feat(ui): ship reachability witnessing shell
This commit is contained in:
master
@@ -1,5 +1,9 @@
|
||||
# Reachability Witnessing
|
||||
|
||||
**Status:** Implemented
|
||||
**Owner shell:** `Security > Reachability`
|
||||
**Canonical routes:** `/security/reachability/coverage`, `/security/reachability/witnesses`, `/security/reachability/witnesses/:witnessId`, `/security/reachability/poe`, `/security/reachability/poe/:artifactId`, `/security/reachability/gaps`
|
||||
|
||||
## Recommendation
|
||||
|
||||
Restore witness and proof-of-exposure UX as a deeper part of `Security > Reachability`, not as a standalone product.
|
||||
@@ -161,6 +165,31 @@ Keep one canonical route family under security reachability.
|
||||
- `Decisioning Studio` or `Releases`
|
||||
- open witness and proof for gate verdict explanation
|
||||
|
||||
## Shipped Behavior
|
||||
|
||||
### Mounted shell
|
||||
- `Coverage` remains the default entry and keeps the fleet posture summary.
|
||||
- `Witnesses` ships a searchable, filterable list with confidence and verdict filters.
|
||||
- `PoE / Exposure` keeps drawer-first inspection and supports direct permalink routes for export and audit use.
|
||||
- `Sensor Gaps` stays inside the same shell rather than fragmenting into a separate product.
|
||||
|
||||
### Witness detail
|
||||
- Loads the requested witness from the witness API when available.
|
||||
- Falls back to deterministic reachability fixtures when the backend is unavailable.
|
||||
- Ships call-path, gate, caveat, evidence-chain, runtime-observation, and related-context sections.
|
||||
- Supports verify, JSON export, DOT export, Mermaid export, and PoE drill-in actions.
|
||||
|
||||
### Proof-of-exposure detail
|
||||
- Opens by default as a contextual drawer from witness or shell entry points.
|
||||
- Supports direct navigation through `/security/reachability/poe/:artifactId`.
|
||||
- Preserves operator context with `returnTo` when launched from findings, triage, evidence replay, or release detail.
|
||||
|
||||
### Cross-product handoffs
|
||||
- `Security > Findings` links into canonical witness routes instead of owning a second proof view.
|
||||
- `Triage > Artifact Workspace` restores the selected finding and tab when returning from reachability.
|
||||
- `Evidence > Verify & Replay` links the current request into reachability proof review.
|
||||
- `Releases > Detail` links release-gate investigation into reachability without branching to a parallel shell.
|
||||
|
||||
## UI Standards For Implementation
|
||||
|
||||
- Keep witness detail as the canonical deep-link target.
|
||||
@@ -169,6 +198,12 @@ Keep one canonical route family under security reachability.
|
||||
- Reuse evidence cards and path visualizations across security, evidence, and release entry points.
|
||||
- Keep graph and proof loading deterministic and evidence-first.
|
||||
|
||||
## Verification Status
|
||||
|
||||
- Angular verification: targeted route, witness-detail, handoff, and release-context tests passed on 2026-03-07.
|
||||
- Playwright verification: witness detail, PoE drawer/permalink, and Verify & Replay handoff passed on 2026-03-07.
|
||||
- Checked feature note: `docs/features/checked/web/reachability-witnessing-ui.md`
|
||||
|
||||
## Non-Goals
|
||||
|
||||
- Do not create a top-level `Witnessing` product.
|
||||
|
||||
Reference in New Issue
Block a user