# StellaOps Console UI

The Console presents operator dashboards for scans, policies, VEX evidence, runtime posture, and admin workflows.

## Latest updates (2025-11-30)
- Docs refreshed per `docs/implplan/SPRINT_0331_0001_0001_docs_modules_ui.md`; added observability runbook stub and TASKS mirror.
- Access-control guidance from 2025-11-03 remains valid; ensure Authority scopes are verified before enabling uploads.

## Responsibilities
- Render real-time status for ingestion, scanning, policy, and exports via SSE.
- Provide policy editor, SBOM explorer, and advisory views with accessibility compliance.
- Integrate with Authority for fresh-auth and scope enforcement.
- Support offline bundles with deterministic build outputs.

## Key components
- Angular 17 workspace under `src/Web/StellaOps.Web`.
- Signals-based state management with `@ngrx/signals` store.
- API client generator (`core/api`).

## Integrations & dependencies
- Backend APIs (Scanner, Policy, Notify, Export Center, Attestor).
- Authority for DPoP-protected calls.
- Telemetry streams for observability dashboards.

## Operational notes
- Auth smoke tests in `operations/auth-smoke.md`.
- Observability runbook + dashboard stub in `operations/observability.md` and `operations/dashboards/console-ui-observability.json` (offline import).
- Console architecture doc for layout and SSE fan-out.
- Operator guide: `../../15_UI_GUIDE.md`. Accessibility: `../../accessibility.md`. Security: `../../security/`.

## Related resources
- ./operations/auth-smoke.md
- ./operations/observability.md
- ./console-architecture.md

## Backlog references
- DOCS-CONSOLE-23-001 … DOCS-CONSOLE-23-003 baseline (done).
- CONSOLE-OBS-52-001 tasks for observability updates.

## Implementation Status

### Current Objectives
- Maintain deterministic behaviour and offline parity across releases
- Keep documentation, telemetry, and runbooks aligned with latest sprint outcomes
- Coordinate with backend services for feature delivery across epics

### Epic Milestones & Workstreams
- Epic 2 – Policy Engine & Editor: policy editor simulation and explain UX (in progress)
- Epic 4 – Policy Studio: registry, approvals, promotion experiences (planned)
- Epic 5 – SBOM Graph Explorer: graph navigation, overlays, diff views (planned)
- Epic 6 – Vulnerability Explorer: triage dashboards, findings ledger, audit exports (in progress)
- Epic 8 – Advisory AI: advisory summaries, remediation hints with strict provenance (planned)
- Epic 9 – Orchestrator Dashboard: job/source monitoring controls (planned)
- Epic 11 – Notifications Studio: notifications workspace with previews, audit trails (planned)

### Core Capabilities
- Angular 17 workspace with signals-based state management (@ngrx/signals)
- Real-time status via SSE for ingestion, scanning, policy, exports
- Authority integration: fresh-auth with DPoP-protected calls, scope enforcement
- Accessibility compliance and offline bundle support
- API client generator for type-safe backend integration

### Integration Points
- Backend APIs: Scanner, Policy, Notify, Export Center, Attestor
- Authority: DPoP tokens and scope validation
- Telemetry streams: observability dashboards and SSE fan-out
- Offline bundles: deterministic build outputs

### Operational Assets (Sprint 0331 · 2025-11-30)
- Auth smoke tests: operations/auth-smoke.md
- Observability runbook: operations/observability.md
- Dashboard stub: operations/dashboards/console-ui-observability.json
- Console architecture: console-architecture.md (layout, SSE fan-out)

### Access Control (2025-11-03)
- Authority scopes verified before enabling uploads
- Access-control guidance retained in docs/updates/2025-11-03-vuln-explorer-access-controls.md

### Coordination Approach
- Review AGENTS.md before starting new work
- Sync with cross-cutting teams via docs/implplan/SPRINT_*.md
- Track tasks: DOCS-CONSOLE-23-001…003 (baseline done), CONSOLE-OBS-52-001 (observability)
- Mirror status across sprint tracker and docs/modules/ui/TASKS.md

## Epic alignment
- **Epic 2 – Policy Engine & Editor:** deliver deterministic policy authoring, simulation, and explain UX.
- **Epic 4 – Policy Studio:** implement registry workspace, approvals, and promotion workflows.
- **Epic 5 – SBOM Graph Explorer:** surface graph navigation, overlays, and diff tools.
- **Epic 6 – Vulnerability Explorer:** provide triage dashboards, findings ledger views, and audit exports.
- **Epic 8 – Advisory AI:** embed advisory summaries, explanations, and remediation hints with citations.
- **Epic 9 – Orchestrator Dashboard:** expose source/job monitoring with throttling and replay controls.
- **Epic 11 – Notifications Studio:** deliver notifications workspace with rule/channel previews and audits.