docs: project docs, scripts, deployment configs, and evidence

docs/evidence/ops/2026-03-28/quality/COVERAGE_REMEDIATION_20260328-011431.md

@@ -0,0 +1,112 @@
+# 2026-03-28 Q-004 Coverage Remediation Pass 7
+
+## Scope
+
+- Continue strict `Q-004` closure work after Pass 6.
+- This pass focused on:
+  - fully closing the remaining `UsersPage` modal/drawer cluster
+  - fully closing the remaining `WebhooksPage` modal/drawer cluster
+  - materially lifting `internal/repository`
+  - fixing newly exposed repository correctness defects found during stricter coverage work
+
+## Changes
+
+### Frontend
+
+- Added component-level coverage in:
+  - `frontend/admin/src/pages/admin/UsersPage/AssignRolesModal.test.tsx`
+  - `frontend/admin/src/pages/admin/UsersPage/UserEditDrawer.test.tsx`
+  - `frontend/admin/src/pages/admin/UsersPage/UserDetailDrawer.test.tsx`
+  - `frontend/admin/src/pages/admin/UsersPage/CreateUserModal.behavior.test.tsx`
+  - `frontend/admin/src/pages/admin/WebhooksPage/DeliveryDetailModal.test.tsx`
+  - `frontend/admin/src/pages/admin/WebhooksPage/WebhookFormModal.test.tsx`
+  - `frontend/admin/src/pages/admin/WebhooksPage/WebhookDeliveriesDrawer.test.tsx`
+- Newly covered frontend behavior includes:
+  - assign-role modal state sync, transfer changes, submit success, submit failure, and cancel reset
+  - user edit drawer form hydration, birthday normalization, validation-error swallow path, service-error path, and close reset
+  - user detail drawer loading, success rendering, empty fallback, fetch-failure fallback, and optional-field placeholder rendering
+  - create-user modal close/reset, disabled activation-email backfill, validation-error swallow path, and service-error path
+  - delivery detail modal success/failure rendering, JSON formatting branch, raw payload fallback, and close path
+  - webhook form modal create/edit mode branching, validation-error swallow path, and service-error path
+  - webhook deliveries drawer load, refresh, detail-open, no-webhook guard, and load-failure path
+
+### Backend
+
+- Added repository depth coverage in:
+  - `internal/repository/repository_relationships_test.go`
+- Newly covered backend logic includes:
+  - `RoleRepository` lifecycle, status queries, default-role queries, search, parent queries, and ID-batch queries
+  - `PermissionRepository` lifecycle, type/status queries, join-based enabled permission queries, parent queries, and ID-batch queries
+  - `UserRoleRepository` create/batch-create/batch-delete/delete/delete-by-user/delete-by-role and ID projection helpers
+  - `RolePermissionRepository` create/batch-create/batch-delete/delete/delete-by-role/delete-by-permission and projection helpers
+- Real defects found and fixed during this pass:
+  - `internal/repository/role.go`
+    - explicit `status=0` role creation was being swallowed by DB defaults and persisted as enabled
+  - `internal/repository/permission.go`
+    - explicit `status=0` permission creation was being swallowed by DB defaults and persisted as enabled
+
+## Verified Commands
+
+```powershell
+cd D:\project
+$env:GOCACHE='D:\project\.tmp\gocache'
+$env:GOPATH='D:\project\.tmp\go'
+$env:GOMODCACHE='D:\project\.tmp\go\pkg\mod'
+go test ./internal/repository -run 'Test(RoleRepositoryLifecycleAndQueries|PermissionRepositoryLifecycleAndQueries|UserRoleAndRolePermissionRepositoriesLifecycle)$' -count=1
+go test ./internal/repository -cover -count=1
+go test ./... -count=1
+go vet ./...
+go build ./cmd/server
+
+cd D:\project\frontend\admin
+npm.cmd run test:run -- src/pages/admin/UsersPage/AssignRolesModal.test.tsx src/pages/admin/UsersPage/UserEditDrawer.test.tsx src/pages/admin/UsersPage/UserDetailDrawer.test.tsx src/pages/admin/UsersPage/CreateUserModal.behavior.test.tsx src/pages/admin/UsersPage/CreateUserModal.test.tsx src/pages/admin/UsersPage/UsersPage.test.tsx
+npm.cmd run test:run -- src/pages/admin/WebhooksPage/DeliveryDetailModal.test.tsx src/pages/admin/WebhooksPage/WebhookFormModal.test.tsx src/pages/admin/WebhooksPage/WebhookDeliveriesDrawer.test.tsx src/pages/admin/WebhooksPage/WebhooksPage.test.tsx
+npm.cmd run lint
+npm.cmd run build
+npm.cmd run test:coverage
+```
+
+## Results
+
+### Frontend coverage
+
+- Overall:
+  - statements `74.54%`
+  - branches `63.57%`
+  - functions `74.61%`
+  - lines `75.35%`
+- Target areas:
+  - `src/pages/admin/UsersPage`: `95.06%` statements
+    - `AssignRolesModal.tsx`: `100%`
+    - `CreateUserModal.tsx`: `100%`
+    - `UserDetailDrawer.tsx`: `100%`
+    - `UserEditDrawer.tsx`: `100%`
+    - `UsersPage.tsx`: `90.98%`
+  - `src/pages/admin/WebhooksPage`: `94.92%` statements
+    - `DeliveryDetailModal.tsx`: `100%`
+    - `WebhookDeliveriesDrawer.tsx`: `96.66%`
+    - `WebhookFormModal.tsx`: `96.42%`
+    - `WebhooksPage.tsx`: `93.15%`
+
+### Backend coverage
+
+- `internal/repository`: `67.1%`
+
+## Validation Notes
+
+- Frontend full coverage now completes with `41` passing test files and `134` passing tests.
+- The successful frontend coverage run still emits one post-summary jsdom `AggregateError` network-noise line.
+  - It does not fail the command.
+  - It is still a real residual hygiene issue and should continue to be tracked honestly.
+
+## Real Conclusion
+
+- This pass materially changed the real `Q-004` map again:
+  - `UsersPage` is no longer one of the remaining dominant uncovered admin clusters
+  - `WebhooksPage` is no longer one of the remaining dominant uncovered admin clusters
+  - `internal/repository` is no longer at the earlier closure-blocking `37.1%` depth
+- `Q-004` still cannot be honestly declared closed.
+- The remaining real gaps are now more concentrated in:
+  - deeper remaining frontend hotspots such as `ProfileSecurityPage`, `LoginPage`, `RegisterPage`, `AuthProvider`, and `lib/http`
+  - remaining backend repository depth outside the newly covered relation/role/permission paths
+  - frontend validation hygiene due the recurring post-summary jsdom `AggregateError` noise