stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity

ui progressing

Browse Source
This commit is contained in:
master
2026-02-20 23:32:20 +02:00
parent ca5e7888d6
commit 1ec797d5e8
191 changed files with 32771 additions and 6504 deletions
Download Patch File Download Diff File Expand all files Collapse all files

231
docs/modules/ui/v2-rewire/pack-22.md Normal file
View File

@@ -0,0 +1,231 @@
# Pack 22 - Release-First IA Consolidation Advisory
Status: Active authority (partially superseded by Pack 23 for Platform IA)
Date: 2026-02-20
Precedence: Overrides `pack-21.md` and lower packs for overlapping IA, naming, and ownership decisions. Pack 23 supersedes Pack 22 for Platform menu placement and Ops/Integrations/Setup ownership boundaries.
## 1) Intent
- Reframe IA around Stella Ops core loop:
- Release -> Gate (security + ops) -> Promote/Deploy -> Evidence -> Audit/Replay.
- Remove duplicated menus that represent the same lifecycle object from different angles.
- Keep backend semantics strict:
- release identity is immutable and digest-first,
- workflow/run/deployment/promotion are execution artifacts of a release.
## 2) Canonical mental model
- Release (formerly Bundle): immutable unit of change, identified by digest and metadata.
- Workflow/Pipeline: policy and orchestration template.
- Run: workflow execution instance for a release and context.
- Promotion: environment transition.
- Deployment: apply release to targets/runtimes.
- Hotfix: release type with expedited gate defaults (not a separate product root).
## 3) Canonical global navigation
Top-level modules:
1. Dashboard
2. Releases
3. Security
4. Evidence
5. Topology
6. Operations
7. Integrations
8. Administration
Persistent top bar context:
- Search
- Region multi-select
- Environment multi-select (scoped by selected regions)
- Time window selector
- Status indicators (offline/feed/policy/evidence)
## 4) Consolidation rules
- `Bundle` term is deprecated in UI:
- use `Release`.
- `Create Bundle` becomes:
- `Create Release`.
- `Current Release` action label becomes:
- `Deploy Release`.
- The following become views inside `Releases` and are not standalone modules:
- Runs,
- Deployments,
- Promotions,
- Hotfixes.
- `Regions & Environments` is not daily navigation:
- global context lives in top bar,
- inventory/setup lives under `Topology`.
- Security surface is consolidated:
- Overview,
- Triage,
- Advisories & VEX,
- Supply-Chain Data.
- `Disposition` is a UX concept embedded in triage/detail:
- Effective VEX,
- Waivers/Exceptions,
- Policy Gate Trace.
- VEX/advisory feed configuration belongs to `Integrations`, not Security.
## 5) Canonical module surfaces
### Dashboard
- Mission control posture:
- deploying now,
- blocked promotions,
- hotfix lane,
- risk posture,
- evidence posture.
- Quick actions:
- Create Release,
- Create Hotfix,
- Approvals Queue,
- Export Evidence,
- Replay decision capsule.
### Releases
- Releases List (standard + hotfix in one list).
- Release Detail tabs:
- Overview,
- Timeline,
- Deploy,
- Security,
- Evidence,
- Audit.
- Approvals Queue (cross-release).
- Activity (cross-release runs timeline).
### Security
- Overview:
- blocker-first posture,
- freshness/confidence,
- expiring waivers and conflicts.
- Triage:
- single dataset with pivots and facets,
- sticky evidence rail (`Why`, `SBOM`, `Reachability`, `Effective VEX`, `Waiver`, `Policy Trace`, `Export`).
- Advisories & VEX:
- provider health,
- VEX library,
- conflicts and resolution,
- issuer trust.
- Supply-Chain Data:
- SBOM Viewer,
- SBOM Graph,
- SBOM Lake,
- Reachability coverage,
- Coverage/Unknowns.
- Reports:
- optional route family,
- evidence export handoff remains owned by `Evidence`.
### Evidence
- Audit Log.
- Evidence Packs:
- Export Center,
- Proof Chains,
- Replay and Verify.
- Trust and Signing:
- user-facing trust posture can be reached here,
- admin owner mutations remain governed by Administration scopes.
### Topology
- Regions.
- Environments.
- Targets and Hosts.
- Agents.
- Promotion Paths.
- Workflows.
- Gate Profiles.
Implementation update (2026-02-20):
- Dedicated operator pages now back canonical Topology routes:
- `/topology/overview`,
- `/topology/regions` + `/topology/environments` (region-first + flat/graph views),
- `/topology/environments/:environmentId/posture` (topology-first tabs),
- `/topology/targets`,
- `/topology/hosts`,
- `/topology/agents`,
- `/topology/promotion-paths`.
- Generic inventory fallback remains only for non-primary Topology routes (`/topology/workflows`, `/topology/gate-profiles`).
- Region/environment global multi-select filters propagate as comma-joined query scope on Topology reads.
### Operations
- Platform Health.
- Orchestrator and Jobs.
- Scheduler.
- Data Integrity.
- Offline Kit.
- Quotas and Limits.
### Integrations
- Registries.
- SCM.
- CI/CD.
- Hosts/Targets connectors.
- Secrets.
- Advisory feeds.
- VEX sources/feeds.
- Integration Health.
- Integration Activity.
### Administration
- Identity and Access.
- Tenants and Branding.
- Notifications.
- Usage and Limits.
- Policy Governance.
- System.
## 6) Old-to-new mapping (route/module intent)
| Legacy intent | New canonical placement |
| --- | --- |
| `Release Control` root | Split into `Releases` + `Topology` |
| `Bundles` | `Releases` (rename Bundle -> Release) |
| `Promotions` | `Releases -> Release Detail -> Timeline` and `Releases -> Activity` |
| `Deployments` | `Releases -> Release Detail -> Deploy` and `Releases -> Activity` |
| `Run Timeline` | `Releases -> Activity` and `Release Detail -> Timeline` |
| `Hotfixes` | `Releases` filter/type + Dashboard hotfix lane |
| `Regions & Environments` menu | Top bar context + `Topology` inventory |
| `Security & Risk -> VEX` and `Exceptions` | `Security -> Triage` disposition rail + `Security -> Advisories & VEX` |
| `Security -> SBOM Graph` and `SBOM Lake` | `Security -> Supply-Chain Data` tabs |
| `Security -> Advisory Sources` config | `Integrations` feeds and source setup |
| `Platform Ops -> Agents` | `Topology -> Agents` |
## 7) Backend dependency directives
- Add/extend v2 contract namespaces for canonical modules:
- `/api/v2/context/*`,
- `/api/v2/releases/*`,
- `/api/v2/topology/*`,
- `/api/v2/security/*`,
- `/api/v2/evidence/*`,
- `/api/v2/integrations/*`,
- `/api/v2/operations/*`.
- Keep legacy aliases during migration window (`/api/v1/*` and domain legacy paths) with explicit deprecation telemetry.
- Required DB migration families (Platform release DB sequence continues after `046_TrustSigningAdministration.sql`):
- `047_GlobalContextAndFilters.sql`,
- `048_ReleaseReadModels.sql`,
- `049_TopologyInventory.sql`,
- `050_SecurityDispositionProjection.sql`,
- `051_IntegrationSourceHealth.sql`.
## 8) Planning acceptance gates
- Canonical docs (`source-of-truth.md`, `authority-matrix.md`, contract ledger) updated before sprint execution.
- Every new screen/route has endpoint classification:
- `EXISTS_COMPAT`,
- `EXISTS_ADAPT`,
- `MISSING_NEW`.
- Backend migrations are listed in sprint completion criteria before FE route cutover tasks can be marked done.