- Introduce resolveApiBaseUrl() helper for consistent URL construction
- Fix evidence-pack queries to use public /v1/evidence-packs with runId param
- Resolve notify tenant from active context instead of hard-coded override
- Gate console run stream on concrete run ID (remove synthetic 'last' token)
- Remove unnecessary installed-pack probe from dashboard load
- Expand canonical route inventory with investigation and registry surfaces
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Add legacy channel config normalization for unmapped smtpHost, webhookUrl,
channel fields into canonical NotifyChannelConfig
- Restore GET /channels/{channelId}/health endpoint
- Add JsonConverter attribute to ChannelHealthStatus enum
- Add test coverage for legacy row shapes and health contract
- Remove hosted services from test override to isolate channel tests
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Wire AddStartupMigrations so JobEngine converges the orchestrator schema
on fresh database or wiped volumes without manual bootstrap scripts.
Adds StellaOps.Infrastructure.Postgres.Migrations dependency.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Register RunService and IRunStore (InMemoryRunStore) in DI
- Disambiguate IGuidGenerator namespaces (Chat vs Runs)
- Mount RunEndpoints at canonical /v1/advisory-ai/runs path
- Make RunService public for WebService composition
- Add integration tests for runs authorization and CRUD
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Normalize path separators in slnf files (forward to backslash)
- Move Scheduler project references from stale src/Scheduler/ to
correct src/JobEngine/StellaOps.Scheduler.__Libraries/ location
- Remove BOM characters from solution files for consistency
- Fix solution folder labels for Verifier
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Route /api/v1/jobengine to jobengine service (was orchestrator)
- Route /api/v1/sources and /api/v1/witnesses to scanner service
- Add orch:quota and pack-registry scopes to platform OIDC token
- Align compose-local manifests with gateway appsettings.json
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
The Valkey transport layer used 100ms busy-polling loops (Task.Delay(100))
across ~90 concurrent loops in 45+ services, generating ~900 idle
commands/sec and burning ~58% CPU while the system was completely idle.
Replace polling with Redis Pub/Sub notifications:
- Publishers fire PUBLISH after each XADD (fire-and-forget)
- Consumers SUBSCRIBE and wait on SemaphoreSlim with 30s fallback timeout
- Applies to both ValkeyMessageQueue (INotifiableQueue) and ValkeyEventStream
- Non-Valkey transports fall back to 1s polling via QueueWaitExtensions
Increase heartbeat interval from 10s to 45s across all transport options,
with corresponding health threshold adjustments (stale: 135s, degraded: 90s).
Expected idle CPU reduction: ~58% → ~3-5%.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Enhance ContextHeaderComponent to be the single canonical header primitive:
- Add configurable heading level (h1/h2/h3) for semantic HTML in nested shells
- Add testId input for Playwright targeting (data-testid)
- Add ARIA labels on return button and chip list (role=list/listitem)
- Add back-arrow indicator for improved return-button affordance
- Add JSDoc on all inputs for developer ergonomics
Deprecate PageHeaderComponent to a thin compatibility wrapper that delegates
to ContextHeaderComponent.
Adopt canonical header on 4 representative pages:
- RegistryAdminComponent (admin/setup surface)
- PackRegistryBrowserComponent (operational surface)
- DeadLetterDashboardComponent (operational surface)
- OfflineKitComponent (operational surface)
Each adopted page gains eyebrow breadcrumb context, consistent subtitle
placement, and projected actions via the shared header-actions slot,
replacing ~80 lines of repeated ad-hoc header markup.
15 focused component tests covering title rendering, eyebrow/subtitle
display, chips with ARIA, back action, action slot projection, heading
levels, testId, and responsive layout structure. All pass.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Settings shell now owns only personal user preferences (appearance,
language, layout, AI assistant). All 14 admin/tenant/ops leaves
converted to controlled redirects pointing at their canonical owners
(Administration, Setup, Ops). Language merged into user-preferences.
Identity-providers rehomed from settings to administration as
canonical owner. Navigation config updated. 22 new route tests added.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Sync TASKS.md, implementation_plan.md, and orphan-revival-batch README
to reflect all 11 shipped orphan component adoption sprints.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Mount registry-admin routes under canonical /ops/integrations (and
/setup/integrations) with plans list, editor, and audit flows reachable
from integration-hub entry points.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Mount deploy-diff, change-trace, and timeline under /releases/investigation
as bounded secondary routes. Timeline uses correlation-based model to avoid
collision with shipped run-workspace tab.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Mount evidence-thread, auditor-workspace, and developer-workspace routes
under canonical /evidence family as drill-in lenses, not standalone shells.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Replace bespoke finding list in findings-container and inline table in
release-detail security tab with shared FindingListComponent and
FindingRowComponent using data adapters for type bridging.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Wire PolicyEvaluatePanel, RemediationHint, and PolicyPackEditor into
policy-decisioning gates page and policy-studio editor within the
canonical /ops/policy shell.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Wire QuickVerifyDrawer, EvidenceChecklist, ProofChainViewer, and
DsseEnvelopeViewer into evidence-export, triage, and release-orchestrator
evidence-detail surfaces for richer proof verification workflows.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Apply stellaopsGlossaryTooltip directive on vex-hub dashboard, trust-admin,
and policy-decisioning overview with auto-detect mode for security terms
(VEX, CVE, SBOM, DSSE, etc.).
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Apply stellaAuditorOnly and stellaOperatorOnly structural directives on
evidence-audit, promotions, and evidence-export surfaces with ViewModeToggle
surfaced for persona switching.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Migrate audit-log, evidence-pack, release-list, secret-detection,
certificate-inventory, and trust-audit-log to shared FilterBarComponent
with consistent FilterOption/ActiveFilter interfaces.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Replace bespoke clipboard handlers, bare <code> tags, and manual
truncation with shared CopyToClipboardComponent, InlineCodeComponent,
and TruncatePipe across console-admin, offline-kit, and triage surfaces.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Replace hand-rolled digest truncation/copy and reachability badges with
shared DigestChipComponent and ReachabilityStateChipComponent on releases
list, evidence-thread, attestation-links, and reachability-center.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
