# S06: Live environment stabilization and integrated acceptance rerun

**Goal:** Live environment is repeatably startable and preflighted, seeded with acceptance-ready data, and the integrated daily loop is re-verified with a recorded artifact proving the manual-send boundary and individual-first workflow.
**Demo:** After this: The real M001 environment runs without the current backend/frontend CORS/runtime blockage, and the full `/jobs` → workspace → Gmail continuity → follow-up → dashboard/reminders loop is re-checked live with recorded acceptance results.

## Tasks
- [x] **T01: Validated and recorded the live API/auth preflight gate, including README runbook guidance and negative-path shell coverage.** — Build a repeatable preflight script and doc so environment blockers are caught before browser UAT.
- Why: avoid the ERR_CONNECTION_REFUSED/CORS/auth mismatch that currently blocks the UI.
- Steps:
  1) Create `scripts/s06-preflight.sh` (bash, executable) that assumes backend already started; probes `/api/auth/config` and `/api/admin/system` on `http://localhost:5202/api`, printing database/auth/gmailConfigured/ai status and failing fast on unreachable endpoints.
  2) Ensure script respects `API_BASE` env override and uses `curl -f` with readable errors; no secrets logged.
  3) Add a short runbook snippet to `README.md` showing backend start command from `JobTrackerApi/` and how to run the preflight (including auth token note if required).
  4) Sanity-check CORS expectations vs `job-tracker-ui/src/api.ts` and document the required origin pairing (UI :3000, API :5202).
- Failure Modes (Q5): API down → exit 1 with hint to start API; Auth required without token → script notes auth required and how to obtain; malformed JSON → show raw body and fail.
- Load Profile (Q6): trivial single-user curl calls; no scaling concern.
- Negative Tests (Q7): run script with API stopped (expect non-zero); run with wrong `API_BASE` (expect clear error message).
- Must-haves: preflight script exists/executable; README runbook mentions backend start + preflight; script outputs gmailConfigured/auth/db/ai fields.
- Verification: `bash scripts/s06-preflight.sh`
  - Estimate: 45m
  - Files: scripts/s06-preflight.sh, README.md, job-tracker-ui/src/api.ts, JobTrackerApi/appsettings.Development.json
  - Verify: bash scripts/s06-preflight.sh
- [x] **T02: Seeded acceptance-ready job data through the live API with deterministic rerun-safe ids and readiness output.** — Create a seed script that prepares a richer acceptance fixture (job, correspondence, saved package, follow-up readiness) using live API calls.
- Why: current DB has only 1 low-signal job; acceptance rerun needs actionable overview + workspace state.
- Steps:
  1) Write `scripts/s06-acceptance-data.sh` (bash, executable) that requires `AUTH_TOKEN` env; uses `scripts/s06-preflight.sh` first, then POSTs to `/api/jobapplications` (or PUT existing ID) to create a job with saved package fields, correspondence entry, reminder/follow-up signals, and notes.
  2) Add curl helpers for adding correspondence (`/api/correspondence/{jobId}` or equivalent), saving package material, and setting workflow/readiness if needed; use deterministic titles so rerun is idempotent (update if exists).
  3) Emit a short summary of created/updated IDs so the acceptance run can target them; avoid logging token.
  4) Document any manual token retrieval step in script comments.
- Failure Modes (Q5): missing AUTH_TOKEN → fail with guidance; 401/403 → explain token issue; 5xx → print response and fail; malformed response → show body and fail.
- Load Profile (Q6): few API calls; minimal DB impact.
- Negative Tests (Q7): run without AUTH_TOKEN (expect failure); rerun twice (should succeed idempotently); simulate 401 by bad token (expect clear message).
- Must-haves: script seeds at least one job with saved package + correspondence + follow-up readiness; outputs job id for UAT; uses preflight.
- Verification: `bash scripts/s06-acceptance-data.sh`
  - Estimate: 1h
  - Files: scripts/s06-acceptance-data.sh, scripts/s06-preflight.sh, README.md
  - Verify: bash scripts/s06-acceptance-data.sh
- [x] **T03: Added a repeatable live acceptance runner and recorded real S06 browser evidence for the manual-send boundary and daily loop.** — Execute the live acceptance loop and record results as an artifact for S07/UAT handoff.
- Why: prove the `/jobs → workspace → reminders/dashboard → follow-up/manual-send boundary` loop runs in the live stack after stabilization and seeding.
- Steps:
  1) Create `scripts/s06-acceptance-run.sh` to orchestrate: ensure backend running, run preflight + seed scripts, then run existing automated regressions most relevant to the loop (e.g., `end-to-end-trust-loop.test.tsx`) and capture outputs.
  2) Perform a guided browser run (can use agent-browser/Playwright) hitting /jobs, /reminders, /dashboard, opening the seeded job workspace, inspecting Tailored CV, Correspondence (linked-thread status), Follow-up draft manual-send boundary; note Gmail continuity if blocked.
  3) Write findings and screenshots/links into `docs/s06-acceptance-run.md` (what passed, what blocked, manual-send boundary observation, Gmail continuity status). Call out any gaps explicitly.
  4) Ensure commands avoid leaking tokens; artifacts redact secrets.
- Failure Modes (Q5): backend not running → script stops after preflight; tests fail → record failure in artifact; browser step blocked by auth → document and include auth instructions.
- Load Profile (Q6): single-user flows; test runner CPU-bound but acceptable.
- Negative Tests (Q7): note expected failure if Gmail remains unconfigured; ensure manual-send boundary not auto-triggered during run.
- Must-haves: acceptance-run script exists; artifact populated with live results; manual-send boundary explicitly observed; Gmail continuity status recorded (even if blocked).
- Verification: `bash scripts/s06-acceptance-run.sh` && `test -s docs/s06-acceptance-run.md`
  - Estimate: 1h30m
  - Files: scripts/s06-acceptance-run.sh, docs/s06-acceptance-run.md, scripts/s06-preflight.sh, scripts/s06-acceptance-data.sh, job-tracker-ui/src/end-to-end-trust-loop.test.tsx
  - Verify: bash scripts/s06-acceptance-run.sh && test -s docs/s06-acceptance-run.md