# Identity Watchlist Management UI

## Module
Web

## Status
VERIFIED

## Description
Mounted Trust & Signing shell for managing identity watchlist entries (issuer, SAN, keyId) with match modes (Exact, Prefix, Glob, Regex), severity levels, scope (Tenant/Global/System), alert viewing, pattern testing, duplicate suppression configuration, and deep-link handoff from Mission Control and Notifications.

## Implementation Details
- **Feature directory**: `src/Web/StellaOps.Web/src/app/features/watchlist/`
- **Components**:
  - `watchlist-page` (`src/Web/StellaOps.Web/src/app/features/watchlist/watchlist-page.component.ts`)
- **Canonical routes**:
  - `/setup/trust-signing/watchlist/entries`
  - `/setup/trust-signing/watchlist/alerts`
  - `/setup/trust-signing/watchlist/tuning`
- **Secondary entry points**:
  - `Mission Control > Alerts`
  - `Ops > Notifications`
- **Source**: shipped Trust & Signing watchlist shell

## E2E Test Plan
- **Setup**:
  - [ ] Log in with a user that has appropriate permissions
  - [ ] Navigate to `/setup/trust-signing/watchlist/entries`
  - [ ] Ensure identity watchlist seed data exists for entries and recent alerts
- **Core verification**:
  - [ ] Verify `Entries`, `Alerts`, and `Tuning` load inside one mounted shell
  - [ ] Verify entry CRUD, pattern testing, and scope switching work
  - [ ] Verify alert drill-in, jump-to-rule, and notifications handoff work
- **Edge cases**:
  - [ ] Verify graceful handling when backend API is unavailable (error state)
  - [ ] Verify `returnTo` preserves operator context from Mission Control and Notifications
  - [ ] Verify responsive layout at different viewport sizes
  - [ ] Verify accessibility (keyboard navigation, screen reader labels, ARIA attributes)

## Verification
- Run:
  - `npx ng test --watch=false --include src/tests/watchlist/identity-watchlist-management-ui.component.spec.ts --include src/tests/trust_admin/trust-scoring-dashboard-ui.behavior.spec.ts --include src/tests/notify/notify-watchlist-handoff.spec.ts`
  - `npx playwright test tests/e2e/watchlist-shell.spec.ts --workers=1`
- Tier 0 (source): pass (`tier0-source-check.json`)
- Tier 1 (build/tests): pass (`tier1-build-check.json`)
- Tier 2 (behavior): pass (`tier2-e2e-check.json`)
- Verified on (UTC): 2026-03-07T16:43:00Z