stabilizaiton work - projects rework for maintenanceability and ui livening

docs/modules/README.md

@@ -75,7 +75,7 @@ This directory contains architecture documentation for all StellaOps modules.
 |--------|------|-------------|
 | [CLI](./cli/) | `src/Cli/` | Command-line interface (Native AOT) |
 | [Zastava](./zastava/) | `src/Zastava/` | Container registry webhook observer |
-| [Web/UI](./ui/) | `src/Web/` | Angular 17 frontend SPA |
+| [Web/UI](./ui/) | `src/Web/` | Angular 21 frontend SPA |
 | [API](./api/) | `src/Api/` | OpenAPI contracts and governance |
 | [Registry](./registry/) | `src/Registry/` | Container registry integration |
 

docs/modules/authority/fixtures/auth-ten-47-001.json

@@ -1,6 +1,6 @@
 {
   "tenantId": "urn:tenant:00000000-0000-0000-0000-000000000000",
-  "issuer": "https://auth.stellaops.local",
+  "issuer": "https://authority.stella-ops.local",
   "scopes": ["concelier.read", "concelier.linkset.write"],
   "capabilities": {
     "mergeAllowed": false,

docs/modules/ui/LINEAGE_SMARTDIFF_UI_GUIDE.md

@@ -13,7 +13,7 @@ This document provides comprehensive guidance for implementing the Smart-Diff an
 
 1. [Architecture Overview](#architecture-overview)
 2. [Existing Component Inventory](#existing-component-inventory)
-3. [Angular 17 Patterns](#angular-17-patterns)
+3. [Angular 21 Patterns](#angular-21-patterns)
 4. [State Management](#state-management)
 5. [Visualization Techniques](#visualization-techniques)
 6. [Styling System](#styling-system)
@@ -120,7 +120,7 @@ src/app/
 
 ---
 
-## Angular 17 Patterns
+## Angular 21 Patterns
 
 ### Standalone Components
 
@@ -150,7 +150,7 @@ export class ExplainerStepComponent {
 
 ### Input/Output with Signals
 
-Angular 17 signal-based inputs:
+Angular 21 signal-based inputs:
 
 ```typescript
 // Modern approach (preferred)
@@ -178,7 +178,7 @@ export class MyComponent {
 
 ### Template Control Flow
 
-Use new Angular 17 control flow syntax:
+Use Angular 21 built-in control flow syntax:
 
 ```typescript
 // In template

docs/modules/ui/README.md

@@ -19,7 +19,7 @@ The Console presents operator dashboards for scans, policies, VEX evidence, runt
 - Support offline bundles with deterministic build outputs.
 
 ## Key components
-- Angular 17 workspace under `src/Web/StellaOps.Web`.
+- Angular 21 workspace under `src/Web/StellaOps.Web`.
 - Signals-based state management with `@ngrx/signals` store.
 - API client generator (`core/api`).
 
@@ -60,7 +60,7 @@ The Console presents operator dashboards for scans, policies, VEX evidence, runt
 - Epic 11 – Notifications Studio: notifications workspace with previews, audit trails (planned)
 
 ### Core Capabilities
-- Angular 17 workspace with signals-based state management (@ngrx/signals)
+- Angular 21 workspace with signals-based state management (@ngrx/signals)
 - Real-time status via SSE for ingestion, scanning, policy, exports
 - Authority integration: fresh-auth with DPoP-protected calls, scope enforcement
 - Accessibility compliance and offline bundle support

docs/modules/ui/architecture-rework.md

@@ -101,7 +101,7 @@ CONTROL PLANE / RELEASES / APPROVALS / SECURITY / EVIDENCE / OPERATIONS / SETTIN
 
 ---
 
-## 4) Folder Structure (Angular 17+ Standalone)
+## 4) Folder Structure (Angular 21 Standalone)
 
 ```
 src/app/

docs/modules/ui/architecture.md

@@ -22,13 +22,13 @@
 
 ## 1) Technology baseline
 
-* **Framework**: Angular 17+ (Stand‑alone APIs / Signals), TypeScript 5.
+* **Framework**: Angular 21 (Stand‑alone APIs / Signals), TypeScript 5.9.
 * **Styling**: Tailwind CSS + headless component patterns; CSS variables for theming.
 * **Charts**: Lightweight SVG (uPlot or Apache ECharts via on‑demand import).
 * **State**: Angular **Signals** + `@ngrx/signals` store for cross‑page slices.
 * **Transport**: `fetch` + RxJS interop; **SSE** (EventSource) for progress streams.
 * **Build**: Angular CLI + Vite builder.
-* **Testing**: Jest + Testing Library, Playwright for e2e.
+* **Testing**: Vitest + Testing Library, Playwright for e2e.
 * **Packaging**: Containerized NGINX (immutable assets, ETag + content hashing).
 * **Observability docs**: runbook + Grafana JSON stub in `operations/observability.md` and `operations/dashboards/console-ui-observability.json` (offline import).
 
@@ -178,18 +178,18 @@ Each feature folder builds as a **standalone route** (lazy loaded). All HTTP sha
   - Kernel/privilege preflight checks for eBPF/ETW observers.
   - Helm and systemd install templates.
   - Agent download and registration flow.
-* **Models**: `integration.models.ts` defines `IntegrationDraft`, `IntegrationProvider`, `WizardStep`, `PreflightCheck`, `AuthMethod`, and provider constants.
-
-### 3.12 Advisor (Ask Stella)
-
-* **Chat panel** scoped to the current artifact, CVE, or release, with citations and evidence chips.
-* **Citations and Evidence** drawer lists object refs (SBOM, VEX, scan IDs) and hashes.
-* **Action confirmation** modal required for any tool action; disabled when policy denies.
-* **Budget indicators** show quota or token budget exhaustion with retry hints.
-
----
-
-## 4) Auth, sessions & RBAC
+* **Models**: `integration.models.ts` defines `IntegrationDraft`, `IntegrationProvider`, `WizardStep`, `PreflightCheck`, `AuthMethod`, and provider constants.
+
+### 3.12 Advisor (Ask Stella)
+
+* **Chat panel** scoped to the current artifact, CVE, or release, with citations and evidence chips.
+* **Citations and Evidence** drawer lists object refs (SBOM, VEX, scan IDs) and hashes.
+* **Action confirmation** modal required for any tool action; disabled when policy denies.
+* **Budget indicators** show quota or token budget exhaustion with retry hints.
+
+---
+
+## 4) Auth, sessions & RBAC
 
 ### 4.1 OIDC flow
 

docs/modules/ui/console-architecture.md

@@ -32,13 +32,13 @@ The console is implemented in `src/Web/StellaOps.Web`, an Angular 17 workspace
 | `src/app/core/api` | Typed API clients for Console gateway (`/console/*`) and downstream services. | DTOs for Scanner, Notify, Concelier exporters; fetch-based clients with abort signals. |
 | `src/app/core/config` | Runtime configuration loader (`/config.json`), feature flag gating. | Supports air-gap overrides and injects API base URLs, Authority issuer/client. |
 | `src/app/features/*` | Route-level shells (auth bootstrap, scans detail, notifications inbox, Trivy DB settings). | Each feature is a standalone module with lazy loading and Angular Signals state. |
-| `src/app/testing` | Fixtures and harnesses used in unit tests and storybook-like previews. | Deterministic data used for Playwright and Jest scenarios. |
+| `src/app/testing` | Fixtures and harnesses used in unit tests and storybook-like previews. | Deterministic data used for Playwright and Vitest scenarios. |
 
 Workspace characteristics:
 
-- **Toolchain:** Node 20.11+, npm 10.2+, Angular CLI 17.3. `npm run ci:install` primes dependencies without network audits; `scripts/verify-chromium.js` ensures headless Chromium availability for Karma.  
+- **Toolchain:** Node 20.11+, npm 10.2+, Angular CLI 21.1. `npm run ci:install` primes dependencies without network audits; `scripts/verify-chromium.js` ensures headless Chromium availability for Playwright e2e.  
 - **Build budgets:** `angular.json` enforces 500 KB warning / 1 MB error for initial bundle and 2 KB warning / 4 KB error per component stylesheet. Output hashing (`outputHashing: all`) keeps assets cache-safe.  
-- **Testing:** Karma + Jasmine for unit tests, Playwright for e2e with dev server autotuning. CI (`DEVOPS-CONSOLE-23-001`) runs Lighthouse against the production bundle.  
+- **Testing:** Vitest for unit tests, Playwright for e2e with dev server autotuning. CI (`DEVOPS-CONSOLE-23-001`) runs Lighthouse against the production bundle.  
 - **Runtime config:** `/config.json` merged at bootstrap; gateways can rewrite it on the fly to avoid rebuilding for environment changes.
 
 ---

docs/modules/web/README.md

@@ -8,12 +8,12 @@
 
 ## Purpose
 
-Web provides the Angular 17 single-page application (SPA) frontend for StellaOps. Delivers the user interface for vulnerability exploration, policy management, scan results, SBOM visualization, and administrative functions.
+Web provides the Angular 21 single-page application (SPA) frontend for StellaOps. Delivers the user interface for vulnerability exploration, policy management, scan results, SBOM visualization, and administrative functions.
 
 ## Components
 
 **Application:**
-- `StellaOps.Web` - Angular 17 application with TypeScript, routing, and component library
+- `StellaOps.Web` - Angular 21 application with TypeScript, routing, and component library
 
 **Key Features:**
 - Dashboard and vulnerability overview
@@ -82,4 +82,4 @@ npx playwright test
 
 ## Current Status
 
-Angular 17 application implemented with routing, authentication, and integration with backend services. Supports vulnerability exploration, scan results, SBOM visualization, and policy management. Playwright E2E tests configured.
+Angular 21 application implemented with routing, authentication, and integration with backend services. Supports vulnerability exploration, scan results, SBOM visualization, and policy management. Playwright E2E tests configured.

docs/modules/web/architecture.md

@@ -1,8 +1,8 @@
 # component_architecture_web.md - **Stella Ops Web** (2025Q4)
 
-> Angular 17 frontend SPA for StellaOps console.
+> Angular 21 frontend SPA for StellaOps console.
 
-> **Scope.** Frontend architecture for **Web**: the Angular 17 single-page application providing the StellaOps console interface.
+> **Scope.** Frontend architecture for **Web**: the Angular 21 single-page application providing the StellaOps console interface.
 
 > **Note:** For the comprehensive Web UI architecture including all features, see [`../ui/architecture.md`](../ui/architecture.md). This file provides a condensed overview.
 
@@ -54,7 +54,7 @@ src/Web/StellaOps.Web/
 
 ## 2) Technology stack
 
-* **Framework**: Angular 17 with standalone components
+* **Framework**: Angular 21 with standalone components
 * **State management**: NgRx Signals
 * **UI components**: Angular Material
 * **HTTP**: Angular HttpClient with interceptors