# StellaOps Console UI **Status:** Implemented **Source:** `src/Web/StellaOps.Web/` **Owner:** UI Guild > **Related:** See [`../web/`](../web/) for triage-specific UX documentation (Smart-Diff, Triage Canvas, Risk Dashboard). The Console presents operator dashboards for scans, policies, VEX evidence, runtime posture, and admin workflows. ## Latest updates (2026-03-12) - Console container builds now copy the repo `docs/` tree into the Angular build stage so `docs-content` is bundled into shipped images and direct `/docs/*` routes resolve on the live frontdoor instead of only in local dist copies. - Live search route verification now treats knowledge-card handoffs as failed unless the destination documentation page renders real content, preventing blank docs routes from slipping through route-only checks. ## Latest updates (2026-03-10) - Hardened revived `Ops > Policy > Simulation` direct-entry surfaces so coverage, lint, promotion-gate, and diff routes restore stable defaults when host wiring omits pack/version/environment inputs. - Coverage now hydrates on first render instead of waiting for a second interaction, preventing blank direct-route states on `/ops/policy/simulation/coverage`. - Added focused frontend verification for the policy simulation defaults helper and direct-route behaviors, plus a live Playwright sweep for `/ops/policy/simulation/coverage`, `/lint`, `/promotion`, and `/diff/policy-pack-001`. ## Latest updates (2026-03-08) - Shipped the canonical `Releases > Promotions` cutover, including repaired `/release-control/promotions*` and `/releases/promotion-queue*` aliases, release-context promotion wizard handoff, and a usable create-to-detail flow. - Added checked-feature verification for release promotions at `../../features/checked/web/release-promotions-cutover-ui.md`. - Preserved canonical `Ops > Platform Setup` leaf URLs so `regions-environments`, `promotion-paths`, `workflows-gates`, and `gate-profiles` no longer rewrite into `Setup > Topology` on direct entry or quick-link navigation. - Added checked-feature verification for canonical platform-setup route preservation at `../../features/checked/web/platform-setup-canonical-route-preservation-ui.md`. - Shipped the `Mission Control`, `Security`, and `Ops > Operations` security-leaves cutover, including canonical surfacing for alerts, activity, unknowns, and notifications plus repaired `/analyze/unknowns*` and `/notify` ownership. - Added checked-feature verification for the security operations leaves cutover at `../../features/checked/web/security-operations-leaves-ui.md`. - Shipped the canonical `Setup > Topology` and `Setup > Trust & Signing` cutover, including repaired legacy trust bookmarks, fixed `Platform Setup` handoffs, and expanded topology shell exposure. - Added checked-feature verification for topology and trust administration at `../../features/checked/web/topology-trust-administration-ui.md`. - Shipped the execution-operations cutover for canonical JobEngine, Scheduler, Dead-Letter, and companion Scanner Ops workflows under `Ops > Operations`. - Added checked-feature verification for execution operations at `../../features/checked/web/execution-operations-ui.md`. ## Latest updates (2026-03-07) - Generated the first-pass UI component preservation map at `component-preservation-map/README.md`. - The preservation map currently tracks 303 candidate components: 167 high-confidence dead surfaces and 136 routed-but-weakly-surfaced surfaces. - Each candidate now has a stable markdown dossier so later iterations can deepen keep / merge / wire / archive decisions without rebuilding the inventory. - Added the Decisioning Studio proposal at `policy-decisioning-studio/README.md` to consolidate policy authoring, governance, simulation, VEX decisioning, and release-context gate explanation under one shell. - Added restoration topic shape notes at `restoration-topics/README.md` for Watchlist, Reachability Witnessing, Platform Ops, Triage explainability, and Workflow Visualization placement. - Added implementation-ready UX dossiers for Watchlist, Reachability Witnessing, Platform Ops Consolidation, Triage Explainability Workspace, Workflow Visualization and Replay, and shared contextual action patterns. - Added FE sprint files for the five accepted restoration topics plus a shared sprint for single actions, drawers, tabs, and stray-page placement patterns. - Shipped the canonical `Setup > Trust & Signing` watchlist shell, including entries, alerts, tuning, and Mission Control or Notifications deep links. - Added checked-feature verification for watchlist management at `../../features/checked/web/identity-watchlist-management-ui.md`. - Shipped the canonical `Security > Reachability` witness and proof-of-exposure shell, including cross-shell handoffs from findings, triage, evidence replay, and release detail. - Added checked-feature verification for reachability witnessing at `../../features/checked/web/reachability-witnessing-ui.md`. - Shipped the consolidated `Ops > Operations` shell with grouped overview cards, canonical `/ops/operations/*` routes, and legacy `platform-ops` alias cutover. - Added checked-feature verification for operations consolidation at `../../features/checked/web/operations-consolidation-ui.md`. - Shipped the canonical offline and air-gap operations flow under `Ops > Operations`, including repaired stale `/ops/*` and `/platform-ops/*` deep links, usable Offline Kit actions, and Evidence or Trust handoffs. - Added checked-feature verification for offline operations at `../../features/checked/web/offline-operations-ui.md`. - Shipped the canonical `Quotas & Limits`, `Health & SLO`, and `AOC Compliance` cutover under `Ops > Operations`, including repaired legacy aliases, usable quota exports and payload generation, and route-backed AOC filtering or provenance validation. - Added checked-feature verification for quota, health, and AOC operations at `../../features/checked/web/quota-health-aoc-operations-ui.md`. - Shipped the shared contextual placement primitives for tabs, submenu pills, route-aware drawers, list-detail shells, grouped overview cards, and return-to-context headers under `src/Web/StellaOps.Web/src/app/shared/ui/`. - Added checked-feature verification for the contextual primitives and their first adopted surfaces at `../../features/checked/web/contextual-actions-patterns-ui.md`. ## Latest updates (2026-02-21) - Runtime mock cutover completed for policy simulation history/conflict/batch flows and graph explorer data loading in `src/Web/StellaOps.Web/src/app/**`. - Runtime bindings now resolve to backend APIs for: - Policy simulation history/compare/reproducibility/pin (`/policy/simulations/**`) - Policy conflict detection/resolution (`/policy/conflicts/**`) - Policy batch evaluations (`/policy/batch-evaluations/**`) - Graph explorer tile/metadata reads (`/api/graph/**`) - Inline component mock datasets were removed from these runtime paths; test/dev mock clients remain available only via explicit test wiring. ## Latest updates (2025-11-30) - Docs refreshed per `docs/implplan/SPRINT_0331_0001_0001_docs_modules_ui.md`; added observability runbook stub and TASKS mirror. - Access-control guidance from 2025-11-03 remains valid; ensure Authority scopes are verified before enabling uploads. ## Responsibilities - Render real-time status for ingestion, scanning, policy, and exports via SSE. - Provide policy editor, SBOM explorer, and advisory views with accessibility compliance. - Integrate with Authority for fresh-auth and scope enforcement. - Support offline bundles with deterministic build outputs. ## Key components - Angular 21 workspace under `src/Web/StellaOps.Web`. - Signals-based state management with `@ngrx/signals` store. - API client generator (`core/api`). ## Integrations & dependencies - Backend APIs (Scanner, Policy, Notify, Export Center, Attestor). - Authority for DPoP-protected calls. - Telemetry streams for observability dashboards. ## Operational notes - Auth smoke tests in `operations/auth-smoke.md`. - Observability runbook + dashboard stub in `operations/observability.md` and `operations/dashboards/console-ui-observability.json` (offline import). - Console architecture doc for layout and SSE fan-out. - Operator guide: `../../UI_GUIDE.md`. Accessibility: `../../accessibility.md`. Security: `../../security/`. ## Related resources - ./operations/auth-smoke.md - ./operations/observability.md - ./console-architecture.md - ./component-preservation-map/README.md - ./restoration-topics/README.md - ./watchlist-operations/README.md - ./reachability-witnessing/README.md - ./platform-ops-consolidation/README.md - ./offline-operations/README.md - ./quota-health-aoc-operations/README.md - ./execution-operations/README.md - ./topology-trust-administration/README.md - ./security-operations-leaves/README.md - ./platform-setup-canonical-route-preservation/README.md - ./release-promotions-cutover/README.md - ./triage-explainability-workspace/README.md - ./workflow-visualization-replay/README.md - ./contextual-actions-patterns/README.md ## Backlog references - DOCS-CONSOLE-23-001 … DOCS-CONSOLE-23-003 baseline (done). - CONSOLE-OBS-52-001 tasks for observability updates. ## Implementation Status ### Current Objectives - Maintain deterministic behaviour and offline parity across releases - Keep documentation, telemetry, and runbooks aligned with latest sprint outcomes - Coordinate with backend services for feature delivery across epics ### Epic Milestones & Workstreams - Epic 2 – Policy Engine & Editor: policy editor simulation and explain UX (in progress) - Epic 4 – Policy Studio: registry, approvals, promotion experiences (planned) - Epic 5 – SBOM Graph Explorer: graph navigation, overlays, diff views (planned) - Epic 6 – Vulnerability Explorer: triage dashboards, findings ledger, audit exports (in progress) - Epic 8 – Advisory AI: advisory summaries, remediation hints with strict provenance (planned) - Epic 9 – Orchestrator Dashboard: job/source monitoring controls (planned) - Epic 11 – Notifications Studio: notifications workspace with previews, audit trails (planned) ### Core Capabilities - Angular 21 workspace with signals-based state management (@ngrx/signals) - Real-time status via SSE for ingestion, scanning, policy, exports - Authority integration: fresh-auth with DPoP-protected calls, scope enforcement - Accessibility compliance and offline bundle support - API client generator for type-safe backend integration ### Integration Points - Backend APIs: Scanner, Policy, Notify, Export Center, Attestor - Authority: DPoP tokens and scope validation - Telemetry streams: observability dashboards and SSE fan-out - Offline bundles: deterministic build outputs ### Operational Assets (Sprint 0331 · 2025-11-30) - Auth smoke tests: operations/auth-smoke.md - Observability runbook: operations/observability.md - Dashboard stub: operations/dashboards/console-ui-observability.json - Console architecture: console-architecture.md (layout, SSE fan-out) ### Access Control (2025-11-03) - Authority scopes verified before enabling uploads - Access-control guidance retained in docs/updates/2025-11-03-vuln-explorer-access-controls.md ### Coordination Approach - Review AGENTS.md before starting new work - Sync with cross-cutting teams via docs/implplan/SPRINT_*.md - Track tasks: DOCS-CONSOLE-23-001…003 (baseline done), CONSOLE-OBS-52-001 (observability) - Mirror status across sprint tracker and docs/modules/ui/TASKS.md ## Epic alignment - **Epic 2 – Policy Engine & Editor:** deliver deterministic policy authoring, simulation, and explain UX. - **Epic 4 – Policy Studio:** implement registry workspace, approvals, and promotion workflows. - **Epic 5 – SBOM Graph Explorer:** surface graph navigation, overlays, and diff tools. - **Epic 6 – Vulnerability Explorer:** provide triage dashboards, findings ledger views, and audit exports. - **Epic 8 – Advisory AI:** embed advisory summaries, explanations, and remediation hints with citations. - **Epic 9 – Orchestrator Dashboard:** expose source/job monitoring with throttling and replay controls. - **Epic 11 – Notifications Studio:** deliver notifications workspace with rule/channel previews and audits.