Define the catalog/runtime/integration layering, per-org composite
view route, curated landing surface, breadcrumb positional contract,
reserved query-param real estate, and single-entry-point grant action
affordances. Adds 6 requirements to operator-panel-navigation; the
legacy ?tab= SPA contract stays until M7d retires it.
Also files an independent tech-debt item for member-console reading
products.product_type directly instead of the billing.product_kinds
view, per upstream membcons-db Doc 35 Product Kind Taxonomy.
status/milestones.md: mark M6 phases 6a-6f as Done — the plan-ladder
schema, transition primitive, operator catalog/auto-provisioning/
enrollment UIs, and member tier-aware view have all landed and are
exercised by Phase A v2 evidence.
status/issues.md: file 11 concrete bugs surfaced during Phase A v1
and v2 walkthroughs that were previously only living in
docs/operator-ux-walkthrough-evidence/INDEX.md. Distinction: research
findings stay in INDEX.md; bugs go in issues.md so they're tracked
for M7 sub-phases to pick up.
Filed:
- v1: heading hierarchy (a11y), missing autocomplete (a11y), inline
event-handler (CSP), URL/route/code naming drift, FedWiki Sites
empty under seed, operator SPA partial eager-fetch.
- v2: rules form supports only limit rules, revoke-and-transition
empty-product-name interpolation defect, lifecycle_status not
exposed in product edit, plan-ladder Tiers "no products" copy is
misleading, two grant-issuance surfaces with no cross-link, two
grant-revoke paths non-equivalent and indistinguishable.
POST /admin/realms/{realm}/users silently drops the `id` field on
Keycloak 26.x. Switch user creation in seed-keycloak.sh to
POST /admin/realms/{realm}/partialImport, which preserves the pinned
id (verified by round-trip). This restores deterministic UUIDs for
alice/bob/carlos/diana and unblocks downstream consumers that depend
on stable `sub` claims (FedWiki owner.json references, demo seeder
person rows).
Deterministic capture of the operator panel: per-slug evidence
(screenshots, console/network dumps, a11y and tab-order data) stored
under docs/operator-ux-walkthrough-evidence. Add Phase A task briefing
and update status files to mark 7a progress and note downstream issues
Describe that fedwiki.sites is not repopulated from existing site
directories after a DB reset, causing operator and member UIs to show
no sites. Add a note that the Keycloak seed script pins user IDs but
Keycloak may assign different UUIDs, breaking disk-to-IDP ownership
links (example: owner.json shows a different id than the pinned one).
Also add an issues entry that provider_configs should be an app-level
config (discovered during Stripe planning), and update the Future table
to
reference Milestone 4
Introduce SafeTemplates.Render to execute templates into a buffer and
prevent partial HTML on errors. Replace direct ExecuteTemplate calls in
partial handlers and add a make lint-templates target to catch bypasses.
Update operator sites template/view model to use OwnerOrgName. Guard the
FedWiki sync by skipping inserts when DefaultWorkspaceID is empty and
scope deletes to the configured default workspace only.
Mark Milestones 1 and 2 as complete and add Milestone 3
(UI/UX alignment) to the roadmap. Add a detailed UI/UX gap
analysis and operator/frontend action items. Note DNS label/FQDN
validation shortcomings and recommend purging the vestigial
IsMember view flag.
Add entitlement_sets and entitlement_set_rules with seed data and a
migration that backfills products, grants, and pool_provisions, then
removes product_entitlement_rules. Update Go models, sqlc queries,
materialization, and grant/provision flows to use entitlement_set_id.
Fix assembleMigrations to assign stable per-module numeric namespaces.
Move DB docs to docs/database-management.md and add design/specs/tests.
SyncSitesToDBActivity passes an empty string to UpsertSiteByDomain,
causing an invalid UUID insertion that Postgres rejects. Either
configure
a valid DefaultWorkspaceID or make the activity skip/handle empty IDs
gracefully.
