status/milestones.md: mark M6 phases 6a-6f as Done — the plan-ladder
schema, transition primitive, operator catalog/auto-provisioning/
enrollment UIs, and member tier-aware view have all landed and are
exercised by Phase A v2 evidence.
status/issues.md: file 11 concrete bugs surfaced during Phase A v1
and v2 walkthroughs that were previously only living in
docs/operator-ux-walkthrough-evidence/INDEX.md. Distinction: research
findings stay in INDEX.md; bugs go in issues.md so they're tracked
for M7 sub-phases to pick up.
Filed:
- v1: heading hierarchy (a11y), missing autocomplete (a11y), inline
event-handler (CSP), URL/route/code naming drift, FedWiki Sites
empty under seed, operator SPA partial eager-fetch.
- v2: rules form supports only limit rules, revoke-and-transition
empty-product-name interpolation defect, lifecycle_status not
exposed in product edit, plan-ladder Tiers "no products" copy is
misleading, two grant-issuance surfaces with no cross-link, two
grant-revoke paths non-equivalent and indistinguishable.
POST /admin/realms/{realm}/users silently drops the `id` field on
Keycloak 26.x. Switch user creation in seed-keycloak.sh to
POST /admin/realms/{realm}/partialImport, which preserves the pinned
id (verified by round-trip). This restores deterministic UUIDs for
alice/bob/carlos/diana and unblocks downstream consumers that depend
on stable `sub` claims (FedWiki owner.json references, demo seeder
person rows).
Deterministic capture of the operator panel: per-slug evidence
(screenshots, console/network dumps, a11y and tab-order data) stored
under docs/operator-ux-walkthrough-evidence. Add Phase A task briefing
and update status files to mark 7a progress and note downstream issues
Describe that fedwiki.sites is not repopulated from existing site
directories after a DB reset, causing operator and member UIs to show
no sites. Add a note that the Keycloak seed script pins user IDs but
Keycloak may assign different UUIDs, breaking disk-to-IDP ownership
links (example: owner.json shows a different id than the pinned one).
Also add an issues entry that provider_configs should be an app-level
config (discovered during Stripe planning), and update the Future table
to
reference Milestone 4
