# Pack 1 — Release Control (root menus)
## Legend (used everywhere)
* **CritR** = *Critical Reachable* findings count (hybrid reachability)
* **SBOM** = SBOM presence + freshness (OK / Stale / Missing)
* **Cov** = reachability coverage sources: **B/I/R** = Build / Image (Dover/Docker) / Runtime
Example: `Cov 2/3` means two sources available; hover shows which.
* **Hybrid Reachability** = union/merge of Build + Image + Runtime reachability signals.
---
## 0) Left-nav structure (Release Control as root)
```mermaid
flowchart TB
subgraph LeftNav["Left Nav"]
subgraph RC["Release Control (ROOT)"]
DASH["Dashboard
(formerly: Control Plane)"]
REL["Releases
(formerly: Releases)"]
BUN["Bundles
(NEW: Release Bundle Organizer)"]
APR["Approvals
(formerly: Approvals)"]
DEP["Deployments
(formerly: Active Deployments widget)"]
REG["Regions & Environments
(formerly: env pipeline widget)"]
end
subgraph SR["Security & Risk (group)"]
SR1["Risk Overview (formerly: Security Overview)"]
SR2["Findings (formerly: Security Findings)"]
SR3["Reachability Coverage (NEW)"]
SR4["SBOM Explorer (formerly: SBOM Graph)"]
SR5["VEX Hub (formerly: VEX Hub)"]
SR6["Exceptions (formerly: Exceptions)"]
end
subgraph EA["Evidence & Audit (group)"]
EA1["Decision Capsules (formerly: Evidence Bundles / Packets)"]
EA2["Proof Chains (formerly: Proof Chains)"]
EA3["Replay / Verify (formerly: Replay/Verify)"]
EA4["Export Center (formerly: Export)"]
EA5["Coverage Metrics (formerly: SBOM Lake)"]
end
subgraph IN["Integrations (group)"]
IN1["Integrations Hub (formerly: Integrations)"]
IN2["Feeds & Mirrors (formerly: Operations → Feeds)"]
end
subgraph PO["Platform Ops (group)"]
PO1["Nightly Ops Report (NEW)"]
PO2["Platform Health (formerly: Platform Health)"]
PO3["Jobs / Orchestrator (formerly: Orchestrator)"]
PO4["Scheduler Runs (formerly: Scheduler)"]
PO5["Dead Letter (formerly: Dead Letter)"]
PO6["Quotas & Usage (formerly: Quotas)"]
end
subgraph AD["Administration (group)"]
AD1["Policy Governance"]
AD2["Trust & Signing"]
AD3["Identity & Access"]
AD4["System"]
end
end
```
---
## 1) Release Control — menu/screen graph (Pack 1 scope)
```mermaid
flowchart LR
DASH --> REL
DASH --> BUN
DASH --> APR
DASH --> DEP
DASH --> REG
REL --> RDETAIL["Release Detail"]
BUN --> BDETAIL["Bundle Detail / Compose"]
APR --> ADETAIL["Approval Detail"]
REG --> EDETAIL["Environment Detail"]
DEP --> DDETAIL["Deployment Detail"]
%% common crosslinks (second-class but not buried)
DASH -. "CritR hotspots" .-> FIND["Security & Risk → Findings"]
RDETAIL -. "Risk tab" .-> FIND
BDETAIL -. "Component findings" .-> FIND
ADETAIL -. "Evidence preview" .-> CAPS["Evidence & Audit → Decision Capsule"]
DDETAIL -. "Proof" .-> CAPS
%% nightly ops signal (dashboard card)
DASH -. "Nightly failures" .-> NIGHT["Platform Ops → Nightly Ops Report"]
```
---
# Screen 1 — Dashboard (Release Control)
**Formerly:** `Control Plane` (plus some signals scattered in `Security Overview`, `Integrations`, `Platform Health`).
**Why changed:** Stella Ops needs a **release-centric “mission board”**: what is promoting, what is blocked, and what is risky *by region/env* — including **SBOM status + hybrid reachability (CritR)** and **nightly data freshness**. This prevents “green deploy / red risk” blind spots.
### Mermaid — Dashboard navigation graph
```mermaid
flowchart TB
DASH["Dashboard"] -->|click release row| RDETAIL["Release Detail"]
DASH -->|pending approvals| APR["Approvals"]
DASH -->|active deployments| DEP["Deployments"]
DASH -->|region pipeline| REG["Regions & Environments"]
DASH -->|CritR hotspot| FIND["Security & Risk → Findings (filtered)"]
DASH -->|Nightly failures| NIGHT["Platform Ops → Nightly Ops Report"]
```
### ASCII wireframe — Dashboard
```text
+----------------------------------------------------------------------------------+
| Stella Ops [Search releases/digests/CVEs] Region: All▼ Env: All▼ Time: 24h▼ |
| Status: Offline OK | Feed: Live | Policy Pack: latest | Evidence: ON |
+----------------------------------------------------------------------------------+
| RELEASE CONTROL DASHBOARD (formerly: Control Plane) |
|----------------------------------------------------------------------------------|
| Region Pipelines (Deploy + SBOM + Risk) |
| US-East: Dev[Deploy OK|SBOM OK|CritR 0|Cov 3/3] -> Stg[OK|OK|0|3/3] -> |
| Prod[DEGRADED|SBOM STALE|CritR 4|Cov 2/3] |
| EU-West: Dev[OK|OK|0|3/3] -> Stg[OK|MISSING|CritR ?|Cov 1/3] -> Prod[OK|OK|1|3/3]|
| APAC: ... |
|----------------------------------------------------------------------------------|
| Pending Approvals (2) | Active Deployments (1) |
| - API Gateway v2.1.0 US-E/Prod | - Hotfix 1.2.4 US-East/Prod RUNNING |
| Gate: PASS Approvals: 1/2 | Targets: 1/1 Evidence: sealing... |
| - User Service v3.0.0-rc1 EU/Prod| |
| Gate: BLOCK (CritR 2) | |
|----------------------------------------------------------------------------------|
| Critical Reachable Hotspots (CritR) | Nightly Ops Signals |
| - US-East/Prod: CritR 4 (openssl, log4j...) | SBOM Rescan: WARN (1 failed) |
| - EU-West/Prod: CritR 1 (glibc...) | CVE Feeds: ERROR (NVD stale 18h)|
| - APAC/Stg: CritR 2 (xz...) | Integrations: DEGRADED (Jenkins)|
| [View Findings] | Reachability ingest: WARN (Runtime)|
|----------------------------------------------------------------------------------|
| Recent Releases / Promotions |
| Release Type Status Regions CritR max Evidence |
| Hotfix 1.2.4 Single PROMOTING US-East 4 Sealing... |
| Platform 1.3.0-rc1 Bundle READY All 0 Ready |
|----------------------------------------------------------------------------------|
```
---
# Screen 2 — Releases (ledger)
**Formerly:** `Releases`.
**Why changed:** keep the ledger, but make it **digest-first + bundle-aware**, and show **risk + SBOM freshness + reachability coverage** at the list level so operators don’t need to click into each release to see “is it actually safe to promote”.
### Mermaid — Releases navigation graph
```mermaid
flowchart TB
REL["Releases"] -->|select row| RDETAIL["Release Detail"]
REL -->|Create Hotfix| NEWREL["New Release (Single Digest)"]
REL -->|Create from Bundle| BUN["Bundles"]
REL -->|Compare| COMP["Compare Releases (diff)"]
REL -. "Export evidence" .-> EA4["Export Center"]
```
### ASCII wireframe — Releases
```text
+----------------------------------------------------------------------------------+
| Releases (formerly: Releases) [Create Hotfix] [Create from Bundle] |
| Filters: Region▼ Env Path▼ Type▼ Status▼ Search... |
+----------------------------------------------------------------------------------+
| Release / Version Type Status Regions Env Path CritR SBOM |
|----------------------------------------------------------------------------------|
| Hotfix 1.2.4 Single PROMOTING US-East Stg→Prod 4 STALE |
| Platform Release 1.3.0-rc1 Bundle READY All Stg→Prod 0 OK |
| Platform Release 1.2.3 Bundle DEPLOYED All Prod 0 OK |
| Feature Branch 2.0.0-a Bundle DRAFT EU-West Dev - - |
| Platform Release 1.2.2 Bundle ROLLED_BACK US-East Prod - OK |
|----------------------------------------------------------------------------------|
| Row actions: [View] [Compare] [Evidence] [Rollback] [Promote] |
+----------------------------------------------------------------------------------+
```
---
# Screen 3 — Release Detail (case file)
**Formerly:** scattered between `Releases` (list), `Approvals` (decision context), `Security Findings` (risk details), and `Export/Replay`.
**Why changed:** Stella Ops’ center of gravity is a **release decision bound to a digest** (or bundle digest). This screen becomes the “case file”: promotion edge, risk, reachability sources, policy inputs, approvals, deployment, and evidence — in one place.
### Mermaid — Release Detail navigation graph
```mermaid
flowchart TB
RDETAIL["Release Detail"] --> APR["Approvals (filtered to this release)"]
RDETAIL --> DEP["Deployments (filtered)"]
RDETAIL --> FIND["Findings (filtered)"]
RDETAIL --> CAPS["Decision Capsule (for this edge)"]
RDETAIL --> BDETAIL["Bundle Detail (if Type=Bundle)"]
RDETAIL --> REG["Regions & Environments (focus edge)"]
```
### ASCII wireframe — Release Detail
```text
+----------------------------------------------------------------------------------+
| Release: Hotfix 1.2.4 Type: Single Digest Digest: sha256:abcd... |
| Path: US-East Staging → Production Status: PROMOTING |
| Summary: CritR 4 | SBOM STALE | Cov 2/3 (Build+Image; Runtime missing) |
|----------------------------------------------------------------------------------|
| Promotion Timeline (edges) | Gate Summary |
| Staging → Prod [BLOCKED?] | Policy: PASS |
| - Findings: CritR 4 | Data freshness: WARN (SBOM stale) |
| - Approvals: 1/2 | Reachability: WARN (Runtime missing) |
| - Evidence: Sealing... | Human: PENDING (1 remaining) |
|----------------------------------------------------------------------------------|
| Tabs: [Overview] [Components] [Risk] [Reachability] [Approvals] [Deployments] [Evidence] |
|----------------------------------------------------------------------------------|
| Overview: |
| - Requested by: security-team - Change summary: "Critical security patch" |
| - Inputs frozen: Policy Pack vX.Y - SBOM scan time: 18h ago (stale threshold 6h)|
|----------------------------------------------------------------------------------|
| Risk (summary): |
| CritR: 4 HighR: 7 MedR: 12 (hybrid reachability) |
| Top drivers: openssl CVE-xxxx, libxml2 CVE-yyyy |
| [Open Findings (filtered)] |
|----------------------------------------------------------------------------------|
| Evidence: |
| Decision Capsule: DSSE ✓ Rekor ✓ Replayable ✓ [View Capsule] [Export] |
+----------------------------------------------------------------------------------+
```
---
# Screen 4 — Bundles (Release Bundle Organizer) **NEW**
**Formerly:** not present; *closest concept* was `Export Center → StellaBundle` but that is an **audit/export artifact**, not an operator workflow for composing deployable multi-service releases.
**Why added / why here:** You need a **bundle organizer** to turn “microservice digest + env-derived variables + other microservices + changelog” into a **bundle version** with a **bundle digest**. This stays digest-first (everything pinned by digest), but becomes human-operable for multi-service systems.
### Bundle concept (explicit)
A **Bundle** =
* Components: `service/repo → digest → derived component version`
* Config Snapshot per region/env: references to Vault/Consul inputs + hashes (no secret values)
* Changelog per repo: commit/PR range between previous bundle and this bundle
* Bundle digest: hash of the bundle manifest (components + config snapshot refs + metadata)
* Used to create **Releases** (promotions) across environments.
### Mermaid — Bundles navigation graph
```mermaid
flowchart TB
BUN["Bundles"] -->|select bundle| BDETAIL["Bundle Detail / Compose"]
BUN -->|Create bundle| BCREATE["Create Bundle (from repos/services)"]
BDETAIL -->|Generate Release Candidate| REL["Releases (new release from bundle)"]
BDETAIL -->|Compare to previous bundle| BDIFF["Bundle Diff (components+config+changelog)"]
BDETAIL -->|Fetch config snapshot| CFG["Config Snapshot (Vault/Consul refs)"]
BDETAIL -. "Risk preview" .-> FIND["Findings (bundle-filtered)"]
```
### ASCII wireframe — Bundles (Organizer)
```text
+----------------------------------------------------------------------------------+
| Bundles (NEW) (formerly: N/A; concept overlaps Export Center but different) |
| [Create Bundle] Filters: Repo▼ Region▼ Env▼ Status▼ Search... |
+----------------------------------------------------------------------------------+
| Bundle / Version Status Components Regions Env Baseline CritR SBOM |
|----------------------------------------------------------------------------------|
| Platform Bundle 1.3.0 READY 12 All Stg baseline 0 OK |
| Checkout Bundle 2026.02 DRAFT 7 EU-West Dev baseline - - |
| Hotfix Set 1.2.4 READY 1 US-East Prod baseline 4 STALE|
|----------------------------------------------------------------------------------|
| Row actions: [Compose] [Compare] [Create Release] [Export Manifest] |
+----------------------------------------------------------------------------------+
```
---
# Screen 5 — Bundle Detail / Compose (Bundle “case file”)
**Formerly:** not present; composition typically happens in external tooling (CI/CD templates, Helm charts, spreadsheets).
**Why changed:** This is the missing “organizer” you called out. It makes bundles **auditable, repeatable, and env-config-aware**, while preserving digest-first identity.
### Mermaid — Bundle Detail / Compose graph
```mermaid
flowchart TB
BDETAIL["Bundle Detail / Compose"] -->|Edit components| COMP["Component Picker (repo/service)"]
BDETAIL -->|Pin digest & derive version| MAP["Digest→Version Mapping"]
BDETAIL -->|Fetch env config refs| CFG["Config Snapshot (Vault/Consul)"]
BDETAIL -->|View changelog| CHG["Changelog (per repo)"]
BDETAIL -->|Validate| VAL["Bundle Validation (SBOM, attestation, policy inputs)"]
BDETAIL -->|Lock| LOCK["Lock Bundle (freeze manifest)"]
BDETAIL -->|Create Release| REL["Create Release from Bundle"]
BDETAIL -. "Preview risk" .-> FIND["Findings (bundle-filtered)"]
```
### ASCII wireframe — Bundle Detail / Compose
```text
+----------------------------------------------------------------------------------+
| Bundle: Platform Bundle 1.3.0 Status: DRAFT Bundle Digest: sha256:bund... |
| Baseline: Staging Regions: All Last updated: 5m ago |
| Actions: [Validate] [Lock Bundle] [Create Release] [Export Manifest] |
+----------------------------------------------------------------------------------+
| Tabs: [Components] [Config Snapshots] [Changelog] [Risk Preview] [Evidence Inputs]|
|----------------------------------------------------------------------------------|
| Components (12) |
| Service/Repo Digest Derived Ver SBOM CritR Prov |
| api-service sha256:aaa... 2.1.0 OK 0 SLSA ✓ |
| web-frontend sha256:bbb... 2.0.0 OK 0 SLSA ✓ |
| worker sha256:ccc... 3.1.0 STALE 1 SLSA ✓ |
| ... |
| [Add Component] [Pin Digest] [Import from CI] |
|----------------------------------------------------------------------------------|
| Config Snapshots (refs only — no secret values) |
| Region/Env Vault paths (count) Consul prefixes (count) Snapshot Hash |
| US-East/Prod 12 6 sha256:cfg1... |
| EU-West/Prod 11 6 sha256:cfg2... |
| Notes: "Vault unreachable" would show as ERROR and block Lock/Release optionally |
| [Fetch Snapshots] [View Ref List] [Diff vs previous bundle] |
|----------------------------------------------------------------------------------|
| Changelog (per repo) |
| api-service: v2.0.8 → v2.1.0 (12 PRs) [View] |
| web-frontend: v1.9.1 → v2.0.0 (30 PRs) [View] |
|----------------------------------------------------------------------------------|
```
---
# Screen 6 — Approvals (queue)
**Formerly:** `Approvals`.
**Why changed:** Keep it, but make approvals explicitly tied to **promotion edges** and show the **risk + freshness + reachability** context right in the queue so reviewers don’t approve blind.
### Mermaid — Approvals navigation graph
```mermaid
flowchart TB
APR["Approvals"] -->|open request| ADETAIL["Approval Detail"]
APR -->|filter by region/env| APR
ADETAIL -->|Approve/Reject| APR
ADETAIL -. "Open release case file" .-> RDETAIL["Release Detail"]
ADETAIL -. "Open findings" .-> FIND["Findings (filtered)"]
ADETAIL -. "Open capsule preview" .-> CAPS["Decision Capsule"]
```
### ASCII wireframe — Approvals
```text
+----------------------------------------------------------------------------------+
| Approvals (formerly: Approvals) Filters: Region▼ Env▼ Status▼ Risk▼ Search... |
+----------------------------------------------------------------------------------+
| Request Edge Gate Approvals CritR SBOM |
|----------------------------------------------------------------------------------|
| API Gateway v2.1.0 US-East Stg→Prod PASS 1/2 0 OK |
| User Service v3.0.0-rc1 EU-West Stg→Prod BLOCK 0/2 2 OK |
| Notes: BLOCK reasons show inline: (Policy fail / CritR / data stale / missing Cov)|
|----------------------------------------------------------------------------------|
| Actions per row: [Approve] [Reject] [View Detail] |
+----------------------------------------------------------------------------------+
```
---
# Screen 7 — Approval Detail (gate breakdown + evidence preview)
**Formerly:** “View Details” from `Approvals` (implied) + bits from `Findings` and `Export/Replay`.
**Why changed:** The approver needs a single page that explains **why** an edge is blocked/passing, with **hybrid reachability** and **data freshness** spelled out, plus a preview of the evidence capsule that will be sealed.
### Mermaid — Approval Detail graph
```mermaid
flowchart TB
ADETAIL["Approval Detail"] -->|Approve| ACT1["Approve action"]
ADETAIL -->|Reject| ACT2["Reject action"]
ADETAIL --> RDETAIL["Release Detail"]
ADETAIL --> FIND["Findings (edge-filtered)"]
ADETAIL --> CAPS["Decision Capsule Preview"]
```
### ASCII wireframe — Approval Detail
```text
+----------------------------------------------------------------------------------+
| Approval Detail (formerly: Approvals → View Details) |
| Release: User Service v3.0.0-rc1 Edge: EU-West Staging → Production |
|----------------------------------------------------------------------------------|
| Gate Summary: BLOCK |
| - Policy: PASS |
| - Risk: CritR 2 (Hybrid reachability) |
| - SBOM: OK (fresh) |
| - Reachability Coverage: 3/3 (Build+Image+Runtime) |
| - Data Freshness: OK (Feeds synced 2h ago) |
|----------------------------------------------------------------------------------|
| Risk Drivers (CritR): |
| - CVE-XXXX in package foo@1.2.3 Reachable via path: foo->bar->... |
| - CVE-YYYY in package baz@4.5.6 Reachable via runtime trace |
| [Open Findings (filtered)] |
|----------------------------------------------------------------------------------|
| Evidence Preview: |
| Capsule will include: policy inputs, SBOM refs, reachability sources, decision log|
| DSSE: pending seal Rekor: pending Replay: enabled |
| [View Capsule Draft] [Approve] [Reject] |
+----------------------------------------------------------------------------------+
```
---
# Screen 8 — Regions & Environments (promotion graph + env tiles)
**Formerly:** pipeline widget on `Control Plane` (flat, not region-first).
**Why changed:** You explicitly need **Region → Environments** as a first-class topology, and each env must summarize not only “deploy health” but also **SBOM + CritR + Cov**.
### Mermaid — Regions & Environments graph
```mermaid
flowchart TB
REG["Regions & Environments"] -->|select env node| EDETAIL["Environment Detail"]
REG -->|select edge| EDGE["Edge Inspector (gates, approvals, evidence)"]
REG -. "View findings for env" .-> FIND["Findings (env-filtered)"]
REG -. "View deployments for env" .-> DEP["Deployments (env-filtered)"]
```
### ASCII wireframe — Regions & Environments
```text
+----------------------------------------------------------------------------------+
| Regions & Environments (formerly: Control Plane pipeline) Region: US-East▼ |
| [Edit Graph] (role-gated) |
+----------------------------------------------------------------------------------+
| Promotion Graph (US-East) |
| Dev [OK|SBOM OK|CritR 0|Cov 3/3] --> Staging [OK|OK|0|3/3] --> Prod [DEG|STALE|4|2/3] |
| |
| Right Inspector (selected: Prod node) |
| - Deploy health: DEGRADED (1 target failing) |
| - SBOM: STALE (last scan 18h) |
| - CritR: 4 (hybrid) |
| - Coverage: Build ✓ Image ✓ Runtime ✗ |
| - Feed freshness: NVD stale 18h (WARN/ERROR) |
| Actions: [View Findings] [View Deployments] [View Config Snapshot] |
+----------------------------------------------------------------------------------+
```
---
# Screen 9 — Environment Detail (region/env “single pane”)
**Formerly:** no dedicated page; fragments in `Control Plane`, `Platform Health`, `Findings`, and CI/CD/inventory.
**Why changed:** Operators need a **per region/env** summary showing *what’s deployed* and *what’s risky* with **SBOM status** and **reachability source coverage** — so it’s clear if risk posture is trustworthy.
### Mermaid — Environment Detail graph
```mermaid
flowchart TB
EDETAIL["Environment Detail"] --> FIND["Findings (env-filtered)"]
EDETAIL --> DEP["Deployments (env-filtered)"]
EDETAIL --> CFG["Config Snapshot refs (env)"]
EDETAIL -. "Nightly issues affecting this env" .-> NIGHT["Nightly Ops Report"]
```
### ASCII wireframe — Environment Detail
```text
+----------------------------------------------------------------------------------+
| Environment Detail US-East / Production (formerly: N/A) |
| Deploy: DEGRADED | SBOM: STALE | CritR: 4 | Cov: 2/3 | Feeds: NVD stale 18h |
+----------------------------------------------------------------------------------+
| Deployed Workloads (by digest) |
| Service Image Digest Version SBOM CritR Last Deploy |
| api-service sha256:aaa... 2.1.0 OK 0 08:12 |
| web-frontend sha256:bbb... 2.0.0 OK 0 08:12 |
| worker sha256:ccc... 3.1.0 STALE 1 08:12 |
|----------------------------------------------------------------------------------|
| Critical Reachable Findings (CritR 4) [Open Findings] |
| - CVE-XXXX foo@1.2.3 reachable via ... |
| - CVE-YYYY bar@4.5.6 reachable via runtime traces (missing today!) |
|----------------------------------------------------------------------------------|
| Config Snapshot (refs only) |
| Vault refs: 12 paths | Consul refs: 6 prefixes | Snapshot hash: sha256:cfg1... |
| [View refs] [Diff vs last snapshot] |
|----------------------------------------------------------------------------------|
| Related: [Deployments] [Approvals] [Evidence] |
+----------------------------------------------------------------------------------+
```
---
# Screen 10 — Deployments (promotion execution view)
**Formerly:** “Active Deployments” widget + implicit status in Releases list.
**Why changed:** Keep the operational view, but tie it to **release/bundle digests** and show **SBOM/risk context** so deployments aren’t treated as purely operational success/failure.
### Mermaid — Deployments graph
```mermaid
flowchart TB
DEP["Deployments"] -->|select run| DDETAIL["Deployment Detail"]
DEP -->|filter by release/env| DEP
DDETAIL --> RDETAIL["Release Detail"]
DDETAIL --> CAPS["Decision Capsule"]
```
### ASCII wireframe — Deployments
```text
+----------------------------------------------------------------------------------+
| Deployments (formerly: Active Deployments widget) |
| Filters: Region▼ Env▼ Status▼ Release▼ Search... |
+----------------------------------------------------------------------------------+
| Release Region/Env Status Targets SBOM CritR Evidence |
|----------------------------------------------------------------------------------|
| Hotfix 1.2.4 US-East/Prod RUNNING 1/1 STALE 4 Sealing... |
| Platform 1.2.3 EU-West/Prod COMPLETED 3/3 OK 0 Sealed ✓ |
|----------------------------------------------------------------------------------|
| Actions: [View Detail] |
+----------------------------------------------------------------------------------+
```
---
# Screen 11 — Deployment Detail (run + proof)
**Formerly:** not a dedicated PoC screen (implied behind deployment status).
**Why changed:** When something fails, you need traceability: what digest was applied, where, what verification occurred, and what evidence was produced.
### Mermaid — Deployment Detail graph
```mermaid
flowchart TB
DDETAIL["Deployment Detail"] --> CAPS["Decision Capsule (final)"]
DDETAIL --> EDETAIL["Environment Detail"]
DDETAIL --> RDETAIL["Release Detail"]
```
### ASCII wireframe — Deployment Detail
```text
+----------------------------------------------------------------------------------+
| Deployment Detail (formerly: N/A) |
| Release: Hotfix 1.2.4 Edge: US-East Staging→Prod Run: dep-0042 |
| Status: RUNNING Targets: 1/1 Started: 08:12 Actor: deploy-bot |
+----------------------------------------------------------------------------------+
| Steps / Timeline |
| 1) Resolve artifact digests ✓ |
| 2) Fetch config snapshot refs ✓ (vault ok, consul ok) |
| 3) Apply to target(s) ✓ |
| 4) Post-deploy verification WARN (runtime reachability missing) |
| 5) Seal evidence capsule IN PROGRESS |
|----------------------------------------------------------------------------------|
| Deployed Digests |
| - api-service sha256:aaa... - worker sha256:ccc... |
|----------------------------------------------------------------------------------|
| Evidence |
| Capsule: DSSE pending | Rekor pending | Replay enabled |
| [View Capsule] [Replay/Verify] [Export] |
+----------------------------------------------------------------------------------+
```
---
## Release Bundle Organizer — key design notes (so it matches your requirement)
What you asked for, explicitly, is now represented in **Bundles + Bundle Detail**:
* **“microservice with digest becomes version X”**
* Bundle composer maintains a **Digest→Version mapping** per component (derived from git tag/build metadata or manually pinned).
* **“variables derived from vaults and consul for this env”**
* Bundle stores **config snapshot references + hashes** per region/env; values are not shown, but the snapshot is reproducible and auditable.
* **“other microservices becomes bundle along with change log. per repository.”**
* Bundle includes per-repo changelog (diff vs prior bundle baseline).
* **“release digest first”**
* The bundle itself has a **bundle digest** (manifest hash). Promotions can be bound to that digest exactly like a single-image hotfix.
---