Catalogue front-end source authority (frontend-0.1.1)

.config/nextest.toml

@@ -19,6 +19,8 @@ max-threads = 1
 filter = """
   binary(diesel_user_repository)
   | binary(diesel_user_preferences_repository)
+  | binary(diesel_login_users_adapters)
+  | binary(diesel_profile_interests_adapters)
   | binary(diesel_route_annotation_repository)
   | binary(diesel_example_data_runs_repository)
   | binary(er_snapshots_bdd)
@@ -29,9 +31,18 @@ filter = """
   | binary(catalogue_descriptor_ingestion_bdd)
   | binary(catalogue_descriptor_read_models_bdd)
   | binary(offline_bundle_walk_session_bdd)
+  | binary(osm_ingestion_bdd)
+  | binary(overpass_enrichment_bdd)
   | binary(ports_behaviour)
   | binary(pg_embed_isolation)
+  | binary(route_queue_apalis_bdd)
   | binary(schema_baseline_bdd)
+  | binary(startup_mode_composition_bdd)
+  | binary(user_interests_revision_conflicts_bdd)
+  | binary(user_state_profile_interests_startup_modes_bdd)
+  | binary(user_state_schema_audit_bdd)
+  | binary(user_state_startup_modes_bdd)
+  | binary(users_list_pagination_bdd)
 """
 test-group = "pg-embed"
 threads-required = 4

.github/workflows/ci.yml

@@ -138,10 +138,17 @@ jobs:
           path: |
             ~/.cargo/registry
             ~/.cargo/git
-            ~/.theseus/postgresql
             target
           key: ${{ runner.os }}-cargo-${{ hashFiles('**/Cargo.lock') }}
           restore-keys: ${{ runner.os }}-cargo-
+      - name: Cache PostgreSQL embedded binaries
+        uses: ubicloud/cache@v4
+        with:
+          path: |
+            ~/.theseus/postgresql
+            ~/.cache/pg-embedded/binaries
+          key: ${{ runner.os }}-pg-embedded-${{ hashFiles('**/Cargo.lock') }}
+          restore-keys: ${{ runner.os }}-pg-embedded-
       - name: Rust build
         run: cargo check --locked --manifest-path backend/Cargo.toml --all-targets --all-features
       - name: Rust fmt check
@@ -168,6 +175,16 @@ jobs:
         run: |
           make prepare-pg-worker
 
+      - name: Warm PostgreSQL embedded binary cache
+        env:
+          # Increase GitHub API rate limits for postgresql_embedded downloads.
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          # Pin the embedded PostgreSQL version so postgresql_archive skips release-listing queries.
+          # Use the semver "exact" prefix so no wildcard resolution is attempted.
+          POSTGRESQL_VERSION: "=16.10.0"
+          POSTGRESQL_RELEASES_URL: https://github.com/theseus-rs/postgresql-binaries/releases
+        run: bash scripts/warm-pg-embedded-cache.sh
+
       - name: Rust tests
         env:
           # Increase GitHub API rate limits for postgresql_embedded downloads.
@@ -179,6 +196,8 @@ jobs:
           PG_TEST_BACKEND: postgresql_embedded
           # Root-path bootstrap requires the worker binary for privilege demotion.
           PG_EMBEDDED_WORKER: ${{ github.workspace }}/target/pg_worker
+          # Match the repository Makefile and avoid concurrent first-use cluster bootstrap.
+          NEXTEST_TEST_THREADS: "1"
         run: |
           # Clean stale pg-embed directories that may conflict with new runs.
           find target/ -maxdepth 1 -type d -name 'pg-embed-*' -exec rm -rf {} + 2>/dev/null || true

Makefile

@@ -158,7 +158,7 @@ lint-actions:
 
 PG_WORKER_PATH ?= $(CURDIR)/target/pg_worker
 PG_WORKER_INSTALL_ROOT ?= $(CURDIR)/target/pg-worker-root
-PG_EMBED_SETUP_UNPRIV_VERSION ?= 0.5.0
+PG_EMBED_SETUP_UNPRIV_VERSION ?= 0.5.1
 NEXTEST_TEST_THREADS ?= 1
 
 test: test-rust test-frontend

backend/Cargo.toml

@@ -23,7 +23,7 @@ clap = { version = "4", features = ["derive"] }
 async-trait = "0.1.89"
 color-eyre = "0.6.5"
 pg_embedded_setup_unpriv = { package = "pg-embed-setup-unpriv", version = "0.5.1" }
-postgresql_embedded = { version = "0.20.0", features = ["tokio"] }
+postgresql_embedded = { version = "0.20.2", features = ["tokio"] }
 postgres = { version = "0.19.12", features = ["with-uuid-1"] }
 paste = "1.0.15"
 thiserror = "2.0.17"

backend/tests/support/atexit_cleanup.rs

@@ -160,6 +160,19 @@ fn ensure_stable_password() {
             std::env::set_var("PG_PASSWORD", "wildside_embedded_test");
         }
     }
+    if std::env::var_os("POSTGRESQL_RELEASES_URL").is_none() {
+        // Pin to Theseus binaries to avoid transient fetch failures in CI that
+        // reqwest misreports as "error decoding response body".
+        // SAFETY: called before the library spawns any threads. The shared-
+        // cluster singleton serialises access with a Mutex, so this runs at
+        // most once per process.
+        unsafe {
+            std::env::set_var(
+                "POSTGRESQL_RELEASES_URL",
+                "https://github.com/theseus-rs/postgresql-binaries/releases",
+            );
+        }
+    }
 }
 
 /// Reads the postmaster PID from the `postmaster.pid` file in `data_dir`.
@@ -287,13 +300,39 @@ mod tests {
 
     #[test]
     fn ensure_stable_password_does_not_overwrite_existing_value() {
-        let _guard = env_lock::lock_env([("PG_PASSWORD", Some("custom_value"))]);
+        let _guard = env_lock::lock_env([
+            ("PG_PASSWORD", Some("custom_value")),
+            (
+                "POSTGRESQL_RELEASES_URL",
+                Some("https://example.invalid/postgresql-binaries"),
+            ),
+        ]);
         super::ensure_stable_password();
         assert_eq!(
             std::env::var("PG_PASSWORD").expect("PG_PASSWORD should be set"),
             "custom_value",
             "ensure_stable_password should not overwrite an existing PG_PASSWORD"
         );
+        assert_eq!(
+            std::env::var("POSTGRESQL_RELEASES_URL")
+                .expect("POSTGRESQL_RELEASES_URL should be set"),
+            "https://example.invalid/postgresql-binaries",
+            "ensure_stable_password should not overwrite an existing release URL"
+        );
+    }
+
+    #[test]
+    fn ensure_stable_password_sets_release_url_when_missing() {
+        let _guard = env_lock::lock_env([
+            ("PG_PASSWORD", Some("custom_value")),
+            ("POSTGRESQL_RELEASES_URL", None),
+        ]);
+        super::ensure_stable_password();
+        assert_eq!(
+            std::env::var("POSTGRESQL_RELEASES_URL")
+                .expect("POSTGRESQL_RELEASES_URL should be set"),
+            "https://github.com/theseus-rs/postgresql-binaries/releases"
+        );
     }
 
     #[test]

docs/contents.md

@@ -27,6 +27,9 @@
 - [Wildside front-end roadmap](frontend-roadmap.md) – GIST-aligned
   implementation roadmap for the Progressive Web Application (PWA) front-end.
   _Audience: frontend developers and project planners._
+- [Front-end source authority catalogue](frontend-source-authority-catalogue.md)
+  – ownership map for front-end requirements and reconciliation follow-ups.
+  _Audience: frontend developers, reviewers, and project planners._
 - [Pure, accessible, and localizable React components](pure-accessible-and-localizable-react-components.md)
   – building accessible, localizable components with Radix, TanStack, and
   DaisyUI. _Audience: frontend developers._

docs/developers-guide.md

@@ -37,6 +37,10 @@ decisions that have not yet been implemented.
 
 Canonical front-end references:
 
+- [Front-end source authority catalogue](frontend-source-authority-catalogue.md)
+  identifies the authoritative source or reconciliation follow-up for each
+  front-end platform, data, user experience, API, styling, accessibility,
+  localization, and testing topic.
 - [v2a front-end stack](v2a-front-end-stack.md) documents the current package
   state and the target v2a stack boundary.
 - [Wildside front-end roadmap](frontend-roadmap.md) is the implementation task
@@ -86,7 +90,7 @@ Run front-end commands through workspace or Makefile targets unless debugging a
 package-local failure:
 
 ```bash
-make build-frontend
+make fe-build
 make test-frontend
 make lint-frontend
 make typecheck
@@ -227,6 +231,45 @@ test usage remains coherent:
 - Use `CleanupMode::None` only for explicit debugging sessions where retained
   files are required; keep deterministic cleanup defaults for normal runs.
 
+### Embedded PostgreSQL CI bootstrap stability
+
+Continuous Integration (CI) warms the `pg-embed-setup-unpriv` binary cache with
+`scripts/warm-pg-embedded-cache.sh` before running `cargo nextest`. Keep this
+warm-up step before `Rust tests`; it turns PostgreSQL binary acquisition into a
+short, explicit CI step instead of letting the first integration test perform a
+cold download inside `postgresql_embedded::setup()`.
+
+The CI cache step must include both binary-cache locations used by the two
+embedded PostgreSQL layers:
+
+- `~/.theseus/postgresql` for `postgresql_embedded` runtime installations.
+- `~/.cache/pg-embedded/binaries` for `pg-embed-setup-unpriv` release archives.
+
+Do not co-locate those paths inside the Cargo registry/cache archive. Cargo
+dependency updates and `Cargo.lock` churn otherwise evict the PostgreSQL
+binary cache and force a fresh download during unrelated test changes.
+
+The warm-up step pins:
+
+- `POSTGRESQL_VERSION="=16.10.0"` so archive resolution does not need wildcard
+  release discovery.
+- `POSTGRESQL_RELEASES_URL=https://github.com/theseus-rs/postgresql-binaries/releases`
+  so the binary source cannot drift when crate defaults change.
+- `GITHUB_TOKEN` so GitHub release requests use the Actions token and avoid
+  anonymous rate limits.
+
+Keep PostgreSQL-backed nextest binaries in the `pg-embedded` test group in
+`.config/nextest.toml`, and keep that group serialised. First-use cluster
+bootstrap is process-local and expensive; serial execution avoids concurrent
+setup attempts competing for the same warmed cache, filesystem paths, and
+worker process.
+
+If CI reports `error decoding response body`, treat it as a likely download
+stall or timeout from `reqwest` rather than as JSON/body corruption. Check the
+`Cache PostgreSQL embedded binaries` and `Warm PostgreSQL embedded binary
+cache` steps first, then verify that the `Rust tests` step is still exporting
+`PG_EMBEDDED_WORKER`, `GITHUB_TOKEN`, and `NEXTEST_TEST_THREADS=1`.
+
 ## Rust behavioural tests with `rstest-bdd` v0.5.0
 
 ### Dependency contract
@@ -467,26 +510,15 @@ Related domain helpers:
 - `RouteCacheKeyDerivationError` reports `Hash` and `Validation` failures from
   key derivation.
 
-### Test infrastructure
-
-The Redis adapter test suite uses a dual-mode approach:
-
-**Mock-based unit tests** (run by default):
-
-- Located in `backend/src/outbound/cache/tests/mock_tests.rs`
-- Use `FakeProvider` – an in-memory `ConnectionProvider` double
-- Fast, deterministic, no external dependencies
-- Run as part of the standard `cargo test` / `make test` gate
+#### Test infrastructure
 
-**Live Redis integration tests** (opt-in):
+- `pg-embedded-setup-unpriv` – Embedded PostgreSQL cluster for BDD tests
+- No feature flags required; BDD tests are in the `tests/` integration
+  harness and run unconditionally with `cargo test`
 
-- Located in `backend/src/outbound/cache/tests/live_tests.rs`
-- Require a `redis-server` binary on `PATH`
-- Marked with `#[ignore = "requires redis-server binary..."]`
-- Run explicitly with: `cargo test -- --ignored`
-- Behavioural coverage for route-key canonicalization lives in
-  `backend/tests/route_cache_key_canonicalization_bdd.rs`.
+To run BDD tests locally:
 
+```bash
 ### RedisTestServer harness
 
 Integration tests use `RedisTestServer` from `backend/src/test_support/redis.rs`:
@@ -520,17 +552,19 @@ The cache adapter requires:
 
 #### Production dependencies
 
-- `bb8-redis` – Connection pooling for `redis-rs`
-- `serde` / `serde_json` – Payload serialization
+- `apalis-core` – Core Apalis job-queue primitives
+- `apalis-postgres` – PostgreSQL storage backend for Apalis
+- `sqlx` (features: `postgres`, `runtime-tokio-rustls`) – Async PostgreSQL
+  pool used by `ApalisPostgresProvider`
+- `serde` / `serde_json` – Payload serialisation
 
 #### Test infrastructure
 
-- `test-support` feature flag – Enables `RedisRouteCache::new()` constructor
-  and `RedisTestServer::pool()` for test injection
-- `redis-server` binary – Required for live integration tests (not for unit
-tests using `FakeProvider`)
+- `pg-embedded-setup-unpriv` – Embedded PostgreSQL cluster for BDD tests
+- No feature flags required; BDD tests are in the `tests/` integration
+  harness and run unconditionally with `cargo test`
 
-To run live Redis tests locally:
+To run BDD tests locally:
 
 ```bash
 # Ensure redis-server is available