# Deploy Report — Cycle 9 (AZ-1074 + AZ-1075)

**Date**: 2026-06-25
**Cycle**: 9
**Scope**: gRPC RouteTileDelivery streaming service (AZ-1074) + integration test coverage (AZ-1075).

## What is shipping

### Code changes (uncommitted on `dev` at report time)

| Area | Change |
|------|--------|
| `SatelliteProvider.GrpcContracts/` | New shared project — `tile_provision.proto`, GrpcServices=Both |
| `SatelliteProvider.Api/Grpc/RouteTileDeliveryGrpcService.cs` | `[Authorize]` streaming RPC; generic internal error to client |
| `SatelliteProvider.Api/Program.cs` | `AddGrpc` (16 MiB recv / 64 MiB send); `MapGrpcService` after auth |
| `RouteTileDeliveryOrchestrator` | Collection caps (500/50/5000); lat/lon validation |
| Integration tests | `RouteTileDeliveryGrpcTests`, `GrpcTestHelpers`; standalone `docker-compose.tests.yml` |
| Docs / security | Cycle-9 module docs, traceability, security reports + hardening |

### Database migrations

**None.**

### Configuration changes

| Setting | Change |
|---------|--------|
| New env vars | **None** — gRPC uses existing JWT auth |
| `docker-compose.tests.yml` | Self-contained test stack (no host port publish) |
| Container image | Same base `mcr.microsoft.com/dotnet/aspnet:10.0`; Dockerfile copies GrpcContracts |

### Contract changes (consumer-visible)

| Contract | Change | Consumer action |
|----------|--------|-----------------|
| gRPC `RouteTileDelivery.DeliverRouteTiles` | **New** — server-streaming tile delivery | Clients import `SatelliteProvider.GrpcContracts`; Bearer/metadata auth required |
| REST endpoints | Unchanged wire shape | No action |

## Verification gates passed in this cycle

| Gate | Result | Evidence |
|------|--------|----------|
| Step 11 — Functional tests | **PASS** | 448 unit + integration exit 0 (`scripts/run-tests.sh --full`) |
| Step 12 — Test-Spec Sync | **PASS** | BT-32 gRPC scenarios; traceability matrix updated |
| Step 13 — Update Docs | **PASS** | `api_program.md`, `tests_integration.md`, `module-layout.md`, ripple log |
| Step 14 — Security Audit | **PASS** (delta) | `security_report_cycle9.md`; F-AZ1074-1/2 resolved in follow-up |
| Step 15 — Performance Test | **PASS** | `perf_2026-06-25_cycle9.md` — 8/8 REST scenarios, exit 0 |

## Outstanding carry-overs (unchanged)

- F-AZ795-1, F-AZ795-2 — REST error message sanitization
- D-AZ795-1 — FluentValidation 12.0.0 → 12.1.1
- D2-cy4 — test SDK transitive advisory

## Operator runbook

1. **Commit and push** cycle-9 changes to `origin/dev`; confirm Woodpecker `01-test` green.
2. **No migration** — deploy new image only.
3. **Smoke-test** after deploy:
   - REST: existing endpoints (401 without JWT, 200 with JWT)
   - gRPC: `DeliverRouteTiles` with valid JWT — expect manifest + tile chunks or InvalidArgument on bad input
4. **Ingress**: ensure HTTP/2 (gRPC) is forwarded if clients connect through ingress; dev stack uses TLS on 18980.

## Recommended follow-up PBIs

| Estimate | Title |
|----------|-------|
| 3 SP | PT-10 gRPC stream latency / backpressure perf scenario |
| 2 SP | REST error sanitizer pass (F-AZ795-1/2) |
| 1 SP | FluentValidation 12.0.0 → 12.1.1 (D-AZ795-1) |
| 1 SP | Document postgres port conflict workaround for parallel dev stacks |

**Verdict**: Cleared for Step 16.5 (Release) pending operator commit/push and environment selection.