Archive live search ingestion browser validation sprint

docs/modules/ui/README.md

@@ -9,6 +9,8 @@
 The Console presents operator dashboards for scans, policies, VEX evidence, runtime posture, and admin workflows.
 
 ## Latest updates (2026-03-08)
+- Shipped the `Mission Control`, `Security`, and `Ops > Operations` security-leaves cutover, including canonical surfacing for alerts, activity, unknowns, and notifications plus repaired `/analyze/unknowns*` and `/notify` ownership.
+- Added checked-feature verification for the security operations leaves cutover at `../../features/checked/web/security-operations-leaves-ui.md`.
 - Shipped the canonical `Setup > Topology` and `Setup > Trust & Signing` cutover, including repaired legacy trust bookmarks, fixed `Platform Setup` handoffs, and expanded topology shell exposure.
 - Added checked-feature verification for topology and trust administration at `../../features/checked/web/topology-trust-administration-ui.md`.
 - Shipped the execution-operations cutover for canonical JobEngine, Scheduler, Dead-Letter, and companion Scanner Ops workflows under `Ops > Operations`.
@@ -83,6 +85,7 @@ The Console presents operator dashboards for scans, policies, VEX evidence, runt
 - ./quota-health-aoc-operations/README.md
 - ./execution-operations/README.md
 - ./topology-trust-administration/README.md
+- ./security-operations-leaves/README.md
 - ./triage-explainability-workspace/README.md
 - ./workflow-visualization-replay/README.md
 - ./contextual-actions-patterns/README.md

docs/modules/ui/TASKS.md

@@ -104,6 +104,10 @@
 - [DONE] FE-TTA-002 Complete topology shell exposure and platform setup handoffs
 - [DONE] FE-TTA-003 Merge legacy trust settings and issuer entry points into usable trust administration
 - [DONE] FE-TTA-004 Verify cutover, sync docs, and archive
+- [DONE] FE-SOL-001 Freeze canonical mission, unknowns, and notify route ownership
+- [DONE] FE-SOL-002 Surface the leaves from the live shells
+- [DONE] FE-SOL-003 Repair leaf-local workflow links and actions
+- [DONE] FE-SOL-004 Verify cutover, sync docs, and archive
 - [DONE] FE-PO-001 Freeze Operations overview taxonomy and submenu structure
 - [DONE] FE-PO-002 Overview page regrouping and blocking-card contract
 - [DONE] FE-PO-003 Legacy widget absorption matrix for Platform Ops

docs/modules/ui/implementation_plan.md

@@ -32,12 +32,14 @@ Provide a living plan for UI deliverables, dependencies, and evidence.
 - `docs/features/checked/web/quota-health-aoc-operations-ui.md` - shipped verification note for canonical quota, health, and AOC owner routes, repaired deep links, route-backed filters, and completed operator actions.
 - `docs/features/checked/web/execution-operations-ui.md` - shipped verification note for canonical execution routes, repaired jobengine and scheduler aliases, completed dead-letter actions, and usable scanner-support workflows.
 - `docs/features/checked/web/topology-trust-administration-ui.md` - shipped verification note for canonical topology and trust setup shells, repaired settings/admin/platform aliases, and platform-setup handoffs.
+- `docs/features/checked/web/security-operations-leaves-ui.md` - shipped verification note for mission alerts/activity surfacing, unknowns route repair, notifications ownership, and legacy security alias cutover.
 - `docs/modules/ui/reachability-witnessing/README.md` - detailed witness and proof UX dossier plus cross-shell deep-link contract.
 - `docs/modules/ui/platform-ops-consolidation/README.md` - detailed Operations overview taxonomy and legacy absorption plan.
 - `docs/modules/ui/offline-operations/README.md` - detailed owner-shell contract for Offline Kit, Feeds & Airgap, Evidence handoffs, and stale alias policy.
 - `docs/modules/ui/quota-health-aoc-operations/README.md` - canonical owner-shell contract for quota, health, and AOC operations cutover plus alias and action rules.
 - `docs/modules/ui/execution-operations/README.md` - canonical execution owner-shell contract for JobEngine, Scheduler, Dead-Letter, and companion Scanner Ops workflows.
 - `docs/modules/ui/topology-trust-administration/README.md` - canonical setup owner contract for topology inventory, trust administration, legacy trust redirects, and platform-setup handoffs.
+- `docs/modules/ui/security-operations-leaves/README.md` - canonical owner contract for mission alerts/activity, security unknowns, notifications, and stale `/analyze`/`/notify` handoffs.
 - `docs/modules/ui/triage-explainability-workspace/README.md` - detailed artifact workspace and audit-bundle UX dossier.
 - `docs/modules/ui/workflow-visualization-replay/README.md` - detailed run-detail graph, timeline, replay, and evidence UX dossier.
 - `docs/modules/ui/contextual-actions-patterns/README.md` - shared placement contract for stray actions, pages, drawers, and tabs.

docs/modules/ui/security-operations-leaves/README.md

@@ -0,0 +1,60 @@
+# Security Operations Leaves
+
+## Purpose
+- Make the preserved weak-route leaves fully usable from the live shells instead of leaving them reachable only by typed URLs or overview-card luck.
+- Keep `Mission Control`, `Security`, and `Ops > Operations` as the owners of their respective operator workflows instead of reviving a separate legacy security-ops product.
+
+## Canonical Owner
+- Owner shells:
+  - `Mission Control`
+  - `Security`
+  - `Ops > Operations`
+- Primary routes:
+  - `/mission-control/alerts`
+  - `/mission-control/activity`
+  - `/mission-control/release-health`
+  - `/mission-control/security-posture`
+  - `/security/unknowns`
+  - `/security/unknowns/:unknownId`
+  - `/security/unknowns/:unknownId/determinization`
+  - `/security/unknowns/queue/grey`
+  - `/ops/operations/notifications`
+
+## Legacy Alias Policy
+- Preserve stale bookmarks and old links by redirecting:
+  - `/analyze/unknowns`
+  - `/analyze/unknowns/:unknownId`
+  - `/analyze/unknowns/:unknownId/determinization`
+  - `/analyze/unknowns/queue/grey`
+  - `/notify`
+- Redirects must preserve query params and fragments so tenant, region, environment, return-to-context, and tab state survive the handoff.
+- `Setup > Notifications` remains the admin/configuration surface. `Ops > Operations > Notifications` remains the operator delivery and alert workflow surface.
+
+## UX Rules
+- `Mission Control` owns the cross-product alert and recent-activity pages and must surface them directly from the live sidebar.
+- `Security` owns unknowns tracking, detail review, grey queue, and determinization flows.
+- `Ops > Operations` owns notification delivery, channel health, and operator watchlist handoffs.
+- Internal links inside the unknowns subtree must stay inside `/security/unknowns*`, not dead `/analyze/*` routes.
+- Browser-level verification should use the mounted notifications page because the local frontend proxy reserves `/notify`; the alias itself is still required in app routing and verified at route-contract level.
+
+## Preserved Value
+- Keep:
+  - mission alert and activity summaries as operator landing pages
+  - unknowns tracking and determinization workflows
+  - notification delivery and watchlist handoff workflows
+- Why:
+  - these are already mounted product capabilities with useful operator actions
+  - the product issue was surfacing debt and stale route ownership, not lack of feature value
+
+## Shipped In This Cut
+- Added top-level alias coverage for stale `/analyze/unknowns*` and `/notify` entry points.
+- Retargeted shared navigation config from dead analyze and notify paths to the canonical security and operations owners.
+- Surfaced `Alerts`, `Activity`, `Unknowns`, and `Notifications` from the live sidebar shells.
+- Repaired unknowns grey-queue and determinization links so breadcrumbs and return paths stay inside canonical security routes.
+- Added focused Angular and Playwright verification for the cutover.
+
+## Related Docs
+- `docs/features/checked/web/security-operations-leaves-ui.md`
+- `docs/features/checked/web/unknowns-tracking-ui.md`
+- `docs/modules/ui/watchlist-operations/README.md`
+- `docs/modules/ui/component-preservation-map/RESTORATION_PRIORITIES.md`