ui progressing
This commit is contained in:
master
@@ -1,145 +1,170 @@
|
||||
# UI v2 Rewire Source of Truth
|
||||
# UI v2 Rewire Source of Truth
|
||||
|
||||
Status: Active
|
||||
Date: 2026-02-18
|
||||
Date: 2026-02-20
|
||||
Working directory: `docs/modules/ui/v2-rewire`
|
||||
|
||||
## 1) Hard Rules
|
||||
## 1) Hard rules
|
||||
|
||||
1. For overlapping guidance, higher pack number wins.
|
||||
2. If a higher pack is partial, keep the latest lower-pack detail for uncovered screens.
|
||||
3. Inside one pack, interpret in this order: `Now/New location` statements, menu/screen graphs, then ASCII/rationale text.
|
||||
3. Inside one pack, interpret in this order:
|
||||
- `Now/New location` statements,
|
||||
- menu/screen graphs,
|
||||
- ASCII/rationale text.
|
||||
4. Canonical planning references must come from this file plus `authority-matrix.md`, not raw packs alone.
|
||||
5. `pack-23.md` is the active Platform IA override for all conflicts with `pack-22.md` and lower packs.
|
||||
6. `pack-22.md` remains authority for non-Platform areas unless `pack-23.md` explicitly overrides them.
|
||||
|
||||
## 2) Canonical IA (v2)
|
||||
## 2) Canonical IA (v3)
|
||||
|
||||
### 2.1 Root domains
|
||||
### 2.1 Root modules
|
||||
|
||||
Canonical root domains are:
|
||||
- `Dashboard` (release mission board)
|
||||
- `Release Control`
|
||||
- `Security & Risk`
|
||||
- `Evidence & Audit`
|
||||
- `Integrations`
|
||||
- `Platform Ops`
|
||||
Canonical top-level modules are:
|
||||
|
||||
- `Dashboard`
|
||||
- `Releases`
|
||||
- `Security`
|
||||
- `Evidence`
|
||||
- `Topology`
|
||||
- `Platform`
|
||||
- `Administration`
|
||||
|
||||
Rationale:
|
||||
- `Dashboard` is last explicitly upgraded as a release-centric entrypoint in Pack 16.
|
||||
- Root domain framing is explicit in Pack 21 and remains the governing top-level grouping.
|
||||
### 2.2 Global context
|
||||
|
||||
### 2.2 Ownership decisions resolved by higher-pack precedence
|
||||
Region and Environment are global context selectors in the top bar, not deep menu nodes.
|
||||
|
||||
Required global context controls:
|
||||
|
||||
- Search
|
||||
- Region multi-select
|
||||
- Environment multi-select scoped to Region selection
|
||||
- Time window selector
|
||||
- Status indicators (offline/feed/policy/evidence)
|
||||
|
||||
### 2.3 Ownership decisions resolved by precedence
|
||||
|
||||
These are authoritative for planning and replace older conflicting placements:
|
||||
- `Policy Governance` belongs to `Administration` (Pack 21 overrides Packs 5/9/11).
|
||||
- `Trust & Signing` belongs to `Administration`, with consumption links from Evidence/Security (Pack 21 overrides Packs 9/11/20 on ownership).
|
||||
- `System` belongs to `Administration` with operational drilldowns into `Platform Ops` (Pack 21 overrides Packs 9/11 alternatives).
|
||||
- Legacy `Settings -> Security Data` is split:
|
||||
- source connectivity/freshness in `Integrations` plus `Platform Ops` mirror operations
|
||||
- advisory impact on gating in `Security & Risk` (Pack 21 mapping).
|
||||
|
||||
### 2.3 Domain ownership vs nav rendering
|
||||
|
||||
`Releases`, `Approvals`, `Deployments`, `Regions & Environments`, and `Bundles` are Release Control domain capabilities.
|
||||
|
||||
If implementation keeps direct nav shortcuts for `Releases`/`Approvals`, treat that as a rendering convenience only. Domain ownership and contracts remain Release Control-owned.
|
||||
- `Release Control` root is decomposed:
|
||||
- release lifecycle surfaces move to `Releases`,
|
||||
- inventory/setup surfaces move to `Topology`.
|
||||
- `Bundle` is deprecated in operator IA and renamed to `Release`.
|
||||
- `Runs`, `Deployments`, `Promotions`, and `Hotfixes` are lifecycle views inside `Releases` and not top-level modules.
|
||||
- `VEX` and `Exceptions` are exposed as one UX concept:
|
||||
- `Security -> Triage` disposition rail + detail tabs,
|
||||
- `Security -> Advisories & VEX` for provider/library/conflict/trust operations,
|
||||
- backend data models remain distinct.
|
||||
- SBOM, reachability, and unknowns are unified under `Security -> Supply-Chain Data` tabs.
|
||||
- Advisory feed and VEX source configuration belongs to `Integrations`, not Security.
|
||||
- `Policy Governance` remains under `Administration`.
|
||||
- Trust posture must be reachable from `Evidence`, while admin-owner trust mutations remain governed by administration scopes.
|
||||
|
||||
## 3) Canonical screen authorities
|
||||
|
||||
Use the following packs as the latest valid source per domain.
|
||||
|
||||
### 3.1 Release Control + Bundle lifecycle
|
||||
### 3.1 IA and naming consolidation
|
||||
|
||||
Authoritative packs:
|
||||
- Pack 21 for `Release Control` root positioning and setup/admin migration
|
||||
- Pack 12 for full Bundle Organizer data model and flows
|
||||
- Pack 13 for release promotion flows anchored on bundle versions
|
||||
- Pack 14 for run/timeline, checkpoints, rollback, replay hooks
|
||||
- Pack 18 for standardized environment detail shell/tabs
|
||||
Authoritative pack:
|
||||
|
||||
Superseded for this domain:
|
||||
- Packs 1, 4, 8, 11 (historical drafts)
|
||||
- `pack-22.md`
|
||||
- `pack-23.md` (highest precedence for Platform ownership and menu placement)
|
||||
- `pack-22.md`
|
||||
|
||||
Superseded for overlapping decisions:
|
||||
|
||||
- `pack-21.md` and lower packs for root module grouping and naming.
|
||||
|
||||
### 3.2 Dashboard
|
||||
|
||||
Authoritative pack:
|
||||
- Pack 16 (`Dashboard` mission board, env risk + SBOM + hybrid reachability + Nightly/Data signals)
|
||||
Authoritative packs:
|
||||
|
||||
Superseded:
|
||||
- Packs 1, 4, 8, 11 (dashboard/control-plane variants)
|
||||
- `pack-22.md` for mission control framing and quick actions.
|
||||
- `pack-16.md` for detailed dashboard signal widgets where not overridden.
|
||||
|
||||
### 3.3 Approvals
|
||||
### 3.3 Releases
|
||||
|
||||
Authoritative packs:
|
||||
- Pack 17 for upgraded approval queue/detail tabs and decision-ready context
|
||||
- Pack 13 for base release/approval flow coupling
|
||||
|
||||
- `pack-22.md` for consolidation model (`list`, `detail tabs`, `activity`, `approvals queue`).
|
||||
- `pack-12.md` for release composition/builder details.
|
||||
- `pack-13.md` for promotion flow semantics.
|
||||
- `pack-14.md` for timeline/checkpoint/rollback/replay semantics.
|
||||
- `pack-17.md` for approvals detail depth.
|
||||
|
||||
Superseded:
|
||||
- Packs 1, 4, 8, 13 sections overlapped by Pack 17 detail model
|
||||
|
||||
### 3.4 Security & Risk
|
||||
- Standalone menu treatment from earlier packs where runs/deployments/promotions/hotfixes were separate roots.
|
||||
|
||||
### 3.4 Topology
|
||||
|
||||
Authoritative packs:
|
||||
- Pack 19 for consolidated decision-first Security screen model
|
||||
- Pack 21 for top-level `Advisory Sources` mapping statement
|
||||
|
||||
Superseded:
|
||||
- Packs 3, 7, and earlier security layouts
|
||||
- `pack-22.md` for module ownership and taxonomy.
|
||||
- `pack-18.md` for environment detail shell standards reused inside topology-aware views.
|
||||
|
||||
Known gap:
|
||||
- `Advisory Sources` detailed screen spec is not fully expanded in raw packs and must be sprinted as a first planning task.
|
||||
|
||||
### 3.5 Evidence & Audit
|
||||
|
||||
Authoritative pack:
|
||||
- Pack 20 for evidence chain structure (`Evidence Home`, packs/bundles/export/proof/replay/audit)
|
||||
|
||||
Override:
|
||||
- `Trust & Signing` ownership moved to `Administration` by Pack 21. Keep bidirectional deep links.
|
||||
|
||||
Superseded:
|
||||
- Packs 3, 9, 11 evidence structures
|
||||
|
||||
### 3.6 Platform Ops and data confidence
|
||||
### 3.5 Security
|
||||
|
||||
Authoritative packs:
|
||||
- Pack 15 for `Data Integrity` operating model and bubble-up wiring
|
||||
- Pack 10 for feeds/airgap operational screen specifics where still needed
|
||||
- Pack 21 for top-level Platform Ops taxonomy and admin drilldown links
|
||||
|
||||
- `pack-22.md` for consolidation into `Overview`, `Triage`, `Advisories & VEX`, `Supply-Chain Data`, and optional `Reports`.
|
||||
- `pack-19.md` for decision-first security detail behavior where not overridden.
|
||||
|
||||
Superseded:
|
||||
- Packs 3, 6, 9, 11 operations variants
|
||||
|
||||
### 3.7 Integrations
|
||||
- Earlier split explorer layouts that force separate VEX/Exceptions and separate SBOM roots.
|
||||
|
||||
### 3.6 Evidence
|
||||
|
||||
Authoritative packs:
|
||||
- Pack 21 for Integrations taxonomy and settings split
|
||||
- Pack 10 for hub/detail/add + feed-source operational ties
|
||||
|
||||
Superseded:
|
||||
- Packs 2, 5, 9 integration placement drafts
|
||||
- `pack-22.md` for evidence navigation framing and release linkage expectations.
|
||||
- `pack-20.md` for evidence chain structure (packs/export/proof/replay/audit).
|
||||
|
||||
### 3.8 Administration
|
||||
### 3.7 Operations
|
||||
|
||||
Authoritative pack:
|
||||
- Pack 21 (`A0` ... `A7` including Policy, Trust, System)
|
||||
Authoritative packs:
|
||||
|
||||
Superseded:
|
||||
- Packs 2, 5, 9, 11 admin/settings decompositions
|
||||
- `pack-23.md` for Platform Ops placement and workflow prioritization.
|
||||
- `pack-15.md` for data integrity operating model.
|
||||
- `pack-10.md` for feeds/airgap operational detail where still valid.
|
||||
|
||||
### 3.8 Integrations
|
||||
|
||||
Authoritative packs:
|
||||
|
||||
- `pack-23.md` for Platform Integrations placement and topology ownership split.
|
||||
- `pack-10.md` and `pack-21.md` for connector detail flows where not overridden.
|
||||
|
||||
### 3.9 Administration
|
||||
|
||||
Authoritative packs:
|
||||
|
||||
- `pack-22.md` for top-level scope.
|
||||
- `pack-21.md` for detailed A0-A7 screen structure where not overridden.
|
||||
|
||||
## 4) Normalized terminology (canonical names)
|
||||
|
||||
Use these terms in sprint tickets/specs:
|
||||
- `Control Plane` -> `Dashboard`
|
||||
- `Packets` -> `Evidence Packs`
|
||||
- `Evidence Bundles` remains `Evidence Bundles`
|
||||
- `Feed Mirror & AirGap Ops` under `Platform Ops` (connectivity still surfaced in `Integrations`)
|
||||
- `Hybrid Reachability` stays second-class (visible in context views, not a standalone product root)
|
||||
|
||||
- `Bundle` -> `Release`
|
||||
- `Create Bundle` -> `Create Release`
|
||||
- `Current Release` -> `Deploy Release`
|
||||
- `Run Timeline` -> `Activity` (cross-release) or `Timeline` (release detail tab)
|
||||
- `Security & Risk` -> `Security`
|
||||
- `Evidence & Audit` -> `Evidence`
|
||||
- `Platform Ops` -> `Platform -> Ops`
|
||||
- `Integrations` root -> `Platform -> Integrations`
|
||||
- `Setup` root -> `Platform -> Setup`
|
||||
- `Regions & Environments` menu -> `Topology` module + global context switchers
|
||||
|
||||
## 5) Planning gaps to schedule first
|
||||
|
||||
Create early sprints for these spec-completion items before broad implementation starts:
|
||||
- `Security & Risk -> Advisory Sources` full screen definition and contracts
|
||||
- final nav rendering decision for Release Control-owned capabilities (direct shortcuts vs strictly nested)
|
||||
- Trust ownership transition rules between Administration and Evidence workflows (route aliases + breadcrumbs + redirects)
|
||||
- route deprecation map from legacy `Settings/*` and older aliases to final IA paths
|
||||
Create first-wave dependency sprints for:
|
||||
|
||||
- backend global context contracts and persistence (`Region/Environment` top-bar model),
|
||||
- releases read-model contracts for list/detail/activity/approvals queue,
|
||||
- topology inventory contracts and synchronization,
|
||||
- security disposition aggregation contracts (VEX + Exceptions UX join),
|
||||
- route deprecation map from `/release-control/*`, `/security-risk/*`, `/evidence-audit/*`, `/platform-ops/*` to canonical paths.
|
||||
|
||||
Reference in New Issue
Block a user