6578c82602
The gateway service was a redundant deployment of the same StellaOps.Gateway.WebService binary already running as router-gateway. It served no unique purpose — all traffic is handled by router-gateway (slot 0). This removes the container, its route table entries, nginx proxy blocks, health/quota stubs, and redirects STELLAOPS_GATEWAY_URL to router.stella-ops.local so the Angular frontend resolves API base URLs through the canonical frontdoor. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
3.6 KiB
3.6 KiB
Router Rollout Acceptance Package (2026-02-22)
Scope
- Program closeout for Router sprints
047-050. - Dual-mode verification:
- Default microservice mode (
router-gateway-local.json). - Reverse-proxy fallback mode (
router-gateway-local.reverseproxy.json).
Command Matrix
- Image refresh:
docker build ... -t stellaops/scanner-web:devdocker build ... -t stellaops/integrations-web:dev- (stellaops/gateway:dev removed — consolidated into router-gateway)
docker build ... -t stellaops/doctor-web:dev- Clean bootstrap:
devops/compose/scripts/router-mode-redeploy.ps1 -Mode reverseproxydevops/compose/scripts/router-mode-redeploy.ps1 -Mode microservice- Route smoke:
devops/compose/scripts/router-routeprefix-smoke.ps1- Conformance tests:
dotnet test src/Router/__Tests/StellaOps.Router.AspNet.Tests/StellaOps.Router.AspNet.Tests.csprojdotnet test src/Router/__Tests/StellaOps.Router.Gateway.Tests/StellaOps.Router.Gateway.Tests.csprojdotnet test src/Router/__Tests/StellaOps.Gateway.WebService.Tests/StellaOps.Gateway.WebService.Tests.csproj
Evidence Artifacts
devops/compose/openapi_current.jsondevops/compose/openapi_reverse.jsondevops/compose/openapi_routeprefix_smoke_microservice.csvdevops/compose/openapi_routeprefix_smoke_reverseproxy.csvdevops/compose/openapi_quality_report_microservice.jsondevops/compose/openapi_quality_report_reverseproxy.jsondevops/compose/perf_microservice.jsondevops/compose/perf_reverseproxy.jsondevops/compose/perf_mode_comparison.jsondevops/compose/timeline.jsondevops/compose/timeline_schemas.jsondevops/compose/openai_adapter.jsondevops/compose/llm_providers.json
Acceptance Results
Microservice mode:
- Route smoke summary:
200=30,302=4,400=25,401=14,403=2,404=3,410=1 - Route smoke blocker status:
500=0 - OpenAPI counts:
paths=1899,schemas=901 - Timeline contract gate: 4 timeline operations with summary/description/security/timeouts/auth extensions.
- Advisory AI adapter exposure: 2 LLM adapter operations in aggregated
openapi.json; providers endpoint denies anonymous access (403).
Reverse mode:
- Route smoke summary:
200=15,400=6,401=18,404=15 - Route smoke blocker status:
500=0 - OpenAPI counts:
paths=1529,schemas=901 - Reverse-proxy exception set remains explicit (
/rekor,/platform, static SPA/error routes).
Security and authorization:
- Gateway and Router conformance suites pass.
- Identity-header spoofing protections covered in gateway test suite.
- Authority claims refresh and effective-claim integration covered in Router gateway tests.
Performance Gate Decision
- Baseline: reverse-proxy mode.
- Candidate: microservice mode.
- Comparison artifact:
devops/compose/perf_mode_comparison.json. - Result:
openapi.jsonand timeline unauthorized path remained within acceptable local-dev drift.- Advisory AI adapter unauthorized path showed higher latency in microservice mode; accepted for now as non-blocking because error-rate and contract gates passed, with follow-up hardening item retained in Router backlog.
Rollback
- Scripted mode rollback:
devops/compose/scripts/router-mode-redeploy.ps1 -Mode reverseproxy- Return to default:
devops/compose/scripts/router-mode-redeploy.ps1 -Mode microservice- The redeploy helper now auto-recovers transient unhealthy services (bounded retries) before declaring failure.
Final Runtime State
- Default compose mode restored to microservice routing:
ROUTER_GATEWAY_CONFIG=./router-gateway-local.json- Timeline route
/api/v1/timelineremainsType=Microservicewith Valkey messaging transport.