Codex/production readiness#4
Merged
Merged
Conversation
Adds smoke contracts for i18n copy, auth lifecycle, and API observability before deeper production work. The implementation types route copy keys against the dictionary, formalizes session status and permission-list contracts, and preserves request IDs plus timeout/abort behavior through the HTTP adapter. Constraint: Keep the existing mock-first adapter boundary and local UI flow intact while making HTTP mode explicit. Rejected: Introduce a validation or i18n dependency | source-level smoke checks cover the current template contracts without new runtime packages. Confidence: high Scope-risk: moderate Directive: Keep new auth/API smoke scripts updated whenever backend contracts change. Tested: npm run smoke:i18n Tested: npm run smoke:api Tested: npm run smoke:auth Tested: npm run smoke:template Tested: npm run lint:standards Tested: npx tsc --noEmit --pretty false --project D:\\willxue\\WeOpen\\WeBase\\.worktrees\\production-readiness\\tsconfig.json Tested: npm run build Not-tested: Real backend auth endpoints and live HTTP timeout behavior remain mocked. Co-authored-by: OmX <omx@oh-my-codex.dev>
Adds a source-level smoke contract and role model fields for menu permissions, backend action permissions, and data scopes. The role form and table now expose the selected data scope while docs clarify that frontend RBAC hides UI and backend authorization remains mandatory. Constraint: Preserve the existing role/menu mock workflow and avoid introducing a policy engine dependency. Rejected: Encode data scopes only in free-form permission strings | it would make backend integration ambiguous and hard to verify. Confidence: high Scope-risk: moderate Directive: Keep RoleRecord dataScope and actionPermissions aligned with backend role responses. Tested: npm run smoke:permissions Tested: npm run smoke:template Tested: npx tsc --noEmit --pretty false --project D:\\willxue\\WeOpen\\WeBase\\.worktrees\\production-readiness\\tsconfig.json Tested: npm run build Not-tested: Backend enforcement for data-scope filtering is not implemented in this frontend template. Co-authored-by: OmX <omx@oh-my-codex.dev>
Adds a CRUD pattern smoke contract and lightweight CSV export helpers for the core users, roles, and menus modules. The pages now expose export actions alongside refresh/create controls while services own record-to-CSV mapping. Constraint: Keep export support dependency-free and scoped to current in-browser mock/result sets. Rejected: Add a spreadsheet or table-state dependency | CSV generation and existing table state cover the template need for now. Confidence: high Scope-risk: moderate Directive: New CRUD modules should add service-level export helpers and keep DataTable/TableToolbar/bulkActions patterns aligned. Tested: npm run smoke:crud Tested: npm run smoke:template Tested: npx tsc --noEmit --pretty false --project D:\\willxue\\WeOpen\\WeBase\\.worktrees\\production-readiness\\tsconfig.json Tested: npm run build Not-tested: Browser download behavior was not manually exercised. Co-authored-by: OmX <omx@oh-my-codex.dev>
Adds an audit contract smoke and expands audit records with result, request ID, user agent, and optional before/after snapshots. Mock mutations now append representative audit events, and the audit page can filter by result, actor, module, and created-time bounds. Constraint: Keep audit generation in the mock adapter until a real backend owns authoritative audit writes. Rejected: Treat audit logs as static seed data only | it would hide mutation behavior and weaken backend-readiness checks. Confidence: high Scope-risk: moderate Directive: Real backends must preserve requestId across API responses and audit events for traceability. Tested: npm run smoke:audit Tested: npm run smoke:template Tested: npx tsc --noEmit --pretty false --project D:\\willxue\\WeOpen\\WeBase\\.worktrees\\production-readiness\\tsconfig.json Tested: npm run build Not-tested: Live backend audit persistence and audit export download. Co-authored-by: OmX <omx@oh-my-codex.dev>
Adds a system health route and service that show API mode, backend/mock readiness, release version, build target, and operational indicators. The production smoke now aggregates the earlier readiness contracts and documents the release verification flow. Constraint: Keep the health signal local and mock-safe until a real backend health endpoint exists. Rejected: Add live polling or external observability SDKs | the template needs a stable readiness surface before backend-specific integrations. Confidence: high Scope-risk: moderate Directive: Replace mock health indicators with backend-backed checks when HTTP integration is introduced. Tested: npm run smoke:production Tested: npm run smoke:template Tested: npx tsc --noEmit --pretty false --project D:\\willxue\\WeOpen\\WeBase\\.worktrees\\production-readiness\\tsconfig.json Tested: npm run build Not-tested: Live backend health checks are not implemented. Co-authored-by: OmX <omx@oh-my-codex.dev>
The production readiness plan needed a repeatable accessibility gate and a mobile viewport check before CI consolidation. This adds the source-level smoke guard, documents module accessibility expectations, keeps header icon-button labels close to their icon variants, and allows cards to shrink inside dense responsive grids. Constraint: Keep verification dependency-free and aligned with the existing Node smoke-script style. Rejected: Add a browser/a11y package dependency | the plan explicitly prefers local smoke scripts unless the current stack cannot cover the invariant. Confidence: high Scope-risk: narrow Tested: npm run smoke:a11y Tested: npm run smoke:template Tested: npx tsc --noEmit --pretty false --project tsconfig.json Tested: npm run build Tested: Browser QA on /system/components at 1440x900 and 390x844; visible icon buttons had labels and mobile page overflow cleared after Card min-width fix. Not-tested: Full assistive-technology screen reader pass. Co-authored-by: OmX <omx@oh-my-codex.dev>
The template now has several backend-readiness contracts, so release confidence needs one command and one hosted workflow instead of scattered local instructions. The verify script runs the standards lint, aggregate production smoke suite, TypeScript, and production build; GitHub Actions calls that same entry point for pull requests and main pushes. Constraint: Reuse the existing npm and Node smoke-script workflow without adding CI-only dependencies. Rejected: Duplicate every smoke command in CI YAML | package-level verify keeps local and hosted verification aligned. Confidence: high Scope-risk: narrow Tested: npm run verify Not-tested: GitHub-hosted runner execution before push. Co-authored-by: OmX <omx@oh-my-codex.dev>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
No description provided.