stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity

Finalize UI truthfulness and bootstrap hardening

Browse Source
This commit is contained in:
master
2026-04-16 16:23:54 +03:00
parent 4799aa2402
commit bc6b1c5959
145 changed files with 10503 additions and 9837 deletions
Download Patch File Download Diff File Expand all files Collapse all files

43
docs/features/checked/web/image-security-release-backed-ui.md Normal file
View File

@@ -0,0 +1,43 @@
# Image Security Release-Backed UI
## Module
Web
## Status
VERIFIED
## Description
Mounted `/security/images` workspace that derives scope from live releases, release components, environments, findings, and SBOM explorer data. The page now renders truthful empty states when no release is selected and explicit unavailable-state messaging where the current backend contracts expose metadata only.
## Implementation Details
- **Feature directory**: `src/Web/StellaOps.Web/src/app/features/image-security/`
- **Canonical route**: `/security/images`
- **Components**:
- `image-security-shell` (`src/Web/StellaOps.Web/src/app/features/image-security/image-security-shell.component.ts`)
- `image-summary-tab` (`src/Web/StellaOps.Web/src/app/features/image-security/tabs/image-summary-tab.component.ts`)
- `image-findings-tab` (`src/Web/StellaOps.Web/src/app/features/image-security/tabs/image-findings-tab.component.ts`)
- `image-sbom-tab` (`src/Web/StellaOps.Web/src/app/features/image-security/tabs/image-sbom-tab.component.ts`)
- `image-vex-tab` (`src/Web/StellaOps.Web/src/app/features/image-security/tabs/image-vex-tab.component.ts`)
- `image-evidence-tab` (`src/Web/StellaOps.Web/src/app/features/image-security/tabs/image-evidence-tab.component.ts`)
- **Services**:
- `image-security-data` (`src/Web/StellaOps.Web/src/app/features/image-security/image-security-data.service.ts`)
- **Source**: `docs/implplan/SPRINT_20260415_008_FE_ui_truthful_state_cutover_and_todo_wiring.md`
## E2E Test Plan
- **Setup**:
- [ ] Log in with a user that has appropriate permissions
- [ ] Navigate to `/security/images`
- [ ] Ensure at least one release exists so the scope selector can populate
- **Core verification**:
- [ ] Verify the empty state teaches the operator to select a release instead of showing fake image data
- [ ] Select a release and verify live release images populate
- [ ] Verify VEX and Evidence tabs show truthful metadata-only copy when deeper contracts are unavailable
## Verification
- Date (UTC): 2026-04-15T17:03:18Z
- Tier 1 note: focused Angular suite `src/Web/StellaOps.Web/src/tests/image_security/image-security-truthful-state.spec.ts` passed 8/8 during the truthful-state cutover.
- Tier 2 evidence: `docs/qa/feature-checks/runs/web/image-security-release-backed-ui/run-001/tier2-ui-check.json`
- Replay scope:
- Open `/security/images` and verify the mounted empty state renders `No image security scope selected`.
- Select a live release and verify `Release images` renders from real release-scoped data.
- Open `VEX` and `Evidence` tabs and verify the mounted page reports metadata-only or release-level limitations explicitly instead of showing fake tab content.