# Runtime Action Panel Live Update Coverage Matrix

Generated: 2026-05-16

Scope: chunk 000182, Runtime State Journal Producer Coverage and Live UI Proof.

## Summary

Runtime Health remains the canonical dashboard snapshot. Socket.IO remains an invalidation transport. The preferred live invalidation source is the Runtime State Change Journal where a surface has a producer; backend file watchers remain compatibility fallback for surfaces that are not journal-covered yet.

Socket invalidation messages now carry bounded `snapshotHint` and `changedSurfaces` metadata. The frontend routes those hints to feature-owned GraphQL refetches; it does not render dashboard truth from socket payloads.

Authenticated browser/socket proof was not performed in this chunk because no safe test admin browser session or disposable authenticated socket credential was available in the terminal environment. The work is covered by backend socket metadata tests and frontend invalidation/refetch tests; a browser-authenticated E2E harness remains carry-forward.

## Coverage Matrix

| Surface | Source of Truth | Journal Producer | Fallback Watcher | Socket Metadata | GraphQL Projection | Frontend Refetch/Render | Status |
| --- | --- | --- | --- | --- | --- | --- | --- |
| `runtime_work_session` | `.tmp/runtime-work-session` via Runtime work-session tooling | Covered by work-session start/heartbeat/complete/fail/stale events | `.tmp/runtime-work-session` watcher remains fallback | `snapshotHint: runtime_health`, `changedSurfaces: runtime_work_session, role_activity` | `adminRuntimeHealth.runtimeWorkSession` | Runtime Action Panel refetches `adminRuntimeHealth` and renders snapshot data | Covered |
| `role_activity` | Runtime Health projection from lifecycle, work-session, validation evidence | Indirectly covered by work-session journal events where work-session affects role evidence | Active chunk/work-session watchers | `role_activity` in changed surfaces | `adminRuntimeHealth.roleActivity` | Runtime Action Panel refetches/render snapshot data | Covered for current projection; scheduled/expected-role state remains cfd-0011 |
| `current_gate` | Active chunk lifecycle artifact and Runtime Health projection | Not journal-covered yet | `ai/chunks/active` watcher | `current_gate` | `adminRuntimeHealth.currentGate` | Runtime Action Panel refetches snapshot | Fallback-only |
| `active_chunk` | `ai/chunks/active` | Not journal-covered yet | `ai/chunks/active` watcher | `active_chunk` | `adminRuntimeHealth.activeChunk` | Runtime Action Panel refetches snapshot | Fallback-only |
| `active_work_package` | `ai/work-packages/active` | Not journal-covered yet | `ai/work-packages/active` watcher | `active_work_package` | `adminRuntimeHealth.activeWorkPackage` | Runtime Action Panel refetches snapshot | Fallback-only |
| `validation_status` | Runtime validation/scorecard output and health snapshot | Not journal-covered for validation/cache completion | Carry-forward/scorecard/timeline-related watchers | `validation_status` | `adminRuntimeHealth.validationStatus`, validations | Runtime Action Panel refetches snapshot | Fallback-only |
| Timeline boundedness | `.tmp/action-timeline` plus boundedness validators | Not migrated; action timeline remains separate audit/timeline surface | `.tmp/action-timeline` watcher | `timeline`, `timeline_boundedness` | `adminRuntimeHealth.timeline`, boundedness fields | Runtime Action Panel refetches snapshot | Fallback-only |
| Audit boundedness | `.tmp/audit-index` derived index | Not migrated; audit index remains derived index | `.tmp/audit-index` watcher | `audit_boundedness`, `timeline_boundedness` | Runtime Health boundedness projection | Runtime Action Panel refetches snapshot | Fallback-only |
| Leases and operations | `.tmp/runtime-concurrency` | Covered by runtime concurrency producer events | `.tmp/runtime-concurrency` watcher remains fallback | `leases`, `operations`, `lease_status` | `adminRuntimeHealth.leases`, operations, leaseStatus | Runtime Action Panel refetches snapshot | Covered |
| Pending human actions | `.tmp/operator-questions`, approved-action records, lifecycle projection | Not journal-covered yet because approval authority boundaries need careful producer hooks | `.tmp/operator-questions`, `.tmp/approved-actions`-style watcher coverage where present | `pending_human_action`, `human_actions`, `approval` | `adminRuntimeHealth.pendingHumanAction`, humanActions | Runtime Action Panel refetches snapshot | Fallback-only |
| Operator questions / approvals | `.tmp/operator-questions` and approved-action records | Not journal-covered yet | Operator question/approval watchers where configured | `human_actions`, `approval` | Human action fields in health snapshot | Runtime Action Panel refetches snapshot | Fallback-only |
| Dispatcher status/results | `.tmp/approved-action-dispatcher/results` | Not journal-covered yet | Dispatcher result watcher | `dispatcher`, `operations`, `pending_human_action` | Dispatcher/operation projection in health snapshot where available | Runtime Action Panel refetches snapshot | Fallback-only |
| Runtime availability/freshness | `.tmp/runtime-api`, `.tmp/runtime-supervisor`, Runtime Health generation | Not journal-covered yet | Runtime API/supervisor watchers and app-shell recovery refresh | `runtime_availability`, `runtime_freshness` | `adminRuntimeHealth.runtimeAvailable`, generatedAt/source | App-shell and Runtime Action Panel refetch snapshot | Fallback-only |
| Consultant checkpoints | Consultant checkpoint artifacts / `.tmp` checkpoint state where present | Not journal-covered yet | Not fully covered by path watcher; snapshot refresh shows truth when fetched | `consultant_checkpoints` when emitted | `adminRuntimeHealth.consultantCheckpoints` | Frontend routes consultant checkpoint hint to `adminRuntimeHealth` refetch | Gap |
| Handoff/export state | Backend-owned export resolver from Runtime snapshot/artifacts | Not journal-covered as a separate producer | None required for canonical data; refreshed by invalidation routing when relevant | `handoff_exports` | `adminRuntimeHealthExport` | Admin Health data service refetches export query for handoff surfaces | Covered for query routing; no dedicated producer |
| Workflow artifacts | `ai/chunks`, `ai/work-packages`, `ai/requirements` | Not generally journal-covered | Active chunk/work-package watchers only | `workflow_artifacts`, active chunk/work package surfaces | Active/current fields in health snapshot | Runtime Action Panel refetches snapshot | Partial |
| Validation/cache completion state | Validation/cache artifacts and command output | Not journal-covered | Unknown/incomplete | `validation_status` if emitted by fallback | Health validation fields | Runtime Action Panel refetches snapshot | Gap |
| Completed work-package/archive state | `ai/work-packages/completed`, archive artifacts | Not journal-covered | Not covered as live source | `workflow_artifacts` if future producer emits | Work-package/current-state projections when queried | Refetch routing exists; source event missing | Gap |

## Remaining cfd-0012 Scope

Keep `cfd-0012` open, but narrow it to:

- Authenticated browser/socket E2E proof with safe admin test credentials or a dedicated harness.
- Journal producers for lifecycle/current chunk/current gate changes, active/completed work-package changes, operator questions/approvals, dispatcher results, runtime availability/freshness, consultant checkpoints, and validation/cache completion where safe.
- Deciding whether timeline/audit boundedness should emit journal events directly or remain file-watcher fallback to preserve audit boundedness semantics.

## Non-Goals Confirmed

- Socket payloads do not contain full Runtime Health snapshots.
- Socket payloads do not contain target room lists, approval secrets, tokens, or workflow mutation instructions.
- Frontend does not render Runtime Action Panel truth from socket payloads.
- No workflow mutation socket handlers were added.