- Add resource limits (heavy/medium/light tiers) to all 59 .NET services
- Add .NET GC tuning (server/workstation GC, DATAS, conserve memory)
- Convert FirstSignalSnapshotWriter from 10s polling to Valkey pub/sub
- Convert EnvironmentSettingsRefreshService from 60s polling to Valkey pub/sub
- Consolidate GraphAnalytics dual timers to single timer with idle-skip
- Increase healthcheck interval from 30s to 60s (configurable)
- Reduce debug logging to Information on 4 high-traffic services
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Fix 4 classes of issues that prevented JobEngine from auto-migrating:
1. Non-idempotent DDL: add IF NOT EXISTS to CREATE TABLE, wrap CREATE
TYPE in DO blocks with EXCEPTION WHEN duplicate_object, wrap partition
creation with EXCEPTION WHEN duplicate_object OR SQLSTATE '42P17'
2. Reserved keyword: quote `window` column name in 004_slo_quotas.sql
3. Invalid syntax: replace DELETE...LIMIT with ctid subquery pattern
in 004_slo_quotas.sql and 005_audit_ledger.sql
4. Partition constraint: add tenant_id to UNIQUE(log_id) constraint
on pack_run_logs in 006_pack_runs.sql (partitioned tables require
partition key in all unique constraints)
5. Non-immutable index predicate: remove NOW() from partial index
predicate in 002_backfill.sql
6. Remove BEGIN/COMMIT wrappers from all migration files (the
StartupMigrationHost already wraps each migration in a transaction)
All 8 orchestrator migrations (001-008) now apply cleanly on fresh DB.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Introduce resolveApiBaseUrl() helper for consistent URL construction
- Fix evidence-pack queries to use public /v1/evidence-packs with runId param
- Resolve notify tenant from active context instead of hard-coded override
- Gate console run stream on concrete run ID (remove synthetic 'last' token)
- Remove unnecessary installed-pack probe from dashboard load
- Expand canonical route inventory with investigation and registry surfaces
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Add legacy channel config normalization for unmapped smtpHost, webhookUrl,
channel fields into canonical NotifyChannelConfig
- Restore GET /channels/{channelId}/health endpoint
- Add JsonConverter attribute to ChannelHealthStatus enum
- Add test coverage for legacy row shapes and health contract
- Remove hosted services from test override to isolate channel tests
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Wire AddStartupMigrations so JobEngine converges the orchestrator schema
on fresh database or wiped volumes without manual bootstrap scripts.
Adds StellaOps.Infrastructure.Postgres.Migrations dependency.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Register RunService and IRunStore (InMemoryRunStore) in DI
- Disambiguate IGuidGenerator namespaces (Chat vs Runs)
- Mount RunEndpoints at canonical /v1/advisory-ai/runs path
- Make RunService public for WebService composition
- Add integration tests for runs authorization and CRUD
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Normalize path separators in slnf files (forward to backslash)
- Move Scheduler project references from stale src/Scheduler/ to
correct src/JobEngine/StellaOps.Scheduler.__Libraries/ location
- Remove BOM characters from solution files for consistency
- Fix solution folder labels for Verifier
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Route /api/v1/jobengine to jobengine service (was orchestrator)
- Route /api/v1/sources and /api/v1/witnesses to scanner service
- Add orch:quota and pack-registry scopes to platform OIDC token
- Align compose-local manifests with gateway appsettings.json
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
The Valkey transport layer used 100ms busy-polling loops (Task.Delay(100))
across ~90 concurrent loops in 45+ services, generating ~900 idle
commands/sec and burning ~58% CPU while the system was completely idle.
Replace polling with Redis Pub/Sub notifications:
- Publishers fire PUBLISH after each XADD (fire-and-forget)
- Consumers SUBSCRIBE and wait on SemaphoreSlim with 30s fallback timeout
- Applies to both ValkeyMessageQueue (INotifiableQueue) and ValkeyEventStream
- Non-Valkey transports fall back to 1s polling via QueueWaitExtensions
Increase heartbeat interval from 10s to 45s across all transport options,
with corresponding health threshold adjustments (stale: 135s, degraded: 90s).
Expected idle CPU reduction: ~58% → ~3-5%.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Enhance ContextHeaderComponent to be the single canonical header primitive:
- Add configurable heading level (h1/h2/h3) for semantic HTML in nested shells
- Add testId input for Playwright targeting (data-testid)
- Add ARIA labels on return button and chip list (role=list/listitem)
- Add back-arrow indicator for improved return-button affordance
- Add JSDoc on all inputs for developer ergonomics
Deprecate PageHeaderComponent to a thin compatibility wrapper that delegates
to ContextHeaderComponent.
Adopt canonical header on 4 representative pages:
- RegistryAdminComponent (admin/setup surface)
- PackRegistryBrowserComponent (operational surface)
- DeadLetterDashboardComponent (operational surface)
- OfflineKitComponent (operational surface)
Each adopted page gains eyebrow breadcrumb context, consistent subtitle
placement, and projected actions via the shared header-actions slot,
replacing ~80 lines of repeated ad-hoc header markup.
15 focused component tests covering title rendering, eyebrow/subtitle
display, chips with ARIA, back action, action slot projection, heading
levels, testId, and responsive layout structure. All pass.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Settings shell now owns only personal user preferences (appearance,
language, layout, AI assistant). All 14 admin/tenant/ops leaves
converted to controlled redirects pointing at their canonical owners
(Administration, Setup, Ops). Language merged into user-preferences.
Identity-providers rehomed from settings to administration as
canonical owner. Navigation config updated. 22 new route tests added.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Sync TASKS.md, implementation_plan.md, and orphan-revival-batch README
to reflect all 11 shipped orphan component adoption sprints.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Mount registry-admin routes under canonical /ops/integrations (and
/setup/integrations) with plans list, editor, and audit flows reachable
from integration-hub entry points.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Mount deploy-diff, change-trace, and timeline under /releases/investigation
as bounded secondary routes. Timeline uses correlation-based model to avoid
collision with shipped run-workspace tab.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Mount evidence-thread, auditor-workspace, and developer-workspace routes
under canonical /evidence family as drill-in lenses, not standalone shells.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
