user-system/docs/status/REAL_PROJECT_STATUS_ADDENDUM_20260324.md

REAL PROJECT STATUS ADDENDUM (2026-03-24)

New Closure

• Avatar upload now fails closed and rolls back filesystem side effects:
  • storage init failure is surfaced
  • filename entropy failure is surfaced
  • partial source files are removed on write failure
  • source file and thumbnail are removed if UpdateAvatar(...) fails
  • thumbnail is returned only when the thumbnail file really exists
• Added avatar upload regression tests for:
  • rollback after persistence failure
  • no fake thumbnail on thumbnail generation failure
  • fail-closed random source failure

Current Supported E2E Path

• The default supported path that passed in this round remains:
  • cd frontend/admin && npm.cmd run e2e:full:win
• In this environment the stable default browser is:
  • Playwright cached chrome-headless-shell.exe
• The current orchestration remains:
  • PowerShell launcher starts the browser
  • Playwright library connects over CDP

Real Boundary Confirmed In This Round

• Desktop Chrome / Edge did not form a stable supported CDP-ready path under the current PowerShell launcher.
• Direct browser spawn from Node hit spawn EPERM, so Node cannot replace the current PowerShell launcher here.
• Therefore the truthful claim is still browser-level real-user-flow validation, not OS-level automation closure.

Verification Executed

• go test ./internal/api/handler -count=1
• go test ./... -count=1
• go build ./cmd/server
• cd frontend/admin && npm.cmd run e2e:full:win
• cd frontend/admin && 1..2 | ForEach-Object { npm.cmd run e2e:full:win }