Commit Graph

71 Commits

Author SHA1 Message Date
johannes 8d7450d747 docs(guide): CI builds images, not you — correct deployment + release + ci-cd
CD - Develop (guide → bcos.dev) / build-and-deploy (push) Failing after 32m40s
platform.deployment and processes.release both walked the reader through ./build.sh, never
mentioning that cd-develop/cd-main already build and scan. Following either one produces an
UNSCANNED image that races CI for the mutable :dev tag. That is what happened on 2026-07-13:
a full day of hand-built images reached bcos.dev without passing Trivy.

Verified against the workflow YAML and both runners on 2026-07-14:

- cd-develop does NOT deploy for 6 of 8 repos. Only incident and devices deploy to bcos.dev;
  everywhere else CI stops at push. The old 'a green run redeploys the service' claim was wrong.
- hiveops-fleet CI builds the FRONTEND ONLY — the fleet backend is built by neither cd-develop
  nor cd-main. hiveops-devices cd-main builds only the frontend too. Flagged as defects.
- runner-02 IS active (incident built on it today) — the 'not the active worker' note was wrong.
- CI now pushes an immutable :<sha8> alongside :dev/:latest, so deploys can pin a scanned image.

Also records the runner failure signatures ('lease does not exist', 'network ... not found'),
the daemon-restart + prune runbook, the standing warning never to garbage-collect or delete
/opt/docker-registry, and the fact that merging a batch of PRs at once overwhelms a runner's
4 shared job slots and breaks its Docker daemon.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
2026-07-14 10:08:29 -04:00
johannes 1727f3309b docs(guide): title devops.prod by its domain — Production Environment (bcos.cloud)
CD - Develop (guide → bcos.dev) / build-and-deploy (push) Failing after 31m37s
Mirrors devops.dev 'Dev Environment (bcos.dev)'. The domain is what people
actually navigate by; OpenMetal is the hosting provider, which is an
implementation detail and is already covered in the body.
2026-07-13 15:44:32 -04:00
johannes 0068ea0a14 docs(guide): add devops.prod + devops.dev (BCOS-only), fix stale ops script paths
CD - Develop (guide → bcos.dev) / build-and-deploy (push) Failing after 35m7s
Two new BCOS-only modules documenting the two environments and the rule that
separates them:

  devops.prod  Production Environment (OpenMetal) — hosts, repo layout, health
               report + config drift, and the KNOWN DRIFT warning: main's
               00-backends.conf names different active blue/green slots than prod
               actually serves (devices/transactions/agent-proxy), so deploying it
               as-is flips three services to the wrong slot. Do NOT bulk-copy main
               over prod.

  devops.dev   Dev Environment (bcos.dev) — single 16G all-in-one VM at ~93-97%
               RAM (recreate JVM services ONE at a time), its own postgres and
               registry, the new 06:00 health report (johannes only), and the
               health-check gotchas that must not be "fixed" back: SPA frontends
               return 200 for /actuator/health so the body must be checked, the
               probe must retry, and exited *-green/*-blue are standby slots.

Both audience: bcos.

The rule, now stated in both:
  everything bcos.dev  -> hiveiq-openmetal-dev
  everything prod      -> hiveiq-openmetal-prod
  shared, env-agnostic -> hiveiq-devops

Also corrects devops.backups and devops.security, which still told readers the
backup/security scripts live in `hiveops-devops/scripts/ops/`. They were moved to
`hiveiq-openmetal-prod/scripts/ops/` today — the Guide is the source of truth, so
a stale path in it is worse than none.

Refs: hiveiq-ops/hiveiq-devops#39, #38

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
2026-07-13 15:41:00 -04:00
hiveiq a82e0a6ac4 Merge pull request 'fix(security): bump hiveops-bom 1.0.5 -> 1.0.7 — clears httpcore5 + postgresql CVEs' (#15) from fix/guide-bom-1.0.7-cves into develop
CD - Develop (guide → bcos.dev) / build-and-deploy (push) Failing after 44m11s
2026-07-12 09:56:59 -04:00
johannes 7174229416 fix(security): bump hiveops-bom 1.0.5 -> 1.0.7 — clears httpcore5 + postgresql CVEs
OWASP now fails builds on three HIGH CVEs in transitive deps. bom 1.0.7 takes the upstream patches
(no suppressions):

  postgresql 42.7.11 -> 42.7.13   CVE-2026-54291 (CVSS4 8.2) — channelBinding downgrade / MITM
  httpcore5  5.3.6   -> 5.4.3     CVE-2026-54399 (7.5), CVE-2026-54428 (7.5) — DoS

httpcore5 is transitive via httpclient5; Apache ships them as a matched pair, so bom 1.0.7 bumps
httpclient5 5.5.2 -> 5.6.2 which pulls the fixed core.

Verified locally: builds and tests pass on 1.0.7.

Refs bom#6

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
2026-07-12 09:55:29 -04:00
johannes 2d0475ce6f docs(guide): 2026-07 page columns = Open(no milestone) + 2026-07(open), with counts
CD - Develop (guide → bcos.dev) / build-and-deploy (push) Failing after 34m48s
Replace Open/All columns with: open issues with no milestone (unscheduled
backlog) and open issues in 2026-07; linked number is the count.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
2026-07-10 16:36:21 -04:00
johannes 737c7001ae docs(guide): remove 'Everything at once' section from 2026-07 page
CD - Develop (guide → bcos.dev) / build-and-deploy (push) Successful in 1m5s
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
2026-07-10 16:25:54 -04:00
johannes 9abcd0aa5a docs(guide): add per-repo All (open+closed) link column to 2026-07 page
CD - Develop (guide → bcos.dev) / build-and-deploy (push) Failing after 35m16s
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
2026-07-10 16:20:52 -04:00
johannes b70c4acda4 fix(guide): correct 2026-07 milestone data + open external links in new tab
CD - Develop (guide → bcos.dev) / build-and-deploy (push) Failing after 32m54s
- 2026-07 page: authoritative counts from org-wide milestone-name search
  (38 open across 12 repos; add devices=4, fleet #50, dashboard #51 that the
  stale per-repo milestone counters had hidden).
- External http(s) links in rendered guide content now open in a new tab.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
2026-07-10 16:08:14 -04:00
johannes b2fe064e7d feat(guide): add MILESTONE nav section + 2026-07 release-scope page
CD - Develop (guide → bcos.dev) / build-and-deploy (push) Successful in 1m2s
- New top-level MILESTONE section (bcos-only), peer to PROCESSES, renders
  uppercase via .sec-head; first module is milestone.2026-07 (per-repo
  release-scope view with Gitea filter links).
- Nav UX: all sidebar sections start collapsed; no section/app auto-expands
  on entry; landing pane shows the HiveIQ logo instead of auto-selecting Agent.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
2026-07-10 15:58:15 -04:00
johannes 33ed88e07c docs(guide): add release-prep milestone-viewing workflow to processes.gitea-issues
CD - Develop (guide → bcos.dev) / build-and-deploy (push) Successful in 1m13s
Document how to view a release milestone's issues in Gitea:
- per-repo web UI filter URL pattern (milestone=<id>)
- cross-repo rollup via issues/search by name
- a copy-paste one-liner that regenerates the current-month
  per-repo links for any YYYY-MM (no hardcoded ids)

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
2026-07-10 15:33:32 -04:00
johannes ffc06e2ef5 guide: document supervisor/service-state mirror (devices#121)
CD - Develop (guide → bcos.dev) / build-and-deploy (push) Failing after 36m22s
incident.journal-events (Claude tab): the state flip is a dual-write — incident
writes its own atm_properties, then mirrors to devices, and it is devices the UI
reads. Adds the best-effort/afterCommit semantics and the nginx-listener URL rule.

technical.devices: document POST /api/internal/atms/{agentAtmId}/service-state,
that devices does not ingest journal events, the now()-stamped supervisor_entered_at,
and that the status badge is derived client-side (agent-offline masks IN_SUPERVISOR).

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
2026-07-09 17:54:39 -04:00
johannes 7429f1413b docs(guide): add processes.customer-provisioning — wizard runbook + handoff gotchas
CD - Develop (guide → bcos.dev) / build-and-deploy (push) Successful in 1m4s
Documents the mgmt portal 5-step New Customer + Institution wizard shipped to
production in hiveops-mgmt#43: the five steps, atomic-submit semantics, the
MSP_ADMIN agent-onboarding handoff message, and the gotchas (uppercased
institution key, unrecallable handoff, skipping step 4 skips the handoff,
MESSAGING_SERVICE_URL required).
2026-07-09 07:41:44 -04:00
johannes b047679927 docs(guide): add platform.frontend-template module (#14)
CD - Develop (guide → bcos.dev) / build-and-deploy (push) Failing after 31m32s
Guide had no coverage for hiveops-template, so the copy-don't-rewrite rule
and the TemplatePage-vs-TablePage decision were only in a stale CLAUDE.md.

- decision table for which page to copy; ask the user when not obvious
- assigned dev ports read from the actual vite configs (next free = 5191;
  CLAUDE.md still claims 5180, which is adoons)
- canonical .page-right spacing is 0.65rem/0.5rem, not the documented 1rem/0.75rem
- dark-mode filter-header values + collapsed-by-default sidebar

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
2026-07-09 00:14:35 -04:00
hiveiq 983037e3db Merge pull request 'ci(guide): widen cd-develop smoke health-check window to ~5 min (#12)' (#13) from chore/cd-develop-smoke-window into develop
CD - Develop (guide → bcos.dev) / build-and-deploy (push) Successful in 1m1s
2026-07-08 17:13:26 -04:00
johannes e948180cf5 ci(guide): widen cd-develop smoke health-check window to ~5 min
The smoke step polled /guide/actuator/health for only 60s, but the Spring
Boot backend restart after `compose up -d` needs longer to warm up — so a
successful deploy was marked FAILED (run #6, PR #11). Poll 30x10s (~5 min)
and echo attempts. No change to the deploy itself.

Closes #12

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
2026-07-08 17:01:55 -04:00
hiveiq 11d6369ad6 Merge pull request 'docs(guide): scrub decommissioned QDS_ADMIN role from KB content (#10)' (#11) from chore/purge-qds-admin-kb-10 into develop
CD - Develop (guide → bcos.dev) / build-and-deploy (push) Failing after 32m25s
2026-07-08 16:02:42 -04:00
johannes 3ace2e06d2 docs(guide): scrub decommissioned QDS_ADMIN role from KB content
Follow-up to hiveops-incident#253 (QDS_ADMIN removed from all 5 backends'
SecurityConfig/InstitutionContext, and from the hiveops-auth Role enum so no
JWT can carry it). The guide KB still quoted QDS_ADMIN in role/allow-list
descriptions, which no longer matched the code.

Removed QDS_ADMIN from 26 references across 23 content files; surviving roles
(USER, CUSTOMER, ADMIN, MSP_ADMIN, BCOS_ADMIN, AGENT, SYSTEM) left unchanged.
No frontmatter touched -> zero module-coverage impact. Doc-accuracy only.

Closes #10

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
2026-07-08 15:41:36 -04:00
hiveiq 1d88370c71 Merge pull request 'fix(guide-ci): Slack notify must not fail the deploy' (#9) from fix/slack-notify-nonfatal into develop
CD - Develop (guide → bcos.dev) / build-and-deploy (push) Successful in 59s
2026-07-08 14:23:05 -04:00
johannes e1fcd4c00b fix(guide-ci): make Slack notify step non-fatal + reachability probe
The Notify Slack step could fail the whole job (turning a successful deploy
red, as just happened). A notification must never fail a deploy:
- continue-on-error: true on the step
- curl captures HTTP code and never propagates a non-zero exit (|| echo)
- logs "slack notify HTTP: <code>" so we can see if the runner reaches Slack
- first commit line via ${VAR%%$'\n'*} param-expansion (no head pipe)

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
2026-07-08 14:20:32 -04:00
johannes 1037614364 docs(guide): remove legacy SmartJournal reference
Reword journal Overview to drop the 'legacy SmartJournal dependency' mention
and remove smartjournal from the coverage-reconcile deprecated skip-list.
qds-monitor stays in the skip-list (deprecated, intentionally undocumented).

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
2026-07-08 14:18:23 -04:00
hiveiq 6bd4f1eb19 Merge pull request 'ci(guide): Slack dev-deploy notifications to #hiveops-dev-deploy' (#8) from feat/slack-dev-deploy-notify into develop
CD - Develop (guide → bcos.dev) / build-and-deploy (push) Failing after 33m55s
2026-07-08 13:36:12 -04:00
johannes b8e409ed97 ci(guide): post dev-deploy result card to Slack #hiveops-dev-deploy
Appends a Notify Slack step to cd-develop (if: always()) that posts a
colored Block Kit card on every run —  deployed / 🔴 FAILED — with commit,
branch, actor, run number, and a View-run button. Uses the org secret
SLACK_WEBHOOK_URL; no-ops if the secret is unset.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
2026-07-08 13:34:34 -04:00
hiveiq 76027ff251 Merge pull request 'chore(guide): remove decommissioned QDS_ADMIN role (dead code)' (#7) from chore/purge-qds-admin-253 into develop
CD - Develop (guide → bcos.dev) / build-and-deploy (push) Successful in 4m49s
2026-07-08 12:41:48 -04:00
johannes d202a494ef chore(guide): remove decommissioned QDS_ADMIN role reference (dead code)
QDS_ADMIN was removed from the hiveops-auth Role enum (972a28a); no JWT can carry
ROLE_QDS_ADMIN. Strip the stale SecurityConfig hasAnyRole entry. Zero runtime change.

Refs hiveiq-src/hiveops-incident#253

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
2026-07-07 22:35:38 -04:00
johannes 7bc96eeaa7 ci(guide): note BCOS_DEV_DEPLOY_KEY provisioned — trigger deploy verification
CD - Develop (guide → bcos.dev) / build-and-deploy (push) Successful in 59s
2026-07-05 22:44:28 -04:00
hiveiq e58ccc5b71 Merge pull request 'ci(guide): auto build + deploy to bcos.dev on push (#5)' (#6) from feat/5-guide-ci-develop into develop
CD - Develop (guide → bcos.dev) / build-and-deploy (push) Failing after 34m37s
2026-07-05 13:15:32 -04:00
johannes 37a1c4e396 ci(guide): auto build + deploy to bcos.dev on push to develop (#5)
The guide bundles content into the backend jar at build time, so instances must be rebuilt +
redeployed to pick up doc changes (git-pull is insufficient). Automates it: on push to develop
(backend/** paths), mvn package -> docker build -> push :dev -> deploy to bcos.dev -> smoke.

mvn package runs FIRST (the Dockerfile COPYs a pre-built jar — skipping it ships stale content).
Auto-deploy scoped to dev only (docs, low risk). Audience filtering is runtime via
GUIDE_SERVED_AUDIENCES, so no build-time filtering — prod (future cd-main, gated) serves
customer,internal only.

Needs (coordinate w/ CI/runner session): BCOS_DEV_DEPLOY_KEY secret + runner reachability to .251.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
2026-07-05 13:10:34 -04:00
johannes 7bc8c839d8 docs(guide): add milestone release history (pre-pilot → pilot → production)
processes.gitea-issues: document the backfilled release timeline — 2026-02/03 pre-pilot,
2026-04/05 pilots, 2026-06 production go-live (17 June), 2026-07 current. Notes the
close-date scoping, the 100%-closed historical milestones, and the search-API pagination
gotcha (newest-first, ~200 cap).
2026-07-05 12:47:10 -04:00
johannes c895b57185 chore(guide): bump hiveops-bom 1.0.4 -> 1.0.5 (CVE remediation, bom#6)
Clears 2026-07 NVD batch (spring-framework 6.2.19 / spring-security 6.5.11 / tomcat 10.1.56).

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
2026-07-05 07:52:46 -04:00
johannes 1cd8f185bc docs(guide): internal service-to-service calls route through nginx blue/green map
platform.nginx-routing: replace the stale 'flip map + internal callers in sync' guidance with the
new pattern — internal callers point at hiveiq-nginx:<port> and follow the 00-backends.conf map
(10-internal-backends.conf). Document the targeted-flip gotcha (global sed corrupts the derived
active_color table; bluegreen-deploy.sh has this bug) and 'never recreate the active color'.
platform.deployment: add a prod blue/green cutover section + the 2026-07-03 incident lesson.

Refs hiveiq-ops/hiveiq-devops#27, hiveiq-ops/hiveiq-openmetal-prod#20.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
2026-07-05 07:18:45 -04:00
johannes 7dcc910389 docs(guide): incident-management per-institution ownership mode (#221)
Document the MSP_MANAGED/CUSTOMER_MANAGED incident ownership mode across the
Claude/Internal/Architect/Testing/Customer tabs: the write matrix, the
/institution-keys/{key}/incident-mode endpoint + MSP toggle, controller-layer
assertWritable enforcement, IncidentDTO.institution, V90 migration, and the
known UI follow-up (customer nav still hidden).

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
2026-07-05 06:04:57 -04:00
johannes be2c162d11 docs(guide): document milestone-based release tracking (YYYY-MM / Next / Backlog)
Add a Milestones section to processes.gitea-issues: releases are tracked by per-repo
YYYY-MM milestones (not labels), Next = milestone with no due date, Backlog = no
milestone. Note the retired Release/* labels, cross-repo rollup via issues/search, and
assignment API. Cross-link from processes.release for release scoping.
2026-07-02 18:55:06 -04:00
johannes 30375cf5ce chore(security): bump hiveops-bom parent to 1.0.4 — CVE remediation (#3)
Boot 3.5.14 + netty/tomcat/jackson/spring-kafka/spring-cloud/spring-ai/commons/
bcprov overrides. Validated via Phase-1 fan-out: builds clean, backend Trivy 0
HIGH/CRITICAL. (Frontend npm axios/form-data handled separately where present.)

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
2026-07-02 13:40:10 -04:00
johannes f30e6aaa28 docs(guide): confirm firewall (OpenStack SGs) + SSH key-only posture (devops#17)
SGs are the firewall of record — public surface 80/443, SSH/Loki restricted to
internal+admin. All VMs key-only (passwordauthentication no) -> brute-force
mitigated, fail2ban optional. Dead SSH-ingress SG (22->world, unattached) to remove.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
2026-07-02 12:08:22 -04:00
johannes 3c0058d892 docs(guide): gotcha — root-owned cron logs silently kill bcosadmin cron jobs
The redirect (>> /var/log/x.log) fails before the command runs when the target
is root-owned/absent; job dies with zero output. Caused backups #18/#19 + IDS
#22 outages. Diagnose via redirect-target owner; fix with chown + logrotate create.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
2026-07-02 11:50:30 -04:00
johannes 80e4bbe415 docs(guide): ClamAV remediation status + VM-sizing OOM gotcha
devops.security: #16 remediated (freshclam + clamscan, no resident clamd); 5/6
VMs done incl CDE; proxy EXCLUDED (957MB, install OOM d it -> hard reboot).
platform.gotchas: check VM RAM before installing memory-heavy tools.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
2026-07-02 10:58:00 -04:00
johannes 03f6c16eab docs(guide): correct devops.backups + devops.security after prod audit
First pass had a partial view. Backups are 3 layers (Swift dumps + encrypted
off-cluster borg to DLX + Cinder snapshots), not just pg_dumpall — #15 (DR)
resolved, #13/#14 re-scoped. Security has iptables auto-block (security-monitor)
+ AIDE FIM — #17 re-scoped; ClamAV (#16) remains the one real gap.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
2026-07-02 08:27:18 -04:00
johannes 5d23388ef5 docs(guide): add platform.production-checks + new DEVOPS section (backups, security)
- platform.production-checks: the daily prod health sweep (deep actuator/critical
  set, Loki ERROR+5xx top-5, backup freshness, ClamAV per-VM) -> 06:30 email report.
- NEW DevOps nav section in the reader (SPECIAL + section block + expandFor).
- devops.backups: pg_dumpall->Swift nightly job, verify/restore, gaps (#13/#14/#15).
- devops.security: ClamAV/firewall posture from the 2026-07-02 sweep — FAILING,
  remediation in #16 (Critical, PCI CDE) / #17. Reconciler: devops = concept docs.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
2026-07-02 07:55:49 -04:00
johannes 2be67a26d1 docs(guide): add IAT_SERVER_RECOVERED / IAT_CORE_RECOVERED to activeteller module
The activeteller agent module now emits two connectivity-recovery events
(hiveops-agent#68) that drive incident auto-close. Adds them to the event lists
(internal + claude), bumps the count 9→11, and corrects the SymXchange behaviour
in architect.md: the connection-error streak resets (and IAT_CORE_RECOVERED fires)
on the next message header, not on a fault line.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
2026-07-02 00:44:32 -04:00
johannes 340e131dc7 docs(guide): add platform.ci-cd + capture DNS single-point-of-failure gotcha
New platform.ci-cd page: runner topology (dlx-hiveiq-runner-01), no-internet
design, workflow set, access, and failure signatures. gotchas: correct the
stale \"CI is disabled\" line and add the AdGuard DNS SPOF (hits app boxes + CI
+ Claude sessions). Grounded in runner logs from the 2026-07-01 outage.

Refs hiveiq-ops/hiveiq-devops#11

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
2026-07-02 00:06:27 -04:00
johannes 95761a0643 content(guide): agent.* module guides — 15 modules (Internal/Architect/Claude, audience dev)
Closes the agent-module coverage gap the reconciler flagged (activeteller + 14).
Grounded per module in hiveops-agent/hiveops-module-*; audience dev (dev-only).
Reconciler now green. Grounding surfaced agent-side bugs (log-error route
mismatch, atec poll-interval hardcoded) — to verify + file next.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
2026-07-01 19:26:23 -04:00
johannes 167ba332a8 chore(guide): reconciler excludes deprecated qds-monitor (superseded by the agent)
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
2026-07-01 19:07:27 -04:00
johannes 871b81474d feat(guide): coverage reconciler + relabel customer tabs Overview→Customer
scripts/coverage-reconcile.py diffs the code surface (services, agent modules,
SPAs) against documented module keys and reports gaps — catches undocumented
things (found 15 agent modules + qds-monitor). Also relabeled 63 customer tabs
Overview→Customer for role-tab consistency with the fleet pilot.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
2026-07-01 19:05:40 -04:00
johannes 26610bb4f3 style(guide): let content fill the pane (drop 860px cap) — no more right-side gap
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
2026-07-01 17:37:17 -04:00
johannes 930a4b968e feat(guide): dev audience tier + GUIDE_SERVED_AUDIENCES env cap (prod = customer,internal)
4-tier ladder customer<internal<dev<bcos. Re-tagged Architect/Testing/Claude +
platform/technical from internal->dev; Processes stays bcos. Backend visible()
enforces a per-instance served-audiences cap at the API. bcos.dev/DLX serve all;
production sets GUIDE_SERVED_AUDIENCES=customer,internal so dev/bcos never leave
dev. Verified: capped instance returns only Customer+Internal, 404s dev/bcos.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
2026-07-01 17:11:00 -04:00
johannes e02aab4d3b feat(guide): in-guide feedback → creates Gitea Bug/Enhancement issues
Backend FeedbackController + GiteaFeedbackService (POST /api/v1/guide/feedback):
resolves/creates the Bug/Enhancement label, appends reporter (from JWT) + module
context, POSTs the issue via a server-side GITEA_FEEDBACK_TOKEN (reaches Gitea via
public route). Area→repo map mirrors the Browser. Reader gets a 💬 Send feedback
button + dark slide-in form (Bug/Enhancement, area prefilled from current module,
title, description) with success link. Verified e2e (created hiveops-guide #4).

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
2026-07-01 16:54:55 -04:00
johannes 7b7af91910 content(guide): note issue-close auto-notifies reporter — fill Resolution first (processes.gitea-issues)
Ties in dlx-claude's gitea-notify webhook: closing a Gitea issue DMs the reporter
in their HiveIQ inbox using the Resolution field.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
2026-07-01 16:24:06 -04:00
johannes 4d56db455e feat(guide): Processes section + bcos-only audience tier (BCOS_ADMIN)
New 3-tier gating: customer < internal (MSP/BCOS) < bcos (BCOS_ADMIN only).
GuideController.isBcos + service visible() honour audience: bcos. New 'processes'
app with Develop / Main / Release / Gitea-Issue process docs (audience bcos),
rendered as a Processes nav section only BCOS_ADMIN can see. Verified: BCOS 200,
MSP/customer 404.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
2026-07-01 16:09:33 -04:00
johannes 2488408ee9 content(guide): Testing tabs for all 63 modules — slim frontend QA checklists (DRAFT)
Every customer module now has the full 5-lens set (Customer/Internal/Architect/
Testing/Claude). Testing = frontend-only what-to-test -> pass/fail checklist vs
bcos.dev sim data (C1/C2/C3 + test logins), audience internal. Authored via
per-module fan-out (2 retried on Sonnet 5).

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
2026-07-01 15:50:40 -04:00