stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity
Files
70fdbfcf25908e1c3697ae41b931b8875858d4ea
git.stella-ops.org/docs/qa/feature-checks/runs/web/ui-page-verification-results.md
master 70fdbfcf25 Stabilize U
2026-02-16 07:33:20 +02:00

9.5 KiB
Raw Blame History

UI Page-by-Page Verification Results

Date: 2026-02-15 Tester: QA Agent (Playwright browser automation) Environment: https://stella-ops.local (Docker Compose, 50+ services) Auth: OAuth 2.0 Authorization Code + PKCE + DPoP via OpenIddict Authority User: admin (Platform Admin, admin@stella-ops.local)

Authentication Flow

Step Result
Welcome page loads PASS — StellaOps branded landing page
Sign In button triggers OAuth redirect PASS — Redirects to /connect/authorize with PKCE challenge
Login form renders PASS — Username + Password fields
Credentials accepted PASS — PBKDF2 password hash verified by CryptoPasswordHasher
OAuth callback completes PASS — Code exchange + DPoP token issued
Redirect to authenticated dashboard PASS — Lands on / with full sidebar
Session persists (SPA navigation) PASS — sessionStorage auth token
Session lost on full page reload KNOWN — SPA stores tokens in sessionStorage only

Page Verification Summary

Legend

  • PASS (data): Page loads, renders real backend data
  • PASS (ui): Page loads with proper UI structure; backend API returns 404/401 (service not routed)
  • PASS (empty): Page loads, no data yet (expected — empty state)
  • ERROR: Page fails to render or crashes
# Page URL Title Headings Data Verdict
1 Control Plane Dashboard / Control Plane - StellaOps Control Plane, Environment Pipeline, Pending Approvals, Active Deployments, Recent Releases 4 environments (Dev/Staging/UAT/Prod), 3 pending approvals, 4 recent releases table PASS (data)
2 Releases /releases Releases - StellaOps Releases (0) UI with search, status/environment filters, status cards. Backend 404 for /api/release-orchestrator/releases PASS (ui)
3 Approvals /approvals Approvals - StellaOps Approvals Filters (status, environment, search). Backend 404 — graceful "Failed to load" PASS (ui)
4 Security Overview /security/security/overview Security Overview - StellaOps Security Overview, Recent Findings, Top Affected Packages, VEX Coverage, Active Exceptions Dashboard with security posture sections PASS (ui)
5 Security Findings /security/findings Security Overview - StellaOps Security Findings Table (1) with findings list. Backend 404 for scanner findings API PASS (ui)
6 Vulnerabilities /security/vulnerabilities Security Overview - StellaOps Vulnerabilities "Vulnerability list is pending data integration" PASS (empty)
7 SBOM Graph /security/sbom Security Overview - StellaOps SBOM Graph "SBOM graph visualization is not yet available in this build" PASS (empty)
8 VEX Hub /security/vex Security Overview - StellaOps VEX Statement Dashboard VEX Hub error: 401 from backend. Shows retry button PASS (ui)
9 Security Exceptions /security/exceptions Security Overview - StellaOps Security Exceptions Table (1) with exceptions list. Backend 404 for policy exception API PASS (ui)
10 Analytics (main) /analytics (Did not navigate — link not found in nav) Analytics nav group exists but /analytics route not wired N/A
11 SBOM Lake /analytics/sbom-lake SBOM Lake - StellaOps SBOM Lake, Attestation Coverage Metrics, Coverage by Attestation Type, Approval Velocity, Gap Analysis Rich dashboard with charts. Backend 401 for analytics APIs — shows "Unable to load SBOM analytics" PASS (ui)
12 Evidence Bundles /evidence/evidence/bundles Bundles - StellaOps Evidence Bundles "Download and verify sealed evidence bundles" PASS (empty)
13 Evidence Proof Chains /evidence/proof-chains Proof Chains - StellaOps Evidence Chain "Subject digest is required" — correct validation PASS (ui)
14 Evidence Replay /evidence/replay Replay - StellaOps Verdict Replay, Request Replay, Replay Requests, Determinism Overview Full replay UI with determinism verification description PASS (ui)
15 Evidence Export /evidence/export Export - StellaOps Export Center, StellaBundle (OCI referrer), Daily Compliance Export, Audit Bundle 3 export profiles with descriptions PASS (ui)
16 Orchestrator Dashboard /operations/orchestrator Operations - StellaOps Orchestrator Dashboard, Your Orchestrator Access "Monitor and manage orchestrated jobs" PASS (ui)
17 Scheduler Runs /operations/scheduler/operations/scheduler/runs Operations - StellaOps Scheduler Runs "Monitor and manage scheduled task executions" — shows 1 Failed status PASS (ui)
18 Operator Quotas /operations/quotas Operations - StellaOps Operator Quota Dashboard, Consumption Trend, Quota Forecast, Top Tenants, Throttle Events Rich dashboard. Backend 404 for quota APIs — "Loading consumption data..." PASS (ui)
19 Dead-Letter Queue /operations/deadletter/operations/dead-letter Operations - StellaOps Dead-Letter Queue Management, Error Distribution, By Tenant, Queue Browser Full CRUD UI. Backend 404 — "No dead-letter entries match" PASS (ui)
20 Platform Health /operations/health Operations - StellaOps Platform Health, Active Incidents, Service Health, Degraded (1), Healthy (9) Real data: 9 healthy + 1 degraded service. Last updated timestamp. PASS (data)
21 Feed Mirror & AirGap /operations/feeds Feed Mirror & AirGap Operations - StellaOps Feed Mirror & AirGap Operations, NVD Mirror, GitHub Security Advisories, RHEL OVAL, OSV Database 4 feed sources with status cards. Shows 1 error state PASS (ui)
22 Integrations /settings/integrations Settings - StellaOps Integrations, GitHub Enterprise, GitLab SaaS, Jenkins, Harbor Registry, HashiCorp Vault 5 integration connectors. 1 shows "Disconnected" PASS (ui)
23 Trust & Signing /settings/trust Settings - StellaOps Trust & Signing, Signing Keys, Issuers, Certificates, Transparency Log, Trust Scoring 6 trust management sections PASS (ui)
24 Identity & Access (Admin) /settings/admin Settings - StellaOps Identity & Access, Users Real data: 5 users from DB (Platform Admin, Jane Smith, Bob Wilson, Scanner Service, Alice Johnson). Table with name, email, role, status. Tabs: Users, Roles, OAuth Clients, API Tokens, Tenants PASS (data)

Backend API Connectivity

API Endpoint Pattern Status Notes
/api/policy/packs 404 Policy packs not routed through gateway
/api/release-orchestrator/releases 404 Release orchestrator not routed
/api/release-orchestrator/approvals 404 Approvals endpoint not routed
/gateway/scanner/api/v1/findings 404 Scanner findings not routed
/gateway/api/v1/policy/exception/requests 404 Policy exceptions not routed
/gateway/api/v1/vex/stats 404 VEX stats not routed
/api/analytics/* 401/404 Analytics endpoints not configured
/api/v1/authority/quotas/* 404 Quota endpoints not routed
/api/v1/orchestrator/deadletter 404 Dead-letter endpoints not routed
Authority (login/token) 200 OAuth flow works end-to-end
Authority (users) 200 Admin users table loads real data
Health endpoints 200 Service health dashboard shows real data
Dashboard data 200 Environment pipeline, approvals, releases load

Console Errors

All console errors are HTTP 404/401 responses from backend APIs that aren't yet routed through the gateway. No JavaScript errors, no rendering crashes, no uncaught exceptions.

Aggregate Results

Metric Count
Total pages tested 24
Pages with real backend data 3 (Dashboard, Platform Health, Admin Users)
Pages with proper UI (backend 404) 16
Pages with empty state (expected) 3
Pages not navigable 1 (Analytics main — no route)
Pages that crash 0
JavaScript errors 0
Auth flow success YES
Session management sessionStorage (SPA-only)

Bugs & Issues Found

BUG-UI-001: Session lost on full page navigation

  • Severity: Low (SPA design choice, not a bug per se)
  • Detail: page.goto() causes full page reload, losing sessionStorage auth. SPA in-app navigation preserves session correctly.

BUG-UI-002: /analytics main page not routed

  • Severity: Low
  • Detail: Analytics nav group expands but the /analytics link doesn't exist in the sidebar. Only /analytics/sbom-lake is navigable.

BUG-UI-003: Gateway routes missing for 10+ backend APIs

  • Severity: Medium
  • Detail: Many backend service APIs return 404 through the gateway. The Router/Gateway needs route entries for: release-orchestrator, scanner findings, policy exceptions, VEX stats, analytics, quotas, dead-letter, orchestrator.
  • Impact: Pages render UI correctly but show empty/error states instead of real data.
  • Root cause: Gateway route configuration in src/Router/StellaOps.Gateway.WebService/ doesn't include routes for all backend services.

Screenshots

File Description
screenshots/qa-ui-01-dashboard.png Authenticated Control Plane dashboard
screenshots/qa-ui-admin-settings.png Admin Identity & Access with 5 real users