feat: Policy Store DB for Self-Healing Remediation Policies (PHO-5) by JustAGhosT · Pull Request #377 · phoenixvc/cognitive-mesh

JustAGhosT · 2026-03-15T23:04:40Z

Summary

Implements PHO-5: a persistent, versioned policy store for self-healing remediation policies, plus a decision engine in the AgencyLayer that consumes it.

What's new

FoundationLayer — `PolicyStore` sub-project


`Models/RemediationAction.cs`	`[Flags]` enum: Retry, Rollback, Reassign, Restart, Escalate
`Models/RemediationPolicy.cs`	Versioned policy entity with full audit fields
`Models/PolicyAuditEntry.cs`	Audit trail entry written on every create/update/delete
`Ports/IRemediationPolicyPort.cs`	Port interface: Get, List, Upsert, Delete, GetPolicyHistory
`Options/PolicyStoreOptions.cs`	Config: CosmosDB connection, container IDs, cache TTL
`Adapters/CosmosDbRemediationPolicyAdapter.cs`	CosmosDB adapter with IMemoryCache read path, safe fallback policy when DB is unavailable, and full audit trail
`Seed/DefaultPolicySeed.cs`	16 default policies (4 categories × 4 severities)
`Seed/PolicyStoreInitializer.cs`	Idempotent startup seeder
`Extensions/PolicyStoreServiceExtensions.cs`	`AddPolicyStore(services, config)` DI registration

AgencyLayer — `SelfHealing` sub-project


`Ports/IRemediationDecisionPort.cs`	Returns `(RemediationAction, Dictionary<string,double>)` tuple
`Engines/RemediationPolicyDecisionEngine.cs`	Delegates to `IRemediationPolicyPort` cached read path
`Extensions/SelfHealingServiceExtensions.cs`	`AddSelfHealingServices(services)` DI registration

Tests

tests/FoundationLayer/PolicyStore/ — 8 tests: versioning (v1 on create, v+1 on update), previous version deactivation, fallback on missing policy, delete, list, seed (empty + idempotent)
tests/AgencyLayer/SelfHealing/ — 6 tests: action resolution, fallback non-None, security/critical contains Escalate, null/empty args throw ArgumentException, port called exactly once

Key design decisions

Partition key = IncidentCategory — hot path queries are always partition-scoped
Soft versioning — old policy records kept with IsActive=false, not physically deleted; GetPolicyHistoryAsync surfaces all versions
Cache TTL configurable via PolicyStoreOptions.CacheTtl (default 5 min)
Safe fallback — if CosmosDB is unavailable, GetPolicyAsync returns a permissive Retry|Escalate policy and logs a warning; no exception propagated to callers
Secrets — CosmosDbConnectionString must be provided via environment variable or Key Vault; never hardcoded

Checklist

All public types have XML doc comments
ILogger<T> on all classes
Constructor null guards
All public methods async with CancellationToken
No circular layer references
No secrets in code
Solution file updated
FoundationLayer.csproj and AgencyLayer.csproj updated

Closes PHO-5

_{Stilla Canvas. Ask @stilla for more context.}

Implement the remediation policy store backed by Cosmos DB with in-memory caching, audit logging, default policy seeding, and the self-healing decision engine that consumes policies. New projects: - FoundationLayer/PolicyStore – models, ports, Cosmos DB adapter, options, seed data, and DI extensions - AgencyLayer/SelfHealing – remediation decision port and engine Co-Authored-By: Jurie Smit <smit.jurie@gmail.com>

- Add PolicyStore.Tests with 8 tests covering in-memory adapter contract, seed initialization, and fallback behavior - Add SelfHealing.Tests with 6 tests covering decision engine delegation, argument validation, and port interaction verification - Register all new projects in CognitiveMesh.sln with build configurations and solution folder nesting Co-Authored-By: Jurie Smit <smit.jurie@gmail.com>

blocksorg · 2026-03-15T23:04:44Z

Mention Blocks like a regular teammate with your question or request:

@blocks review this pull request
@blocks make the following changes ...
@blocks create an issue from what was mentioned in the following comment ...
@blocks explain the following code ...
@blocks are there any security or performance concerns?

Run @blocks /help for more information.

Workspace settings | Disable this message

linear · 2026-03-15T23:04:46Z

PHO-5 Create Policy Store DB for Self-Healing Remediation Policies

chatgpt-codex-connector · 2026-03-15T23:04:48Z

You have reached your Codex usage limits for code reviews. You can see your limits in the Codex usage dashboard.
To continue using code reviews, you can upgrade your account or add credits to your account and enable them for code reviews in your settings.

coderabbitai · 2026-03-15T23:04:48Z

Important

Review skipped

Auto reviews are disabled on base/target branches other than the default branch.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 0ba131cc-4d91-4a4c-9842-15ee745af2f5

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

🔍 Trigger review

✨ Finishing Touches

🧪 Generate unit tests (beta)

Create PR with unit tests
Post copyable unit tests in a comment
Commit unit tests in branch feat/pho-5-policy-store-db

📝 Coding Plan

Generate coding plan for human review comments

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

src/UILayer/web/src/components/Nexus/index.tsx


  // Enhanced mode drag handlers
-  const handleDragStart = useCallback((type: "nexus" | "icon", data?: any) => {
+  const handleDragStart = useCallback((type: "nexus" | "icon", data?: unknown, event?: React.MouseEvent) => {


In general, to fix an unused function or variable warning, you either remove the unused declaration and any associated logic, or, if it should be used, you wire it up properly. To avoid changing existing behavior, the smallest safe change is to remove only code that has no effect: the unused callback and its associated closure creation.

Here, the best fix is to remove the entire handleDragStart useCallback block, because:

It is not referenced anywhere in the provided snippet.

Its logic is self‑contained and side‑effect free until called, so deleting it cannot change runtime behavior if nothing ever calls it.

Concretely, in src/UILayer/web/src/components/Nexus/index.tsx, delete the block that defines handleDragStart (lines 365–380 in the snippet), leaving handleDragEnd and the rest of the file unchanged. No new imports or additional definitions are required.

* Phase 14 foundation: Zustand stores, navigation, routing, SignalR, skeletons FE-005: 5 Zustand stores - useAuthStore: mirrors AuthContext for non-React consumers - useAgentStore: agent registry with real agenticApi integration - useDashboardStore: dashboard data (fetch-based, pending backend endpoints) - useNotificationStore: in-app notifications with unread tracking - usePreferencesStore: persisted user preferences (theme, accessibility) FE-022: Navigation components - Sidebar with collapsible sections, active route highlighting - TopBar with breadcrumbs, notification bell, connection indicator - MobileMenu responsive drawer (<768px) FE-021: Multi-page routing - (app) route group with shared layout (sidebar + topbar + ProtectedRoute) - 6 routes: /dashboard, /agents, /analytics, /compliance, /marketplace, /settings - Per-route loading.tsx and error.tsx boundaries - Dashboard page wired to useDashboardStore - Agents page wired to useAgentStore with table view - Settings page wired to usePreferencesStore with toggle controls FE-003: SignalR real-time client - useSignalR hook with auto-reconnect (exponential backoff) - subscribe/unsubscribe/invoke/joinGroup/leaveGroup methods - ConnectionIndicator component shows live status FE-007: Skeleton loading components - Skeleton, SkeletonCard, SkeletonTable, SkeletonMetric, SkeletonDashboard Dependencies: zustand@5.0.11, @microsoft/signalr@10.0.0 Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * FE-002: Wire real API, remove DashboardAPI mock - Root `/` now redirects to `/dashboard` (server-side via next/navigation) - Deleted `services/api.ts` (DashboardAPI singleton with hardcoded mock data) - Deleted `hooks/useDashboardData.ts` (hook wrapper around mock) - Dashboard page uses `useDashboardStore` fetching from real backend - Updated AGENT_BACKLOG.md: Phase 14 marked complete, Phase 14b added (CognitiveMeshUI component library integration) Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * Address PR review findings: security, a11y, error handling, API robustness Backend: - CORS empty-origins guard in Program.cs - Replace ThrowIfNullOrWhiteSpace with BadRequest in AdaptiveBalanceController - Add ProducesResponseType attributes, CancellationToken forwarding, error handling in AgentController and CustomerServiceController - Simplify AgentRegistryService circuit breaker delegation - Fix AuthorityService RevokeAuthorityOverrideAsync return and null-forgiving Frontend: - Prevent open redirect in login returnTo validation - Move ApiBootstrap inside ErrorBoundary in layout - Dev-only error messages in ErrorBoundary and error page - Guard e.message in ExtensionErrorSuppressor - Keyboard a11y on agent table rows, settings focus styles, label htmlFor - MobileMenu active state fix, Escape key, backdrop aria-hidden - navItems fallback group in groupBySections - Add pathname to ProtectedRoute useEffect deps - Toast aria-live on container - Fix agent store name mapping and dashboard store error handling - Auth context: logout in proactive-refresh deps, Secure cookie flag Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * Address PR review findings: security, a11y, race conditions, cleanup - AGENT_BACKLOG.md: fix item count (29→27), fix circular gate deferral - AgentController: propagate CancellationToken to all registry port calls - IAgentRegistryPort: add CancellationToken to Register/GetById/Deactivate - AgentRegistryService: sanitize framework in compliance status log - CustomerIntelligenceManager: sanitize customerId in exception message, escape single quotes in Cypher query to prevent injection - NISTComplianceService: sanitize audit entry Details fields, lock EvidenceRecord mutation for thread safety, capture TotalCount inside lock for consistent snapshot - AdaptiveBalanceService: snapshot ConcurrentBag for confidence calc, lock DimensionState reads/writes for atomic updates - Agents page: remove role="grid" (no 2D nav), add focus-visible ring - Remove coverage/ artifacts from git, add to .gitignore Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * chore(deps): pin dependency node to 22.22.1 * Fix gh-pages deploy: grant contents write permission to GITHUB_TOKEN The peaceiris/actions-gh-pages action needs push access to the gh-pages branch. Added job-level permissions and removed unused ACTIONS_DEPLOY_KEY env. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * Phase 14b: UI component library integration — shadcn/ui, design tokens, Tailwind v4 Merge CognitiveMeshUI repo (169 files): 48 shadcn/ui components with Radix UI deps, design tokens via Style Dictionary v5, Storybook v10 config. Key changes: - Install 27 @radix-ui/* packages + cmdk, recharts@3, sonner, vaul, etc. - Move components/ui/ → src/components/ui/ with TS validation enabled - Move hooks (use-mobile, use-toast) and theme-provider into src/ - Add lib/utils.ts (shadcn cn() helper) - Migrate Tailwind v3 → v4 (@tailwindcss/postcss + @config directive) - Fix all 150+ TypeScript errors across components, visualizations, lib modules - Harden Next.js 16 SSR (Suspense boundaries, window guards, env fallbacks) - Remove dead code: BridgeHeader, FXModePanel, LayoutToolsPanel, VoiceFeedback - Delete duplicate /settings route (kept (app)/settings) - Update MIGRATION.md (100% complete) and AGENT_BACKLOG.md (Phase 14b ✓) Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * chore(deps): update entity framework core to v10.0.4 * fix(deps): pin dependencies * chore(deps): update microsoft.extensions to v10.0.4 * fix(deps): update all non-major dependencies * fix(deps): update all non-major dependencies (#360) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * Phase 15 Batch A: Settings, Notifications, Profile * Phase 15 Batch A: Settings, Notification Preferences, User Profile FE-008: Enhanced settings page with language selector (en-US/fr-FR/de-DE), Data & Privacy consent toggles (analytics, telemetry, personalized content, third-party sharing), descriptions on all toggles, save confirmation. FE-009: New /settings/notifications page with channel toggles (email, push, SMS, in-app), 5 notification categories with per-category enable/disable, quiet hours with start/end time and timezone. FE-010: New /profile page with account info, role badges (Admin/Analyst/ Viewer), GDPR & EU AI Act consent management (4 consent types), privacy summary with status dots, data export request (GDPR Article 20), session info. Added Profile nav item with User icon to sidebar. Store: Extended usePreferencesStore with language, privacyConsent, and notificationPreferences state + actions (setLanguage, setPrivacyConsent, setNotificationChannel, setQuietHours). Build: 14 pages generated (was 12), 0 TypeScript errors. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * Address PR review findings: Link, i18n, GDPR persistence, shared toggle - Replace <a> with Next.js <Link> in settings, notifications, profile pages - Call i18n.changeLanguage() on language select for immediate effect - Move GDPR consent from local useState to Zustand store (persisted) - Add GdprConsentRecord type + setGdprConsent action to preferences store - Fix "Authenticated since" to use useMemo (stable across re-renders) - Extract shared ToggleRow/ToggleButton to components/ui/toggle-switch.tsx - Replace freeform timezone input with curated timezone <select> - Add accessible label (htmlFor) to timezone select - Fix store doc comment: local-only with TODO for backend sync - Use canonical Tailwind class bg-white/2 Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * Fix ~40 code quality issues across backend and frontend Backend: CancellationToken propagation, atomic ConcurrentDictionary updates, Cypher injection prevention via regex validation, authority override revocation. UI components: forwardRef type corrections, aria-hidden/aria-label a11y fixes, event listener cleanup, CSS sanitization for dangerouslySetInnerHTML, unique keys with index fallback, variant priority fix, displayName casing. Pages/hooks/stores: open redirect prevention, SSR hydration fix, timer cleanup, SignalR mounted guard, auth token expiry check, Array.isArray guard, crypto randomUUID replacing module counter, Zustand persist with versioned migration, devDependencies cleanup, dark-themed select options. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * Phase 15b: 5 widget PRDs, frontend Docker, K8s, Terraform Widgets (FE-011 to FE-015): - NIST Compliance: maturity gauge, gap analysis table, compliance timeline - Adaptive Balance: spectrum sliders, balance history chart - Value Generation: radar chart, organizational blindness heatmap - Impact Metrics: safety gauge, impact radar, resistance timeline - Cognitive Sandwich: phase stepper, burndown chart CI/CD (FECICD-002 to FECICD-004): - Frontend Dockerfile (multi-stage, standalone, non-root) - Docker Compose with frontend + API services - Frontend deploy pipeline (ACR → AKS staging → prod) - Dependabot npm coverage for frontend deps - CodeQL TypeScript analysis Infrastructure (FECICD-005, FECICD-006): - K8s frontend manifests (deployment, service, configmap, ingress) - K8s overlays (dev: 1 replica, staging: 2, prod: 3 + TLS) - Terraform frontend-hosting module (Azure App Service, Node.js 22) Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * Orchestrator: Phase 15 complete — 95/109 items done Frontend grade C→B. 5 widget PRDs built (NIST, Adaptive Balance, Value Gen, Impact Metrics, Cognitive Sandwich). Frontend Docker, K8s manifests, Terraform module, deploy pipeline, Dependabot npm, CodeQL TypeScript all added. 14 items remaining for Phases 16-17. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> --------- Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com> * fix(deps): update all non-major dependencies (#368) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * chore(deps): update dependency azure.identity to v1.19.0 (#369) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * fix(deps): update all non-major dependencies (#370) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * fix(deps): update all non-major dependencies (#373) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * chore(deps): update all non-major dependencies (#374) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * fix(deps): update all non-major dependencies (#375) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * fix(deps): update dependency shadcn to v4.0.8 (#376) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * fix(deps): update dependency zustand to v5.0.12 (#378) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * fix(deps): update all non-major dependencies (#379) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * fix(deps): update all non-major dependencies (#383) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * chore(ci): reduce CodeQL to weekly schedule + manual trigger (#384) Removes push and pull_request triggers to reduce GitHub Actions costs. Scans were running on every PR including Renovate dependency updates. Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com> * fix(deps): update all non-major dependencies (#385) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * chore(deps): update dependency wolverinefx to v5.21.0 (#386) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * fix(deps): update all non-major dependencies (#387) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * fix(deps): update dependency i18next to v25.8.19 (#389) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * fix(deps): update all non-major dependencies (#390) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * chore(deps): update dependency @redocly/cli to v2.24.1 (#391) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * chore(deps): update dependency microsoft.azure.cosmos to v3.58.0 (#393) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * Potential fix for code scanning alert no. 545: Unused variable, import, function or class (#392) Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com> * chore(mcp): add kernel.sh cloud browser MCP server (#388) * chore(mcp): add kernel.sh cloud browser MCP server Adds kernel.sh as a managed cloud browser infrastructure tool alongside the existing playwright MCP. kernel.sh provides remote Chromium sessions via CDP, native MCP server, managed auth (2FA/SSO without exposing credentials to the LLM), and 72-hour session support. Requires: KERNEL_API_KEY env var (obtain from kernel.sh dashboard, store in Azure Key Vault or local .env — never commit). playwright MCP remains unchanged for local E2E testing. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> * feat(agency): add CIA 2.0 computation engine (ICognitiveAssessmentPort) Implements the Cognitive Impact Assessment 2.0 formula from the Cognitive Sovereignty AI Ethics framework: CIA2.0 = (TI + APS + MAR + ACR) / 4 × RW-CIA × SFI × (1 – STG) - CiaAssessmentRequest: four core metrics + contextual adjustments - CiaAssessmentResult: raw/adjusted CIA, CSI, sovereignty mode + rationale - ICognitiveAssessmentPort: async assessment interface - CognitiveAssessmentEngine: pure formula implementation with input validation - ServiceCollectionExtensions: registers ICognitiveAssessmentPort → CognitiveAssessmentEngine CSI is derived as Clamp(adjusted / RW-CIA, 0, 1), normalising back to [0,1]. Creative tasks always floor at HumanLed regardless of score. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> * feat(agency): add POST /cognitive/agency/route/computed endpoint Implements the computed routing variant that accepts raw CIA 2.0 interface metrics, runs CognitiveAssessmentEngine to derive CIA/CSI scores, then routes to the agency router — returning both the routing decision and the computed scores in a single response. - Injects ICognitiveAssessmentPort into CognitiveMeshController - Maps AgencyRouteComputedRequest → CiaAssessmentRequest → TaskContext - Computes fluency score from the 7 interaction quality metrics - Returns AgencyRouteComputedResponse with ComputedScores attached - Validates metric bounds via CognitiveAssessmentEngine (throws ArgumentOutOfRangeException → 400 Bad Request) Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> --------- Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com> * fix(deps): update dependency i18next to v25.9.0 (#395) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * Phase 16: Remaining widgets, role-based UI, frontend tests (#361) * Phase 15 Batch A: Settings, Notification Preferences, User Profile FE-008: Enhanced settings page with language selector (en-US/fr-FR/de-DE), Data & Privacy consent toggles (analytics, telemetry, personalized content, third-party sharing), descriptions on all toggles, save confirmation. FE-009: New /settings/notifications page with channel toggles (email, push, SMS, in-app), 5 notification categories with per-category enable/disable, quiet hours with start/end time and timezone. FE-010: New /profile page with account info, role badges (Admin/Analyst/ Viewer), GDPR & EU AI Act consent management (4 consent types), privacy summary with status dots, data export request (GDPR Article 20), session info. Added Profile nav item with User icon to sidebar. Store: Extended usePreferencesStore with language, privacyConsent, and notificationPreferences state + actions (setLanguage, setPrivacyConsent, setNotificationChannel, setQuietHours). Build: 14 pages generated (was 12), 0 TypeScript errors. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * Address PR review findings: Link, i18n, GDPR persistence, shared toggle - Replace <a> with Next.js <Link> in settings, notifications, profile pages - Call i18n.changeLanguage() on language select for immediate effect - Move GDPR consent from local useState to Zustand store (persisted) - Add GdprConsentRecord type + setGdprConsent action to preferences store - Fix "Authenticated since" to use useMemo (stable across re-renders) - Extract shared ToggleRow/ToggleButton to components/ui/toggle-switch.tsx - Replace freeform timezone input with curated timezone <select> - Add accessible label (htmlFor) to timezone select - Fix store doc comment: local-only with TODO for backend sync - Use canonical Tailwind class bg-white/2 Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * Fix ~40 code quality issues across backend and frontend Backend: CancellationToken propagation, atomic ConcurrentDictionary updates, Cypher injection prevention via regex validation, authority override revocation. UI components: forwardRef type corrections, aria-hidden/aria-label a11y fixes, event listener cleanup, CSS sanitization for dangerouslySetInnerHTML, unique keys with index fallback, variant priority fix, displayName casing. Pages/hooks/stores: open redirect prevention, SSR hydration fix, timer cleanup, SignalR mounted guard, auth token expiry check, Array.isArray guard, crypto randomUUID replacing module counter, Zustand persist with versioned migration, devDependencies cleanup, dark-themed select options. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * Phase 15b: 5 widget PRDs, frontend Docker, K8s, Terraform Widgets (FE-011 to FE-015): - NIST Compliance: maturity gauge, gap analysis table, compliance timeline - Adaptive Balance: spectrum sliders, balance history chart - Value Generation: radar chart, organizational blindness heatmap - Impact Metrics: safety gauge, impact radar, resistance timeline - Cognitive Sandwich: phase stepper, burndown chart CI/CD (FECICD-002 to FECICD-004): - Frontend Dockerfile (multi-stage, standalone, non-root) - Docker Compose with frontend + API services - Frontend deploy pipeline (ACR → AKS staging → prod) - Dependabot npm coverage for frontend deps - CodeQL TypeScript analysis Infrastructure (FECICD-005, FECICD-006): - K8s frontend manifests (deployment, service, configmap, ingress) - K8s overlays (dev: 1 replica, staging: 2, prod: 3 + TLS) - Terraform frontend-hosting module (Azure App Service, Node.js 22) Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * Orchestrator: Phase 15 complete — 95/109 items done Frontend grade C→B. 5 widget PRDs built (NIST, Adaptive Balance, Value Gen, Impact Metrics, Cognitive Sandwich). Frontend Docker, K8s manifests, Terraform module, deploy pipeline, Dependabot npm, CodeQL TypeScript all added. 14 items remaining for Phases 16-17. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * Phase 16: Remaining widgets, role-based UI, 98 frontend tests Widgets (FE-016, FE-018 to FE-020): - Context Engineering: token usage chart, prompt optimization metrics - Convener: session timeline, orchestration modes - Marketplace: agent browser with search/filter, agent cards - Org Mesh: mesh topology visualization, node type legend App features (FE-021, FE-023): - Multi-page routing: all routes under App Router (app) group - RoleGuard component wrapping compliance page - Sidebar role indicator with user avatar Frontend tests (FETEST-001, FETEST-002): - 12 test suites, 98 tests passing - Components: toggle-switch, ConnectionIndicator, ErrorBoundary, Skeleton - Stores: useAgentStore, useNotificationStore, usePreferencesStore - Hooks: use-toast - Contexts: AuthContext - API: client setup, agent registry integration tests - Jest config: path aliases, file mocks, crypto polyfill Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * Phase 17: Advanced features, comprehensive test suite, full-stack validation P3-LOW features (FE-024, FE-025, FE-026): - ExportMenu: CSV/PNG export wired into Compliance and Impact dashboards - CommandPalette: Ctrl+K global search across all pages with fuzzy matching - PresenceIndicator: real-time user avatars via SignalR in TopBar - ActivityFeed: collapsible team activity panel via SignalR Advanced testing (FETEST-003, FETEST-004, FETEST-005): - E2E: dashboard flow, auth flow (login/logout/protected routes), settings flow - Visual regression: 10 snapshot tests across Skeleton + ConnectionIndicator - Performance: lazy loading verification, Zustand selector re-render isolation - Total: 18 suites, 137 tests passing Full-stack validation: - Backend: 0 errors, 0 warnings - Frontend: 0 TS errors, 137/137 tests passing Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * ci: Add workflow to create GitHub issues from PR #361 review comments (#394) * Initial plan * ci: add workflow and issue data to create GitHub issues from PR #361 review comments Co-authored-by: JustAGhosT <5531814+JustAGhosT@users.noreply.github.com> Agent-Logs-Url: https://github.com/phoenixvc/cognitive-mesh/sessions/b551d67f-8284-421d-b411-3850be2a0401 * ci: trigger issue creation workflow on push to branch (remove paths filter) Co-authored-by: JustAGhosT <5531814+JustAGhosT@users.noreply.github.com> Agent-Logs-Url: https://github.com/phoenixvc/cognitive-mesh/sessions/b551d67f-8284-421d-b411-3850be2a0401 --------- Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: JustAGhosT <5531814+JustAGhosT@users.noreply.github.com> --------- Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com> Co-authored-by: Copilot <198982749+Copilot@users.noreply.github.com> Co-authored-by: JustAGhosT <5531814+JustAGhosT@users.noreply.github.com> * chore(deps): pin node.js (#362) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * fix: bump Microsoft.Extensions.* and EF Core packages from 10.0.4 to 10.0.5 (#418) Agent-Logs-Url: https://github.com/phoenixvc/cognitive-mesh/sessions/f5b12a8c-e23a-4b57-8d8b-6ddf826b4931 Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: JustAGhosT <5531814+JustAGhosT@users.noreply.github.com> * update badges (#420) Updated project name and added versioning and status badges. * feat: ai written implement ations for most of the interfaces (#421) (#422) * Phase 14 foundation: Zustand stores, navigation, routing, SignalR, skeletons FE-005: 5 Zustand stores - useAuthStore: mirrors AuthContext for non-React consumers - useAgentStore: agent registry with real agenticApi integration - useDashboardStore: dashboard data (fetch-based, pending backend endpoints) - useNotificationStore: in-app notifications with unread tracking - usePreferencesStore: persisted user preferences (theme, accessibility) FE-022: Navigation components - Sidebar with collapsible sections, active route highlighting - TopBar with breadcrumbs, notification bell, connection indicator - MobileMenu responsive drawer (<768px) FE-021: Multi-page routing - (app) route group with shared layout (sidebar + topbar + ProtectedRoute) - 6 routes: /dashboard, /agents, /analytics, /compliance, /marketplace, /settings - Per-route loading.tsx and error.tsx boundaries - Dashboard page wired to useDashboardStore - Agents page wired to useAgentStore with table view - Settings page wired to usePreferencesStore with toggle controls FE-003: SignalR real-time client - useSignalR hook with auto-reconnect (exponential backoff) - subscribe/unsubscribe/invoke/joinGroup/leaveGroup methods - ConnectionIndicator component shows live status FE-007: Skeleton loading components - Skeleton, SkeletonCard, SkeletonTable, SkeletonMetric, SkeletonDashboard Dependencies: zustand@5.0.11, @microsoft/signalr@10.0.0 * FE-002: Wire real API, remove DashboardAPI mock - Root `/` now redirects to `/dashboard` (server-side via next/navigation) - Deleted `services/api.ts` (DashboardAPI singleton with hardcoded mock data) - Deleted `hooks/useDashboardData.ts` (hook wrapper around mock) - Dashboard page uses `useDashboardStore` fetching from real backend - Updated AGENT_BACKLOG.md: Phase 14 marked complete, Phase 14b added (CognitiveMeshUI component library integration) * Address PR review findings: security, a11y, error handling, API robustness Backend: - CORS empty-origins guard in Program.cs - Replace ThrowIfNullOrWhiteSpace with BadRequest in AdaptiveBalanceController - Add ProducesResponseType attributes, CancellationToken forwarding, error handling in AgentController and CustomerServiceController - Simplify AgentRegistryService circuit breaker delegation - Fix AuthorityService RevokeAuthorityOverrideAsync return and null-forgiving Frontend: - Prevent open redirect in login returnTo validation - Move ApiBootstrap inside ErrorBoundary in layout - Dev-only error messages in ErrorBoundary and error page - Guard e.message in ExtensionErrorSuppressor - Keyboard a11y on agent table rows, settings focus styles, label htmlFor - MobileMenu active state fix, Escape key, backdrop aria-hidden - navItems fallback group in groupBySections - Add pathname to ProtectedRoute useEffect deps - Toast aria-live on container - Fix agent store name mapping and dashboard store error handling - Auth context: logout in proactive-refresh deps, Secure cookie flag * Address PR review findings: security, a11y, race conditions, cleanup - AGENT_BACKLOG.md: fix item count (29→27), fix circular gate deferral - AgentController: propagate CancellationToken to all registry port calls - IAgentRegistryPort: add CancellationToken to Register/GetById/Deactivate - AgentRegistryService: sanitize framework in compliance status log - CustomerIntelligenceManager: sanitize customerId in exception message, escape single quotes in Cypher query to prevent injection - NISTComplianceService: sanitize audit entry Details fields, lock EvidenceRecord mutation for thread safety, capture TotalCount inside lock for consistent snapshot - AdaptiveBalanceService: snapshot ConcurrentBag for confidence calc, lock DimensionState reads/writes for atomic updates - Agents page: remove role="grid" (no 2D nav), add focus-visible ring - Remove coverage/ artifacts from git, add to .gitignore * chore(deps): pin dependency node to 22.22.1 * Fix gh-pages deploy: grant contents write permission to GITHUB_TOKEN The peaceiris/actions-gh-pages action needs push access to the gh-pages branch. Added job-level permissions and removed unused ACTIONS_DEPLOY_KEY env. * Phase 14b: UI component library integration — shadcn/ui, design tokens, Tailwind v4 Merge CognitiveMeshUI repo (169 files): 48 shadcn/ui components with Radix UI deps, design tokens via Style Dictionary v5, Storybook v10 config. Key changes: - Install 27 @radix-ui/* packages + cmdk, recharts@3, sonner, vaul, etc. - Move components/ui/ → src/components/ui/ with TS validation enabled - Move hooks (use-mobile, use-toast) and theme-provider into src/ - Add lib/utils.ts (shadcn cn() helper) - Migrate Tailwind v3 → v4 (@tailwindcss/postcss + @config directive) - Fix all 150+ TypeScript errors across components, visualizations, lib modules - Harden Next.js 16 SSR (Suspense boundaries, window guards, env fallbacks) - Remove dead code: BridgeHeader, FXModePanel, LayoutToolsPanel, VoiceFeedback - Delete duplicate /settings route (kept (app)/settings) - Update MIGRATION.md (100% complete) and AGENT_BACKLOG.md (Phase 14b ✓) * chore(deps): update entity framework core to v10.0.4 * fix(deps): pin dependencies * chore(deps): update microsoft.extensions to v10.0.4 * fix(deps): update all non-major dependencies * fix(deps): update all non-major dependencies (#360) * Phase 15 Batch A: Settings, Notifications, Profile * Phase 15 Batch A: Settings, Notification Preferences, User Profile FE-008: Enhanced settings page with language selector (en-US/fr-FR/de-DE), Data & Privacy consent toggles (analytics, telemetry, personalized content, third-party sharing), descriptions on all toggles, save confirmation. FE-009: New /settings/notifications page with channel toggles (email, push, SMS, in-app), 5 notification categories with per-category enable/disable, quiet hours with start/end time and timezone. FE-010: New /profile page with account info, role badges (Admin/Analyst/ Viewer), GDPR & EU AI Act consent management (4 consent types), privacy summary with status dots, data export request (GDPR Article 20), session info. Added Profile nav item with User icon to sidebar. Store: Extended usePreferencesStore with language, privacyConsent, and notificationPreferences state + actions (setLanguage, setPrivacyConsent, setNotificationChannel, setQuietHours). Build: 14 pages generated (was 12), 0 TypeScript errors. * Address PR review findings: Link, i18n, GDPR persistence, shared toggle - Replace <a> with Next.js <Link> in settings, notifications, profile pages - Call i18n.changeLanguage() on language select for immediate effect - Move GDPR consent from local useState to Zustand store (persisted) - Add GdprConsentRecord type + setGdprConsent action to preferences store - Fix "Authenticated since" to use useMemo (stable across re-renders) - Extract shared ToggleRow/ToggleButton to components/ui/toggle-switch.tsx - Replace freeform timezone input with curated timezone <select> - Add accessible label (htmlFor) to timezone select - Fix store doc comment: local-only with TODO for backend sync - Use canonical Tailwind class bg-white/2 * Fix ~40 code quality issues across backend and frontend Backend: CancellationToken propagation, atomic ConcurrentDictionary updates, Cypher injection prevention via regex validation, authority override revocation. UI components: forwardRef type corrections, aria-hidden/aria-label a11y fixes, event listener cleanup, CSS sanitization for dangerouslySetInnerHTML, unique keys with index fallback, variant priority fix, displayName casing. Pages/hooks/stores: open redirect prevention, SSR hydration fix, timer cleanup, SignalR mounted guard, auth token expiry check, Array.isArray guard, crypto randomUUID replacing module counter, Zustand persist with versioned migration, devDependencies cleanup, dark-themed select options. * Phase 15b: 5 widget PRDs, frontend Docker, K8s, Terraform Widgets (FE-011 to FE-015): - NIST Compliance: maturity gauge, gap analysis table, compliance timeline - Adaptive Balance: spectrum sliders, balance history chart - Value Generation: radar chart, organizational blindness heatmap - Impact Metrics: safety gauge, impact radar, resistance timeline - Cognitive Sandwich: phase stepper, burndown chart CI/CD (FECICD-002 to FECICD-004): - Frontend Dockerfile (multi-stage, standalone, non-root) - Docker Compose with frontend + API services - Frontend deploy pipeline (ACR → AKS staging → prod) - Dependabot npm coverage for frontend deps - CodeQL TypeScript analysis Infrastructure (FECICD-005, FECICD-006): - K8s frontend manifests (deployment, service, configmap, ingress) - K8s overlays (dev: 1 replica, staging: 2, prod: 3 + TLS) - Terraform frontend-hosting module (Azure App Service, Node.js 22) * Orchestrator: Phase 15 complete — 95/109 items done Frontend grade C→B. 5 widget PRDs built (NIST, Adaptive Balance, Value Gen, Impact Metrics, Cognitive Sandwich). Frontend Docker, K8s manifests, Terraform module, deploy pipeline, Dependabot npm, CodeQL TypeScript all added. 14 items remaining for Phases 16-17. --------- * fix(deps): update all non-major dependencies (#368) * chore(deps): update dependency azure.identity to v1.19.0 (#369) * fix(deps): update all non-major dependencies (#370) * fix(deps): update all non-major dependencies (#373) * chore(deps): update all non-major dependencies (#374) * fix(deps): update all non-major dependencies (#375) * fix(deps): update dependency shadcn to v4.0.8 (#376) * fix(deps): update dependency zustand to v5.0.12 (#378) * fix(deps): update all non-major dependencies (#379) * fix(deps): update all non-major dependencies (#383) * chore(ci): reduce CodeQL to weekly schedule + manual trigger (#384) Removes push and pull_request triggers to reduce GitHub Actions costs. Scans were running on every PR including Renovate dependency updates. * fix(deps): update all non-major dependencies (#385) * chore(deps): update dependency wolverinefx to v5.21.0 (#386) * fix(deps): update all non-major dependencies (#387) * fix(deps): update dependency i18next to v25.8.19 (#389) * fix(deps): update all non-major dependencies (#390) * chore(deps): update dependency @redocly/cli to v2.24.1 (#391) * chore(deps): update dependency microsoft.azure.cosmos to v3.58.0 (#393) * Potential fix for code scanning alert no. 545: Unused variable, import, function or class (#392) * chore(mcp): add kernel.sh cloud browser MCP server (#388) * chore(mcp): add kernel.sh cloud browser MCP server Adds kernel.sh as a managed cloud browser infrastructure tool alongside the existing playwright MCP. kernel.sh provides remote Chromium sessions via CDP, native MCP server, managed auth (2FA/SSO without exposing credentials to the LLM), and 72-hour session support. Requires: KERNEL_API_KEY env var (obtain from kernel.sh dashboard, store in Azure Key Vault or local .env — never commit). playwright MCP remains unchanged for local E2E testing. * feat(agency): add CIA 2.0 computation engine (ICognitiveAssessmentPort) Implements the Cognitive Impact Assessment 2.0 formula from the Cognitive Sovereignty AI Ethics framework: CIA2.0 = (TI + APS + MAR + ACR) / 4 × RW-CIA × SFI × (1 – STG) - CiaAssessmentRequest: four core metrics + contextual adjustments - CiaAssessmentResult: raw/adjusted CIA, CSI, sovereignty mode + rationale - ICognitiveAssessmentPort: async assessment interface - CognitiveAssessmentEngine: pure formula implementation with input validation - ServiceCollectionExtensions: registers ICognitiveAssessmentPort → CognitiveAssessmentEngine CSI is derived as Clamp(adjusted / RW-CIA, 0, 1), normalising back to [0,1]. Creative tasks always floor at HumanLed regardless of score. * feat(agency): add POST /cognitive/agency/route/computed endpoint Implements the computed routing variant that accepts raw CIA 2.0 interface metrics, runs CognitiveAssessmentEngine to derive CIA/CSI scores, then routes to the agency router — returning both the routing decision and the computed scores in a single response. - Injects ICognitiveAssessmentPort into CognitiveMeshController - Maps AgencyRouteComputedRequest → CiaAssessmentRequest → TaskContext - Computes fluency score from the 7 interaction quality metrics - Returns AgencyRouteComputedResponse with ComputedScores attached - Validates metric bounds via CognitiveAssessmentEngine (throws ArgumentOutOfRangeException → 400 Bad Request) --------- * fix(deps): update dependency i18next to v25.9.0 (#395) * Phase 16: Remaining widgets, role-based UI, frontend tests (#361) * Phase 15 Batch A: Settings, Notification Preferences, User Profile FE-008: Enhanced settings page with language selector (en-US/fr-FR/de-DE), Data & Privacy consent toggles (analytics, telemetry, personalized content, third-party sharing), descriptions on all toggles, save confirmation. FE-009: New /settings/notifications page with channel toggles (email, push, SMS, in-app), 5 notification categories with per-category enable/disable, quiet hours with start/end time and timezone. FE-010: New /profile page with account info, role badges (Admin/Analyst/ Viewer), GDPR & EU AI Act consent management (4 consent types), privacy summary with status dots, data export request (GDPR Article 20), session info. Added Profile nav item with User icon to sidebar. Store: Extended usePreferencesStore with language, privacyConsent, and notificationPreferences state + actions (setLanguage, setPrivacyConsent, setNotificationChannel, setQuietHours). Build: 14 pages generated (was 12), 0 TypeScript errors. * Address PR review findings: Link, i18n, GDPR persistence, shared toggle - Replace <a> with Next.js <Link> in settings, notifications, profile pages - Call i18n.changeLanguage() on language select for immediate effect - Move GDPR consent from local useState to Zustand store (persisted) - Add GdprConsentRecord type + setGdprConsent action to preferences store - Fix "Authenticated since" to use useMemo (stable across re-renders) - Extract shared ToggleRow/ToggleButton to components/ui/toggle-switch.tsx - Replace freeform timezone input with curated timezone <select> - Add accessible label (htmlFor) to timezone select - Fix store doc comment: local-only with TODO for backend sync - Use canonical Tailwind class bg-white/2 * Fix ~40 code quality issues across backend and frontend Backend: CancellationToken propagation, atomic ConcurrentDictionary updates, Cypher injection prevention via regex validation, authority override revocation. UI components: forwardRef type corrections, aria-hidden/aria-label a11y fixes, event listener cleanup, CSS sanitization for dangerouslySetInnerHTML, unique keys with index fallback, variant priority fix, displayName casing. Pages/hooks/stores: open redirect prevention, SSR hydration fix, timer cleanup, SignalR mounted guard, auth token expiry check, Array.isArray guard, crypto randomUUID replacing module counter, Zustand persist with versioned migration, devDependencies cleanup, dark-themed select options. * Phase 15b: 5 widget PRDs, frontend Docker, K8s, Terraform Widgets (FE-011 to FE-015): - NIST Compliance: maturity gauge, gap analysis table, compliance timeline - Adaptive Balance: spectrum sliders, balance history chart - Value Generation: radar chart, organizational blindness heatmap - Impact Metrics: safety gauge, impact radar, resistance timeline - Cognitive Sandwich: phase stepper, burndown chart CI/CD (FECICD-002 to FECICD-004): - Frontend Dockerfile (multi-stage, standalone, non-root) - Docker Compose with frontend + API services - Frontend deploy pipeline (ACR → AKS staging → prod) - Dependabot npm coverage for frontend deps - CodeQL TypeScript analysis Infrastructure (FECICD-005, FECICD-006): - K8s frontend manifests (deployment, service, configmap, ingress) - K8s overlays (dev: 1 replica, staging: 2, prod: 3 + TLS) - Terraform frontend-hosting module (Azure App Service, Node.js 22) * Orchestrator: Phase 15 complete — 95/109 items done Frontend grade C→B. 5 widget PRDs built (NIST, Adaptive Balance, Value Gen, Impact Metrics, Cognitive Sandwich). Frontend Docker, K8s manifests, Terraform module, deploy pipeline, Dependabot npm, CodeQL TypeScript all added. 14 items remaining for Phases 16-17. * Phase 16: Remaining widgets, role-based UI, 98 frontend tests Widgets (FE-016, FE-018 to FE-020): - Context Engineering: token usage chart, prompt optimization metrics - Convener: session timeline, orchestration modes - Marketplace: agent browser with search/filter, agent cards - Org Mesh: mesh topology visualization, node type legend App features (FE-021, FE-023): - Multi-page routing: all routes under App Router (app) group - RoleGuard component wrapping compliance page - Sidebar role indicator with user avatar Frontend tests (FETEST-001, FETEST-002): - 12 test suites, 98 tests passing - Components: toggle-switch, ConnectionIndicator, ErrorBoundary, Skeleton - Stores: useAgentStore, useNotificationStore, usePreferencesStore - Hooks: use-toast - Contexts: AuthContext - API: client setup, agent registry integration tests - Jest config: path aliases, file mocks, crypto polyfill * Phase 17: Advanced features, comprehensive test suite, full-stack validation P3-LOW features (FE-024, FE-025, FE-026): - ExportMenu: CSV/PNG export wired into Compliance and Impact dashboards - CommandPalette: Ctrl+K global search across all pages with fuzzy matching - PresenceIndicator: real-time user avatars via SignalR in TopBar - ActivityFeed: collapsible team activity panel via SignalR Advanced testing (FETEST-003, FETEST-004, FETEST-005): - E2E: dashboard flow, auth flow (login/logout/protected routes), settings flow - Visual regression: 10 snapshot tests across Skeleton + ConnectionIndicator - Performance: lazy loading verification, Zustand selector re-render isolation - Total: 18 suites, 137 tests passing Full-stack validation: - Backend: 0 errors, 0 warnings - Frontend: 0 TS errors, 137/137 tests passing * ci: Add workflow to create GitHub issues from PR #361 review comments (#394) * Initial plan * ci: add workflow and issue data to create GitHub issues from PR #361 review comments Agent-Logs-Url: https://github.com/phoenixvc/cognitive-mesh/sessions/b551d67f-8284-421d-b411-3850be2a0401 * ci: trigger issue creation workflow on push to branch (remove paths filter) Agent-Logs-Url: https://github.com/phoenixvc/cognitive-mesh/sessions/b551d67f-8284-421d-b411-3850be2a0401 --------- --------- * chore(deps): pin node.js (#362) * fix: bump Microsoft.Extensions.* and EF Core packages from 10.0.4 to 10.0.5 (#418) Agent-Logs-Url: https://github.com/phoenixvc/cognitive-mesh/sessions/f5b12a8c-e23a-4b57-8d8b-6ddf826b4931 * update badges (#420) Updated project name and added versioning and status badges. --------- Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com> Co-authored-by: Copilot <198982749+Copilot@users.noreply.github.com> Co-authored-by: JustAGhosT <5531814+JustAGhosT@users.noreply.github.com> * feat: Policy Store DB for Self-Healing Remediation Policies (PHO-5) (#377) * feat(pho-5): add PolicyStore and SelfHealing projects Implement the remediation policy store backed by Cosmos DB with in-memory caching, audit logging, default policy seeding, and the self-healing decision engine that consumes policies. New projects: - FoundationLayer/PolicyStore – models, ports, Cosmos DB adapter, options, seed data, and DI extensions - AgencyLayer/SelfHealing – remediation decision port and engine Co-Authored-By: Jurie Smit <smit.jurie@gmail.com> * test(pho-5): add unit tests for PolicyStore and SelfHealing - Add PolicyStore.Tests with 8 tests covering in-memory adapter contract, seed initialization, and fallback behavior - Add SelfHealing.Tests with 6 tests covering decision engine delegation, argument validation, and port interaction verification - Register all new projects in CognitiveMesh.sln with build configurations and solution folder nesting Co-Authored-By: Jurie Smit <smit.jurie@gmail.com> --------- Co-authored-by: Stilla <stilla@stilla.ai> * fix(docs): correct stale ecosystem names and fix README formatting (#423) * feat: ai written implement ations for most of the interfaces (#421) * Phase 14 foundation: Zustand stores, navigation, routing, SignalR, skeletons FE-005: 5 Zustand stores - useAuthStore: mirrors AuthContext for non-React consumers - useAgentStore: agent registry with real agenticApi integration - useDashboardStore: dashboard data (fetch-based, pending backend endpoints) - useNotificationStore: in-app notifications with unread tracking - usePreferencesStore: persisted user preferences (theme, accessibility) FE-022: Navigation components - Sidebar with collapsible sections, active route highlighting - TopBar with breadcrumbs, notification bell, connection indicator - MobileMenu responsive drawer (<768px) FE-021: Multi-page routing - (app) route group with shared layout (sidebar + topbar + ProtectedRoute) - 6 routes: /dashboard, /agents, /analytics, /compliance, /marketplace, /settings - Per-route loading.tsx and error.tsx boundaries - Dashboard page wired to useDashboardStore - Agents page wired to useAgentStore with table view - Settings page wired to usePreferencesStore with toggle controls FE-003: SignalR real-time client - useSignalR hook with auto-reconnect (exponential backoff) - subscribe/unsubscribe/invoke/joinGroup/leaveGroup methods - ConnectionIndicator component shows live status FE-007: Skeleton loading components - Skeleton, SkeletonCard, SkeletonTable, SkeletonMetric, SkeletonDashboard Dependencies: zustand@5.0.11, @microsoft/signalr@10.0.0 Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * FE-002: Wire real API, remove DashboardAPI mock - Root `/` now redirects to `/dashboard` (server-side via next/navigation) - Deleted `services/api.ts` (DashboardAPI singleton with hardcoded mock data) - Deleted `hooks/useDashboardData.ts` (hook wrapper around mock) - Dashboard page uses `useDashboardStore` fetching from real backend - Updated AGENT_BACKLOG.md: Phase 14 marked complete, Phase 14b added (CognitiveMeshUI component library integration) Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * Address PR review findings: security, a11y, error handling, API robustness Backend: - CORS empty-origins guard in Program.cs - Replace ThrowIfNullOrWhiteSpace with BadRequest in AdaptiveBalanceController - Add ProducesResponseType attributes, CancellationToken forwarding, error handling in AgentController and CustomerServiceController - Simplify AgentRegistryService circuit breaker delegation - Fix AuthorityService RevokeAuthorityOverrideAsync return and null-forgiving Frontend: - Prevent open redirect in login returnTo validation - Move ApiBootstrap inside ErrorBoundary in layout - Dev-only error messages in ErrorBoundary and error page - Guard e.message in ExtensionErrorSuppressor - Keyboard a11y on agent table rows, settings focus styles, label htmlFor - MobileMenu active state fix, Escape key, backdrop aria-hidden - navItems fallback group in groupBySections - Add pathname to ProtectedRoute useEffect deps - Toast aria-live on container - Fix agent store name mapping and dashboard store error handling - Auth context: logout in proactive-refresh deps, Secure cookie flag Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * Address PR review findings: security, a11y, race conditions, cleanup - AGENT_BACKLOG.md: fix item count (29→27), fix circular gate deferral - AgentController: propagate CancellationToken to all registry port calls - IAgentRegistryPort: add CancellationToken to Register/GetById/Deactivate - AgentRegistryService: sanitize framework in compliance status log - CustomerIntelligenceManager: sanitize customerId in exception message, escape single quotes in Cypher query to prevent injection - NISTComplianceService: sanitize audit entry Details fields, lock EvidenceRecord mutation for thread safety, capture TotalCount inside lock for consistent snapshot - AdaptiveBalanceService: snapshot ConcurrentBag for confidence calc, lock DimensionState reads/writes for atomic updates - Agents page: remove role="grid" (no 2D nav), add focus-visible ring - Remove coverage/ artifacts from git, add to .gitignore Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * chore(deps): pin dependency node to 22.22.1 * Fix gh-pages deploy: grant contents write permission to GITHUB_TOKEN The peaceiris/actions-gh-pages action needs push access to the gh-pages branch. Added job-level permissions and removed unused ACTIONS_DEPLOY_KEY env. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * Phase 14b: UI component library integration — shadcn/ui, design tokens, Tailwind v4 Merge CognitiveMeshUI repo (169 files): 48 shadcn/ui components with Radix UI deps, design tokens via Style Dictionary v5, Storybook v10 config. Key changes: - Install 27 @radix-ui/* packages + cmdk, recharts@3, sonner, vaul, etc. - Move components/ui/ → src/components/ui/ with TS validation enabled - Move hooks (use-mobile, use-toast) and theme-provider into src/ - Add lib/utils.ts (shadcn cn() helper) - Migrate Tailwind v3 → v4 (@tailwindcss/postcss + @config directive) - Fix all 150+ TypeScript errors across components, visualizations, lib modules - Harden Next.js 16 SSR (Suspense boundaries, window guards, env fallbacks) - Remove dead code: BridgeHeader, FXModePanel, LayoutToolsPanel, VoiceFeedback - Delete duplicate /settings route (kept (app)/settings) - Update MIGRATION.md (100% complete) and AGENT_BACKLOG.md (Phase 14b ✓) Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * chore(deps): update entity framework core to v10.0.4 * fix(deps): pin dependencies * chore(deps): update microsoft.extensions to v10.0.4 * fix(deps): update all non-major dependencies * fix(deps): update all non-major dependencies (#360) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * Phase 15 Batch A: Settings, Notifications, Profile * Phase 15 Batch A: Settings, Notification Preferences, User Profile FE-008: Enhanced settings page with language selector (en-US/fr-FR/de-DE), Data & Privacy consent toggles (analytics, telemetry, personalized content, third-party sharing), descriptions on all toggles, save confirmation. FE-009: New /settings/notifications page with channel toggles (email, push, SMS, in-app), 5 notification categories with per-category enable/disable, quiet hours with start/end time and timezone. FE-010: New /profile page with account info, role badges (Admin/Analyst/ Viewer), GDPR & EU AI Act consent management (4 consent types), privacy summary with status dots, data export request (GDPR Article 20), session info. Added Profile nav item with User icon to sidebar. Store: Extended usePreferencesStore with language, privacyConsent, and notificationPreferences state + actions (setLanguage, setPrivacyConsent, setNotificationChannel, setQuietHours). Build: 14 pages generated (was 12), 0 TypeScript errors. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * Address PR review findings: Link, i18n, GDPR persistence, shared toggle - Replace <a> with Next.js <Link> in settings, notifications, profile pages - Call i18n.changeLanguage() on language select for immediate effect - Move GDPR consent from local useState to Zustand store (persisted) - Add GdprConsentRecord type + setGdprConsent action to preferences store - Fix "Authenticated since" to use useMemo (stable across re-renders) - Extract shared ToggleRow/ToggleButton to components/ui/toggle-switch.tsx - Replace freeform timezone input with curated timezone <select> - Add accessible label (htmlFor) to timezone select - Fix store doc comment: local-only with TODO for backend sync - Use canonical Tailwind class bg-white/2 Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * Fix ~40 code quality issues across backend and frontend Backend: CancellationToken propagation, atomic ConcurrentDictionary updates, Cypher injection prevention via regex validation, authority override revocation. UI components: forwardRef type corrections, aria-hidden/aria-label a11y fixes, event listener cleanup, CSS sanitization for dangerouslySetInnerHTML, unique keys with index fallback, variant priority fix, displayName casing. Pages/hooks/stores: open redirect prevention, SSR hydration fix, timer cleanup, SignalR mounted guard, auth token expiry check, Array.isArray guard, crypto randomUUID replacing module counter, Zustand persist with versioned migration, devDependencies cleanup, dark-themed select options. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * Phase 15b: 5 widget PRDs, frontend Docker, K8s, Terraform Widgets (FE-011 to FE-015): - NIST Compliance: maturity gauge, gap analysis table, compliance timeline - Adaptive Balance: spectrum sliders, balance history chart - Value Generation: radar chart, organizational blindness heatmap - Impact Metrics: safety gauge, impact radar, resistance timeline - Cognitive Sandwich: phase stepper, burndown chart CI/CD (FECICD-002 to FECICD-004): - Frontend Dockerfile (multi-stage, standalone, non-root) - Docker Compose with frontend + API services - Frontend deploy pipeline (ACR → AKS staging → prod) - Dependabot npm coverage for frontend deps - CodeQL TypeScript analysis Infrastructure (FECICD-005, FECICD-006): - K8s frontend manifests (deployment, service, configmap, ingress) - K8s overlays (dev: 1 replica, staging: 2, prod: 3 + TLS) - Terraform frontend-hosting module (Azure App Service, Node.js 22) Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * Orchestrator: Phase 15 complete — 95/109 items done Frontend grade C→B. 5 widget PRDs built (NIST, Adaptive Balance, Value Gen, Impact Metrics, Cognitive Sandwich). Frontend Docker, K8s manifests, Terraform module, deploy pipeline, Dependabot npm, CodeQL TypeScript all added. 14 items remaining for Phases 16-17. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> --------- Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com> * fix(deps): update all non-major dependencies (#368) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * chore(deps): update dependency azure.identity to v1.19.0 (#369) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * fix(deps): update all non-major dependencies (#370) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * fix(deps): update all non-major dependencies (#373) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * chore(deps): update all non-major dependencies (#374) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * fix(deps): update all non-major dependencies (#375) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * fix(deps): update dependency shadcn to v4.0.8 (#376) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * fix(deps): update dependency zustand to v5.0.12 (#378) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * fix(deps): update all non-major dependencies (#379) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * fix(deps): update all non-major dependencies (#383) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * chore(ci): reduce CodeQL to weekly schedule + manual trigger (#384) Removes push and pull_request triggers to reduce GitHub Actions costs. Scans were running on every PR including Renovate dependency updates. Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com> * fix(deps): update all non-major dependencies (#385) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * chore(deps): update dependency wolverinefx to v5.21.0 (#386) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * fix(deps): update all non-major dependencies (#387) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * fix(deps): update dependency i18next to v25.8.19 (#389) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * fix(deps): update all non-major dependencies (#390) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * chore(deps): update dependency @redocly/cli to v2.24.1 (#391) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * chore(deps): update dependency microsoft.azure.cosmos to v3.58.0 (#393) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * Potential fix for code scanning alert no. 545: Unused variable, import, function or class (#392) Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com> * chore(mcp): add kernel.sh cloud browser MCP server (#388) * chore(mcp): add kernel.sh cloud browser MCP server Adds kernel.sh as a managed cloud browser infrastructure tool alongside the existing playwright MCP. kernel.sh provides remote Chromium sessions via CDP, native MCP server, managed auth (2FA/SSO without exposing credentials to the LLM), and 72-hour session support. Requires: KERNEL_API_KEY env var (obtain from kernel.sh dashboard, store in Azure Key Vault or local .env — never commit). playwright MCP remains unchanged for local E2E testing. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> * feat(agency): add CIA 2.0 computation engine (ICognitiveAssessmentPort) Implements the Cognitive Impact Assessment 2.0 formula from the Cognitive Sovereignty AI Ethics framework: CIA2.0 = (TI + APS + MAR + ACR) / 4 × RW-CIA × SFI × (1 – STG) - CiaAssessmentRequest: four core metrics + contextual adjustments - CiaAssessmentResult: raw/adjusted CIA, CSI, sovereignty mode + rationale - ICognitiveAssessmentPort: async assessment interface - CognitiveAssessmentEngine: pure formula implementation with input validation - ServiceCollectionExtensions: registers ICognitiveAssessmentPort → CognitiveAssessmentEngine CSI is derived as Clamp(adjusted / RW-CIA, 0, 1), normalising back to [0,1]. Creative tasks always floor at HumanLed regardless of score. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> * feat(agency): add POST /cognitive/agency/route/computed endpoint Implements the computed routing variant that accepts raw CIA 2.0 interface metrics, runs CognitiveAssessmentEngine to derive CIA/CSI scores, then routes to the agency router — returning both the routing decision and the computed scores in a single response. - Injects ICognitiveAssessmentPort into CognitiveMeshController - Maps AgencyRouteComputedRequest → CiaAssessmentRequest → TaskContext - Computes fluency score from the 7 interaction quality metrics - Returns AgencyRouteComputedResponse with ComputedScores attached - Validates metric bounds via CognitiveAssessmentEngine (throws ArgumentOutOfRangeException → 400 Bad Request) Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> --------- Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com> * fix(deps): update dependency i18next to v25.9.0 (#395) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * Phase 16: Remaining widgets, role-based UI, frontend tests (#361) * Phase 15 Batch A: Settings, Notification Preferences, User Profile FE-008: Enhanced settings page with language selector (en-US/fr-FR/de-DE), Data & Privacy consent toggles (analytics, telemetry, personalized content, third-party sharing), descriptions on all toggles, save confirmation. FE-009: New /settings/notifications page with channel toggles (email, push, SMS, in-app), 5 notification categories with per-category enable/disable, quiet hours with start/end time and timezone. FE-010: New /profile page with account info, role badges (Admin/Analyst/ Viewer), GDPR & EU AI Act consent management (4 consent types), privacy summary with status dots, data export request (GDPR Article 20), session info. Added Profile nav item with User icon to sidebar. Store: Extended usePreferencesStore with language, privacyConsent, and notificationPreferences state + actions (setLanguage, setPrivacyConsent, setNotificationChannel, setQuietHours). Build: 14 pages generated (was 12), 0 TypeScript errors. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * Address PR review findings: Link, i18n, GDPR persistence, shared toggle - Replace <a> with Next.js <Link> in settings, notifications, profile pages - Call i18n.changeLanguage() on language select for immediate effect - Move GDPR consent from local useState to Zustand store (persisted) - Add GdprConsentRecord type + setGdprConsent action to preferences store - Fix "Authenticated since" to use useMemo (stable across re-renders) - Extract shared ToggleRow/ToggleButton to components/ui/toggle-switch.tsx - Replace freeform timezone input with curated timezone <select> - Add accessible label (htmlFor) to timezone select - Fix store doc comment: local-only with TODO for backend sync - Use canonical Tailwind class bg-white/2 Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * Fix ~40 code quality issues across backend and frontend Backend: CancellationToken propagation, atomic ConcurrentDictionary updates, Cypher injection prevention via regex validation, authority override revocation. UI components: forwardRef type corrections, aria-hidden/aria-label a11y fixes, event listener cleanup, CSS sanitization for dangerouslySetInnerHTML, unique keys with index fallback, variant priority fix, displayName casing. Pages/hooks/stores: open redirect prevention, SSR hydration fix, timer cleanup, SignalR mounted guard, auth token expiry check, Array.isArray guard, crypto randomUUID replacing module counter, Zustand persist with versioned migration, devDependencies cleanup, dark-themed select options. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * Phase 15b: 5 widget PRDs, frontend Docker, K8s, Terraform Widgets (FE-011 to FE-015): - NIST Compliance: maturity gauge, gap analysis table, compliance timeline - Adaptive Balance: spectrum sliders, balance history chart - Value Generation: radar chart, organizational blindness heatmap - Impact Metrics: safety gauge, impact radar, resistance timeline - Cognitive Sandwich: phase stepper, burndown chart CI/CD (FECICD-002 to FECICD-004): - Frontend Dockerfile (multi-stage, standalone, non-root) - Docker Compose with frontend + API services - Frontend deploy pipeline (ACR → AKS staging → prod) - Dependabot npm coverage for frontend deps - CodeQL TypeScript analysis Infrastructure (FECICD-005, FECICD-006): - K8s frontend manifests (deployment, service, configmap, ingress) - K8s overlays (dev: 1 replica, staging: 2, prod: 3 + TLS) - Terraform frontend-hosting module (Azure App Service, Node.js 22) Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * Orchestrator: Phase 15 complete — 95/109 items done Frontend grade C→B. 5 widget PRDs built (NIST, Adaptive Balance, Value Gen, Impact Metrics, Cognitive Sandwich). Frontend Docker, K8s manifests, Terraform module, deploy pipeline, Dependabot npm, CodeQL TypeScript all added. 14 items remaining for Phases 16-17. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * Phase 16: Remaining widgets, role-based UI, 98 frontend tests Widgets (FE-016, FE-018 to FE-020): - Context Engineering: token usage chart, prompt optimization metrics - Convener: session timeline, orchestration modes - Marketplace: agent browser with search/filter, agent cards - Org Mesh: mesh topology visualization, node type legend App features (FE-021, FE-023): - Multi-page routing: all routes under App Router (app) group - RoleGuard component wrapping compliance page - Sidebar role indicator with user avatar Frontend tests (FETEST-001, FETEST-002): - 12 test suites, 98 tests passing - Components: toggle-switch, ConnectionIndicator, ErrorBoundary, Skeleton - Stores: useAgentStore, useNotificationStore, usePreferencesStore - Hooks: use-toast - Contexts: AuthContext - API: client setup, agent registry integration tests - Jest config: path aliases, file mocks, crypto polyfill Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * Phase 17: Advanced features, comprehensive test suite, full-stack validation P3-LOW features (FE-024, FE-025, FE-026): - ExportMenu: CSV/PNG export wired into Compliance and Impact dashboards - CommandPalette: Ctrl+K global search across all pages with fuzzy matching - PresenceIndicator: real-time user avatars via SignalR in TopBar - ActivityFeed: collapsible team activity panel via SignalR Advanced testing (FETEST-003, FETEST-004, FETEST-005): - E2E: dashboard flow, auth flow (login/logout/protected routes), settings flow - Visual regression: 10 snapshot tests across Skeleton + ConnectionIndicator - Performance: lazy loading verification, Zustand selector re-render isolation - Total: 18 suites, 137 tests passing Full-stack validation: - Backend: 0 errors, 0 warnings - Frontend: 0 TS errors, 137/137 tests passing Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * ci: Add workflow to create GitHub issues from PR #361 review comments (#394) * Initial plan * ci: add workflow and issue data to create GitHub issues from PR #361 review comments Co-authored-by: JustAGhosT <5531814+JustAGhosT@users.noreply.github.com> Agent-Logs-Url: https://github.com/phoenixvc/cognitive-mesh/sessions/b551d67f-8284-421d-b411-3850be2a0401 * ci: trigger issue creation workflow on push to branch (remove paths filter) Co-authored-by: JustAGhosT <5531814+JustAGhosT@users.noreply.github.com> Agent-Logs-Url: https://github.com/phoenixvc/cognitive-mesh/sessions/b551d67f-8284-421d-b411-3850be2a0401 --------- Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: JustAGhosT <5531814+JustAGhosT@users.noreply.github.com> --------- Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com> Co-authored-by: Copilot <198982749+Copilot@users.noreply.github.com> Co-authored-by: JustAGhosT <5531814+JustAGhosT@users.noreply.github.com> * chore(deps): pin node.js (#362) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>…

* Phase 14 foundation: Zustand stores, navigation, routing, SignalR, skeletons FE-005: 5 Zustand stores - useAuthStore: mirrors AuthContext for non-React consumers - useAgentStore: agent registry with real agenticApi integration - useDashboardStore: dashboard data (fetch-based, pending backend endpoints) - useNotificationStore: in-app notifications with unread tracking - usePreferencesStore: persisted user preferences (theme, accessibility) FE-022: Navigation components - Sidebar with collapsible sections, active route highlighting - TopBar with breadcrumbs, notification bell, connection indicator - MobileMenu responsive drawer (<768px) FE-021: Multi-page routing - (app) route group with shared layout (sidebar + topbar + ProtectedRoute) - 6 routes: /dashboard, /agents, /analytics, /compliance, /marketplace, /settings - Per-route loading.tsx and error.tsx boundaries - Dashboard page wired to useDashboardStore - Agents page wired to useAgentStore with table view - Settings page wired to usePreferencesStore with toggle controls FE-003: SignalR real-time client - useSignalR hook with auto-reconnect (exponential backoff) - subscribe/unsubscribe/invoke/joinGroup/leaveGroup methods - ConnectionIndicator component shows live status FE-007: Skeleton loading components - Skeleton, SkeletonCard, SkeletonTable, SkeletonMetric, SkeletonDashboard Dependencies: zustand@5.0.11, @microsoft/signalr@10.0.0 * FE-002: Wire real API, remove DashboardAPI mock - Root `/` now redirects to `/dashboard` (server-side via next/navigation) - Deleted `services/api.ts` (DashboardAPI singleton with hardcoded mock data) - Deleted `hooks/useDashboardData.ts` (hook wrapper around mock) - Dashboard page uses `useDashboardStore` fetching from real backend - Updated AGENT_BACKLOG.md: Phase 14 marked complete, Phase 14b added (CognitiveMeshUI component library integration) * Address PR review findings: security, a11y, error handling, API robustness Backend: - CORS empty-origins guard in Program.cs - Replace ThrowIfNullOrWhiteSpace with BadRequest in AdaptiveBalanceController - Add ProducesResponseType attributes, CancellationToken forwarding, error handling in AgentController and CustomerServiceController - Simplify AgentRegistryService circuit breaker delegation - Fix AuthorityService RevokeAuthorityOverrideAsync return and null-forgiving Frontend: - Prevent open redirect in login returnTo validation - Move ApiBootstrap inside ErrorBoundary in layout - Dev-only error messages in ErrorBoundary and error page - Guard e.message in ExtensionErrorSuppressor - Keyboard a11y on agent table rows, settings focus styles, label htmlFor - MobileMenu active state fix, Escape key, backdrop aria-hidden - navItems fallback group in groupBySections - Add pathname to ProtectedRoute useEffect deps - Toast aria-live on container - Fix agent store name mapping and dashboard store error handling - Auth context: logout in proactive-refresh deps, Secure cookie flag * Address PR review findings: security, a11y, race conditions, cleanup - AGENT_BACKLOG.md: fix item count (29→27), fix circular gate deferral - AgentController: propagate CancellationToken to all registry port calls - IAgentRegistryPort: add CancellationToken to Register/GetById/Deactivate - AgentRegistryService: sanitize framework in compliance status log - CustomerIntelligenceManager: sanitize customerId in exception message, escape single quotes in Cypher query to prevent injection - NISTComplianceService: sanitize audit entry Details fields, lock EvidenceRecord mutation for thread safety, capture TotalCount inside lock for consistent snapshot - AdaptiveBalanceService: snapshot ConcurrentBag for confidence calc, lock DimensionState reads/writes for atomic updates - Agents page: remove role="grid" (no 2D nav), add focus-visible ring - Remove coverage/ artifacts from git, add to .gitignore * chore(deps): pin dependency node to 22.22.1 * Fix gh-pages deploy: grant contents write permission to GITHUB_TOKEN The peaceiris/actions-gh-pages action needs push access to the gh-pages branch. Added job-level permissions and removed unused ACTIONS_DEPLOY_KEY env. * Phase 14b: UI component library integration — shadcn/ui, design tokens, Tailwind v4 Merge CognitiveMeshUI repo (169 files): 48 shadcn/ui components with Radix UI deps, design tokens via Style Dictionary v5, Storybook v10 config. Key changes: - Install 27 @radix-ui/* packages + cmdk, recharts@3, sonner, vaul, etc. - Move components/ui/ → src/components/ui/ with TS validation enabled - Move hooks (use-mobile, use-toast) and theme-provider into src/ - Add lib/utils.ts (shadcn cn() helper) - Migrate Tailwind v3 → v4 (@tailwindcss/postcss + @config directive) - Fix all 150+ TypeScript errors across components, visualizations, lib modules - Harden Next.js 16 SSR (Suspense boundaries, window guards, env fallbacks) - Remove dead code: BridgeHeader, FXModePanel, LayoutToolsPanel, VoiceFeedback - Delete duplicate /settings route (kept (app)/settings) - Update MIGRATION.md (100% complete) and AGENT_BACKLOG.md (Phase 14b ✓) * chore(deps): update entity framework core to v10.0.4 * fix(deps): pin dependencies * chore(deps): update microsoft.extensions to v10.0.4 * fix(deps): update all non-major dependencies * fix(deps): update all non-major dependencies (#360) * Phase 15 Batch A: Settings, Notifications, Profile * Phase 15 Batch A: Settings, Notification Preferences, User Profile FE-008: Enhanced settings page with language selector (en-US/fr-FR/de-DE), Data & Privacy consent toggles (analytics, telemetry, personalized content, third-party sharing), descriptions on all toggles, save confirmation. FE-009: New /settings/notifications page with channel toggles (email, push, SMS, in-app), 5 notification categories with per-category enable/disable, quiet hours with start/end time and timezone. FE-010: New /profile page with account info, role badges (Admin/Analyst/ Viewer), GDPR & EU AI Act consent management (4 consent types), privacy summary with status dots, data export request (GDPR Article 20), session info. Added Profile nav item with User icon to sidebar. Store: Extended usePreferencesStore with language, privacyConsent, and notificationPreferences state + actions (setLanguage, setPrivacyConsent, setNotificationChannel, setQuietHours). Build: 14 pages generated (was 12), 0 TypeScript errors. * Address PR review findings: Link, i18n, GDPR persistence, shared toggle - Replace <a> with Next.js <Link> in settings, notifications, profile pages - Call i18n.changeLanguage() on language select for immediate effect - Move GDPR consent from local useState to Zustand store (persisted) - Add GdprConsentRecord type + setGdprConsent action to preferences store - Fix "Authenticated since" to use useMemo (stable across re-renders) - Extract shared ToggleRow/ToggleButton to components/ui/toggle-switch.tsx - Replace freeform timezone input with curated timezone <select> - Add accessible label (htmlFor) to timezone select - Fix store doc comment: local-only with TODO for backend sync - Use canonical Tailwind class bg-white/2 * Fix ~40 code quality issues across backend and frontend Backend: CancellationToken propagation, atomic ConcurrentDictionary updates, Cypher injection prevention via regex validation, authority override revocation. UI components: forwardRef type corrections, aria-hidden/aria-label a11y fixes, event listener cleanup, CSS sanitization for dangerouslySetInnerHTML, unique keys with index fallback, variant priority fix, displayName casing. Pages/hooks/stores: open redirect prevention, SSR hydration fix, timer cleanup, SignalR mounted guard, auth token expiry check, Array.isArray guard, crypto randomUUID replacing module counter, Zustand persist with versioned migration, devDependencies cleanup, dark-themed select options. * Phase 15b: 5 widget PRDs, frontend Docker, K8s, Terraform Widgets (FE-011 to FE-015): - NIST Compliance: maturity gauge, gap analysis table, compliance timeline - Adaptive Balance: spectrum sliders, balance history chart - Value Generation: radar chart, organizational blindness heatmap - Impact Metrics: safety gauge, impact radar, resistance timeline - Cognitive Sandwich: phase stepper, burndown chart CI/CD (FECICD-002 to FECICD-004): - Frontend Dockerfile (multi-stage, standalone, non-root) - Docker Compose with frontend + API services - Frontend deploy pipeline (ACR → AKS staging → prod) - Dependabot npm coverage for frontend deps - CodeQL TypeScript analysis Infrastructure (FECICD-005, FECICD-006): - K8s frontend manifests (deployment, service, configmap, ingress) - K8s overlays (dev: 1 replica, staging: 2, prod: 3 + TLS) - Terraform frontend-hosting module (Azure App Service, Node.js 22) * Orchestrator: Phase 15 complete — 95/109 items done Frontend grade C→B. 5 widget PRDs built (NIST, Adaptive Balance, Value Gen, Impact Metrics, Cognitive Sandwich). Frontend Docker, K8s manifests, Terraform module, deploy pipeline, Dependabot npm, CodeQL TypeScript all added. 14 items remaining for Phases 16-17. --------- * fix(deps): update all non-major dependencies (#368) * chore(deps): update dependency azure.identity to v1.19.0 (#369) * fix(deps): update all non-major dependencies (#370) * fix(deps): update all non-major dependencies (#373) * chore(deps): update all non-major dependencies (#374) * fix(deps): update all non-major dependencies (#375) * fix(deps): update dependency shadcn to v4.0.8 (#376) * fix(deps): update dependency zustand to v5.0.12 (#378) * fix(deps): update all non-major dependencies (#379) * fix(deps): update all non-major dependencies (#383) * chore(ci): reduce CodeQL to weekly schedule + manual trigger (#384) Removes push and pull_request triggers to reduce GitHub Actions costs. Scans were running on every PR including Renovate dependency updates. * fix(deps): update all non-major dependencies (#385) * chore(deps): update dependency wolverinefx to v5.21.0 (#386) * fix(deps): update all non-major dependencies (#387) * fix(deps): update dependency i18next to v25.8.19 (#389) * fix(deps): update all non-major dependencies (#390) * chore(deps): update dependency @redocly/cli to v2.24.1 (#391) * chore(deps): update dependency microsoft.azure.cosmos to v3.58.0 (#393) * Potential fix for code scanning alert no. 545: Unused variable, import, function or class (#392) * chore(mcp): add kernel.sh cloud browser MCP server (#388) * chore(mcp): add kernel.sh cloud browser MCP server Adds kernel.sh as a managed cloud browser infrastructure tool alongside the existing playwright MCP. kernel.sh provides remote Chromium sessions via CDP, native MCP server, managed auth (2FA/SSO without exposing credentials to the LLM), and 72-hour session support. Requires: KERNEL_API_KEY env var (obtain from kernel.sh dashboard, store in Azure Key Vault or local .env — never commit). playwright MCP remains unchanged for local E2E testing. * feat(agency): add CIA 2.0 computation engine (ICognitiveAssessmentPort) Implements the Cognitive Impact Assessment 2.0 formula from the Cognitive Sovereignty AI Ethics framework: CIA2.0 = (TI + APS + MAR + ACR) / 4 × RW-CIA × SFI × (1 – STG) - CiaAssessmentRequest: four core metrics + contextual adjustments - CiaAssessmentResult: raw/adjusted CIA, CSI, sovereignty mode + rationale - ICognitiveAssessmentPort: async assessment interface - CognitiveAssessmentEngine: pure formula implementation with input validation - ServiceCollectionExtensions: registers ICognitiveAssessmentPort → CognitiveAssessmentEngine CSI is derived as Clamp(adjusted / RW-CIA, 0, 1), normalising back to [0,1]. Creative tasks always floor at HumanLed regardless of score. * feat(agency): add POST /cognitive/agency/route/computed endpoint Implements the computed routing variant that accepts raw CIA 2.0 interface metrics, runs CognitiveAssessmentEngine to derive CIA/CSI scores, then routes to the agency router — returning both the routing decision and the computed scores in a single response. - Injects ICognitiveAssessmentPort into CognitiveMeshController - Maps AgencyRouteComputedRequest → CiaAssessmentRequest → TaskContext - Computes fluency score from the 7 interaction quality metrics - Returns AgencyRouteComputedResponse with ComputedScores attached - Validates metric bounds via CognitiveAssessmentEngine (throws ArgumentOutOfRangeException → 400 Bad Request) --------- * fix(deps): update dependency i18next to v25.9.0 (#395) * Phase 16: Remaining widgets, role-based UI, frontend tests (#361) * Phase 15 Batch A: Settings, Notification Preferences, User Profile FE-008: Enhanced settings page with language selector (en-US/fr-FR/de-DE), Data & Privacy consent toggles (analytics, telemetry, personalized content, third-party sharing), descriptions on all toggles, save confirmation. FE-009: New /settings/notifications page with channel toggles (email, push, SMS, in-app), 5 notification categories with per-category enable/disable, quiet hours with start/end time and timezone. FE-010: New /profile page with account info, role badges (Admin/Analyst/ Viewer), GDPR & EU AI Act consent management (4 consent types), privacy summary with status dots, data export request (GDPR Article 20), session info. Added Profile nav item with User icon to sidebar. Store: Extended usePreferencesStore with language, privacyConsent, and notificationPreferences state + actions (setLanguage, setPrivacyConsent, setNotificationChannel, setQuietHours). Build: 14 pages generated (was 12), 0 TypeScript errors. * Address PR review findings: Link, i18n, GDPR persistence, shared toggle - Replace <a> with Next.js <Link> in settings, notifications, profile pages - Call i18n.changeLanguage() on language select for immediate effect - Move GDPR consent from local useState to Zustand store (persisted) - Add GdprConsentRecord type + setGdprConsent action to preferences store - Fix "Authenticated since" to use useMemo (stable across re-renders) - Extract shared ToggleRow/ToggleButton to components/ui/toggle-switch.tsx - Replace freeform timezone input with curated timezone <select> - Add accessible label (htmlFor) to timezone select - Fix store doc comment: local-only with TODO for backend sync - Use canonical Tailwind class bg-white/2 * Fix ~40 code quality issues across backend and frontend Backend: CancellationToken propagation, atomic ConcurrentDictionary updates, Cypher injection prevention via regex validation, authority override revocation. UI components: forwardRef type corrections, aria-hidden/aria-label a11y fixes, event listener cleanup, CSS sanitization for dangerouslySetInnerHTML, unique keys with index fallback, variant priority fix, displayName casing. Pages/hooks/stores: open redirect prevention, SSR hydration fix, timer cleanup, SignalR mounted guard, auth token expiry check, Array.isArray guard, crypto randomUUID replacing module counter, Zustand persist with versioned migration, devDependencies cleanup, dark-themed select options. * Phase 15b: 5 widget PRDs, frontend Docker, K8s, Terraform Widgets (FE-011 to FE-015): - NIST Compliance: maturity gauge, gap analysis table, compliance timeline - Adaptive Balance: spectrum sliders, balance history chart - Value Generation: radar chart, organizational blindness heatmap - Impact Metrics: safety gauge, impact radar, resistance timeline - Cognitive Sandwich: phase stepper, burndown chart CI/CD (FECICD-002 to FECICD-004): - Frontend Dockerfile (multi-stage, standalone, non-root) - Docker Compose with frontend + API services - Frontend deploy pipeline (ACR → AKS staging → prod) - Dependabot npm coverage for frontend deps - CodeQL TypeScript analysis Infrastructure (FECICD-005, FECICD-006): - K8s frontend manifests (deployment, service, configmap, ingress) - K8s overlays (dev: 1 replica, staging: 2, prod: 3 + TLS) - Terraform frontend-hosting module (Azure App Service, Node.js 22) * Orchestrator: Phase 15 complete — 95/109 items done Frontend grade C→B. 5 widget PRDs built (NIST, Adaptive Balance, Value Gen, Impact Metrics, Cognitive Sandwich). Frontend Docker, K8s manifests, Terraform module, deploy pipeline, Dependabot npm, CodeQL TypeScript all added. 14 items remaining for Phases 16-17. * Phase 16: Remaining widgets, role-based UI, 98 frontend tests Widgets (FE-016, FE-018 to FE-020): - Context Engineering: token usage chart, prompt optimization metrics - Convener: session timeline, orchestration modes - Marketplace: agent browser with search/filter, agent cards - Org Mesh: mesh topology visualization, node type legend App features (FE-021, FE-023): - Multi-page routing: all routes under App Router (app) group - RoleGuard component wrapping compliance page - Sidebar role indicator with user avatar Frontend tests (FETEST-001, FETEST-002): - 12 test suites, 98 tests passing - Components: toggle-switch, ConnectionIndicator, ErrorBoundary, Skeleton - Stores: useAgentStore, useNotificationStore, usePreferencesStore - Hooks: use-toast - Contexts: AuthContext - API: client setup, agent registry integration tests - Jest config: path aliases, file mocks, crypto polyfill * Phase 17: Advanced features, comprehensive test suite, full-stack validation P3-LOW features (FE-024, FE-025, FE-026): - ExportMenu: CSV/PNG export wired into Compliance and Impact dashboards - CommandPalette: Ctrl+K global search across all pages with fuzzy matching - PresenceIndicator: real-time user avatars via SignalR in TopBar - ActivityFeed: collapsible team activity panel via SignalR Advanced testing (FETEST-003, FETEST-004, FETEST-005): - E2E: dashboard flow, auth flow (login/logout/protected routes), settings flow - Visual regression: 10 snapshot tests across Skeleton + ConnectionIndicator - Performance: lazy loading verification, Zustand selector re-render isolation - Total: 18 suites, 137 tests passing Full-stack validation: - Backend: 0 errors, 0 warnings - Frontend: 0 TS errors, 137/137 tests passing * ci: Add workflow to create GitHub issues from PR #361 review comments (#394) * Initial plan * ci: add workflow and issue data to create GitHub issues from PR #361 review comments Agent-Logs-Url: https://github.com/phoenixvc/cognitive-mesh/sessions/b551d67f-8284-421d-b411-3850be2a0401 * ci: trigger issue creation workflow on push to branch (remove paths filter) Agent-Logs-Url: https://github.com/phoenixvc/cognitive-mesh/sessions/b551d67f-8284-421d-b411-3850be2a0401 --------- --------- * chore(deps): pin node.js (#362) * fix: bump Microsoft.Extensions.* and EF Core packages from 10.0.4 to 10.0.5 (#418) Agent-Logs-Url: https://github.com/phoenixvc/cognitive-mesh/sessions/f5b12a8c-e23a-4b57-8d8b-6ddf826b4931 * update badges (#420) Updated project name and added versioning and status badges. * feat: ai written implement ations for most of the interfaces (#421) (#422) * Phase 14 foundation: Zustand stores, navigation, routing, SignalR, skeletons FE-005: 5 Zustand stores - useAuthStore: mirrors AuthContext for non-React consumers - useAgentStore: agent registry with real agenticApi integration - useDashboardStore: dashboard data (fetch-based, pending backend endpoints) - useNotificationStore: in-app notifications with unread tracking - usePreferencesStore: persisted user preferences (theme, accessibility) FE-022: Navigation components - Sidebar with collapsible sections, active route highlighting - TopBar with breadcrumbs, notification bell, connection indicator - MobileMenu responsive drawer (<768px) FE-021: Multi-page routing - (app) route group with shared layout (sidebar + topbar + ProtectedRoute) - 6 routes: /dashboard, /agents, /analytics, /compliance, /marketplace, /settings - Per-route loading.tsx and error.tsx boundaries - Dashboard page wired to useDashboardStore - Agents page wired to useAgentStore with table view - Settings page wired to usePreferencesStore with toggle controls FE-003: SignalR real-time client - useSignalR hook with auto-reconnect (exponential backoff) - subscribe/unsubscribe/invoke/joinGroup/leaveGroup methods - ConnectionIndicator component shows live status FE-007: Skeleton loading components - Skeleton, SkeletonCard, SkeletonTable, SkeletonMetric, SkeletonDashboard Dependencies: zustand@5.0.11, @microsoft/signalr@10.0.0 * FE-002: Wire real API, remove DashboardAPI mock - Root `/` now redirects to `/dashboard` (server-side via next/navigation) - Deleted `services/api.ts` (DashboardAPI singleton with hardcoded mock data) - Deleted `hooks/useDashboardData.ts` (hook wrapper around mock) - Dashboard page uses `useDashboardStore` fetching from real backend - Updated AGENT_BACKLOG.md: Phase 14 marked complete, Phase 14b added (CognitiveMeshUI component library integration) * Address PR review findings: security, a11y, error handling, API robustness Backend: - CORS empty-origins guard in Program.cs - Replace ThrowIfNullOrWhiteSpace with BadRequest in AdaptiveBalanceController - Add ProducesResponseType attributes, CancellationToken forwarding, error handling in AgentController and CustomerServiceController - Simplify AgentRegistryService circuit breaker delegation - Fix AuthorityService RevokeAuthorityOverrideAsync return and null-forgiving Frontend: - Prevent open redirect in login returnTo validation - Move ApiBootstrap inside ErrorBoundary in layout - Dev-only error messages in ErrorBoundary and error page - Guard e.message in ExtensionErrorSuppressor - Keyboard a11y on agent table rows, settings focus styles, label htmlFor - MobileMenu active state fix, Escape key, backdrop aria-hidden - navItems fallback group in groupBySections - Add pathname to ProtectedRoute useEffect deps - Toast aria-live on container - Fix agent store name mapping and dashboard store error handling - Auth context: logout in proactive-refresh deps, Secure cookie flag * Address PR review findings: security, a11y, race conditions, cleanup - AGENT_BACKLOG.md: fix item count (29→27), fix circular gate deferral - AgentController: propagate CancellationToken to all registry port calls - IAgentRegistryPort: add CancellationToken to Register/GetById/Deactivate - AgentRegistryService: sanitize framework in compliance status log - CustomerIntelligenceManager: sanitize customerId in exception message, escape single quotes in Cypher query to prevent injection - NISTComplianceService: sanitize audit entry Details fields, lock EvidenceRecord mutation for thread safety, capture TotalCount inside lock for consistent snapshot - AdaptiveBalanceService: snapshot ConcurrentBag for confidence calc, lock DimensionState reads/writes for atomic updates - Agents page: remove role="grid" (no 2D nav), add focus-visible ring - Remove coverage/ artifacts from git, add to .gitignore * chore(deps): pin dependency node to 22.22.1 * Fix gh-pages deploy: grant contents write permission to GITHUB_TOKEN The peaceiris/actions-gh-pages action needs push access to the gh-pages branch. Added job-level permissions and removed unused ACTIONS_DEPLOY_KEY env. * Phase 14b: UI component library integration — shadcn/ui, design tokens, Tailwind v4 Merge CognitiveMeshUI repo (169 files): 48 shadcn/ui components with Radix UI deps, design tokens via Style Dictionary v5, Storybook v10 config. Key changes: - Install 27 @radix-ui/* packages + cmdk, recharts@3, sonner, vaul, etc. - Move components/ui/ → src/components/ui/ with TS validation enabled - Move hooks (use-mobile, use-toast) and theme-provider into src/ - Add lib/utils.ts (shadcn cn() helper) - Migrate Tailwind v3 → v4 (@tailwindcss/postcss + @config directive) - Fix all 150+ TypeScript errors across components, visualizations, lib modules - Harden Next.js 16 SSR (Suspense boundaries, window guards, env fallbacks) - Remove dead code: BridgeHeader, FXModePanel, LayoutToolsPanel, VoiceFeedback - Delete duplicate /settings route (kept (app)/settings) - Update MIGRATION.md (100% complete) and AGENT_BACKLOG.md (Phase 14b ✓) * chore(deps): update entity framework core to v10.0.4 * fix(deps): pin dependencies * chore(deps): update microsoft.extensions to v10.0.4 * fix(deps): update all non-major dependencies * fix(deps): update all non-major dependencies (#360) * Phase 15 Batch A: Settings, Notifications, Profile * Phase 15 Batch A: Settings, Notification Preferences, User Profile FE-008: Enhanced settings page with language selector (en-US/fr-FR/de-DE), Data & Privacy consent toggles (analytics, telemetry, personalized content, third-party sharing), descriptions on all toggles, save confirmation. FE-009: New /settings/notifications page with channel toggles (email, push, SMS, in-app), 5 notification categories with per-category enable/disable, quiet hours with start/end time and timezone. FE-010: New /profile page with account info, role badges (Admin/Analyst/ Viewer), GDPR & EU AI Act consent management (4 consent types), privacy summary with status dots, data export request (GDPR Article 20), session info. Added Profile nav item with User icon to sidebar. Store: Extended usePreferencesStore with language, privacyConsent, and notificationPreferences state + actions (setLanguage, setPrivacyConsent, setNotificationChannel, setQuietHours). Build: 14 pages generated (was 12), 0 TypeScript errors. * Address PR review findings: Link, i18n, GDPR persistence, shared toggle - Replace <a> with Next.js <Link> in settings, notifications, profile pages - Call i18n.changeLanguage() on language select for immediate effect - Move GDPR consent from local useState to Zustand store (persisted) - Add GdprConsentRecord type + setGdprConsent action to preferences store - Fix "Authenticated since" to use useMemo (stable across re-renders) - Extract shared ToggleRow/ToggleButton to components/ui/toggle-switch.tsx - Replace freeform timezone input with curated timezone <select> - Add accessible label (htmlFor) to timezone select - Fix store doc comment: local-only with TODO for backend sync - Use canonical Tailwind class bg-white/2 * Fix ~40 code quality issues across backend and frontend Backend: CancellationToken propagation, atomic ConcurrentDictionary updates, Cypher injection prevention via regex validation, authority override revocation. UI components: forwardRef type corrections, aria-hidden/aria-label a11y fixes, event listener cleanup, CSS sanitization for dangerouslySetInnerHTML, unique keys with index fallback, variant priority fix, displayName casing. Pages/hooks/stores: open redirect prevention, SSR hydration fix, timer cleanup, SignalR mounted guard, auth token expiry check, Array.isArray guard, crypto randomUUID replacing module counter, Zustand persist with versioned migration, devDependencies cleanup, dark-themed select options. * Phase 15b: 5 widget PRDs, frontend Docker, K8s, Terraform Widgets (FE-011 to FE-015): - NIST Compliance: maturity gauge, gap analysis table, compliance timeline - Adaptive Balance: spectrum sliders, balance history chart - Value Generation: radar chart, organizational blindness heatmap - Impact Metrics: safety gauge, impact radar, resistance timeline - Cognitive Sandwich: phase stepper, burndown chart CI/CD (FECICD-002 to FECICD-004): - Frontend Dockerfile (multi-stage, standalone, non-root) - Docker Compose with frontend + API services - Frontend deploy pipeline (ACR → AKS staging → prod) - Dependabot npm coverage for frontend deps - CodeQL TypeScript analysis Infrastructure (FECICD-005, FECICD-006): - K8s frontend manifests (deployment, service, configmap, ingress) - K8s overlays (dev: 1 replica, staging: 2, prod: 3 + TLS) - Terraform frontend-hosting module (Azure App Service, Node.js 22) * Orchestrator: Phase 15 complete — 95/109 items done Frontend grade C→B. 5 widget PRDs built (NIST, Adaptive Balance, Value Gen, Impact Metrics, Cognitive Sandwich). Frontend Docker, K8s manifests, Terraform module, deploy pipeline, Dependabot npm, CodeQL TypeScript all added. 14 items remaining for Phases 16-17. --------- * fix(deps): update all non-major dependencies (#368) * chore(deps): update dependency azure.identity to v1.19.0 (#369) * fix(deps): update all non-major dependencies (#370) * fix(deps): update all non-major dependencies (#373) * chore(deps): update all non-major dependencies (#374) * fix(deps): update all non-major dependencies (#375) * fix(deps): update dependency shadcn to v4.0.8 (#376) * fix(deps): update dependency zustand to v5.0.12 (#378) * fix(deps): update all non-major dependencies (#379) * fix(deps): update all non-major dependencies (#383) * chore(ci): reduce CodeQL to weekly schedule + manual trigger (#384) Removes push and pull_request triggers to reduce GitHub Actions costs. Scans were running on every PR including Renovate dependency updates. * fix(deps): update all non-major dependencies (#385) * chore(deps): update dependency wolverinefx to v5.21.0 (#386) * fix(deps): update all non-major dependencies (#387) * fix(deps): update dependency i18next to v25.8.19 (#389) * fix(deps): update all non-major dependencies (#390) * chore(deps): update dependency @redocly/cli to v2.24.1 (#391) * chore(deps): update dependency microsoft.azure.cosmos to v3.58.0 (#393) * Potential fix for code scanning alert no. 545: Unused variable, import, function or class (#392) * chore(mcp): add kernel.sh cloud browser MCP server (#388) * chore(mcp): add kernel.sh cloud browser MCP server Adds kernel.sh as a managed cloud browser infrastructure tool alongside the existing playwright MCP. kernel.sh provides remote Chromium sessions via CDP, native MCP server, managed auth (2FA/SSO without exposing credentials to the LLM), and 72-hour session support. Requires: KERNEL_API_KEY env var (obtain from kernel.sh dashboard, store in Azure Key Vault or local .env — never commit). playwright MCP remains unchanged for local E2E testing. * feat(agency): add CIA 2.0 computation engine (ICognitiveAssessmentPort) Implements the Cognitive Impact Assessment 2.0 formula from the Cognitive Sovereignty AI Ethics framework: CIA2.0 = (TI + APS + MAR + ACR) / 4 × RW-CIA × SFI × (1 – STG) - CiaAssessmentRequest: four core metrics + contextual adjustments - CiaAssessmentResult: raw/adjusted CIA, CSI, sovereignty mode + rationale - ICognitiveAssessmentPort: async assessment interface - CognitiveAssessmentEngine: pure formula implementation with input validation - ServiceCollectionExtensions: registers ICognitiveAssessmentPort → CognitiveAssessmentEngine CSI is derived as Clamp(adjusted / RW-CIA, 0, 1), normalising back to [0,1]. Creative tasks always floor at HumanLed regardless of score. * feat(agency): add POST /cognitive/agency/route/computed endpoint Implements the computed routing variant that accepts raw CIA 2.0 interface metrics, runs CognitiveAssessmentEngine to derive CIA/CSI scores, then routes to the agency router — returning both the routing decision and the computed scores in a single response. - Injects ICognitiveAssessmentPort into CognitiveMeshController - Maps AgencyRouteComputedRequest → CiaAssessmentRequest → TaskContext - Computes fluency score from the 7 interaction quality metrics - Returns AgencyRouteComputedResponse with ComputedScores attached - Validates metric bounds via CognitiveAssessmentEngine (throws ArgumentOutOfRangeException → 400 Bad Request) --------- * fix(deps): update dependency i18next to v25.9.0 (#395) * Phase 16: Remaining widgets, role-based UI, frontend tests (#361) * Phase 15 Batch A: Settings, Notification Preferences, User Profile FE-008: Enhanced settings page with language selector (en-US/fr-FR/de-DE), Data & Privacy consent toggles (analytics, telemetry, personalized content, third-party sharing), descriptions on all toggles, save confirmation. FE-009: New /settings/notifications page with channel toggles (email, push, SMS, in-app), 5 notification categories with per-category enable/disable, quiet hours with start/end time and timezone. FE-010: New /profile page with account info, role badges (Admin/Analyst/ Viewer), GDPR & EU AI Act consent management (4 consent types), privacy summary with status dots, data export request (GDPR Article 20), session info. Added Profile nav item with User icon to sidebar. Store: Extended usePreferencesStore with language, privacyConsent, and notificationPreferences state + actions (setLanguage, setPrivacyConsent, setNotificationChannel, setQuietHours). Build: 14 pages generated (was 12), 0 TypeScript errors. * Address PR review findings: Link, i18n, GDPR persistence, shared toggle - Replace <a> with Next.js <Link> in settings, notifications, profile pages - Call i18n.changeLanguage() on language select for immediate effect - Move GDPR consent from local useState to Zustand store (persisted) - Add GdprConsentRecord type + setGdprConsent action to preferences store - Fix "Authenticated since" to use useMemo (stable across re-renders) - Extract shared ToggleRow/ToggleButton to components/ui/toggle-switch.tsx - Replace freeform timezone input with curated timezone <select> - Add accessible label (htmlFor) to timezone select - Fix store doc comment: local-only with TODO for backend sync - Use canonical Tailwind class bg-white/2 * Fix ~40 code quality issues across backend and frontend Backend: CancellationToken propagation, atomic ConcurrentDictionary updates, Cypher injection prevention via regex validation, authority override revocation. UI components: forwardRef type corrections, aria-hidden/aria-label a11y fixes, event listener cleanup, CSS sanitization for dangerouslySetInnerHTML, unique keys with index fallback, variant priority fix, displayName casing. Pages/hooks/stores: open redirect prevention, SSR hydration fix, timer cleanup, SignalR mounted guard, auth token expiry check, Array.isArray guard, crypto randomUUID replacing module counter, Zustand persist with versioned migration, devDependencies cleanup, dark-themed select options. * Phase 15b: 5 widget PRDs, frontend Docker, K8s, Terraform Widgets (FE-011 to FE-015): - NIST Compliance: maturity gauge, gap analysis table, compliance timeline - Adaptive Balance: spectrum sliders, balance history chart - Value Generation: radar chart, organizational blindness heatmap - Impact Metrics: safety gauge, impact radar, resistance timeline - Cognitive Sandwich: phase stepper, burndown chart CI/CD (FECICD-002 to FECICD-004): - Frontend Dockerfile (multi-stage, standalone, non-root) - Docker Compose with frontend + API services - Frontend deploy pipeline (ACR → AKS staging → prod) - Dependabot npm coverage for frontend deps - CodeQL TypeScript analysis Infrastructure (FECICD-005, FECICD-006): - K8s frontend manifests (deployment, service, configmap, ingress) - K8s overlays (dev: 1 replica, staging: 2, prod: 3 + TLS) - Terraform frontend-hosting module (Azure App Service, Node.js 22) * Orchestrator: Phase 15 complete — 95/109 items done Frontend grade C→B. 5 widget PRDs built (NIST, Adaptive Balance, Value Gen, Impact Metrics, Cognitive Sandwich). Frontend Docker, K8s manifests, Terraform module, deploy pipeline, Dependabot npm, CodeQL TypeScript all added. 14 items remaining for Phases 16-17. * Phase 16: Remaining widgets, role-based UI, 98 frontend tests Widgets (FE-016, FE-018 to FE-020): - Context Engineering: token usage chart, prompt optimization metrics - Convener: session timeline, orchestration modes - Marketplace: agent browser with search/filter, agent cards - Org Mesh: mesh topology visualization, node type legend App features (FE-021, FE-023): - Multi-page routing: all routes under App Router (app) group - RoleGuard component wrapping compliance page - Sidebar role indicator with user avatar Frontend tests (FETEST-001, FETEST-002): - 12 test suites, 98 tests passing - Components: toggle-switch, ConnectionIndicator, ErrorBoundary, Skeleton - Stores: useAgentStore, useNotificationStore, usePreferencesStore - Hooks: use-toast - Contexts: AuthContext - API: client setup, agent registry integration tests - Jest config: path aliases, file mocks, crypto polyfill * Phase 17: Advanced features, comprehensive test suite, full-stack validation P3-LOW features (FE-024, FE-025, FE-026): - ExportMenu: CSV/PNG export wired into Compliance and Impact dashboards - CommandPalette: Ctrl+K global search across all pages with fuzzy matching - PresenceIndicator: real-time user avatars via SignalR in TopBar - ActivityFeed: collapsible team activity panel via SignalR Advanced testing (FETEST-003, FETEST-004, FETEST-005): - E2E: dashboard flow, auth flow (login/logout/protected routes), settings flow - Visual regression: 10 snapshot tests across Skeleton + ConnectionIndicator - Performance: lazy loading verification, Zustand selector re-render isolation - Total: 18 suites, 137 tests passing Full-stack validation: - Backend: 0 errors, 0 warnings - Frontend: 0 TS errors, 137/137 tests passing * ci: Add workflow to create GitHub issues from PR #361 review comments (#394) * Initial plan * ci: add workflow and issue data to create GitHub issues from PR #361 review comments Agent-Logs-Url: https://github.com/phoenixvc/cognitive-mesh/sessions/b551d67f-8284-421d-b411-3850be2a0401 * ci: trigger issue creation workflow on push to branch (remove paths filter) Agent-Logs-Url: https://github.com/phoenixvc/cognitive-mesh/sessions/b551d67f-8284-421d-b411-3850be2a0401 --------- --------- * chore(deps): pin node.js (#362) * fix: bump Microsoft.Extensions.* and EF Core packages from 10.0.4 to 10.0.5 (#418) Agent-Logs-Url: https://github.com/phoenixvc/cognitive-mesh/sessions/f5b12a8c-e23a-4b57-8d8b-6ddf826b4931 * update badges (#420) Updated project name and added versioning and status badges. --------- * feat: Policy Store DB for Self-Healing Remediation Policies (PHO-5) (#377) * feat(pho-5): add PolicyStore and SelfHealing projects Implement the remediation policy store backed by Cosmos DB with in-memory caching, audit logging, default policy seeding, and the self-healing decision engine that consumes policies. New projects: - FoundationLayer/PolicyStore – models, ports, Cosmos DB adapter, options, seed data, and DI extensions - AgencyLayer/SelfHealing – remediation decision port and engine * test(pho-5): add unit tests for PolicyStore and SelfHealing - Add PolicyStore.Tests with 8 tests covering in-memory adapter contract, seed initialization, and fallback behavior - Add SelfHealing.Tests with 6 tests covering decision engine delegation, argument validation, and port interaction verification - Register all new projects in CognitiveMesh.sln with build configurations and solution folder nesting --------- * fix(docs): correct stale ecosystem names and fix README formatting (#423) * feat: ai written implement ations for most of the interfaces (#421) * Phase 14 foundation: Zustand stores, navigation, routing, SignalR, skeletons FE-005: 5 Zustand stores - useAuthStore: mirrors AuthContext for non-React consumers - useAgentStore: agent registry with real agenticApi integration - useDashboardStore: dashboard data (fetch-based, pending backend endpoints) - useNotificationStore: in-app notifications with unread tracking - usePreferencesStore: persisted user preferences (theme, accessibility) FE-022: Navigation components - Sidebar with collapsible sections, active route highlighting - TopBar with breadcrumbs, notification bell, connection indicator - MobileMenu responsive drawer (<768px) FE-021: Multi-page routing - (app) route group with shared layout (sidebar + topbar + ProtectedRoute) - 6 routes: /dashboard, /agents, /analytics, /compliance, /marketplace, /settings - Per-route loading.tsx and error.tsx boundaries - Dashboard page wired to useDashboardStore - Agents page wired to useAgentStore with table view - Settings page wired to usePreferencesStore with toggle controls FE-003: SignalR real-time client - useSignalR hook with auto-reconnect (exponential backoff) - subscribe/unsubscribe/invoke/joinGroup/leaveGroup methods - ConnectionIndicator component shows live status FE-007: Skeleton loading components - Skeleton, SkeletonCard, SkeletonTable, SkeletonMetric, SkeletonDashboard Dependencies: zustand@5.0.11, @microsoft/signalr@10.0.0 * FE-002: Wire real API, remove DashboardAPI mock - Root `/` now redirects to `/dashboard` (server-side via next/navigation) - Deleted `services/api.ts` (DashboardAPI singleton with hardcoded mock data) - Deleted `hooks/useDashboardData.ts` (hook wrapper around mock) - Dashboard page uses `useDashboardStore` fetching from real backend - Updated AGENT_BACKLOG.md: Phase 14 marked complete, Phase 14b added (CognitiveMeshUI component library integration) * Address PR review findings: security, a11y, error handling, API robustness Backend: - CORS empty-origins guard in Program.cs - Replace ThrowIfNullOrWhiteSpace with BadRequest in AdaptiveBalanceController - Add ProducesResponseType attributes, CancellationToken forwarding, error handling in AgentController and CustomerServiceController - Simplify AgentRegistryService circuit breaker delegation - Fix AuthorityService RevokeAuthorityOverrideAsync return and null-forgiving Frontend: - Prevent open redirect in login returnTo validation - Move ApiBootstrap inside ErrorBoundary in layout - Dev-only error messages in ErrorBoundary and error page - Guard e.message in ExtensionErrorSuppressor - Keyboard a11y on agent table rows, settings focus styles, label htmlFor - MobileMenu active state fix, Escape key, backdrop aria-hidden - navItems fallback group in groupBySections - Add pathname to ProtectedRoute useEffect deps - Toast aria-live on container - Fix agent store name mapping and dashboard store error handling - Auth context: logout in proactive-refresh deps, Secure cookie flag * Address PR review findings: security, a11y, race conditions, cleanup - AGENT_BACKLOG.md: fix item count (29→27), fix circular gate deferral - AgentController: propagate CancellationToken to all registry port calls - IAgentRegistryPort: add CancellationToken to Register/GetById/Deactivate - AgentRegistryService: sanitize framework in compliance status log - CustomerIntelligenceManager: sanitize customerId in exception message, escape single quotes in Cypher query to prevent injection - NISTComplianceService: sanitize audit entry Details fields, lock EvidenceRecord mutation for thread safety, capture TotalCount inside lock for consistent snapshot - AdaptiveBalanceService: snapshot ConcurrentBag for confidence calc, lock DimensionState reads/writes for atomic updates - Agents page: remove role="grid" (no 2D nav), add focus-visible ring - Remove coverage/ artifacts from git, add to .gitignore * chore(deps): pin dependency node to 22.22.1 * Fix gh-pages deploy: grant contents write permission to GITHUB_TOKEN The peaceiris/actions-gh-pages action needs push access to the gh-pages branch. Added job-level permissions and removed unused ACTIONS_DEPLOY_KEY env. * Phase 14b: UI component library integration — shadcn/ui, design tokens, Tailwind v4 Merge CognitiveMeshUI repo (169 files): 48 shadcn/ui components with Radix UI deps, design tokens via Style Dictionary v5, Storybook v10 config. Key changes: - Install 27 @radix-ui/* packages + cmdk, recharts@3, sonner, vaul, etc. - Move components/ui/ → src/components/ui/ with TS validation enabled - Move hooks (use-mobile, use-toast) and theme-provider into src/ - Add lib/utils.ts (shadcn cn() helper) - Migrate Tailwind v3 → v4 (@tailwindcss/postcss + @config directive) - Fix all 150+ TypeScript errors across components, visualizations, lib modules - Harden Next.js 16 SSR (Suspense boundaries, window guards, env fallbacks) - Remove dead code: BridgeHeader, FXModePanel, LayoutToolsPanel, VoiceFeedback - Delete duplicate /settings route (kept (app)/settings) - Update MIGRATION.md (100% complete) and AGENT_BACKLOG.md (Phase 14b ✓) * chore(deps): update entity framework core to v10.0.4 * fix(deps): pin dependencies * chore(deps): update microsoft.extensions to v10.0.4 * fix(deps): update all non-major dependencies * fix(deps): update all non-major dependencies (#360) * Phase 15 Batch A: Settings, Notifications, Profile * Phase 15 Batch A: Settings, Notification Preferences, User Profile FE-008: Enhanced settings page with language selector (en-US/fr-FR/de-DE), Data & Privacy consent toggles (analytics, telemetry, personalized content, third-party sharing), descriptions on all toggles, save confirmation. FE-009: New /settings/notifications page with channel toggles (email, push, SMS, in-app), 5 notification categories with per-category enable/disable, quiet hours with start/end time and timezone. FE-010: New /profile page with account info, role badges (Admin/Analyst/ Viewer), GDPR & EU AI Act consent management (4 consent types), privacy summary with status dots, data export request (GDPR Article 20), session info. Added Profile nav item with User icon to sidebar. Store: Extended usePreferencesStore with language, privacyConsent, and notificationPreferences state + actions (setLanguage, setPrivacyConsent, setNotificationChannel, setQuietHours). Build: 14 pages generated (was 12), 0 TypeScript errors. * Address PR review findings: Link, i18n, GDPR persistence, shared toggle - Replace <a> with Next.js <Link> in settings, notifications, profile pages - Call i18n.changeLanguage() on language select for immediate effect - Move GDPR consent from local useState to Zustand store (persisted) - Add GdprConsentRecord type + setGdprConsent action to preferences store - Fix "Authenticated since" to use useMemo (stable across re-renders) - Extract shared ToggleRow/ToggleButton to components/ui/toggle-switch.tsx - Replace freeform timezone input with curated timezone <select> - Add accessible label (htmlFor) to timezone select - Fix store doc comment: local-only with TODO for backend sync - Use canonical Tailwind class bg-white/2 * Fix ~40 code quality issues across backend and frontend Backend: CancellationToken propagation, atomic ConcurrentDictionary updates, Cypher injection prevention via regex validation, authority override revocation. UI components: forwardRef type corrections, aria-hidden/aria-label a11y fixes, event listener cleanup, CSS sanitization for dangerouslySetInnerHTML, unique keys with index fallback, variant priority fix, displayName casing. Pages/hooks/stores: open redirect prevention, SSR hydration fix, timer cleanup, SignalR mounted guard, auth token expiry check, Array.isArray guard, crypto randomUUID replacing module counter, Zustand persist with versioned migration, devDependencies cleanup, dark-themed select options. * Phase 15b: 5 widget PRDs, frontend Docker, K8s, Terraform Widgets (FE-011 to FE-015): - NIST Compliance: maturity gauge, gap analysis table, compliance timeline - Adaptive Balance: spectrum sliders, balance history chart - Value Generation: radar chart, organizational blindness heatmap - Impact Metrics: safety gauge, impact radar, resistance timeline - Cognitive Sandwich: phase stepper, burndown chart CI/CD (FECICD-002 to FECICD-004): - Frontend Dockerfile (multi-stage, standalone, non-root) - Docker Compose with frontend + API services - Frontend deploy pipeline (ACR → AKS staging → prod) - Dependabot npm coverage for frontend deps - CodeQL TypeScript analysis Infrastructure (FECICD-005, FECICD-006): - K8s frontend manifests (deployment, service, configmap, ingress) - K8s overlays (dev: 1 replica, staging: 2, prod: 3 + TLS) - Terraform frontend-hosting module (Azure App Service, Node.js 22) * Orchestrator: Phase 15 complete — 95/109 items done Frontend grade C→B. 5 widget PRDs built (NIST, Adaptive Balance, Value Gen, Impact Metrics, Cognitive Sandwich). Frontend Docker, K8s manifests, Terraform module, deploy pipeline, Dependabot npm, CodeQL TypeScript all added. 14 items remaining for Phases 16-17. --------- * fix(deps): update all non-major dependencies (#368) * chore(deps): update dependency azure.identity to v1.19.0 (#369) * fix(deps): update all non-major dependencies (#370) * fix(deps): update all non-major dependencies (#373) * chore(deps): update all non-major dependencies (#374) * fix(deps): update all non-major dependencies (#375) * fix(deps): update dependency shadcn to v4.0.8 (#376) * fix(deps): update dependency zustand to v5.0.12 (#378) * fix(deps): update all non-major dependencies (#379) * fix(deps): update all non-major dependencies (#383) * chore(ci): reduce CodeQL to weekly schedule + manual trigger (#384) Removes push and pull_request triggers to reduce GitHub Actions costs. Scans were running on every PR including Renovate dependency updates. * fix(deps): update all non-major dependencies (#385) * chore(deps): update dependency wolverinefx to v5.21.0 (#386) * fix(deps): update all non-major dependencies (#387) * fix(deps): update dependency i18next to v25.8.19 (#389) * fix(deps): update all non-major dependencies (#390) * chore(deps): update dependency @redocly/cli to v2.24.1 (#391) * chore(deps): update dependency microsoft.azure.cosmos to v3.58.0 (#393) * Potential fix for code scanning alert no. 545: Unused variable, import, function or class (#392) * chore(mcp): add kernel.sh cloud browser MCP server (#388) * chore(mcp): add kernel.sh cloud browser MCP server Adds kernel.sh as a managed cloud browser infrastructure tool alongside the existing playwright MCP. kernel.sh provides remote Chromium sessions via CDP, native MCP server, managed auth (2FA/SSO without exposing credentials to the LLM), and 72-hour session support. Requires: KERNEL_API_KEY env var (obtain from kernel.sh dashboard, store in Azure Key Vault or local .env — never commit). playwright MCP remains unchanged for local E2E testing. * feat(agency): add CIA 2.0 computation engine (ICognitiveAssessmentPort) Implements the Cognitive Impact Assessment 2.0 formula from the Cognitive Sovereignty AI Ethics framework: CIA2.0 = (TI + APS + MAR + ACR) / 4 × RW-CIA × SFI × (1 – STG) - CiaAssessmentRequest: four core metrics + contextual adjustments - CiaAssessmentResult: raw/adjusted CIA, CSI, sovereignty mode + rationale - ICognitiveAssessmentPort: async assessment interface - CognitiveAssessmentEngine: pure formula implementation with input validation - ServiceCollectionExtensions: registers ICognitiveAssessmentPort → CognitiveAssessmentEngine CSI is derived as Clamp(adjusted / RW-CIA, 0, 1), normalising back to [0,1]. Creative tasks always floor at HumanLed regardless of score. * feat(agency): add POST /cognitive/agency/route/computed endpoint Implements the computed routing variant that accepts raw CIA 2.0 interface metrics, runs CognitiveAssessmentEngine to derive CIA/CSI scores, then routes to the agency router — returning both the routing decision and the computed scores in a single response. - Injects ICognitiveAssessmentPort into CognitiveMeshController - Maps AgencyRouteComputedRequest → CiaAssessmentRequest → TaskContext - Computes fluency score from the 7 interaction quality metrics - Returns AgencyRouteComputedResponse with ComputedScores attached - Validates metric bounds via CognitiveAssessmentEngine (throws ArgumentOutOfRangeException → 400 Bad Request) --------- * fix(deps): update dependency i18next to v25.9.0 (#395) * Phase 16: Remaining widgets, role-based UI, frontend tests (#361) * Phase 15 Batch A: Settings, Notification Preferences, User Profile FE-008: Enhanced settings page with language selector (en-US/fr-FR/de-DE), Data & Privacy consent toggles (analytics, telemetry, personalized content, third-party sharing), descriptions on all toggles, save confirmation. FE-009: New /settings/notifications page with channel toggles (email, push, SMS, in-app), 5 notification categories with per-category enable/disable, quiet hours with start/end time and timezone. FE-010: New /profile page with account info, role badges (Admin/Analyst/ Viewer), GDPR & EU AI Act consent management (4 consent types), privacy summary with status dots, data export request (GDPR Article 20), session info. Added Profile nav item with User icon to sidebar. Store: Extended usePreferencesStore with language, privacyConsent, and notificationPreferences state + actions (setLanguage, setPrivacyConsent, setNotificationChannel, setQuietHours). Build: 14 pages generated (was 12), 0 TypeScript errors. * Address PR review findings: Link, i18n, GDPR persistence, shared toggle - Replace <a> with Next.js <Link> in settings, notifications, profile pages - Call i18n.changeLanguage() on language select for immediate effect - Move GDPR consent from local useState to Zustand store (persisted) - Add GdprConsentRecord type + setGdprConsent action to preferences store - Fix "Authenticated since" to use useMemo (stable across re-renders) - Extract shared ToggleRow/ToggleButton to components/ui/toggle-switch.tsx - Replace freeform timezone input with curated timezone <select> - Add accessible label (htmlFor) to timezone select - Fix store doc comment: local-only with TODO for backend sync - Use canonical Tailwind class bg-white/2 * Fix ~40 code quality issues across backend and frontend Backend: CancellationToken propagation, atomic ConcurrentDictionary updates, Cypher injection prevention via regex validation, authority override revocation. UI components: forwardRef type corrections, aria-hidden/aria-label a11y fixes, event listener cleanup, CSS sanitization for dangerouslySetInnerHTML, unique keys with index fallback, variant priority fix, displayName casing. Pages/hooks/stores: open redirect prevention, SSR hydration fix, timer cleanup, SignalR mounted guard, auth token expiry check, Array.isArray guard, crypto randomUUID replacing module counter, Zustand persist with versioned migration, devDependencies cleanup, dark-themed select options. * Phase 15b: 5 widget PRDs, frontend Docker, K8s, Terraform Widgets (FE-011 to FE-015): - NIST Compliance: maturity gauge, gap analysis table, compliance timeline - Adaptive Balance: spectrum sliders, balance history chart - Value Generation: radar chart, organizational blindness heatmap - Impact Metrics: safety gauge, impact radar, resistance timeline - Cognitive Sandwich: phase stepper, burndown chart CI/CD (FECICD-002 to FECICD-004): - Frontend Dockerfile (multi-stage, standalone, non-root) - Docker Compose with frontend + API services - Frontend deploy pipeline (ACR → AKS staging → prod) - Dependabot npm coverage for frontend deps - CodeQL TypeScript analysis Infrastructure (FECICD-005, FECICD-006): - K8s frontend manifests (deployment, service, configmap, ingress) - K8s overlays (dev: 1 replica, staging: 2, prod: 3 + TLS) - Terraform frontend-hosting module (Azure App Service, Node.js 22) * Orchestrator: Phase 15 complete — 95/109 items done Frontend grade C→B. 5 widget PRDs built (NIST, Adaptive Balance, Value Gen, Impact Metrics, Cognitive Sandwich). Frontend Docker, K8s manifests, Terraform module, deploy pipeline, Dependabot npm, CodeQL TypeScript all added. 14 items remaining for Phases 16-17. * Phase 16: Remaining widgets, role-based UI, 98 frontend tests Widgets (FE-016, FE-018 to FE-020): - Context Engineering: token usage chart, prompt optimization metrics - Convener: session timeline, orchestration modes - Marketplace: agent browser with search/filter, agent cards - Org Mesh: mesh topology visualization, node type legend App features (FE-021, FE-023): - Multi-page routing: all routes under App Router (app) group - RoleGuard component wrapping compliance page - Sidebar role indicator with user avatar Frontend tests (FETEST-001, FETEST-002): - 12 test suites, 98 tests passing - Components: toggle-switch, ConnectionIndicator, ErrorBoundary, Skeleton - Stores: useAgentStore, useNotificationStore, usePreferencesStore - Hooks: use-toast - Contexts: AuthContext - API: client setup, agent registry integration tests - Jest config: path aliases, file mocks, crypto polyfill * Phase 17: Advanced features, comprehensive test suite, full-stack validation P3-LOW features (FE-024, FE-025, FE-026): - ExportMenu: CSV/PNG export wired into Compliance and Impact dashboards - CommandPalette: Ctrl+K global search across all pages with fuzzy matching - PresenceIndicator: real-time user avatars via SignalR in TopBar - ActivityFeed: collapsible team activity panel via SignalR Advanced testing (FETEST-003, FETEST-004, FETEST-005): - E2E: dashboard flow, auth flow (login/logout/protected routes), settings flow - Visual regression: 10 snapshot tests across Skeleton + ConnectionIndicator - Performance: lazy loading verification, Zustand selector re-render isolation - Total: 18 suites, 137 tests passing Full-stack validation: - Backend: 0 errors, 0 warnings - Frontend: 0 TS errors, 137/137 tests passing * ci: Add workflow to create GitHub issues from PR #361 review comments (#394) * Initial plan * ci: add workflow and issue data to create GitHub issues from PR #361 review comments Agent-Logs-Url: https://github.com/phoenixvc/cognitive-mesh/sessions/b551d67f-8284-421d-b411-3850be2a0401 * ci: trigger issue creation workflow on push to branch (remove paths filter) Agent-Logs-Url: https://github.com/phoenixvc/cognitive-mesh/sessions/b551d67f-8284-421d-b411-3850be2a0401 --------- --------- * chore(deps): pin node.js (#362) … Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com> Co-authored-by: Copilot <198982749+Copilot@users.noreply.github.com> Co-authored-by: JustAGhosT <5531814+JustAGhosT@users.noreply.github.com> Co-authored-by: Stilla <stilla@stilla.ai>

stilla-bot and others added 2 commits March 15, 2026 22:57

github-advanced-security bot found potential problems Mar 15, 2026

View reviewed changes

JustAGhosT changed the base branch from main to dev March 21, 2026 00:49

JustAGhosT merged commit 7a23e10 into dev Mar 21, 2026
10 of 12 checks passed

JustAGhosT deleted the feat/pho-5-policy-store-db branch March 21, 2026 00:50

JustAGhosT mentioned this pull request Mar 21, 2026

feat: docs, workflows, general improvements (#425) #426

Merged

12 tasks

@@ -363,21 +363,6 @@
               }
               // Enhanced mode drag handlers
-              const handleDragStart = useCallback((type: "nexus" | "icon", data?: unknown, event?: React.MouseEvent) => {
-                if (mode !== "enhanced") return
-                if (!event) return
-                nexusDragStart()
-                startDrag({
-                  id: `${type}-${Date.now()}`,
-                  type: "nexus",
-                  size: "small",
-                  position: { x: 0, y: 0 },
-                  isDocked: false,
-                  zIndex: 100,
-                }, event)
-                if (enableAudio) playSound("click")
-                if (onDragStart) onDragStart()
-              }, [mode, startDrag, enableAudio, playSound, onDragStart, nexusDragStart])
               const handleDragEnd = useCallback(() => {
                 if (mode !== "enhanced") return

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

feat: Policy Store DB for Self-Healing Remediation Policies (PHO-5)#377

feat: Policy Store DB for Self-Healing Remediation Policies (PHO-5)#377
JustAGhosT merged 2 commits intodevfrom
feat/pho-5-policy-store-db

JustAGhosT commented Mar 15, 2026

Uh oh!

blocksorg bot commented Mar 15, 2026

Uh oh!

linear bot commented Mar 15, 2026

Uh oh!

chatgpt-codex-connector bot commented Mar 15, 2026

Uh oh!

coderabbitai bot commented Mar 15, 2026

Review skipped

Uh oh!

Check notice

Copilot Autofix

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

3 participants

Conversation

JustAGhosT commented Mar 15, 2026

Summary

What's new

FoundationLayer — PolicyStore sub-project

AgencyLayer — SelfHealing sub-project

Tests

Key design decisions

Checklist

Uh oh!

blocksorg bot commented Mar 15, 2026

Uh oh!

linear bot commented Mar 15, 2026

Uh oh!

chatgpt-codex-connector bot commented Mar 15, 2026

Uh oh!

coderabbitai bot commented Mar 15, 2026

Review skipped

Uh oh!

Check notice

Copilot Autofix

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

3 participants

FoundationLayer — `PolicyStore` sub-project

AgencyLayer — `SelfHealing` sub-project