feat: docs, workflows, general improvements (#425)

[JustAGhosT]

• Phase 14 foundation: Zustand stores, navigation, routing, SignalR, skeletons

FE-005: 5 Zustand stores

• useAuthStore: mirrors AuthContext for non-React consumers
• useAgentStore: agent registry with real agenticApi integration
• useDashboardStore: dashboard data (fetch-based, pending backend endpoints)
• useNotificationStore: in-app notifications with unread tracking
• usePreferencesStore: persisted user preferences (theme, accessibility)

FE-022: Navigation components

• Sidebar with collapsible sections, active route highlighting
• TopBar with breadcrumbs, notification bell, connection indicator
• MobileMenu responsive drawer (<768px)

FE-021: Multi-page routing

• (app) route group with shared layout (sidebar + topbar + ProtectedRoute)
• 6 routes: /dashboard, /agents, /analytics, /compliance, /marketplace, /settings
• Per-route loading.tsx and error.tsx boundaries
• Dashboard page wired to useDashboardStore
• Agents page wired to useAgentStore with table view
• Settings page wired to usePreferencesStore with toggle controls

FE-003: SignalR real-time client

• useSignalR hook with auto-reconnect (exponential backoff)
• subscribe/unsubscribe/invoke/joinGroup/leaveGroup methods
• ConnectionIndicator component shows live status

FE-007: Skeleton loading components

• Skeleton, SkeletonCard, SkeletonTable, SkeletonMetric, SkeletonDashboard

Dependencies: zustand@5.0.11, @microsoft/signalr@10.0.0

• FE-002: Wire real API, remove DashboardAPI mock

• Root / now redirects to /dashboard (server-side via next/navigation)
• Deleted services/api.ts (DashboardAPI singleton with hardcoded mock data)
• Deleted hooks/useDashboardData.ts (hook wrapper around mock)
• Dashboard page uses useDashboardStore fetching from real backend
• Updated AGENT_BACKLOG.md: Phase 14 marked complete, Phase 14b added (CognitiveMeshUI component library integration)

• Address PR review findings: security, a11y, error handling, API robustness

Backend:

• CORS empty-origins guard in Program.cs
• Replace ThrowIfNullOrWhiteSpace with BadRequest in AdaptiveBalanceController
• Add ProducesResponseType attributes, CancellationToken forwarding, error handling in AgentController and CustomerServiceController
• Simplify AgentRegistryService circuit breaker delegation
• Fix AuthorityService RevokeAuthorityOverrideAsync return and null-forgiving

Frontend:

• Prevent open redirect in login returnTo validation
• Move ApiBootstrap inside ErrorBoundary in layout
• Dev-only error messages in ErrorBoundary and error page
• Guard e.message in ExtensionErrorSuppressor
• Keyboard a11y on agent table rows, settings focus styles, label htmlFor
• MobileMenu active state fix, Escape key, backdrop aria-hidden
• navItems fallback group in groupBySections
• Add pathname to ProtectedRoute useEffect deps
• Toast aria-live on container
• Fix agent store name mapping and dashboard store error handling
• Auth context: logout in proactive-refresh deps, Secure cookie flag

• Address PR review findings: security, a11y, race conditions, cleanup

• AGENT_BACKLOG.md: fix item count (29→27), fix circular gate deferral
• AgentController: propagate CancellationToken to all registry port calls
• IAgentRegistryPort: add CancellationToken to Register/GetById/Deactivate
• AgentRegistryService: sanitize framework in compliance status log
• CustomerIntelligenceManager: sanitize customerId in exception message, escape single quotes in Cypher query to prevent injection
• NISTComplianceService: sanitize audit entry Details fields, lock EvidenceRecord mutation for thread safety, capture TotalCount inside lock for consistent snapshot
• AdaptiveBalanceService: snapshot ConcurrentBag for confidence calc, lock DimensionState reads/writes for atomic updates
• Agents page: remove role="grid" (no 2D nav), add focus-visible ring
• Remove coverage/ artifacts from git, add to .gitignore

• chore(deps): pin dependency node to 22.22.1

• Fix gh-pages deploy: grant contents write permission to GITHUB_TOKEN

The peaceiris/actions-gh-pages action needs push access to the gh-pages branch. Added job-level permissions and removed unused ACTIONS_DEPLOY_KEY env.

• Phase 14b: UI component library integration — shadcn/ui, design tokens, Tailwind v4

Merge CognitiveMeshUI repo (169 files): 48 shadcn/ui components with Radix UI deps, design tokens via Style Dictionary v5, Storybook v10 config.

Key changes:

• Install 27 @radix-ui/* packages + cmdk, recharts@3, sonner, vaul, etc.
• Move components/ui/ → src/components/ui/ with TS validation enabled
• Move hooks (use-mobile, use-toast) and theme-provider into src/
• Add lib/utils.ts (shadcn cn() helper)
• Migrate Tailwind v3 → v4 (@tailwindcss/postcss + @config directive)
• Fix all 150+ TypeScript errors across components, visualizations, lib modules
• Harden Next.js 16 SSR (Suspense boundaries, window guards, env fallbacks)
• Remove dead code: BridgeHeader, FXModePanel, LayoutToolsPanel, VoiceFeedback
• Delete duplicate /settings route (kept (app)/settings)
• Update MIGRATION.md (100% complete) and AGENT_BACKLOG.md (Phase 14b ✓)

• chore(deps): update entity framework core to v10.0.4

• fix(deps): pin dependencies

• chore(deps): update microsoft.extensions to v10.0.4

• fix(deps): update all non-major dependencies

• fix(deps): update all non-major dependencies (fix(deps): update all non-major dependencies #360)

• Phase 15 Batch A: Settings, Notifications, Profile

• Phase 15 Batch A: Settings, Notification Preferences, User Profile

FE-008: Enhanced settings page with language selector (en-US/fr-FR/de-DE), Data & Privacy consent toggles (analytics, telemetry, personalized content, third-party sharing), descriptions on all toggles, save confirmation.

FE-009: New /settings/notifications page with channel toggles (email, push, SMS, in-app), 5 notification categories with per-category enable/disable, quiet hours with start/end time and timezone.

FE-010: New /profile page with account info, role badges (Admin/Analyst/ Viewer), GDPR & EU AI Act consent management (4 consent types), privacy summary with status dots, data export request (GDPR Article 20), session info. Added Profile nav item with User icon to sidebar.

Store: Extended usePreferencesStore with language, privacyConsent, and notificationPreferences state + actions (setLanguage, setPrivacyConsent, setNotificationChannel, setQuietHours).

Build: 14 pages generated (was 12), 0 TypeScript errors.

• Address PR review findings: Link, i18n, GDPR persistence, shared toggle

• Replace with Next.js in settings, notifications, profile pages
• Call i18n.changeLanguage() on language select for immediate effect
• Move GDPR consent from local useState to Zustand store (persisted)
• Add GdprConsentRecord type + setGdprConsent action to preferences store
• Fix "Authenticated since" to use useMemo (stable across re-renders)
• Extract shared ToggleRow/ToggleButton to components/ui/toggle-switch.tsx
• Replace freeform timezone input with curated timezone Add accessible label (htmlFor) to timezone select Fix store doc comment: local-only with TODO for backend sync Use canonical Tailwind class bg-white/2 Fix ~40 code quality issues across backend and frontend Backend: CancellationToken propagation, atomic ConcurrentDictionary updates, Cypher injection prevention via regex validation, authority override revocation. UI components: forwardRef type corrections, aria-hidden/aria-label a11y fixes, event listener cleanup, CSS sanitization for dangerouslySetInnerHTML, unique keys with index fallback, variant priority fix, displayName casing. Pages/hooks/stores: open redirect prevention, SSR hydration fix, timer cleanup, SignalR mounted guard, auth token expiry check, Array.isArray guard, crypto randomUUID replacing module counter, Zustand persist with versioned migration, devDependencies cleanup, dark-themed select options. Phase 15b: 5 widget PRDs, frontend Docker, K8s, Terraform Widgets (FE-011 to FE-015): NIST Compliance: maturity gauge, gap analysis table, compliance timeline Adaptive Balance: spectrum sliders, balance history chart Value Generation: radar chart, organizational blindness heatmap Impact Metrics: safety gauge, impact radar, resistance timeline Cognitive Sandwich: phase stepper, burndown chart CI/CD (FECICD-002 to FECICD-004): Frontend Dockerfile (multi-stage, standalone, non-root) Docker Compose with frontend + API services Frontend deploy pipeline (ACR → AKS staging → prod) Dependabot npm coverage for frontend deps CodeQL TypeScript analysis Infrastructure (FECICD-005, FECICD-006): K8s frontend manifests (deployment, service, configmap, ingress) K8s overlays (dev: 1 replica, staging: 2, prod: 3 + TLS) Terraform frontend-hosting module (Azure App Service, Node.js 22) Orchestrator: Phase 15 complete — 95/109 items done Frontend grade C→B. 5 widget PRDs built (NIST, Adaptive Balance, Value Gen, Impact Metrics, Cognitive Sandwich). Frontend Docker, K8s manifests, Terraform module, deploy pipeline, Dependabot npm, CodeQL TypeScript all added. 14 items remaining for Phases 16-17. fix(deps): update all non-major dependencies (fix(deps): update all non-major dependencies #368) chore(deps): update dependency azure.identity to v1.19.0 (chore(deps): update dependency azure.identity to v1.19.0 #369) fix(deps): update all non-major dependencies (fix(deps): update all non-major dependencies #370) fix(deps): update all non-major dependencies (fix(deps): update all non-major dependencies #373) chore(deps): update all non-major dependencies (chore(deps): update all non-major dependencies #374) fix(deps): update all non-major dependencies (fix(deps): update all non-major dependencies #375) fix(deps): update dependency shadcn to v4.0.8 (fix(deps): update dependency shadcn to v4.0.8 #376) fix(deps): update dependency zustand to v5.0.12 (fix(deps): update dependency zustand to v5.0.12 #378) fix(deps): update all non-major dependencies (fix(deps): update all non-major dependencies #379) fix(deps): update all non-major dependencies (fix(deps): update all non-major dependencies #383) chore(ci): reduce CodeQL to weekly schedule + manual trigger (chore(ci): reduce CodeQL to weekly + manual only #384) Removes push and pull_request triggers to reduce GitHub Actions costs. Scans were running on every PR including Renovate dependency updates. fix(deps): update all non-major dependencies (fix(deps): update all non-major dependencies #385) chore(deps): update dependency wolverinefx to v5.21.0 (chore(deps): update dependency wolverinefx to v5.21.0 #386) fix(deps): update all non-major dependencies (fix(deps): update all non-major dependencies #387) fix(deps): update dependency i18next to v25.8.19 (fix(deps): update dependency i18next to v25.8.19 #389) fix(deps): update all non-major dependencies (fix(deps): update all non-major dependencies #390) chore(deps): update dependency @redocly/cli to v2.24.1 (chore(deps): update dependency @redocly/cli to v2.24.1 #391) chore(deps): update dependency microsoft.azure.cosmos to v3.58.0 (chore(deps): update dependency microsoft.azure.cosmos to v3.58.0 #393) Potential fix for code scanning alert no. 545: Unused variable, import, function or class (Potential fix for code scanning alert no. 545: Unused variable, import, function or class #392) chore(mcp): add kernel.sh cloud browser MCP server (chore(mcp): add kernel.sh cloud browser MCP server #388) chore(mcp): add kernel.sh cloud browser MCP server Adds kernel.sh as a managed cloud browser infrastructure tool alongside the existing playwright MCP. kernel.sh provides remote Chromium sessions via CDP, native MCP server, managed auth (2FA/SSO without exposing credentials to the LLM), and 72-hour session support. Requires: KERNEL_API_KEY env var (obtain from kernel.sh dashboard, store in Azure Key Vault or local .env — never commit). playwright MCP remains unchanged for local E2E testing. feat(agency): add CIA 2.0 computation engine (ICognitiveAssessmentPort) Implements the Cognitive Impact Assessment 2.0 formula from the Cognitive Sovereignty AI Ethics framework: CIA2.0 = (TI + APS + MAR + ACR) / 4 × RW-CIA × SFI × (1 – STG) CiaAssessmentRequest: four core metrics + contextual adjustments CiaAssessmentResult: raw/adjusted CIA, CSI, sovereignty mode + rationale ICognitiveAssessmentPort: async assessment interface CognitiveAssessmentEngine: pure formula implementation with input validation ServiceCollectionExtensions: registers ICognitiveAssessmentPort → CognitiveAssessmentEngine CSI is derived as Clamp(adjusted / RW-CIA, 0, 1), normalising back to [0,1]. Creative tasks always floor at HumanLed regardless of score. feat(agency): add POST /cognitive/agency/route/computed endpoint Implements the computed routing variant that accepts raw CIA 2.0 interface metrics, runs CognitiveAssessmentEngine to derive CIA/CSI scores, then routes to the agency router — returning both the routing decision and the computed scores in a single response. Injects ICognitiveAssessmentPort into CognitiveMeshController Maps AgencyRouteComputedRequest → CiaAssessmentRequest → TaskContext Computes fluency score from the 7 interaction quality metrics Returns AgencyRouteComputedResponse with ComputedScores attached Validates metric bounds via CognitiveAssessmentEngine (throws ArgumentOutOfRangeException → 400 Bad Request) fix(deps): update dependency i18next to v25.9.0 (fix(deps): update dependency i18next to v25.9.0 #395) Phase 16: Remaining widgets, role-based UI, frontend tests (Phase 16: Remaining widgets, role-based UI, frontend tests #361) Phase 15 Batch A: Settings, Notification Preferences, User Profile FE-008: Enhanced settings page with language selector (en-US/fr-FR/de-DE), Data & Privacy consent toggles (analytics, telemetry, personalized content, third-party sharing), descriptions on all toggles, save confirmation. FE-009: New /settings/notifications page with channel toggles (email, push, SMS, in-app), 5 notification categories with per-category enable/disable, quiet hours with start/end time and timezone. FE-010: New /profile page with account info, role badges (Admin/Analyst/ Viewer), GDPR & EU AI Act consent management (4 consent types), privacy summary with status dots, data export request (GDPR Article 20), session info. Added Profile nav item with User icon to sidebar. Store: Extended usePreferencesStore with language, privacyConsent, and notificationPreferences state + actions (setLanguage, setPrivacyConsent, setNotificationChannel, setQuietHours). Build: 14 pages generated (was 12), 0 TypeScript errors. Address PR review findings: Link, i18n, GDPR persistence, shared toggle Replace with Next.js in settings, notifications, profile pages Call i18n.changeLanguage() on language select for immediate effect Move GDPR consent from local useState to Zustand store (persisted) Add GdprConsentRecord type + setGdprConsent action to preferences store Fix "Authenticated since" to use useMemo (stable across re-renders) Extract shared ToggleRow/ToggleButton to components/ui/toggle-switch.tsx Replace freeform timezone input with curated timezone
• Add accessible label (htmlFor) to timezone select
• Fix store doc comment: local-only with TODO for backend sync
• Use canonical Tailwind class bg-white/2

• Fix ~40 code quality issues across backend and frontend

Backend: CancellationToken propagation, atomic ConcurrentDictionary updates, Cypher injection prevention via regex validation, authority override revocation.

UI components: forwardRef type corrections, aria-hidden/aria-label a11y fixes, event listener cleanup, CSS sanitization for dangerouslySetInnerHTML, unique keys with index fallback, variant priority fix, displayName casing.

Pages/hooks/stores: open redirect prevention, SSR hydration fix, timer cleanup, SignalR mounted guard, auth token expiry check, Array.isArray guard, crypto randomUUID replacing module counter, Zustand persist with versioned migration, devDependencies cleanup, dark-themed select options.

• Phase 15b: 5 widget PRDs, frontend Docker, K8s, Terraform

Widgets (FE-011 to FE-015):

• NIST Compliance: maturity gauge, gap analysis table, compliance timeline
• Adaptive Balance: spectrum sliders, balance history chart
• Value Generation: radar chart, organizational blindness heatmap
• Impact Metrics: safety gauge, impact radar, resistance timeline
• Cognitive Sandwich: phase stepper, burndown chart

CI/CD (FECICD-002 to FECICD-004):

• Frontend Dockerfile (multi-stage, standalone, non-root)
• Docker Compose with frontend + API services
• Frontend deploy pipeline (ACR → AKS staging → prod)
• Dependabot npm coverage for frontend deps
• CodeQL TypeScript analysis

Infrastructure (FECICD-005, FECICD-006):

• K8s frontend manifests (deployment, service, configmap, ingress)
• K8s overlays (dev: 1 replica, staging: 2, prod: 3 + TLS)
• Terraform frontend-hosting module (Azure App Service, Node.js 22)

• Orchestrator: Phase 15 complete — 95/109 items done

Frontend grade C→B. 5 widget PRDs built (NIST, Adaptive Balance, Value Gen, Impact Metrics, Cognitive Sandwich). Frontend Docker, K8s manifests, Terraform module, deploy pipeline, Dependabot npm, CodeQL TypeScript all added. 14 items remaining for Phases 16-17.

• Phase 16: Remaining widgets, role-based UI, 98 frontend tests

Widgets (FE-016, FE-018 to FE-020):

• Context Engineering: token usage chart, prompt optimization metrics
• Convener: session timeline, orchestration modes
• Marketplace: agent browser with search/filter, agent cards
• Org Mesh: mesh topology visualization, node type legend

App features (FE-021, FE-023):

• Multi-page routing: all routes under App Router (app) group
• RoleGuard component wrapping compliance page
• Sidebar role indicator with user avatar

Frontend tests (FETEST-001, FETEST-002):

• 12 test suites, 98 tests passing
• Components: toggle-switch, ConnectionIndicator, ErrorBoundary, Skeleton
• Stores: useAgentStore, useNotificationStore, usePreferencesStore
• Hooks: use-toast
• Contexts: AuthContext
• API: client setup, agent registry integration tests
• Jest config: path aliases, file mocks, crypto polyfill

• Phase 17: Advanced features, comprehensive test suite, full-stack validation

P3-LOW features (FE-024, FE-025, FE-026):

• ExportMenu: CSV/PNG export wired into Compliance and Impact dashboards
• CommandPalette: Ctrl+K global search across all pages with fuzzy matching
• PresenceIndicator: real-time user avatars via SignalR in TopBar
• ActivityFeed: collapsible team activity panel via SignalR

Advanced testing (FETEST-003, FETEST-004, FETEST-005):

• E2E: dashboard flow, auth flow (login/logout/protected routes), settings flow
• Visual regression: 10 snapshot tests across Skeleton + ConnectionIndicator
• Performance: lazy loading verification, Zustand selector re-render isolation
• Total: 18 suites, 137 tests passing

Full-stack validation:

• Backend: 0 errors, 0 warnings
• Frontend: 0 TS errors, 137/137 tests passing

• ci: Add workflow to create GitHub issues from PR Phase 16: Remaining widgets, role-based UI, frontend tests #361 review comments (ci: Add workflow to create GitHub issues from PR #361 review comments #394)

• Initial plan

• ci: add workflow and issue data to create GitHub issues from PR Phase 16: Remaining widgets, role-based UI, frontend tests #361 review comments

Agent-Logs-Url: https://github.com/phoenixvc/cognitive-mesh/sessions/b551d67f-8284-421d-b411-3850be2a0401

• ci: trigger issue creation workflow on push to branch (remove paths filter)

Agent-Logs-Url: https://github.com/phoenixvc/cognitive-mesh/sessions/b551d67f-8284-421d-b411-3850be2a0401

---

---

• chore(deps): pin node.js (chore(deps): pin node.js #362)

• fix: bump Microsoft.Extensions.* and EF Core packages from 10.0.4 to 10.0.5 (Updating package versions in Directory.Packages.props #418)

Agent-Logs-Url: https://github.com/phoenixvc/cognitive-mesh/sessions/f5b12a8c-e23a-4b57-8d8b-6ddf826b4931

• update badges (update badges #420)

Updated project name and added versioning and status badges.

• feat: ai written implement ations for most of the interfaces (feat: ai written implement ations for most of the interfaces #421) (feat: ai written implement ations for most of the interfaces (#421) #422)

• Phase 14 foundation: Zustand stores, navigation, routing, SignalR, skeletons

FE-005: 5 Zustand stores

• useAuthStore: mirrors AuthContext for non-React consumers
• useAgentStore: agent registry with real agenticApi integration
• useDashboardStore: dashboard data (fetch-based, pending backend endpoints)
• useNotificationStore: in-app notifications with unread tracking
• usePreferencesStore: persisted user preferences (theme, accessibility)

FE-022: Navigation components

• Sidebar with collapsible sections, active route highlighting
• TopBar with breadcrumbs, notification bell, connection indicator
• MobileMenu responsive drawer (<768px)

FE-021: Multi-page routing

• (app) route group with shared layout (sidebar + topbar + ProtectedRoute)
• 6 routes: /dashboard, /agents, /analytics, /compliance, /marketplace, /settings
• Per-route loading.tsx and error.tsx boundaries
• Dashboard page wired to useDashboardStore
• Agents page wired to useAgentStore with table view
• Settings page wired to usePreferencesStore with toggle controls

FE-003: SignalR real-time client

• useSignalR hook with auto-reconnect (exponential backoff)
• subscribe/unsubscribe/invoke/joinGroup/leaveGroup methods
• ConnectionIndicator component shows live status

FE-007: Skeleton loading components

• Skeleton, SkeletonCard, SkeletonTable, SkeletonMetric, SkeletonDashboard

Dependencies: zustand@5.0.11, @microsoft/signalr@10.0.0

• FE-002: Wire real API, remove DashboardAPI mock

• Root / now redirects to /dashboard (server-side via next/navigation)
• Deleted services/api.ts (DashboardAPI singleton with hardcoded mock data)
• Deleted hooks/useDashboardData.ts (hook wrapper around mock)
• Dashboard page uses useDashboardStore fetching from real backend
• Updated AGENT_BACKLOG.md: Phase 14 marked complete, Phase 14b added (CognitiveMeshUI component library integration)

• Address PR review findings: security, a11y, error handling, API robustness

Backend:

• CORS empty-origins guard in Program.cs
• Replace ThrowIfNullOrWhiteSpace with BadRequest in AdaptiveBalanceController
• Add ProducesResponseType attributes, CancellationToken forwarding, error handling in AgentController and CustomerServiceController
• Simplify AgentRegistryService circuit breaker delegation
• Fix AuthorityService RevokeAuthorityOverrideAsync return and null-forgiving

Frontend:

• Prevent open redirect in login returnTo validation
• Move ApiBootstrap inside ErrorBoundary in layout
• Dev-only error messages in ErrorBoundary and error page
• Guard e.message in ExtensionErrorSuppressor
• Keyboard a11y on agent table rows, settings focus styles, label htmlFor
• MobileMenu active state fix, Escape key, backdrop aria-hidden
• navItems fallback group in groupBySections
• Add pathname to ProtectedRoute useEffect deps
• Toast aria-live on container
• Fix agent store name mapping and dashboard store error handling
• Auth context: logout in proactive-refresh deps, Secure cookie flag

• Address PR review findings: security, a11y, race conditions, cleanup

• AGENT_BACKLOG.md: fix item count (29→27), fix circular gate deferral
• AgentController: propagate CancellationToken to all registry port calls
• IAgentRegistryPort: add CancellationToken to Register/GetById/Deactivate
• AgentRegistryService: sanitize framework in compliance status log
• CustomerIntelligenceManager: sanitize customerId in exception message, escape single quotes in Cypher query to prevent injection
• NISTComplianceService: sanitize audit entry Details fields, lock EvidenceRecord mutation for thread safety, capture TotalCount inside lock for consistent snapshot
• AdaptiveBalanceService: snapshot ConcurrentBag for confidence calc, lock DimensionState reads/writes for atomic updates
• Agents page: remove role="grid" (no 2D nav), add focus-visible ring
• Remove coverage/ artifacts from git, add to .gitignore

• chore(deps): pin dependency node to 22.22.1

• Fix gh-pages deploy: grant contents write permission to GITHUB_TOKEN

The peaceiris/actions-gh-pages action needs push access to the gh-pages branch. Added job-level permissions and removed unused ACTIONS_DEPLOY_KEY env.

• Phase 14b: UI component library integration — shadcn/ui, design tokens, Tailwind v4

Merge CognitiveMeshUI repo (169 files): 48 shadcn/ui components with Radix UI deps, design tokens via Style Dictionary v5, Storybook v10 config.

Key changes:

• Install 27 @radix-ui/* packages + cmdk, recharts@3, sonner, vaul, etc.
• Move components/ui/ → src/components/ui/ with TS validation enabled
• Move hooks (use-mobile, use-toast) and theme-provider into src/
• Add lib/utils.ts (shadcn cn() helper)
• Migrate Tailwind v3 → v4 (@tailwindcss/postcss + @config directive)
• Fix all 150+ TypeScript errors across components, visualizations, lib modules
• Harden Next.js 16 SSR (Suspense boundaries, window guards, env fallbacks)
• Remove dead code: BridgeHeader, FXModePanel, LayoutToolsPanel, VoiceFeedback
• Delete duplicate /settings route (kept (app)/settings)
• Update MIGRATION.md (100% complete) and AGENT_BACKLOG.md (Phase 14b ✓)

• chore(deps): update entity framework core to v10.0.4

• fix(deps): pin dependencies

• chore(deps): update microsoft.extensions to v10.0.4

• fix(deps): update all non-major dependencies

• fix(deps): update all non-major dependencies (fix(deps): update all non-major dependencies #360)

• Phase 15 Batch A: Settings, Notifications, Profile

• Phase 15 Batch A: Settings, Notification Preferences, User Profile

FE-008: Enhanced settings page with language selector (en-US/fr-FR/de-DE), Data & Privacy consent toggles (analytics, telemetry, personalized content, third-party sharing), descriptions on all toggles, save confirmation.

FE-009: New /settings/notifications page with channel toggles (email, push, SMS, in-app), 5 notification categories with per-category enable/disable, quiet hours with start/end time and timezone.

FE-010: New /profile page with account info, role badges (Admin/Analyst/ Viewer), GDPR & EU AI Act consent management (4 consent types), privacy summary with status dots, data export request (GDPR Article 20), session info. Added Profile nav item with User icon to sidebar.

Store: Extended usePreferencesStore with language, privacyConsent, and notificationPreferences state + actions (setLanguage, setPrivacyConsent, setNotificationChannel, setQuietHours).

Build: 14 pages generated (was 12), 0 TypeScript errors.

• Address PR review findings: Link, i18n, GDPR persistence, shared toggle

• Replace with Next.js in settings, notifications, profile pages
• Call i18n.changeLanguage() on language select for immediate effect
• Move GDPR consent from local useState to Zustand store (persisted)
• Add GdprConsentRecord type + setGdprConsent action to preferences store
• Fix "Authenticated since" to use useMemo (stable across re-renders)
• Extract shared ToggleRow/ToggleButton to components/ui/toggle-switch.tsx
• Replace freeform timezone input with curated timezone Add accessible label (htmlFor) to timezone select Fix store doc comment: local-only with TODO for backend sync Use canonical Tailwind class bg-white/2 Fix ~40 code quality issues across backend and frontend Backend: CancellationToken propagation, atomic ConcurrentDictionary updates, Cypher injection prevention via regex validation, authority override revocation. UI components: forwardRef type corrections, aria-hidden/aria-label a11y fixes, event listener cleanup, CSS sanitization for dangerouslySetInnerHTML, unique keys with index fallback, variant priority fix, displayName casing. Pages/hooks/stores: open redirect prevention, SSR hydration fix, timer cleanup, SignalR mounted guard, auth token expiry check, Array.isArray guard, crypto randomUUID replacing module counter, Zustand persist with versioned migration, devDependencies cleanup, dark-themed select options. Phase 15b: 5 widget PRDs, frontend Docker, K8s, Terraform Widgets (FE-011 to FE-015): NIST Compliance: maturity gauge, gap analysis table, compliance timeline Adaptive Balance: spectrum sliders, balance history chart Value Generation: radar chart, organizational blindness heatmap Impact Metrics: safety gauge, impact radar, resistance timeline Cognitive Sandwich: phase stepper, burndown chart CI/CD (FECICD-002 to FECICD-004): Frontend Dockerfile (multi-stage, standalone, non-root) Docker Compose with frontend + API services Frontend deploy pipeline (ACR → AKS staging → prod) Dependabot npm coverage for frontend deps CodeQL TypeScript analysis Infrastructure (FECICD-005, FECICD-006): K8s frontend manifests (deployment, service, configmap, ingress) K8s overlays (dev: 1 replica, staging: 2, prod: 3 + TLS) Terraform frontend-hosting module (Azure App Service, Node.js 22) Orchestrator: Phase 15 complete — 95/109 items done Frontend grade C→B. 5 widget PRDs built (NIST, Adaptive Balance, Value Gen, Impact Metrics, Cognitive Sandwich). Frontend Docker, K8s manifests, Terraform module, deploy pipeline, Dependabot npm, CodeQL TypeScript all added. 14 items remaining for Phases 16-17. fix(deps): update all non-major dependencies (fix(deps): update all non-major dependencies #368) chore(deps): update dependency azure.identity to v1.19.0 (chore(deps): update dependency azure.identity to v1.19.0 #369) fix(deps): update all non-major dependencies (fix(deps): update all non-major dependencies #370) fix(deps): update all non-major dependencies (fix(deps): update all non-major dependencies #373) chore(deps): update all non-major dependencies (chore(deps): update all non-major dependencies #374) fix(deps): update all non-major dependencies (fix(deps): update all non-major dependencies #375) fix(deps): update dependency shadcn to v4.0.8 (fix(deps): update dependency shadcn to v4.0.8 #376) fix(deps): update dependency zustand to v5.0.12 (fix(deps): update dependency zustand to v5.0.12 #378) fix(deps): update all non-major dependencies (fix(deps): update all non-major dependencies #379) fix(deps): update all non-major dependencies (fix(deps): update all non-major dependencies #383) chore(ci): reduce CodeQL to weekly schedule + manual trigger (chore(ci): reduce CodeQL to weekly + manual only #384) Removes push and pull_request triggers to reduce GitHub Actions costs. Scans were running on every PR including Renovate dependency updates. fix(deps): update all non-major dependencies (fix(deps): update all non-major dependencies #385) chore(deps): update dependency wolverinefx to v5.21.0 (chore(deps): update dependency wolverinefx to v5.21.0 #386) fix(deps): update all non-major dependencies (fix(deps): update all non-major dependencies #387) fix(deps): update dependency i18next to v25.8.19 (fix(deps): update dependency i18next to v25.8.19 #389) fix(deps): update all non-major dependencies (fix(deps): update all non-major dependencies #390) chore(deps): update dependency @redocly/cli to v2.24.1 (chore(deps): update dependency @redocly/cli to v2.24.1 #391) chore(deps): update dependency microsoft.azure.cosmos to v3.58.0 (chore(deps): update dependency microsoft.azure.cosmos to v3.58.0 #393) Potential fix for code scanning alert no. 545: Unused variable, import, function or class (Potential fix for code scanning alert no. 545: Unused variable, import, function or class #392) chore(mcp): add kernel.sh cloud browser MCP server (chore(mcp): add kernel.sh cloud browser MCP server #388) chore(mcp): add kernel.sh cloud browser MCP server Adds kernel.sh as a managed cloud browser infrastructure tool alongside the existing playwright MCP. kernel.sh provides remote Chromium sessions via CDP, native MCP server, managed auth (2FA/SSO without exposing credentials to the LLM), and 72-hour session support. Requires: KERNEL_API_KEY env var (obtain from kernel.sh dashboard, store in Azure Key Vault or local .env — never commit). playwright MCP remains unchanged for local E2E testing. feat(agency): add CIA 2.0 computation engine (ICognitiveAssessmentPort) Implements the Cognitive Impact Assessment 2.0 formula from the Cognitive Sovereignty AI Ethics framework: CIA2.0 = (TI + APS + MAR + ACR) / 4 × RW-CIA × SFI × (1 – STG) CiaAssessmentRequest: four core metrics + contextual adjustments CiaAssessmentResult: raw/adjusted CIA, CSI, sovereignty mode + rationale ICognitiveAssessmentPort: async assessment interface CognitiveAssessmentEngine: pure formula implementation with input validation ServiceCollectionExtensions: registers ICognitiveAssessmentPort → CognitiveAssessmentEngine CSI is derived as Clamp(adjusted / RW-CIA, 0, 1), normalising back to [0,1]. Creative tasks always floor at HumanLed regardless of score. feat(agency): add POST /cognitive/agency/route/computed endpoint Implements the computed routing variant that accepts raw CIA 2.0 interface metrics, runs CognitiveAssessmentEngine to derive CIA/CSI scores, then routes to the agency router — returning both the routing decision and the computed scores in a single response. Injects ICognitiveAssessmentPort into CognitiveMeshController Maps AgencyRouteComputedRequest → CiaAssessmentRequest → TaskContext Computes fluency score from the 7 interaction quality metrics Returns AgencyRouteComputedResponse with ComputedScores attached Validates metric bounds via CognitiveAssessmentEngine (throws ArgumentOutOfRangeException → 400 Bad Request) fix(deps): update dependency i18next to v25.9.0 (fix(deps): update dependency i18next to v25.9.0 #395) Phase 16: Remaining widgets, role-based UI, frontend tests (Phase 16: Remaining widgets, role-based UI, frontend tests #361) Phase 15 Batch A: Settings, Notification Preferences, User Profile FE-008: Enhanced settings page with language selector (en-US/fr-FR/de-DE), Data & Privacy consent toggles (analytics, telemetry, personalized content, third-party sharing), descriptions on all toggles, save confirmation. FE-009: New /settings/notifications page with channel toggles (email, push, SMS, in-app), 5 notification categories with per-category enable/disable, quiet hours with start/end time and timezone. FE-010: New /profile page with account info, role badges (Admin/Analyst/ Viewer), GDPR & EU AI Act consent management (4 consent types), privacy summary with status dots, data export request (GDPR Article 20), session info. Added Profile nav item with User icon to sidebar. Store: Extended usePreferencesStore with language, privacyConsent, and notificationPreferences state + actions (setLanguage, setPrivacyConsent, setNotificationChannel, setQuietHours). Build: 14 pages generated (was 12), 0 TypeScript errors. Address PR review findings: Link, i18n, GDPR persistence, shared toggle Replace with Next.js in settings, notifications, profile pages Call i18n.changeLanguage() on language select for immediate effect Move GDPR consent from local useState to Zustand store (persisted) Add GdprConsentRecord type + setGdprConsent action to preferences store Fix "Authenticated since" to use useMemo (stable across re-renders) Extract shared ToggleRow/ToggleButton to components/ui/toggle-switch.tsx Replace freeform timezone input with curated timezone
• Add accessible label (htmlFor) to timezone select
• Fix store doc comment: local-only with TODO for backend sync
• Use canonical Tailwind class bg-white/2

• Fix ~40 code quality issues across backend and frontend

Backend: CancellationToken propagation, atomic ConcurrentDictionary updates, Cypher injection prevention via regex validation, authority override revocation.

UI components: forwardRef type corrections, aria-hidden/aria-label a11y fixes, event listener cleanup, CSS sanitization for dangerouslySetInnerHTML, unique keys with index fallback, variant priority fix, displayName casing.

Pages/hooks/stores: open redirect prevention, SSR hydration fix, timer cleanup, SignalR mounted guard, auth token expiry check, Array.isArray guard, crypto randomUUID replacing module counter, Zustand persist with versioned migration, devDependencies cleanup, dark-themed select options.

• Phase 15b: 5 widget PRDs, frontend Docker, K8s, Terraform

Widgets (FE-011 to FE-015):

• NIST Compliance: maturity gauge, gap analysis table, compliance timeline
• Adaptive Balance: spectrum sliders, balance history chart
• Value Generation: radar chart, organizational blindness heatmap
• Impact Metrics: safety gauge, impact radar, resistance timeline
• Cognitive Sandwich: phase stepper, burndown chart

CI/CD (FECICD-002 to FECICD-004):

• Frontend Dockerfile (multi-stage, standalone, non-root)
• Docker Compose with frontend + API services
• Frontend deploy pipeline (ACR → AKS staging → prod)
• Dependabot npm coverage for frontend deps
• CodeQL TypeScript analysis

Infrastructure (FECICD-005, FECICD-006):

• K8s frontend manifests (deployment, service, configmap, ingress)
• K8s overlays (dev: 1 replica, staging: 2, prod: 3 + TLS)
• Terraform frontend-hosting module (Azure App Service, Node.js 22)

• Orchestrator: Phase 15 complete — 95/109 items done

Frontend grade C→B. 5 widget PRDs built (NIST, Adaptive Balance, Value Gen, Impact Metrics, Cognitive Sandwich). Frontend Docker, K8s manifests, Terraform module, deploy pipeline, Dependabot npm, CodeQL TypeScript all added. 14 items remaining for Phases 16-17.

• Phase 16: Remaining widgets, role-based UI, 98 frontend tests

Widgets (FE-016, FE-018 to FE-020):

• Context Engineering: token usage chart, prompt optimization metrics
• Convener: session timeline, orchestration modes
• Marketplace: agent browser with search/filter, agent cards
• Org Mesh: mesh topology visualization, node type legend

App features (FE-021, FE-023):

• Multi-page routing: all routes under App Router (app) group
• RoleGuard component wrapping compliance page
• Sidebar role indicator with user avatar

Frontend tests (FETEST-001, FETEST-002):

• 12 test suites, 98 tests passing
• Components: toggle-switch, ConnectionIndicator, ErrorBoundary, Skeleton
• Stores: useAgentStore, useNotificationStore, usePreferencesStore
• Hooks: use-toast
• Contexts: AuthContext
• API: client setup, agent registry integration tests
• Jest config: path aliases, file mocks, crypto polyfill

• Phase 17: Advanced features, comprehensive test suite, full-stack validation

P3-LOW features (FE-024, FE-025, FE-026):

• ExportMenu: CSV/PNG export wired into Compliance and Impact dashboards
• CommandPalette: Ctrl+K global search across all pages with fuzzy matching
• PresenceIndicator: real-time user avatars via SignalR in TopBar
• ActivityFeed: collapsible team activity panel via SignalR

Advanced testing (FETEST-003, FETEST-004, FETEST-005):

• E2E: dashboard flow, auth flow (login/logout/protected routes), settings flow
• Visual regression: 10 snapshot tests across Skeleton + ConnectionIndicator
• Performance: lazy loading verification, Zustand selector re-render isolation
• Total: 18 suites, 137 tests passing

Full-stack validation:

• Backend: 0 errors, 0 warnings
• Frontend: 0 TS errors, 137/137 tests passing

• ci: Add workflow to create GitHub issues from PR Phase 16: Remaining widgets, role-based UI, frontend tests #361 review comments (ci: Add workflow to create GitHub issues from PR #361 review comments #394)

• Initial plan

• ci: add workflow and issue data to create GitHub issues from PR Phase 16: Remaining widgets, role-based UI, frontend tests #361 review comments

Agent-Logs-Url: https://github.com/phoenixvc/cognitive-mesh/sessions/b551d67f-8284-421d-b411-3850be2a0401

• ci: trigger issue creation workflow on push to branch (remove paths filter)

Agent-Logs-Url: https://github.com/phoenixvc/cognitive-mesh/sessions/b551d67f-8284-421d-b411-3850be2a0401

---

---

• chore(deps): pin node.js (chore(deps): pin node.js #362)

• fix: bump Microsoft.Extensions.* and EF Core packages from 10.0.4 to 10.0.5 (Updating package versions in Directory.Packages.props #418)

Agent-Logs-Url: https://github.com/phoenixvc/cognitive-mesh/sessions/f5b12a8c-e23a-4b57-8d8b-6ddf826b4931

• update badges (update badges #420)

Updated project name and added versioning and status badges.

---

• feat: Policy Store DB for Self-Healing Remediation Policies (PHO-5) (feat: Policy Store DB for Self-Healing Remediation Policies (PHO-5) #377)

• feat(pho-5): add PolicyStore and SelfHealing projects

Implement the remediation policy store backed by Cosmos DB with in-memory caching, audit logging, default policy seeding, and the self-healing decision engine that consumes policies.

New projects:

• FoundationLayer/PolicyStore – models, ports, Cosmos DB adapter, options, seed data, and DI extensions
• AgencyLayer/SelfHealing – remediation decision port and engine

• test(pho-5): add unit tests for PolicyStore and SelfHealing

• Add PolicyStore.Tests with 8 tests covering in-memory adapter contract, seed initialization, and fallback behavior
• Add SelfHealing.Tests with 6 tests covering decision engine delegation, argument validation, and port interaction verification
• Register all new projects in CognitiveMesh.sln with build configurations and solution folder nesting

---

• fix(docs): correct stale ecosystem names and fix README formatting (fix(docs): correct stale ecosystem names and fix README formatting #423)

• feat: ai written implement ations for most of the interfaces (feat: ai written implement ations for most of the interfaces #421)

• Phase 14 foundation: Zustand stores, navigation, routing, SignalR, skeletons

FE-005: 5 Zustand stores

• useAuthStore: mirrors AuthContext for non-React consumers
• useAgentStore: agent registry with real agenticApi integration
• useDashboardStore: dashboard data (fetch-based, pending backend endpoints)
• useNotificationStore: in-app notifications with unread tracking
• usePreferencesStore: persisted user preferences (theme, accessibility)

FE-022: Navigation components

• Sidebar with collapsible sections, active route highlighting
• TopBar with breadcrumbs, notification bell, connection indicator
• MobileMenu responsive drawer (<768px)

FE-021: Multi-page routing

• (app) route group with shared layout (sidebar + topbar + ProtectedRoute)
• 6 routes: /dashboard, /agents, /analytics, /compliance, /marketplace, /settings
• Per-route loading.tsx and error.tsx boundaries
• Dashboard page wired to useDashboardStore
• Agents page wired to useAgentStore with table view
• Settings page wired to usePreferencesStore with toggle controls

FE-003: SignalR real-time client

• useSignalR hook with auto-reconnect (exponential backoff)
• subscribe/unsubscribe/invoke/joinGroup/leaveGroup methods
• ConnectionIndicator component shows live status

FE-007: Skeleton loading components

• Skeleton, SkeletonCard, SkeletonTable, SkeletonMetric, SkeletonDashboard

Dependencies: zustand@5.0.11, @microsoft/signalr@10.0.0

• FE-002: Wire real API, remove DashboardAPI mock

• Root / now redirects to /dashboard (server-side via next/navigation)
• Deleted services/api.ts (DashboardAPI singleton with hardcoded mock data)
• Deleted hooks/useDashboardData.ts (hook wrapper around mock)
• Dashboard page uses useDashboardStore fetching from real backend
• Updated AGENT_BACKLOG.md: Phase 14 marked complete, Phase 14b added (CognitiveMeshUI component library integration)

• Address PR review findings: security, a11y, error handling, API robustness

Backend:

• CORS empty-origins guard in Program.cs
• Replace ThrowIfNullOrWhiteSpace with BadRequest in AdaptiveBalanceController
• Add ProducesResponseType attributes, CancellationToken forwarding, error handling in AgentController and CustomerServiceController
• Simplify AgentRegistryService circuit breaker delegation
• Fix AuthorityService RevokeAuthorityOverrideAsync return and null-forgiving

Frontend:

• Prevent open redirect in login returnTo validation
• Move ApiBootstrap inside ErrorBoundary in layout
• Dev-only error messages in ErrorBoundary and error page
• Guard e.message in ExtensionErrorSuppressor
• Keyboard a11y on agent table rows, settings focus styles, label htmlFor
• MobileMenu active state fix, Escape key, backdrop aria-hidden
• navItems fallback group in groupBySections
• Add pathname to ProtectedRoute useEffect deps
• Toast aria-live on container
• Fix agent store name mapping and dashboard store error handling
• Auth context: logout in proactive-refresh deps, Secure cookie flag

• Address PR review findings: security, a11y, race conditions, cleanup

• AGENT_BACKLOG.md: fix item count (29→27), fix circular gate deferral
• AgentController: propagate CancellationToken to all registry port calls
• IAgentRegistryPort: add CancellationToken to Register/GetById/Deactivate
• AgentRegistryService: sanitize framework in compliance status log
• CustomerIntelligenceManager: sanitize customerId in exception message, escape single quotes in Cypher query to prevent injection
• NISTComplianceService: sanitize audit entry Details fields, lock EvidenceRecord mutation for thread safety, capture TotalCount inside lock for consistent snapshot
• AdaptiveBalanceService: snapshot ConcurrentBag for confidence calc, lock DimensionState reads/writes for atomic updates
• Agents page: remove role="grid" (no 2D nav), add focus-visible ring
• Remove coverage/ artifacts from git, add to .gitignore

• chore(deps): pin dependency node to 22.22.1

• Fix gh-pages deploy: grant contents write permission to GITHUB_TOKEN

The peaceiris/actions-gh-pages action needs push access to the gh-pages branch. Added job-level permissions and removed unused ACTIONS_DEPLOY_KEY env.

• Phase 14b: UI component library integration — shadcn/ui, design tokens, Tailwind v4

Merge CognitiveMeshUI repo (169 files): 48 shadcn/ui components with Radix UI deps, design tokens via Style Dictionary v5, Storybook v10 config.

Key changes:

• Install 27 @radix-ui/* packages + cmdk, recharts@3, sonner, vaul, etc.
• Move components/ui/ → src/components/ui/ with TS validation enabled
• Move hooks (use-mobile, use-toast) and theme-provider into src/
• Add lib/utils.ts (shadcn cn() helper)
• Migrate Tailwind v3 → v4 (@tailwindcss/postcss + @config directive)
• Fix all 150+ TypeScript errors across components, visualizations, lib modules
• Harden Next.js 16 SSR (Suspense boundaries, window guards, env fallbacks)
• Remove dead code: BridgeHeader, FXModePanel, LayoutToolsPanel, VoiceFeedback
• Delete duplicate /settings route (kept (app)/settings)
• Update MIGRATION.md (100% complete) and AGENT_BACKLOG.md (Phase 14b ✓)

• chore(deps): update entity framework core to v10.0.4

• fix(deps): pin dependencies

• chore(deps): update microsoft.extensions to v10.0.4

• fix(deps): update all non-major dependencies

• fix(deps): update all non-major dependencies (fix(deps): update all non-major dependencies #360)

• Phase 15 Batch A: Settings, Notifications, Profile

• Phase 15 Batch A: Settings, Notification Preferences, User Profile

FE-008: Enhanced settings page with language selector (en-US/fr-FR/de-DE), Data & Privacy consent toggles (analytics, telemetry, personalized content, third-party sharing), descriptions on all toggles, save confirmation.

FE-009: New /settings/notifications page with channel toggles (email, push, SMS, in-app), 5 notification categories with per-category enable/disable, quiet hours with start/end time and timezone.

FE-010: New /profile page with account info, role badges (Admin/Analyst/ Viewer), GDPR & EU AI Act consent management (4 consent types), privacy summary with status dots, data export request (GDPR Article 20), session info. Added Profile nav item with User icon to sidebar.

Store: Extended usePreferencesStore with language, privacyConsent, and notificationPreferences state + actions (setLanguage, setPrivacyConsent, setNotificationChannel, setQuietHours).

Build: 14 pages generated (was 12), 0 TypeScript errors.

• Address PR review findings: Link, i18n, GDPR persistence, shared toggle

• Replace with Next.js in settings, notifications, profile pages
• Call i18n.changeLanguage() on language select for immediate effect
• Move GDPR consent from local useState to Zustand store (persisted)
• Add GdprConsentRecord type + setGdprConsent action to preferences store
• Fix "Authenticated since" to use useMemo (stable across re-renders)
• Extract shared ToggleRow/ToggleButton to components/ui/toggle-switch.tsx
• Replace freeform timezone input with curated timezone Add accessible label (htmlFor) to timezone select Fix store doc comment: local-only with TODO for backend sync Use canonical Tailwind class bg-white/2 Fix ~40 code quality issues across backend and frontend Backend: CancellationToken propagation, atomic ConcurrentDictionary updates, Cypher injection prevention via regex validation, authority override revocation. UI components: forwardRef type corrections, aria-hidden/aria-label a11y fixes, event listener cleanup, CSS sanitization for dangerouslySetInnerHTML, unique keys with index fallback, variant priority fix, displayName casing. Pages/hooks/stores: open redirect prevention, SSR hydration fix, timer cleanup, SignalR mounted guard, auth token expiry check, Array.isArray guard, crypto randomUUID replacing module counter, Zustand persist with versioned migration, devDependencies cleanup, dark-themed select options. Phase 15b: 5 widget PRDs, frontend Docker, K8s, Terraform Widgets (FE-011 to FE-015): NIST Compliance: maturity gauge, gap analysis table, compliance timeline Adaptive Balance: spectrum sliders, balance history chart Value Generation: radar chart, organizational blindness heatmap Impact Metrics: safety gauge, impact radar, resistance timeline Cognitive Sandwich: phase stepper, burndown chart CI/CD (FECICD-002 to FECICD-004): Frontend Dockerfile (multi-stage, standalone, non-root) Docker Compose with frontend + API services Frontend deploy pipeline (ACR → AKS staging → prod) Dependabot npm coverage for frontend deps CodeQL TypeScript analysis Infrastructure (FECICD-005, FECICD-006): K8s frontend manifests (deployment, service, configmap, ingress) K8s overlays (dev: 1 replica, staging: 2, prod: 3 + TLS) Terraform frontend-hosting module (Azure App Service, Node.js 22) Orchestrator: Phase 15 complete — 95/109 items done Frontend grade C→B. 5 widget PRDs built (NIST, Adaptive Balance, Value Gen, Impact Metrics, Cognitive Sandwich). Frontend Docker, K8s manifests, Terraform module, deploy pipeline, Dependabot npm, CodeQL TypeScript all added. 14 items remaining for Phases 16-17. fix(deps): update all non-major dependencies (fix(deps): update all non-major dependencies #368) chore(deps): update dependency azure.identity to v1.19.0 (chore(deps): update dependency azure.identity to v1.19.0 #369) fix(deps): update all non-major dependencies (fix(deps): update all non-major dependencies #370) fix(deps): update all non-major dependencies (fix(deps): update all non-major dependencies #373) chore(deps): update all non-major dependencies (chore(deps): update all non-major dependencies #374) fix(deps): update all non-major dependencies (fix(deps): update all non-major dependencies #375) fix(deps): update dependency shadcn to v4.0.8 (fix(deps): update dependency shadcn to v4.0.8 #376) fix(deps): update dependency zustand to v5.0.12 (fix(deps): update dependency zustand to v5.0.12 #378) fix(deps): update all non-major dependencies (fix(deps): update all non-major dependencies #379) fix(deps): update all non-major dependencies (fix(deps): update all non-major dependencies #383) chore(ci): reduce CodeQL to weekly schedule + manual trigger (chore(ci): reduce CodeQL to weekly + manual only #384) Removes push and pull_request triggers to reduce GitHub Actions costs. Scans were running on every PR including Renovate dependency updates. fix(deps): update all non-major dependencies (fix(deps): update all non-major dependencies #385) chore(deps): update dependency wolverinefx to v5.21.0 (chore(deps): update dependency wolverinefx to v5.21.0 #386) fix(deps): update all non-major dependencies (fix(deps): update all non-major dependencies #387) fix(deps): update dependency i18next to v25.8.19 (fix(deps): update dependency i18next to v25.8.19 #389) fix(deps): update all non-major dependencies (fix(deps): update all non-major dependencies #390) chore(deps): update dependency @redocly/cli to v2.24.1 (chore(deps): update dependency @redocly/cli to v2.24.1 #391) chore(deps): update dependency microsoft.azure.cosmos to v3.58.0 (chore(deps): update dependency microsoft.azure.cosmos to v3.58.0 #393) Potential fix for code scanning alert no. 545: Unused variable, import, function or class (Potential fix for code scanning alert no. 545: Unused variable, import, function or class #392) chore(mcp): add kernel.sh cloud browser MCP server (chore(mcp): add kernel.sh cloud browser MCP server #388) chore(mcp): add kernel.sh cloud browser MCP server Adds kernel.sh as a managed cloud browser infrastructure tool alongside the existing playwright MCP. kernel.sh provides remote Chromium sessions via CDP, native MCP server, managed auth (2FA/SSO without exposing credentials to the LLM), and 72-hour session support. Requires: KERNEL_API_KEY env var (obtain from kernel.sh dashboard, store in Azure Key Vault or local .env — never commit). playwright MCP remains unchanged for local E2E testing. feat(agency): add CIA 2.0 computation engine (ICognitiveAssessmentPort) Implements the Cognitive Impact Assessment 2.0 formula from the Cognitive Sovereignty AI Ethics framework: CIA2.0 = (TI + APS + MAR + ACR) / 4 × RW-CIA × SFI × (1 – STG) CiaAssessmentRequest: four core metrics + contextual adjustments CiaAssessmentResult: raw/adjusted CIA, CSI, sovereignty mode + rationale ICognitiveAssessmentPort: async assessment interface CognitiveAssessmentEngine: pure formula implementation with input validation ServiceCollectionExtensions: registers ICognitiveAssessmentPort → CognitiveAssessmentEngine CSI is derived as Clamp(adjusted / RW-CIA, 0, 1), normalising back to [0,1]. Creative tasks always floor at HumanLed regardless of score. feat(agency): add POST /cognitive/agency/route/computed endpoint Implements the computed routing variant that accepts raw CIA 2.0 interface metrics, runs CognitiveAssessmentEngine to derive CIA/CSI scores, then routes to the agency router — returning both the routing decision and the computed scores in a single response. Injects ICognitiveAssessmentPort into CognitiveMeshController Maps AgencyRouteComputedRequest → CiaAssessmentRequest → TaskContext Computes fluency score from the 7 interaction quality metrics Returns AgencyRouteComputedResponse with ComputedScores attached Validates metric bounds via CognitiveAssessmentEngine (throws ArgumentOutOfRangeException → 400 Bad Request) fix(deps): update dependency i18next to v25.9.0 (fix(deps): update dependency i18next to v25.9.0 #395) Phase 16: Remaining widgets, role-based UI, frontend tests (Phase 16: Remaining widgets, role-based UI, frontend tests #361) Phase 15 Batch A: Settings, Notification Preferences, User Profile FE-008: Enhanced settings page with language selector (en-US/fr-FR/de-DE), Data & Privacy consent toggles (analytics, telemetry, personalized content, third-party sharing), descriptions on all toggles, save confirmation. FE-009: New /settings/notifications page with channel toggles (email, push, SMS, in-app), 5 notification categories with per-category enable/disable, quiet hours with start/end time and timezone. FE-010: New /profile page with account info, role badges (Admin/Analyst/ Viewer), GDPR & EU AI Act consent management (4 consent types), privacy summary with status dots, data export request (GDPR Article 20), session info. Added Profile nav item with User icon to sidebar. Store: Extended usePreferencesStore with language, privacyConsent, and notificationPreferences state + actions (setLanguage, setPrivacyConsent, setNotificationChannel, setQuietHours). Build: 14 pages generated (was 12), 0 TypeScript errors. Address PR review findings: Link, i18n, GDPR persistence, shared toggle Replace with Next.js in settings, notifications, profile pages Call i18n.changeLanguage() on language select for immediate effect Move GDPR consent from local useState to Zustand store (persisted) Add GdprConsentRecord type + setGdprConsent action to preferences store Fix "Authenticated since" to use useMemo (stable across re-renders) Extract shared ToggleRow/ToggleButton to components/ui/toggle-switch.tsx Replace freeform timezone input with curated timezone
• Add accessible label (htmlFor) to timezone select
• Fix store doc comment: local-only with TODO for backend sync
• Use canonical Tailwind class bg-white/2

• Fix ~40 code quality issues across backend and frontend

Backend: CancellationToken propagation, atomic ConcurrentDictionary updates, Cypher injection prevention via regex validation, authority override revocation.

UI components: forwardRef type corrections, aria-hidden/aria-label a11y fixes, event listener cleanup, CSS sanitization for dangerouslySetInnerHTML, unique keys with index fallback, variant priority fix, displayName casing.

Pages/hooks/stores: open redirect prevention, SSR hydration fix, timer cleanup, SignalR mounted guard, auth token expiry check, Array.isArray guard, crypto randomUUID replacing module counter, Zustand persist with versioned migration, devDependencies cleanup, dark-themed select options.

• Phase 15b: 5 widget PRDs, frontend Docker, K8s, Terraform

Widgets (FE-011 to FE-015):

• NIST Compliance: maturity gauge, gap analysis table, compliance timeline
• Adaptive Balance: spectrum sliders, balance history chart
• Value Generation: radar chart, organizational blindness heatmap
• Impact Metrics: safety gauge, impact radar, resistance timeline
• Cognitive Sandwich: phase stepper, burndown chart

CI/CD (FECICD-002 to FECICD-004):

• Frontend Dockerfile (multi-stage, standalone, non-root)
• Docker Compose with frontend + API services
• Frontend deploy pipeline (ACR → AKS staging → prod)
• Dependabot npm coverage for frontend deps
• CodeQL TypeScript analysis

Infrastructure (FECICD-005, FECICD-006):

• K8s frontend manifests (deployment, service, configmap, ingress)
• K8s overlays (dev: 1 replica, staging: 2, prod: 3 + TLS)
• Terraform frontend-hosting module (Azure App Service, Node.js 22)

• Orchestrator: Phase 15 complete — 95/109 items done

Frontend grade C→B. 5 widget PRDs built (NIST, Adaptive Balance, Value Gen, Impact Metrics, Cognitive Sandwich). Frontend Docker, K8s manifests, Terraform module, deploy pipeline, Dependabot npm, CodeQL TypeScript all added. 14 items remaining for Phases 16-17.

• Phase 16: Remaining widgets, role-based UI, 98 frontend tests

Widgets (FE-016, FE-018 to FE-020):

• Context Engineering: token usage chart, prompt optimization metrics
• Convener: session timeline, orchestration modes
• Marketplace: agent browser with search/filter, agent cards
• Org Mesh: mesh topology visualization, node type legend

App features (FE-021, FE-023):

• Multi-page routing: all routes under App Router (app) group
• RoleGuard component wrapping compliance page
• Sidebar role indicator with user avatar

Frontend tests (FETEST-001, FETEST-002):

• 12 test suites, 98 tests passing
• Components: toggle-switch, ConnectionIndicator, ErrorBoundary, Skeleton
• Stores: useAgentStore, useNotificationStore, usePreferencesStore
• Hooks: use-toast
• Contexts: AuthContext
• API: client setup, agent registry integration tests
• Jest config: path aliases, file mocks, crypto polyfill

• Phase 17: Advanced features, comprehensive test suite, full-stack validation

P3-LOW features (FE-024, FE-025, FE-026):

• ExportMenu: CSV/PNG export wired into Compliance and Impact dashboards
• CommandPalette: Ctrl+K global search across all pages with fuzzy matching
• PresenceIndicator: real-time user avatars via SignalR in TopBar
• ActivityFeed: collapsible team activity panel via SignalR

Advanced testing (FETEST-003, FETEST-004, FETEST-005):

• E2E: dashboard flow, auth flow (login/logout/protected routes), settings flow
• Visual regression: 10 snapshot tests across Skeleton + ConnectionIndicator
• Performance: lazy loading verification, Zustand selector re-render isolation
• Total: 18 suites, 137 tests passing

Full-stack validation:

• Backend: 0 errors, 0 warnings
• Frontend: 0 TS errors, 137/137 tests passing

• ci: Add workflow to create GitHub issues from PR Phase 16: Remaining widgets, role-based UI, frontend tests #361 review comments (ci: Add workflow to create GitHub issues from PR #361 review comments #394)

• Initial plan

• ci: add workflow and issue data to create GitHub issues from PR Phase 16: Remaining widgets, role-based UI, frontend tests #361 review comments

Agent-Logs-Url: https://github.com/phoenixvc/cognitive-mesh/sessions/b551d67f-8284-421d-b411-3850be2a0401

• ci: trigger issue creation workflow on push to branch (remove paths filter)

Agent-Logs-Url: https://github.com/phoenixvc/cognitive-mesh/sessions/b551d67f-8284-421d-b411-3850be2a0401

---

---

• chore(deps): pin node.js (chore(deps): pin node.js #362)

…

Summary

Changes

Related Issues

Architecture Layer

• FoundationLayer
• ReasoningLayer
• MetacognitiveLayer
• AgencyLayer
• BusinessApplications
• Infrastructure / CI/CD

Checklist

• Code compiles without warnings (dotnet build passes with TreatWarningsAsErrors)
• XML documentation added for all new public types (CS1591)
• Unit tests added or updated
• All tests pass (dotnet test)
• No circular dependencies introduced between layers
• No secrets or credentials committed

Test Plan

Screenshots

[blocksorg]

Mention Blocks like a regular teammate with your question or request:

@blocks review this pull request
@blocks make the following changes ...
@blocks create an issue from what was mentioned in the following comment ...
@blocks explain the following code ...
@blocks are there any security or performance concerns?

Run @blocks /help for more information.

Workspace settings | Disable this message

[chatgpt-codex-connector]

You have reached your Codex usage limits for code reviews. You can see your limits in the Codex usage dashboard.
To continue using code reviews, you can upgrade your account or add credits to your account and enable them for code reviews in your settings.

[coderabbitai]

Warning

Rate limit exceeded

@JustAGhosT has exceeded the limit for the number of commits that can be reviewed per hour. Please wait 26 minutes and 13 seconds before requesting another review.

⌛ How to resolve this issue?

After the wait time has elapsed, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout.

Please see our FAQ for further information.

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: d9d2beb4-2243-4ad2-ae89-c5a5e8017d8b

📥 Commits

Reviewing files that changed from the base of the PR and between b8f62d4 and eb1c27b.

📒 Files selected for processing (23)

• .github/workflows/codeql.yml
• CognitiveMesh.sln
• README.md
• src/AgencyLayer/AgencyLayer.csproj
• src/AgencyLayer/SelfHealing/Engines/RemediationPolicyDecisionEngine.cs
• src/AgencyLayer/SelfHealing/Extensions/SelfHealingServiceExtensions.cs
• src/AgencyLayer/SelfHealing/Ports/IRemediationDecisionPort.cs
• src/AgencyLayer/SelfHealing/SelfHealing.csproj
• src/FoundationLayer/FoundationLayer.csproj
• src/FoundationLayer/PolicyStore/Adapters/CosmosDbRemediationPolicyAdapter.cs
• src/FoundationLayer/PolicyStore/Extensions/PolicyStoreServiceExtensions.cs
• src/FoundationLayer/PolicyStore/Models/PolicyAuditEntry.cs
• src/FoundationLayer/PolicyStore/Models/RemediationAction.cs
• src/FoundationLayer/PolicyStore/Models/RemediationPolicy.cs
• src/FoundationLayer/PolicyStore/Options/PolicyStoreOptions.cs
• src/FoundationLayer/PolicyStore/PolicyStore.csproj
• src/FoundationLayer/PolicyStore/Ports/IRemediationPolicyPort.cs
• src/FoundationLayer/PolicyStore/Seed/DefaultPolicySeed.cs
• src/FoundationLayer/PolicyStore/Seed/PolicyStoreInitializer.cs
• tests/AgencyLayer/SelfHealing/RemediationPolicyDecisionEngineTests.cs
• tests/AgencyLayer/SelfHealing/SelfHealing.Tests.csproj
• tests/FoundationLayer/PolicyStore/PolicyStore.Tests.csproj
• tests/FoundationLayer/PolicyStore/RemediationPolicyAdapterTests.cs

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch main

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[greptile-apps]

Your free trial has ended. If you'd like to continue receiving code reviews, you can add a payment method here.