# Policy Decisioning Studio ## Status Shipped on 2026-03-07. ## Product Shape - Canonical mount: `/ops/policy` - User-facing title: `Policy Decisioning Studio` - Active primary tabs: `Overview`, `Packs`, `Governance`, `Simulation`, `VEX & Exceptions`, `Release Gates`, `Audit` - Supported modes: `global`, `pack`, `release-context`, plus non-owning `approval`, `workflow`, and `evidence` context chips This is now the canonical mutable owner for policy packs, governance controls, policy simulation, VEX resolution, exception handling, release-gate review, and policy/VEX audit. ## Shipped Route Contract ### Canonical routes - `/ops/policy/overview` - `/ops/policy/packs` - `/ops/policy/packs/:packId` - `/ops/policy/packs/:packId/edit` - `/ops/policy/packs/:packId/rules` - `/ops/policy/packs/:packId/yaml` - `/ops/policy/packs/:packId/approvals` - `/ops/policy/packs/:packId/simulate` - `/ops/policy/packs/:packId/explain/:runId` - `/ops/policy/governance/...` - `/ops/policy/simulation/...` - `/ops/policy/vex` - `/ops/policy/vex/search` - `/ops/policy/vex/search/detail/:id` - `/ops/policy/vex/create` - `/ops/policy/vex/stats` - `/ops/policy/vex/consensus` - `/ops/policy/vex/explorer` - `/ops/policy/vex/conflicts` - `/ops/policy/vex/exceptions` - `/ops/policy/vex/exceptions/approvals` - `/ops/policy/vex/exceptions/:exceptionId` - `/ops/policy/gates` - `/ops/policy/gates/catalog` - `/ops/policy/gates/simulate/:promotionId` - `/ops/policy/gates/environments/:environment` - `/ops/policy/gates/releases/:releaseId` - `/ops/policy/gates/approvals/:approvalId` - `/ops/policy/audit/policy` - `/ops/policy/audit/vex` - `/ops/policy/audit/log` - `/ops/policy/audit/log/events` ### Legacy aliases kept live - `/policy-studio/*` - `/policy/*` - `/admin/policy/governance*` - `/admin/policy/simulation*` - `/admin/vex-hub*` - `/security/vex*` - `/security/exceptions*` - `/administration/policy*` - `/administration/policy-governance*` ## Shipped Merge Boundary ### Packs - `PolicyWorkspaceComponent` - `PolicyDashboardComponent` - `PolicyEditorComponent` - `PolicyRuleBuilderComponent` - `PolicyYamlEditorComponent` - `PolicyApprovalsComponent` - `PolicyExplainComponent` ### Governance - Existing `policy-governance.routes.ts` subtree mounted under `/ops/policy/governance` - Settings, impact-preview, profile, trust-weight, and schema surfaces now point to the canonical shell ### Simulation - Existing `policy-simulation.routes.ts` subtree mounted under `/ops/policy/simulation` - Internal simulation navigation updated to stay inside the canonical route family ### VEX and exceptions - Existing `vex-hub` components mounted under `/ops/policy/vex` - Security VEX and exception aliases now redirect into the canonical VEX subtree - Mutable VEX actions are no longer owned by a separate Security shell ### Gates and audit - Canonical release-gate page at `/ops/policy/gates*` - Canonical policy/VEX audit owner under `/ops/policy/audit*` ## Release Orchestrator Integration ### Shipped entry points - approvals detail - promotion request - release detail - workflow editor - evidence detail ### Shipped context fields - `releaseId` - `approvalId` - `environment` - `artifact` / `bundleDigest` - `workflowId` - `evidenceId` - `returnTo` Release Orchestrator still owns promotion state and workflow execution. Decisioning Studio owns policy and VEX authoring, mutation, and explanation. ## Secondary Entry Points Updated - `Security Overview` - `Security Exceptions` - `Vulnerability Detail` - `Home Dashboard` - `Policy Governance Settings` - `Evidence Audit` - `Timeline Evidence Links` - `Policy baseline chip` - global search VEX normalization ## Retired Or Superseded Writable Owners - standalone `Policy Studio` product label - standalone `VEX Hub` mutable owner - mutable `policy/*` writable paths - mutable `security/vex*` owner paths These names survive only as temporary redirect aliases where needed for bookmark continuity. ## Verification Evidence - feature verification note: `docs/features/checked/web/policy-decisioning-studio-ui.md` - targeted Angular tests: `94` passing assertions across route, shell, redirect, workflow, evidence, and search coverage - Playwright: `4/4` passing scenarios for global mode, pack mode, release-context mode, and security VEX alias redirect - production build: pass, with existing unrelated bundle-budget warnings