doctor and setup fixes
This commit is contained in:
master
@@ -9,7 +9,7 @@ This matrix defines which pack is authoritative for each capability and which pa
|
||||
|
||||
| Capability area | Authoritative pack(s) | Superseded packs | Notes |
|
||||
| --- | --- | --- | --- |
|
||||
| Global IA and naming | `pack-23.md`, `pack-22.md` | `pack-21.md` and lower for overlaps | Canonical roots are Dashboard, Releases, Security, Evidence, Topology, Platform, Administration. |
|
||||
| Global IA and naming | `pack-23.md`, `pack-22.md` | `pack-21.md` and lower for overlaps | Canonical roots are Mission Control, Releases, Security, Evidence, Topology, Platform. |
|
||||
| Dashboard mission control | `pack-22.md`, `pack-16.md` | `pack-01.md`, `pack-04.md`, `pack-08.md`, `pack-11.md` | Pack 22 defines posture framing; Pack 16 keeps detailed signal cards where unchanged. |
|
||||
| Releases lifecycle consolidation | `pack-22.md`, `pack-12.md`, `pack-13.md`, `pack-14.md`, `pack-17.md` | Standalone lifecycle module variants in older packs | Runs/deployments/promotions/hotfixes are views under Releases, not roots. |
|
||||
| Topology inventory and setup | `pack-22.md`, `pack-18.md` | Prior placements under Release Control and Platform Ops | Regions/env/targets/hosts/agents/workflows/gate profiles belong to Topology. |
|
||||
@@ -17,17 +17,17 @@ This matrix defines which pack is authoritative for each capability and which pa
|
||||
| Evidence and audit chain | `pack-22.md`, `pack-20.md` | `pack-03.md`, `pack-09.md`, `pack-11.md` | Evidence must be linked from Releases and Security decisions. |
|
||||
| Operations runtime posture | `pack-23.md`, `pack-15.md`, `pack-10.md` | `pack-03.md`, `pack-06.md`, `pack-09.md`, `pack-11.md` | Ops runs under Platform and owns runtime operability state; agents stay in Topology. |
|
||||
| Integrations configuration | `pack-23.md`, `pack-10.md`, `pack-21.md` | `pack-02.md`, `pack-05.md`, `pack-09.md` | Integrations runs under Platform and is limited to external systems/connectors. |
|
||||
| Administration governance | `pack-22.md`, `pack-21.md` | `pack-02.md`, `pack-05.md`, `pack-09.md`, `pack-11.md` | Identity/tenant/notification/usage/policy/system remain Administration-owned. |
|
||||
| Administration governance | `pack-22.md`, `pack-21.md` | `pack-02.md`, `pack-05.md`, `pack-09.md`, `pack-11.md` | Identity/tenant/notification/usage/policy/system remain admin-owned under `Platform -> Setup`. |
|
||||
|
||||
## B) Explicit higher-pack overrides
|
||||
|
||||
| Decision | Replaced guidance | Canonical guidance |
|
||||
| --- | --- | --- |
|
||||
| Root domain naming | `Release Control`, `Security & Risk`, `Evidence & Audit`, `Platform Ops` roots | `Releases`, `Security`, `Evidence`, `Platform`, plus `Topology` root (`pack-23.md`) |
|
||||
| Bundle naming | Bundle-first labels in packs 12/21 | UI term is `Release`; bundle semantics remain in data model (`pack-22.md`) |
|
||||
| Root domain naming | `Dashboard`, `Release Control`, `Security & Risk`, `Evidence & Audit`, `Platform Ops`, top-level `Administration` | `Mission Control`, `Releases`, `Security`, `Evidence`, `Topology`, `Platform` (`pack-23.md`) |
|
||||
| Bundle naming | Bundle-first labels in packs 12/21 | UI term is `Release Version`; bundle semantics remain in data model (`pack-22.md`) |
|
||||
| Lifecycle menu sprawl | Standalone Promotions, Deployments, Runs, Hotfixes menus | Lifecycle surfaces live under `Releases` list/detail/activity/approvals (`pack-22.md`) |
|
||||
| Region/environment nav placement | Deep menu under release-control variants | Global context selectors + Topology inventory pages (`pack-22.md`) |
|
||||
| Security navigation split | Separate VEX, Exceptions, SBOM Graph, SBOM Lake menus | Consolidated `Disposition` and `SBOM Explorer` surfaces (`pack-22.md`) |
|
||||
| Security navigation split | Separate VEX, Exceptions, SBOM Graph, SBOM Lake menus | Consolidated `Disposition Center` and `SBOM` surfaces (`pack-22.md`) |
|
||||
| Feed and VEX source setup placement | Security-owned advisory sources setup variants | Integrations-owned feed/source configuration (`pack-22.md`) |
|
||||
| Agent module placement | Platform Ops ownership variants | `Topology -> Agents` (`pack-22.md`) |
|
||||
|
||||
@@ -66,3 +66,15 @@ For sprint planning, use raw packs only through this sequence:
|
||||
1. Find capability in Section A.
|
||||
2. Start with listed authoritative pack(s).
|
||||
3. Open superseded packs only for migration context or missing implementation detail.
|
||||
|
||||
## E) UI RBAC visibility matrix
|
||||
|
||||
| Surface | Primary scope gate (`any`) | Fallback/notes |
|
||||
| --- | --- | --- |
|
||||
| Mission Control root | `ui.read`, `release:read`, `scanner:read`, `sbom:read` | Redirect unauthorized users to `/console/profile`. |
|
||||
| Releases root | `release:read`, `release:write`, `release:publish` | Approvals queue additionally expects approval/governance scopes. |
|
||||
| Security root | `scanner:read`, `sbom:read`, `advisory:read`, `vex:read`, `exception:read`, `findings:read`, `vuln:view` | Disposition and SBOM tabs remain visible only when parent root is visible. |
|
||||
| Evidence root | `release:read`, `policy:audit`, `authority:audit.read`, `signer:read`, `vex:export` | Trust mutation routes stay under `Platform -> Setup`. |
|
||||
| Topology root | `release:read`, `orch:read`, `orch:operate`, `ui.admin` | Includes regions/env, targets/runtimes, and agent fleet. |
|
||||
| Platform root | `ui.admin`, `orch:read`, `orch:operate`, `health:read`, `notify.viewer` | Covers ops, integrations, and setup/admin surfaces. |
|
||||
| Legacy alias roots (`/operations`, `/integrations`, `/administration`, `/platform-ops`) | Same gate as Platform root | Alias-window only; tracked by `legacy_route_hit` telemetry. |
|
||||
|
||||
Reference in New Issue
Block a user