Skip to content
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion .specify/feature.json
Original file line number Diff line number Diff line change
@@ -1,3 +1,3 @@
{
"feature_directory": "specs/020-deploy-smoke-verification"
"feature_directory": "specs/021-ops-health-dashboard"
}
2 changes: 1 addition & 1 deletion ACTIVE_SPECS.md
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@ when the spec is fully finished.

## Open Specs

- No open specs.
- `021-ops-health-dashboard`: implementation and validation complete; remaining work is commit, push, PR, and GitHub validation.

## Maintenance Rules

Expand Down
7 changes: 5 additions & 2 deletions AGENTS.md
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,9 @@ Auto-generated from all feature plans. Last updated: 2026-06-11

## Active Technologies

- TypeScript 5.9, Next.js 16 App Router, React 19 + Existing Next.js server components/API routes, Prisma 7, Better Auth role/session helpers, next-intl, lucide-react, existing monitoring and app-version helpers (021-ops-health-dashboard)
- Existing Prisma database only; no new tables planned. Use existing background job records for worker evidence and existing deployment/runtime metadata when available. (021-ops-health-dashboard)

- TypeScript 5.9 on Node.js via the existing `tsx` dev dependency + Node built-ins, existing `tsx`, Azure CLI available in deployment runners (020-deploy-smoke-verification)
- No new storage; smoke evidence remains command output and GitHub step summary (020-deploy-smoke-verification)

Expand Down Expand Up @@ -41,11 +44,11 @@ TypeScript 5.9 on Next.js 16 App Router (React 19): Follow standard conventions

## Recent Changes

- 021-ops-health-dashboard: Added TypeScript 5.9, Next.js 16 App Router, React 19 + Existing Next.js server components/API routes, Prisma 7, Better Auth role/session helpers, next-intl, lucide-react, existing monitoring and app-version helpers

- 020-deploy-smoke-verification: Added TypeScript 5.9 on Node.js via the existing `tsx` dev dependency + Node built-ins, existing `tsx`, Azure CLI available in deployment runners

- 019-logging-standardization: Added TypeScript 5.9 on Next.js 16 App Router with React 19; Python 3.12 worker; PowerShell/Node validation scripts + Existing `src/lib/logger.ts`, `src/proxy.ts`, `src/instrumentation.ts`, Prisma-backed services, Python stdlib `logging`/`json`, Vitest, Playwright, existing validation scripts

- 017-deepsec-remediation: Added TypeScript 5.9 on Next.js 16 App Router, React 19, Python 3.12 worker where affected, PowerShell validation scripts + Prisma 7, Better Auth, Zod, Vitest, Playwright, GitHub Actions, GoReleaser, DeepSec 2.0.12

<!-- MANUAL ADDITIONS START -->
<!-- MANUAL ADDITIONS END -->
40 changes: 12 additions & 28 deletions CONTINUE.md
Original file line number Diff line number Diff line change
Expand Up @@ -4,46 +4,30 @@

## Current Snapshot

- Updated: 2026-06-11 14:46:32
- Branch: `main`
- Updated: 2026-06-11 22:53:35
- Branch: `021-ops-health-dashboard`

## Recent Non-Continuity Commits

- 8047615 feat: expose runtime build metadata (#4)
- 6c81729 feat: add azure deployment smoke verification (#3)
- 3d52264 fix: move state queue logging to dedicated resource
- 34de987 chore: record clean handoff
- 25306fd chore: refresh specs overview
- dd226de test: update opentofu action pin assertion
- 9b92cb5 ci: update opentofu setup action

## Git Status

- M .env.docker.example
- M .env.example
- M .github/workflows/deploy-azure.yml
- M Dockerfile.app
- M Dockerfile.worker
- M README.md
- M docker-compose.yml
- M infra/azure/main.tf
- M infra/azure/modules/runtime/app.tf
- M infra/azure/modules/runtime/job.tf
- M infra/azure/modules/runtime/variables.tf
- M infra/azure/modules/runtime/worker.tf
- M infra/azure/variables.tf
- M specs/018-opentofu-azure-infra/quickstart.md
- M src/components/ui/AppVersionBadge.tsx
- M src/lib/app-version.ts
- M tests/unit/security/deploy-workflow.test.ts
- ?? src/app/api/version/
- ?? tests/unit/app-version.test.ts
- ?? tests/unit/version-route.test.ts
- Existing handoff edits retained for inclusion in the next PR
- Active spec implementation completed under `specs/021-ops-health-dashboard/`
- `.specify/feature.json` now points at `specs/021-ops-health-dashboard`
- Full validation passed locally, including Trivy/container scans and Playwright E2E

## Active Specs

- None
- `021-ops-health-dashboard`: Implementation and validation complete; PR cleanup remains

## Next Recommended Actions

1. Review, commit, and push the runtime build metadata changes.
2. Optionally open a PR and confirm GitHub Actions validation.
3. Use `APP_ENVIRONMENT`, `APP_VERSION`, `APP_REVISION`, `APP_BUILD_ID`, and `APP_BUILT_AT` for dev/staging traceability instead of generated version files.
1. Commit and push `021-ops-health-dashboard`.
2. Open a PR and watch GitHub validation.
3. Include `CONTINUE.md` and `CONTINUE_LOG.md` housekeeping changes in the PR.
50 changes: 50 additions & 0 deletions CONTINUE_LOG.md
Original file line number Diff line number Diff line change
@@ -1,5 +1,46 @@
# Continue Log

## 2026-06-11 21:14:00

- Implemented ops health dashboard feature slices for spec `021-ops-health-dashboard`.
- Added admin `/admin/ops` page, `/api/admin/ops-health` snapshot API, shared ops health snapshot logic, localized UI, responsive e2e coverage, and safe copy diagnostics.
- Focused Vitest and Playwright ops-health checks pass; final validation remains.

## 2026-06-11 18:05:00

- Applied `/speckit.analyze` remediation edits for spec `021-ops-health-dashboard`.
- Tightened config sanity scope, copy toast feedback, safe fatal-error testing, and full pre-merge validation tasks.

## 2026-06-11 17:55:00

- Generated task list for spec `021-ops-health-dashboard`.
- Tasks cover setup, shared snapshot foundation, three independently testable user stories, and polish/validation.
- Next action: run `/speckit.implement`.

## 2026-06-11 17:40:00

- Planned spec `021-ops-health-dashboard`.
- Added `plan.md`, `research.md`, `data-model.md`, `contracts/ops-health-dashboard.md`, and `quickstart.md`.
- Updated `ACTIVE_SPECS.md` and Codex agent context. Next action: run `/speckit.tasks`.

## 2026-06-11 17:24:00

- Clarified spec `021-ops-health-dashboard`.
- Decisions: admin-only access, admin/ops navigation, point-in-time snapshot with manual refresh, recent recorded worker/smoke status only, and copyable non-secret diagnostic summary.
- Next action: run `/speckit.plan`.

## 2026-06-11 17:09:00

- Created spec `021-ops-health-dashboard` on branch `021-ops-health-dashboard`.
- Added requirement checklist and refreshed `specs/OVERVIEW.md` plus `.specify/feature.json`.
- Kept prior continuity housekeeping changes for inclusion in the next PR, per user request.

## 2026-06-11 16:59:10

- Corrected continuity snapshot after PR #4 merge.
- Current state: clean `main`, runtime build metadata feature merged, local and GitHub validation green.
- Next recommendation: select the next user-visible feature area rather than adding more deployment plumbing immediately.

## 2026-05-28 09:15:49 +02:00

- Implemented spec `016-runtime-credential-separation` end to end.
Expand Down Expand Up @@ -1517,3 +1558,12 @@
- Validation passed: focused version/workflow tests, `pnpm run typecheck`, and `.\validate.ps1 all`.
- Active specs: none.
- Next focus: review, commit, push, and optionally open a PR for the metadata changes.

## 2026-06-11 22:53:35

- Implemented spec `021-ops-health-dashboard` on branch `021-ops-health-dashboard`.
- Added an administrator-only `/admin/ops` dashboard, `/api/admin/ops-health` snapshot route, reusable ops health snapshot/redaction logic, admin navigation, i18n copy, and focused unit/integration/e2e coverage.
- Adjusted local validation so Vitest uses the standard PostgreSQL test URL when no database URL is configured, matching the generated PostgreSQL Prisma client.
- Validation passed: focused ops unit/integration tests, focused ops Playwright tests, `.\validate.ps1 quality`, `.\validate.ps1 all`, and `.\validate.ps1 full` including Trivy/container scans and full Playwright E2E.
- Active specs: `021-ops-health-dashboard` implemented and validated; PR cleanup remains.
- Next focus: commit, push, open a PR, and confirm GitHub validation.
35 changes: 35 additions & 0 deletions specs/021-ops-health-dashboard/checklists/requirements.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,35 @@
# Specification Quality Checklist: Ops Health Dashboard

**Purpose**: Validate specification completeness and quality before proceeding to planning
**Created**: 2026-06-11
**Feature**: [spec.md](../spec.md)

## Content Quality

- [x] No implementation details (languages, frameworks, APIs)
- [x] Focused on user value and business needs
- [x] Written for non-technical stakeholders
- [x] All mandatory sections completed

## Requirement Completeness

- [x] No [NEEDS CLARIFICATION] markers remain
- [x] Requirements are testable and unambiguous
- [x] Success criteria are measurable
- [x] Success criteria are technology-agnostic (no implementation details)
- [x] All acceptance scenarios are defined
- [x] Edge cases are identified
- [x] Scope is clearly bounded
- [x] Dependencies and assumptions identified

## Feature Readiness

- [x] All functional requirements have clear acceptance criteria
- [x] User scenarios cover primary flows
- [x] Feature meets measurable outcomes defined in Success Criteria
- [x] No implementation details leak into specification

## Notes

- Clarification pass completed on 2026-06-11 with five accepted answers covering access, refresh model, navigation, worker/smoke evidence, and copyable diagnostics.
- Specification is ready for `/speckit.plan`.
22 changes: 22 additions & 0 deletions specs/021-ops-health-dashboard/clarify.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,22 @@
# Clarifications: Ops Health Dashboard

**Feature Branch**: `021-ops-health-dashboard`
**Date**: 2026-06-11
**Spec**: [spec.md](./spec.md)

## Session 2026-06-11

The clarification pass resolved the following product and implementation boundaries before planning and task generation:

1. **Access model**: The first version is admin-only. Developers use administrator accounts in dev/staging when they need the operational view.
2. **Refresh model**: Health data is a read-only point-in-time snapshot captured when the dashboard opens or when an administrator manually refreshes it.
3. **Navigation placement**: The dashboard belongs in the existing admin/ops area navigation.
4. **Worker and smoke evidence**: Show recent recorded worker/deploy smoke status when available; otherwise report unknown or unavailable.
5. **Diagnostic sharing**: Include a copyable non-secret summary in the first version.

## Applied Spec Changes

- Added clarifications to [spec.md](./spec.md).
- Kept the dashboard read-only and administrator-scoped.
- Kept optional worker/deploy smoke signals evidence-based rather than active probes.
- Required diagnostic output to avoid secrets, cookies, auth headers, private keys, passwords, and full connection strings.
105 changes: 105 additions & 0 deletions specs/021-ops-health-dashboard/contracts/ops-health-dashboard.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,105 @@
# Contract: Ops Health Dashboard

## Admin Page

**Route**: `/admin/ops`

**Audience**: Platform administrators only.

**Behavior**:

- Renders inside the existing dashboard shell and navigation.
- Shows environment/build metadata.
- Shows overall status and individual health areas.
- Shows a timestamp for the current snapshot.
- Offers a manual refresh action that loads a new snapshot.
- Offers a copy action for the non-secret diagnostic summary.
- Redirects or denies access for non-admin users using the existing admin-page pattern.

## Snapshot API

**Route**: `/api/admin/ops-health`

**Method**: `GET`

**Access**: Platform administrators only.

**Response: 200**

```json
{
"capturedAt": "2026-06-11T15:24:00.000Z",
"overallStatus": "healthy",
"environment": {
"environment": "staging",
"version": "staging-42",
"revision": "abcdef123456",
"buildId": "123.2",
"builtAt": "2026-06-11T12:00:00.000Z"
},
"checks": [
{
"key": "runtime",
"status": "healthy",
"summary": "Runtime is responding",
"checkedAt": "2026-06-11T15:24:00.000Z"
},
{
"key": "database",
"status": "healthy",
"summary": "Database connectivity check passed",
"checkedAt": "2026-06-11T15:24:00.000Z"
},
{
"key": "configuration",
"status": "healthy",
"summary": "Required runtime configuration is present",
"checkedAt": "2026-06-11T15:24:00.000Z"
},
{
"key": "worker",
"status": "unknown",
"summary": "No recent worker evidence is available"
},
{
"key": "deploySmoke",
"status": "unavailable",
"summary": "No recent deployment smoke result is available"
}
],
"diagnosticSummary": {
"generatedAt": "2026-06-11T15:24:00.000Z",
"text": "Environment: staging\nVersion: staging-42\nRevision: abcdef123456\nBuild ID: 123.2\nOverall: healthy\nruntime: healthy\ndatabase: healthy\nconfiguration: healthy\nworker: unknown\ndeploySmoke: unavailable"
}
}
```

**Response: 401/403**

Uses the existing unauthorized response/redirect behavior for API routes.

**Failure behavior**:

- A degraded check should normally return `200` with `overallStatus: "degraded"` so the page can render available diagnostics.
- Reserve `5xx` for failures that prevent assembling any safe snapshot.
- Response bodies must not include raw secrets or full configuration values.

## Navigation Contract

Add an admin-only navigation item:

- Label key: `nav.opsHealth`
- Target: `/admin/ops`
- Icon: use an existing lucide status/heartbeat/activity-style icon

## Internationalization Contract

Add translation keys for all visible labels, statuses, summaries, button text, and copy feedback in:

- `src/i18n/messages/en.json`
- `src/i18n/messages/de.json`
- `src/i18n/messages/es.json`
- `src/i18n/messages/fr.json`
- `src/i18n/messages/pt.json`

No hardcoded user-facing strings are allowed in page/components.
Loading