Stability checkpoint — 21-commit batch : 4 endpoints + ChurnControllerTest + SLO chaos URIs + JaCoCo HTML
- **feat(slo): dedicated chaos endpoints** — `POST /customers/db-failure` + `POST /customers/kafka-timeout` for SLO burn-rate demos (!233)
- **feat(slo): switch chaos annotations to dedicated URIs** — Grafana SLO dashboard annotation `expr` switched from generic to deterministic URI filters + 4th 'Real 5xx' annotation (!235)
- **feat(product): server-side search** — `GET /products?search=` case-insensitive name+description filter (drops UI client-side fan-out)
- **feat(ci): JaCoCo HTML report + cobertura widget** on MR pipelines
- **feat(order): PUT /orders/{id}/status** — state-machine validated status update (PENDING→CONFIRMED→SHIPPED, 200/404/409/422)
- **feat(product): GET /products/{id}/orders** — server-side list of orders consuming a product
- **feat(order): PATCH /orders/{orderId}/lines/{lineId}/status** — per-line refund state machine (ADR-0063)
- **feat(stability-check): per-slice health snapshot** for order/product/ml in `bin/dev/sections/code.sh`
- **test(ml): ChurnControllerTest** — 0% → 100% coverage on the REST entry point (closes Phase B coverage gap, 6 tests covering 503/404/200/500 + topFeatures ranking)
- **test(smoke): PUT /orders/{id}/status flow** in api-smoke.hurl
- **docs(readme): sync README.fr.md** to match EN structure (mastery block + 8-row matrix)
- **docs(banner.svg)**: provenance line adds "ONNX in-process ML"
- chore(tasks): strike 2026-04-27 wave + scheduled-batch pointer for coverage
- chore(tasks): strike dedicated chaos endpoints — replaced by dashboard expr update
CI :
- ✅ Main pipeline #2483569481 green at 2026-04-28 00:41 — https://gitlab.com/mirador1/mirador-service-java/-/pipelines/2483569481
- ✅ MR pipeline #2483403664 green (consolidator !247, merged 2026-04-28 00:05) — https://gitlab.com/mirador1/mirador-service-java/-/merge_requests/247
Local test pass :
- ✅ `./mvnw verify -q` — exit 0 (background run b7ivb4xuz, completed 2026-04-28 00:13)
- ⏭ `./mvnw verify -Dcompat -Djava21 -q` — N/A locally (compat matrix runs in CI as compat-sb3-java17/21 + compat-sb4-java17/21 manual jobs, exercised on each tag)
- ⏭ `bin/dev/stability-check.sh` — skipped this rev (gated on time, last run on stable-v1.2.12)
- ⏭ `bin/dev/api-smoke.sh` — skipped this rev (manual local server boot required, exercised in CI integration-test job)
Regression check vs stable-v1.2.12 :
- ✅ Phase B Customer Churn predict — still working (ChurnControllerTest now covers it)
- ✅ MCP server : 14 tools wired in McpConfig — list still complete
- ✅ Page<T> serialization not regressed (flat JSON shape preserved per CLAUDE.md)
- Spring AI 1.0.0-M6 + Ollama local LLM + 14 in-process MCP tools (per-method @Tool, ADR-0062)
- AI Observability : gen_ai.* OTel spans → Tempo
- Customer Churn ONNX cross-language inference (Phase B Java + Phase C Python verified ≤ 1e-6)
- Drift detection MLflow + KS-test (Phase E shared)
- AuthN flows : JWT + X-API-Key fallback + OAuth2/OIDC via Auth0 + refresh-token rotation
- AuthZ surfaces : RBAC roles + @PreAuthorize on admin tools + per-endpoint matchers in SecurityConfig
- CVE posture : 5 grype HIGH on Spring AI 1.0.0-M6 (suppressed pending GA migration), all others patched
- Headers + filters : RateLimitingFilter (Bucket4j 100req/min) + RequestIdFilter (ScopedValue) + IdempotencyFilter + SecurityHeadersFilter (CSP/HSTS/X-Frame-Options)
- Customer onboarding & enrichment + Order/Product/OrderLine domain (6 invariants, jqwik property tests)
- New endpoints this rev : PUT /orders/{id}/status, GET /products/{id}/orders, PATCH /orders/{id}/lines/{line_id}/status
- State machines : Order PENDING→CONFIRMED→SHIPPED, OrderLine PENDING→SHIPPED→REFUNDED (ADR-0063)
- Breaking-API check : none
- GKE Autopilot (mirador-prod, europe-west1) live at https://mirador1.duckdns.org
- Terraform IaC + ESO (External Secrets Operator) + cert-manager
- Multi-cloud deploy targets : AKS / EKS / Cloud Run / Fly.io (ADR-0022 ephemeral pattern)
- Cost discipline : `bin/budget/budget.sh status` ≤ €2/month idle target
- 3 SLOs as code (Sloth recording rules) : availability, latency, enrichment
- Multi-window burn-rate alerting (5min / 30min / 2h / 6h)
- Apdex + heatmap + breakdown-by-endpoint dashboards (Phase 2 shipped 2026-04-27)
- 3 runbooks : availability / latency / enrichment
- Chaos endpoints `/customers/db-failure` + `/customers/kafka-timeout` driving real Grafana annotations on SLO dashboards (this rev)
- OTel exporter healthy : Tempo spans + Mimir series + Loki tail confirmed via dashboards
- JaCoCo merged report : 70% gate, ChurnController slice now 100% (was 0%)
- PIT mutation testing
- SonarCloud quality gate green
- 60+ ADRs (Hexagonal Lite ADR-0044, Feature-slicing ADR-0008, polyrepo flat α ADR-0060, MR batching ADR-0063)
- jqwik property tests for 6 domain invariants
- GitLab CI multi-stage pipeline green (lint, test, integration, sonar, grype, sbom, package)
- Compat matrix : SB3 × Java 17/21, SB4 × Java 17/21/25
- Conventional Commits enforced via lefthook + commitlint
- Auto-merge via `merge_when_pipeline_succeeds=true` + `--remove-source-branch=false` (preserves dev)
- MR batching pattern formalised (ADR-0063 in mirador-common) — !247 consolidator merged 8 fan-out MRs into 1 CI cycle (~85% wall-time savings)
- JaCoCo HTML now published as artifact + cobertura widget on MR pipelines (this rev)
- ADRs newly accepted this rev : ADR-0063 (order-line refund state machine, in shared)
- Patterns enforced : Hexagonal Lite (ADR-0044) / Feature-slicing (ADR-0008) / polyrepo flat α (ADR-0060) / Clean Code 7 non-négociables
- File length hygiene : QualityReportEndpoint.java still 1934 LOC (pending split, tracked in TASKS.md)
- Per-slice stability-check sections (this rev) for order/product/ml LOC + test count + coverage snapshot
- Renovate + Lefthook + Conventional Commits CI
- Stability-check.sh + bin/dev/* helpers
- ./run.sh dispatcher
- mcp-setup-{infra,app}.sh
- **QualityReportEndpoint.java 1934 LOC split** — planned at next touch (per file-length hygiene rule)
- **Spring AI 1.0.0-M6 → 1.0.0 GA migration** — Ollama starter renamed, manual pom migration needed (pinned with explanation in pom.xml)
- **5 HIGH CVEs on Spring AI deps** — suppressed pending GA migration
- Spring AI 1.0.0 GA migration (when ready)
- QualityReportEndpoint split into 7 parser classes
- Phase F : Customer Churn ConfigMap promotion to dev cluster