stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 3 Releases Wiki Activity

ui progressing

Browse Source
This commit is contained in:
master
2026-02-20 23:32:20 +02:00
parent ca5e7888d6
commit 1ec797d5e8
191 changed files with 32771 additions and 6504 deletions
Download Patch File Download Diff File Expand all files Collapse all files

315
docs/modules/ui/v2-rewire/multi-sprint-plan.md
View File

@@ -1,266 +1,191 @@
# UI v2 Rewire Multi Sprint Plan (Draft 1)
# UI v2 Rewire Multi Sprint Plan (Draft 2 - Pack 22)
Status: Ready for sprint authoring
Date: 2026-02-18
Source set: `source-of-truth.md`, `authority-matrix.md`, `sprint-planning-guide.md`
Date: 2026-02-20
Source set: `source-of-truth.md`, `authority-matrix.md`, `sprint-planning-guide.md`, `S00_endpoint_contract_ledger_v2_pack22.md`
## Scope and intent
This is the first implementation decomposition for the v2 UI rewire.
It is designed for many execution sprints with clear dependencies and parallel lanes.
This plan decomposes the Pack 22 advisory into execution sprints with explicit backend dependency ordering.
Precedence rule: higher pack number wins for overlap.
## Mandatory contract workflow (all sprints)
For each screen in sprint scope, classify backend readiness:
- `EXISTS_COMPAT`
- `EXISTS_ADAPT`
- `MISSING_NEW`
Each sprint must produce a contract ledger with:
- screen
- required behavior
- current endpoint candidate
- status class
- auth scope impact
- schema delta
- owner module
Each sprint must produce or update a contract ledger with:
- screen,
- required behavior,
- current endpoint candidate,
- status class,
- auth scope impact,
- schema delta,
- owner module.
## Wave map
| Wave | Sprints | Goal |
| --- | --- | --- |
| Wave 0 | S00 | Freeze final spec and remove residual ambiguity |
| Wave 1 | S01, S02, S03 | Navigation shell and foundational admin/integration/ops taxonomy |
| Wave 2 | S04, S05, S06, S07 | Release core (bundles, promotions, approvals, runs) |
| Wave 3 | S08, S09, S10, S11 | Dashboard, env standardization, security and evidence consolidation |
| Wave 4 | S12, S13 | Migration cutover, redirects, QA hardening, release readiness |
| Wave 0 | S22-00 | Freeze Pack 22 canonical doc set and contract baseline |
| Wave 1 | S22-01, S22-02, S22-03 | Backend dependencies and DB migrations |
| Wave 2 | S22-04, S22-05 | FE nav shell and Releases consolidation |
| Wave 3 | S22-06, S22-07, S22-08 | Topology/Operations, Security/Evidence, Integrations/Admin alignment |
| Wave 4 | S22-09, S22-10 | Redirect cutover, Playwright conformity, release readiness |
## Sprint catalog
### S00 - Spec freeze and unresolved gaps
- Canonical packs: 21, 19, 20
- Goal: lock unresolved model gaps before feature implementation starts.
### S22-00 - Spec freeze for Pack 22
- Canonical packs: 22 (+ fallback packs per authority matrix)
- Goal: lock naming, ownership, and route intent before further implementation.
- Primary outputs:
- final `Advisory Sources` screen spec (Security and Risk)
- final rule for Release Control-owned capability rendering (shortcut vs nested)
- final Trust ownership transition policy (Administration owner, Evidence consumer)
- final route deprecation map baseline
- Contract work:
- start global endpoint ledger, initial status for all top-level screens.
- updated `source-of-truth.md`
- updated `authority-matrix.md`
- Pack 22 contract ledger baseline
- Dependencies: none.
- Parallelism: blocks S01-S03 start for any unresolved ownership topic.
### S01 - Nav shell and route framework
- Canonical packs: 21, 16
- Goal: create stable shell for new IA without breaking existing behavior.
- Working directory (implementation): `src/Web/StellaOps.Web`
### S22-01 - Backend context and releases read models (dependency sprint)
- Canonical packs: 22, 12, 13, 14, 17
- Working directory (implementation): `src/Platform/StellaOps.Platform.WebService`
- Goal: deliver global context and releases v2 contracts with DB backing.
- Primary outputs:
- root nav groups aligned to canonical IA
- breadcrumb updates and migration labels
- route alias skeleton for staged cutover
- Contract work:
- ledger for nav-linked routes and their current API assumptions.
- Dependencies: S00.
- Parallelism: can run with S02 and S03 after S00 decisions are frozen.
- `/api/v2/context/*`
- `/api/v2/releases/*` (list/detail/activity/approvals queue)
- DB migrations `047_*.sql`, `048_*.sql`
- Dependencies: S22-00.
### S02 - Administration and Integrations restructuring
- Canonical packs: 21, 10
- Goal: move settings-heavy capability into Administration and Integrations model.
- Working directory (implementation): `src/Web/StellaOps.Web`
### S22-02 - Backend topology inventory contracts (dependency sprint)
- Canonical packs: 22, 18
- Working directory (implementation): `src/Platform/StellaOps.Platform.WebService`
- Goal: deliver Topology APIs and inventory projections.
- Primary outputs:
- Admin A0-A7 routing and page ownership
- Integrations taxonomy and detail flow alignment
- Security Data split wiring (Integrations + Platform Ops + Security)
- Contract work:
- classify admin and integration endpoints; identify missing APIs for advisory source health and impact mapping.
- Dependencies: S00, S01.
- Parallelism: can run with S03.
- `/api/v2/topology/*`
- DB migration `049_*.sql`
- Dependencies: S22-00.
### S03 - Platform Ops and Data Integrity foundation
- Canonical packs: 15, 21, 10
- Goal: establish Data Integrity as the operational truth source.
- Working directory (implementation): `src/Web/StellaOps.Web`
### S22-03 - Backend security disposition contracts (dependency sprint)
- Canonical packs: 22, 19
- Working directory (implementation): `src/Platform/StellaOps.Platform.WebService`
- Goal: consolidate findings/disposition/SBOM contracts for Security.
- Primary outputs:
- Data Integrity overview and subviews
- ops links from dashboard/approvals/security placeholders
- feeds/airgap ops alignment with integrations view
- Contract work:
- classify freshness, job health, ingest, DLQ, and integration connectivity APIs.
- Dependencies: S00, S01.
- Parallelism: can run with S02.
- `/api/v2/security/findings`
- `/api/v2/security/disposition`
- `/api/v2/security/sbom-explorer`
- DB migration `050_*.sql`
- Dependencies: S22-00.
### S04 - Bundle organizer and bundle lifecycle
- Canonical packs: 12, 21
- Goal: implement bundle-first model for release inputs.
### S22-04 - FE nav shell migration
- Canonical packs: 22, 16
- Working directory (implementation): `src/Web/StellaOps.Web`
- Goal: migrate root IA and top-bar global context controls.
- Primary outputs:
- bundle catalog/detail/builder flow
- component version selection and config contract steps
- materialize to environment flow shell
- Contract work:
- classify component inventory, digest mapping, changelog, and materialization APIs.
- define new schemas where missing (`MISSING_NEW`).
- Dependencies: S00, S01, S02.
- Parallelism: can start before S05.
- root route rename to canonical Pack 22 modules
- sidebar and breadcrumbs updated
- temporary legacy alias redirects
- Dependencies: S22-01 for context contract.
### S05 - Releases promotion flow (bundle-version anchored)
- Canonical packs: 13
- Goal: convert release flow to immutable bundle-version promotions.
### S22-05 - FE Releases module consolidation
- Canonical packs: 22, 12, 13, 14, 17
- Working directory (implementation): `src/Web/StellaOps.Web`
- Goal: collapse release lifecycle surfaces into Releases module.
- Primary outputs:
- promotions list and create wizard
- release detail and gate summary model
- links to run timeline, approvals, evidence snapshots
- Contract work:
- classify promotion creation/status/history APIs and gate evaluation contracts.
- Dependencies: S04.
- Parallelism: can run with S06 once S04 contracts are stable.
- Releases list/detail/activity/approvals queue
- old standalone runs/deployments/promotions/hotfix routes redirected
- Dependencies: S22-01.
### S06 - Approvals v2 decision cockpit
- Canonical packs: 17, 13
- Goal: make approvals self-sufficient for decisioning.
### S22-06 - FE Topology and Operations boundary alignment
- Canonical packs: 22, 18, 15
- Working directory (implementation): `src/Web/StellaOps.Web`
- Goal: move inventory pages to Topology and keep runtime state in Operations.
- Primary outputs:
- approvals queue v2
- approval detail tabs (overview, gates, security, reachability, ops/data, evidence, replay, history)
- consistent cross-links to Security/Evidence/Ops/Release Control
- Contract work:
- classify approval packet, gate trace, decision action, and evidence retrieval APIs.
- Dependencies: S05 and S03 baseline availability.
- Parallelism: partial overlap with S07 allowed.
- Topology module pages
- Operations cleanup after agent/inventory migration
- Dependencies: S22-02.
### S07 - Run timeline, checkpoints, rollback and replay context
- Canonical packs: 14
- Goal: provide auditable execution timeline for each promotion run.
### S22-07 - FE Security consolidation
- Canonical packs: 22, 19
- Working directory (implementation): `src/Web/StellaOps.Web`
- Goal: implement Risk Overview + Findings + Disposition + SBOM Explorer.
- Primary outputs:
- run timeline page
- step detail with logs/artifacts/evidence capture points
- rollback and rerun controls with safe gating
- Contract work:
- classify run-step logs/artifact/retry/rollback APIs and permissions.
- Dependencies: S05.
- Parallelism: can run with S06.
- consolidated Security routes and nav
- disposition UX that composes VEX + Exceptions data
- Dependencies: S22-03.
### S08 - Dashboard v3 mission board
- Canonical packs: 16
- Goal: upgrade dashboard to release-risk mission board.
### S22-08 - FE Evidence/Integrations/Admin alignment
- Canonical packs: 22, 20, 10, 21
- Working directory (implementation): `src/Web/StellaOps.Web`
- Goal: align evidence links, feed/vex source setup placement, and admin boundaries.
- Primary outputs:
- env risk panel (`CritR`, SBOM freshness, B/I/R coverage)
- nightly/data integrity signal cards
- fast drilldowns to approvals/releases/security/ops
- Contract work:
- classify aggregated dashboard endpoints and freshness metadata contracts.
- Dependencies: S03, S05, S06.
- Parallelism: can run with S09.
- evidence cross-links from releases/security/approvals
- integrations feed/vex source setup placement
- trust posture links with admin-owner mutations preserved
- Dependencies: S22-01 and S22-03.
### S09 - Environment detail standardization
- Canonical packs: 18
- Goal: unify environment decision state in one screen shell.
### S22-09 - Route deprecation and redirect cutover
- Canonical packs: 22 plus affected domain packs
- Working directory (implementation): `src/Web/StellaOps.Web`
- Goal: preserve deep links while switching canonical roots.
- Primary outputs:
- standard env header
- tabs for deploy, SBOM/findings, reachability, inputs, promotions/approvals, data confidence, evidence
- canonical deep links into bundle/run/security/evidence pages
- Contract work:
- classify environment-scoped status and evidence APIs.
- Dependencies: S03, S04, S05.
- Parallelism: can run with S08 and S10.
- full redirect map and telemetry
- breadcrumb compatibility labels
- Dependencies: S22-04 to S22-08.
### S10 - Security and Risk consolidation
- Canonical packs: 19, 21
- Goal: implement decision-first Security model with advisory-source split.
- Working directory (implementation): `src/Web/StellaOps.Web`
- Primary outputs:
- risk overview, findings explorer/detail, vulnerabilities explorer/detail
- SBOM lake/graph placement, VEX, exceptions
- Advisory Sources screen per S00 finalized spec
- Contract work:
- classify findings/vuln/vex/exception/advisory-source APIs and filtering contracts.
- Dependencies: S00, S03, S08.
- Parallelism: can run with S11 once cross-link contracts stabilize.
### S22-10 - E2E conformity and release readiness
### S11 - Evidence and Audit consolidation
- Canonical packs: 20 with 21 trust override
- Goal: implement evidence chain navigation and audit retrieval model.
- Working directory (implementation): `src/Web/StellaOps.Web`
- Primary outputs:
- evidence home router
- evidence packs, bundles, export center, proof chains, replay/verify, audit log
- Trust links to Administration-owned surface
- Contract work:
- classify evidence pack/bundle/export/proof/replay/audit APIs and ownership boundaries.
- Dependencies: S00, S05, S06.
- Parallelism: can run with S10.
### S12 - Migration and redirect cutover
- Canonical packs: 21 plus affected domain packs
- Goal: make IA migration safe for existing users and links.
- Working directory (implementation): `src/Web/StellaOps.Web`
- Primary outputs:
- full redirect map for legacy settings and historical aliases
- breadcrumb and legacy-name compatibility labels
- deprecation telemetry hooks
- Contract work:
- no new domain APIs expected; verify alias routes and fallback behaviors.
- Dependencies: S01-S11 (or at least all impacted route owners).
- Parallelism: mostly late-phase integration sprint.
### S13 - E2E QA hardening and release readiness
- Canonical packs: all active authority packs
- Goal: prove end-to-end behavior against final IA and contracts.
- Working directory (implementation): `src/Web/StellaOps.Web`
- Goal: prove behavior against Pack 22 and fallback pack details.
- Primary outputs:
- route and workflow E2E coverage for all root domains
- accessibility and regression checks for nav and critical workflows
- Playwright route and interaction evidence
- screenshot pack for auditor handoff
- final contract ledger closure report
- Contract work:
- verify all screens have final status not `MISSING_NEW`.
- Dependencies: S02-S12 completion candidates.
- Parallelism: can stage as rolling QA, but final signoff occurs last.
- Dependencies: S22-04 to S22-09.
## Cross-module backend ownership map (planning)
These modules are likely to receive backend contract work during implementation sprints:
These modules are expected to receive backend contract work during Pack 22 migration:
- `src/Platform/`
- `src/ReleaseOrchestrator/`
- `src/Policy/`
- `src/Scanner/`
- `src/Integrations/`
- `src/EvidenceLocker/`
- `src/Attestor/`
- `src/Signer/`
- `src/Integrations/`
- `src/Scanner/`
- `src/Orchestrator/`
- `src/Scheduler/`
- `src/Authority/`
Each sprint that touches these must include explicit cross-module allowance in its sprint file.
## Initial sequencing recommendation
1. Execute S00 to remove final ambiguity.
2. Run S01 + S02 + S03 in parallel.
3. Start release core S04 -> S05, then branch into S06 and S07.
4. Run S08 + S09 + S10 + S11 as parallel domain upgrades.
5. Finish with S12 migration cutover and S13 final QA signoff.
1. Complete S22-00 documentation freeze.
2. Execute S22-01, S22-02, S22-03 as backend dependency lane.
3. Start FE with S22-04 and S22-05 after S22-01 API availability.
4. Run S22-06, S22-07, S22-08 with dependency gating.
5. Finish with S22-09 migration cutover and S22-10 QA signoff.
## Proposed sprint filename seeds (for `docs/implplan` authoring)
- `SPRINT_20260218_001_DOCS_ui_v2_rewire_spec_freeze.md` (S00)
- `SPRINT_20260218_002_FE_ui_v2_rewire_nav_shell.md` (S01)
- `SPRINT_20260218_003_FE_ui_v2_rewire_admin_integrations.md` (S02)
- `SPRINT_20260218_004_FE_ui_v2_rewire_platform_ops_data_integrity.md` (S03)
- `SPRINT_20260218_005_FE_ui_v2_rewire_bundle_lifecycle.md` (S04)
- `SPRINT_20260218_006_FE_ui_v2_rewire_releases_promotions.md` (S05)
- `SPRINT_20260218_007_FE_ui_v2_rewire_approvals_v2.md` (S06)
- `SPRINT_20260218_008_FE_ui_v2_rewire_run_timeline.md` (S07)
- `SPRINT_20260218_009_FE_ui_v2_rewire_dashboard_v3.md` (S08)
- `SPRINT_20260218_010_FE_ui_v2_rewire_environment_detail.md` (S09)
- `SPRINT_20260218_011_FE_ui_v2_rewire_security_consolidation.md` (S10)
- `SPRINT_20260218_012_FE_ui_v2_rewire_evidence_audit_consolidation.md` (S11)
- `SPRINT_20260218_013_FE_ui_v2_rewire_migration_redirects.md` (S12)
- `SPRINT_20260218_014_FE_ui_v2_rewire_release_readiness_qa.md` (S13)
Note: creation of official sprint files is intentionally deferred until write scope includes `docs/implplan`.
- `SPRINT_20260220_018_Platform_pack22_backend_contracts_and_migrations.md` (S22-01 + S22-02 + S22-03 baseline)
- `SPRINT_20260220_019_FE_pack22_ia_rewire_and_route_migration.md` (S22-04 + S22-05 baseline)
- `SPRINT_20260220_020_FE_pack22_releases_security_detailed_workbench.md` (incremental extension of S22-06/S22-07 scope)
- `SPRINT_20260220_021_FE_pack22_run_centric_releases_platform_scope.md` (run-centric extension across S22-06 to S22-08 scope)
- `SPRINT_20260220_022_FE_pack22_run_detail_provenance_contract.md` (run-detail contract hardening extension)
- `SPRINT_20260220_023_Platform_pack22_run_detail_backend_provenance_companion.md` (backend companion dependency for sprint 022)
- `SPRINT_20260220_024_FE_pack22_redirect_cutover.md` (S22-09 target)
- `SPRINT_20260220_025_FE_pack22_release_readiness_qa.md` (S22-10 target)