docs consolidation and others

docs/modules/ui/operations/observability-guide.md

@@ -0,0 +1,41 @@
+# Console Observability
+
+This document describes Console observability expectations: what telemetry matters, how to correlate UI actions with backend traces, and what to surface in air-gapped deployments.
+
+## What to Measure (UI)
+
+Recommended UI metrics include:
+
+- **Time-to-verdict (TTFV):** from navigation to verdict banner rendered.
+- **Time-to-evidence:** from clicking a fact/badge to evidence preview available.
+- **Export latency and success rate:** evidence bundle generation time and failures.
+- **Mute/exception usage:** how often operators suppress or escalate findings (counts, reversal rate).
+
+## What to Log (Structured)
+
+Console logs should be structured and tenant-scoped:
+
+- `tenantId`, `actor`, `actionType`
+- `artifactId` / image digest
+- `findingId` / vulnerability identifiers (when relevant)
+- `traceId` / correlation IDs that tie UI requests to backend traces
+
+## Error Surfaces
+
+Operators need actionable error messaging:
+
+- Distinguish client validation errors from server failures.
+- Provide a copyable correlation/trace ID for support.
+- Avoid leaking stack traces or secrets into UI notifications.
+
+## Offline / Sealed Mode Telemetry
+
+In sealed mode, surface:
+
+- snapshot identity and staleness budgets
+- which data is stale vs fresh (policy pack version, VEX snapshot time, feed ages)
+
+## References
+
+- UI telemetry guidance: `docs/observability/ui-telemetry.md`
+- Accessibility baseline: `docs/accessibility.md`