Stability checkpoint — UI 1.0.52 (CI hygiene wave 9 partial) After 9 waves of UI CI fixes, status : ✅ CONFIRMED FIXED (shields removed) : - grype:scan : /grype absolute path - dockle : svc tarball pattern (docker:28 + pull --platform + save + --input) 🟡 PARTIAL PROGRESS (still allow_failure shielded) : - e2e:kind : MAJOR breakthrough wave 9 — docker network connect works (docker ps --filter name=$(hostname) finds the runner container's full name with -build-N suffix). DNS resolves db (172.25.0.4 from job container). BUT Spring Boot doesn't reach actuator/health UP within 10 min — likely Kafka reconnect loop blocking startup. Next wave : tune SPRING_KAFKA timeouts OR exclude Kafka health from actuator/health composite OR start Kafka EARLIER + with healthcheck. - sonarcloud : tree-sitter still crashes on /home/scanner-cli read-only. Wave 9 attempts (chmod /home/scanner-cli + XDG_DATA_HOME) all failed. Next escalation : custom Docker image based on sonarsource/sonar-scanner-cli with /home/scanner-cli pre-chowned 777, OR symlink approach. Net : 2/4 UI CI debt items fully closed (was 0/4 morning). 2 remaining items have known root causes documented for next sessions.