character in target path intent options ("Dev ? Stage ? Prod") with proper Unicode arrow (`\u2192` or `→`).
Completion criteria:
- [ ] Dropdown shows "Dev → Stage → Prod"
### FTUX-006 - Dashboard honest empty state for fresh installs
Status: DONE
Dependency: FTUX-001
Owners: Developer
Task description:
- In `dashboard-v3.component.ts`, detect when no real environment data exists (PlatformContextStore returns 0 environments).
- When empty: render a setup guide instead of fake data — "Welcome to Stella Ops" with 4 setup steps (Connect registry, Define topology, Scan first image, Create release).
- When real data exists: keep the existing environment card rendering BUT remove the `resolveStatusSeed()` fake metrics. Show real data from APIs or "No scan data" per-environment.
- Remove hardcoded `summary`, `reachabilityStats`, `nightlyOpsSignals`, alerts HTML, and activity HTML.
- Replace with either real API calls or honest "No data yet" empty states per section.
Completion criteria:
- [ ] Fresh install with 0 environments shows setup guide, not fake crisis data
- [ ] Fresh install with environments but no scans shows environment cards with "No scan data" metrics
- [ ] No hardcoded fake numbers remain in the component
- [ ] Angular build succeeds
### FTUX-007 - Update Feature Matrix status markers
Status: DONE
Dependency: none
Owners: Developer
Task description:
- Update `docs/FEATURE_MATRIX.md` to mark shipped release orchestration features as ✅ instead of ⏳.
- Environment CRUD, Release Bundles, Promotion Workflows, Approval Gate, Policy Gate, Decision Records are all implemented.
Completion criteria:
- [ ] Feature Matrix reflects actual implementation status
## Execution Log
| Date (UTC) | Update | Owner |
| --- | --- | --- |
| 2026-03-16 | Sprint created from first-time user audit series findings. | Developer |
| 2026-03-16 | FTUX-001 DONE: Added `EnabledByDefault = false` to 32 sources (ecosystem, geo-restricted, exploit, hardware, niche CERTs, mirror). ~43 core sources remain enabled by default. | Developer |
| 2026-03-16 | FTUX-002 DONE: Filtered Mirror-category sources from Create Domain source picker in mirror-domain-builder.component.ts. | Developer |
| 2026-03-16 | FTUX-003 DONE: Added demo credentials (admin / Admin@Stella2026!) to docs/quickstart.md step 6. | Developer |
| 2026-03-16 | FTUX-004 DONE: Replaced catch-all `**` Mission Control fallback with proper 404 NotFoundComponent. | Developer |
| 2026-03-16 | FTUX-005 DONE: Replaced `?` with `→` in target path intent dropdown options. | Developer |
| 2026-03-16 | FTUX-006 DONE: Removed ALL hardcoded fake data from dashboard-v3.component.ts. Fresh installs now show welcome setup guide with 4 steps. Environment cards show honest "unknown"/"No deployments" when no scan data exists. Removed fake summary, reachabilityStats, nightlyOpsSignals, alerts, and activity HTML. | Developer |
| 2026-03-16 | FTUX-007 DONE: Updated FEATURE_MATRIX.md — 14 release orchestration features marked ✅ (was ⏳), section header updated. | Developer |
| 2026-03-16 | Angular build verified — 0 errors, 3 pre-existing budget warnings only. | Developer |
## Decisions & Risks
- Decision: curate advisory defaults rather than disable all — new users need working sources out of the box, just not 74 of them.
- Decision: dashboard empty state before 3-column redesign — honest data first, layout improvement second.
- Risk: removing hardcoded dashboard data may make the dashboard look empty on demo installs. Mitigation: the setup guide is a better first impression than fake crisis data.
## Next Checkpoints
- Land all S-effort fixes (FTUX-001 through FTUX-005, FTUX-007)
- Land dashboard empty state (FTUX-006)
- Playwright re-verification after fixes