diff --git a/src/Web/StellaOps.Web/src/app/layout/app-sidebar/app-sidebar.component.ts b/src/Web/StellaOps.Web/src/app/layout/app-sidebar/app-sidebar.component.ts index 945943744..6baaf8432 100644 --- a/src/Web/StellaOps.Web/src/app/layout/app-sidebar/app-sidebar.component.ts +++ b/src/Web/StellaOps.Web/src/app/layout/app-sidebar/app-sidebar.component.ts @@ -171,7 +171,7 @@ const RECOMMENDED_FIRST_VISIT_PATH: readonly RecommendedNavStep[] = [ } @if (!effectiveCollapsed && group.description) { -

{{ group.description }}

+

{{ group.description }}

}
@@ -539,7 +539,9 @@ const RECOMMENDED_FIRST_VISIT_PATH: readonly RecommendedNavStep[] = [ color: var(--color-sidebar-text-muted); font-size: 0.7rem; line-height: 1.45; - max-width: 24ch; + white-space: nowrap; + overflow: hidden; + text-overflow: ellipsis; } /* ---- Group chevron ---- */ @@ -755,10 +757,25 @@ export class AppSidebarComponent implements AfterViewInit { menuGroupLabel: 'Release Control', requireAnyScope: [StellaOpsScopes.POLICY_READ], }, - // ── Group 2: Security ──────────────────────────────────────────── + // ── Group 2: Security (simplified: 4 items) ────────────────────── { - id: 'vulnerabilities', - label: 'Vulnerabilities', + id: 'image-security', + label: 'Image Security', + icon: 'shield', + route: '/security/images', + menuGroupId: 'security', + menuGroupLabel: 'Security', + sparklineData$: () => this.doctorTrendService.securityTrend(), + requireAnyScope: [ + StellaOpsScopes.SCANNER_READ, + StellaOpsScopes.SBOM_READ, + StellaOpsScopes.FINDINGS_READ, + StellaOpsScopes.VULN_VIEW, + ], + }, + { + id: 'triage-queue', + label: 'Triage Queue', icon: 'alert', route: '/triage/artifacts', menuGroupId: 'security', @@ -771,101 +788,25 @@ export class AppSidebarComponent implements AfterViewInit { ], }, { - id: 'security-posture', - label: 'Security Posture', - icon: 'shield', - route: '/security', + id: 'risk-overview', + label: 'Risk Overview', + icon: 'activity', + route: '/security/risk', menuGroupId: 'security', menuGroupLabel: 'Security', - sparklineData$: () => this.doctorTrendService.securityTrend(), - requireAnyScope: [ - StellaOpsScopes.SCANNER_READ, - StellaOpsScopes.SBOM_READ, - StellaOpsScopes.ADVISORY_READ, - StellaOpsScopes.VEX_READ, - StellaOpsScopes.EXCEPTION_READ, - StellaOpsScopes.FINDINGS_READ, - StellaOpsScopes.VULN_VIEW, - ], - children: [ - { id: 'sec-supply-chain', label: 'Supply-Chain Data', route: '/security/supply-chain-data', icon: 'graph' }, - { id: 'sec-findings-explorer', label: 'Findings Explorer', route: '/security/findings', icon: 'list' }, - { id: 'sec-reachability', label: 'Reachability', route: '/security/reachability', icon: 'cpu' }, - { id: 'sec-unknowns', label: 'Unknowns', route: '/security/unknowns', icon: 'help-circle' }, - ], + requireAnyScope: [StellaOpsScopes.FINDINGS_READ, StellaOpsScopes.VULN_VIEW], }, { - id: 'scan-image', - label: 'Scan Image', - icon: 'search', - route: '/security/scan', + id: 'advisory-sources', + label: 'Advisory Sources', + icon: 'rss', + route: '/security/advisory-sources', menuGroupId: 'security', menuGroupLabel: 'Security', - requireAnyScope: [StellaOpsScopes.SCANNER_READ], + requireAnyScope: [StellaOpsScopes.ADVISORY_READ], }, - { - id: 'sec-vex-exceptions', - label: 'VEX & Exceptions', - icon: 'file-text', - route: '/ops/policy/vex', - menuGroupId: 'security', - menuGroupLabel: 'Security', - requireAnyScope: [StellaOpsScopes.VEX_READ, StellaOpsScopes.EXCEPTION_READ], - }, - // ── Group 3: Evidence (trimmed from 7 to 4) ────────────────────── - { - id: 'evidence-overview', - label: 'Evidence Overview', - icon: 'file-text', - route: '/evidence/overview', - menuGroupId: 'evidence', - menuGroupLabel: 'Evidence', - requireAnyScope: [ - StellaOpsScopes.RELEASE_READ, - StellaOpsScopes.POLICY_AUDIT, - StellaOpsScopes.AUTHORITY_AUDIT_READ, - StellaOpsScopes.SIGNER_READ, - StellaOpsScopes.VEX_EXPORT, - ], - }, - { - id: 'evidence-capsules', - label: 'Decision Capsules', - icon: 'archive', - route: '/evidence/capsules', - menuGroupId: 'evidence', - menuGroupLabel: 'Evidence', - requireAnyScope: [ - StellaOpsScopes.RELEASE_READ, - StellaOpsScopes.POLICY_AUDIT, - ], - }, - { - id: 'evidence-audit-log', - label: 'Audit Log', - icon: 'list', - route: '/evidence/audit-log', - menuGroupId: 'evidence', - menuGroupLabel: 'Evidence', - requireAnyScope: [ - StellaOpsScopes.POLICY_AUDIT, - StellaOpsScopes.AUTHORITY_AUDIT_READ, - ], - }, - { - id: 'evidence-exports', - label: 'Export Center', - icon: 'download', - route: '/evidence/exports', - menuGroupId: 'evidence', - menuGroupLabel: 'Evidence', - requireAnyScope: [ - StellaOpsScopes.VEX_EXPORT, - StellaOpsScopes.RELEASE_READ, - ], - }, - // Replay & Verify, Bundles, Trust — removed from nav, still routable. - // Accessible from Evidence Overview, Decision Capsules detail, and Audit Log filters. + // Evidence group consolidated into Operations → Audit. + // Evidence threads, capsule details, proof chains, workspaces remain routable from context pages. // ── Group 4: Operations ───────────────────────────────────────── { id: 'ops-jobs', @@ -912,6 +853,19 @@ export class AppSidebarComponent implements AfterViewInit { menuGroupLabel: 'Operations', requireAnyScope: [StellaOpsScopes.HEALTH_READ, StellaOpsScopes.UI_ADMIN], }, + { + id: 'ops-audit', + label: 'Audit', + icon: 'list', + route: '/ops/operations/audit', + menuGroupId: 'operations', + menuGroupLabel: 'Operations', + requireAnyScope: [ + StellaOpsScopes.POLICY_AUDIT, + StellaOpsScopes.AUTHORITY_AUDIT_READ, + StellaOpsScopes.RELEASE_READ, + ], + }, // Runtime Drift, Notifications, Watchlist — removed from nav, still routable. // ── Group 5: Settings ──────────────────────────────────────────── {