save checkpoint

docs/features/checked/web/web-gateway-graph-platform-client.md

@@ -0,0 +1,37 @@
+# Web Gateway Graph Platform Client (Tiles, Search, Paths, Exports)
+
+## Module
+Web
+
+## Status
+IMPLEMENTED
+
+## Description
+Web gateway client for Graph Platform APIs with tile streaming, search, path queries, export (GraphML/NDJSON/CSV/PNG/SVG), asset snapshots, adjacency queries, and AOC overlay pass-through, all with tenant scoping and RBAC.
+
+## Implementation Details
+- **Feature directory**: `src/Web/StellaOps.Web/src/app/features/graph/`
+- **Components**:
+  - `graph-canvas` (`src/Web/StellaOps.Web/src/app/features/graph/graph-canvas.component.ts`)
+  - `graph-explorer` (`src/Web/StellaOps.Web/src/app/features/graph/graph-explorer.component.ts`)
+  - `graph-filters` (`src/Web/StellaOps.Web/src/app/features/graph/graph-filters.component.ts`)
+  - `graph-hotkey-help` (`src/Web/StellaOps.Web/src/app/features/graph/graph-hotkey-help.component.ts`)
+  - `graph-overlays` (`src/Web/StellaOps.Web/src/app/features/graph/graph-overlays.component.ts`)
+  - `graph-side-panels` (`src/Web/StellaOps.Web/src/app/features/graph/graph-side-panels.component.ts`)
+- **Services**:
+  - `graph-accessibility` (`src/Web/StellaOps.Web/src/app/features/graph/graph-accessibility.service.ts`)
+- **Source**: SPRINT_0213_0001_0002_web_ii.md
+
+## E2E Test Plan
+- **Setup**:
+  - [ ] Log in with a user that has appropriate permissions
+  - [ ] Navigate to `/graph`
+  - [ ] Ensure test data exists (scanned artifacts, SBOM data, or seed data as needed)
+- **Core verification**:
+  - [ ] Verify the visualization renders correctly with sample data
+  - [ ] Verify interactive elements (hover tooltips, click-to-drill-down) work
+  - [ ] Verify the visualization handles empty/minimal data gracefully
+- **Edge cases**:
+  - [ ] Verify graceful handling when backend API is unavailable (error state)
+  - [ ] Verify responsive layout at different viewport sizes
+  - [ ] Verify accessibility (keyboard navigation, screen reader labels, ARIA attributes)

docs/features/checked/web/web-gateway-observability-surfaces.md

@@ -0,0 +1,31 @@
+# Web Gateway Observability Surfaces (Health, SLO, Traces, Logs, Incident Mode)
+
+## Module
+Web
+
+## Status
+IMPLEMENTED
+
+## Description
+Web gateway observability client providing health aggregation, SLO burn-rate metrics with exemplar links, distributed trace inspection, structured log queries, evidence/attestation pass-through, incident mode toggle, and sealed-mode status APIs.
+
+## Implementation Details
+- **Feature directory**: `src/Web/StellaOps.Web/src/app/core/telemetry/`
+- **Services**:
+  - `telemetry-sampler` (`src/Web/StellaOps.Web/src/app/core/telemetry/telemetry-sampler.service.ts`)
+  - `ttfs-telemetry` (`src/Web/StellaOps.Web/src/app/core/telemetry/ttfs-telemetry.service.ts`)
+- **Source**: SPRINT_0214_0001_0001_web_iii.md
+
+## E2E Test Plan
+- **Setup**:
+  - [ ] Log in with a user that has appropriate permissions
+  - [ ] Navigate to the relevant page/section where this feature appears
+  - [ ] Ensure test data exists (scanned artifacts, SBOM data, or seed data as needed)
+- **Core verification**:
+  - [ ] Verify the component renders correctly with sample data
+  - [ ] Verify interactive elements respond to user input
+  - [ ] Verify data is fetched and displayed from the correct API endpoints
+- **Edge cases**:
+  - [ ] Verify graceful handling when backend API is unavailable (error state)
+  - [ ] Verify responsive layout at different viewport sizes
+  - [ ] Verify accessibility (keyboard navigation, screen reader labels, ARIA attributes)

docs/features/checked/web/web-gateway-openapi-discovery-with-deprecation-and-idempotency.md

@@ -0,0 +1,39 @@
+# Web Gateway OpenAPI Discovery with Deprecation and Idempotency
+
+## Module
+Web
+
+## Status
+IMPLEMENTED
+
+## Description
+Gateway OpenAPI discovery endpoint with ETag caching, standard error envelope migration, cursor pagination normalization, Idempotency-Key support, and deprecation header middleware with Sunset link emission.
+
+## Implementation Details
+- **Feature directory**: `src/Web/StellaOps.Web/src/app/core/api/`
+- **Services**:
+  - `gateway-metrics` (`src/Web/StellaOps.Web/src/app/core/api/gateway-metrics.service.ts`)
+  - `policy-interop` (`src/Web/StellaOps.Web/src/app/core/api/policy-interop.service.ts`)
+  - `reachability-integration` (`src/Web/StellaOps.Web/src/app/core/api/reachability-integration.service.ts`)
+  - `vuln-export-orchestrator` (`src/Web/StellaOps.Web/src/app/core/api/vuln-export-orchestrator.service.ts`)
+- **Models**:
+  - `src/Web/StellaOps.Web/src/app/core/api/advisories.models.ts`
+  - `src/Web/StellaOps.Web/src/app/core/api/advisory-ai.models.ts`
+  - `src/Web/StellaOps.Web/src/app/core/api/ai-runs.models.ts`
+  - `src/Web/StellaOps.Web/src/app/core/api/analytics.models.ts`
+  - `src/Web/StellaOps.Web/src/app/core/api/aoc.models.ts`
+- **Source**: SPRINT_0214_0001_0001_web_iii.md
+
+## E2E Test Plan
+- **Setup**:
+  - [ ] Log in with a user that has appropriate permissions
+  - [ ] Navigate to the relevant page/section where this feature appears
+  - [ ] Ensure test data exists (scanned artifacts, SBOM data, or seed data as needed)
+- **Core verification**:
+  - [ ] Verify the component renders correctly with sample data
+  - [ ] Verify interactive elements respond to user input
+  - [ ] Verify data is fetched and displayed from the correct API endpoints
+- **Edge cases**:
+  - [ ] Verify graceful handling when backend API is unavailable (error state)
+  - [ ] Verify responsive layout at different viewport sizes
+  - [ ] Verify accessibility (keyboard navigation, screen reader labels, ARIA attributes)

docs/features/checked/web/web-gateway-signals-and-reachability-proxy.md

@@ -0,0 +1,39 @@
+# Web Gateway Signals and Reachability Proxy
+
+## Module
+Web
+
+## Status
+IMPLEMENTED
+
+## Description
+Gateway proxy for reachability signals providing call-graph queries, reachability state lookups, and runtime evidence retrieval through the web API layer for UI consumption.
+
+## Implementation Details
+- **Feature directory**: `src/Web/StellaOps.Web/src/app/core/api/`
+- **Services**:
+  - `gateway-metrics` (`src/Web/StellaOps.Web/src/app/core/api/gateway-metrics.service.ts`)
+  - `policy-interop` (`src/Web/StellaOps.Web/src/app/core/api/policy-interop.service.ts`)
+  - `reachability-integration` (`src/Web/StellaOps.Web/src/app/core/api/reachability-integration.service.ts`)
+  - `vuln-export-orchestrator` (`src/Web/StellaOps.Web/src/app/core/api/vuln-export-orchestrator.service.ts`)
+- **Models**:
+  - `src/Web/StellaOps.Web/src/app/core/api/advisories.models.ts`
+  - `src/Web/StellaOps.Web/src/app/core/api/advisory-ai.models.ts`
+  - `src/Web/StellaOps.Web/src/app/core/api/ai-runs.models.ts`
+  - `src/Web/StellaOps.Web/src/app/core/api/analytics.models.ts`
+  - `src/Web/StellaOps.Web/src/app/core/api/aoc.models.ts`
+- **Source**: SPRINT_0216_0001_0001_web_v.md
+
+## E2E Test Plan
+- **Setup**:
+  - [ ] Log in with a user that has appropriate permissions
+  - [ ] Navigate to the relevant page/section where this feature appears
+  - [ ] Ensure test data exists (scanned artifacts, SBOM data, or seed data as needed)
+- **Core verification**:
+  - [ ] Verify the component renders correctly with sample data
+  - [ ] Verify interactive elements respond to user input
+  - [ ] Verify data is fetched and displayed from the correct API endpoints
+- **Edge cases**:
+  - [ ] Verify graceful handling when backend API is unavailable (error state)
+  - [ ] Verify responsive layout at different viewport sizes
+  - [ ] Verify accessibility (keyboard navigation, screen reader labels, ARIA attributes)

docs/features/checked/web/web-gateway-vex-consensus-proxy.md

@@ -0,0 +1,39 @@
+# Web Gateway VEX Consensus Proxy
+
+## Module
+Web
+
+## Status
+IMPLEMENTED
+
+## Description
+Gateway proxy for VEX consensus engine providing multi-source consensus queries, trust scoring, and quorum verification through the web API layer with tenant and ABAC enforcement.
+
+## Implementation Details
+- **Feature directory**: `src/Web/StellaOps.Web/src/app/core/api/`
+- **Services**:
+  - `gateway-metrics` (`src/Web/StellaOps.Web/src/app/core/api/gateway-metrics.service.ts`)
+  - `policy-interop` (`src/Web/StellaOps.Web/src/app/core/api/policy-interop.service.ts`)
+  - `reachability-integration` (`src/Web/StellaOps.Web/src/app/core/api/reachability-integration.service.ts`)
+  - `vuln-export-orchestrator` (`src/Web/StellaOps.Web/src/app/core/api/vuln-export-orchestrator.service.ts`)
+- **Models**:
+  - `src/Web/StellaOps.Web/src/app/core/api/advisories.models.ts`
+  - `src/Web/StellaOps.Web/src/app/core/api/advisory-ai.models.ts`
+  - `src/Web/StellaOps.Web/src/app/core/api/ai-runs.models.ts`
+  - `src/Web/StellaOps.Web/src/app/core/api/analytics.models.ts`
+  - `src/Web/StellaOps.Web/src/app/core/api/aoc.models.ts`
+- **Source**: SPRINT_0216_0001_0001_web_v.md
+
+## E2E Test Plan
+- **Setup**:
+  - [ ] Log in with a user that has appropriate permissions
+  - [ ] Navigate to the relevant page/section where this feature appears
+  - [ ] Ensure test data exists (scanned artifacts, SBOM data, or seed data as needed)
+- **Core verification**:
+  - [ ] Verify the component renders correctly with sample data
+  - [ ] Verify interactive elements respond to user input
+  - [ ] Verify data is fetched and displayed from the correct API endpoints
+- **Edge cases**:
+  - [ ] Verify graceful handling when backend API is unavailable (error state)
+  - [ ] Verify responsive layout at different viewport sizes
+  - [ ] Verify accessibility (keyboard navigation, screen reader labels, ARIA attributes)

docs/features/checked/web/why-safe-evidence-explanation-panel.md

@@ -0,0 +1,62 @@
+# "Why Safe?" Evidence Explanation Panel
+
+## Module
+Web
+
+## Status
+IMPLEMENTED
+
+## Description
+Dedicated panel answering "Why is this component considered safe?" by aggregating and displaying all contributing evidence: VEX statements, reachability analysis results, attestation chains, and policy evaluation outcomes in a user-friendly breakdown.
+
+## Implementation Details
+- **Feature directory**: `src/Web/StellaOps.Web/src/app/features/triage/`
+- **Components**:
+  - `ai-code-guard-badge` (`src/Web/StellaOps.Web/src/app/features/triage/components/ai-code-guard-badge/ai-code-guard-badge.component.ts`)
+  - `ai-recommendation-panel` (`src/Web/StellaOps.Web/src/app/features/triage/components/ai-recommendation-panel/ai-recommendation-panel.component.ts`)
+  - `attestation-viewer` (`src/Web/StellaOps.Web/src/app/features/triage/components/attestation-viewer/attestation-viewer.component.ts`)
+  - `bulk-action-modal` (`src/Web/StellaOps.Web/src/app/features/triage/components/bulk-action-modal/bulk-action-modal.component.ts`)
+  - `case-header` (`src/Web/StellaOps.Web/src/app/features/triage/components/case-header/case-header.component.ts`)
+  - `decision-drawer-enhanced` (`src/Web/StellaOps.Web/src/app/features/triage/components/decision-drawer/decision-drawer-enhanced.component.ts`)
+  - `decision-drawer` (`src/Web/StellaOps.Web/src/app/features/triage/components/decision-drawer/decision-drawer.component.ts`)
+  - `attestation-chain` (`src/Web/StellaOps.Web/src/app/features/triage/components/evidence-panel/attestation-chain.component.ts`)
+  - `backport-verdict-badge` (`src/Web/StellaOps.Web/src/app/features/triage/components/evidence-panel/backport-verdict-badge.component.ts`)
+  - `binary-diff-tab` (`src/Web/StellaOps.Web/src/app/features/triage/components/evidence-panel/binary-diff-tab.component.ts`)
+  - `confidence-meter` (`src/Web/StellaOps.Web/src/app/features/triage/components/evidence-panel/confidence-meter.component.ts`)
+  - `diff-tab` (`src/Web/StellaOps.Web/src/app/features/triage/components/evidence-panel/diff-tab.component.ts`)
+  - `dsse-badge` (`src/Web/StellaOps.Web/src/app/features/triage/components/evidence-panel/dsse-badge.component.ts`)
+  - `evidence-uri-link` (`src/Web/StellaOps.Web/src/app/features/triage/components/evidence-panel/evidence-uri-link.component.ts`)
+  - `function-trace` (`src/Web/StellaOps.Web/src/app/features/triage/components/evidence-panel/function-trace.component.ts`)
+  - ... and 48 more components
+- **Services**:
+  - `advisory-ai` (`src/Web/StellaOps.Web/src/app/features/triage/services/advisory-ai.service.ts`)
+  - `binary-diff-evidence` (`src/Web/StellaOps.Web/src/app/features/triage/services/binary-diff-evidence.service.ts`)
+  - `diff-evidence` (`src/Web/StellaOps.Web/src/app/features/triage/services/diff-evidence.service.ts`)
+  - `display-preferences` (`src/Web/StellaOps.Web/src/app/features/triage/services/display-preferences.service.ts`)
+  - `evidence-tab` (`src/Web/StellaOps.Web/src/app/features/triage/services/evidence-tab.service.ts`)
+  - `gating` (`src/Web/StellaOps.Web/src/app/features/triage/services/gating.service.ts`)
+  - `keyboard-shortcuts` (`src/Web/StellaOps.Web/src/app/features/triage/services/keyboard-shortcuts.service.ts`)
+  - `reach-graph-slice` (`src/Web/StellaOps.Web/src/app/features/triage/services/reach-graph-slice.service.ts`)
+  - `reachability` (`src/Web/StellaOps.Web/src/app/features/triage/services/reachability.service.ts`)
+  - `runtime-evidence` (`src/Web/StellaOps.Web/src/app/features/triage/services/runtime-evidence.service.ts`)
+- **Models**:
+  - `src/Web/StellaOps.Web/src/app/features/triage/models/diff-evidence.models.ts`
+  - `src/Web/StellaOps.Web/src/app/features/triage/models/evidence-panel.models.ts`
+  - `src/Web/StellaOps.Web/src/app/features/triage/models/evidence.model.ts`
+  - `src/Web/StellaOps.Web/src/app/features/triage/models/gating.model.ts`
+  - `src/Web/StellaOps.Web/src/app/features/triage/models/reachability.models.ts`
+- **Source**: SPRINT_20251228_008_FE_sbom_lineage_graph_ii.md
+
+## E2E Test Plan
+- **Setup**:
+  - [ ] Log in with a user that has appropriate permissions
+  - [ ] Navigate to `/triage/artifacts`
+  - [ ] Ensure test data exists (scanned artifacts, SBOM data, or seed data as needed)
+- **Core verification**:
+  - [ ] Verify the panel/drawer opens on trigger (click, keyboard shortcut)
+  - [ ] Verify the panel displays the correct detail data for the selected item
+  - [ ] Verify the panel can be closed (X button, Escape key, backdrop click)
+- **Edge cases**:
+  - [ ] Verify graceful handling when backend API is unavailable (error state)
+  - [ ] Verify responsive layout at different viewport sizes
+  - [ ] Verify accessibility (keyboard navigation, screen reader labels, ARIA attributes)

docs/features/checked/web/witness-drawer.md

@@ -0,0 +1,30 @@
+# Witness Drawer (Slide-In)
+
+## Module
+Web
+
+## Status
+IMPLEMENTED
+
+## Description
+Contextual slide-in drawer for viewing reachability witness details including call paths, observation type, and claim verification status.
+
+## Implementation Details
+- **Feature directory**: `src/Web/StellaOps.Web/src/app/shared/overlays/witness-drawer/`
+- **Components**:
+  - `witness-drawer` (`src/Web/StellaOps.Web/src/app/shared/overlays/witness-drawer/witness-drawer.component.ts`)
+- **Source**: SPRINT_20260118_009_FE_route_migration_shared_components.md
+
+## E2E Test Plan
+- **Setup**:
+  - [ ] Log in with a user that has appropriate permissions
+  - [ ] Navigate to the relevant page/section where this feature appears
+  - [ ] Ensure test data exists (scanned artifacts, SBOM data, or seed data as needed)
+- **Core verification**:
+  - [ ] Verify the panel/drawer opens on trigger (click, keyboard shortcut)
+  - [ ] Verify the panel displays the correct detail data for the selected item
+  - [ ] Verify the panel can be closed (X button, Escape key, backdrop click)
+- **Edge cases**:
+  - [ ] Verify graceful handling when backend API is unavailable (error state)
+  - [ ] Verify responsive layout at different viewport sizes
+  - [ ] Verify accessibility (keyboard navigation, screen reader labels, ARIA attributes)

docs/features/checked/web/witness-viewer-ui.md

@@ -0,0 +1,30 @@
+# Witness Viewer UI
+
+## Module
+Web
+
+## Status
+IMPLEMENTED
+
+## Description
+Witness viewer UI component in the shared UI library, plus a witness page within the reachability feature area.
+
+## Implementation Details
+- **Feature directory**: `src/Web/StellaOps.Web/src/app/shared/ui/witness-viewer/`
+- **Components**:
+  - `witness-viewer` (`src/Web/StellaOps.Web/src/app/shared/ui/witness-viewer/witness-viewer.component.ts`)
+- **Source**: Feature matrix scan
+
+## E2E Test Plan
+- **Setup**:
+  - [ ] Log in with a user that has appropriate permissions
+  - [ ] Navigate to the relevant page/section where this feature appears
+  - [ ] Ensure test data exists (scanned artifacts, SBOM data, or seed data as needed)
+- **Core verification**:
+  - [ ] Verify the component renders correctly with sample data
+  - [ ] Verify interactive elements respond to user input
+  - [ ] Verify data is fetched and displayed from the correct API endpoints
+- **Edge cases**:
+  - [ ] Verify graceful handling when backend API is unavailable (error state)
+  - [ ] Verify responsive layout at different viewport sizes
+  - [ ] Verify accessibility (keyboard navigation, screen reader labels, ARIA attributes)

docs/features/checked/web/workflow-visualization-with-time-travel-controls.md

@@ -0,0 +1,36 @@
+# Workflow Visualization with Time-Travel Controls
+
+## Module
+Web
+
+## Status
+IMPLEMENTED
+
+## Description
+DAG-based workflow visualizer with time-travel debugging controls. Users can step forward/backward through workflow execution states, inspect step details at each point in time, view execution logs, and interactively debug release workflows. The time-travel service manages historical state snapshots. (Merged with Workflow Visualization UI Module from Phase 2 Web section.)
+
+## Implementation Details
+- **Feature directory**: `src/Web/StellaOps.Web/src/app/features/workflow-visualization/`
+- **Routes**: `workflow-visualization.routes.ts`
+- **Components**:
+  - `step-detail-panel` (`src/Web/StellaOps.Web/src/app/features/workflow-visualization/components/step-detail-panel/step-detail-panel.component.ts`)
+  - `time-travel-controls` (`src/Web/StellaOps.Web/src/app/features/workflow-visualization/components/time-travel-controls/time-travel-controls.component.ts`)
+  - `workflow-visualizer` (`src/Web/StellaOps.Web/src/app/features/workflow-visualization/components/workflow-visualizer/workflow-visualizer.component.ts`)
+- **Services**:
+  - `time-travel` (`src/Web/StellaOps.Web/src/app/features/workflow-visualization/services/time-travel.service.ts`)
+  - `workflow-visualization` (`src/Web/StellaOps.Web/src/app/features/workflow-visualization/services/workflow-visualization.service.ts`)
+- **Source**: Feature matrix scan
+
+## E2E Test Plan
+- **Setup**:
+  - [ ] Log in with a user that has appropriate permissions
+  - [ ] Navigate to `/release-orchestrator`
+  - [ ] Ensure test data exists (scanned artifacts, SBOM data, or seed data as needed)
+- **Core verification**:
+  - [ ] Verify the visualization renders correctly with sample data
+  - [ ] Verify interactive elements (hover tooltips, click-to-drill-down) work
+  - [ ] Verify the visualization handles empty/minimal data gracefully
+- **Edge cases**:
+  - [ ] Verify graceful handling when backend API is unavailable (error state)
+  - [ ] Verify responsive layout at different viewport sizes
+  - [ ] Verify accessibility (keyboard navigation, screen reader labels, ARIA attributes)