flowmaster-mission-control-demo

shad/flowmaster-mission-control-demo

Fork 0

Commit Graph

Author	SHA1	Message	Date
Shad	e3b4ed62c0	fix(oracle-r2): same-origin baseUrl + refresh actually re-fetches Some checks failed build-and-publish / test (push) Has been cancelled Details build-and-publish / image (push) Has been cancelled Details Oracle round-2 review caught two real bugs: 1. Production baseUrl bypassed the nginx /api proxy - api.ts defaulted to https://demo.flow-master.ai in prod - Browser would hit cross-origin and CORS-fail - Now: baseUrl='' everywhere; nginx.conf already reverse-proxies /api/* - vite.config.ts proxy still handles dev 2. Refresh button didn't refresh - setMode('live') early-returned when already in live mode - Now: setMode() and refreshLive() share runLiveFetch(); refreshLive ignores the same-mode guard and always re-runs - 4 new vitest regressions in state/store.test.ts cover the contract - Smoke now asserts /api/ea2/work-items is called twice after Refresh Also: - buildScenarios.ts parallelized: cap N=6 candidates, Promise.all per- candidate fetches → live mode now ~3s instead of 30s - CommandBar + LeftRail preview toasts now name the exact endpoint (/api/runtime/transactions/{id}/actions) in the visible text - Landing 'Go live' button rebound to refreshLive() when already live; copy changed to 'Live · refresh' - README: scenario table now renders (added separator row); deploy section points at the real ops PR + the actual overlay path (overlays/demo, not overlays/mc.flow-master.ai); CORS doc clarifies same-origin requirement Constraint: browsers reject cross-origin → same-origin /api/* required Rejected: dev/prod baseUrl divergence \| created production bug Confidence: high Scope-risk: narrow Not-tested: production image actually built + served by ops PR (gated by trusted updater + DNS)	2026-06-14 00:26:38 +04:00
Shad	3ffd0e68a7	Mission Control demo v2 Polished command-center for FlowMaster with two data modes: - SNAPSHOT: bundled src/scenarios.json from demo.flow-master.ai - LIVE: in-browser fetch via src/lib/api.ts (dev-login + bearer) Scenarios: - procurement, extra-1, extra-2 (live from EA2) - ar, hcm, gl, service (industry blueprints, same typed shell) Honesty pass after Oracle review: - No invented numbers (Telemetry derives SLA + agent acceptance from real data) - Preview-only actions fire toasts naming the endpoint to wire them - Blueprint tours framed as 'industry blueprint', not 'we don't have this yet' - Mode pill + last-fetch age + refresh in topbar - Dev CORS dodged via vite proxy; production deploys same-origin 18 vitest tests + 26 playwright smoke assertions + DOM layout audit. Constraint: cross-origin live mode rejected by browser → fall back to snapshot Rejected: hardcoded SLA % \| dishonest demo metrics Directive: wire preview-only action handlers to /api/runtime/transactions/{id}/actions to ship them for real Confidence: high Scope-risk: narrow Not-tested: production deployment via flowmaster-ops overlay	2026-06-14 00:09:32 +04:00

Author

SHA1

Message

Date

Shad

e3b4ed62c0

fix(oracle-r2): same-origin baseUrl + refresh actually re-fetches

build-and-publish / test (push) Has been cancelled

Details

build-and-publish / image (push) Has been cancelled

Details

Oracle round-2 review caught two real bugs:

1. Production baseUrl bypassed the nginx /api proxy
   - api.ts defaulted to https://demo.flow-master.ai in prod
   - Browser would hit cross-origin and CORS-fail
   - Now: baseUrl='' everywhere; nginx.conf already reverse-proxies /api/*
   - vite.config.ts proxy still handles dev

2. Refresh button didn't refresh
   - setMode('live') early-returned when already in live mode
   - Now: setMode() and refreshLive() share runLiveFetch(); refreshLive
     ignores the same-mode guard and always re-runs
   - 4 new vitest regressions in state/store.test.ts cover the contract
   - Smoke now asserts /api/ea2/work-items is called twice after Refresh

Also:
- buildScenarios.ts parallelized: cap N=6 candidates, Promise.all per-
  candidate fetches → live mode now ~3s instead of 30s
- CommandBar + LeftRail preview toasts now name the exact endpoint
  (/api/runtime/transactions/{id}/actions) in the visible text
- Landing 'Go live' button rebound to refreshLive() when already live;
  copy changed to 'Live · refresh'
- README: scenario table now renders (added separator row); deploy
  section points at the real ops PR + the actual overlay path
  (overlays/demo, not overlays/mc.flow-master.ai); CORS doc clarifies
  same-origin requirement

Constraint: browsers reject cross-origin → same-origin /api/* required
Rejected: dev/prod baseUrl divergence | created production bug
Confidence: high
Scope-risk: narrow
Not-tested: production image actually built + served by ops PR (gated by trusted updater + DNS)

2026-06-14 00:26:38 +04:00

Shad

3ffd0e68a7

Mission Control demo v2

Polished command-center for FlowMaster with two data modes:
- SNAPSHOT: bundled src/scenarios.json from demo.flow-master.ai
- LIVE: in-browser fetch via src/lib/api.ts (dev-login + bearer)

Scenarios:
- procurement, extra-1, extra-2 (live from EA2)
- ar, hcm, gl, service (industry blueprints, same typed shell)

Honesty pass after Oracle review:
- No invented numbers (Telemetry derives SLA + agent acceptance from real data)
- Preview-only actions fire toasts naming the endpoint to wire them
- Blueprint tours framed as 'industry blueprint', not 'we don't have this yet'
- Mode pill + last-fetch age + refresh in topbar
- Dev CORS dodged via vite proxy; production deploys same-origin

18 vitest tests + 26 playwright smoke assertions + DOM layout audit.

Constraint: cross-origin live mode rejected by browser → fall back to snapshot
Rejected: hardcoded SLA % | dishonest demo metrics
Directive: wire preview-only action handlers to /api/runtime/transactions/{id}/actions to ship them for real
Confidence: high
Scope-risk: narrow
Not-tested: production deployment via flowmaster-ops overlay

2026-06-14 00:09:32 +04:00

2 Commits