up

docs/modules/ui/architecture.md

@@ -44,8 +44,9 @@
  ├─ scans/                # scan list, detail, SBOM viewer, diff-by-layer, EntryTrace
  ├─ runtime/              # Zastava posture, drift events, admission decisions
  ├─ policy/               # rules editor (YAML/Rego), exemptions, previews
- ├─ vex/                  # VEX explorer (claims, consensus, conflicts)
- ├─ concelier/              # source health, export cursors, rebuild/export triggers
+ ├─ vex/                  # VEX explorer (claims, consensus, conflicts)
+ ├─ triage/               # vulnerability triage (artifact-first), VEX decisions, audit bundles
+ ├─ concelier/              # source health, export cursors, rebuild/export triggers
  ├─ attest/               # attestation proofs, verification bundles, Rekor links
  ├─ admin/                # tenants, roles, clients, quotas, licensing posture
  └─ plugins/              # route plug-ins (lazy remote modules, governed)
@@ -106,14 +107,23 @@ Each feature folder builds as a **standalone route** (lazy loaded). All HTTP sha
 * **Proofs list**: last 7 days Rekor entries; filter by kind (sbom/report/vex).
 * **Verification**: paste UUID or upload bundle → verify; result with explanations (chain, Merkle path).
 
-### 3.8 Admin
-
-* **Tenants/Installations**: view/edit, isolation hints.
-* **Clients & roles**: Authority clients, role→scope mapping, rotation hints.
-* **Quotas**: per license plan, counters, throttle events.
-* **Licensing posture**: last PoE introspection snapshot (redacted), release window.
-
----
+### 3.8 Admin
+ 
+* **Tenants/Installations**: view/edit, isolation hints.
+* **Clients & roles**: Authority clients, role→scope mapping, rotation hints.
+* **Quotas**: per license plan, counters, throttle events.
+* **Licensing posture**: last PoE introspection snapshot (redacted), release window.
+
+### 3.9 Vulnerability triage (VEX-first)
+
+* **Routes**: `/triage/artifacts`, `/triage/artifacts/:artifactId`, `/triage/audit-bundles`, `/triage/audit-bundles/new`.
+* **Workspace**: artifact-first split layout (finding cards on the left; explainability tabs on the right: Overview, Reachability, Policy, Attestations).
+* **VEX decisions**: evidence-first VEX modal with scope + validity + evidence links; bulk apply supported; uses `/v1/vex-decisions`.
+* **Audit bundles**: "Create immutable audit bundle" UX to build and download an evidence pack; uses `/v1/audit-bundles`.
+* **Schemas**: `docs/schemas/vex-decision.schema.json`, `docs/schemas/attestation-vuln-scan.schema.json`, `docs/schemas/audit-bundle-index.schema.json`.
+* **Reference**: `docs/product-advisories/archived/27-Nov-2025-superseded/28-Nov-2025 - Vulnerability Triage UX & VEX-First Decisioning.md`.
+ 
+---
 
 ## 4) Auth, sessions & RBAC