Records the three fix commits + two prod-code cleanup commits, with
one-paragraph summaries for each cluster and pointers to the diagnosis
doc for SSE.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Three distinct root causes, all reproducible when the classes run
solo — not order-dependent as the triage report suggested. Full
diagnosis in .planning/sse-flakiness-diagnosis.md.
1. AgentSseController.events auto-heal was over-permissive: any valid
JWT allowed registering an arbitrary path-id, a spoofing vector.
Surface symptom was the parked sseConnect_unknownAgent_returns404
test hanging on a 200-with-empty-stream instead of getting 404.
Fix: auto-heal requires JWT subject == path id.
2. SseConnectionManager.pingAll read ${agent-registry.ping-interval-ms}
(unprefixed). AgentRegistryConfig binds cameleer.server.agentregistry.*
— same family of bug as the MetricsFlushScheduler fix in a6944911.
Fix: corrected placeholder prefix.
3. Spring's SseEmitter doesn't flush response headers until the first
emitter.send(); clients on BodyHandlers.ofInputStream blocked on
the first body byte, making awaitConnection(5s) unreliable under a
15s ping cadence. Fix: send an initial ": connected" comment on
connect() so headers hit the wire immediately.
Verified: 9/9 SSE tests green across AgentSseControllerIT + SseSigningIT.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
13 commits landed on local main; the three remaining parked clusters
each need a specific intent call before the next pass can proceed:
- ClickHouseStatsStoreIT (8 failures) — timezone bug in
ClickHouseStatsStore.lit(Instant); needs a store-side fix, not a
test-side one.
- AgentSseControllerIT + SseSigningIT (4 failures) — SSE connection
timing; looks order-dependent, not spec drift.
Also flagged two side issues worth a follow-up PR:
- ExecutionController legacy path is dead code.
- MetricsFlushScheduler.@Scheduled reads the wrong property key and
silently ignores the configured flush interval in production.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Records the 5 commits landed this session (65 → 44 failures), the 3
accepted remaining clusters (Cluster B ingestion-payload drift, SSE
timing, small Cluster E tail), and the open questions that require
spec intent before the next pass can proceed.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Rename Java packages from com.cameleer3 to com.cameleer, module
directories from cameleer3-* to cameleer-*, and all references
throughout workflows, Dockerfiles, docs, migrations, and pom.xml.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Add RBAC role table, OIDC login flow, user admin API examples, and
new configuration properties to HOWTO.md. Update CLAUDE.md with RBAC
roles, OIDC support, and user persistence. Add user repository to
ARCHITECTURE.md component table.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- SUMMARY.md with self-check passed
- STATE.md updated to plan 3/3 complete, 100% progress
- ROADMAP.md and REQUIREMENTS.md updated (SECU-04 complete)
- deferred-items.md documents pre-existing test failures from Plan 02
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
3 plans in 2 waves covering all 5 SECU requirements:
- Plan 01 (W1): Security service foundation (JWT, Ed25519, bootstrap token)
- Plan 02 (W2): Spring Security filter chain, endpoint protection, test adaptation
- Plan 03 (W2): SSE payload signing with Ed25519
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- SUMMARY.md documenting diagram hash linking and test stability fixes
- STATE.md updated with position, decisions, metrics
- ROADMAP.md updated with phase 02 plan progress
- REQUIREMENTS.md DIAG-02 marked complete
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Create 01-01-SUMMARY.md with execution results
- Update STATE.md with plan progress and decisions
- Update REQUIREMENTS.md marking INGST-04, INGST-05, INGST-06 complete
- Update ROADMAP.md with phase 01 progress
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Integration tests in 01-02 extend AbstractClickHouseIT from 01-03.
Both were wave 2 (parallel), causing potential compilation failure.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Remove AbstractClickHouseIT and application-test.yml from Plan 01-01,
move to Plan 01-03 Task 1 (reduces 01-01 from 15 to 13 files)
- Change Plan 01-02 Task 1 tdd="true" to tdd="false" (compile-only verify)
- Add DiagramRepository and MetricsRepository flush key_links to Plan 01-02
- Update VALIDATION.md: INGST-06 TTL maps to HealthControllerIT#ttlConfigured*
instead of non-existent ClickHouseTtlIT
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
