stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity

partly or unimplemented features - now implemented

Browse Source
This commit is contained in:
master
2026-02-09 08:53:51 +02:00
parent 1bf6bbf395
commit 4bdc298ec1
674 changed files with 90194 additions and 2271 deletions
Download Patch File Download Diff File Expand all files Collapse all files

53
docs/features/unchecked/web/audit-trail-why-am-i-seeing-this.md Normal file
View File

@@ -0,0 +1,53 @@
# Audit Trail "Why am I seeing this?" (Reason Capsule)
## Module
Web
## Status
IMPLEMENTED
## Description
The advisory proposed a ReasonCapsuleComponent with per-row expandable explanations showing policy name, rule ID, graph revision ID, and inputs digest. Instead, verdict explanation is implemented via VerdictWhySummaryComponent (3-5 bullet driver explanations with evidence drill-down links) and WhySafePanels in the lineage feature. The exact ReasonCapsuleComponent name and API contract (/api/audit/reasons/:verdictId) were not found, but the concept is substantially realized under different component names.
## What's Implemented
- **Existing components**:
- `ai-code-guard-badge` (`src/Web/StellaOps.Web/src/app/features/triage/components/ai-code-guard-badge/ai-code-guard-badge.component.ts`)
- `ai-recommendation-panel` (`src/Web/StellaOps.Web/src/app/features/triage/components/ai-recommendation-panel/ai-recommendation-panel.component.ts`)
- `attestation-viewer` (`src/Web/StellaOps.Web/src/app/features/triage/components/attestation-viewer/attestation-viewer.component.ts`)
- `bulk-action-modal` (`src/Web/StellaOps.Web/src/app/features/triage/components/bulk-action-modal/bulk-action-modal.component.ts`)
- `case-header` (`src/Web/StellaOps.Web/src/app/features/triage/components/case-header/case-header.component.ts`)
- `decision-drawer-enhanced` (`src/Web/StellaOps.Web/src/app/features/triage/components/decision-drawer/decision-drawer-enhanced.component.ts`)
- `decision-drawer` (`src/Web/StellaOps.Web/src/app/features/triage/components/decision-drawer/decision-drawer.component.ts`)
- `attestation-chain` (`src/Web/StellaOps.Web/src/app/features/triage/components/evidence-panel/attestation-chain.component.ts`)
- `backport-verdict-badge` (`src/Web/StellaOps.Web/src/app/features/triage/components/evidence-panel/backport-verdict-badge.component.ts`)
- `binary-diff-tab` (`src/Web/StellaOps.Web/src/app/features/triage/components/evidence-panel/binary-diff-tab.component.ts`)
- **Existing services**:
- `advisory-ai` (`src/Web/StellaOps.Web/src/app/features/triage/services/advisory-ai.service.ts`)
- `binary-diff-evidence` (`src/Web/StellaOps.Web/src/app/features/triage/services/binary-diff-evidence.service.ts`)
- `diff-evidence` (`src/Web/StellaOps.Web/src/app/features/triage/services/diff-evidence.service.ts`)
- `display-preferences` (`src/Web/StellaOps.Web/src/app/features/triage/services/display-preferences.service.ts`)
- `evidence-tab` (`src/Web/StellaOps.Web/src/app/features/triage/services/evidence-tab.service.ts`)
## What's Missing
- **ReasonCapsuleComponent**: No per-row expandable component showing policy name, rule ID, graph revision ID, and inputs digest for each finding/verdict in table views
- **Audit reasons API**: No `/api/audit/reasons/:verdictId` endpoint returning structured reason data for display
- **Per-finding explanation inline**: VerdictWhySummaryComponent and WhySafePanels exist for verdict-level and lineage-level explanation, but no per-row inline "why" capsule in triage table views
## Implementation Plan
- Create `ReasonCapsuleComponent` as expandable per-row explanation in triage/finding tables
- Add `/api/audit/reasons/:verdictId` endpoint returning policy name, rule ID, graph revision, inputs digest
- Wire capsule into triage table views for inline "why am I seeing this" explanation
## E2E Test Plan
- **Setup**:
- [ ] Log in with a user that has appropriate permissions
- [ ] Navigate to `/triage/artifacts`
- [ ] Ensure test data exists (scanned artifacts, SBOM data, or seed data as needed)
- **Core verification**:
- [ ] Verify the component renders correctly with sample data
- [ ] Verify interactive elements respond to user input
- [ ] Verify data is fetched and displayed from the correct API endpoints
- **Edge cases**:
- [ ] Verify graceful handling when backend API is unavailable (error state)
- [ ] Verify responsive layout at different viewport sizes
- [ ] Verify accessibility (keyboard navigation, screen reader labels, ARIA attributes)

54
docs/features/unchecked/web/pack-registry-browser.md Normal file
View File

@@ -0,0 +1,54 @@
# Pack Registry Browser
## Module
Web
## Status
IMPLEMENTED
## Description
TaskRunner pack discovery and management with install/upgrade flows, compatibility checking, version history with changelogs, signature verification, and dependency graph. API client and models exist but dedicated feature module not found.
## What's Implemented
- **Existing components**:
- `conflict-visualizer` (`src/Web/StellaOps.Web/src/app/features/policy-studio/ai/conflict-visualizer.component.ts`)
- `live-rule-preview` (`src/Web/StellaOps.Web/src/app/features/policy-studio/ai/live-rule-preview.component.ts`)
- `test-case-panel` (`src/Web/StellaOps.Web/src/app/features/policy-studio/ai/test-case-panel.component.ts`)
- `version-history` (`src/Web/StellaOps.Web/src/app/features/policy-studio/ai/version-history.component.ts`)
- `policy-approvals` (`src/Web/StellaOps.Web/src/app/features/policy-studio/approvals/policy-approvals.component.ts`)
- `policy-dashboard` (`src/Web/StellaOps.Web/src/app/features/policy-studio/dashboard/policy-dashboard.component.ts`)
- `policy-editor` (`src/Web/StellaOps.Web/src/app/features/policy-studio/editor/policy-editor.component.ts`)
- `policy-explain` (`src/Web/StellaOps.Web/src/app/features/policy-studio/explain/policy-explain.component.ts`)
- `policy-nl-input` (`src/Web/StellaOps.Web/src/app/features/policy-studio/nl-input/policy-nl-input.component.ts`)
- `policy-rule-builder` (`src/Web/StellaOps.Web/src/app/features/policy-studio/rule-builder/policy-rule-builder.component.ts`)
- **Existing services**:
- `monaco-loader` (`src/Web/StellaOps.Web/src/app/features/policy-studio/editor/monaco-loader.service.ts`)
- `policy-api` (`src/Web/StellaOps.Web/src/app/features/policy-studio/services/policy-api.service.ts`)
## What's Missing
- **Pack browser feature module**: No dedicated Angular feature module for browsing the TaskRunner pack registry (installed packs, available packs, version history)
- **Pack install/upgrade flow**: No UI flow for installing or upgrading TaskRunner packs with compatibility checks
- **Pack signature verification display**: No UI showing DSSE signature verification status for each pack
- **Pack dependency graph**: No visual dependency graph for pack dependencies
- **Pack changelog viewer**: No version history with changelog rendering per pack
## Implementation Plan
- Create `pack-registry` Angular feature module under `src/Web/StellaOps.Web/src/app/features/`
- Implement pack list view with install/upgrade actions
- Add signature verification status badge per pack
- Add version history/changelog component
- Wire to TaskRunner pack management API endpoints
## E2E Test Plan
- **Setup**:
- [ ] Log in with a user that has appropriate permissions
- [ ] Navigate to `/policy-studio/packs`
- [ ] Ensure test data exists (scanned artifacts, SBOM data, or seed data as needed)
- **Core verification**:
- [ ] Verify the component renders correctly with sample data
- [ ] Verify interactive elements respond to user input
- [ ] Verify data is fetched and displayed from the correct API endpoints
- **Edge cases**:
- [ ] Verify graceful handling when backend API is unavailable (error state)
- [ ] Verify responsive layout at different viewport sizes
- [ ] Verify accessibility (keyboard navigation, screen reader labels, ARIA attributes)

51
docs/features/unchecked/web/pipeline-run-centric-view.md Normal file
View File

@@ -0,0 +1,51 @@
# Pipeline/Run-Centric View
## Module
Web
## Status
IMPLEMENTED
## Description
Runs feature exists in the frontend with first-signal card components and prefetch services, but a full pipeline-centric view as described in the advisory is only partially present.
## What's Implemented
- **Existing components**:
- `approval-detail` (`src/Web/StellaOps.Web/src/app/features/release-orchestrator/approvals/approval-detail/approval-detail.component.ts`)
- `approval-queue` (`src/Web/StellaOps.Web/src/app/features/release-orchestrator/approvals/approval-queue/approval-queue.component.ts`)
- `promotion-request` (`src/Web/StellaOps.Web/src/app/features/release-orchestrator/approvals/promotion-request/promotion-request.component.ts`)
- `active-deployments` (`src/Web/StellaOps.Web/src/app/features/release-orchestrator/dashboard/components/active-deployments/active-deployments.component.ts`)
- `pending-approvals` (`src/Web/StellaOps.Web/src/app/features/release-orchestrator/dashboard/components/pending-approvals/pending-approvals.component.ts`)
- `pipeline-overview` (`src/Web/StellaOps.Web/src/app/features/release-orchestrator/dashboard/components/pipeline-overview/pipeline-overview.component.ts`)
- `recent-releases` (`src/Web/StellaOps.Web/src/app/features/release-orchestrator/dashboard/components/recent-releases/recent-releases.component.ts`)
- `dashboard` (`src/Web/StellaOps.Web/src/app/features/release-orchestrator/dashboard/dashboard.component.ts`)
- `deployment-list` (`src/Web/StellaOps.Web/src/app/features/release-orchestrator/deployments/deployment-list/deployment-list.component.ts`)
- `deployment-monitor` (`src/Web/StellaOps.Web/src/app/features/release-orchestrator/deployments/deployment-monitor/deployment-monitor.component.ts`)
- **Existing routes**: `approvals.routes.ts`, `dashboard.routes.ts`, `deployments.routes.ts`, `environments.routes.ts`, `evidence.routes.ts`, `releases.routes.ts`, `workflows.routes.ts`
## What's Missing
- **Pipeline run detail view**: No dedicated "run detail" view showing a single pipeline execution with its stages, gates, evidence collection, and outcome
- **Run-centric navigation**: Components exist for approvals, deployments, and releases but no unified "runs" listing that ties them together as a single pipeline execution
- **First-signal card integration**: First-signal card components exist in the `runs/` feature but may not be integrated into the pipeline-centric view
- **Backend API wiring**: Dashboard components may use stub/mock data pending backend endpoint integration
- **Unit/E2E test coverage**: Components likely lack comprehensive test coverage
## Implementation Plan
- Create a unified "pipeline run" detail view connecting scan, gate evaluation, approval, and deployment stages
- Wire pipeline-overview component to backend API for live pipeline status
- Add run-centric navigation linking approval, deployment, and evidence views
- Add unit and E2E test coverage for pipeline dashboard components
## E2E Test Plan
- **Setup**:
- [ ] Log in with a user that has appropriate permissions
- [ ] Navigate to `/release-orchestrator`
- [ ] Ensure test data exists (scanned artifacts, SBOM data, or seed data as needed)
- **Core verification**:
- [ ] Verify the component renders correctly with sample data
- [ ] Verify interactive elements respond to user input
- [ ] Verify data is fetched and displayed from the correct API endpoints
- **Edge cases**:
- [ ] Verify graceful handling when backend API is unavailable (error state)
- [ ] Verify responsive layout at different viewport sizes
- [ ] Verify accessibility (keyboard navigation, screen reader labels, ARIA attributes)

51
docs/features/unchecked/web/reachability-center-ui-view.md Normal file
View File

@@ -0,0 +1,51 @@
# Reachability Center UI View
## Module
Web
## Status
IMPLEMENTED
## Description
Reachability Center view showing asset coverage, missing sensors, and stale reachability facts. Implemented with deterministic fixture data; pending official fixture bundle swap from Signals guild.
## What's Implemented
- **Existing components**:
- `path-viewer` (`src/Web/StellaOps.Web/src/app/features/reachability/components/path-viewer/path-viewer.component.ts`)
- `risk-drift-card` (`src/Web/StellaOps.Web/src/app/features/reachability/components/risk-drift-card/risk-drift-card.component.ts`)
- `poe-drawer` (`src/Web/StellaOps.Web/src/app/features/reachability/poe-drawer.component.ts`)
- `reachability-center` (`src/Web/StellaOps.Web/src/app/features/reachability/reachability-center.component.ts`)
- `reachability-explain-widget` (`src/Web/StellaOps.Web/src/app/features/reachability/reachability-explain-widget.component.ts`)
- `reachability-explain` (`src/Web/StellaOps.Web/src/app/features/reachability/reachability-explain.component.ts`)
- `reachability-why-drawer` (`src/Web/StellaOps.Web/src/app/features/reachability/reachability-why-drawer.component.ts`)
- `witness-page` (`src/Web/StellaOps.Web/src/app/features/reachability/witness-page.component.ts`)
- **Existing services**:
- `drift-api` (`src/Web/StellaOps.Web/src/app/features/reachability/services/drift-api.service.ts`)
## What's Missing
- **Official fixture bundle swap**: Currently using deterministic fixture data; pending official fixture bundle from Signals guild with real reachability data
- **Asset coverage summary**: No dashboard-level summary showing percentage of assets with reachability analysis coverage
- **Missing sensors indicator**: No visual indicator showing which assets lack runtime observation sensors
- **Stale facts alerting**: `drift-api.service.ts` exists but no visual alerting when reachability facts become stale
- **Unit/E2E test coverage**: Components exist but test coverage may be incomplete
## Implementation Plan
- Swap fixture data for live API integration once Signals guild provides official fixture bundle
- Add asset coverage summary widget to reachability-center component
- Add missing sensor indicator to risk-drift-card
- Add stale facts alerting using drift-api service data
- Add unit and E2E test coverage for all reachability center components
## E2E Test Plan
- **Setup**:
- [ ] Log in with a user that has appropriate permissions
- [ ] Navigate to `/reachability`
- [ ] Ensure test data exists (scanned artifacts, SBOM data, or seed data as needed)
- **Core verification**:
- [ ] Verify the component renders correctly with sample data
- [ ] Verify interactive elements respond to user input
- [ ] Verify data is fetched and displayed from the correct API endpoints
- **Edge cases**:
- [ ] Verify graceful handling when backend API is unavailable (error state)
- [ ] Verify responsive layout at different viewport sizes
- [ ] Verify accessibility (keyboard navigation, screen reader labels, ARIA attributes)

49
docs/features/unchecked/web/sbom-graph-reachability-overlay-with-time-slider.md Normal file
View File

@@ -0,0 +1,49 @@
# SBOM Graph Reachability Overlay with Time Slider
## Module
Web
## Status
IMPLEMENTED
## Description
Reachability halo overlay on SBOM graph visualization with time slider for temporal reachability exploration and state legend. Uses deterministic stub data pending fixture bundle.
## What's Implemented
- **Existing components**:
- `graph-canvas` (`src/Web/StellaOps.Web/src/app/features/graph/graph-canvas.component.ts`)
- `graph-explorer` (`src/Web/StellaOps.Web/src/app/features/graph/graph-explorer.component.ts`)
- `graph-filters` (`src/Web/StellaOps.Web/src/app/features/graph/graph-filters.component.ts`)
- `graph-hotkey-help` (`src/Web/StellaOps.Web/src/app/features/graph/graph-hotkey-help.component.ts`)
- `graph-overlays` (`src/Web/StellaOps.Web/src/app/features/graph/graph-overlays.component.ts`)
- `graph-side-panels` (`src/Web/StellaOps.Web/src/app/features/graph/graph-side-panels.component.ts`)
- **Existing services**:
- `graph-accessibility` (`src/Web/StellaOps.Web/src/app/features/graph/graph-accessibility.service.ts`)
## What's Missing
- **Reachability halo overlay**: Graph overlay components exist but no dedicated reachability state halo (color-coded rings around nodes showing lattice state: SR/SU/RO/RU/CR/CU/X)
- **Time slider for temporal reachability**: No time slider component enabling temporal exploration of how reachability states evolved over scan/signal events
- **Lattice state legend**: No legend component mapping halo colors to reachability lattice states
- **Backend API for temporal reachability**: No API endpoint returning reachability state snapshots at different points in time
- **Deterministic fixture bundle**: Currently uses stub data; pending fixture bundle with real reachability overlay data
## Implementation Plan
- Add reachability state halo overlay to graph-overlays component using lattice state colors
- Create time slider component for temporal reachability exploration
- Add lattice state legend component
- Build backend API for temporal reachability snapshots
- Wire overlay to live reachability data via graph service
## E2E Test Plan
- **Setup**:
- [ ] Log in with a user that has appropriate permissions
- [ ] Navigate to `/graph`
- [ ] Ensure test data exists (scanned artifacts, SBOM data, or seed data as needed)
- **Core verification**:
- [ ] Verify the visualization renders correctly with sample data
- [ ] Verify interactive elements (hover tooltips, click-to-drill-down) work
- [ ] Verify the visualization handles empty/minimal data gracefully
- **Edge cases**:
- [ ] Verify graceful handling when backend API is unavailable (error state)
- [ ] Verify responsive layout at different viewport sizes
- [ ] Verify accessibility (keyboard navigation, screen reader labels, ARIA attributes)

50
docs/features/unchecked/web/signals-runtime-dashboard.md Normal file
View File

@@ -0,0 +1,50 @@
# Signals & Runtime Dashboard
## Module
Web
## Status
IMPLEMENTED
## Description
eBPF/ETW/dyld probe status monitoring, signal collection metrics, anomaly alerts, host coverage map, and real-time event stream. API client and models exist but dedicated feature UI module not found as standalone directory.
## What's Implemented
- **Existing components**:
- `extension-slot` (`src/Web/StellaOps.Web/src/app/core/plugins/extension-slots/extension-slot.component.ts`)
- **Existing services**:
- `evidence-panel-metrics` (`src/Web/StellaOps.Web/src/app/core/analytics/evidence-panel-metrics.service.ts`)
- `gateway-metrics` (`src/Web/StellaOps.Web/src/app/core/api/gateway-metrics.service.ts`)
- `policy-interop` (`src/Web/StellaOps.Web/src/app/core/api/policy-interop.service.ts`)
- `reachability-integration` (`src/Web/StellaOps.Web/src/app/core/api/reachability-integration.service.ts`)
- `vuln-export-orchestrator` (`src/Web/StellaOps.Web/src/app/core/api/vuln-export-orchestrator.service.ts`)
## What's Missing
- **Signals dashboard feature module**: No `src/Web/StellaOps.Web/src/app/features/signals/` directory with dedicated dashboard components
- **Probe status monitoring**: No component showing eBPF/ETW/dyld probe health status per host
- **Signal collection metrics**: No real-time metrics showing signals collected per second, error rates, latency
- **Anomaly alerts panel**: No panel displaying detected anomalies from signal data
- **Host coverage map**: No visualization showing which hosts have active runtime probes
- **Real-time event stream**: No WebSocket/SSE-based live event feed component
## Implementation Plan
- Create `features/signals/` module with route registration
- Build probe status monitoring dashboard showing per-host probe health
- Add signal collection metrics widget with real-time updates
- Build anomaly alerts panel consuming anomaly events from Signals backend
- Create host coverage map visualization
- Add WebSocket/SSE integration for real-time event streaming
## E2E Test Plan
- **Setup**:
- [ ] Log in with a user that has appropriate permissions
- [ ] Navigate to the relevant page/section where this feature appears
- [ ] Ensure test data exists (scanned artifacts, SBOM data, or seed data as needed)
- **Core verification**:
- [ ] Verify the dashboard loads without errors and displays summary cards/metrics
- [ ] Verify data refreshes correctly and loading states are shown
- [ ] Verify empty state is displayed when no data is available
- **Edge cases**:
- [ ] Verify graceful handling when backend API is unavailable (error state)
- [ ] Verify responsive layout at different viewport sizes
- [ ] Verify accessibility (keyboard navigation, screen reader labels, ARIA attributes)

56
docs/features/unchecked/web/vex-gate.md Normal file
View File

@@ -0,0 +1,56 @@
# VEX Gate (Inline Gated Action with Evidence Tiers)
## Module
Web
## Status
IMPLEMENTED
## Description
The advisory proposed a VexGateButtonDirective that morphs primary action buttons into Green/Amber/Red gated actions with evidence sheets. VEX evidence and decision infrastructure exists (vex-evidence client, vex-decision-modal, evidence-ribbon). However, the specific VexGateButtonDirective and VexEvidenceSheetComponent with inline button morphing and tier-based gating were not found. The pattern is partially realized through separate VEX decision modals and evidence display components.
## What's Implemented
- **Existing components**:
- `ai-code-guard-badge` (`src/Web/StellaOps.Web/src/app/features/triage/components/ai-code-guard-badge/ai-code-guard-badge.component.ts`)
- `ai-recommendation-panel` (`src/Web/StellaOps.Web/src/app/features/triage/components/ai-recommendation-panel/ai-recommendation-panel.component.ts`)
- `attestation-viewer` (`src/Web/StellaOps.Web/src/app/features/triage/components/attestation-viewer/attestation-viewer.component.ts`)
- `bulk-action-modal` (`src/Web/StellaOps.Web/src/app/features/triage/components/bulk-action-modal/bulk-action-modal.component.ts`)
- `case-header` (`src/Web/StellaOps.Web/src/app/features/triage/components/case-header/case-header.component.ts`)
- `decision-drawer-enhanced` (`src/Web/StellaOps.Web/src/app/features/triage/components/decision-drawer/decision-drawer-enhanced.component.ts`)
- `decision-drawer` (`src/Web/StellaOps.Web/src/app/features/triage/components/decision-drawer/decision-drawer.component.ts`)
- `attestation-chain` (`src/Web/StellaOps.Web/src/app/features/triage/components/evidence-panel/attestation-chain.component.ts`)
- `backport-verdict-badge` (`src/Web/StellaOps.Web/src/app/features/triage/components/evidence-panel/backport-verdict-badge.component.ts`)
- `binary-diff-tab` (`src/Web/StellaOps.Web/src/app/features/triage/components/evidence-panel/binary-diff-tab.component.ts`)
- **Existing services**:
- `advisory-ai` (`src/Web/StellaOps.Web/src/app/features/triage/services/advisory-ai.service.ts`)
- `binary-diff-evidence` (`src/Web/StellaOps.Web/src/app/features/triage/services/binary-diff-evidence.service.ts`)
- `diff-evidence` (`src/Web/StellaOps.Web/src/app/features/triage/services/diff-evidence.service.ts`)
- `display-preferences` (`src/Web/StellaOps.Web/src/app/features/triage/services/display-preferences.service.ts`)
- `evidence-tab` (`src/Web/StellaOps.Web/src/app/features/triage/services/evidence-tab.service.ts`)
## What's Missing
- **VexGateButtonDirective**: No Angular directive that morphs primary action buttons (e.g., "Promote", "Release") into Green/Amber/Red gated states based on VEX verdict evidence tiers
- **VexEvidenceSheetComponent**: No inline evidence sheet that expands from a gated button to show the VEX evidence supporting the gate decision
- **Tier-based button color mapping**: No mapping from VEX evidence tier (Tier 1: full evidence, Tier 2: partial, Tier 3: no evidence) to button color states
- **Gate override with justification**: No inline flow for overriding a Red/Amber gate with a required justification text
## Implementation Plan
- Create `VexGateButtonDirective` that wraps action buttons with VEX gate logic and color state
- Create `VexEvidenceSheetComponent` for inline evidence display on gate button expansion
- Define evidence tier-to-color mapping (Green = all evidence, Amber = partial, Red = missing/contradictory)
- Add gate override flow requiring justification text for Red/Amber overrides
- Wire to existing `VexGateService` backend for gate evaluation data
## E2E Test Plan
- **Setup**:
- [ ] Log in with a user that has appropriate permissions
- [ ] Navigate to `/triage/artifacts`
- [ ] Ensure test data exists (scanned artifacts, SBOM data, or seed data as needed)
- **Core verification**:
- [ ] Verify the component renders correctly with sample data
- [ ] Verify interactive elements respond to user input
- [ ] Verify data is fetched and displayed from the correct API endpoints
- **Edge cases**:
- [ ] Verify graceful handling when backend API is unavailable (error state)
- [ ] Verify responsive layout at different viewport sizes
- [ ] Verify accessibility (keyboard navigation, screen reader labels, ARIA attributes)