stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 4 Releases Wiki Activity

preparation for ui re-shelling

Browse Source
This commit is contained in:
master
2026-02-18 23:03:07 +02:00
parent cb3e361fcf
commit c2f13fe588
46 changed files with 16727 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

515
docs/modules/ui/v2-rewire/pack-05.md Normal file
View File

@@ -0,0 +1,515 @@
## Pack 5 — Integrations + Administration + moved “Policy Governance” + moved “Trust & Signing”
Below are **(1) Mermaid graphs** for the **menus** and for **each screen**, and **(2) an ASCII mock** per screen, each preceded by: **where it lived before + why it moved**.
(Where you see “Formerly: …” thats intended to be shown on-screen under the title as a small breadcrumb/helper label, per your requirement.)
---
# 1) Integrations
## 1.1 Integrations menu graph (Mermaid)
```mermaid
graph TD
IN_ROOT["Integrations (root menu)"] --> IN_OV["Connections (Overview)"]
IN_ROOT --> IN_CATALOG["Catalog / Add Integration"]
IN_ROOT --> IN_SEC_DATA["Security Data Sources (CVE/VEX/Advisories)"]
IN_ROOT --> IN_SENSORS["Sensors & Reachability Sources (Build/Image/Runtime)"]
IN_OV --> IN_DETAIL["Integration Detail"]
IN_DETAIL --> IN_TEST["Test Connection"]
IN_DETAIL --> IN_SYNC["Sync & Health History"]
IN_DETAIL --> IN_PERMS["Scopes / Permissions"]
IN_DETAIL --> IN_IMPACT["Impact Map: Releases, Bundles, SBOM, Approvals, Evidence"]
IN_DETAIL --> IN_ALERTS["Alerts & Routing"]
IN_CATALOG --> IN_ADD["Add Integration Wizard"]
IN_ADD --> IN_DETAIL
IN_SEC_DATA --> IN_FEEDS["Feeds: NVD / OSV / Vendor / Internal"]
IN_FEEDS --> IN_FEED_DETAIL["Feed Detail (sync status, errors, retention)"]
IN_SENSORS --> IN_BUILD["Build Reachability Source"]
IN_SENSORS --> IN_IMAGE["Image/Dover Reachability Source"]
IN_SENSORS --> IN_RUNTIME["Runtime Reachability Source"]
```
> Note: **Feed mirroring / airgap bundling** stays under **Operations → Feeds & Airgap** (because thats “run/operate”), but **Integrations** must show **dependency + impact** (“if NVD down, what breaks?”).
---
## 1.2 Screen: Integrations → Connections (Overview)
**Formerly:** `Settings → Integrations` (`/settings/integrations`)
**Why moved:** Integrations are **not “settings”** in StellaOps—theyre **operational dependencies** that directly affect **release decisions**, **SBOM freshness**, **reachability coverage**, **evidence completeness**, and **nightly jobs**. Making this a **root menu** also lets the dashboard link to it as a **first-class dependency view**.
### Screen graph (Mermaid)
```mermaid
graph LR
A["Integrations → Connections (Overview)"] --> B["Integration Detail"]
A --> C["Add Integration Wizard"]
A --> D["Security Data Sources"]
A --> E["Sensors & Reachability Sources"]
A --> F["Operations → Nightly Ops Report (jobs impacted)"]
B --> G["Test Connection"]
B --> H["Sync & Health History"]
B --> I["Impact Map"]
```
### ASCII mock
```
+--------------------------------------------------------------------------------------------------+
| Integrations ▸ Connections [ + Add Integration ]|
| Formerly: Settings ▸ Integrations |
|--------------------------------------------------------------------------------------------------|
| Status Summary: Connected 6 Degraded 1 Disconnected 1 Filter: [All|SCM|CI/CD|Reg|...] |
|--------------------------------------------------------------------------------------------------|
| NAME / TYPE STATUS LAST OK IMPACT (what breaks if degraded) |
|--------------------------------------------------------------------------------------------------|
| GitHub Enterprise / SCM CONNECTED 5m ago Release Bundles: changelog, repo mapping |
| GitLab SaaS / SCM CONNECTED 2m ago Release Bundles: changelog, repo mapping |
| Jenkins / CI DEGRADED 1h ago Provenance gaps, build reachability stale |
| Harbor / Registry CONNECTED 30m ago Digest resolution, image inventory |
| HashiCorp Vault / Secrets CONNECTED 10m ago Bundle variables (env config), approvals |
| Slack / Notifications CONNECTED - Alerts routing |
| OSV Feed / Feeds CONNECTED 1h ago CVE ingestion (OSV) |
| NVD Feed / Feeds DISCONNECTED ? CVE ingestion (NVD) -> SBOM rescan risk |
|--------------------------------------------------------------------------------------------------|
| Attention: NVD Feed DISCONNECTED → CVE freshness degraded → approvals may switch to "Needs Review"|
| Deep Links: [View Nightly Ops Report] [Go to Feed Mirror & Airgap Ops] |
+--------------------------------------------------------------------------------------------------+
```
---
## 1.3 Screen: Integrations → Integration Detail
**Formerly:** there was no dedicated “detail page” (tiles only under Settings → Integrations).
**Why added:** You need a **single pane** that explains **scope + health + impact**. This is also where you show **reachability-source coverage** and **how this integration feeds Release Bundle Organizer**.
### Screen graph (Mermaid)
```mermaid
graph TD
A["Integration Detail"] --> B["Edit Configuration"]
A --> C["Test Connection"]
A --> D["Sync Now / Re-auth"]
A --> E["Sync & Health History"]
A --> F["Permissions/Scopes"]
A --> G["Impact Map (Releases/Bundles/SBOM/Evidence)"]
A --> H["Alert Routing (who gets paged)"]
A --> I["Related: Ops Nightly Report"]
```
### ASCII mock
```
+--------------------------------------------------------------------------------------------------+
| Integrations ▸ Connection Detail: NVD Feed [Edit] [Test] |
| Formerly: Settings ▸ Integrations (tile) |
|--------------------------------------------------------------------------------------------------|
| Status: DISCONNECTED Last Successful Sync: 2026-02-17 01:12 UTC Owner: Security Ops |
| Endpoint: https://... Auth: API Key (expired) |
|--------------------------------------------------------------------------------------------------|
| HEALTH & HISTORY | IMPACT MAP |
|----------------------------------------------|--------------------------------------------------|
| Last 24h: 0 OK / 12 Failures | Dashboards: CVE freshness widget = RED |
| Error: 401 Unauthorized | Nightly jobs: SBOM rescan may fail / partial |
| Retries: exponential backoff | Approvals: policy gates fall back to "manual" |
| [View Full History] | Evidence: missing CVE snapshot for attestations |
|----------------------------------------------|--------------------------------------------------|
| REACHABILITY INPUTS (for findings context) | USED BY RELEASE BUNDLE ORGANIZER |
| Build reachability: N/A | - enriches bundle with "CVE snapshot version" |
| Image/Dover reachability: N/A | - pins vulnerability dataset used for release |
| Runtime reachability: N/A | |
|--------------------------------------------------------------------------------------------------|
| Actions: [Re-authenticate] [Sync Now] [Open Nightly Ops Report filtered to "CVE Feeds"] |
+--------------------------------------------------------------------------------------------------+
```
---
## 1.4 Screen: Integrations → Add Integration Wizard
**Formerly:** `Settings → Integrations → Add Integration` button
**Why kept here:** still valid, but now it sits under a **root Integrations** area and must force the user to confirm **impact mapping** (what features depend on it) and **which regions/environments it supports**.
### Screen graph (Mermaid)
```mermaid
graph LR
A["Add Integration Wizard"] --> B["Choose Type (SCM/CI/Registry/Secrets/Feeds/Notifications/Sensor)"]
B --> C["Configure Endpoint & Auth"]
C --> D["Select Regions/Envs Scope"]
D --> E["Define Impact Map + Owners"]
E --> F["Test Connection"]
F --> G["Create & Go to Detail"]
```
### ASCII mock
```
+--------------------------------------------------------------------------------------------------+
| Integrations ▸ Add Integration (Wizard) Step 3 of 6 |
| Formerly: Settings ▸ Integrations ▸ Add Integration |
|--------------------------------------------------------------------------------------------------|
| 1) Type 2) Auth 3) Scope (Regions/Envs) 4) Impact 5) Test 6) Done
|--------------------------------------------------------------------------------------------------|
| Scope (where this integration is valid): |
| Regions: [x] us-east [x] eu-west [ ] ap-south |
| Environments: [x] prod [x] staging [x] dev |
|--------------------------------------------------------------------------------------------------|
| Impact Mapping (required): |
| [x] Release Bundles (changelog / metadata) |
| [x] SBOM ingestion / CVE sync |
| [ ] Approvals routing |
| Owner (pager): security-oncall |
|--------------------------------------------------------------------------------------------------|
| [Back] [Next: Impact Mapping] |
+--------------------------------------------------------------------------------------------------+
```
---
## 1.5 Screen: Integrations → Security Data Sources
**Formerly:** `Settings → Security Data` (no screenshot provided, but it exists in nav)
**Why moved:** This is **operational security data** (feeds, advisory sources, SBOM parsing rules, reachability dataset versions). It belongs next to **Integrations**, because its fundamentally “external dependency + sync + health + impact”.
### Screen graph (Mermaid)
```mermaid
graph TD
A["Integrations → Security Data Sources"] --> B["Feeds (NVD/OSV/Vendor/Internal)"]
A --> C["VEX Sources (vendor statements, internal VEX)"]
A --> D["Dataset Versions & Retention"]
B --> E["Feed Detail"]
E --> F["Sync History"]
E --> G["Errors & Remediation"]
E --> H["Used By: Approvals / Evidence snapshots"]
```
### ASCII mock
```
+--------------------------------------------------------------------------------------------------+
| Integrations ▸ Security Data Sources |
| Formerly: Settings ▸ Security Data |
|--------------------------------------------------------------------------------------------------|
| DATASETS USED FOR RELEASE DECISIONS (must be auditable) |
|--------------------------------------------------------------------------------------------------|
| Source Type Status Last Sync Dataset Version Used by |
|--------------------------------------------------------------------------------------------------|
| NVD CVE Feed DISCONNECTED - - Approvals, Evidence, SBOM |
| OSV CVE Feed CONNECTED 1h 2026.02.18.01 Approvals, Evidence, SBOM |
| Vendor VEX VEX CONNECTED 24h 2026.02.17 VEX Hub, Findings |
| Internal VEX VEX CONNECTED 5m live VEX Hub, Exceptions |
|--------------------------------------------------------------------------------------------------|
| Controls: [Retention policy] [Dataset snapshot rules] [Export dataset attestation] |
| Cross-links: [Operations ▸ Feed Mirrors] [Operations ▸ Nightly Jobs] |
+--------------------------------------------------------------------------------------------------+
```
---
# 2) Administration
## 2.1 Administration menu graph (Mermaid)
```mermaid
graph TD
ADM_ROOT["Administration (root menu)"] --> ADM_IAM["Identity & Access"]
ADM_ROOT --> ADM_TENANT["Tenant & Branding"]
ADM_ROOT --> ADM_NOTIF["Notifications"]
ADM_ROOT --> ADM_USAGE["Usage & Limits"]
ADM_ROOT --> ADM_SYSTEM["System (Admin-only)"]
ADM_IAM --> ADM_USERS["Users"]
ADM_IAM --> ADM_ROLES["Roles"]
ADM_IAM --> ADM_OAUTH["OAuth Clients"]
ADM_IAM --> ADM_TOKENS["API Tokens"]
ADM_IAM --> ADM_TENANTS["Tenants"]
ADM_NOTIF --> ADM_RULES["Rules"]
ADM_NOTIF --> ADM_CHANNELS["Channels"]
ADM_NOTIF --> ADM_TEMPLATES["Templates"]
ADM_NOTIF --> ADM_LOG["Delivery Log"]
```
---
## 2.2 Screen: Administration → Identity & Access
**Formerly:** `Settings → Identity & Access` (`/settings/admin`)
**Why moved:** This is pure **admin control plane** (users/roles/tokens/tenants). Keeping it out of the release/security nav reduces clutter and avoids “settings dumping ground”.
### Screen graph (Mermaid)
```mermaid
graph LR
A["Administration → Identity & Access"] --> B["Users"]
A --> C["Roles"]
A --> D["OAuth Clients"]
A --> E["API Tokens"]
A --> F["Tenants"]
A --> G["Audit Log (Evidence & Audit)"]
```
### ASCII mock
```
+--------------------------------------------------------------------------------------------------+
| Administration ▸ Identity & Access |
| Formerly: Settings ▸ Identity & Access |
| Tabs: [Users] [Roles] [OAuth Clients] [API Tokens] [Tenants] |
|--------------------------------------------------------------------------------------------------|
| Users [ + Add User]|
|--------------------------------------------------------------------------------------------------|
| Name Email Role Status Actions |
|--------------------------------------------------------------------------------------------------|
| alice.johnson alice@company.com Release Admin Active [Edit] [Disable] |
| david.wilson david@company.com Approver Active [Edit] [Disable] |
| ... |
|--------------------------------------------------------------------------------------------------|
| Note: Role "Approver" can approve releases but cannot edit policy baselines. |
+--------------------------------------------------------------------------------------------------+
```
---
## 2.3 Screen: Administration → Tenant & Branding
**Formerly:** `Settings → Tenant / Branding` (no screenshot provided)
**Why moved:** Tenant-level admin belongs together with Identity, Usage, Notifications.
### Screen graph (Mermaid)
```mermaid
graph TD
A["Administration → Tenant & Branding"] --> B["Tenant Profile"]
A --> C["Branding (logo/colors)"]
A --> D["Regions enabled (global config)"]
A --> E["Data retention defaults"]
```
### ASCII mock
```
+--------------------------------------------------------------------------------------------------+
| Administration ▸ Tenant & Branding |
| Formerly: Settings ▸ Tenant / Branding |
|--------------------------------------------------------------------------------------------------|
| Tenant Profile | Branding |
|----------------------------------------|----------------------------------------------------------|
| Name: ExampleCorp | Logo: [Upload] |
| Default Region: eu-west | Theme: Light / Dark |
| Enabled Regions: [x] us-east [x] eu-west [ ] ap-south |
| Retention: Evidence 365d, Logs 30d | Product Name: "Stella Ops" / "ExampleOps" |
|--------------------------------------------------------------------------------------------------|
| [Save Changes] |
+--------------------------------------------------------------------------------------------------+
```
---
## 2.4 Screen: Administration → Notifications
**Formerly:** `Settings → Notifications` (`/settings/notifications`)
**Why moved:** Notification rules are **tenant-admin policy**. Channels still depend on integrations (Slack/Webhook/Email), so this screen should “consume” those and link back.
### Screen graph (Mermaid)
```mermaid
graph LR
A["Administration → Notifications"] --> B["Notification Rules"]
A --> C["Channels"]
A --> D["Templates"]
A --> E["Delivery Log"]
C --> F["Integrations → Slack/Webhook detail"]
```
### ASCII mock
```
+--------------------------------------------------------------------------------------------------+
| Administration ▸ Notifications |
| Formerly: Settings ▸ Notifications |
|--------------------------------------------------------------------------------------------------|
| [Notification Rules] [Channels] [Templates] |
|--------------------------------------------------------------------------------------------------|
| Rules | Channels | Templates |
|------------------------------|--------------------------------------------|---------------------|
| + Add Rule | Email ACTIVE | Edit Templates |
| | Slack ACTIVE (via Integrations) | |
| | Webhook NOT CONFIGURED | |
|--------------------------------------------------------------------------------------------------|
| Activity / Delivery Log |
| [View Log] (filter: release approvals, critical findings, feed failures, nightly job failures) |
+--------------------------------------------------------------------------------------------------+
```
---
## 2.5 Screen: Administration → Usage & Limits
**Formerly:**
* `Settings → Usage & Limits` (`/settings/usage`)
* **and** `Operations → Quotas` (overlapping/duplicated concepts)
**Why moved & changed:** unify into one **tenant-level** view: **consumption + quota config + throttles**. Operations can still show “operator quota dashboard”, but **admin owns quotas/limits**.
### Screen graph (Mermaid)
```mermaid
graph TD
A["Administration → Usage & Limits"] --> B["Usage Summary"]
A --> C["Quota Configuration"]
A --> D["Throttle Events (read-only)"]
D --> E["Operations → Quota / Throttle report (detail)"]
```
### ASCII mock
```
+--------------------------------------------------------------------------------------------------+
| Administration ▸ Usage & Limits |
| Formerly: Settings ▸ Usage & Limits + Operations ▸ Quotas |
|--------------------------------------------------------------------------------------------------|
| Scans Storage Evidence Packets API Requests |
| 6,500/10,000 42GB/100GB 2,800/10,000 15,000/100,000 |
|--------------------------------------------------------------------------------------------------|
| Quota Configuration |
| Configure limits and throttle settings for your tenant. |
| [Configure Quotas] |
|--------------------------------------------------------------------------------------------------|
| Throttle Events (last 24h): none → [View in Operations ▸ Quotas] |
+--------------------------------------------------------------------------------------------------+
```
---
## 2.6 Screen: Administration → System
**Formerly:** `Settings → System` (`/settings/system`)
**Why moved:** This is strictly **admin-only platform control**. Also, it must link to operational diagnostics (**Ops → Platform Health**, **Ops → Nightly Jobs**, **Ops → Dead Letter**).
### Screen graph (Mermaid)
```mermaid
graph TD
A["Administration → System"] --> B["Health Check (components)"]
A --> C["Doctor (diagnostics)"]
A --> D["SLO Monitoring"]
A --> E["Background Jobs (admin view)"]
E --> F["Operations → Scheduler / Nightly Jobs"]
B --> G["Operations → Platform Health"]
```
### ASCII mock
```
+--------------------------------------------------------------------------------------------------+
| Administration ▸ System (Admin only) |
| Formerly: Settings ▸ System |
|--------------------------------------------------------------------------------------------------|
| [Health Check] [Doctor] [SLO Monitoring] |
| All systems operational Run diagnostics View & configure SLOs |
| [View Details] [Run Doctor] [View SLOs] |
|--------------------------------------------------------------------------------------------------|
| [Background Jobs] |
| Monitor and manage background job processing. |
| [View Jobs] → deep link: Operations ▸ Scheduler / Nightly Ops Report |
+--------------------------------------------------------------------------------------------------+
```
---
# 3) Moved into Release Control: “Policy Governance”
## 3.1 Screen: Release Control → Governance & Policy
**Formerly:** `Settings → Policy Governance` (`/settings/policy`)
**Why moved:** These rules/baselines **define release gates** and belong with **Release Control** (environments, targets, workflows). This is a *core* function, not a generic setting.
### Screen graph (Mermaid)
```mermaid
graph TD
A["Release Control → Governance & Policy"] --> B["Policy Baselines (per env/region)"]
A --> C["Governance Rules (org-wide)"]
A --> D["Policy Simulation"]
A --> E["Exception Workflow"]
E --> F["Security → Exceptions (requests & approvals)"]
C --> G["Approvals / Policy Gates (uses these rules)"]
```
### ASCII mock
```
+--------------------------------------------------------------------------------------------------+
| Release Control ▸ Governance & Policy |
| Formerly: Settings ▸ Policy Governance |
|--------------------------------------------------------------------------------------------------|
| [Policy Baselines] [Governance Rules] [Policy Simulation] |
| Create / manage baselines Define org rules for releases Test changes before applying |
| [ + Create Baseline ] [Edit Rules] [Run Simulation] |
|--------------------------------------------------------------------------------------------------|
| [Exception Workflow] |
| Configure how policy exceptions are requested & approved. |
| [Configure Workflow] → deep link: Security ▸ Exceptions |
+--------------------------------------------------------------------------------------------------+
```
---
# 4) Moved into Evidence & Audit: “Trust & Signing”
## 4.1 Screen: Evidence & Audit → Trust & Signing
**Formerly:** `Settings → Trust & Signing` (`/settings/trust`)
**Why moved:** Trust & signing is the **spine of auditing** (DSSE envelopes, Rekor/transparency logs, signing keys, audit log). It should sit with **Evidence Bundles / Proof Chains / Replay/Verify**.
### Screen graph (Mermaid)
```mermaid
graph TD
A["Evidence & Audit → Trust & Signing"] --> B["Signing Keys"]
A --> C["Issuers"]
A --> D["Certificates"]
A --> E["Transparency Log (Rekor config)"]
A --> F["Trust Scoring"]
A --> G["Trust Audit Log"]
A --> H["Evidence Bundles"]
A --> I["Proof Chains"]
```
### ASCII mock
```
+--------------------------------------------------------------------------------------------------+
| Evidence & Audit ▸ Trust & Signing |
| Formerly: Settings ▸ Trust & Signing |
|--------------------------------------------------------------------------------------------------|
| [Signing Keys] [Issuers] [Certificates] |
| Manage keys for Trusted issuers TLS/signing certs |
| evidence & attests for VEX/attests upload/manage |
| [Manage Keys] [Manage Issuers] [Manage Certificates] |
|--------------------------------------------------------------------------------------------------|
| [Transparency Log] [Trust Scoring] [Audit Log] |
| Configure Rekor logs Scoring policy for artifacts Trust-related audit events |
| [Configure Rekor] [Edit Score Config] [View Audit Log] |
+--------------------------------------------------------------------------------------------------+
```
---
## Whats next (Pack 6 suggestion)
If you want me to continue immediately, Pack 6 should cover: **Operations** (Scheduler, Dead Letter, Platform Health, Orchestrator, Feeds & Airgap), and ensure each has:
* Mermaid menu graph
* Mermaid per-screen graph
* ASCII mock with “Formerly …” label
* Explicit surfacing of: **nightly SBOM rescans**, **CVE feed sync health**, **integration failures**, and **hybrid reachability freshness**.