docs: project docs, scripts, deployment configs, and evidence

docs/evidence/ops/2026-03-28/quality/COVERAGE_REMEDIATION_20260328-075725.md

@@ -0,0 +1,70 @@
+# 2026-03-28 Q-004 Coverage Remediation Pass 8
+
+## Scope
+
+- Continue strict `Q-004` closure work after Pass 7.
+- Fully close the remaining `AuthProvider` frontend provider cluster before moving to the next task.
+- Re-verify that closure through targeted tests plus full frontend validation.
+
+## Changes
+
+### Frontend
+
+- Expanded provider behavior coverage in:
+  - `frontend/admin/src/app/providers/AuthProvider.test.tsx`
+- Newly covered behavior includes:
+  - reusing an already-authenticated in-memory session when the access token is still valid
+  - authenticated-but-missing-user fallback when no backend session cookie exists
+  - refresh-session success with role lookup success
+  - refresh-session success with role lookup failure returning an empty role set
+  - refresh-session failure cleanup
+  - `onLoginSuccess` token persistence, user persistence, role persistence, and CSRF bootstrap
+  - `refreshUser` success and error-logging branches
+  - `logout` success and failure cleanup branches, including navigation to `/login`
+
+### Backend
+
+- No backend code changes were required in this pass.
+
+## Verified Commands
+
+```powershell
+cd D:\project\frontend\admin
+npm.cmd run test:run -- src/app/providers/AuthProvider.test.tsx
+npm.cmd run lint
+npm.cmd run build
+npm.cmd run test:coverage
+```
+
+## Results
+
+### Frontend coverage
+
+- Overall:
+  - statements `76.00%`
+  - branches `63.91%`
+  - functions `75.07%`
+  - lines `76.84%`
+- Target areas:
+  - `src/app/providers`: statements `96.38%`, branches `93.75%`
+  - `src/app/providers/AuthProvider.tsx`: statements `100%`, branches `100%`, functions `100%`, lines `100%`
+  - `src/pages/auth/LoginPage/LoginPage.tsx`: statements `47.93%`, branches `63.63%`
+  - `src/pages/auth/RegisterPage/RegisterPage.tsx`: statements `77.63%`, branches `60.65%`
+  - `src/pages/admin/ProfileSecurityPage/ProfileSecurityPage.tsx`: statements `70.17%`, branches `48.97%`
+
+## Validation Notes
+
+- Frontend full coverage now completes with `41` passing test files and `141` passing tests.
+- The successful frontend coverage run still emits one post-summary jsdom `AggregateError` network-noise line.
+  - It does not fail the command.
+  - It remains a real validation-hygiene issue and should continue to be tracked honestly.
+
+## Real Conclusion
+
+- `AuthProvider` is no longer an open `Q-004` gap.
+- `Q-004` still cannot be honestly declared closed.
+- The remaining highest-value frontend gaps are now more concentrated in:
+  - `LoginPage`
+  - `RegisterPage`
+  - deeper remaining `ProfileSecurityPage` branches
+  - `lib/http`