Define the catalog/runtime/integration layering, per-org composite
view route, curated landing surface, breadcrumb positional contract,
reserved query-param real estate, and single-entry-point grant action
affordances. Adds 6 requirements to operator-panel-navigation; the
legacy ?tab= SPA contract stays until M7d retires it.
Also files an independent tech-debt item for member-console reading
products.product_type directly instead of the billing.product_kinds
view, per upstream membcons-db Doc 35 Product Kind Taxonomy.
Move 2026-05-10-member-console-demo-seeder,
2026-05-11-keycloak-id-pinning-fix, and 2026-05-11-demo-seeder-persons
into openspec/changes/archive/ and fold their specs into
openspec/specs/{keycloak-test-seed,member-console-demo-seed}/spec.md.
Add a `seed-demo` subcommand (cmd/seed_demo.go + internal/demoseed/)
that inserts a fixed reference catalog into the member-console DB so
the operator panel has rows to walk through for UX research. Catalog:
6 demo-* products (4 by product_type + 2 extra plans), 1 plan ladder
with 3 tiers, 1 entitlement set with 2 rules (limit + boolean), and 1
grant on Alice's personal org (once she's logged in).
Person rows for bob/carlos/diana are seeded via provisioning.AutoProvision
keyed on the pinned Keycloak UUIDs — no longer fragile now that
seed-keycloak.sh's partialImport switch preserves the pinned id. Alice
is intentionally NOT pre-seeded so the lazy-creation OIDC flow stays
exercised on every fresh stack.
Idempotency: list+filter by `name` for catalog rows, by `oidc_subject`
for persons. Re-running is a no-op for created rows; warns + skips
the grant if alice hasn't logged in yet.
Host-side invocation only — run `./test/seed-demo.sh` after
bootstrap-stack.sh. Mirrors how member-console itself runs on the
host (config + secrets live under test/).
Two OpenSpec changes folded in: 2026-05-10-member-console-demo-seeder
(the seeder) and 2026-05-11-demo-seeder-persons (the persons follow-up
unlocked by the Keycloak fix).
POST /admin/realms/{realm}/users silently drops the `id` field on
Keycloak 26.x. Switch user creation in seed-keycloak.sh to
POST /admin/realms/{realm}/partialImport, which preserves the pinned
id (verified by round-trip). This restores deterministic UUIDs for
alice/bob/carlos/diana and unblocks downstream consumers that depend
on stable `sub` claims (FedWiki owner.json references, demo seeder
person rows).
Add default_plan_ladder_id with a forward data migration and update
the runtime to resolve the ladder's rank-0 tier at use-time. Regenerate
sqlc, update auto-provisioning, ReapplyDefaultsForPool, operator UI and
tests; add GetTierByLadderRank and pool/provision query helpers. Add a
CSP-safe confirm-action modal and wire operator actions to it. Close
plan-sole-writer safety gaps and serialize IssueGrant with a FOR UPDATE
pool lock to prevent ladder races.
Introduce extends_grant_id on grants (models, CreateGrant param and
SQL), add
GetGrantLineage recursive query, and enforce same-org/immutability
guards via
migration triggers. Implement TransitionTarget.Extend with validation
and an
extend path that issues a chained grant + provision. Update docs, specs
and
tests accordingly.
Introduce operator enrollment partials and handlers that route plan-tier
granting and revocation through entitlements.Transition(). Add
member-facing
tier labels, plan architecture and grant-plan-safety documentation, plus
unit and e2e tests. Also add small querier helpers and wire Temporal
client
hooks for trial expiration scheduling.
Introduce DB migrations for ladder and pool-attachment tables and an
audit log for provision transitions. Make product_type nullable and add
lifecycle_status plus a product_kinds view. Implement Transition and
ReapplyDefaultsForPool primitives, SQLC queries/models, webhook and
Temporal workflow integration, and accompanying unit/integration tests.
Add a goose migration to create core and fedwiki schemas and move
existing
domain tables using ALTER TABLE IF EXISTS. Set connection search_path to
"core, public" after successful DB ping. Update FedWiki SQL and
sqlc.yaml to
use fedwiki.sites and include db migrations for schema awareness. Add
design
docs, specs, and tasks for schema-namespacing and the migration plan.
Introduce SafeTemplates.Render to execute templates into a buffer and
prevent partial HTML on errors. Replace direct ExecuteTemplate calls in
partial handlers and add a make lint-templates target to catch bypasses.
Update operator sites template/view model to use OwnerOrgName. Guard the
FedWiki sync by skipping inserts when DefaultWorkspaceID is empty and
scope deletes to the configured default workspace only.
- Add SQL queries and generated methods for Create/List/Update products
- Add CountWorkspacesByOrgID and ListResourceKeys querier methods
- Register workspace partials and operator routes for products and sets
- Add workspace UI section and operator tabs; tweak grant/site forms
- Replace isValidDNSLabel with validateDNSLabel for site validation
Add entitlement_sets and entitlement_set_rules with seed data and a
migration that backfills products, grants, and pool_provisions, then
removes product_entitlement_rules. Update Go models, sqlc queries,
materialization, and grant/provision flows to use entitlement_set_id.
Fix assembleMigrations to assign stable per-module numeric namespaces.
Move DB docs to docs/database-management.md and add design/specs/tests.
