# Vuln Explorer — Using the Console (Md.XI draft)

> Status: DRAFT (awaiting GRAP0101 domain model + console asset drop). Do not publish until hashes captured.

## Scope
- Walk through primary console workflows: search/filter, saved views, keyboard shortcuts, drill-down, evidence export.
- Highlight identity/ABAC enforcement and tenant scoping in UI.
- Keep all examples deterministic; attach payload/screenshot hashes to `docs/assets/vuln-explorer/SHA256SUMS`.

## Prerequisites
- Domain model from GRAP0101 (entities, identifiers) — needed for labels and field names.
- UI/CLI asset drop (screenshots, payload samples) — requested, due 2025-12-09.
- Ledger/observability context from `docs/modules/vuln-explorer/architecture.md` and Findings Ledger docs.

## Workflows (to be filled with assets)
1) Discover & filter findings (search, severity, reachability/VEX toggles).
2) Keyboard shortcuts for navigation (list, detail, actions) — pending asset table.
3) Saved views & deep links (shareable, ABAC-aware permalinks) — include hash-verified examples.
4) Drill-down: finding detail → history → actions → attachments (token validation flow).
5) Export: reports and offline bundles; note hash verification step.

## Determinism & Offline Notes
- All screenshots/payloads must be hashed; record in `docs/assets/vuln-explorer/SHA256SUMS`.
- Use fixed fixture IDs and ordered outputs; avoid live endpoints.

### Hash Capture Checklist (fill once assets arrive)
- `assets/vuln-explorer/console-list.png` (list view with filters applied)
- `assets/vuln-explorer/console-detail.png` (finding detail + history/actions panes)
- `assets/vuln-explorer/console-shortcuts.md` (shortcut matrix payload)
- `assets/vuln-explorer/console-saved-view.json` (saved view export)

## Open Items before publish
- Replace placeholders with GRAP0101-backed field names and identity labels.
- Insert screenshot tables and payload snippets once assets arrive.
- Add keyboard shortcut matrix and deep-link examples with hashes.

_Last updated: 2025-12-05 (UTC)_