9.7 KiB
9.7 KiB
Baseline Test Results — 2026-02-26
Pre-deployment baseline: code changes committed but NOT yet deployed to containers.
Issue 1: API Errors (401 Unauthorized on every API call)
All API endpoints return 401 Unauthorized (not 403 as originally estimated). The bootstrap admin user has zero roles/scopes in its JWT token.
| Status | Endpoint | Category |
|---|---|---|
| 401 | /api/v2/context/regions |
Platform context |
| 401 | /api/v1/platform/preferences/language |
Platform preferences |
| 401 | /api/v1/platform/localization/locales |
Platform localization |
| 401 | /console/branding?tenantId=default |
Console branding |
| 401 | /api/v2/releases/approvals?status=pending |
Release approvals |
| 401 | /api/release-jobengine/approvals?statuses=pending |
Release orchestrator |
| 401 | /api/v1/platform/health/summary |
Platform health |
| 401 | /api/v1/integrations?type=1&pageSize=1 |
Integrations |
| 401 | /api/v1/authority/quotas/history?aggregation=daily |
Authority quotas |
| 401 | /scheduler/api/v1/scheduler/runs |
Scheduler |
| 404 | /api/v1/notifier/rules |
Notifier (routing issue) |
| 404 | /api/v1/signals?limit=200 |
Signals (routing issue) |
| 404 | /api/v1/audit/events?limit=10 |
Audit (routing issue) |
Root cause: Bootstrap admin user created with roles: Array.Empty<string>().
Fix status: Code changes applied (StandardPluginBootstrapper + StandardUserCredentialStore). Need container rebuild.
Issue 2: Route Test Results (83 routes tested)
Legend
- OK = Page renders its own component (unique H1, not "Dashboard")
- FALLBACK = Route hits the
**wildcard and renders Dashboard instead of its own page - NO_H1 = Component renders but has no H1 element
Mission Control (3 routes)
| Route | H1 | Status |
|---|---|---|
/mission-control/board |
Dashboard | OK |
/mission-control/release-health |
Dashboard | FALLBACK |
/mission-control/security-posture |
Dashboard | FALLBACK |
2 FALLBACK — release-health and security-posture sub-routes don't exist in mission-control.routes.ts.
Releases (15 routes)
| Route | H1 | Status |
|---|---|---|
/releases |
Release Ops Overview | OK |
/releases/overview |
Release Ops Overview | OK |
/releases/versions |
Release Versions | OK |
/releases/versions/new |
Create Release Version | OK |
/releases/runs |
Release Runs | OK |
/releases/approvals |
Release Run Approvals Queue | OK |
/releases/promotion-queue |
Promotions | OK |
/releases/hotfixes |
Hotfixes | OK |
/releases/hotfixes/new |
Create Hotfix | OK |
/releases/environments |
Regions & Environments | OK |
/releases/deployments |
Deployments | OK |
/releases/bundles |
Dashboard | FALLBACK |
1 FALLBACK — /releases/bundles falls back to Dashboard. The route file bundles.routes.ts exists but the current deployed build doesn't include it (our fix adds it but isn't deployed yet).
11 OK — All core release routes work.
Security (20 routes)
| Route | H1 | Status |
|---|---|---|
/security |
Security / Posture | OK |
/security/posture |
Security / Posture | OK |
/security/triage |
Security / Triage | OK |
/security/supply-chain-data |
Security / Supply-Chain Data | OK |
/security/reachability |
Reachability Center | OK |
/security/reports |
Security Reports | OK |
/security/disposition |
Security / Advisories & VEX | OK |
/security/findings |
Dashboard | FALLBACK |
/security/vulnerabilities |
Dashboard | FALLBACK |
/security/advisory-sources |
Dashboard | FALLBACK |
/security/vex |
Dashboard | FALLBACK |
/security/exceptions |
Dashboard | FALLBACK |
/security/exceptions/approvals |
Dashboard | FALLBACK |
/security/lineage |
Dashboard | FALLBACK |
/security/risk |
Dashboard | FALLBACK |
/security/unknowns |
Dashboard | FALLBACK |
/security/patch-map |
Dashboard | FALLBACK |
/security/artifacts |
Dashboard | FALLBACK |
/security/symbol-sources |
Dashboard | FALLBACK |
/security/symbol-marketplace |
Dashboard | FALLBACK |
/security/remediation |
Dashboard | FALLBACK |
/security/sbom |
Dashboard | FALLBACK |
/security/sbom-lake |
Dashboard | FALLBACK |
/security/secret-detection |
Dashboard | FALLBACK |
/security/timeline |
Dashboard | FALLBACK |
17 FALLBACK — The deployed build still uses security.routes.ts (14 simplified routes), NOT security-risk.routes.ts (30+ comprehensive routes). Our fix swaps the import but isn't deployed yet.
7 OK — Only the routes defined in the old security.routes.ts work (posture, triage, supply-chain-data, reachability, reports, disposition, and the root).
Evidence (6 routes)
| Route | H1 | Status |
|---|---|---|
/evidence |
Evidence & Audit | OK |
/evidence/overview |
Evidence & Audit | OK |
/evidence/capsules |
NO_H1 | OK (renders, no H1) |
/evidence/verify-replay |
Verdict Replay | OK |
/evidence/exports |
Export Center | OK |
/evidence/audit-log |
Unified Audit Log | OK |
0 FALLBACK — All evidence routes work.
Ops — Direct children (19 routes)
| Route | H1 | Status |
|---|---|---|
/ops |
Ops | OK |
/ops/operations |
Platform Ops | OK |
/ops/operations/health-slo |
Platform Health | OK |
/ops/operations/scheduler |
Scheduler Runs | OK |
/ops/operations/quotas |
Operator Quota Dashboard | OK |
/ops/operations/offline-kit |
Offline Kit Management | OK |
/ops/operations/signals |
Signals Runtime Dashboard | OK |
/ops/operations/packs |
Pack Registry Browser | OK |
/ops/operations/feeds-airgap |
Feeds & Airgap | OK |
/ops/operations/data-integrity |
Data Integrity | OK |
/ops/integrations |
Integrations | OK |
/ops/policy |
Policy Governance | OK |
/ops/platform-setup |
Platform Setup | OK |
/ops/scanner-ops |
Dashboard | FALLBACK |
/ops/agents |
Dashboard | FALLBACK |
/ops/feeds |
Dashboard | FALLBACK |
/ops/airgap |
Dashboard | FALLBACK |
/ops/health-slo |
Dashboard | FALLBACK |
/ops/signals |
Dashboard | FALLBACK |
/ops/scheduler |
Dashboard | FALLBACK |
/ops/offline-kit |
Dashboard | FALLBACK |
/ops/quotas |
Dashboard | FALLBACK |
/ops/packs |
Dashboard | FALLBACK |
10 FALLBACK — All the new ops sub-routes and redirects we added aren't deployed yet.
13 OK — The original ops routes (operations/*, integrations, policy, platform-setup) all work.
Setup (9 routes)
| Route | H1 | Status |
|---|---|---|
/setup |
Setup | OK |
/setup/system |
System | OK |
/setup/topology/overview |
Topology | OK |
/setup/topology/environments |
Topology | OK |
/setup/integrations |
Integrations | OK |
/setup/identity-access |
Identity & Access | OK |
/setup/tenant-branding |
Tenant & Branding | OK |
/setup/notifications |
Notification Administration | OK |
/setup/usage |
Usage & Limits | OK |
0 FALLBACK — All setup routes work.
Settings (1 route)
| Route | H1 | Status |
|---|---|---|
/settings |
Integrations | OK |
0 FALLBACK — Settings works (though H1 says "Integrations" — may be a content issue).
New Top-Level Routes (5 routes)
| Route | H1 | Status |
|---|---|---|
/administration |
Dashboard | FALLBACK |
/administration/policy-governance |
Dashboard | FALLBACK |
/console-admin |
Dashboard | FALLBACK |
/platform/ops |
Dashboard | FALLBACK |
/platform/setup |
Dashboard | FALLBACK |
5 FALLBACK — All new top-level routes we added aren't deployed yet.
Summary
Route Test Totals
| Category | Tested | OK | FALLBACK | Notes |
|---|---|---|---|---|
| Mission Control | 3 | 1 | 2 | release-health/security-posture sub-routes missing |
| Releases | 12 | 11 | 1 | bundles not deployed |
| Security | 25 | 7 | 18 | security-risk.routes swap not deployed |
| Evidence | 6 | 6 | 0 | All working |
| Ops (canonical) | 13 | 13 | 0 | All working |
| Ops (new aliases) | 10 | 0 | 10 | Redirects not deployed |
| Setup | 9 | 9 | 0 | All working |
| Settings | 1 | 1 | 0 | Working |
| New top-level | 5 | 0 | 5 | administration/console-admin/platform not deployed |
| TOTAL | 84 | 48 | 36 |
API Error Totals
- 10 endpoints returning 401 Unauthorized (auth/scope issue)
- 3 endpoints returning 404 Not Found (gateway routing issue)
What the Deployed Fix Will Resolve
After Authority container rebuild (Fix 1):
- Bootstrap admin gets
roles: ["admin"]in user metadata - Admin role seeded with all 150+ StellaOps scopes
- All 10 endpoints currently returning 401 should start returning 200
- The 3 returning 404 are gateway routing issues (separate problem)
After Web container rebuild (Fix 2):
- 18 security FALLBACK routes should resolve (security-risk.routes swap)
- 10 ops alias/redirect FALLBACK routes should resolve
- 5 new top-level routes (administration, console-admin, platform) should resolve
- 1 releases/bundles route should resolve
- Total: 34 of 36 FALLBACK routes should be fixed
Remaining after deployment (2 routes still expected to FALLBACK):
/mission-control/release-health— needs route added to mission-control.routes.ts/mission-control/security-posture— needs route added to mission-control.routes.ts
Next Steps
- Rebuild Authority container — pick up bootstrap admin role + scope seeding
- Rebuild Web container — pick up Angular route wiring
- Re-run this test — verify 401s become 200s and 34 FALLBACKs become OK
- Fix remaining 2 mission-control sub-routes if needed
- Investigate 3 API 404s (notifier/rules, signals, audit/events) — likely gateway routing config