S135E — Fix ALL Permissions + Smoke Test Report
S135E — Fix ALL Permissions + Smoke Test Report
Date: 2026-03-18 | Agent: Claude CLI
Snapshot Before
| Status | Endpoint |
|---|---|
| 403 | knowledge_documents |
| 403 | knowledge_categories (does not exist) |
| 403 | navigation/main?fields=items.title |
| 200 | meta_catalog, dot_tools, taxonomy, pages, posts, globals, etc. |
Permissions Added
S135D (previous session): 21 collections
meta_catalog, dot_tools, taxonomy, table_registry, workflows, workflow_steps, workflow_change_requests, workflow_categories, workflow_step_relations, modules, agents, checkpoint_types, checkpoint_sets, checkpoint_set_items, entity_dependencies, trigger_registry, task_comments, tasks, system_issues, changelog, v_registry_counts
S135E (this session): 16 collections
knowledge_documents, entity_labels, label_rules, comments, block_columns_rows, block_gallery_files, block_logocloud_logos, block_step_items, block_testimonial_slider_items, block_button, block_button_group, block_library, post_gallery_items, pages_projects, checkpoint_instances, table_proposals
Total: 37 collections restored across S135D+E
Plus 64 that already had public READ = 80+ public READ permissions.
Snapshot After
ALL public-facing endpoints return 200:
- knowledge_documents: 200
- meta_catalog: 200
- dot_tools: 200
- navigation/main: 200 (without nested field expansion)
- Knowledge Hub page: 200, contains Knowledge Hub content
- Registries page: 200, contains CAT- codes
Smoke Test Result
scripts/smoke-test.sh v1.0: ALL 16 CHECKS PASSED
- Infrastructure (3/3): Directus, Agent Data, Nuxt
- Public API (10/10): meta_catalog, dot_tools, taxonomy, ui_pages, pages, knowledge_documents, navigation, globals, forms, posts
- Website (2/2): Knowledge Hub, Registries
- Security (1/1): Public WRITE blocked
verify_counts
19 categories, 0 mismatches. All cross_check = KHOP.
Changes Made
- 16 public READ permissions added to Public Access policy
- smoke-test.sh created in web-test repo (PR #537)
- Operating Rules v4.26: +Smoke Test rule
Navigation Note
navigation/main returns empty items (junction table has no entries for main). This is a pre-existing DATA issue, not permissions. The navigation_navigation_items junction only has footer entries.
Lessons Learned
- Listing collections manually always misses some — use systematic diff
- Smoke test MUST run after ANY VPS change
- Secret rotation affects permissions linkage — always verify public access
- SSR content check needs file-based grep (not pipe) for large HTML responses