stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 3 Releases Wiki Activity

feat(ui): ship policy decisioning studio

Browse Source
This commit is contained in:
master
2026-03-08 01:35:18 +02:00
parent 8ee40b56e9
commit 6e00a48e00
57 changed files with 3637 additions and 333 deletions
Download Patch File Download Diff File Expand all files Collapse all files

218
docs/modules/ui/policy-decisioning-studio/README.md
View File

@@ -1,172 +1,132 @@
# Policy Decisioning Studio
## Recommendation
Create one dynamic sub-product shell, not one giant page and not three separate sibling products.
## Status
Shipped on 2026-03-07.
## Product Shape
- Canonical mount: `/ops/policy`
- Suggested user-facing title: `Decisioning Studio`
- Suggested nav label for now: keep `Policy` to avoid unnecessary IA churn during rollout
- User-facing title: `Policy Decisioning Studio`
- Active primary tabs: `Overview`, `Packs`, `Governance`, `Simulation`, `VEX & Exceptions`, `Release Gates`, `Audit`
- Supported modes: `global`, `pack`, `release-context`, plus non-owning `approval`, `workflow`, and `evidence` context chips
This shell should unify the current policy workspace, policy governance, policy simulation, and the actionable parts of VEX conflict resolution into one product surface with deep-linkable tabs and a shared context model.
This is now the canonical mutable owner for policy packs, governance controls, policy simulation, VEX resolution, exception handling, release-gate review, and policy/VEX audit.
## Why This Is The Right Shape
- Policy authoring, governance, simulation, VEX overrides, exceptions, and release gates are all parts of one decisioning workflow.
- Release Orchestrator is a consumer of policy/VEX decisions, not a second owner of those UIs.
- The current split creates duplicated mental models: packs live in one branch, governance in another, simulation in another, and VEX conflicts off to the side.
- A single shell allows one shared context header for tenant, pack, environment, artifact digest, and release.
- Deep-linkable child routes preserve auditability and operator workflows better than a modal-heavy or single-scroll design.
## Product Modes
The shell should support three modes without forking the UI into separate apps.
### 1. Global Mode
- Used by policy admins and security operators.
- Focus: pack inventory, governance controls, simulations, trust/VEX posture, gate policy defaults.
### 2. Pack Mode
- Used when the user is working on a specific policy pack.
- Focus: editing, YAML, rule builder, approvals, explain traces, simulation for one pack.
### 3. Release Context Mode
- Entered from Release Orchestrator deep links.
- Context is pinned in the shell header: `releaseId`, `environment`, `artifactDigest`, `approvalId`, and effective policy bundle.
- Focus: "why is this promotion blocked / allowed?" rather than general administration.
## Recommended IA
### Primary tabs
- `Overview`
- decision board for active packs, pending approvals, open conflicts, shadow-mode readiness, and gate health
- `Packs`
- policy pack inventory and pack-scoped workspace
- `Governance`
- risk budgets, trust weights, staleness, sealed mode, profiles, validator, governance audit
- `Simulation`
- shadow mode, console, coverage, effective policy, diff, merge preview, history, batch evaluation
- `VEX & Exceptions`
- VEX conflicts, consensus review, overrides, exception queue, exception detail, rationale capture
- `Release Gates`
- gate catalog, environment-specific gate policy, release-context gate evaluation, promotion readiness
- `Audit`
- immutable policy/VEX decision history, evidence pointers, exports, explain traces
### Secondary navigation
- Use child tabs inside the active primary tab.
- Use a contextual right rail for evidence, explain traces, or release summary.
- Never hide critical release-decision screens behind modal-only flows.
## Route Contract
Keep `/ops/policy` as the canonical root and move the product to a single route tree.
## Shipped Route Contract
### Canonical routes
- `/ops/policy`
- `/ops/policy/overview`
- `/ops/policy/packs`
- `/ops/policy/packs/:packId`
- `/ops/policy/packs/:packId/edit`
- `/ops/policy/packs/:packId/rules`
- `/ops/policy/packs/:packId/yaml`
- `/ops/policy/packs/:packId/approvals`
- `/ops/policy/packs/:packId/simulate`
- `/ops/policy/packs/:packId/explain/:runId`
- `/ops/policy/governance/...`
- `/ops/policy/simulation/...`
- `/ops/policy/vex`
- `/ops/policy/vex/search`
- `/ops/policy/vex/search/detail/:id`
- `/ops/policy/vex/create`
- `/ops/policy/vex/stats`
- `/ops/policy/vex/consensus`
- `/ops/policy/vex/explorer`
- `/ops/policy/vex/conflicts`
- `/ops/policy/vex/conflicts/:conflictId`
- `/ops/policy/exceptions`
- `/ops/policy/exceptions/:exceptionId`
- `/ops/policy/vex/exceptions`
- `/ops/policy/vex/exceptions/approvals`
- `/ops/policy/vex/exceptions/:exceptionId`
- `/ops/policy/gates`
- `/ops/policy/gates/catalog`
- `/ops/policy/gates/simulate/:promotionId`
- `/ops/policy/gates/environments/:environment`
- `/ops/policy/gates/releases/:releaseId`
- `/ops/policy/audit`
- `/ops/policy/gates/approvals/:approvalId`
- `/ops/policy/audit/policy`
- `/ops/policy/audit/vex`
- `/ops/policy/audit/log`
- `/ops/policy/audit/log/events`
### Alias and migration rules
- Legacy `/policy-studio/*` routes redirect into `/ops/policy/packs/*`
- `/admin/policy/governance` and `/admin/policy/simulation` redirect into `/ops/policy/governance/*` and `/ops/policy/simulation/*`
- `/admin/vex-hub/*` should redirect into `/ops/policy/vex/*` for mutating and conflict-resolution flows
- If Analyze keeps a VEX entry point, it should deep-link into the same shell in read-only context instead of owning a separate VEX product
### Legacy aliases kept live
- `/policy-studio/*`
- `/policy/*`
- `/admin/policy/governance*`
- `/admin/policy/simulation*`
- `/admin/vex-hub*`
- `/security/vex*`
- `/security/exceptions*`
- `/administration/policy*`
- `/administration/policy-governance*`
## What To Merge
## Shipped Merge Boundary
### Merge into `Packs`
### Packs
- `PolicyWorkspaceComponent`
- `PolicyDashboardComponent`
- `PolicyEditorComponent`
- `PolicyYamlEditorComponent`
- `PolicyRuleBuilderComponent`
- `PolicyYamlEditorComponent`
- `PolicyApprovalsComponent`
- `PolicyExplainComponent`
- `PolicyDashboardComponent`
### Merge into `Governance`
- `PolicyGovernanceComponent` shell
- risk budget, trust weighting, staleness, sealed mode, profiles, validator, audit, conflicts, schema tools
### Governance
- Existing `policy-governance.routes.ts` subtree mounted under `/ops/policy/governance`
- Settings, impact-preview, profile, trust-weight, and schema surfaces now point to the canonical shell
### Merge into `Simulation`
- `SimulationDashboardComponent` shell
- shadow mode, console, lint, coverage, effective policy, audit, diff, promotion, merge preview, history, batch
### Simulation
- Existing `policy-simulation.routes.ts` subtree mounted under `/ops/policy/simulation`
- Internal simulation navigation updated to stay inside the canonical route family
### Merge into `VEX & Exceptions`
- `VexConflictResolutionComponent`
- preserved ideas from `VexConflictStudioComponent`
- exception queue and exception detail flows
- VEX consensus and trust-weighted decision support
### VEX and exceptions
- Existing `vex-hub` components mounted under `/ops/policy/vex`
- Security VEX and exception aliases now redirect into the canonical VEX subtree
- Mutable VEX actions are no longer owned by a separate Security shell
### Merge into `Release Gates`
- promotion gate surfaces from policy simulation
- environment gate policy editors
- release-context verdict page used by Release Orchestrator
### Gates and audit
- Canonical release-gate page at `/ops/policy/gates*`
- Canonical policy/VEX audit owner under `/ops/policy/audit*`
## Release Orchestrator Integration
Release Orchestrator should link into this shell instead of growing a parallel policy UI.
### Shipped entry points
- approvals detail
- promotion request
- release detail
- workflow editor
- evidence detail
### Entry points from releases
- approval detail -> open gate verdict in release context mode
- promotion request -> open readiness checklist in release context mode
- release detail -> open effective policy + VEX posture for this artifact
- workflow editor -> deep link to gate catalog / policy pack used by the workflow
- evidence detail -> deep link to policy and VEX rationale bound to the promotion
### Shipped context fields
- `releaseId`
- `approvalId`
- `environment`
- `artifact` / `bundleDigest`
- `workflowId`
- `evidenceId`
- `returnTo`
### Required release-context panel
- active release / approval identifier
- environment lane
- artifact digest / subject digest
- effective policy pack and version
- gate verdict summary
- open conflicts or missing evidence
- CTA back to release flow
Release Orchestrator still owns promotion state and workflow execution. Decisioning Studio owns policy and VEX authoring, mutation, and explanation.
### Ownership rule
- Release Orchestrator owns promotion state and workflow execution
- Decisioning Studio owns policy authoring, governance, VEX resolution, exceptions, and gate explanation
## Secondary Entry Points Updated
- `Security Overview`
- `Security Exceptions`
- `Vulnerability Detail`
- `Home Dashboard`
- `Policy Governance Settings`
- `Evidence Audit`
- `Timeline Evidence Links`
- `Policy baseline chip`
- global search VEX normalization
## UI Standards For Implementation
## Retired Or Superseded Writable Owners
- standalone `Policy Studio` product label
- standalone `VEX Hub` mutable owner
- mutable `policy/*` writable paths
- mutable `security/vex*` owner paths
- One shell component with child router outlets, not duplicated top-level pages
- Page-owned context and self-serve guidance
- Stable deep links for every tab and subview
- Scope-aware tabs that hide or disable only what the operator cannot act on
- Shared evidence and explain cards reused across policy, VEX, and release contexts
- Deterministic loading order and route aliases so legacy bookmarks remain functional during rollout
These names survive only as temporary redirect aliases where needed for bookmark continuity.
## Non-Goals
- Do not move all security exploration into this shell; read-only security analytics can remain elsewhere if they deep-link into the same canonical decisioning routes when action is required.
- Do not let Release Orchestrator fork its own policy editor or VEX conflict UI.
- Do not collapse everything into one scroll page; operators need stable, bookmarkable subviews.
## Source Inputs
- `docs/contracts/policy-studio.md`
- `docs/security/policy-governance.md`
- `docs/modules/release-orchestrator/ui/overview.md`
- `docs/modules/release-orchestrator/workflow/evidence-based-release-gates.md`
- `docs/modules/ui/component-preservation-map/README.md`
- `src/Web/StellaOps.Web/src/app/features/policy-governance/policy-governance.routes.ts`
- `src/Web/StellaOps.Web/src/app/features/policy-simulation/policy-simulation.routes.ts`
- `src/Web/StellaOps.Web/src/app/features/vex-hub/vex-hub.routes.ts`
- `src/Web/StellaOps.Web/src/app/routes/ops.routes.ts`
- `src/Web/StellaOps.Web/src/app/routes/administration.routes.ts`
## Verification Evidence
- feature verification note: `docs/features/checked/web/policy-decisioning-studio-ui.md`
- targeted Angular tests: `94` passing assertions across route, shell, redirect, workflow, evidence, and search coverage
- Playwright: `4/4` passing scenarios for global mode, pack mode, release-context mode, and security VEX alias redirect
- production build: pass, with existing unrelated bundle-budget warnings