feat(docs): Add comprehensive documentation for Vexer, Vulnerability Explorer, and Zastava modules
- Introduced AGENTS.md, README.md, TASKS.md, and implementation_plan.md for Vexer, detailing mission, responsibilities, key components, and operational notes. - Established similar documentation structure for Vulnerability Explorer and Zastava modules, including their respective workflows, integrations, and observability notes. - Created risk scoring profiles documentation outlining the core workflow, factor model, governance, and deliverables. - Ensured all modules adhere to the Aggregation-Only Contract and maintain determinism and provenance in outputs.
This commit is contained in:
41
docs/modules/ui/README.md
Normal file
41
docs/modules/ui/README.md
Normal file
@@ -0,0 +1,41 @@
|
||||
# StellaOps Console UI
|
||||
|
||||
The Console presents operator dashboards for scans, policies, VEX evidence, runtime posture, and admin workflows.
|
||||
|
||||
## Responsibilities
|
||||
- Render real-time status for ingestion, scanning, policy, and exports via SSE.
|
||||
- Provide policy editor, SBOM explorer, and advisory views with accessibility compliance.
|
||||
- Integrate with Authority for fresh-auth and scope enforcement.
|
||||
- Support offline bundles with deterministic build outputs.
|
||||
|
||||
## Key components
|
||||
- Angular 17 workspace under `src/UI/StellaOps.UI`.
|
||||
- Signals-based state management with `@ngrx/signals` store.
|
||||
- API client generator (`core/api`).
|
||||
|
||||
## Integrations & dependencies
|
||||
- Backend APIs (Scanner, Policy, Notify, Export Center, Attestor).
|
||||
- Authority for DPoP-protected calls.
|
||||
- Telemetry streams for observability dashboards.
|
||||
|
||||
## Operational notes
|
||||
- Auth smoke tests in ./operations/auth-smoke.md.
|
||||
- Console architecture doc for layout and SSE fan-out.
|
||||
- Accessibility and security guides in ../../ui/ & ../../security/.
|
||||
|
||||
## Related resources
|
||||
- ./operations/auth-smoke.md
|
||||
- ./console-architecture.md
|
||||
|
||||
## Backlog references
|
||||
- DOCS-CONSOLE-23-001 … DOCS-CONSOLE-23-003 baseline (done).
|
||||
- CONSOLE-OBS-52-001 tasks for observability updates.
|
||||
|
||||
## Epic alignment
|
||||
- **Epic 2 – Policy Engine & Editor:** deliver deterministic policy authoring, simulation, and explain UX.
|
||||
- **Epic 4 – Policy Studio:** implement registry workspace, approvals, and promotion workflows.
|
||||
- **Epic 5 – SBOM Graph Explorer:** surface graph navigation, overlays, and diff tools.
|
||||
- **Epic 6 – Vulnerability Explorer:** provide triage dashboards, findings ledger views, and audit exports.
|
||||
- **Epic 8 – Advisory AI:** embed advisory summaries, explanations, and remediation hints with citations.
|
||||
- **Epic 9 – Orchestrator Dashboard:** expose source/job monitoring with throttling and replay controls.
|
||||
- **Epic 11 – Notifications Studio:** deliver notifications workspace with rule/channel previews and audits.
|
||||
Reference in New Issue
Block a user