From d0f2cc3b2cf0dfa4b1ea69737ad5ebd02089fbc6 Mon Sep 17 00:00:00 2001 From: master <> Date: Sun, 8 Mar 2026 10:47:19 +0200 Subject: [PATCH] Archive live search ingestion browser validation sprint --- ...6_FE_security_operations_leaves_cutover.md | 101 ++++++ ...ive_search_ingestion_browser_validation.md | 83 +++++ .../web/security-operations-leaves-ui.md | 67 ++++ docs/modules/ui/README.md | 3 + docs/modules/ui/TASKS.md | 4 + docs/modules/ui/implementation_plan.md | 2 + .../ui/security-operations-leaves/README.md | 60 ++++ src/Web/StellaOps.Web/src/app/app.routes.ts | 27 ++ .../app/core/navigation/navigation.config.ts | 10 +- .../determinization-review.component.ts | 6 +- .../grey-queue-dashboard.component.ts | 4 +- .../app-sidebar/app-sidebar.component.spec.ts | 22 +- .../app-sidebar/app-sidebar.component.ts | 8 + ...security-operations-leaves-cutover.spec.ts | 74 ++++ .../unknowns/unknowns-route-handoffs.spec.ts | 138 ++++++++ ...security-operations-leaves-cutover.spec.ts | 328 ++++++++++++++++++ 16 files changed, 926 insertions(+), 11 deletions(-) create mode 100644 docs-archived/implplan/SPRINT_20260308_006_FE_security_operations_leaves_cutover.md create mode 100644 docs-archived/implplan/SPRINT_20260308_008_FE_live_search_ingestion_browser_validation.md create mode 100644 docs/features/checked/web/security-operations-leaves-ui.md create mode 100644 docs/modules/ui/security-operations-leaves/README.md create mode 100644 src/Web/StellaOps.Web/src/tests/security/security-operations-leaves-cutover.spec.ts create mode 100644 src/Web/StellaOps.Web/src/tests/unknowns/unknowns-route-handoffs.spec.ts create mode 100644 src/Web/StellaOps.Web/tests/e2e/security-operations-leaves-cutover.spec.ts diff --git a/docs-archived/implplan/SPRINT_20260308_006_FE_security_operations_leaves_cutover.md b/docs-archived/implplan/SPRINT_20260308_006_FE_security_operations_leaves_cutover.md new file mode 100644 index 000000000..ac5866ce5 --- /dev/null +++ b/docs-archived/implplan/SPRINT_20260308_006_FE_security_operations_leaves_cutover.md @@ -0,0 +1,101 @@ +# Sprint 20260308_006_FE - Security Operations Leaves Cutover + +## Topic & Scope +- Complete the high-confidence security and operator leaves that are mounted but weakly surfaced: `Mission Alerts`, `Mission Activity`, `Unknowns`, and `Notifications`. +- Replace stale `/analyze/unknowns*` and `/notify` links with mounted canonical routes while preserving bookmark compatibility and operator context. +- Expose these leaves from the live shells so operators can reach them from current navigation instead of relying on typed URLs or overview-card luck. +- Working directory: `src/Web/StellaOps.Web/`. +- Expected evidence: targeted Angular tests, Playwright coverage for mission/security/notify journeys, checked-feature docs, and archived sprint notes. + +## Dependencies & Concurrency +- Depends on the shipped `Platform Ops`, `Watchlist`, `Unified Audit`, and `Topology / Trust` cutovers already archived in `docs-archived/implplan/`. +- Safe parallelism: backend contracts are already present; this sprint is frontend-only and limited to route ownership, navigation exposure, UI workflow repair, tests, and docs. + +## Documentation Prerequisites +- `AGENTS.md` +- `docs/modules/ui/AGENTS.md` +- `src/Web/StellaOps.Web/AGENTS.md` +- `docs/modules/ui/README.md` +- `docs/modules/ui/architecture.md` +- `docs/modules/ui/implementation_plan.md` +- `docs/modules/ui/component-preservation-map/RESTORATION_PRIORITIES.md` +- `docs/modules/ui/component-preservation-map/components/weak-route/mission-control/README.md` +- `docs/modules/ui/component-preservation-map/components/weak-route/notify/README.md` +- `docs/modules/ui/component-preservation-map/components/weak-route/unknowns-tracking/README.md` + +## Delivery Tracker + +### FE-SOL-001 - Freeze canonical mission, unknowns, and notify route ownership +Status: DONE +Dependency: none +Owners: Developer / Implementer +Task description: +- Make `Mission Control` the canonical owner for alerts and activity, `Security` the canonical owner for unknowns tracking, and `Ops > Operations` the canonical owner for notifications. +- Add or repair alias coverage for stale `/analyze/unknowns*` and `/notify` entry points so bookmarks resolve into mounted pages with preserved query state. + +Completion criteria: +- [x] Canonical owners and alias policy are defined for mission alerts/activity, security unknowns, and notifications. +- [x] Stale `/analyze/unknowns*` and `/notify` links land on mounted canonical pages. +- [x] Shared navigation config no longer points these leaves at dead paths. + +### FE-SOL-002 - Surface the leaves from the live shells +Status: DONE +Dependency: FE-SOL-001 +Owners: Developer / Implementer +Task description: +- Expose the mounted leaves from current shell navigation so operators can reach them without memorizing routes. +- Mission Control should surface alerts and activity, Security should surface unknowns, and Operations should surface notifications from active tabs/cards/submenus rather than leaving them as weak-route debt. + +Completion criteria: +- [x] Mission Control exposes alerts and activity from the live shell. +- [x] Security exposes unknowns from the live shell. +- [x] Operations exposes notifications from the live shell. + +### FE-SOL-003 - Repair leaf-local workflow links and actions +Status: DONE +Dependency: FE-SOL-001 +Owners: Developer / Implementer +Task description: +- Fix stale internal links inside the unknowns subtree and any leaf-local handoffs that still target dead routes. +- Preserve the current operator flows inside mission alerts/activity and notifications, but ensure all deep links stay inside canonical owners and return-to-context behavior remains intact. + +Completion criteria: +- [x] Unknowns dashboard, detail, grey queue, and determinization links stay inside canonical security routes. +- [x] Mission alerts and activity handoffs remain usable and route-backed. +- [x] Notifications shell keeps working watchlist and delivery drill-ins without stale owner routes. + +### FE-SOL-004 - Verify cutover, sync docs, and archive +Status: DONE +Dependency: FE-SOL-002, FE-SOL-003 +Owners: Developer / Implementer, QA +Task description: +- Add focused tests for the repaired alias contract and surfaced leaves, then run targeted Angular and Playwright verification. +- Record the shipped behavior in checked-feature docs and archive the sprint only when all delivery tasks are done. + +Completion criteria: +- [x] Targeted Angular tests cover alias repair, surfacing, and local link fixes. +- [x] Playwright verifies at least one end-to-end journey across mission, security unknowns, and notifications leaves. +- [x] UI docs and checked-feature notes reflect the shipped behavior. +- [x] Sprint moved to `docs-archived/implplan/` only after all tasks are marked DONE. + +## Execution Log +| Date (UTC) | Update | Owner | +| --- | --- | --- | +| 2026-03-08 | Sprint created and moved to DOING for the security operations leaves cutover. | Codex | +| 2026-03-08 | Added canonical `/analyze/unknowns*` and `/notify` alias coverage, repaired shared navigation targets, and surfaced alerts/activity/unknowns/notifications from live sidebar shells. | Codex | +| 2026-03-08 | Verified the cutover with focused Angular tests, Playwright UI flow coverage, and a production build; docs synced and sprint ready for archive. | Codex | + +## Decisions & Risks +- Risk: some of these pages are mounted already, but current navigation does not acknowledge them. +- Mitigation: treat this as a surfacing and alias cutover, not a new product branch. +- Risk: unknowns tracking still contains stale `/analyze/*` internal links that could leave the operator on broken paths. +- Mitigation: repair both the bookmark aliases and the leaf-local links in the same sprint. +- Risk: notifications has both setup-admin and ops-delivery concepts. +- Mitigation: keep admin rule configuration under `Setup > Notifications`, but keep delivery and operator notification workflows under `Ops > Operations > Notifications`. +- Risk: the local Angular dev proxy reserves `/notify`, which makes browser-level navigation to that alias unstable in Playwright even though the app route is correct. +- Mitigation: keep `/notify` alias coverage in router-contract tests and use the mounted canonical notifications page for browser-level workflow verification. +- Delivery rule: this sprint is only complete when these leaves are reachable from live shells, stale links are repaired, and the core operator journey is verified end to end. + +## Next Checkpoints +- 2026-03-08: canonical owners, alias contract, and shell exposure complete. +- 2026-03-08: targeted verification passes, sprint archived, and commit created. diff --git a/docs-archived/implplan/SPRINT_20260308_008_FE_live_search_ingestion_browser_validation.md b/docs-archived/implplan/SPRINT_20260308_008_FE_live_search_ingestion_browser_validation.md new file mode 100644 index 000000000..a2285576b --- /dev/null +++ b/docs-archived/implplan/SPRINT_20260308_008_FE_live_search_ingestion_browser_validation.md @@ -0,0 +1,83 @@ +# Sprint 20260308-008 - FE Live Search Ingestion Browser Validation + +## Topic & Scope +- Bring the AdvisoryAI search corpus into a known-good ingested state for local verification instead of relying on stale or missing data. +- Validate the shipped search experience through a real browser using Playwright against the live search endpoints, not only mocked FE lanes. +- Keep the work centered on the Web search verification lane; only use AdvisoryAI startup/rebuild commands as operational prerequisites for the browser tests. +- Working directory: `src/Web/StellaOps.Web`. +- Expected evidence: corpus rebuild output, live Playwright browser results, and sprint execution log updates. + +## Dependencies & Concurrency +- Depends on the archived search rollout/correction sprints in `docs-archived/implplan/SPRINT_20260306_001_*`, `002_*`, `004_*`, `005_*`, `006_*`, and the later archived 2026-03-07 search corrective set. +- Safe parallelism: do not edit unrelated Router, topology, or shell cutover files while executing this validation lane. +- Operational dependency: the local AdvisoryAI WebService must be running and reachable on the documented local port before the live browser suite starts. + +## Documentation Prerequisites +- `docs/qa/feature-checks/FLOW.md` +- `docs/code-of-conduct/TESTING_PRACTICES.md` +- `docs/modules/advisory-ai/knowledge-search.md` +- `src/AdvisoryAI/__Tests/INFRASTRUCTURE.md` +- `src/Web/StellaOps.Web/AGENTS.md` + +## Delivery Tracker + +### FE-LIVESEARCH-001 - Prepare the local ingestion corpus +Status: DONE +Dependency: none +Owners: QA, Developer (FE) +Task description: +- Start or verify the local AdvisoryAI WebService. +- Run the documented `sources prepare` and index rebuild order so live search suggestions and grounded answers come from a fresh ingested corpus. + +Completion criteria: +- [x] Local AdvisoryAI health responds successfully. +- [x] `sources prepare` completes successfully or a documented equivalent local corpus path is used. +- [x] Knowledge and unified search rebuilds succeed with recorded output. + +### FE-LIVESEARCH-002 - Execute browser-level Playwright validation against the live search service +Status: DONE +Dependency: FE-LIVESEARCH-001 +Owners: QA, Test Automation +Task description: +- Run the existing live Playwright search suites that proxy browser search traffic into the local AdvisoryAI service. +- Exercise real search flows from the browser and confirm grounded results, viable suggestions, and contextual handoff behavior. + +Completion criteria: +- [x] Live Playwright search suites pass against the rebuilt local corpus. +- [x] Browser verification covers suggestions, grounded answer panel, and Ask-AdvisoryAI handoff. +- [x] Failures are triaged as data-ingestion, FE, or backend issues with exact evidence. + +### FE-LIVESEARCH-003 - Record outcomes and close or follow up +Status: DONE +Dependency: FE-LIVESEARCH-002 +Owners: QA, Project Manager +Task description: +- Record the exact commands, routes, and outcomes from the live browser lane. +- If defects remain, split them into focused follow-up sprints instead of leaving this ingestion-validation lane ambiguous. + +Completion criteria: +- [x] Sprint execution log contains the live setup and browser evidence. +- [x] Any remaining issues are translated into focused follow-up work with clear ownership. +- [x] This sprint is archived only if all tasks are complete. + +## Execution Log +| Date (UTC) | Update | Owner | +| --- | --- | --- | +| 2026-03-08 | Sprint created to set up local AdvisoryAI ingestion and verify the shipped search UX from a real browser using Playwright against live endpoints. | Developer | +| 2026-03-08 | Verified `sources prepare` from the locally built CLI against the repo root with `docs.documentCount=461`, `doctor.mergedSeedCount=31`, and `doctor.controlCount=31`; then started the source-run AdvisoryAI WebService on `http://127.0.0.1:10451` and confirmed `/health` returned `200`. | QA | +| 2026-03-08 | Rebuilt the live search indexes against the source-run service and verified `POST /v1/search/query` for `database connectivity` returned `contextAnswer.status=grounded` with top card `PostgreSQL connectivity`. | QA | +| 2026-03-08 | Ran `npx playwright test tests/e2e/unified-search-contextual-suggestions.live.e2e.spec.ts --config playwright.config.ts` with `LIVE_ADVISORYAI_SEARCH_BASE_URL=http://127.0.0.1:10451`; result `8 passed`, `3 skipped` where skips were explicit corpus-unready branches that are now bypassed because the routes are ready. | QA | + +## Decisions & Risks +- Decision: prefer the documented local ingestion/rebuild flow already used by the live search suites instead of inventing a second setup path. +- Decision: use browser-level Playwright verification against live search endpoints as the acceptance lane for this sprint. +- Decision: use the source-run AdvisoryAI WebService on `127.0.0.1:10451` for this lane instead of the compose-hosted service because the compose instance was reachable but returned an empty rebuild corpus in this workspace. +- Decision: the Playwright test runner is sufficient browser evidence for this sprint; direct MCP browser control was unavailable because the Playwright MCP Bridge extension is not installed in this environment. +- Risk: the local AdvisoryAI WebService may not be running or may lack database/env prerequisites. +- Mitigation: treat service startup and rebuild as first-class setup work, record exact blockers, and only proceed to browser validation after health is green. +- Risk: a reachable AdvisoryAI service can still be logically unready if it points at the wrong database or stale corpus. +- Mitigation: require both rebuild output and a grounded direct query (`database connectivity`) before allowing the browser suite to count as valid evidence. + +## Next Checkpoints +- 2026-03-08: local AdvisoryAI service healthy and indexes rebuilt. +- 2026-03-08: live Playwright search browser suite executed with recorded outcome. diff --git a/docs/features/checked/web/security-operations-leaves-ui.md b/docs/features/checked/web/security-operations-leaves-ui.md new file mode 100644 index 000000000..6d2c4629f --- /dev/null +++ b/docs/features/checked/web/security-operations-leaves-ui.md @@ -0,0 +1,67 @@ +# Security Operations Leaves UI + +## Module +Web + +## Status +VERIFIED + +## Description +Shipped the weak-route security operations leaves as fully surfaced operator workflows. `Mission Control` now exposes alerts and activity, `Security` owns unknowns tracking and determinization flows, and `Ops > Operations` owns notifications. Stale `/analyze/unknowns*` and `/notify` entry points now resolve into mounted canonical pages instead of dead owner paths. + +## Implementation Details +- **Feature directories**: + - `src/Web/StellaOps.Web/src/app/features/mission-control/` + - `src/Web/StellaOps.Web/src/app/features/unknowns-tracking/` + - `src/Web/StellaOps.Web/src/app/features/notify/` +- **Primary components**: + - `mission-alerts-page` (`src/Web/StellaOps.Web/src/app/features/mission-control/mission-alerts-page.component.ts`) + - `mission-activity-page` (`src/Web.StellaOps.Web/src/app/features/mission-control/mission-activity-page.component.ts`) + - `unknowns-dashboard` (`src/Web.StellaOps.Web/src/app/features/unknowns-tracking/unknowns-dashboard.component.ts`) + - `grey-queue-dashboard` (`src/Web.StellaOps.Web/src/app/features/unknowns-tracking/grey-queue-dashboard.component.ts`) + - `determinization-review` (`src/Web.StellaOps.Web/src/app/features/unknowns-tracking/determinization-review.component.ts`) + - `notify-panel` (`src/Web.StellaOps.Web/src/app/features/notify/notify-panel.component.ts`) +- **Canonical routes**: + - `/mission-control/alerts` + - `/mission-control/activity` + - `/security/unknowns` + - `/security/unknowns/:unknownId` + - `/security/unknowns/:unknownId/determinization` + - `/security/unknowns/queue/grey` + - `/ops/operations/notifications` +- **Legacy aliases**: + - `/analyze/unknowns` + - `/analyze/unknowns/:unknownId` + - `/analyze/unknowns/:unknownId/determinization` + - `/analyze/unknowns/queue/grey` + - `/notify` +- **Secondary entry points**: + - sidebar `Mission Control > Alerts` + - sidebar `Mission Control > Activity` + - sidebar `Security > Unknowns` + - sidebar `Operations > Notifications` + +## E2E Test Plan +- **Setup**: + - [x] Start the local Angular test server with `npm run serve:test`. + - [x] Use a test session with mission, scanner, ops, and notify viewer scopes. +- **Core verification**: + - [x] Open `/analyze/unknowns` and verify redirect into canonical `/security/unknowns`. + - [x] Drill into unknown detail and verify the identification workflow stays mounted. + - [x] Open the canonical notifications shell and verify the operator page and watchlist handoff render. + - [x] Open `/mission-control/alerts` and `/mission-control/activity` and verify both pages render live operator links. + +## Verification +- Run: + - `npm run test -- --watch=false --include src/app/layout/app-sidebar/app-sidebar.component.spec.ts --include src/tests/security/security-operations-leaves-cutover.spec.ts --include src/tests/unknowns/unknowns-tracking-ui.behavior.spec.ts --include src/tests/unknowns/unknowns-route-handoffs.spec.ts --include src/tests/notify/notify-watchlist-handoff.spec.ts` + - `npx playwright test --config playwright.config.ts tests/e2e/security-operations-leaves-cutover.spec.ts --workers=1` + - `npm run build` +- Tier 0 (source): pass +- Tier 1 (build/tests): pass +- Tier 2 (behavior): pass +- Notes: + - Angular targeted tests passed: `5` files, `16` tests. + - Playwright passed: `1` security-operations cutover scenario. + - The browser flow uses `/ops/operations/notifications` because the local frontend proxy reserves `/notify`; the `/notify` alias remains covered by the route-contract test. + - Production build passed; existing bundle-budget warnings remain unchanged from the baseline. +- Verified on (UTC): 2026-03-08T08:42:15Z diff --git a/docs/modules/ui/README.md b/docs/modules/ui/README.md index 2d9d45415..55a846166 100644 --- a/docs/modules/ui/README.md +++ b/docs/modules/ui/README.md @@ -9,6 +9,8 @@ The Console presents operator dashboards for scans, policies, VEX evidence, runtime posture, and admin workflows. ## Latest updates (2026-03-08) +- Shipped the `Mission Control`, `Security`, and `Ops > Operations` security-leaves cutover, including canonical surfacing for alerts, activity, unknowns, and notifications plus repaired `/analyze/unknowns*` and `/notify` ownership. +- Added checked-feature verification for the security operations leaves cutover at `../../features/checked/web/security-operations-leaves-ui.md`. - Shipped the canonical `Setup > Topology` and `Setup > Trust & Signing` cutover, including repaired legacy trust bookmarks, fixed `Platform Setup` handoffs, and expanded topology shell exposure. - Added checked-feature verification for topology and trust administration at `../../features/checked/web/topology-trust-administration-ui.md`. - Shipped the execution-operations cutover for canonical JobEngine, Scheduler, Dead-Letter, and companion Scanner Ops workflows under `Ops > Operations`. @@ -83,6 +85,7 @@ The Console presents operator dashboards for scans, policies, VEX evidence, runt - ./quota-health-aoc-operations/README.md - ./execution-operations/README.md - ./topology-trust-administration/README.md +- ./security-operations-leaves/README.md - ./triage-explainability-workspace/README.md - ./workflow-visualization-replay/README.md - ./contextual-actions-patterns/README.md diff --git a/docs/modules/ui/TASKS.md b/docs/modules/ui/TASKS.md index 316079918..0ab98da80 100644 --- a/docs/modules/ui/TASKS.md +++ b/docs/modules/ui/TASKS.md @@ -104,6 +104,10 @@ - [DONE] FE-TTA-002 Complete topology shell exposure and platform setup handoffs - [DONE] FE-TTA-003 Merge legacy trust settings and issuer entry points into usable trust administration - [DONE] FE-TTA-004 Verify cutover, sync docs, and archive +- [DONE] FE-SOL-001 Freeze canonical mission, unknowns, and notify route ownership +- [DONE] FE-SOL-002 Surface the leaves from the live shells +- [DONE] FE-SOL-003 Repair leaf-local workflow links and actions +- [DONE] FE-SOL-004 Verify cutover, sync docs, and archive - [DONE] FE-PO-001 Freeze Operations overview taxonomy and submenu structure - [DONE] FE-PO-002 Overview page regrouping and blocking-card contract - [DONE] FE-PO-003 Legacy widget absorption matrix for Platform Ops diff --git a/docs/modules/ui/implementation_plan.md b/docs/modules/ui/implementation_plan.md index 49afc7084..96d9ba102 100644 --- a/docs/modules/ui/implementation_plan.md +++ b/docs/modules/ui/implementation_plan.md @@ -32,12 +32,14 @@ Provide a living plan for UI deliverables, dependencies, and evidence. - `docs/features/checked/web/quota-health-aoc-operations-ui.md` - shipped verification note for canonical quota, health, and AOC owner routes, repaired deep links, route-backed filters, and completed operator actions. - `docs/features/checked/web/execution-operations-ui.md` - shipped verification note for canonical execution routes, repaired jobengine and scheduler aliases, completed dead-letter actions, and usable scanner-support workflows. - `docs/features/checked/web/topology-trust-administration-ui.md` - shipped verification note for canonical topology and trust setup shells, repaired settings/admin/platform aliases, and platform-setup handoffs. +- `docs/features/checked/web/security-operations-leaves-ui.md` - shipped verification note for mission alerts/activity surfacing, unknowns route repair, notifications ownership, and legacy security alias cutover. - `docs/modules/ui/reachability-witnessing/README.md` - detailed witness and proof UX dossier plus cross-shell deep-link contract. - `docs/modules/ui/platform-ops-consolidation/README.md` - detailed Operations overview taxonomy and legacy absorption plan. - `docs/modules/ui/offline-operations/README.md` - detailed owner-shell contract for Offline Kit, Feeds & Airgap, Evidence handoffs, and stale alias policy. - `docs/modules/ui/quota-health-aoc-operations/README.md` - canonical owner-shell contract for quota, health, and AOC operations cutover plus alias and action rules. - `docs/modules/ui/execution-operations/README.md` - canonical execution owner-shell contract for JobEngine, Scheduler, Dead-Letter, and companion Scanner Ops workflows. - `docs/modules/ui/topology-trust-administration/README.md` - canonical setup owner contract for topology inventory, trust administration, legacy trust redirects, and platform-setup handoffs. +- `docs/modules/ui/security-operations-leaves/README.md` - canonical owner contract for mission alerts/activity, security unknowns, notifications, and stale `/analyze`/`/notify` handoffs. - `docs/modules/ui/triage-explainability-workspace/README.md` - detailed artifact workspace and audit-bundle UX dossier. - `docs/modules/ui/workflow-visualization-replay/README.md` - detailed run-detail graph, timeline, replay, and evidence UX dossier. - `docs/modules/ui/contextual-actions-patterns/README.md` - shared placement contract for stray actions, pages, drawers, and tabs. diff --git a/docs/modules/ui/security-operations-leaves/README.md b/docs/modules/ui/security-operations-leaves/README.md new file mode 100644 index 000000000..c548c2fc5 --- /dev/null +++ b/docs/modules/ui/security-operations-leaves/README.md @@ -0,0 +1,60 @@ +# Security Operations Leaves + +## Purpose +- Make the preserved weak-route leaves fully usable from the live shells instead of leaving them reachable only by typed URLs or overview-card luck. +- Keep `Mission Control`, `Security`, and `Ops > Operations` as the owners of their respective operator workflows instead of reviving a separate legacy security-ops product. + +## Canonical Owner +- Owner shells: + - `Mission Control` + - `Security` + - `Ops > Operations` +- Primary routes: + - `/mission-control/alerts` + - `/mission-control/activity` + - `/mission-control/release-health` + - `/mission-control/security-posture` + - `/security/unknowns` + - `/security/unknowns/:unknownId` + - `/security/unknowns/:unknownId/determinization` + - `/security/unknowns/queue/grey` + - `/ops/operations/notifications` + +## Legacy Alias Policy +- Preserve stale bookmarks and old links by redirecting: + - `/analyze/unknowns` + - `/analyze/unknowns/:unknownId` + - `/analyze/unknowns/:unknownId/determinization` + - `/analyze/unknowns/queue/grey` + - `/notify` +- Redirects must preserve query params and fragments so tenant, region, environment, return-to-context, and tab state survive the handoff. +- `Setup > Notifications` remains the admin/configuration surface. `Ops > Operations > Notifications` remains the operator delivery and alert workflow surface. + +## UX Rules +- `Mission Control` owns the cross-product alert and recent-activity pages and must surface them directly from the live sidebar. +- `Security` owns unknowns tracking, detail review, grey queue, and determinization flows. +- `Ops > Operations` owns notification delivery, channel health, and operator watchlist handoffs. +- Internal links inside the unknowns subtree must stay inside `/security/unknowns*`, not dead `/analyze/*` routes. +- Browser-level verification should use the mounted notifications page because the local frontend proxy reserves `/notify`; the alias itself is still required in app routing and verified at route-contract level. + +## Preserved Value +- Keep: + - mission alert and activity summaries as operator landing pages + - unknowns tracking and determinization workflows + - notification delivery and watchlist handoff workflows +- Why: + - these are already mounted product capabilities with useful operator actions + - the product issue was surfacing debt and stale route ownership, not lack of feature value + +## Shipped In This Cut +- Added top-level alias coverage for stale `/analyze/unknowns*` and `/notify` entry points. +- Retargeted shared navigation config from dead analyze and notify paths to the canonical security and operations owners. +- Surfaced `Alerts`, `Activity`, `Unknowns`, and `Notifications` from the live sidebar shells. +- Repaired unknowns grey-queue and determinization links so breadcrumbs and return paths stay inside canonical security routes. +- Added focused Angular and Playwright verification for the cutover. + +## Related Docs +- `docs/features/checked/web/security-operations-leaves-ui.md` +- `docs/features/checked/web/unknowns-tracking-ui.md` +- `docs/modules/ui/watchlist-operations/README.md` +- `docs/modules/ui/component-preservation-map/RESTORATION_PRIORITIES.md` diff --git a/src/Web/StellaOps.Web/src/app/app.routes.ts b/src/Web/StellaOps.Web/src/app/app.routes.ts index 4f2b7f014..da507c6b9 100644 --- a/src/Web/StellaOps.Web/src/app/app.routes.ts +++ b/src/Web/StellaOps.Web/src/app/app.routes.ts @@ -218,6 +218,33 @@ export const routes: Routes = [ { path: '**', redirectTo: '/administration' }, ], }, + { + path: 'analyze', + children: [ + { path: 'unknowns', redirectTo: preserveAppRedirect('/security/unknowns'), pathMatch: 'full' }, + { + path: 'unknowns/queue/grey', + redirectTo: preserveAppRedirect('/security/unknowns/queue/grey'), + pathMatch: 'full', + }, + { + path: 'unknowns/:unknownId/determinization', + redirectTo: preserveAppRedirect('/security/unknowns/:unknownId/determinization'), + pathMatch: 'full', + }, + { + path: 'unknowns/:unknownId', + redirectTo: preserveAppRedirect('/security/unknowns/:unknownId'), + pathMatch: 'full', + }, + { path: '**', redirectTo: '/security', pathMatch: 'full' }, + ], + }, + { + path: 'notify', + redirectTo: preserveAppRedirect('/ops/operations/notifications'), + pathMatch: 'full', + }, { path: 'platform-ops', loadChildren: () => import('./routes/platform-ops.routes').then((m) => m.PLATFORM_OPS_ROUTES), diff --git a/src/Web/StellaOps.Web/src/app/core/navigation/navigation.config.ts b/src/Web/StellaOps.Web/src/app/core/navigation/navigation.config.ts index f3f08d0dd..6c4c573cd 100644 --- a/src/Web/StellaOps.Web/src/app/core/navigation/navigation.config.ts +++ b/src/Web/StellaOps.Web/src/app/core/navigation/navigation.config.ts @@ -61,14 +61,14 @@ export const NAVIGATION_GROUPS: NavGroup[] = [ { id: 'lineage', label: 'Lineage', - route: '/lineage', + route: '/security/lineage', icon: 'git-branch', tooltip: 'Explore SBOM lineage and smart diff', }, { id: 'reachability', label: 'Reachability', - route: '/reachability', + route: '/security/reachability', icon: 'network', tooltip: 'Reachability analysis and coverage', }, @@ -82,14 +82,14 @@ export const NAVIGATION_GROUPS: NavGroup[] = [ { id: 'unknowns', label: 'Unknowns', - route: '/analyze/unknowns', + route: '/security/unknowns', icon: 'help-circle', tooltip: 'Track and identify unknown components', }, { id: 'patch-map', label: 'Patch Map', - route: '/analyze/patch-map', + route: '/security/patch-map', icon: 'grid', tooltip: 'Fleet-wide binary patch coverage heatmap', }, @@ -470,7 +470,7 @@ export const NAVIGATION_GROUPS: NavGroup[] = [ { id: 'notifications', label: 'Notifications', - route: '/notify', + route: OPERATIONS_PATHS.notifications, icon: 'notification', tooltip: 'Notification center', }, diff --git a/src/Web/StellaOps.Web/src/app/features/unknowns-tracking/determinization-review.component.ts b/src/Web/StellaOps.Web/src/app/features/unknowns-tracking/determinization-review.component.ts index 31194634e..ee6f80bb5 100644 --- a/src/Web/StellaOps.Web/src/app/features/unknowns-tracking/determinization-review.component.ts +++ b/src/Web/StellaOps.Web/src/app/features/unknowns-tracking/determinization-review.component.ts @@ -29,11 +29,11 @@ import { GreyQueuePanelComponent } from '../unknowns/grey-queue-panel.component'