Background
site-config/hca-dcp/dev and site-config/hca-dcp/cc-ma-dev are no longer in use as deployed environments. Their content is still imported by other configs and runtime code, which keeps them around but makes the relationship confusing:
hca-dcp/dev/config.ts is the home of makeConfig, which is imported by hca-dcp/ma-dev, hca-dcp/ma-prod, hca-dcp/prod, and hca-dcp/cc-ma-dev for the base config factory.hca-dcp/cc-ma-dev/config.ts is the home of makeManagedAccessConfig, which is imported by hca-dcp/ma-dev and hca-dcp/ma-prod to layer in authentication, the managed-access category-group config, the auth-enabled header, and the managed-access entities/export overrides.hca-dcp/dev/ content (export, detail, index, etc.) is also imported across lungmap/dev/* (5 files) and a couple of app/viewModelBuilders/azul/hca-dcp/common/* files plus app/config/config.ts.
Currently prod builds without the managed-access overlay, so it doesn't pick up the auth wiring that ma-dev/ma-prod get from makeManagedAccessConfig.
Goal
Consolidate the actively-deployed HCA DCP env hierarchy onto ma-dev and ma-prod (the actual UCSC-hosted deployments), so deprecated dev and cc-ma-dev are no longer the home of shared code.
Scope
- Move
makeConfig from hca-dcp/dev/config.ts into hca-dcp/ma-dev/config.ts so prod (and ma-prod) import it from the actually-deployed dev env.
- Fold
makeManagedAccessConfig (currently in cc-ma-dev/config.ts) into hca-dcp/ma-dev/config.ts. Verify the new ma-dev makeConfig flow includes all the fields that the managed-access function currently adds — specifically the authentication wiring (auth providers + services, authenticationEnabled on header, managed-access category-group config, managed-access entities config, managed-access export overrides). It's load-bearing for ma-dev / ma-prod; do not drop fields silently.
- Update all importers of
hca-dcp/dev/* and hca-dcp/cc-ma-dev/* to point at the new locations under ma-dev. Known consumers:
site-config/hca-dcp/ma-dev/config.tssite-config/hca-dcp/ma-prod/config.tssite-config/hca-dcp/prod/config.tssite-config/lungmap/dev/* (5 files) — re-pointed at the new homeapp/viewModelBuilders/azul/hca-dcp/common/viewModelBuilders.tsapp/viewModelBuilders/azul/hca-dcp/common/projectMapper/projectEdits/projectEdits.tsapp/config/config.ts
- Decide what to do with
hca-dcp/dev/ and hca-dcp/cc-ma-dev/ directories once the shared code has moved — delete entirely, or leave shells in place if some content (e.g. hca-dcp/dev/scripts/get-cellxgene-projects.ts) still needs a home.
Out of scope
- Behaviour changes to the deployed envs (
ma-dev, ma-prod, prod) — this is a pure code-organisation refactor.
- Lungmap restructuring beyond updating import paths to follow the moved code.
- Whether
prod should pick up the managed-access overlay (separate question; today it doesn't, and that's preserved).
Verification
npm run build-dev:hca-dcp, build-cc-ma-dev:hca-dcp, build-ma-dev:hca-dcp, build-ma-prod:hca-dcp, build-prod:hca-dcp, build-dev:lungmap, build-prod:lungmap all succeed.npm run lint and tsc --noEmit clean.- Login still works on
ma-dev (the authorization code flow path) and ma-prod (implicit flow) — auth fields didn't get dropped in the move.
- Visual smoke against the deployed
ma-dev / ma-prod confirms no regressions in managed-access entity views.
Background
site-config/hca-dcp/devandsite-config/hca-dcp/cc-ma-devare no longer in use as deployed environments. Their content is still imported by other configs and runtime code, which keeps them around but makes the relationship confusing:hca-dcp/dev/config.tsis the home ofmakeConfig, which is imported byhca-dcp/ma-dev,hca-dcp/ma-prod,hca-dcp/prod, andhca-dcp/cc-ma-devfor the base config factory.hca-dcp/cc-ma-dev/config.tsis the home ofmakeManagedAccessConfig, which is imported byhca-dcp/ma-devandhca-dcp/ma-prodto layer in authentication, the managed-access category-group config, the auth-enabled header, and the managed-access entities/export overrides.hca-dcp/dev/content (export, detail, index, etc.) is also imported acrosslungmap/dev/*(5 files) and a couple ofapp/viewModelBuilders/azul/hca-dcp/common/*files plusapp/config/config.ts.Currently
prodbuilds without the managed-access overlay, so it doesn't pick up the auth wiring thatma-dev/ma-prodget frommakeManagedAccessConfig.Goal
Consolidate the actively-deployed HCA DCP env hierarchy onto
ma-devandma-prod(the actual UCSC-hosted deployments), so deprecateddevandcc-ma-devare no longer the home of shared code.Scope
makeConfigfromhca-dcp/dev/config.tsintohca-dcp/ma-dev/config.tssoprod(andma-prod) import it from the actually-deployed dev env.makeManagedAccessConfig(currently incc-ma-dev/config.ts) intohca-dcp/ma-dev/config.ts. Verify the newma-devmakeConfigflow includes all the fields that the managed-access function currently adds — specifically the authentication wiring (auth providers + services,authenticationEnabledon header, managed-access category-group config, managed-access entities config, managed-access export overrides). It's load-bearing forma-dev/ma-prod; do not drop fields silently.hca-dcp/dev/*andhca-dcp/cc-ma-dev/*to point at the new locations underma-dev. Known consumers:site-config/hca-dcp/ma-dev/config.tssite-config/hca-dcp/ma-prod/config.tssite-config/hca-dcp/prod/config.tssite-config/lungmap/dev/*(5 files) — re-pointed at the new homeapp/viewModelBuilders/azul/hca-dcp/common/viewModelBuilders.tsapp/viewModelBuilders/azul/hca-dcp/common/projectMapper/projectEdits/projectEdits.tsapp/config/config.tshca-dcp/dev/andhca-dcp/cc-ma-dev/directories once the shared code has moved — delete entirely, or leave shells in place if some content (e.g.hca-dcp/dev/scripts/get-cellxgene-projects.ts) still needs a home.Out of scope
ma-dev,ma-prod,prod) — this is a pure code-organisation refactor.prodshould pick up the managed-access overlay (separate question; today it doesn't, and that's preserved).Verification
npm run build-dev:hca-dcp,build-cc-ma-dev:hca-dcp,build-ma-dev:hca-dcp,build-ma-prod:hca-dcp,build-prod:hca-dcp,build-dev:lungmap,build-prod:lungmapall succeed.npm run lintandtsc --noEmitclean.ma-dev(the authorization code flow path) andma-prod(implicit flow) — auth fields didn't get dropped in the move.ma-dev/ma-prodconfirms no regressions in managed-access entity views.