openova/openova
1
0
Fork 0
Code Issues Pull Requests Actions 11 Packages Projects Releases Wiki Activity
56262df649
openova/products/catalyst
History
e3mrah 56262df649
fix(auth): VerifyPinPage + /auth/handover set catalyst:authed marker BEFORE navigating (#1090 cluster A3) (#1174) 
LIVE BUG report 2026-05-09: operator submits correct PIN at
console.omantel.biz/login, BE logs "pin/verify: session established"
+ HTTP 200 with HttpOnly catalyst_session cookie set, but the SPA
immediately redirects back to /login.

Root cause: PR #1109 (cluster A2) added rootRoute.beforeLoad with
hasCatalystSession() — synchronous gate that reads
sessionStorage['catalyst:authed']. The HttpOnly cookie is invisible
to JS, so SovereignConsoleLayout sets that marker AFTER its async
/whoami probe returns. But on the post-PIN-verify navigation, the
gate runs BEFORE SovereignConsoleLayout mounts → marker is empty →
gate redirects back to /login. Bounce loop.

Two fixes:

1. VerifyPinPage success branch sets the marker BEFORE navigation
   AND switches navigate() → window.location.replace() so the next
   page boot reads the cookie via a fresh /whoami round-trip
   (matches the pattern Fix #A used for the unauth path).

2. /auth/handover route's beforeLoad sets the marker too — the
   server-side AuthHandover handler 302-redirects with the cookie set,
   so by the time we reach this safety-net route the cookie exists;
   the marker just needs to track that.

Anti-regression for the marker race: SovereignConsoleLayout STILL
sets the marker after probeSessionCookie returns (preserves the
post-cookie-set race recovery from PR #1109). Both seams set it
defensively.

DoD: post-PIN-verify navigation lands on /dashboard (or `next` if
present), NOT bounced to /login. Confirmed BE side already works
(8h session minted on 200 response).

Co-authored-by: Hati Yildiz <hati.yildiz@openova.io>
Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-09 12:50:40 +04:00
..
bootstrap fix(auth): VerifyPinPage + /auth/handover set catalyst:authed marker BEFORE navigating (#1090 cluster A3) (#1174) 2026-05-09 12:50:40 +04:00
chart deploy: update catalyst images to 3cc24be 2026-05-09 08:37:40 +00:00
README.md feat(consolidation): Phase 1 — move Catalyst-Zero apps + CI + manifests into public monorepo 2026-04-28 12:08:09 +02:00

README.md

OpenOva Catalyst (composite Blueprint)

The umbrella Blueprint bp-catalyst-platform — composes the Catalyst control plane.

Status: Deployed. Updated: 2026-04-28.

This product directory contains:

  • chart/ — the Helm chart that deploys Catalyst-Zero on a Kubernetes cluster (and every franchised Sovereign).
  • chart/templates/{ui,api}-deployment.yaml + service + ingress — the catalyst-ui (React SPA wizard scaffold) and catalyst-api (Go bootstrap API) workloads.
  • chart/templates/sme-services/ — 11 manifests for the legacy SME backend services + the consolidated console, admin, marketplace UI workloads (sourced from core/{console,admin,marketplace}/).
  • chart/templates/marketplace-api/ — manifests for the Go marketplace-api backend (sourced from core/marketplace-api/).
  • bootstrap/{ui,api}/ — the source code for catalyst-ui and catalyst-api (deployed via the catalyst-build CI workflow).

For the unified architecture and the wizard's target shape, see docs/PROVISIONING-PLAN.md, docs/ARCHITECTURE.md, and docs/SOVEREIGN-PROVISIONING.md.

How Catalyst-Zero is deployed today

A Flux Kustomization on the Catalyst-Zero cluster (Contabo k3s) reconciles products/catalyst/chart/templates/ from this public repo. CI workflows (.github/workflows/{catalyst,console,admin,marketplace,marketplace-api}-build.yaml) build and push images on every push to main, then the deploy step pins the image SHA into the corresponding manifest in this directory and commits back. Flux picks up the commit and rolls the deployment.

Image registry: ghcr.io/openova-io/openova/{catalyst-ui,catalyst-api,console,admin,marketplace,marketplace-api}:<sha>.

Migration status (per docs/PROVISIONING-PLAN.md)

Component Source location Image Status
catalyst-ui products/catalyst/bootstrap/ui/ ghcr.io/openova-io/openova/catalyst-ui public repo
catalyst-api products/catalyst/bootstrap/api/ ghcr.io/openova-io/openova/catalyst-api public repo
console core/console/ ghcr.io/openova-io/openova/console public repo (Phase 1)
admin core/admin/ ghcr.io/openova-io/openova/admin public repo (Phase 1)
marketplace core/marketplace/ ghcr.io/openova-io/openova/marketplace public repo (Phase 1)
marketplace-api core/marketplace-api/ ghcr.io/openova-io/openova/marketplace-api public repo (Phase 1)
sme-{auth,billing,catalog,domain,gateway,notification,provisioning,tenant} (still in openova-private/services/) ghcr.io/openova-io/openova-private/sme-* follow-up phase — source not yet moved