chore: reset repo confidence blockers

[janhoon]

Summary

• align backend Go/toolchain/security references to Go 1.25.9 and refresh security-local tooling defaults
• fix demo Docker compose Ace service build contexts and production frontend API base behavior
• make the Helm chart fail fast for missing database/JWT secrets, including external DB password placeholder handling
• clean tracked generated/local artifacts, align release/package metadata, and make root progress.txt intentionally tracked
• harden demo/product surfaces by replacing mock/live ambiguity in Home/Services and making setup-required/unsupported panels explicit

Validation

• make backend-lint
• cd backend && go test ./...
• cd frontend && bun run type-check && bun run test && bun run build
• helm lint charts/ace
• helm template ace charts/ace -f charts/ace/values-prod.yaml --set postgresql.auth.password=example-password --set backend.jwt.secret=example-secret --set ingress.hosts[0].host=ace.example.test --set ingress.tls[0].hosts[0]=ace.example.test
• External DB placeholder negative Helm smoke test fails with the expected externalDatabase.password or backend.existingSecret... message
• docker compose -f deploy/docker/demo/docker-compose.yml build ace-backend ace-frontend
• make security-local

[greptile-apps]

Greptile Summary

This chore PR resets several confidence blockers: it hardens the Helm chart with fail-fast secret validation, fixes Docker Compose build contexts, removes mock/hardcoded service data from HomeView and ServicesView in favour of live datasource queries, and annotates stub panel types with explicit supportStatus/emptyState metadata. Infrastructure and frontend changes are consistent and well-tested; one minor test-isolation gap is called out below.

Confidence Score: 5/5

Safe to merge — only a P2 test-isolation finding, no runtime or data-correctness issues.

All changes are well-scoped: Helm validation guards are exercised by the PR's own smoke tests, Docker Compose build-context fixes address the previously flagged nginx/API-base issue, and the frontend mock-removal is backed by new unit tests. The sole finding is a missing afterEach teardown in a test helper.

No files require special attention.

Important Files Changed

Filename	Overview
charts/ace/templates/_helpers.tpl	Adds ace.validateValues and ace.backendSecretName helpers; validates JWT, PostgreSQL password, and external DB placeholder before rendering any chart resources.
charts/ace/templates/secret.yaml	Calls ace.validateValues at the top so Helm fails fast; wraps the whole resource in existingSecret guard. Condition change from password-guard to URL-guard is safe because validateValues catches the null-password case.
charts/ace/templates/backend/deployment.yaml	Adds conditional EXTERNAL_DATABASE_PASSWORD env var before DATABASE_URL so Kubernetes env-var substitution resolves correctly. Refactors repeated existingSecret logic to shared ace.backendSecretName helper.
deploy/docker/demo/docker-compose.yml	Fixes build contexts to repo root; adds explicit VITE_API_URL build arg so the browser reaches the backend container's published port in the demo.
frontend/Dockerfile	Changes default VITE_API_URL to empty string for same-origin production calls; demo compose now supplies the explicit value.
frontend/src/api/base.ts	New module exporting normalizeApiBase helper and API_BASE constant; strips trailing slashes and whitespace, defaulting to empty string for same-origin calls.
frontend/src/api/base.spec.ts	Tests normalizeApiBase and API_BASE initialization. vi.unstubAllEnvs() is inlined rather than in afterEach, so a failing assertion leaks the env stub into later tests.
frontend/src/views/ServicesView.vue	Replaces mock service data with real trace-service discovery. Uses AbortController + run-ID guard to avoid stale updates; handles partial failures with a non-blocking warning banner.
frontend/src/views/HomeView.vue	Replaces hardcoded mock health services with live computed dataSourceSummaries; relabels AI insights as sample-only.
frontend/src/utils/panelRegistry.ts	Adds PanelSupportStatus, PanelEmptyState, and optional supportStatus/emptyState fields to PanelRegistration. Clean additions with no breaking changes.
frontend/src/components/panels/index.ts	Annotates stub panels with supportStatus and emptyState metadata; wires trace_detail dataAdapter to real span mapping from raw.traces.
frontend/vite.config.ts	Adds dev-server proxy rule for /api → localhost:8080 so local bun run dev can call the backend without CORS issues.

Flowchart

%%{init: {'theme': 'neutral'}}%%
flowchart TD
    A[ServicesView mounts] --> B{tracingDatasources\nwatch fires}
    B -- empty sources --> C[Clear services,\nstop loading]
    B -- sources present --> D[Abort previous run\nIncrement discoveryRun\nSet loadingServices=true]
    D --> E[Promise.allSettled\nfetchDataSourceTraceServices\nper source]
    E --> F{signal.aborted or\nstale runId?}
    F -- yes --> G[Discard result silently]
    F -- no --> H{All fulfilled?}
    H -- yes --> I[Set services,\nclear error\nloadingServices=false]
    H -- partial failures --> J[Set services from\nsucceeded sources\nSet partial warning\nloadingServices=false]
    H -- all failed --> K[Clear services\nSet full error\nloadingServices=false]

Loading

_{Reviews (2): Last reviewed commit: "chore: reset repo confidence blockers" | Re-trigger Greptile}

[janhoon]

Follow-up after reviewing PR comments/checks:

• Addressed Greptile's Docker demo API-base concern by setting ace-frontend.build.args.VITE_API_URL: http://localhost:8080 in deploy/docker/demo/docker-compose.yml, preserving the demo's browser-to-backend behavior while keeping the production image default same-origin.
• Fixed the failing Helm Docs check by converting the postgresql.auth.password values description to a helm-docs # -- comment and verified generated charts/ace/README.md is clean.

Local validation for the follow-up:

• helm lint charts/ace
• helm template ace charts/ace -f charts/ace/values-prod.yaml --set postgresql.auth.password=example-password --set backend.jwt.secret=example-secret --set ingress.hosts[0].host=ace.example.test --set ingress.tls[0].hosts[0]=ace.example.test
• downloaded helm-docs v1.14.2 and ran helm-docs --chart-search-root charts --log-level warn && git diff --exit-code charts/ace/README.md
• docker compose -f deploy/docker/demo/docker-compose.yml config
• docker compose -f deploy/docker/demo/docker-compose.yml build ace-frontend

Security checks from the first CI run were green: Dependency Review, CodeQL Go, CodeQL JS/TS, Go Vulnerability Check, and Gitleaks. Checks are re-running for the amended commit.