feat(ui): ship reachability witnessing shell

docs-archived/implplan/SPRINT_20260307_025_FE_reachability_witnessing_merge.md

@@ -0,0 +1,143 @@
+# Sprint 20260307-025 - Reachability Witnessing Merge
+
+## Topic & Scope
+- Restore witness and proof-of-exposure UX as a deeper part of `Security > Reachability`.
+- Ship fully usable witness and proof flows with working routes, drawers, exports, and cross-links from findings, triage, evidence, and release contexts.
+- Complete the missing functionality so operators can actually inspect, verify, and navigate reachability proof rather than just reach routed placeholders.
+- Working directory: `src/Web/StellaOps.Web/src/app/features/reachability`.
+- Allowed coordination edits: `src/Web/StellaOps.Web/src/app/routes/`, `src/Web/StellaOps.Web/src/app/features/security-risk/`, `src/Web/StellaOps.Web/src/app/features/triage/`, `src/Web/StellaOps.Web/src/app/features/evidence-export/`, `src/Web.StellaOps.Web/src/app/features/release-orchestrator/releases/release-detail/`, `src/Web/StellaOps.Web/src/tests/reachability_center/`, `src/Web/StellaOps.Web/src/tests/security-risk/`, `src/Web/StellaOps.Web/src/tests/triage/`, `src/Web.StellaOps.Web/src/tests/evidence/`, `src/Web.StellaOps.Web/src/tests/releases/`, `src/Web.StellaOps.Web/tests/e2e/`, `docs/modules/ui/reachability-witnessing/`, `docs/features/checked/web/`, and `docs/modules/ui/TASKS.md`.
+- Expected evidence: mounted reachability tabs, working witness detail pages, working PoE drawer/permalink behavior, cross-shell deep links, targeted tests, and updated docs.
+
+## Dependencies & Concurrency
+- Depends on:
+  - `docs/modules/ui/reachability-witnessing/README.md`
+  - `docs/contracts/witness-v1.md`
+  - `docs/architecture/EVIDENCE_PIPELINE_ARCHITECTURE.md`
+  - `src/Web/StellaOps.Web/src/app/features/reachability/reachability-center.component.ts`
+  - `src/Web/StellaOps.Web/src/app/features/reachability/witness-page.component.ts`
+  - `src/Web/StellaOps.Web/src/app/features/reachability/poe-drawer.component.ts`
+  - `src/Web/StellaOps.Web/src/app/routes/security-risk.routes.ts`
+  - `src/Web/StellaOps.Web/src/app/routes/evidence.routes.ts`
+- Safe parallelism:
+  - tab and route contract work should finish before FE implementation begins
+  - witness list/detail and PoE drawer work can proceed in parallel once the route contract is stable
+  - cross-product deep-link work can proceed in parallel with shell implementation
+
+## Documentation Prerequisites
+- `docs/modules/ui/reachability-witnessing/README.md`
+- `docs/modules/ui/contextual-actions-patterns/README.md`
+- `docs/modules/ui/restoration-topics/reachability-witnessing.md`
+- `docs/modules/ui/component-preservation-map/RESTORATION_PRIORITIES.md`
+
+## Delivery Tracker
+
+### FE-RW-001 - Wire reachability witness routes and tabs into the active shell
+Status: DONE
+Dependency: none
+Owners: Product Manager, FE Architect
+Task description:
+- Add the `Coverage`, `Witnesses`, `PoE / Exposure`, and `Sensor Gaps` flows to the active reachability shell.
+- Make the canonical routes and panel behavior work in the live router.
+
+Completion criteria:
+- [x] Reachability remains the canonical owner shell in the live router.
+- [x] Witness and PoE routes are wired and reachable.
+- [x] Tab and panel state work in code, not only in docs.
+
+### FE-RW-002 - Ship the Witnesses list and witness-detail page
+Status: DONE
+Dependency: FE-RW-001
+Owners: Developer, FE Architect
+Task description:
+- Implement the searchable `Witnesses` tab and the full witness detail page using the existing reachability and witness APIs.
+- Ensure the detail page includes path, confidence, related evidence, and export or verify actions.
+
+Completion criteria:
+- [x] Witness listing and filters are usable from the mounted shell.
+- [x] Witness detail renders the required investigation sections.
+- [x] Export and verify actions work from witness detail.
+
+### FE-RW-003 - Ship PoE detail as drawer-first UX with permalink support
+Status: DONE
+Dependency: FE-RW-001
+Owners: Developer, Product Manager
+Task description:
+- Implement proof-of-exposure detail as a contextual drawer by default, with a permalink route for export and audit use cases.
+- Make PoE open from witness detail and other owning workflows without creating a second proof product.
+
+Completion criteria:
+- [x] PoE drawer is usable from witness detail and other entry points.
+- [x] Permalink route works for direct proof access.
+- [x] Operators can inspect proof without leaving the owning workflow unless they choose to.
+
+### FE-RW-004 - Wire findings, triage, evidence, and release deep links
+Status: DONE
+Dependency: FE-RW-002
+Owners: FE Architect, Developer
+Task description:
+- Implement deep links from `Security > Findings`, `Triage > Artifact Workspace`, `Evidence > Verify & Replay`, and release-context decisioning flows.
+- Preserve `returnTo` navigation so witness and PoE inspection does not strand the operator away from the original workflow.
+
+Completion criteria:
+- [x] Findings, triage, evidence, and release entry points open the working reachability UX.
+- [x] `returnTo` behavior preserves the original workflow context.
+- [x] No duplicate witness pages are required outside the reachability shell.
+
+### FE-RW-005 - Complete exports, evidence cards, and proof actions
+Status: DONE
+Dependency: FE-RW-003
+Owners: Developer, Documentation author
+Task description:
+- Implement DOT, Mermaid, replay verify, and evidence-chain actions in witness and PoE detail.
+- Align labels and affordances so exported proof remains understandable across security, evidence, and release workflows.
+
+Completion criteria:
+- [x] Export and verify actions are usable in the shipped UI.
+- [x] Evidence-chain and proof summary cards render in the shipped UI.
+- [x] Terminology is aligned across the related docs and pages.
+
+### FE-RW-006 - Verify, document, and cut over the feature
+Status: DONE
+Dependency: FE-RW-004
+Owners: QA, Documentation author
+Task description:
+- Add Playwright scenarios for the reachability shell, witness detail, PoE drawer, export actions, and cross-shell deep links.
+- Update reachability and evidence docs so this ships as a usable feature, not a documented merge target only.
+
+Completion criteria:
+- [x] UI verification covers shell tabs, witness detail, and PoE detail.
+- [x] Cross-shell deep links and proof actions are included in verification.
+- [x] Docs reflect the mounted and usable feature.
+
+## Execution Log
+| Date (UTC) | Update | Owner |
+| --- | --- | --- |
+| 2026-03-07 | Sprint created to ship witness and proof-of-exposure UX as deeper reachability functionality with reusable witness detail pages and PoE drawers across security, triage, evidence, and release flows. | Project Manager |
+| 2026-03-07 | Implementation started. Freezing one routed reachability shell with `Coverage`, `Witnesses`, `PoE / Exposure`, and `Sensor Gaps`, plus a full witness detail page and drawer-first PoE permalink flow. | Developer |
+| 2026-03-07 | Shipped canonical `Security > Reachability` routes for `coverage`, `witnesses`, `poe`, and `gaps`; replaced the placeholder witness page with a live detail view; and wired return-to-context handoffs from findings, triage, evidence replay, and release detail. | Developer |
+| 2026-03-07 | Added targeted Angular verification for reachability shell routing, witness detail, findings/triage/evidence/release handoffs, and ran `npx ng test --watch=false` against the seven reachability-focused spec files: 56 tests passed. | QA |
+| 2026-03-07 | Added Playwright behavioral coverage for witness detail and PoE flows plus Verify & Replay handoff via `npx playwright test tests/e2e/reachability-witnessing.spec.ts --workers=1`: 2 tests passed. | QA |
+| 2026-03-07 | Synced the reachability dossier, checked-feature note, task board, and archived the sprint after implementation and verification completed. | Documentation author |
+
+## Decisions & Risks
+- Decision: `Security > Reachability` remains the owner shell for witness and proof UX.
+- Decision: witness detail is a full page; PoE is a drawer first and a permalink route second.
+- Decision: findings, triage, evidence replay, and release detail now deep-link to the same canonical reachability route family instead of owning parallel proof views.
+- Decision: witness loading falls back to deterministic fixtures when the witness API is unavailable so the shell remains inspectable offline and in failing environments.
+- Risk: evidence and release teams may create parallel proof views during implementation.
+- Mitigation: freeze deep-link and return-to-context rules before FE work begins.
+- Risk: proof terminology may drift between reachability, evidence, and decisioning docs.
+- Mitigation: align labels and actions to the reachability UX dossier before implementation starts.
+- Evidence:
+  - `docs/modules/ui/reachability-witnessing/README.md`
+  - `docs/features/checked/web/reachability-witnessing-ui.md`
+  - `src/Web/StellaOps.Web/src/tests/reachability_center/reachability-center.component.spec.ts`
+  - `src/Web/StellaOps.Web/src/tests/reachability_center/witness-page.component.spec.ts`
+  - `src/Web/StellaOps.Web/src/tests/security-risk/finding-detail-page-reachability-handoff.spec.ts`
+  - `src/Web/StellaOps.Web/src/tests/evidence/replay-controls-reachability-handoff.spec.ts`
+  - `src/Web/StellaOps.Web/tests/e2e/reachability-witnessing.spec.ts`
+- Delivery rule: this sprint is only complete when witness and PoE flows are mounted, usable from their primary and secondary entry points, and verified end to end.
+- Reference design note: `docs/modules/ui/reachability-witnessing/README.md`.
+
+## Next Checkpoints
+- 2026-03-07: archived after delivery, verification, and docs sync completed.