2.1 KiB
2.1 KiB
Admin Bootstrap Closure Evidence
Generated at: 2026-03-27 17:39:14 +08:00
Scope
This evidence package covers the first-admin bootstrap closure for the current repository state:
- public backend endpoint:
POST /api/v1/auth/bootstrap-admin - public frontend route:
/bootstrap-admin - login/register first-run entry points
- supported-browser validation for
首次管理员初始化 -> 进入后台 -> 登出
Implemented closure
- Backend:
- added one-time admin bootstrap service flow guarded by
GET /api/v1/auth/capabilities -> admin_bootstrap_required - bootstrap now creates the first active admin, binds the
adminrole, issues a real session, and closes the bootstrap window afterward
- added one-time admin bootstrap service flow guarded by
- Frontend:
- added
/bootstrap-adminpage - added login/register entry points when bootstrap is still required
- added post-bootstrap auto-login into
/dashboard
- added
- E2E:
frontend/admin/scripts/run-playwright-auth-e2e.ps1no longer depends on startup-injected admin credentials- the Playwright CDP suite now validates real bootstrap creation before the rest of the admin workflow scenarios
Verification executed
go test ./... -count=1
go build ./cmd/server
cd D:\project\frontend\admin
npm.cmd run lint
npm.cmd run test:run
npm.cmd run build
powershell -ExecutionPolicy Bypass -File .\scripts\run-playwright-auth-e2e.ps1
Latest supported-browser result
The latest real-browser run completed with:
PASS admin-bootstrapPASS public-registrationPASS email-activationPASS login-surfacePASS auth-workflowPASS responsive-loginPASS desktop-mobile-navigationPlaywright CDP E2E completed successfully
Real boundary
- This closes the product loop for first-admin initialization in the current supported browser-validation environment.
- It does not change the previously stated external boundaries:
- no live third-party OAuth provider evidence yet
- no live external SMTP provider deliverability evidence yet
- no external production delivery/governance evidence beyond the local auditable package already formed in-repo