Critical fixes:
- Replace router.navigateByUrl() with Location.replaceState() in
PlatformContextUrlSyncService to prevent re-evaluating canMatch guards
during query param sync. This was causing random page redirects across
all routes when auth session signals hadn't settled yet.
- Fix exception scope mismatch: Authority issues 'exceptions:read' (plural)
but guards checked 'exception:read' (singular). Aligned to plural form.
- Fix admin scope bypass: guards checked 'admin' scope but token has
'ui.admin'. Now both are accepted as superuser bypass.
- Remove duplicate scope entries in description map.
UX polish (from fix agents):
- Integration detail: formatActor() truncates raw user ID hashes to
"User 9a2d0730..." instead of showing full 32-char hex string.
- Dashboard feed status: show "Not checked yet" instead of "0 healthy"
when no advisory source health checks have run.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Concelier:
- Register Topology.Read, Topology.Manage, Topology.Admin authorization
policies mapped to OrchRead/OrchOperate/PlatformContextRead/IntegrationWrite
scopes. Previously these policies were referenced by endpoints but never
registered, causing System.InvalidOperationException on every topology
API call.
Gateway routes:
- Simplified targets/environments routes (removed specific sub-path routes,
use catch-all patterns instead)
- Changed environments base route to JobEngine (where CRUD lives)
- Changed to ReverseProxy type for all topology routes
KNOWN ISSUE (not yet fixed):
- ReverseProxy routes don't forward the gateway's identity envelope to
Concelier. The regions/targets/bindings endpoints return 401 because
hasPrincipal=False — the gateway authenticates the user but doesn't
pass the identity to the backend via ReverseProxy. Microservice routes
use Valkey transport which includes envelope headers. Topology endpoints
need either: (a) Valkey transport registration in Concelier, or
(b) Concelier configured to accept raw bearer tokens on ReverseProxy paths.
This is an architecture-level fix.
Journey findings collected so far:
- Integration wizard (Harbor + GitHub App): works end-to-end
- Advisory Check All: fixed (parallel individual checks)
- Mirror domain creation: works, generate-immediately fails silently
- Topology wizard Step 1 (Region): blocked by auth passthrough issue
- Topology wizard Step 2 (Environment): POST to JobEngine needs verify
- User ID resolution: raw hashes shown everywhere
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
All sprint tasks marked DONE verified via Playwright canonical route sweep
(111/111 routes passing). Remaining active: Sprint 025 (BLOCKED on Node
heap exhaustion in full test suite).
New sprint: SPRINT_20260316_001 — First-Time User Experience Fixes (7 tasks).
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
All 6 tasks DONE: consumer API endpoints, 4-step setup wizard UI,
dashboard and catalog integration, air-gap import API, E2E tests,
and documentation.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
mirror.md: added section 8 covering the 4-step UI wizard flow, wizard
vs env var comparison table, and air-gap bundle import via UI and CLI.
architecture.md: added 6 consumer API endpoints (GET/PUT /consumer,
discover, verify-signature, import, import/status) to REST API section.
airgap-operations-runbook.md: cross-reference to UI import alternative.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Promotions: replace empty-state stub with operator landing surface
showing pipeline stages, prerequisites, and onboarding guidance.
Operations: unify naming across sidebar, breadcrumb, title, and H1
from "Platform Ops" to "Operations".
Playwright: add promotions and operations landing journey checks to
the retained first-time-user remediation and aggregate audit suites.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Identity/Trust: replace developer jargon with operator-facing language
on trust overview, trust admin summary, and trust analytics. Add context-
aware error handling (404/503 vs generic) for fresh-install guidance.
Add navigation cards for Watchlist and Analytics in trust overview grid.
Integrations: replace raw alert() calls in test-connection and health-
check actions with inline feedback banners using Angular signals. Add
dismissible error banner for delete failures on integration detail.
Supporting fixes: admin notifications, evidence audit, replay controls,
notify panel, sidebar, route ownership, offline-kit, reachability,
topology, and platform feeds components hardened with tests and
operator-facing empty states.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Wire orch:operate scope into console bootstrap so the browser token can
execute release-control actions. Replace the silent-redirect fallback
with the canonical createBundle → publishVersion → materialize flow and
surface truthful error messages on 403/409/503. Add focused Angular
tests and Playwright journey evidence for standard and hotfix paths.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
