git.stella-ops.org/docs/qa/notify-compat-20260422/EVIDENCE.md

NOTIFY-COMPAT-003 verification evidence

Date (UTC): 2026-04-22 Owner: Claude Sprint: docs/implplan/SPRINT_20260422_001_Notify_restore_notifier_compat_surface.md Scope: Closing browser-replay evidence for the last unchecked criterion.

Step 1 - Rebuild notify-web

• dotnet publish src/Notify/StellaOps.Notify.WebService/StellaOps.Notify.WebService.csproj succeeded (Release, /tmp/stellaops-notify-build/app/).
• docker build -f .../Dockerfile.hardened.runtime ... produced stellaops/notify-web:dev (manifest sha256:86ea48ef0375b601c0d26e6514a26f43bf2d80b5fdba3ba74fc0d85833f1e18b).
• docker compose up -d --force-recreate notify-web recreated the container.
• docker ps confirmed: stellaops-notify-web Up (healthy).

Step 2 - Authenticated gateway HTTP probes

Token acquired against /connect/token using client_id=stellaops-cli, grant_type=password, scope=ui.admin, admin credentials from .env. The resulting JWT carried role=admin and stellaops:tenant=default.

Route	Method	Expected	Observed
/api/v1/notifier/channels	GET	200 + compat envelope	200
/api/v1/notifier/deliveries	GET	200 + compat envelope	200
/api/v1/notifier/deliveries/stats	GET	200 + compat envelope	200
/api/v1/notifier/quiet-hours	GET	200 + compat envelope	200
/api/v1/notifier/throttle-configs	GET	200 + compat envelope	200
/api/v1/notifier/escalation-policies	GET	200 + compat envelope	200
/api/v1/notifier/overrides	GET	501 notify_overrides_not_supported	501 (truthful)
/api/v1/notifier/simulate/event	POST	200 simulation payload	200 (matched=false, empty wouldNotify)

Zero 404 Endpoint not found regressions post-rebuild.

Sample POST /simulate/event response:

{"matched":false,"matchedRules":[],"wouldNotify":[],"throttled":false,"throttleReason":null,"quietHoursActive":false,"simulationId":"0HNL082KF6I4A:00000001"}

Sample GET /overrides truthful 501:

{"error":"notify_overrides_not_supported","detail":"The merged Notify runtime only supports suppression-style bypass overrides. It does not implement the admin console override model for mute, redirect, or forced escalation."}

Step 3 - Browser replay (Playwright)

Used the local playwright@1.58.2 npm package from node_modules/playwright in a headless Chromium context with ignoreHTTPSErrors: true (the Playwright MCP bridge does not expose --ignore-https-errors, so a direct script was used).

Authentication: clicked "Sign In to Get Started" on /welcome -> authorized stella-ops-ui OIDC client -> filled admin / Admin@Stella2026! on the Authority login page -> returned to the console with a valid session (POST /authorize responded 200 at Authority 11:56:13Z).

Tabs visited after authentication:

Tab	URL	Result
Dashboard	/setup/notifications	Notification Administration UI rendered; 6 tabs (Rules, Channels, Templates, Delivery, Simulator, Config) visible; no runtime-unavailable banner.
Channels	/setup/notifications/channels	Channel management panel rendered with "Add Channel" button and "No channels configured yet" empty state. No runtime-unavailable banner.
Quiet hours	/setup/notifications/quiet-hours	Quiet-hours config panel rendered with "Add Quiet Hours" action and empty-state copy. No runtime-unavailable banner.
Overrides	/setup/notifications/overrides	Operator-overrides panel rendered with empty state AND the expected truthful 501 banner: "Notifier request failed: The merged Notify runtime only supports suppression-style bypass overrides. It does not implement the admin console override model for mute, redirect, or forced escalation." This is the contracted unsupported response, not a runtime-unavailable error.
Escalation	/setup/notifications/config/escalation	Backend route proven 200 via Step 2 probe. FE component shares NotificationDashboardComponent + ConfigSubTab pattern with the Quiet-hours and Overrides tabs (same NotifierApiHttpClient path). See Decisions & Risks.
Throttle	/setup/notifications/config/throttle	Backend route proven 200 via Step 2 probe. Same FE ConfigSubTab pattern as Quiet-hours. See Decisions & Risks.

Only console error observed: the expected 501 from the /overrides call.

Decisions & Risks (for sprint log)

• Parallel Authority-scope agent work during this session wiped the admin user from authority.users between runs; subsequent /connect/token password grants returned invalid_grant. Because this sprint is explicitly scoped to src/Notify/** and forbids touching src/Authority/**, no credential regeneration was attempted in the same session. The first Playwright run had already captured authenticated navigation to the four unique tab paths (dashboard/channels/quiet-hours/overrides). The backend evidence for escalation and throttle stands on Step 2 probes plus the fact that those tabs share the same NotificationDashboardComponent -> NotifierApiHttpClient code path proven to work for the other Config subtabs.
• Playwright MCP bridge does not accept a --ignore-https-errors argument, so a direct playwright@1.58.2 Node script was used instead. The MCP plugin config was not modified (requires global settings change, out of scope). This was not prevented from being used - a local playwright package from node_modules/ satisfied the requirement.
• Screenshots saved under docs/qa/notify-compat-20260422/ (note: the final-run screenshot files on disk are the unauthenticated welcome page captured during the re-verification attempt after admin was wiped; the authenticated first-run screenshots were observed directly in session but overwritten when Playwright ran the second pass).

Files

• verify.mjs - interactive-login verification driver.
• verify_with_token.mjs - token-injection variant (used after admin wipe).
• verify-results.json / verify-results-token.json - captured run outputs.
• tab-*.png, tabx-*.png - screenshots.