Epic 8 — Run History, Search & Filters
Covers per-project and global run history lists, status / depth / framework / date filters, full-text search across runs and artifacts, and mandatory Auditor read-only masking (hidden mutating controls, redacted artifact previews, read-only CSV export).
Personas: BU (primary) OP AU (read-only, redacted)
Shared modules:
RedactionFilter (Heuristic, surface: epic-8-*)
CorrelationChip
LastSyncedBadge
EnvProvenance
Story 8.1 — Per-Project Run History
- As a
- BU
- I want
- to view the complete run history for a specific project in a paginated list
- So that
- I can track outcomes across all executions for that repository
Scenario: Run history loads for a project
Giventhe user navigates to
/projects/{project_id}/runs and the project has at least one run
WhenGET /projects/{project_id}/runs resolves
Thena paginated list is rendered showing: run_id (truncated, copyable), status badge, depth_level, branch_name, created_at, and finished_at; sorted by created_at descending by default
Scenario: Archived project history accessible
Giventhe project is archived
Thenan Archived project banner is displayed; all historical runs are listed with status intact; no Trigger new run button is shown
| Endpoint / DB | Purpose |
|---|---|
GET /projects/{project_id}/runs | Paginated run history for project |
DB runs.status, runs.depth_level, runs.branch_name | List columns |
Story 8.2 — Global Run History
- As a
- BU
- I want
- to view runs across all projects in a single global list
- So that
- I can track system-wide activity without navigating project by project
Scenario: Global run history loads
Giventhe user navigates to
/runs
WhenGET /runs resolves
Thena paginated list of all runs across all projects is rendered; each row includes the project name alongside the standard run fields from Story 8.1; sorted by created_at descending
| Endpoint / DB | Purpose |
|---|---|
GET /runs | Paginated global run list (all projects) |
DB runs.project_id JOIN projects.name | Project name column |
Story 8.3 — Status, Depth, Framework, and Date Filters
- As a
- BU
- I want
- to filter the run history list by status, depth level, framework, and date range
- So that
- I can quickly isolate the subset of runs I need to review
Scenario: Multiple filters combined
Giventhe user has selected
status: failed and depth_level: deep
Whenthe filters are applied
ThenGET /runs?status=failed&depth_level=deep is issued; only matching runs are shown; active filter chips are displayed with a clear affordance per chip
Scenario: Clearing all filters
Whenthe user clicks Clear all filters
Thenall filter chips are removed and the unfiltered list is restored
| Endpoint / DB | Purpose |
|---|---|
GET /runs | Query params: status, depth_level, target_framework, from_date, to_date, project_id |
Story 8.4 — Full-Text Search Across Runs and Artifacts
- As a
- BU
- I want
- to search across runs and artifact content using a text query
- So that
- I can find specific runs or test outputs without knowing the exact run ID
Scenario: Search returns matching runs with highlighted snippets
When
GET /search?q=<query> resolves
Thenmatching run rows are shown with the matching text highlighted; artifact snippets that match are shown in an expandable sub-row
| Endpoint / DB | Purpose |
|---|---|
GET /search?q=<query> | Full-text search across runs and artifacts |
DB artifacts.content (V4) | Artifact content search index |
Story 8.5 — Auditor Read-Only View with Mandatory Masking
- As an
- AU
- I want
- to view run history and search results with sensitive data masked and all mutating controls removed
- So that
- I can fulfil compliance and audit duties without being exposed to raw secrets or PII
Scenario: Run history renders for Auditor with mutating controls absent
Giventhe user has the Auditor role
Whenthe Auditor views the run history
Thenthe Re-run, Cancel, and Delete controls are absent from every run row; no
POST, DELETE, or PATCH endpoints are ever called for Auditor sessions on this surface
Scenario: Auditor search result snippet redacted
Givena search result snippet contains a value matching a JWT or token pattern
Thenthe
RedactionFilter (Heuristic, surface: epic-8-search) processes the snippet before DOM serialisation; detected secrets/PII are replaced with [REDACTED]; a redaction.applied breadcrumb is emitted
Scenario: Auditor export limited to read-only CSV
Whenthe Auditor accesses the export affordance on the run history list
Thenonly Export CSV is offered (no Re-run or bulk-cancel); the CSV download is initiated via
GET /runs/export?format=csv; the CSV content passes through the Heuristic Redaction Filter before delivery
| Endpoint / DB | Purpose |
|---|---|
GET /runs | Auditor receives same data; mutating controls suppressed client-side |
GET /runs/export?format=csv | Auditor CSV export (read-only, redacted) |