stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity

doctor enhancements, setup, enhancements, ui functionality and design consolidation and , test projects fixes , product advisory attestation/rekor and delta verfications enhancements

Browse Source
This commit is contained in:
master
2026-01-19 09:02:59 +02:00
parent 8c4bf54aed
commit 17419ba7c4
809 changed files with 170738 additions and 12244 deletions
Download Patch File Download Diff File Expand all files Collapse all files

216
docs/ui-analysis/01_SHELL_AND_NAVIGATION.md Normal file
View File

@@ -0,0 +1,216 @@
# Stella Ops UI Structure - Part 1: Shell & Navigation
## Technology Stack
- **Framework**: Angular 17+ (standalone components, signals)
- **Routing**: Angular Router with lazy-loaded modules
- **Styling**: SCSS
- **Architecture**: Feature-based module organization under `src/app/features/`
- **Location**: `src/Web/StellaOps.Web/`
---
## 1. MAIN SHELL & HEADER
```
┌─────────────────────────────────────────────────────────────────────────────────┐
│ [QUICKSTART BANNER - visible only in demo/offline mode] │
├─────────────────────────────────────────────────────────────────────────────────┤
│ ┌─────────────┐ ┌─────────────────────────────────────────┐ ┌────────────────┐ │
│ │ StellaOps │ │ HOME│ANALYZE│TRIAGE│POLICY│OPS│NOTIFY│ │ Fresh Auth │ │
│ │ Dashboard │ │ │ADMIN │ │ Tenant: xxx │ │
│ │ (brand) │ │ │ │ [User Menu ▼] │ │
│ └─────────────┘ └─────────────────────────────────────────┘ └────────────────┘ │
├─────────────────────────────────────────────────────────────────────────────────┤
│ [BREADCRUMB: Dashboard > Section > Subsection] │
├─────────────────────────────────────────────────────────────────────────────────┤
│ │
│ ┌─────────────────────────────────┐ │
│ │ <router-outlet /> │ │
│ │ (Page Content) │ │
│ └─────────────────────────────────┘ │
│ │
└─────────────────────────────────────────────────────────────────────────────────┘
┌─────────────────────┼─────────────────────┐
▼ ▼ ▼
[Command Palette] [Toast Container] [Keyboard Shortcuts]
```
### Shell Components (from app.component.html)
- `app-navigation-menu` - Main navigation
- `app-user-menu` - User dropdown
- `app-breadcrumb` - Breadcrumb navigation
- `app-command-palette` - Command palette (keyboard shortcut access)
- `app-toast-container` - Toast notifications
- `app-keyboard-shortcuts` - Keyboard shortcut handler
---
## 2. NAVIGATION MENU STRUCTURE
Source: `src/app/core/navigation/navigation.config.ts`
```
┌──────────────────────────────────────────────────────────────────────────────┐
│ MAIN NAVIGATION │
├──────────────────────────────────────────────────────────────────────────────┤
│ │
│ ┌──────────┐ ┌──────────┐ ┌──────────┐ ┌──────────┐ ┌──────────┐ │
│ │ HOME │ │ ANALYZE │ │ TRIAGE │ │ POLICY │ │ OPS │ │
│ │ [icon] │ │ [icon] ▼ │ │ [icon] ▼ │ │ [icon] ▼ │ │ [icon] ▼ │ │
│ └────┬─────┘ └────┬─────┘ └────┬─────┘ └────┬─────┘ └────┬─────┘ │
│ │ │ │ │ │ │
│ ┌────▼─────┐ ┌────▼───────────────────┐ ┌────▼──────────┐ ┌─▼────────────┐│
│ │Dashboard │ │ • Scans & Findings │ │ • Artifacts │ │• SBOM Sources││
│ └──────────┘ │ • Vulnerabilities │ │ • Exceptions │ │• Quotas ││
│ │ • SBOM Graph │ │ • Audit │ │ └→ Overview ││
│ │ • Lineage │ │ Bundles │ │ └→ Tenants ││
│ │ • Reachability │ │ • Risk │ │ └→ Throttle ││
│ │ • VEX Hub │ │ Profiles │ │ └→ Forecast ││
│ │ • Unknowns │ └───────────────┘ │ └→ Alerts ││
│ │ • Patch Map │ │ └→ Reports ││
│ └────────────────────────┘ │• Dead-Letter ││
│ │ └→ Dashboard││
│ ┌──────────┐ ┌───────────────────────────────────────────▲│ └→ Queue ││
│ │ NOTIFY │ │ ADMIN (scoped) ││• SLO Monitor ││
│ │ [icon] │ │ ││ └→ Dashboard││
│ └────┬─────┘ └────┬──────────────────────────────────────┘│ └→ Alerts ││
│ │ │ │ └→ Defs ││
│ ┌────▼─────┐ ┌────▼───────────────────────────────────┐ │• Platform ││
│ │Notific. │ │ • Tenants • OAuth Clients │ │ Health ││
│ │Panel │ │ • Users • Tokens │ │• Feed Mirror ││
│ └──────────┘ │ • Roles • Unified Audit Log │ │ └→ Dashboard││
│ │ • Branding • Notification Admin │ │ └→ AirGap ││
│ │ • Platform • Trust Management │ │• Offline Kit ││
│ │ Status • Policy Governance │ │• AOC Compli. ││
│ │ • Trivy DB • Policy Simulation │ │• Scheduler ││
│ │ • Registry • Issuer Directory │ │• Doctor Diag ││
│ │ Tokens • Scanner Ops │ │ ││
│ └────────────────────────────────────────┘ └──────────────┘│
└──────────────────────────────────────────────────────────────────────────────┘
```
---
## 3. NAVIGATION GROUPS DETAIL
### 3.1 HOME Group
| ID | Label | Route | Icon | Scopes |
|---|---|---|---|---|
| dashboard | Dashboard | `/` | dashboard | - |
### 3.2 ANALYZE Group
| ID | Label | Route | Icon | Scopes |
|---|---|---|---|---|
| findings | Scans & Findings | `/findings` | scan | - |
| vulnerabilities | Vulnerabilities | `/vulnerabilities` | bug | - |
| graph | SBOM Graph | `/graph` | graph | graph:read |
| lineage | Lineage | `/lineage` | git-branch | - |
| reachability | Reachability | `/reachability` | network | - |
| vex-hub | VEX Hub | `/admin/vex-hub` | shield-check | - |
| unknowns | Unknowns | `/analyze/unknowns` | help-circle | - |
| patch-map | Patch Map | `/analyze/patch-map` | grid | - |
### 3.3 TRIAGE Group
| ID | Label | Route | Icon | Scopes |
|---|---|---|---|---|
| artifacts | Artifact Workspace | `/triage/artifacts` | package | - |
| exceptions | Exception Queue | `/exceptions` | exception | - |
| audit-bundles | Audit Bundles | `/triage/audit-bundles` | archive | - |
| risk | Risk Profiles | `/risk` | shield | - |
### 3.4 POLICY Group
| ID | Label | Route | Icon | Scopes |
|---|---|---|---|---|
| policy-studio | Policy Studio | - | edit | - |
| ├─ policy-editor | Editor | `/policy-studio/packs` | - | policy:author |
| ├─ policy-simulate | Simulate | `/policy-studio/simulate` | - | policy:simulate |
| ├─ policy-approvals | Approvals | `/policy-studio/approvals` | - | policy:review OR policy:approve |
| └─ policy-dashboard | Dashboard | `/policy-studio/dashboard` | - | policy:read |
| orchestrator | Jobs & Orchestration | `/orchestrator` | workflow | - |
### 3.5 OPS Group
| ID | Label | Route | Icon | Children |
|---|---|---|---|---|
| sbom-sources | SBOM Sources | `/sbom-sources` | database | - |
| quotas | Quota Dashboard | `/ops/quotas` | gauge | Overview, Tenant Usage, Throttle Events, Forecast, Alert Config, Reports |
| dead-letter | Dead-Letter Queue | `/ops/orchestrator/dead-letter` | alert-triangle | Dashboard, Queue Browser |
| slo-monitoring | SLO Monitoring | `/ops/orchestrator/slo` | activity | Dashboard, Alerts, Definitions |
| platform-health | Platform Health | `/ops/health` | heart-pulse | Dashboard, Incidents |
| feed-mirror | Feed Mirror & AirGap | `/ops/feeds` | mirror | Dashboard, Import Bundle, Export Bundle, Version Locks |
| offline-kit | Offline Kit | `/ops/offline-kit` | offline | Dashboard, Bundles, Verification, JWKS |
| aoc-compliance | AOC Compliance | `/ops/aoc` | shield-check | Dashboard, Guard Violations, Ingestion Flow, Provenance Validator, Compliance Report |
### 3.6 NOTIFY Group
| ID | Label | Route | Icon | Scopes |
|---|---|---|---|---|
| notifications | Notifications | `/notify` | notification | - |
### 3.7 ADMIN Group (requires ui.admin scope)
| ID | Label | Route | Icon | Notes |
|---|---|---|---|---|
| tenants | Tenants | `/console/admin/tenants` | building | - |
| users | Users | `/console/admin/users` | users | - |
| roles | Roles & Scopes | `/console/admin/roles` | key | - |
| clients | OAuth Clients | `/console/admin/clients` | app | - |
| tokens | Tokens | `/console/admin/tokens` | token | - |
| audit | Unified Audit Log | `/admin/audit` | log | Has children: Dashboard, All Events, Policy Audit, Authority Audit, VEX Audit, Integration Audit, Export |
| branding | Branding | `/console/admin/branding` | palette | - |
| platform-status | Platform Status | `/console/status` | monitor | - |
| trivy-db | Trivy DB Settings | `/concelier/trivy-db-settings` | database | - |
| admin-notifications | Notification Admin | `/admin/notifications` | bell-config | - |
| admin-trust | Trust Management | `/admin/trust` | certificate | - |
| policy-governance | Policy Governance | `/admin/policy/governance` | policy-config | - |
| policy-simulation | Policy Simulation | `/admin/policy/simulation` | test-tube | - |
| registry-admin | Registry Tokens | `/admin/registries` | container | - |
| issuer-trust | Issuer Directory | `/admin/issuers` | shield-check | - |
| scanner-ops | Scanner Ops | `/ops/scanner` | scan | - |
---
## 4. USER MENU ITEMS
| ID | Label | Route | Icon |
|---|---|---|---|
| profile | Profile | `/console/profile` | user |
| settings | Settings | `/settings` | settings |
---
## 5. FEATURE MODULES COUNT
Total feature directories under `src/app/features/`: **77 modules**
```
admin-notifications/ evidence-export/ policy-governance/ setup-wizard/
advisory-ai/ evidence-pack/ policy-simulation/ slo-monitoring/
ai-runs/ evidence-thread/ policy-studio/ snapshot/
aoc/ exceptions/ proof/ sources/
aoc-compliance/ feed-mirror/ proof-chain/ timeline/
audit-log/ findings/ proof-studio/ triage/
auth/ graph/ proofs/ triage-inbox/
binary-index/ home/ quota-dashboard/ trivy-db-settings/
change-trace/ integration-hub/ reachability/ trust-admin/
compare/ integrations/ registry-admin/ unknowns/
configuration-pane/ issuer-trust/ release-orchestrator/ unknowns-tracking/
console/ lineage/ releases/ verdicts/
console-admin/ notify/ risk/ vex-hub/
cvss/ offline-kit/ runs/ vex-studio/
dashboard/ opsmemory/ sbom/ vuln-explorer/
deadletter/ orchestrator/ sbom-sources/ vulnerabilities/
doctor/ platform-health/ scanner-ops/ welcome/
evidence/ policy/ scans/
policy-gates/ scheduler-ops/
scores/
secret-detection/
settings/
```

379
docs/ui-analysis/02_HOME_AND_ANALYZE_SCREENS.md Normal file
View File

@@ -0,0 +1,379 @@
# Stella Ops UI Structure - Part 2: Home & Analyze Screens
---
## 1. HOME DASHBOARD
**Route:** `/`
**Component:** `HomeDashboardComponent`
**Location:** `src/app/features/home/home-dashboard.component.ts`
```
┌────────────────────────────────────────────────────────────────────────────────┐
│ SECURITY DASHBOARD │
│ [Last updated] [Refresh]│
├────────────────────────────────────────────────────────────────────────────────┤
│ │
│ ┌─────────────────────────┐ ┌─────────────────────────┐ ┌─────────────────┐│
│ │ VULNERABILITIES │ │ RISK OVERVIEW │ │ REACHABILITY ││
│ │ [View all →] │ │ [View details →] │ │ [Explore →] ││
│ ├─────────────────────────┤ ├─────────────────────────┤ ├─────────────────┤│
│ │ Critical ████████ 245 │ │ ┌───────────┐ │ │ ┌───────┐ ││
│ │ High ██████ 89 │ │ / 72 \ │ │ / 75% \ ││
│ │ Medium ███████ 156 │ │ │ SCORE │ │ │ │ REACH. │ ││
│ │ Low ████ 42 │ │ \ ↑ 5% / │ │ \ / ││
│ │ │ │ └───────────┘ │ │ └───────┘ ││
│ │ Total Findings: 532 │ │ │ │ ││
│ │ │ │ [Crit] [High] [Medium] │ │ ● Reachable ││
│ │ │ │ 12 34 89 │ │ ● Unreachable ││
│ └─────────────────────────┘ └─────────────────────────┘ │ ● Uncertain ││
│ └─────────────────┘│
│ │
│ ┌─────────────────────────┐ ┌─────────────────────────┐ ┌─────────────────┐│
│ │ COMPLIANCE STATUS │ │ ACTIVE POLICIES │ │ RECENT SCANS ││
│ ├─────────────────────────┤ ├─────────────────────────┤ ├─────────────────┤│
│ │ [Compliance metrics] │ │ [Policy status list] │ │ [Scan history] ││
│ └─────────────────────────┘ └─────────────────────────┘ └─────────────────┘│
└────────────────────────────────────────────────────────────────────────────────┘
```
### Dashboard Cards:
- Vulnerabilities Summary (by severity with progress bars)
- Risk Overview (circular score with trend indicator)
- Reachability (donut chart with legend)
- Compliance Status
- Active Policies
- Recent Scans
---
## 2. WELCOME PAGE
**Route:** `/welcome`
**Component:** `WelcomePageComponent`
**Location:** `src/app/features/welcome/welcome-page.component.ts`
---
## 3. ANALYZE SECTION
### 3.1 Scans & Findings
**Route:** `/findings`
**Component:** `FindingsContainerComponent`
**Location:** `src/app/features/findings/container/findings-container.component.ts`
**Additional Route:** `/findings/:scanId`
```
┌────────────────────────────────────────────────────────────────────────────────┐
│ SCANS & FINDINGS │
├────────────────────────────────────────────────────────────────────────────────┤
│ ┌──────────────────────────────────────────────────────────────────────────┐ │
│ │ [Search/Filter Bar] [Severity ▼] [Source ▼] [Date Range] [Bulk Actions]│ │
│ └──────────────────────────────────────────────────────────────────────────┘ │
│ ┌──────────────────────────────────────────────────────────────────────────┐ │
│ │ [View Toggle: Diff-First | List | Timeline] │ │
│ └──────────────────────────────────────────────────────────────────────────┘ │
├────────────────────────────────────────────────────────────────────────────────┤
│ ┌──────────────────────────────────────────────────────────────────────────┐ │
│ │ ☐ │ Sev │ CVE ID │ Package │ Status │ Reach. │ Actions │ │
│ ├───┼─────┼───────────────┼────────────────┼──────────┼────────┼───────────┤ │
│ │ ☐ │ 🔴 │ CVE-2024-1234 │ log4j 2.14.1 │ Open │ ✓ Yes │ [...] [→] │ │
│ │ ☐ │ 🟠 │ CVE-2024-5678 │ spring 5.2.1 │ Triaged │ ✗ No │ [...] [→] │ │
│ │ ☐ │ 🟡 │ CVE-2024-9012 │ commons-io 2.4 │ Open │ ? TBD │ [...] [→] │ │
│ └──────────────────────────────────────────────────────────────────────────┘ │
│ │
│ [Pagination: < 1 2 3 ... 45 >] │
├────────────────────────────────────────────────────────────────────────────────┤
│ ┌─ BULK TRIAGE PANEL ──────────────────────────────────────────────────────┐ │
│ │ Selected: 3 items [Accept Risk] [Create Exception] [Export] [Dismiss] │ │
│ └──────────────────────────────────────────────────────────────────────────┘ │
└────────────────────────────────────────────────────────────────────────────────┘
```
#### Related Components:
- `FindingsListComponent` - List view
- `BulkTriageViewComponent` - Bulk operations
- `AiChipRowComponent` - AI-enhanced findings
---
### 3.2 Vulnerabilities
**Route:** `/vulnerabilities`
**Component:** `VulnerabilityExplorerComponent`
**Location:** `src/app/features/vulnerabilities/vulnerability-explorer.component.ts`
**Detail Route:** `/vulnerabilities/:vulnId`
**Component:** `VulnerabilityDetailComponent`
```
┌────────────────────────────────────────────────────────────────────────────────┐
│ VULNERABILITY EXPLORER │
├────────────────────────────────────────────────────────────────────────────────┤
│ ┌──────────────────────────────────────────────────────────────────────────┐ │
│ │ 🔍 Search CVE/Package... [Severity ▼] [CVSS ▼] [Exploited ▼] [Year ▼] │ │
│ └──────────────────────────────────────────────────────────────────────────┘ │
├────────────────────────────────────────────────────────────────────────────────┤
│ ┌────────────────────────────────────────────────────────────────────────────┐│
│ │ CVE ID │ CVSS │ Severity │ Description │ Exploited │ VEX ││
│ ├───────────────┼──────┼──────────┼───────────────────────┼───────────┼──────┤│
│ │ CVE-2024-... │ 9.8 │ Critical │ Remote code exec... │ 🔴 Yes │ ⚑ ││
│ │ CVE-2024-... │ 7.5 │ High │ SQL injection in... │ ⚪ No │ ││
│ │ CVE-2024-... │ 5.0 │ Medium │ Information disc... │ ⚪ No │ ⚑ ││
│ └────────────────────────────────────────────────────────────────────────────┘│
│ │
│ ┌─ VULNERABILITY DETAIL (slide-out) ───────────────────────────────────────┐ │
│ │ CVE-2024-1234 [Open in new tab] │ │
│ │ ─────────────────────────────────────────────────────────────────────── │ │
│ │ CVSS: 9.8 Critical │ │
│ │ Description: Remote code execution vulnerability in... │ │
│ │ Affected: [package@version list] │ │
│ │ VEX Statements: [consensus status] │ │
│ │ Reachability: [analysis results] │ │
│ │ Fix Available: ✓ Yes - Upgrade to version X.X.X │ │
│ └──────────────────────────────────────────────────────────────────────────┘ │
└────────────────────────────────────────────────────────────────────────────────┘
```
---
### 3.3 SBOM Graph
**Route:** `/graph`
**Component:** `GraphExplorerComponent`
**Location:** `src/app/features/graph/graph-explorer.component.ts`
**Required Scope:** `graph:read`
```
┌────────────────────────────────────────────────────────────────────────────────┐
│ SBOM GRAPH EXPLORER │
├────────────────────────────────────────────────────────────────────────────────┤
│ ┌──────────────────────────────────────────────────────────────────────────┐ │
│ │ [Search node...] [Filter by type ▼] [Depth: ▼] [Layout: ▼] [Zoom: ─●─] │ │
│ └──────────────────────────────────────────────────────────────────────────┘ │
├────────────────────────────────────────────────────────────────────────────────┤
│ ┌──────────────────────────────────────────────────────────────────────────┐ │
│ │ │ │
│ │ ┌─────────┐ │ │
│ │ ┌────────┤ app-svc ├────────┐ │ │
│ │ │ └────┬────┘ │ │ │
│ │ ▼ │ ▼ │ │
│ │ ┌─────────┐ │ ┌─────────┐ │ │
│ │ │ log4j │◄────────┼──────►│ spring │ │ │
│ │ │ 🔴 vuln │ │ │ 🟠 vuln │ │ │
│ │ └─────────┘ │ └────┬────┘ │ │
│ │ │ │ │ │ │
│ │ ▼ │ ▼ │ │
│ │ ┌─────────┐ ┌────┴───┐ ┌─────────┐ │ │
│ │ │ jackson │ │commons │ │ netty │ │ │
│ │ └─────────┘ └────────┘ └─────────┘ │ │
│ │ │ │
│ │ [Legend: ● Package 🔴 Critical 🟠 High 🟡 Medium ⚫ Low] │ │
│ └──────────────────────────────────────────────────────────────────────────┘ │
├─ NODE DETAILS ─────────────────────────────────────────────────────────────────┤
│ │ Selected: log4j@2.14.1 │ │
│ │ Type: Library │ License: Apache-2.0 │ Dependencies: 12 │ Dependents: 45 │ │
│ │ Vulnerabilities: 3 Critical, 1 High │ │
│ └──────────────────────────────────────────────────────────────────────────┘ │
└────────────────────────────────────────────────────────────────────────────────┘
```
---
### 3.4 Lineage
**Route:** `/lineage`
**Component:** `LineageGraphContainerComponent`
**Location:** `src/app/features/lineage/components/lineage-graph-container/lineage-graph-container.component.ts`
**Sub-routes:**
- `/lineage/:artifact/compare` - Compare with artifact context
- `/lineage/compare` - Legacy compare route
```
┌────────────────────────────────────────────────────────────────────────────────┐
│ SBOM LINEAGE GRAPH │
├────────────────────────────────────────────────────────────────────────────────┤
│ ┌──────────────────────────────────────────────────────────────────────────┐ │
│ │ [Artifact selector ▼] [Version A ▼] ⟷ [Version B ▼] [Compare] │ │
│ └──────────────────────────────────────────────────────────────────────────┘ │
├────────────────────────────────────────────────────────────────────────────────┤
│ │
│ v1.0.0 v1.1.0 v1.2.0 v1.3.0 │
│ ●─────────────●─────────────●─────────────● (lineage timeline) │
│ │ │ │ │ │
│ │ │ ┌──────┴──────┐ │ │
│ │ │ ▼ ▼ │ │
│ │ │ hotfix-a hotfix-b │ │
│ │ │ │ │ │ │
│ │ │ └──────┬──────┘ │ │
│ │ │ ▼ │ │
│ │ │ v1.2.1 │ │
│ │ │ │ │ │
│ └─────────────┴─────────────┴─────────────┘ │
│ │
├─ SMART DIFF ───────────────────────────────────────────────────────────────────┤
│ │ Comparing: v1.2.0 ⟷ v1.3.0 │ │
│ ├──────────────────────────────────────────────────────────────────────────┤ │
│ │ + Added: 3 packages 🔴 New CVEs: 2 │ │
│ │ - Removed: 1 package ✓ Fixed CVEs: 5 │ │
│ │ ↻ Changed: 7 packages ⚠ Degraded: 1 │ │
│ └──────────────────────────────────────────────────────────────────────────┘ │
└────────────────────────────────────────────────────────────────────────────────┘
```
---
### 3.5 Reachability Center
**Route:** `/reachability`
**Component:** `ReachabilityCenterComponent`
**Location:** `src/app/features/reachability/reachability-center.component.ts`
```
┌────────────────────────────────────────────────────────────────────────────────┐
│ REACHABILITY CENTER │
├────────────────────────────────────────────────────────────────────────────────┤
│ ┌─ COVERAGE SUMMARY ───────────────────────────────────────────────────────┐ │
│ │ ┌────────────┐ ┌────────────┐ ┌────────────┐ ┌────────────┐ │ │
│ │ │ Total CVEs │ │ Reachable │ │ Unreachable│ │ Uncertain │ │ │
│ │ │ 1,234 │ │ 456 │ │ 678 │ │ 100 │ │ │
│ │ │ │ │ (37%) │ │ (55%) │ │ (8%) │ │ │
│ │ └────────────┘ └────────────┘ └────────────┘ └────────────┘ │ │
│ └──────────────────────────────────────────────────────────────────────────┘ │
├────────────────────────────────────────────────────────────────────────────────┤
│ ┌─ REACHABILITY BY ARTIFACT ───────────────────────────────────────────────┐ │
│ │ │ │
│ │ Artifact │ Total │ Reachable │ Unreachable │ Coverage │ │
│ │ ─────────────────────┼───────┼───────────┼─────────────┼─────────────│ │
│ │ app-backend:latest │ 45 │ 12 │ 28 │ ████░░ 62% │ │
│ │ api-gateway:v2.3 │ 32 │ 8 │ 20 │ ███░░░ 50% │ │
│ │ worker-svc:1.0.0 │ 78 │ 45 │ 25 │ ██████ 89% │ │
│ │ │ │
│ └──────────────────────────────────────────────────────────────────────────┘ │
├─ CALL PATH VISUALIZATION ──────────────────────────────────────────────────────┤
│ │ Selected: CVE-2024-1234 in log4j │ │
│ │ │ │
│ │ main() → processRequest() → Logger.log() → vulnerable_function() │ │
│ │ │ │
│ └──────────────────────────────────────────────────────────────────────────┘ │
└────────────────────────────────────────────────────────────────────────────────┘
```
---
### 3.6 VEX Hub
**Route:** `/admin/vex-hub`
**Location:** `src/app/features/vex-hub/`
**Sub-routes:**
| Path | Component |
|---|---|
| `/admin/vex-hub` | `VexHubDashboardComponent` |
| `/admin/vex-hub/search` | `VexStatementSearchComponent` |
| `/admin/vex-hub/search/detail/:id` | `VexStatementDetailComponent` |
| `/admin/vex-hub/stats` | `VexHubStatsComponent` |
| `/admin/vex-hub/consensus` | `VexConsensusComponent` |
| `/admin/vex-hub/explorer` | `VexHubComponent` |
```
┌────────────────────────────────────────────────────────────────────────────────┐
│ VEX HUB │
├──────────────────┬─────────────────────────────────────────────────────────────┤
│ NAVIGATION │ │
│ ───────────── │ │
│ [Dashboard] │ VEX DASHBOARD │
│ [Search] │ ───────────────────────────────────────────────────────── │
│ [Stats] │ ┌──────────────┐ ┌──────────────┐ ┌──────────────┐ │
│ [Consensus] │ │ Statements │ │ Conflicts │ │ Consensus │ │
│ [Explorer] │ │ 1,234 │ │ 12 │ │ Reached: 89%│ │
│ │ └──────────────┘ └──────────────┘ └──────────────┘ │
│ │ │
│ AI FEATURES │ ┌─ RECENT VEX STATEMENTS ────────────────────────────────┐ │
│ ───────────── │ │ CVE ID │ Product │ Status │ Issuer │ │
│ [AI Explain] │ │ CVE-2024-... │ app-svc │ Not Affected │ Vendor A │ │
│ [AI Justify] │ │ CVE-2024-... │ api-gw │ Fixed │ Vendor B │ │
│ [AI Remediate] │ │ CVE-2024-... │ worker │ Under Invest. │ Internal │ │
│ │ └────────────────────────────────────────────────────────┘ │
│ │ │
│ │ ┌─ CONFLICT RESOLUTION ──────────────────────────────────┐ │
│ │ │ 12 conflicts pending review → [Resolve] │ │
│ │ └────────────────────────────────────────────────────────┘ │
└──────────────────┴─────────────────────────────────────────────────────────────┘
```
#### VEX Hub Components:
- `VexHubDashboardComponent`
- `VexStatementSearchComponent`
- `VexStatementDetailComponent`
- `VexStatementDetailPanelComponent`
- `VexHubStatsComponent`
- `VexConsensusComponent`
- `VexConflictResolutionComponent`
- `VexCreateWorkflowComponent`
- `AiConsentGateComponent`
- `AiExplainPanelComponent`
- `AiJustifyPanelComponent`
- `AiRemediatePanelComponent`
---
### 3.7 Unknowns Tracking
**Route:** `/analyze/unknowns`
**Location:** `src/app/features/unknowns-tracking/`
```
┌────────────────────────────────────────────────────────────────────────────────┐
│ UNKNOWNS TRACKING │
├────────────────────────────────────────────────────────────────────────────────┤
│ ┌─ SUMMARY ────────────────────────────────────────────────────────────────┐ │
│ │ Unknown Components: 234 │ Unresolved PURLs: 45 │ Missing SBOMs: 12 │ │
│ └──────────────────────────────────────────────────────────────────────────┘ │
├────────────────────────────────────────────────────────────────────────────────┤
│ [Search...] [Type ▼] [Status ▼] [Source ▼] │
├────────────────────────────────────────────────────────────────────────────────┤
│ │ Component Name │ Type │ First Seen │ Status │ Actions │ │
│ ├───────────────────┼───────────┼─────────────┼───────────┼───────────────┤ │
│ │ unknown-lib-1.0 │ Library │ 2024-01-15 │ Pending │ [Match] [Ign] │ │
│ │ mystery-pkg │ Package │ 2024-01-14 │ Reviewing │ [Match] [Ign] │ │
│ │ vendor-binary.dll │ Binary │ 2024-01-13 │ Matched │ [View] │ │
└────────────────────────────────────────────────────────────────────────────────┘
```
---
### 3.8 Patch Map
**Route:** `/analyze/patch-map`
**Component:** `PatchMapComponent`
**Location:** `src/app/features/binary-index/patch-map.component.ts`
Fleet-wide binary patch coverage heatmap visualization.
---
### 3.9 Scan Detail
**Route:** `/scans/:scanId`
**Component:** `ScanDetailPageComponent`
**Location:** `src/app/features/scans/scan-detail-page.component.ts`
---
### 3.10 CVSS Receipt
**Route:** `/cvss/receipts/:receiptId`
**Component:** `CvssReceiptComponent`
**Location:** `src/app/features/cvss/cvss-receipt.component.ts`
---
### 3.11 Compare View
**Route:** `/compare/:currentId`
**Component:** `CompareViewComponent`
**Location:** `src/app/features/compare/components/compare-view/compare-view.component.ts`

668
docs/ui-analysis/03_TRIAGE_POLICY_OPS_SCREENS.md Normal file
View File

@@ -0,0 +1,668 @@
# Stella Ops UI Structure - Part 3: Triage, Policy & Ops Screens
---
## 1. TRIAGE SECTION
### 1.1 Artifact Workspace
**Route:** `/triage/artifacts`
**Component:** `TriageArtifactsComponent`
**Location:** `src/app/features/triage/triage-artifacts.component.ts`
```
┌────────────────────────────────────────────────────────────────────────────────┐
│ ARTIFACT WORKSPACE │
├────────────────────────────────────────────────────────────────────────────────┤
│ ┌──────────────────────────────────────────────────────────────────────────┐ │
│ │ [Search artifacts...] [Registry ▼] [Status ▼] [Risk Level ▼] │ │
│ └──────────────────────────────────────────────────────────────────────────┘ │
├────────────────────────────────────────────────────────────────────────────────┤
│ ┌─ ARTIFACTS LIST ─────────────────────────────────────────────────────────┐ │
│ │ Image Name │ Tag │ Risk │ Findings │ VEX │ Actions │ │
│ ├────────────────────────┼──────────┼───────┼──────────┼────────┼─────────┤ │
│ │ registry/app-svc │ v1.2.3 │ 🔴 │ 45 │ 3 │ [→] │ │
│ │ registry/api-gateway │ latest │ 🟠 │ 23 │ 1 │ [→] │ │
│ │ registry/worker │ 2.0.0 │ 🟢 │ 5 │ 5 │ [→] │ │
│ └──────────────────────────────────────────────────────────────────────────┘ │
└────────────────────────────────────────────────────────────────────────────────┘
```
---
### 1.2 Artifact Detail / Triage Workspace
**Route:** `/triage/artifacts/:artifactId`
**Component:** `TriageWorkspaceComponent`
**Location:** `src/app/features/triage/triage-workspace.component.ts`
```
┌────────────────────────────────────────────────────────────────────────────────┐
│ TRIAGE WORKSPACE: registry/app-svc:v1.2.3 │
├────────────────────────────────────────────────────────────────────────────────┤
│ ┌─────────────────────────────────────────────────────────────────────────────┐│
│ │ [Findings] [Components] [VEX Decisions] [Attestations] [Evidence] [History]││
│ └─────────────────────────────────────────────────────────────────────────────┘│
├────────────────────────────────────────────────────────────────────────────────┤
│ ┌─ ARTIFACT INFO ─────────────────────────────────────────────────────────────┐│
│ │ Digest: sha256:abc123... │ Created: 2024-01-15 │ Size: 245MB ││
│ │ Risk Score: 78 (High) │ Total CVEs: 45 │ Exceptions: 3 ││
│ └─────────────────────────────────────────────────────────────────────────────┘│
├────────────────────────────────────────────────────────────────────────────────┤
│ ┌─ TRIAGE ACTIONS ─────────────────────────────────────────────────────────┐ │
│ │ Selected: 5 findings │ │
│ │ [Create VEX] [Add Exception] [Request Review] [Export Evidence] │ │
│ └──────────────────────────────────────────────────────────────────────────┘ │
├────────────────────────────────────────────────────────────────────────────────┤
│ ┌─ FINDINGS LIST ──────────────────────────────────────────────────────────┐ │
│ │ ☐ │ Sev │ CVE │ Component │ Status │ VEX │ Except │ │
│ ├───┼─────┼───────────────┼────────────────┼───────────┼─────────┼────────┤ │
│ │ ☑ │ 🔴 │ CVE-2024-1234 │ log4j@2.14.1 │ Open │ │ │ │
│ │ ☑ │ 🔴 │ CVE-2024-5678 │ spring@5.2.1 │ Triaged │ ⚑ │ │ │
│ │ ☐ │ 🟠 │ CVE-2024-9012 │ jackson@2.9 │ Excepted │ │ ✓ │ │
│ └──────────────────────────────────────────────────────────────────────────┘ │
└────────────────────────────────────────────────────────────────────────────────┘
```
#### Related Components:
- `TriageAttestationDetailModalComponent`
- `VexDecisionModalComponent`
- Components in `src/app/features/triage/components/`
---
### 1.3 Exception Queue
**Route:** `/exceptions`
**Component:** `TriageArtifactsComponent` (reused)
**Location:** `src/app/features/triage/triage-artifacts.component.ts`
---
### 1.4 Audit Bundles
**Route:** `/triage/audit-bundles`
**Component:** `TriageAuditBundlesComponent`
**Location:** `src/app/features/triage/triage-audit-bundles.component.ts`
**Create Route:** `/triage/audit-bundles/new`
**Component:** `TriageAuditBundleNewComponent`
```
┌────────────────────────────────────────────────────────────────────────────────┐
│ AUDIT BUNDLES │
├────────────────────────────────────────────────────────────────────────────────┤
│ [Search bundles...] [Status ▼] [Date Range] [+ New Bundle] │
├────────────────────────────────────────────────────────────────────────────────┤
│ │ Bundle ID │ Created │ Artifacts │ Status │ Signed │ Actions │ │
│ ├────────────────┼──────────────┼───────────┼───────────┼─────────┼─────────┤ │
│ │ AUDIT-2024-001 │ 2024-01-15 │ 12 │ Complete │ ✓ │ [↓] [→] │ │
│ │ AUDIT-2024-002 │ 2024-01-14 │ 8 │ Pending │ │ [→] │ │
│ │ AUDIT-2024-003 │ 2024-01-13 │ 25 │ Complete │ ✓ │ [↓] [→] │ │
└────────────────────────────────────────────────────────────────────────────────┘
```
---
### 1.5 Risk Dashboard
**Route:** `/risk`
**Component:** `RiskDashboardComponent`
**Location:** `src/app/features/risk/risk-dashboard.component.ts`
```
┌────────────────────────────────────────────────────────────────────────────────┐
│ RISK PROFILES │
├────────────────────────────────────────────────────────────────────────────────┤
│ ┌─ RISK OVERVIEW ──────────────────────────────────────────────────────────┐ │
│ │ ┌───────────────┐ │ │
│ │ / 72 \ Overall Risk Score │ │
│ │ │ ↓ 3% from │ ────────────────────────────────────────────────│ │
│ │ \ last week / • Critical Findings: 12 │ │
│ │ └───────────────┘ • High Findings: 45 │ │
│ │ • Active Exceptions: 23 │ │
│ │ • Compliance Gaps: 5 │ │
│ └──────────────────────────────────────────────────────────────────────────┘ │
├────────────────────────────────────────────────────────────────────────────────┤
│ ┌─ RISK BY ARTIFACT ───────────────────────────────────────────────────────┐ │
│ │ Artifact │ Score │ Trend │ Critical │ High │ Exceptions │ │
│ ├──────────────────┼───────┼────────┼──────────┼──────┼───────────────────┤ │
│ │ app-svc │ 85 │ ↑ +5 │ 5 │ 12 │ 3 │ │
│ │ api-gateway │ 62 │ ↓ -8 │ 2 │ 8 │ 2 │ │
│ │ worker │ 35 │ = 0 │ 0 │ 3 │ 1 │ │
│ └──────────────────────────────────────────────────────────────────────────┘ │
├─ RISK DRIFT ───────────────────────────────────────────────────────────────────┤
│ │ [Time-series chart showing risk score changes over time] │ │
│ │ 100 ┤ │ │
│ │ 75 ┤ ╭──╮ ╭───── │ │
│ │ 50 ┤ ╭───╯ ╰────╯ │ │
│ │ 25 ┤──╯ │ │
│ │ 0 └──────────────────────────────────────────────────────────── │ │
│ │ Jan Feb Mar Apr May Jun │ │
│ └──────────────────────────────────────────────────────────────────────────┘ │
└────────────────────────────────────────────────────────────────────────────────┘
```
---
## 2. POLICY SECTION
### 2.1 Policy Studio - Workspace
**Route:** `/policy-studio/packs`
**Component:** `PolicyWorkspaceComponent`
**Location:** `src/app/features/policy-studio/workspace/policy-workspace.component.ts`
**Required Scope:** `policy:read`
```
┌────────────────────────────────────────────────────────────────────────────────┐
│ POLICY STUDIO │
├────────────────────────────────────────────────────────────────────────────────┤
│ [+ New Pack] [Search packs...] [Status ▼] [Environment ▼] │
├────────────────────────────────────────────────────────────────────────────────┤
│ ┌─ POLICY PACKS ───────────────────────────────────────────────────────────┐ │
│ │ Pack Name │ Version │ Status │ Envs │ Rules │ Actions │ │
│ ├────────────────────┼─────────┼───────────┼───────────┼───────┼──────────┤ │
│ │ security-baseline │ v2.3.0 │ Active │ Prod,Stg │ 45 │ [Edit] │ │
│ │ compliance-pci │ v1.0.0 │ Draft │ - │ 23 │ [Edit] │ │
│ │ internal-standards │ v3.1.0 │ Pending │ Dev │ 67 │ [Review] │ │
│ └──────────────────────────────────────────────────────────────────────────┘ │
└────────────────────────────────────────────────────────────────────────────────┘
```
---
### 2.2 Policy Editor
**Route:** `/policy-studio/packs/:packId/editor`
**Component:** `PolicyEditorComponent`
**Location:** `src/app/features/policy-studio/editor/policy-editor.component.ts`
**Required Scope:** `policy:author`
```
┌────────────────────────────────────────────────────────────────────────────────┐
│ POLICY EDITOR: security-baseline v2.3.0 │
├────────────────────────────────────────────────────────────────────────────────┤
│ [Editor] [YAML] [Simulate] [Approvals] [Rules] [Dashboard] │
├────────────────────────────────────────────────────────────────────────────────┤
│ ┌─────────────────────────────┬────────────────────────────────────────────┐ │
│ │ RULES TREE │ RULE DETAILS │ │
│ │ ───────────── │ ───────────────────────────────────────── │ │
│ │ ▼ vulnerability-gates │ Rule: block-critical-cves │ │
│ │ ├── block-critical-cves │ ────────────────────────────────────────── │ │
│ │ ├── warn-high-cves │ Description: │ │
│ │ └── require-fix-path │ Block artifacts with critical CVEs │ │
│ │ ▼ compliance-checks │ │ │
│ │ ├── require-sbom │ Condition: │ │
│ │ ├── verify-signatures │ cvss_score >= 9.0 AND status == "open" │ │
│ │ └── check-licenses │ │ │
│ │ ▼ quality-gates │ Action: BLOCK │ │
│ │ ├── test-coverage │ Message: "Critical CVE detected..." │ │
│ │ └── code-review │ │ │
│ │ │ [Edit Rule] [Test Rule] [Delete] │ │
│ └─────────────────────────────┴────────────────────────────────────────────┘ │
├─ ACTIONS ──────────────────────────────────────────────────────────────────────┤
│ [Save Draft] [Validate] [Submit for Review] [History] │
└────────────────────────────────────────────────────────────────────────────────┘
```
---
### 2.3 Policy YAML Editor
**Route:** `/policy-studio/packs/:packId/yaml`
**Component:** `PolicyYamlEditorComponent`
**Location:** `src/app/features/policy-studio/yaml/policy-yaml-editor.component.ts`
**Required Scope:** `policy:author`
---
### 2.4 Policy Simulation
**Route:** `/policy-studio/packs/:packId/simulate`
**Component:** `PolicySimulationComponent`
**Location:** `src/app/features/policy-studio/simulation/policy-simulation.component.ts`
**Required Scope:** `policy:simulate`
```
┌────────────────────────────────────────────────────────────────────────────────┐
│ POLICY SIMULATION: security-baseline v2.3.0 │
├────────────────────────────────────────────────────────────────────────────────┤
│ ┌─ INPUT ──────────────────────────────────────────────────────────────────┐ │
│ │ Artifact: [Select artifact... ▼] Environment: [Staging ▼] │ │
│ │ [Run Simulation] │ │
│ └──────────────────────────────────────────────────────────────────────────┘ │
├────────────────────────────────────────────────────────────────────────────────┤
│ ┌─ SIMULATION RESULTS ─────────────────────────────────────────────────────┐ │
│ │ Overall Verdict: 🔴 BLOCKED │ │
│ │ ─────────────────────────────────────────────────────────────────────── │ │
│ │ Rule │ Result │ Details │ │
│ │ ────────────────────────┼──────────┼────────────────────────────────────│ │
│ │ block-critical-cves │ 🔴 BLOCK │ 3 critical CVEs found │ │
│ │ warn-high-cves │ 🟡 WARN │ 12 high CVEs found │ │
│ │ require-sbom │ 🟢 PASS │ SBOM present and valid │ │
│ │ verify-signatures │ 🟢 PASS │ Valid signature from trusted key │ │
│ │ check-licenses │ 🟡 WARN │ GPL-3.0 detected in 2 components │ │
│ └──────────────────────────────────────────────────────────────────────────┘ │
├─ EXPLAIN ──────────────────────────────────────────────────────────────────────┤
│ │ [AI-powered explanation of simulation results] │ │
│ └──────────────────────────────────────────────────────────────────────────┘ │
└────────────────────────────────────────────────────────────────────────────────┘
```
---
### 2.5 Policy Approvals
**Route:** `/policy-studio/packs/:packId/approvals`
**Component:** `PolicyApprovalsComponent`
**Location:** `src/app/features/policy-studio/approvals/policy-approvals.component.ts`
**Required Scope:** `policy:review` OR `policy:approve`
---
### 2.6 Policy Rule Builder
**Route:** `/policy-studio/packs/:packId/rules`
**Component:** `PolicyRuleBuilderComponent`
**Location:** `src/app/features/policy-studio/rule-builder/policy-rule-builder.component.ts`
**Required Scope:** `policy:author`
---
### 2.7 Policy Explain
**Route:** `/policy-studio/packs/:packId/explain/:runId`
**Component:** `PolicyExplainComponent`
**Location:** `src/app/features/policy-studio/explain/policy-explain.component.ts`
**Required Scope:** `policy:read`
---
### 2.8 Policy Dashboard
**Route:** `/policy-studio/packs/:packId/dashboard`
**Component:** `PolicyDashboardComponent`
**Location:** `src/app/features/policy-studio/dashboard/policy-dashboard.component.ts`
**Required Scope:** `policy:read`
---
### 2.9 Orchestrator Dashboard
**Route:** `/orchestrator`
**Component:** `OrchestratorDashboardComponent`
**Location:** `src/app/features/orchestrator/orchestrator-dashboard.component.ts`
**Required Scope:** `orch:read`
```
┌────────────────────────────────────────────────────────────────────────────────┐
│ ORCHESTRATOR DASHBOARD │
├────────────────────────────────────────────────────────────────────────────────┤
│ ┌─ SUMMARY ────────────────────────────────────────────────────────────────┐ │
│ │ Running: 5 │ Queued: 12 │ Completed: 1,234 │ Failed: 23 │ │
│ └──────────────────────────────────────────────────────────────────────────┘ │
├────────────────────────────────────────────────────────────────────────────────┤
│ [Search jobs...] [Type ▼] [Status ▼] [Date Range] │
├────────────────────────────────────────────────────────────────────────────────┤
│ │ Job ID │ Type │ Artifact │ Status │ Started │ Action│ │
│ ├─────────────┼─────────────┼────────────────┼──────────┼───────────┼───────┤ │
│ │ JOB-12345 │ Scan │ app-svc:v1.2.3 │ Running │ 2m ago │ [→] │ │
│ │ JOB-12344 │ Policy │ api-gw:latest │ Complete │ 5m ago │ [→] │ │
│ │ JOB-12343 │ Reachability│ worker:2.0.0 │ Failed │ 10m ago │ [↻] │ │
│ │ JOB-12342 │ Export │ bundle-001 │ Complete │ 15m ago │ [↓] │ │
└────────────────────────────────────────────────────────────────────────────────┘
```
---
### 2.10 Orchestrator Jobs
**Route:** `/orchestrator/jobs`
**Component:** `OrchestratorJobsComponent`
**Location:** `src/app/features/orchestrator/orchestrator-jobs.component.ts`
**Required Scope:** `orch:read`
---
### 2.11 Orchestrator Job Detail
**Route:** `/orchestrator/jobs/:jobId`
**Component:** `OrchestratorJobDetailComponent`
**Location:** `src/app/features/orchestrator/orchestrator-job-detail.component.ts`
**Required Scope:** `orch:read`
---
### 2.12 Orchestrator Quotas
**Route:** `/orchestrator/quotas`
**Component:** `OrchestratorQuotasComponent`
**Location:** `src/app/features/orchestrator/orchestrator-quotas.component.ts`
**Required Scope:** `orch:operator`
---
## 3. OPS SECTION
### 3.1 SBOM Sources
**Route:** `/sbom-sources`
**Location:** `src/app/features/sbom-sources/`
**Sub-routes:**
| Path | Component | Title |
|---|---|---|
| `/sbom-sources` | `SourcesListComponent` | SBOM Sources |
| `/sbom-sources/new` | `SourceWizardComponent` | Create SBOM Source |
| `/sbom-sources/:id` | `SourceDetailComponent` | Source Details |
| `/sbom-sources/:id/edit` | `SourceWizardComponent` | Edit Source |
```
┌────────────────────────────────────────────────────────────────────────────────┐
│ SBOM SOURCES │
├────────────────────────────────────────────────────────────────────────────────┤
│ [+ New Source] [Search sources...] [Type ▼] [Status ▼] │
├────────────────────────────────────────────────────────────────────────────────┤
│ │ Source Name │ Type │ URL │ Status │ Last Sync │ │
│ ├─────────────────┼───────────┼──────────────────────┼─────────┼────────────┤ │
│ │ docker-hub │ Registry │ registry.docker.io │ 🟢 OK │ 2m ago │ │
│ │ github-actions │ CI │ github.com/org │ 🟢 OK │ 5m ago │ │
│ │ gitlab-ci │ CI │ gitlab.company.com │ 🟡 Warn │ 1h ago │ │
│ │ local-registry │ Registry │ registry.local:5000 │ 🔴 Error│ 2d ago │ │
└────────────────────────────────────────────────────────────────────────────────┘
```
---
### 3.2 Quota Dashboard
**Route:** `/ops/quotas`
**Location:** `src/app/features/quota-dashboard/`
**Sub-routes:**
| Path | Component |
|---|---|
| `/ops/quotas` | `QuotaDashboardComponent` |
| `/ops/quotas/tenants` | `TenantQuotaTableComponent` |
| `/ops/quotas/tenants/:tenantId` | `TenantQuotaDetailComponent` |
| `/ops/quotas/throttle` | `ThrottleContextComponent` |
| `/ops/quotas/alerts` | `QuotaAlertConfigComponent` |
| `/ops/quotas/forecast` | `QuotaForecastComponent` |
| `/ops/quotas/reports` | `QuotaReportExportComponent` |
```
┌────────────────────────────────────────────────────────────────────────────────┐
│ QUOTA DASHBOARD │
├──────────────────┬─────────────────────────────────────────────────────────────┤
│ NAVIGATION │ QUOTA OVERVIEW │
│ ───────────── │ ───────────────────────────────────────────────────────── │
│ [Overview] │ ┌────────────┐ ┌────────────┐ ┌────────────┐ │
│ [Tenant Usage] │ │ Scan Quota │ │ API Calls │ │ Storage │ │
│ [Throttle] │ │ 67% used │ │ 45% used │ │ 82% used │ │
│ [Forecast] │ │ ████░░ │ │ ███░░░ │ │ █████░ │ │
│ [Alert Config] │ └────────────┘ └────────────┘ └────────────┘ │
│ [Reports] │ │
│ │ ┌─ QUOTA TRENDS ─────────────────────────────────────────┐│
│ │ │ [Time-series chart] ││
│ │ └─────────────────────────────────────────────────────────┘│
│ │ │
│ │ ┌─ ALERTS ────────────────────────────────────────────────┐│
│ │ │ ⚠ Storage quota at 82% - forecast exhaustion in 14 days││
│ │ │ ⚠ Tenant "prod-team" exceeded scan rate limit ││
│ │ └─────────────────────────────────────────────────────────┘│
└──────────────────┴─────────────────────────────────────────────────────────────┘
```
---
### 3.3 Dead-Letter Queue
**Route:** `/ops/orchestrator/dead-letter`
**Location:** `src/app/features/deadletter/`
**Sub-routes:**
| Path | Component |
|---|---|
| `/ops/orchestrator/dead-letter` | Dashboard |
| `/ops/orchestrator/dead-letter/queue` | Queue Browser |
```
┌────────────────────────────────────────────────────────────────────────────────┐
│ DEAD-LETTER QUEUE │
├────────────────────────────────────────────────────────────────────────────────┤
│ ┌─ QUEUE STATS ────────────────────────────────────────────────────────────┐ │
│ │ Total: 23 │ Retryable: 18 │ Permanent: 5 │ Oldest: 2 days │ │
│ └──────────────────────────────────────────────────────────────────────────┘ │
├────────────────────────────────────────────────────────────────────────────────┤
│ [Search...] [Error Type ▼] [Job Type ▼] [Retry All] [Purge Permanent] │
├────────────────────────────────────────────────────────────────────────────────┤
│ │ Job ID │ Type │ Error │ Retries │ Actions │ │
│ ├─────────────┼───────────┼──────────────────────┼─────────┼───────────────┤ │
│ │ JOB-ERR-001 │ Scan │ Timeout connecting...│ 3/5 │ [↻] [🗑] [→] │ │
│ │ JOB-ERR-002 │ Export │ Out of memory │ 5/5 │ [🗑] [→] │ │
│ │ JOB-ERR-003 │ Policy │ Invalid policy pack │ 2/5 │ [↻] [🗑] [→] │ │
└────────────────────────────────────────────────────────────────────────────────┘
```
---
### 3.4 SLO Monitoring
**Route:** `/ops/orchestrator/slo`
**Location:** `src/app/features/slo-monitoring/`
**Sub-routes:**
| Path | Component |
|---|---|
| `/ops/orchestrator/slo` | Dashboard |
| `/ops/orchestrator/slo/alerts` | Alerts |
| `/ops/orchestrator/slo/definitions` | Definitions |
```
┌────────────────────────────────────────────────────────────────────────────────┐
│ SLO MONITORING │
├────────────────────────────────────────────────────────────────────────────────┤
│ ┌─ SLO STATUS ─────────────────────────────────────────────────────────────┐ │
│ │ ┌─────────────────┐ ┌─────────────────┐ ┌─────────────────┐ │ │
│ │ │ Scan Latency │ │ API Availability│ │ Policy Eval │ │ │
│ │ │ Target: < 30s │ │ Target: 99.9% │ │ Target: < 100ms │ │ │
│ │ │ Current: 28s │ │ Current: 99.95% │ │ Current: 85ms │ │ │
│ │ │ 🟢 HEALTHY │ │ 🟢 HEALTHY │ │ 🟢 HEALTHY │ │ │
│ │ └─────────────────┘ └─────────────────┘ └─────────────────┘ │ │
│ └──────────────────────────────────────────────────────────────────────────┘ │
├────────────────────────────────────────────────────────────────────────────────┤
│ ┌─ BURN RATE ──────────────────────────────────────────────────────────────┐ │
│ │ SLO Name │ Budget │ Burned │ Rate │ Status │ TTL │ │
│ │ ─────────────────┼────────┼────────┼─────────┼──────────┼──────────────│ │
│ │ Scan Latency │ 0.1% │ 0.02% │ 0.5x │ 🟢 Safe │ 45 days │ │
│ │ API Availability │ 0.1% │ 0.05% │ 1.2x │ 🟡 Watch │ 18 days │ │
│ │ Policy Eval │ 0.1% │ 0.01% │ 0.2x │ 🟢 Safe │ 90+ days │ │
│ └──────────────────────────────────────────────────────────────────────────┘ │
└────────────────────────────────────────────────────────────────────────────────┘
```
---
### 3.5 Platform Health
**Route:** `/ops/health`
**Location:** `src/app/features/platform-health/`
**Sub-routes:**
| Path | Component |
|---|---|
| `/ops/health` | `PlatformHealthDashboardComponent` |
| `/ops/health/services/:serviceName` | `ServiceDetailComponent` |
| `/ops/health/incidents` | `IncidentTimelineComponent` |
```
┌────────────────────────────────────────────────────────────────────────────────┐
│ PLATFORM HEALTH DASHBOARD │
├────────────────────────────────────────────────────────────────────────────────┤
│ ┌─ SERVICE STATUS ─────────────────────────────────────────────────────────┐ │
│ │ ┌──────────┐ ┌──────────┐ ┌──────────┐ ┌──────────┐ ┌──────────┐ │ │
│ │ │ Scanner │ │ Policy │ │ Authority│ │ VEX Hub │ │ Evidence │ │ │
│ │ │ 🟢 OK │ │ 🟢 OK │ │ 🟢 OK │ │ 🟡 Warn │ │ 🟢 OK │ │ │
│ │ └──────────┘ └──────────┘ └──────────┘ └──────────┘ └──────────┘ │ │
│ │ ┌──────────┐ ┌──────────┐ ┌──────────┐ ┌──────────┐ ┌──────────┐ │ │
│ │ │ Scheduler│ │ Graph │ │ Integrat.│ │ Notifier │ │ Telemetry│ │ │
│ │ │ 🟢 OK │ │ 🟢 OK │ │ 🔴 Error │ │ 🟢 OK │ │ 🟢 OK │ │ │
│ │ └──────────┘ └──────────┘ └──────────┘ └──────────┘ └──────────┘ │ │
│ └──────────────────────────────────────────────────────────────────────────┘ │
├────────────────────────────────────────────────────────────────────────────────┤
│ ┌─ DEPENDENCIES ───────────────────────────────────────────────────────────┐ │
│ │ PostgreSQL: 🟢 │ Redis: 🟢 │ RabbitMQ: 🟢 │ S3: 🟢 │ │
│ └──────────────────────────────────────────────────────────────────────────┘ │
├────────────────────────────────────────────────────────────────────────────────┤
│ ┌─ RECENT INCIDENTS ───────────────────────────────────────────────────────┐ │
│ │ Time │ Service │ Severity │ Status │ Duration │ │
│ │ 10:23 UTC │ Integrations │ 🔴 High │ Active │ 15m (ongoing) │ │
│ │ 09:45 UTC │ VEX Hub │ 🟡 Medium │ Resolved │ 8m │ │
│ └──────────────────────────────────────────────────────────────────────────┘ │
└────────────────────────────────────────────────────────────────────────────────┘
```
---
### 3.6 Feed Mirror & AirGap
**Route:** `/ops/feeds`
**Location:** `src/app/features/feed-mirror/`
**Sub-routes:**
| Path | Component |
|---|---|
| `/ops/feeds` | `FeedMirrorDashboardComponent` |
| `/ops/feeds/mirror/:mirrorId` | `MirrorDetailComponent` |
| `/ops/feeds/airgap/import` | `AirgapImportComponent` |
| `/ops/feeds/airgap/export` | `AirgapExportComponent` |
| `/ops/feeds/version-locks` | `VersionLockComponent` |
```
┌────────────────────────────────────────────────────────────────────────────────┐
│ FEED MIRROR & AIRGAP OPERATIONS │
├────────────────────────────────────────────────────────────────────────────────┤
│ [Dashboard] [Import Bundle] [Export Bundle] [Version Locks] │
├────────────────────────────────────────────────────────────────────────────────┤
│ ┌─ FEED STATUS ────────────────────────────────────────────────────────────┐ │
│ │ Feed Name │ Version │ Last Sync │ Status │ Size │ │
│ │ ────────────────────┼────────────┼────────────┼─────────┼─────────────│ │
│ │ NVD │ 2024-01-15 │ 2h ago │ 🟢 OK │ 2.3 GB │ │
│ │ Trivy │ 2024-01-15 │ 1h ago │ 🟢 OK │ 856 MB │ │
│ │ OSV │ 2024-01-14 │ 1d ago │ 🟡 Stale│ 1.2 GB │ │
│ │ GitHub Advisories │ 2024-01-15 │ 30m ago │ 🟢 OK │ 245 MB │ │
│ └──────────────────────────────────────────────────────────────────────────┘ │
├────────────────────────────────────────────────────────────────────────────────┤
│ ┌─ AIRGAP BUNDLES ─────────────────────────────────────────────────────────┐ │
│ │ Bundle ID │ Created │ Size │ Signed │ Status │ Action │ │
│ │ ───────────────┼──────────────┼─────────┼─────────┼───────────┼────────│ │
│ │ AIRGAP-2024-01 │ 2024-01-15 │ 4.5 GB │ ✓ │ Ready │ [↓] │ │
│ │ AIRGAP-2024-02 │ 2024-01-10 │ 4.2 GB │ ✓ │ Imported │ [→] │ │
│ └──────────────────────────────────────────────────────────────────────────┘ │
└────────────────────────────────────────────────────────────────────────────────┘
```
---
### 3.7 Offline Kit
**Route:** `/ops/offline-kit`
**Location:** `src/app/features/offline-kit/`
**Sub-routes:**
| Path | Component |
|---|---|
| `/ops/offline-kit` | `OfflineKitComponent` (shell) |
| `/ops/offline-kit/dashboard` | `OfflineDashboardComponent` |
| `/ops/offline-kit/bundles` | `BundleManagementComponent` |
| `/ops/offline-kit/verify` | `VerificationCenterComponent` |
| `/ops/offline-kit/jwks` | `JwksManagementComponent` |
---
### 3.8 AOC Compliance
**Route:** `/ops/aoc`
**Location:** `src/app/features/aoc-compliance/`
**Sub-routes:**
| Path | Component |
|---|---|
| `/ops/aoc` | `AocComplianceDashboardComponent` |
| `/ops/aoc/violations` | `GuardViolationsListComponent` |
| `/ops/aoc/ingestion` | `IngestionFlowComponent` |
| `/ops/aoc/provenance` | `ProvenanceValidatorComponent` |
| `/ops/aoc/report` | `ComplianceReportComponent` |
---
### 3.9 Scheduler Operations
**Route:** `/scheduler`
**Location:** `src/app/features/scheduler-ops/`
**Sub-routes:**
| Path | Component |
|---|---|
| `/scheduler/runs` | `SchedulerRunsComponent` |
| `/scheduler/schedules` | `ScheduleManagementComponent` |
| `/scheduler/workers` | `WorkerFleetComponent` |
```
┌────────────────────────────────────────────────────────────────────────────────┐
│ SCHEDULER OPERATIONS │
├────────────────────────────────────────────────────────────────────────────────┤
│ [Runs] [Schedules] [Workers] │
├────────────────────────────────────────────────────────────────────────────────┤
│ ┌─ SCHEDULED JOBS ─────────────────────────────────────────────────────────┐ │
│ │ Schedule Name │ Cron │ Next Run │ Last Run │ Status │ │
│ │ ────────────────┼──────────────┼───────────────┼────────────┼───────────│ │
│ │ daily-scan │ 0 0 * * * │ in 4h 23m │ 19h ago │ 🟢 Active │ │
│ │ hourly-sync │ 0 * * * * │ in 23m │ 37m ago │ 🟢 Active │ │
│ │ weekly-report │ 0 0 * * 0 │ in 3d 4h │ 3d ago │ 🟢 Active │ │
│ └──────────────────────────────────────────────────────────────────────────┘ │
├────────────────────────────────────────────────────────────────────────────────┤
│ ┌─ WORKER FLEET ───────────────────────────────────────────────────────────┐ │
│ │ Worker ID │ Status │ Current Job │ Queue │ Uptime │ CPU │ │
│ │ ─────────────┼──────────┼──────────────┼──────────┼──────────┼─────────│ │
│ │ worker-01 │ 🟢 Busy │ JOB-12345 │ scan │ 5d 4h │ 45% │ │
│ │ worker-02 │ 🟢 Idle │ - │ scan │ 5d 4h │ 12% │ │
│ │ worker-03 │ 🔴 Down │ - │ export │ - │ - │ │
│ └──────────────────────────────────────────────────────────────────────────┘ │
└────────────────────────────────────────────────────────────────────────────────┘
```
---
### 3.10 Doctor Diagnostics
**Route:** `/ops/doctor`
**Component:** `DoctorDashboardComponent`
**Location:** `src/app/features/doctor/doctor-dashboard.component.ts`
```
┌────────────────────────────────────────────────────────────────────────────────┐
│ DOCTOR DIAGNOSTICS │
├────────────────────────────────────────────────────────────────────────────────┤
│ ┌─ SYSTEM HEALTH CHECK ────────────────────────────────────────────────────┐ │
│ │ [Run Full Diagnostics] │ │
│ └──────────────────────────────────────────────────────────────────────────┘ │
├────────────────────────────────────────────────────────────────────────────────┤
│ ┌─ DIAGNOSTIC RESULTS ─────────────────────────────────────────────────────┐ │
│ │ Check │ Status │ Details │ Action │ │
│ │ ────────────────────────┼──────────┼──────────────────────────┼─────────│ │
│ │ Database connectivity │ 🟢 Pass │ 5ms latency │ │ │
│ │ Redis connectivity │ 🟢 Pass │ 2ms latency │ │ │
│ │ Certificate validity │ 🟡 Warn │ Expires in 14 days │ [Fix] │ │
│ │ Feed freshness │ 🟢 Pass │ All feeds < 24h old │ │ │
│ │ Storage capacity │ 🟡 Warn │ 82% used │ [→] │ │
│ │ Worker health │ 🔴 Fail │ 1 of 3 workers down │ [Fix] │ │
│ └──────────────────────────────────────────────────────────────────────────┘ │
├─ RECOMMENDATIONS ──────────────────────────────────────────────────────────────┤
│ │ 1. Renew TLS certificate before expiration │ │
│ │ 2. Consider expanding storage or enabling cleanup policies │ │
│ │ 3. Investigate worker-03 failure and restart if necessary │ │
│ └──────────────────────────────────────────────────────────────────────────┘ │
└────────────────────────────────────────────────────────────────────────────────┘
```

645
docs/ui-analysis/04_ADMIN_CONFIG_RELEASE_EVIDENCE_SCREENS.md Normal file
View File

@@ -0,0 +1,645 @@
# Stella Ops UI Structure - Part 4: Admin, Configuration, Release & Evidence Screens
---
## 1. ADMIN SECTION
### 1.1 Console Admin
**Route:** `/console/admin`
**Location:** `src/app/features/console-admin/`
**Required Scope:** `ui.admin`
**Sub-routes:**
| Path | Component | Required Scope |
|---|---|---|
| `/console/admin/tenants` | `TenantsListComponent` | authority:tenants:read |
| `/console/admin/users` | `UsersListComponent` | authority:users:read |
| `/console/admin/roles` | `RolesListComponent` | authority:roles:read |
| `/console/admin/clients` | `ClientsListComponent` | authority:clients:read |
| `/console/admin/tokens` | `TokensListComponent` | authority:tokens:read |
| `/console/admin/audit` | `AuditLogComponent` | authority:audit:read |
| `/console/admin/branding` | `BrandingEditorComponent` | authority:branding:read |
```
┌────────────────────────────────────────────────────────────────────────────────┐
│ CONSOLE ADMIN │
├──────────────────┬─────────────────────────────────────────────────────────────┤
│ ADMIN MENU │ │
│ ───────────── │ │
│ [Tenants] │ Current View: TENANTS │
│ [Users] │ ───────────────────────────────────────────────────────── │
│ [Roles & Scopes] │ [+ New Tenant] [Search tenants...] │
│ [OAuth Clients] │ │
│ [Tokens] │ │ Tenant Name │ ID │ Users │ Status │ Actions │ │
│ [Audit Log] │ ├───────────────┼───────────┼───────┼─────────┼──────────┤ │
│ [Branding] │ │ Production │ prod-001 │ 45 │ 🟢 Active│ [Edit] │ │
│ │ │ Staging │ stg-001 │ 12 │ 🟢 Active│ [Edit] │ │
│ │ │ Development │ dev-001 │ 8 │ 🟢 Active│ [Edit] │ │
│ │ │ Partner Org │ part-001 │ 5 │ 🟡 Trial │ [Edit] │ │
└──────────────────┴─────────────────────────────────────────────────────────────┘
```
---
### 1.2 Unified Audit Log
**Route:** `/admin/audit`
**Location:** `src/app/features/audit-log/`
**Sub-routes:**
| Path | Component |
|---|---|
| `/admin/audit` | `AuditLogDashboardComponent` |
| `/admin/audit/events` | `AuditLogTableComponent` |
| `/admin/audit/events/:eventId` | `AuditEventDetailComponent` |
| `/admin/audit/timeline` | `AuditTimelineSearchComponent` |
| `/admin/audit/correlations` | `AuditCorrelationsComponent` |
| `/admin/audit/anomalies` | `AuditAnomaliesComponent` |
| `/admin/audit/export` | `AuditExportComponent` |
| `/admin/audit/policy` | `AuditPolicyComponent` |
| `/admin/audit/authority` | `AuditAuthorityComponent` |
| `/admin/audit/vex` | `AuditVexComponent` |
| `/admin/audit/integrations` | `AuditIntegrationsComponent` |
```
┌────────────────────────────────────────────────────────────────────────────────┐
│ UNIFIED AUDIT LOG │
├────────────────────────────────────────────────────────────────────────────────┤
│ [Dashboard] [All Events] [Timeline] [Correlations] [Anomalies] [Export] │
│ [Policy Audit] [Authority Audit] [VEX Audit] [Integration Audit] │
├────────────────────────────────────────────────────────────────────────────────┤
│ ┌─ FILTERS ────────────────────────────────────────────────────────────────┐ │
│ │ [Search...] [Module ▼] [Action ▼] [User ▼] [Date Range] [Severity ▼] │ │
│ └──────────────────────────────────────────────────────────────────────────┘ │
├────────────────────────────────────────────────────────────────────────────────┤
│ │ Timestamp │ Module │ Action │ User │ Details │ │
│ ├──────────────────┼───────────┼─────────────┼────────────┼───────────────┤ │
│ │ 2024-01-15 10:23 │ Policy │ Approved │ admin@... │ Pack v2.3.0 │ │
│ │ 2024-01-15 10:22 │ Authority │ Token Issue │ system │ OAuth grant │ │
│ │ 2024-01-15 10:21 │ VEX │ Statement │ user1@... │ CVE-2024-1234 │ │
│ │ 2024-01-15 10:20 │ Scanner │ Scan Start │ scheduler │ app-svc:v1.2 │ │
└────────────────────────────────────────────────────────────────────────────────┘
```
---
### 1.3 Trust Management
**Route:** `/admin/trust`
**Location:** `src/app/features/trust-admin/`
**Required Scope:** `signer:read`
**Sub-routes:**
| Path | Component |
|---|---|
| `/admin/trust` | `TrustAdminComponent` (shell) |
| `/admin/trust/keys` | `SigningKeyDashboardComponent` |
| `/admin/trust/issuers` | `IssuerTrustListComponent` |
| `/admin/trust/certificates` | `CertificateInventoryComponent` |
| `/admin/trust/audit` | `TrustAuditLogComponent` |
| `/admin/trust/airgap` | `AirgapAuditComponent` |
| `/admin/trust/incidents` | `IncidentAuditComponent` |
| `/admin/trust/analytics` | `TrustAnalyticsComponent` |
| `/admin/trust/score-config` | `TrustScoreConfigComponent` |
#### Additional Components:
- `KeyDetailPanelComponent`
- `KeyExpiryWarningComponent`
- `KeyRotationWizardComponent`
```
┌────────────────────────────────────────────────────────────────────────────────┐
│ TRUST MANAGEMENT │
├──────────────────┬─────────────────────────────────────────────────────────────┤
│ TRUST MENU │ │
│ ───────────── │ SIGNING KEYS │
│ [Signing Keys] │ ───────────────────────────────────────────────────────── │
│ [Issuers] │ [+ Generate Key] [Import Key] │
│ [Certificates] │ │
│ [Audit Log] │ │ Key ID │ Algorithm │ Created │ Expires │ Status│ │
│ [AirGap Audit] │ ├────────────┼───────────┼────────────┼──────────┼───────┤ │
│ [Incidents] │ │ key-prod-1 │ ECDSA-256 │ 2024-01-01 │ 2025-01 │ 🟢 Act│ │
│ [Score Config] │ │ key-prod-2 │ RSA-4096 │ 2023-06-01 │ 2024-06 │ 🟡 Exp│ │
│ [Analytics] │ │ key-stg-1 │ ECDSA-256 │ 2024-01-01 │ 2025-01 │ 🟢 Act│ │
│ │ │
│ │ ┌─ KEY ROTATION WIZARD ─────────────────────────────────┐ │
│ │ │ Recommended: Rotate key-prod-2 before expiration │ │
│ │ │ [Start Rotation Wizard] │ │
│ │ └───────────────────────────────────────────────────────┘ │
└──────────────────┴─────────────────────────────────────────────────────────────┘
```
---
### 1.4 Registry Admin
**Route:** `/admin/registries`
**Location:** `src/app/features/registry-admin/`
```
┌────────────────────────────────────────────────────────────────────────────────┐
│ REGISTRY TOKEN SERVICE │
├────────────────────────────────────────────────────────────────────────────────┤
│ [+ New Registry] [Search registries...] │
├────────────────────────────────────────────────────────────────────────────────┤
│ │ Registry Name │ URL │ Auth Type │ Status │ Actions │ │
│ ├─────────────────┼────────────────────────┼────────────┼─────────┼─────────┤ │
│ │ Docker Hub │ registry.docker.io │ Token │ 🟢 OK │ [Edit] │ │
│ │ GitHub CR │ ghcr.io │ PAT │ 🟢 OK │ [Edit] │ │
│ │ ECR Prod │ 123.dkr.ecr.aws │ IAM Role │ 🟢 OK │ [Edit] │ │
│ │ Private │ registry.internal:5000 │ Basic │ 🟡 Exp │ [Edit] │ │
├────────────────────────────────────────────────────────────────────────────────┤
│ ┌─ TOKEN PLANS ────────────────────────────────────────────────────────────┐ │
│ │ Plan Name │ Registries │ Expiry │ Permissions │ Actions │ │
│ │ ──────────────┼────────────┼───────────┼────────────────────┼───────────│ │
│ │ ci-readonly │ 3 │ 24h │ pull │ [Edit] │ │
│ │ deploy-prod │ 2 │ 1h │ pull, push │ [Edit] │ │
│ └──────────────────────────────────────────────────────────────────────────┘ │
└────────────────────────────────────────────────────────────────────────────────┘
```
---
### 1.5 Issuer Trust / Issuer Directory
**Route:** `/admin/issuers`
**Location:** `src/app/features/issuer-trust/`
---
### 1.6 Scanner Ops
**Route:** `/ops/scanner`
**Location:** `src/app/features/scanner-ops/`
**Sub-routes:**
| Path | Component |
|---|---|
| `/ops/scanner` | `ScannerOpsComponent` (shell) |
| `/ops/scanner/offline-kits` | `OfflineKitListComponent` |
| `/ops/scanner/baselines` | `BaselineListComponent` |
| `/ops/scanner/settings` | `DeterminismSettingsComponent` |
| `/ops/scanner/analyzers` | `AnalyzerHealthComponent` |
| `/ops/scanner/performance` | `PerformanceBaselineComponent` |
---
### 1.7 Notification Admin
**Route:** `/admin/notifications`
**Location:** `src/app/features/admin-notifications/`
---
### 1.8 Policy Governance
**Route:** `/admin/policy/governance`
**Location:** `src/app/features/policy-governance/`
---
### 1.9 Policy Simulation (Admin)
**Route:** `/admin/policy/simulation`
**Location:** `src/app/features/policy-simulation/`
---
### 1.10 Trivy DB Settings
**Route:** `/concelier/trivy-db-settings`
**Component:** `TrivyDbSettingsPageComponent`
**Location:** `src/app/features/trivy-db-settings/trivy-db-settings-page.component.ts`
---
### 1.11 Console Profile
**Route:** `/console/profile`
**Component:** `ConsoleProfileComponent`
**Location:** `src/app/features/console/console-profile.component.ts`
---
### 1.12 Console Status
**Route:** `/console/status`
**Component:** `ConsoleStatusComponent`
**Location:** `src/app/features/console/console-status.component.ts`
---
## 2. CONFIGURATION SECTION
### 2.1 Setup Wizard
**Route:** `/setup`
**Location:** `src/app/features/setup-wizard/`
**Sub-routes:**
| Path | Component |
|---|---|
| `/setup` | `SetupWizardComponent` |
```
┌────────────────────────────────────────────────────────────────────────────────┐
│ STELLAOPS SETUP WIZARD │
├────────────────────────────────────────────────────────────────────────────────┤
│ │
│ ┌─────────────────────────────────────────────────────────────────────────┐ │
│ │ │ │
│ │ ● ─────── ○ ─────── ○ ─────── ○ ─────── ○ │ │
│ │ Welcome Database Auth Integr. Complete │ │
│ │ │ │
│ └─────────────────────────────────────────────────────────────────────────┘ │
│ │
│ ┌─ STEP 1: WELCOME ───────────────────────────────────────────────────────┐ │
│ │ │ │
│ │ Welcome to StellaOps! │ │
│ │ │ │
│ │ This wizard will guide you through initial configuration: │ │
│ │ │ │
│ │ • Database connection │ │
│ │ • Authentication providers (OIDC/OAuth) │ │
│ │ • Registry integrations │ │
│ │ • Initial admin user │ │
│ │ │ │
│ │ Estimated time: 10-15 minutes │ │
│ │ │ │
│ │ [Skip] [Get Started →] │ │
│ └─────────────────────────────────────────────────────────────────────────┘ │
└────────────────────────────────────────────────────────────────────────────────┘
```
---
### 2.2 Configuration Pane
**Route:** `/console/configuration`
**Location:** `src/app/features/configuration-pane/`
**Sub-routes:**
| Path | Component |
|---|---|
| `/console/configuration` | `ConfigurationPaneComponent` |
#### Related Components:
- `IntegrationSectionComponent`
- `IntegrationDetailComponent`
```
┌────────────────────────────────────────────────────────────────────────────────┐
│ SYSTEM CONFIGURATION │
├────────────────────────────────────────────────────────────────────────────────┤
│ ┌─ INTEGRATION SECTIONS ───────────────────────────────────────────────────┐ │
│ │ │ │
│ │ ┌────────────────┐ ┌────────────────┐ ┌────────────────┐ │ │
│ │ │ 📦 REGISTRIES │ │ 🔗 SCM │ │ ⚙️ CI/CD │ │ │
│ │ │ 3 configured │ │ 2 configured │ │ 1 configured │ │ │
│ │ │ [Configure →] │ │ [Configure →] │ │ [Configure →] │ │ │
│ │ └────────────────┘ └────────────────┘ └────────────────┘ │ │
│ │ │ │
│ │ ┌────────────────┐ ┌────────────────┐ ┌────────────────┐ │ │
│ │ │ 🔔 NOTIFY │ │ 📊 FEEDS │ │ 🔐 SECRETS │ │ │
│ │ │ 2 channels │ │ 4 sources │ │ 1 vault │ │ │
│ │ │ [Configure →] │ │ [Configure →] │ │ [Configure →] │ │ │
│ │ └────────────────┘ └────────────────┘ └────────────────┘ │ │
│ │ │ │
│ └──────────────────────────────────────────────────────────────────────────┘ │
├────────────────────────────────────────────────────────────────────────────────┤
│ ┌─ INTEGRATION DETAIL (expanded) ──────────────────────────────────────────┐ │
│ │ REGISTRIES │ │
│ │ ─────────────────────────────────────────────────────────────────────── │ │
│ │ ☑ Docker Hub registry.docker.io [Edit] [Test] [Delete] │ │
│ │ ☑ GitHub CR ghcr.io [Edit] [Test] [Delete] │ │
│ │ ☑ AWS ECR 123.dkr.ecr.aws [Edit] [Test] [Delete] │ │
│ │ │ │
│ │ [+ Add Registry] │ │
│ └──────────────────────────────────────────────────────────────────────────┘ │
└────────────────────────────────────────────────────────────────────────────────┘
```
---
### 2.3 Integration Hub
**Route:** `/integrations`
**Location:** `src/app/features/integration-hub/`
**Sub-routes:**
| Path | Component |
|---|---|
| `/integrations` | `IntegrationHubComponent` |
| `/integrations/registries` | `IntegrationListComponent` (type: Registry) |
| `/integrations/scm` | `IntegrationListComponent` (type: Scm) |
| `/integrations/ci` | `IntegrationListComponent` (type: Ci) |
| `/integrations/hosts` | `IntegrationListComponent` (type: Host) |
| `/integrations/feeds` | `IntegrationListComponent` (type: Feed) |
| `/integrations/activity` | `IntegrationActivityComponent` |
| `/integrations/:integrationId` | `IntegrationDetailComponent` |
```
┌────────────────────────────────────────────────────────────────────────────────┐
│ INTEGRATION HUB │
├────────────────────────────────────────────────────────────────────────────────┤
│ [All] [Registries] [SCM] [CI] [Hosts] [Feeds] [Activity] │
├────────────────────────────────────────────────────────────────────────────────┤
│ ┌─ INTEGRATION CATALOG ────────────────────────────────────────────────────┐ │
│ │ │ │
│ │ REGISTRIES SCM CI/CD │ │
│ │ ──────────── ──────────── ──────────── │ │
│ │ [Docker Hub] [GitHub] [GitHub Actions] │ │
│ │ [AWS ECR] [GitLab] [GitLab CI] │ │
│ │ [Google GCR] [Bitbucket] [Jenkins] │ │
│ │ [Azure ACR] [Gitea] [Azure DevOps] │ │
│ │ [Harbor] [Azure DevOps] [CircleCI] │ │
│ │ │ │
│ │ NOTIFICATION SECRETS FEEDS │ │
│ │ ──────────── ──────────── ──────────── │ │
│ │ [Slack] [HashiCorp Vault] [NVD] │ │
│ │ [Teams] [AWS Secrets] [OSV] │ │
│ │ [Email] [Azure Key Vault] [GitHub Advisories] │ │
│ │ [Webhook] [GCP Secret Mgr] [Trivy] │ │
│ │ │ │
│ └──────────────────────────────────────────────────────────────────────────┘ │
└────────────────────────────────────────────────────────────────────────────────┘
```
---
## 3. RELEASE ORCHESTRATOR SECTION
**Route:** `/release-orchestrator`
**Location:** `src/app/features/release-orchestrator/`
### 3.1 Release Dashboard
**Route:** `/release-orchestrator`
**Component:** `ReleaseDashboardComponent`
**Location:** `src/app/features/release-orchestrator/dashboard/dashboard.component.ts`
```
┌────────────────────────────────────────────────────────────────────────────────┐
│ RELEASE ORCHESTRATOR │
├────────────────────────────────────────────────────────────────────────────────┤
│ [Dashboard] [Environments] [Releases] [Workflows] [Approvals] [Deployments] │
│ [Evidence] │
├────────────────────────────────────────────────────────────────────────────────┤
│ ┌─ ENVIRONMENT PIPELINE ───────────────────────────────────────────────────┐ │
│ │ │ │
│ │ ┌─────────┐ ┌─────────┐ ┌─────────┐ ┌─────────┐ │ │
│ │ │ DEV │ →→ │ QA │ →→ │ STAGING │ →→ │ PROD │ │ │
│ │ │ v1.3.0 │ │ v1.2.5 │ │ v1.2.4 │ │ v1.2.3 │ │ │
│ │ │ 🟢 OK │ │ 🟢 OK │ │ 🟡 Pend │ │ 🟢 OK │ │ │
│ │ └─────────┘ └─────────┘ └─────────┘ └─────────┘ │ │
│ │ │ │
│ └──────────────────────────────────────────────────────────────────────────┘ │
├────────────────────────────────────────────────────────────────────────────────┤
│ ┌─ PENDING RELEASES ───────────────────────────────────────────────────────┐ │
│ │ Release │ From │ To │ Status │ Actions │ │
│ │ ─────────────┼──────────┼──────────┼─────────────────┼─────────────────│ │
│ │ v1.2.5 │ QA │ Staging │ ⏳ Policy Check │ [View] │ │
│ │ v1.2.6 │ Dev │ QA │ ✅ Approved │ [Deploy] [View] │ │
│ └──────────────────────────────────────────────────────────────────────────┘ │
├────────────────────────────────────────────────────────────────────────────────┤
│ ┌─ RECENT DEPLOYMENTS ─────────────────────────────────────────────────────┐ │
│ │ Deployment │ Environment │ Version │ Time │ Status │ Evidence│ │
│ │ ─────────────┼─────────────┼─────────┼────────────┼──────────┼─────────│ │
│ │ DEP-2024-045 │ Production │ v1.2.3 │ 2h ago │ 🟢 OK │ [↓] │ │
│ │ DEP-2024-044 │ Staging │ v1.2.4 │ 6h ago │ 🟢 OK │ [↓] │ │
│ └──────────────────────────────────────────────────────────────────────────┘ │
└────────────────────────────────────────────────────────────────────────────────┘
```
---
### 3.2 Environments
**Route:** `/release-orchestrator/environments`
**Location:** `src/app/features/release-orchestrator/environments/`
---
### 3.3 Releases
**Route:** `/release-orchestrator/releases`
**Location:** `src/app/features/release-orchestrator/releases/`
---
### 3.4 Workflows
**Route:** `/release-orchestrator/workflows`
**Location:** `src/app/features/release-orchestrator/workflows/`
---
### 3.5 Approvals
**Route:** `/release-orchestrator/approvals`
**Location:** `src/app/features/release-orchestrator/approvals/`
```
┌────────────────────────────────────────────────────────────────────────────────┐
│ RELEASE APPROVALS │
├────────────────────────────────────────────────────────────────────────────────┤
│ [Pending (3)] [Approved] [Rejected] [All] │
├────────────────────────────────────────────────────────────────────────────────┤
│ ┌─ PENDING APPROVALS ──────────────────────────────────────────────────────┐ │
│ │ │ │
│ │ ┌────────────────────────────────────────────────────────────────────┐ │ │
│ │ │ Release: app-svc v1.2.5 → Staging │ │ │
│ │ │ Requested by: deploy-bot │ Time: 2h ago │ │ │
│ │ │ ──────────────────────────────────────────────────────────────────│ │ │
│ │ │ Policy Gates: │ │ │
│ │ │ ✅ No critical CVEs │ │ │
│ │ │ ✅ Valid SBOM and signatures │ │ │
│ │ │ ⚠️ 3 high CVEs (with VEX statements) │ │ │
│ │ │ ✅ All tests passed │ │ │
│ │ │ ──────────────────────────────────────────────────────────────────│ │ │
│ │ │ [View Evidence] [View Diff] [✓ Approve] [✗ Reject] [💬 Comment]│ │ │
│ │ └────────────────────────────────────────────────────────────────────┘ │ │
│ │ │ │
│ └──────────────────────────────────────────────────────────────────────────┘ │
└────────────────────────────────────────────────────────────────────────────────┘
```
---
### 3.6 Deployments
**Route:** `/release-orchestrator/deployments`
**Location:** `src/app/features/release-orchestrator/deployments/`
---
### 3.7 Evidence (Release Orchestrator)
**Route:** `/release-orchestrator/evidence`
**Location:** `src/app/features/release-orchestrator/evidence/`
---
## 4. EVIDENCE SECTION
### 4.1 Evidence Center
**Route:** `/evidence`
**Location:** `src/app/features/evidence-export/`
**Sub-routes:**
| Path | Component |
|---|---|
| `/evidence` | redirects to `/evidence/bundles` |
| `/evidence/bundles` | `EvidenceBundlesComponent` |
| `/evidence/export` | `ExportCenterComponent` |
| `/evidence/replay` | `ReplayControlsComponent` |
| `/evidence/provenance` | `ProvenanceVisualizationComponent` |
```
┌────────────────────────────────────────────────────────────────────────────────┐
│ EVIDENCE CENTER │
├────────────────────────────────────────────────────────────────────────────────┤
│ [Bundles] [Export Center] [Verdict Replay] [Provenance] │
├────────────────────────────────────────────────────────────────────────────────┤
│ ┌─ EVIDENCE BUNDLES ───────────────────────────────────────────────────────┐ │
│ │ [Search bundles...] [Type ▼] [Date Range] [+ Create Bundle] │ │
│ │ │ │
│ │ │ Bundle ID │ Type │ Artifacts │ Created │ Signed │ Actions││ │
│ │ ├────────────────┼──────────┼───────────┼────────────┼────────┼────────┤│ │
│ │ │ EVD-2024-0045 │ Release │ 5 │ 2h ago │ ✓ │ [↓][→] ││ │
│ │ │ EVD-2024-0044 │ Audit │ 12 │ 1d ago │ ✓ │ [↓][→] ││ │
│ │ │ EVD-2024-0043 │ Scan │ 1 │ 2d ago │ ✓ │ [↓][→] ││ │
│ └──────────────────────────────────────────────────────────────────────────┘ │
├────────────────────────────────────────────────────────────────────────────────┤
│ ┌─ BUNDLE CONTENTS (expanded) ─────────────────────────────────────────────┐ │
│ │ EVD-2024-0045: Release Evidence for app-svc v1.2.5 │ │
│ │ ─────────────────────────────────────────────────────────────────────── │ │
│ │ • SBOM (CycloneDX) sha256:abc123... [View] [Download] │ │
│ │ • Scan Results sha256:def456... [View] [Download] │ │
│ │ • Policy Verdict sha256:789abc... [View] [Download] │ │
│ │ • VEX Statements (3) sha256:xyz789... [View] [Download] │ │
│ │ • Attestations (SLSA) sha256:slsa12... [View] [Download] │ │
│ │ │ │
│ │ [Download All] [Verify Signatures] [Export to Rekor] │ │
│ └──────────────────────────────────────────────────────────────────────────┘ │
└────────────────────────────────────────────────────────────────────────────────┘
```
---
### 4.2 Evidence Pack List
**Route:** `/evidence-packs`
**Component:** `EvidencePackListComponent`
**Location:** `src/app/features/evidence-pack/evidence-pack-list.component.ts`
---
### 4.3 Evidence Pack Viewer
**Route:** `/evidence-packs/:packId`
**Component:** `EvidencePackViewerComponent`
**Location:** `src/app/features/evidence-pack/evidence-pack-viewer.component.ts`
---
### 4.4 Proof Chain Viewer
**Route:** `/proofs/:subjectDigest`
**Component:** `ProofChainComponent`
**Location:** `src/app/features/proof-chain/proof-chain.component.ts`
```
┌────────────────────────────────────────────────────────────────────────────────┐
│ PROOF CHAIN VIEWER │
├────────────────────────────────────────────────────────────────────────────────┤
│ Subject: sha256:abc123... │
├────────────────────────────────────────────────────────────────────────────────┤
│ ┌─ PROOF CHAIN ────────────────────────────────────────────────────────────┐ │
│ │ │ │
│ │ ┌─────────────┐ │ │
│ │ │ Build │ ← Source attestation (GitHub Actions) │ │
│ │ │ 2024-01-15 │ │ │
│ │ └──────┬──────┘ │ │
│ │ │ │ │
│ │ ▼ │ │
│ │ ┌─────────────┐ │ │
│ │ │ Scan │ ← SBOM + Vulnerability scan │ │
│ │ │ 2024-01-15 │ │ │
│ │ └──────┬──────┘ │ │
│ │ │ │ │
│ │ ▼ │ │
│ │ ┌─────────────┐ │ │
│ │ │ Policy │ ← Policy evaluation verdict │ │
│ │ │ 2024-01-15 │ │ │
│ │ └──────┬──────┘ │ │
│ │ │ │ │
│ │ ▼ │ │
│ │ ┌─────────────┐ │ │
│ │ │ Approval │ ← Human approval attestation │ │
│ │ │ 2024-01-15 │ │ │
│ │ └──────┬──────┘ │ │
│ │ │ │ │
│ │ ▼ │ │
│ │ ┌─────────────┐ │ │
│ │ │ Deploy │ ← Deployment attestation │ │
│ │ │ 2024-01-15 │ │ │
│ │ └─────────────┘ │ │
│ │ │ │
│ │ [Verify Chain] [Export] [View in Rekor] │ │
│ └──────────────────────────────────────────────────────────────────────────┘ │
└────────────────────────────────────────────────────────────────────────────────┘
```
---
## 5. OTHER SCREENS
### 5.1 AI Runs
**Route:** `/ai-runs`
**Component:** `AiRunsListComponent`
**Location:** `src/app/features/ai-runs/ai-runs-list.component.ts`
**Detail Route:** `/ai-runs/:runId`
**Component:** `AiRunViewerComponent`
---
### 5.2 Change Trace
**Route:** `/change-trace`
**Location:** `src/app/features/change-trace/`
---
### 5.3 Notifications Panel
**Route:** `/notify`
**Component:** `NotifyPanelComponent`
**Location:** `src/app/features/notify/notify-panel.component.ts`
---
### 5.4 Sources Dashboard
**Route:** `/dashboard/sources`
**Component:** `SourcesDashboardComponent`
**Location:** `src/app/features/dashboard/sources-dashboard.component.ts`
---
### 5.5 Timeline
**Route:** `/timeline`
**Location:** `src/app/features/timeline/`
---
### 5.6 Auth Callback
**Route:** `/auth/callback`
**Component:** `AuthCallbackComponent`
**Location:** `src/app/features/auth/auth-callback.component.ts`

373
docs/ui-analysis/05_ROUTE_SUMMARY_AND_OBSERVATIONS.md Normal file
View File

@@ -0,0 +1,373 @@
# Stella Ops UI Structure - Part 5: Route Summary & Observations
---
## 1. COMPLETE ROUTE TABLE
### 1.1 Home & Dashboard Routes
| Route | Component | Location | Guards |
|---|---|---|---|
| `/` | `HomeDashboardComponent` | features/home/ | requireAuthGuard |
| `/welcome` | `WelcomePageComponent` | features/welcome/ | - |
| `/dashboard/sources` | `SourcesDashboardComponent` | features/dashboard/ | - |
### 1.2 Analyze Routes
| Route | Component | Location | Guards |
|---|---|---|---|
| `/findings` | `FindingsContainerComponent` | features/findings/container/ | requireAuthGuard |
| `/findings/:scanId` | `FindingsContainerComponent` | features/findings/container/ | requireAuthGuard |
| `/vulnerabilities` | `VulnerabilityExplorerComponent` | features/vulnerabilities/ | requireAuthGuard |
| `/vulnerabilities/:vulnId` | `VulnerabilityDetailComponent` | features/vulnerabilities/ | requireAuthGuard |
| `/graph` | `GraphExplorerComponent` | features/graph/ | requireAuthGuard |
| `/lineage` | `LineageGraphContainerComponent` | features/lineage/components/ | requireAuthGuard |
| `/lineage/:artifact/compare` | `LineageCompareComponent` | features/lineage/components/ | requireAuthGuard |
| `/lineage/compare` | `LineageCompareComponent` | features/lineage/components/ | requireAuthGuard |
| `/reachability` | `ReachabilityCenterComponent` | features/reachability/ | requireAuthGuard |
| `/admin/vex-hub` | `VexHubDashboardComponent` | features/vex-hub/ | requireAuthGuard |
| `/admin/vex-hub/search` | `VexStatementSearchComponent` | features/vex-hub/ | requireAuthGuard |
| `/admin/vex-hub/search/detail/:id` | `VexStatementDetailComponent` | features/vex-hub/ | requireAuthGuard |
| `/admin/vex-hub/stats` | `VexHubStatsComponent` | features/vex-hub/ | requireAuthGuard |
| `/admin/vex-hub/consensus` | `VexConsensusComponent` | features/vex-hub/ | requireAuthGuard |
| `/admin/vex-hub/explorer` | `VexHubComponent` | features/vex-hub/ | requireAuthGuard |
| `/analyze/unknowns` | unknownsRoutes | features/unknowns-tracking/ | requireAuthGuard |
| `/analyze/patch-map` | `PatchMapComponent` | features/binary-index/ | requireAuthGuard |
| `/scans/:scanId` | `ScanDetailPageComponent` | features/scans/ | - |
| `/compare/:currentId` | `CompareViewComponent` | features/compare/components/ | requireAuthGuard |
| `/cvss/receipts/:receiptId` | `CvssReceiptComponent` | features/cvss/ | requireAuthGuard |
### 1.3 Triage Routes
| Route | Component | Location | Guards |
|---|---|---|---|
| `/triage/artifacts` | `TriageArtifactsComponent` | features/triage/ | requireAuthGuard |
| `/triage/artifacts/:artifactId` | `TriageWorkspaceComponent` | features/triage/ | requireAuthGuard |
| `/triage/audit-bundles` | `TriageAuditBundlesComponent` | features/triage/ | requireAuthGuard |
| `/triage/audit-bundles/new` | `TriageAuditBundleNewComponent` | features/triage/ | requireAuthGuard |
| `/exceptions` | `TriageArtifactsComponent` | features/triage/ | requireAuthGuard |
| `/risk` | `RiskDashboardComponent` | features/risk/ | requireAuthGuard |
### 1.4 Policy Routes
| Route | Component | Location | Guards |
|---|---|---|---|
| `/policy-studio/packs` | `PolicyWorkspaceComponent` | features/policy-studio/workspace/ | requirePolicyViewerGuard |
| `/policy-studio/packs/:packId/editor` | `PolicyEditorComponent` | features/policy-studio/editor/ | requirePolicyAuthorGuard |
| `/policy-studio/packs/:packId/yaml` | `PolicyYamlEditorComponent` | features/policy-studio/yaml/ | requirePolicyAuthorGuard |
| `/policy-studio/packs/:packId/simulate` | `PolicySimulationComponent` | features/policy-studio/simulation/ | requirePolicySimulatorGuard |
| `/policy-studio/packs/:packId/approvals` | `PolicyApprovalsComponent` | features/policy-studio/approvals/ | requirePolicyReviewOrApproveGuard |
| `/policy-studio/packs/:packId/rules` | `PolicyRuleBuilderComponent` | features/policy-studio/rule-builder/ | requirePolicyAuthorGuard |
| `/policy-studio/packs/:packId/explain/:runId` | `PolicyExplainComponent` | features/policy-studio/explain/ | requirePolicyViewerGuard |
| `/policy-studio/packs/:packId/dashboard` | `PolicyDashboardComponent` | features/policy-studio/dashboard/ | requirePolicyViewerGuard |
| `/orchestrator` | `OrchestratorDashboardComponent` | features/orchestrator/ | requireOrchViewerGuard |
| `/orchestrator/jobs` | `OrchestratorJobsComponent` | features/orchestrator/ | requireOrchViewerGuard |
| `/orchestrator/jobs/:jobId` | `OrchestratorJobDetailComponent` | features/orchestrator/ | requireOrchViewerGuard |
| `/orchestrator/quotas` | `OrchestratorQuotasComponent` | features/orchestrator/ | requireOrchOperatorGuard |
### 1.5 Ops Routes
| Route | Component | Location | Guards |
|---|---|---|---|
| `/sbom-sources` | `SourcesListComponent` | features/sbom-sources/components/ | requireAuthGuard |
| `/sbom-sources/new` | `SourceWizardComponent` | features/sbom-sources/components/ | requireAuthGuard |
| `/sbom-sources/:id` | `SourceDetailComponent` | features/sbom-sources/components/ | requireAuthGuard |
| `/sbom-sources/:id/edit` | `SourceWizardComponent` | features/sbom-sources/components/ | requireAuthGuard |
| `/ops/quotas` | quotaRoutes | features/quota-dashboard/ | requireAuthGuard |
| `/ops/quotas/tenants` | `TenantQuotaTableComponent` | features/quota-dashboard/ | requireAuthGuard |
| `/ops/quotas/tenants/:tenantId` | `TenantQuotaDetailComponent` | features/quota-dashboard/ | requireAuthGuard |
| `/ops/quotas/throttle` | `ThrottleContextComponent` | features/quota-dashboard/ | requireAuthGuard |
| `/ops/quotas/alerts` | `QuotaAlertConfigComponent` | features/quota-dashboard/ | requireAuthGuard |
| `/ops/quotas/forecast` | `QuotaForecastComponent` | features/quota-dashboard/ | requireAuthGuard |
| `/ops/quotas/reports` | `QuotaReportExportComponent` | features/quota-dashboard/ | requireAuthGuard |
| `/ops/orchestrator/dead-letter` | deadletterRoutes | features/deadletter/ | requireAuthGuard |
| `/ops/orchestrator/slo` | sloRoutes | features/slo-monitoring/ | requireAuthGuard |
| `/ops/health` | platformHealthRoutes | features/platform-health/ | requireAuthGuard |
| `/ops/feeds` | feedMirrorRoutes | features/feed-mirror/ | requireAuthGuard |
| `/ops/feeds/mirror/:mirrorId` | `MirrorDetailComponent` | features/feed-mirror/ | requireAuthGuard |
| `/ops/feeds/airgap/import` | `AirgapImportComponent` | features/feed-mirror/ | requireAuthGuard |
| `/ops/feeds/airgap/export` | `AirgapExportComponent` | features/feed-mirror/ | requireAuthGuard |
| `/ops/feeds/version-locks` | `VersionLockComponent` | features/feed-mirror/ | requireAuthGuard |
| `/ops/offline-kit` | offlineKitRoutes | features/offline-kit/ | requireAuthGuard |
| `/ops/aoc` | AOC_COMPLIANCE_ROUTES | features/aoc-compliance/ | requireAuthGuard |
| `/ops/doctor` | DOCTOR_ROUTES | features/doctor/ | requireAuthGuard |
| `/scheduler` | schedulerOpsRoutes | features/scheduler-ops/ | requireAuthGuard |
| `/scheduler/runs` | `SchedulerRunsComponent` | features/scheduler-ops/ | requireAuthGuard |
| `/scheduler/schedules` | `ScheduleManagementComponent` | features/scheduler-ops/ | requireAuthGuard |
| `/scheduler/workers` | `WorkerFleetComponent` | features/scheduler-ops/ | requireAuthGuard |
### 1.6 Notify Routes
| Route | Component | Location | Guards |
|---|---|---|---|
| `/notify` | `NotifyPanelComponent` | features/notify/ | - |
### 1.7 Admin Routes
| Route | Component | Location | Guards |
|---|---|---|---|
| `/console/admin` | consoleAdminRoutes | features/console-admin/ | requireAuthGuard + ui.admin |
| `/console/admin/tenants` | `TenantsListComponent` | features/console-admin/tenants/ | authority:tenants:read |
| `/console/admin/users` | `UsersListComponent` | features/console-admin/users/ | authority:users:read |
| `/console/admin/roles` | `RolesListComponent` | features/console-admin/roles/ | authority:roles:read |
| `/console/admin/clients` | `ClientsListComponent` | features/console-admin/clients/ | authority:clients:read |
| `/console/admin/tokens` | `TokensListComponent` | features/console-admin/tokens/ | authority:tokens:read |
| `/console/admin/audit` | `AuditLogComponent` | features/console-admin/audit/ | authority:audit:read |
| `/console/admin/branding` | `BrandingEditorComponent` | features/console-admin/branding/ | authority:branding:read |
| `/admin/audit` | auditLogRoutes | features/audit-log/ | requireAuthGuard |
| `/admin/notifications` | adminNotificationsRoutes | features/admin-notifications/ | requireAuthGuard |
| `/admin/trust` | trustAdminRoutes | features/trust-admin/ | requireAuthGuard + signer:read |
| `/admin/policy/governance` | policyGovernanceRoutes | features/policy-governance/ | requireAuthGuard |
| `/admin/policy/simulation` | policySimulationRoutes | features/policy-simulation/ | requireAuthGuard |
| `/admin/registries` | registryAdminRoutes | features/registry-admin/ | requireAuthGuard |
| `/admin/issuers` | issuerTrustRoutes | features/issuer-trust/ | requireAuthGuard |
| `/ops/scanner` | scannerOpsRoutes | features/scanner-ops/ | requireAuthGuard |
| `/concelier/trivy-db-settings` | `TrivyDbSettingsPageComponent` | features/trivy-db-settings/ | - |
### 1.8 Console Routes
| Route | Component | Location | Guards |
|---|---|---|---|
| `/console/profile` | `ConsoleProfileComponent` | features/console/ | - |
| `/console/status` | `ConsoleStatusComponent` | features/console/ | - |
| `/console/configuration` | CONFIGURATION_PANE_ROUTES | features/configuration-pane/ | requireAuthGuard |
### 1.9 Release Orchestrator Routes
| Route | Component | Location | Guards |
|---|---|---|---|
| `/release-orchestrator` | DASHBOARD_ROUTES | features/release-orchestrator/dashboard/ | requireAuthGuard |
| `/release-orchestrator/environments` | ENVIRONMENT_ROUTES | features/release-orchestrator/environments/ | requireAuthGuard |
| `/release-orchestrator/releases` | RELEASE_ROUTES | features/release-orchestrator/releases/ | requireAuthGuard |
| `/release-orchestrator/workflows` | WORKFLOW_ROUTES | features/release-orchestrator/workflows/ | requireAuthGuard |
| `/release-orchestrator/approvals` | APPROVAL_ROUTES | features/release-orchestrator/approvals/ | requireAuthGuard |
| `/release-orchestrator/deployments` | DEPLOYMENT_ROUTES | features/release-orchestrator/deployments/ | requireAuthGuard |
| `/release-orchestrator/evidence` | EVIDENCE_ROUTES | features/release-orchestrator/evidence/ | requireAuthGuard |
### 1.10 Evidence Routes
| Route | Component | Location | Guards |
|---|---|---|---|
| `/evidence` | evidenceExportRoutes | features/evidence-export/ | requireAuthGuard |
| `/evidence/bundles` | `EvidenceBundlesComponent` | features/evidence-export/ | requireAuthGuard |
| `/evidence/export` | `ExportCenterComponent` | features/evidence-export/ | requireAuthGuard |
| `/evidence/replay` | `ReplayControlsComponent` | features/evidence-export/ | requireAuthGuard |
| `/evidence/provenance` | `ProvenanceVisualizationComponent` | features/evidence-export/ | requireAuthGuard |
| `/evidence-packs` | `EvidencePackListComponent` | features/evidence-pack/ | requireAuthGuard |
| `/evidence-packs/:packId` | `EvidencePackViewerComponent` | features/evidence-pack/ | requireAuthGuard |
| `/proofs/:subjectDigest` | `ProofChainComponent` | features/proof-chain/ | requireAuthGuard |
### 1.11 Integration Routes
| Route | Component | Location | Guards |
|---|---|---|---|
| `/integrations` | integrationHubRoutes | features/integration-hub/ | requireAuthGuard |
| `/integrations/registries` | `IntegrationListComponent` | features/integration-hub/ | requireAuthGuard |
| `/integrations/scm` | `IntegrationListComponent` | features/integration-hub/ | requireAuthGuard |
| `/integrations/ci` | `IntegrationListComponent` | features/integration-hub/ | requireAuthGuard |
| `/integrations/hosts` | `IntegrationListComponent` | features/integration-hub/ | requireAuthGuard |
| `/integrations/feeds` | `IntegrationListComponent` | features/integration-hub/ | requireAuthGuard |
| `/integrations/activity` | `IntegrationActivityComponent` | features/integration-hub/ | requireAuthGuard |
| `/integrations/:integrationId` | `IntegrationDetailComponent` | features/integration-hub/ | requireAuthGuard |
### 1.12 Other Routes
| Route | Component | Location | Guards |
|---|---|---|---|
| `/ai-runs` | `AiRunsListComponent` | features/ai-runs/ | requireAuthGuard |
| `/ai-runs/:runId` | `AiRunViewerComponent` | features/ai-runs/ | requireAuthGuard |
| `/change-trace` | changeTraceRoutes | features/change-trace/ | requireAuthGuard |
| `/setup` | setupWizardRoutes | features/setup-wizard/ | - |
| `/auth/callback` | `AuthCallbackComponent` | features/auth/ | - |
| `**` | redirectTo: '' | - | - |
---
## 2. ROUTE COUNT SUMMARY
| Category | Route Count |
|---|---|
| Home & Dashboard | 3 |
| Analyze | 20 |
| Triage | 6 |
| Policy | 12 |
| Ops | 30+ |
| Notify | 1 |
| Admin | 17+ |
| Console | 3 |
| Release Orchestrator | 7 |
| Evidence | 8 |
| Integrations | 8 |
| Other | 5 |
| **TOTAL** | **~120+ routes** |
---
## 3. OBSERVATIONS
### 3.1 Navigation Structure Observations
1. **7 top-level navigation groups** defined in `navigation.config.ts`:
- HOME, ANALYZE, TRIAGE, POLICY, OPS, NOTIFY, ADMIN
2. **Deep nesting in OPS section**: The Ops navigation group contains sub-items with their own children (e.g., Quotas has 6 sub-routes, SLO Monitoring has 3 sub-routes)
3. **Admin section size**: Admin group contains 17+ items in the navigation configuration
4. **Inconsistent route prefixes**:
- VEX Hub is at `/admin/vex-hub` but shown in Analyze menu
- Scanner Ops is at `/ops/scanner` but listed under Admin menu
- Some scheduler routes are at `/scheduler` (not `/ops/scheduler`)
### 3.2 Feature Module Observations
1. **77 feature directories** under `src/app/features/`
2. **Duplicate/similar named modules**:
- `evidence/` and `evidence-export/` and `evidence-pack/` and `evidence-thread/`
- `proof/` and `proof-chain/` and `proof-studio/` and `proofs/`
- `unknowns/` and `unknowns-tracking/`
- `integrations/` and `integration-hub/`
- `vex-hub/` and `vex-studio/`
- `triage/` and `triage-inbox/`
- `policy/` and `policy-gates/` and `policy-governance/` and `policy-simulation/` and `policy-studio/`
3. **Orphaned/unused modules** (exist as directories but not in main routes):
- `advisory-ai/`
- `aoc/` (vs `aoc-compliance/`)
- `evidence/` (vs `evidence-export/`)
- `exceptions/` (route uses triage component)
- `integrations/` (vs `integration-hub/`)
- `opsmemory/`
- `policy/` (vs `policy-studio/`)
- `proof/` (vs `proof-chain/`)
- `proofs/` (vs `proof-chain/`)
- `releases/` (vs release-orchestrator)
- `runs/`
- `sbom/`
- `scores/`
- `secret-detection/`
- `settings/`
- `snapshot/`
- `sources/`
- `triage-inbox/`
- `unknowns/` (vs `unknowns-tracking/`)
- `verdicts/`
- `vex-studio/`
- `vuln-explorer/` (vs `vulnerabilities/`)
### 3.3 Route Path Observations
1. **Mixed path conventions**:
- Some use `/admin/` prefix: `/admin/vex-hub`, `/admin/trust`, `/admin/audit`
- Some use `/console/admin/`: `/console/admin/tenants`, `/console/admin/users`
- Some use `/ops/`: `/ops/quotas`, `/ops/health`, `/ops/feeds`
- Some use root: `/scheduler`, `/evidence`, `/integrations`
2. **Inconsistent pluralization**:
- `/vulnerabilities` (plural) vs `/risk` (singular)
- `/findings` (plural) vs `/graph` (singular)
- `/integrations` (plural) vs `/scheduler` (singular)
3. **Deep routes**:
- `/policy-studio/packs/:packId/explain/:runId` - 5 segments
- `/admin/vex-hub/search/detail/:id` - 5 segments
- `/ops/orchestrator/dead-letter/queue` - 4 segments
### 3.4 Guard/Scope Observations
1. **Different guard patterns used**:
- `requireAuthGuard` - basic authentication
- `requireOrchViewerGuard` - orchestrator read access
- `requireOrchOperatorGuard` - orchestrator operator access
- `requirePolicyViewerGuard` - policy read
- `requirePolicyAuthorGuard` - policy authoring
- `requirePolicySimulatorGuard` - policy simulation
- `requirePolicyReviewerGuard` - policy review
- `requirePolicyApproverGuard` - policy approval
- `requirePolicyReviewOrApproveGuard` - either review or approve
2. **Scope-based access defined in navigation config**:
- `graph:read` for SBOM Graph
- `policy:author`, `policy:simulate`, `policy:review`, `policy:approve`, `policy:read`
- `ui.admin` for Admin section
3. **Some routes have no guards**: `/welcome`, `/notify`, `/scans/:scanId`, `/concelier/trivy-db-settings`
### 3.5 Dashboard Screen Observations
Multiple dashboard screens exist across the application:
1. **Home Dashboard** (`/`) - Security overview
2. **Orchestrator Dashboard** (`/orchestrator`) - Job management
3. **Policy Dashboard** (`/policy-studio/packs/:packId/dashboard`) - Per-pack metrics
4. **Quota Dashboard** (`/ops/quotas`) - License/quota metrics
5. **Platform Health Dashboard** (`/ops/health`) - Service health
6. **Feed Mirror Dashboard** (`/ops/feeds`) - Feed sync status
7. **Offline Dashboard** (`/ops/offline-kit/dashboard`) - Offline mode
8. **AOC Compliance Dashboard** (`/ops/aoc`) - Compliance metrics
9. **Release Dashboard** (`/release-orchestrator`) - Release pipeline
10. **VEX Hub Dashboard** (`/admin/vex-hub`) - VEX statements
11. **Doctor Dashboard** (`/ops/doctor`) - Diagnostics
12. **SLO Dashboard** (`/ops/orchestrator/slo`) - SLO health
13. **Dead-Letter Dashboard** (`/ops/orchestrator/dead-letter`) - Failed jobs
14. **Audit Dashboard** (`/admin/audit`) - Audit overview
15. **Trust Dashboard** (`/admin/trust/keys`) - Signing keys
16. **Sources Dashboard** (`/dashboard/sources`) - SBOM sources
### 3.6 Configuration/Settings Screen Observations
Multiple locations for configuration:
1. **Setup Wizard** (`/setup`) - Initial setup
2. **Configuration Pane** (`/console/configuration`) - Integration config
3. **Integration Hub** (`/integrations`) - Integration catalog
4. **Console Admin** (`/console/admin/*`) - User/tenant/role management
5. **Trust Admin** (`/admin/trust`) - Keys/certificates
6. **Registry Admin** (`/admin/registries`) - Registry tokens
7. **Notification Admin** (`/admin/notifications`) - Notification rules
8. **Policy Governance** (`/admin/policy/governance`) - Policy config
9. **Scanner Ops** (`/ops/scanner/settings`) - Scanner settings
10. **Quota Alert Config** (`/ops/quotas/alerts`) - Alert thresholds
11. **SLO Definitions** (`/ops/orchestrator/slo/definitions`) - SLO config
12. **Trivy DB Settings** (`/concelier/trivy-db-settings`) - Trivy config
### 3.7 Evidence/Proof Screen Observations
Multiple locations for evidence-related functionality:
1. **Evidence Center** (`/evidence`) - Bundles, export, replay, provenance
2. **Evidence Packs** (`/evidence-packs`) - Pack list/viewer
3. **Proof Chain** (`/proofs/:subjectDigest`) - Proof visualization
4. **Audit Bundles** (`/triage/audit-bundles`) - Audit evidence
5. **Release Evidence** (`/release-orchestrator/evidence`) - Release evidence
### 3.8 Shared Component Observations
Large number of shared components in `src/app/shared/components/`:
- 100+ shared components
- Mix of UI primitives (button, card, modal) and domain-specific (finding-detail, vex-status-chip)
- Some components are highly specific (e.g., `dsse-envelope-viewer`, `lattice-diagram`)
### 3.9 Feature Overlap Observations
1. **Findings vs Triage**: Both handle vulnerability findings with different workflows
2. **VEX Hub vs Triage VEX**: VEX decisions can be made in both places
3. **Evidence in multiple places**: Evidence features spread across 5 different feature modules
4. **Policy in multiple places**: Policy features spread across 5 different feature modules
5. **Audit logs in multiple places**: Console admin audit, unified audit log, trust audit, etc.
### 3.10 UI Pattern Observations
1. **Consistent patterns used**:
- Tab navigation within features
- Slide-out detail panels
- Data tables with filters and pagination
- Status badges with color coding (🟢🟡🔴)
- Skeleton loading states
2. **Dashboard card pattern**: Used on home dashboard and several other dashboards
3. **Wizard pattern**: Used in setup wizard, source wizard, key rotation wizard
4. **Split-pane pattern**: Used in policy editor, triage workspace