stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity

UI work to fill SBOM sourcing management gap. UI planning remaining functionality exposure. Work on CI/Tests stabilization

Browse Source 
Introduces CGS determinism test runs to CI workflows for Windows, macOS, Linux, Alpine, and Debian, fulfilling CGS-008 cross-platform requirements. Updates local-ci scripts to support new smoke steps, test timeouts, progress intervals, and project slicing for improved test isolation and diagnostics.
This commit is contained in:
master
2025-12-29 19:12:38 +02:00
parent 41552d26ec
commit a4badc275e
286 changed files with 50918 additions and 992 deletions
Download Patch File Download Diff File Expand all files Collapse all files

253
docs/modules/ui/information-architecture.md Normal file
View File

@@ -0,0 +1,253 @@
# StellaOps UI Information Architecture
## Overview
This document defines the information architecture (IA) for the StellaOps web interface, including navigation structure, route hierarchy, and role-based access patterns.
## Navigation Structure
### Primary Navigation
```
┌─────────────────────────────────────────────────────────────────┐
│ StellaOps │
├─────────────────────────────────────────────────────────────────┤
│ 🏠 Home │
│ 📊 Analyze │
│ ├── Findings │
│ ├── Vulnerabilities │
│ ├── Reachability │
│ ├── Graph Explorer │
│ ├── Unknowns [SPRINT_033] │
│ └── Binaries [SPRINT_038] │
│ 🔒 Proof │
│ ├── Proof Chain │
│ ├── CVSS Receipts │
│ └── Attestations │
│ 📜 Policy Studio │
│ ├── Packs │
│ ├── Editor │
│ ├── Simulation [SPRINT_021b] │
│ ├── Approvals │
│ └── Governance [SPRINT_021a] │
│ 🔗 Integrations │
│ ├── Hub [SPRINT_011] │
│ ├── Registries [SPRINT_012] │
│ ├── SCM [SPRINT_013] │
│ ├── CI/CD [SPRINT_014] │
│ └── Hosts [SPRINT_011] │
│ ⚙️ Ops │
│ ├── Health [SPRINT_032] │
│ ├── Orchestrator [existing] │
│ │ ├── Jobs │
│ │ ├── Quotas │
│ │ ├── Dead-Letter [SPRINT_030] │
│ │ └── SLO [SPRINT_031] │
│ ├── Scheduler [SPRINT_017] │
│ ├── Packs [SPRINT_036] │
│ ├── Signals [SPRINT_037] │
│ ├── Feeds [SPRINT_020] │
│ │ ├── Mirrors │
│ │ ├── Snapshots │
│ │ └── AirGap │
│ ├── Scanner [SPRINT_025] │
│ ├── AOC [SPRINT_027] │
│ └── Exports [SPRINT_016] │
│ 🔐 Admin │
│ ├── Users [existing] │
│ ├── Tenants [existing] │
│ ├── Tokens [existing] │
│ ├── Audit [SPRINT_028] │
│ ├── Trust [SPRINT_018c] │
│ │ ├── Keys │
│ │ ├── Issuers [SPRINT_024] │
│ │ └── Certificates │
│ ├── Notifications [SPRINT_018b] │
│ ├── Registry Admin [SPRINT_023] │
│ └── Quotas [SPRINT_029] │
└─────────────────────────────────────────────────────────────────┘
```
### Route Hierarchy
| Route | Component | Scope Required | Sprint |
|-------|-----------|----------------|--------|
| `/` | HomeDashboard | authenticated | existing |
| `/dashboard/sources` | SourcesDashboard | authenticated | existing |
| `/analyze/findings` | FindingsContainer | findings.read | existing |
| `/analyze/findings/:scanId` | FindingsContainer | findings.read | existing |
| `/analyze/vulnerabilities` | VulnerabilityExplorer | vulnerabilities.read | existing |
| `/analyze/vulnerabilities/:vulnId` | VulnerabilityDetail | vulnerabilities.read | existing |
| `/analyze/reachability` | ReachabilityCenter | reachability.read | existing |
| `/analyze/graph` | GraphExplorer | graph.read | existing |
| `/analyze/unknowns` | UnknownsList | scanner.read | SPRINT_033 |
| `/analyze/binaries` | BinaryIndexBrowser | binaryindex.read | SPRINT_038 |
| `/proof/:subjectDigest` | ProofChain | proof.read | existing |
| `/cvss/receipts/:receiptId` | CvssReceipt | cvss.read | existing |
| `/policy-studio/packs` | PolicyWorkspace | policy.read | existing |
| `/policy-studio/packs/:packId/editor` | PolicyEditor | policy.author | existing |
| `/policy-studio/packs/:packId/simulate` | PolicySimulation | policy.simulate | existing |
| `/policy-studio/packs/:packId/approvals` | PolicyApprovals | policy.review | existing |
| `/admin/policy/simulation` | PolicySimulationStudio | policy.simulate | SPRINT_021b |
| `/admin/policy/governance` | PolicyGovernance | policy.admin | SPRINT_021a |
| `/integrations` | IntegrationHub | integrations.read | SPRINT_011 |
| `/integrations/registries` | RegistryIntegrations | integrations.read | SPRINT_012 |
| `/integrations/scm` | ScmIntegrations | integrations.read | SPRINT_013 |
| `/integrations/ci` | CiIntegrations | integrations.read | SPRINT_014 |
| `/ops/health` | PlatformHealth | ops.health | SPRINT_032 |
| `/ops/orchestrator` | OrchestratorDashboard | orch.read | existing |
| `/ops/orchestrator/jobs` | OrchestratorJobs | orch.read | existing |
| `/ops/orchestrator/jobs/:jobId` | OrchestratorJobDetail | orch.read | existing |
| `/ops/orchestrator/quotas` | OrchestratorQuotas | orch.operator | existing |
| `/ops/orchestrator/dead-letter` | DeadLetterManagement | orch.admin | SPRINT_030 |
| `/ops/orchestrator/slo` | SloMonitoring | ops.read | SPRINT_031 |
| `/ops/scheduler` | SchedulerOps | scheduler.read | SPRINT_017 |
| `/ops/packs` | PackRegistry | orchestrator.read | SPRINT_036 |
| `/ops/signals` | SignalsDashboard | signals.read | SPRINT_037 |
| `/ops/feeds` | FeedMirrorOps | feeds.read | SPRINT_020 |
| `/ops/scanner` | ScannerOps | scanner.admin | SPRINT_025 |
| `/ops/aoc` | AocComplianceDashboard | ops.audit | SPRINT_027 |
| `/ops/exports` | EvidenceExports | evidence.read | SPRINT_016 |
| `/admin/users` | UserManagement | ui.admin | existing |
| `/admin/tenants` | TenantManagement | ui.admin | existing |
| `/admin/tokens` | TokenManagement | ui.admin | existing |
| `/admin/audit` | UnifiedAuditLog | audit.read | SPRINT_028 |
| `/admin/trust` | TrustDashboard | trust.admin | SPRINT_018c |
| `/admin/notifications` | NotificationAdmin | notify.admin | SPRINT_018b |
| `/admin/registry` | RegistryAdmin | registry.admin | SPRINT_023 |
| `/admin/quotas` | QuotaDashboard | quota.admin | SPRINT_029 |
## Role-Based Access Matrix
### Roles and Scopes
| Role | Scopes | Description |
|------|--------|-------------|
| **Viewer** | *.read | Read-only access to all features |
| **Developer** | scanner.read, findings.read, policy.read, proof.read | Day-to-day development workflow |
| **Security Engineer** | policy.*, findings.*, vulnerabilities.*, proof.* | Security triage and policy management |
| **Operator** | orch.*, scheduler.*, ops.*, integrations.* | Platform operations |
| **Admin** | *.admin, ui.admin | Full administrative access |
| **Tenant Admin** | tenant.admin, quota.admin | Tenant-level administration |
### Feature Visibility by Role
| Feature | Viewer | Developer | Security | Operator | Admin |
|---------|--------|-----------|----------|----------|-------|
| Home Dashboard | ✅ | ✅ | ✅ | ✅ | ✅ |
| Findings | ✅ | ✅ | ✅ | ✅ | ✅ |
| Vulnerability Triage | ❌ | ✅ | ✅ | ❌ | ✅ |
| Policy Editor | ❌ | ❌ | ✅ | ❌ | ✅ |
| Policy Simulation | ❌ | ✅ | ✅ | ❌ | ✅ |
| Orchestrator Jobs | ✅ | ✅ | ✅ | ✅ | ✅ |
| Dead-Letter Queue | ❌ | ❌ | ❌ | ✅ | ✅ |
| SLO Monitoring | ❌ | ❌ | ❌ | ✅ | ✅ |
| Platform Health | ❌ | ❌ | ❌ | ✅ | ✅ |
| Integration Hub | ❌ | ✅ | ❌ | ✅ | ✅ |
| User Management | ❌ | ❌ | ❌ | ❌ | ✅ |
| Audit Log | ❌ | ❌ | ✅ | ✅ | ✅ |
## Navigation State Management
### Breadcrumb Strategy
All nested routes should display breadcrumbs for context:
```
Home > Analyze > Findings > CVE-2024-1234
Home > Ops > Orchestrator > Jobs > job-12345
Home > Policy Studio > Packs > production-baseline > Editor
```
### Deep Linking
All significant states should be deep-linkable:
- Filter states encoded in URL query params
- Tab selections encoded in URL fragments
- Modal states use route params where appropriate
### Navigation Guards
```typescript
// Guard priority order
1. AuthGuard - Verify authentication
2. RoleGuard - Check required scope
3. FeatureGuard - Check feature flags
4. OnboardingGuard - Redirect to onboarding if incomplete
5. OfflineGuard - Redirect to offline view if disconnected
```
## Search and Discovery
### Global Search (SPRINT_034)
Cmd+K / Ctrl+K opens command palette with:
- Entity search (CVEs, artifacts, policies, jobs)
- Navigation shortcuts (g h, g f, g p)
- Quick actions (>scan, >vex, >policy)
### Contextual Search
Each list view includes contextual search:
- Findings: CVE ID, artifact, package
- Jobs: Job ID, type, status
- Policies: Name, rule content
- Audit: Actor, action, resource
## Mobile and Responsive Considerations
### Breakpoints
| Breakpoint | Min Width | Navigation |
|------------|-----------|------------|
| xs | 0px | Bottom nav, collapsed sidebar |
| sm | 576px | Collapsed sidebar |
| md | 768px | Collapsed sidebar with expand |
| lg | 992px | Full sidebar |
| xl | 1200px | Full sidebar with details panel |
### Touch Interactions
- Swipe left/right for list actions
- Pull to refresh on list views
- Long press for context menu
## Accessibility Navigation
### Keyboard Navigation
| Key | Action |
|-----|--------|
| Tab | Next focusable element |
| Shift+Tab | Previous focusable element |
| Enter | Activate selection |
| Esc | Close modal / Clear selection |
| ? | Show keyboard shortcuts |
| / | Focus search |
| j/k | Navigate list items |
### Skip Links
```html
<a class="skip-link" href="#main-content">Skip to main content</a>
<a class="skip-link" href="#main-nav">Skip to navigation</a>
```
### ARIA Landmarks
```html
<header role="banner">...</header>
<nav role="navigation" aria-label="Main navigation">...</nav>
<main role="main" id="main-content">...</main>
<aside role="complementary">...</aside>
<footer role="contentinfo">...</footer>
```
## Related Documentation
- [UI Architecture](./architecture.md)
- [Accessibility Guide](./accessibility.md)
- [Offline Implementation](./offline-implementation.md)
- [Component Library](./components.md)