# UI v2 Rewire Source of Truth

Status: Active
Date: 2026-02-21
Working directory: `docs/modules/ui/v2-rewire`

## 1) Hard rules

1. For overlapping guidance, higher pack number wins.
2. If a higher pack is partial, keep the latest lower-pack detail for uncovered screens.
3. Inside one pack, interpret in this order:
   - `Now/New location` statements,
   - menu/screen graphs,
   - ASCII/rationale text.
4. Canonical planning references must come from this file plus `authority-matrix.md`, not raw packs alone.
5. `pack-23.md` is the active Platform IA override for all conflicts with `pack-22.md` and lower packs.
6. `pack-22.md` remains authority for non-Platform areas unless `pack-23.md` explicitly overrides them.
7. Pre-alpha policy is canonical-only routing: no legacy redirects and no alias windows.

## 2) Canonical IA (v3)

### 2.1 Root modules

Canonical top-level modules are:

- `Mission Control`
- `Releases`
- `Security`
- `Evidence`
- `Ops`
- `Setup`

### 2.2 Global context

Region and Environment are global context selectors in the top bar, not deep menu nodes.

Required global context controls:

- Search
- Region multi-select
- Environment multi-select scoped to Region selection
- Time window selector
- Stage selector
- Status indicators (offline/feed/policy/evidence/live event stream)

### 2.3 Ownership decisions resolved by precedence

These are authoritative for planning and replace older conflicting placements:

- `Release Control` root is decomposed:
  - release lifecycle surfaces move to `Releases`,
  - inventory/topology surfaces move to `Setup -> Topology`.
- `Bundle` is deprecated in operator IA and renamed to `Release Version`.
- `Runs`, `Deployments`, `Promotions`, and `Hotfixes` are lifecycle views inside `Releases` and not top-level modules.
- `VEX` and `Exceptions` remain distinct data models, but are exposed in one operator workspace:
  - `Security -> Disposition Center` tabs (`VEX Statements`, `Exceptions`, `Expiring`),
  - feeds/source configuration lives in `Ops -> Integrations -> Advisory & VEX Sources`.
- SBOM Graph/Lake are one `Security -> SBOM` workspace with mode tabs.
- Reachability is a first-class surface under `Security -> Reachability`.
- Topology ownership is setup-owned under `Setup -> Topology`.
- Policy and former Platform ownership are consolidated under `Ops`.
- Trust posture is visible in `Evidence`, while signing/trust mutation stays under `Ops` setup/policy surfaces.

## 3) Canonical screen authorities

Use the following packs as the latest valid source per domain.

### 3.1 IA and naming consolidation

Authoritative pack:

- `pack-22.md`
- `pack-23.md` (highest precedence for Platform ownership and menu placement)
- `pack-22.md`

Superseded for overlapping decisions:

- `pack-21.md` and lower packs for root module grouping and naming.

### 3.2 Mission Control

Authoritative packs:

- `pack-22.md` for mission control framing and quick actions.
- `pack-16.md` for detailed dashboard signal widgets where not overridden.

### 3.3 Releases

Authoritative packs:

- `pack-22.md` for consolidation model (`list`, `detail tabs`, `activity`, `approvals queue`).
- `pack-12.md` for release composition/builder details.
- `pack-13.md` for promotion flow semantics.
- `pack-14.md` for timeline/checkpoint/rollback/replay semantics.
- `pack-17.md` for approvals detail depth.

Superseded:

- Standalone menu treatment from earlier packs where runs/deployments/promotions/hotfixes were separate roots.

### 3.4 Setup + Topology

Authoritative packs:

- `pack-22.md` for topology taxonomy and environment detail structure.
- `pack-23.md` for platform ownership moves now consolidated under `Ops`.
- `pack-18.md` for environment detail shell standards reused inside topology-aware views.

### 3.5 Security

Authoritative packs:

- `pack-22.md` for consolidation into `Posture`, `Triage`, `SBOM`, `Reachability`, `Disposition Center`, and `Reports`.
- `pack-19.md` for decision-first security detail behavior where not overridden.

Superseded:

- Earlier split explorer layouts that force separate VEX/Exceptions and separate SBOM roots.

### 3.6 Evidence

Authoritative packs:

- `pack-22.md` for evidence navigation framing and release linkage expectations.
- `pack-20.md` for evidence chain structure (packs/export/proof/replay/audit).

### 3.7 Ops

Authoritative packs:

- `pack-23.md` for Platform + Policy + Integrations consolidation under one root.
- `pack-15.md` for data integrity operating model.
- `pack-10.md` for feeds/airgap operational detail where still valid.

### 3.8 Integrations

Authoritative packs:

- `pack-23.md` for Platform Integrations placement and topology ownership split.
- `pack-10.md` and `pack-21.md` for connector detail flows where not overridden.

### 3.9 Setup Administration

Authoritative packs:

- `pack-22.md` for governance scope.
- `pack-21.md` for detailed A0-A7 screen structure where not overridden.

## 4) Normalized terminology (canonical names)

Use these terms in sprint tickets/specs:

- `Bundle` -> `Release Version`
- `Create Bundle` -> `Create Release Version`
- `Current Release` -> `Deploy/Promote`
- `Run/Timeline/Pipeline` -> `Release Run`
- `Security & Risk` -> `Security`
- `Evidence & Audit` -> `Evidence`
- `Evidence Pack/Bundle` -> `Decision Capsule`
- `Platform Ops` -> `Ops`
- `Policy` -> `Ops -> Policy`
- `Integrations` -> `Ops -> Integrations`
- `Administration` -> `Setup`
- `Topology` root -> `Setup -> Topology`
- `Regions & Environments` menu -> `Setup -> Topology` + global context switchers

## 5) Planning gaps to schedule first

Create first-wave dependency sprints for:

- backend global context contracts and persistence (`Region/Environment` top-bar model),
- releases read-model contracts for list/detail/activity/approvals queue,
- setup-owned topology inventory contracts and synchronization,
- security disposition aggregation contracts (VEX + Exceptions UX join),
- route retirement cleanup from legacy families to canonical pre-alpha roots with no redirect compatibility layer.