# Console overview

Mission and principles
- Single entry point for SBOMs, advisories, policies, runs, and admin controls.
- Deterministic navigation with deep-linkable URLs.
- Tenant isolation by default; explicit cross-tenant comparisons only.
- Aggregation-only views for Concelier and Excititor outputs.
- Offline parity for every view with visible staleness.

Primary navigation
- Dashboard: KPIs, feed age, queue depth, alerts.
- Findings: policy verdicts, explain traces, and triage actions.
- SBOM Explorer: catalog, components, overlays, exports.
- Advisories and VEX: aggregated sources, provenance, conflicts.
- Runs: scheduler runs, progress, evidence links.
- Policies: editor, simulations, approvals.
- Downloads: signed artifacts and offline kit parity.
- Admin: tenants, roles, clients, tokens, branding.
- Help: guides, tours, and release notes.

Shared surfaces
- Top bar: tenant picker, environment badge, offline status, user menu, notifications, command palette.
- Global filter tray (Shift+F): tenant, time window, severity, tags, source providers, run status, policy view.
- Context chips: active filters with one-click removal.
- Status ticker: SSE-driven ingestion deltas and queue depth.

Tenant model
- Tenant list comes from Authority; switching issues a tenant-scoped, DPoP-bound token.
- Cross-tenant comparisons are opt-in and render split panes with separate tokens.
- Fresh-auth gates sensitive actions (admin changes, approvals).
- Tenant switches emit audited events (ui.tenant.switch).

Filters, presets, and deep links
- Filters encoded in URLs (tenant, since/until, severity, view, panel, component).
- Presets are saved per tenant and accessible via the command palette and Cmd/Ctrl+1..9.
- Deep links map to CLI commands for deterministic offline replay.

Aggregation-only alignment
- Advisory and VEX pages read canonical aggregation endpoints.
- Provenance badges show source lineage, precedence, and merge hashes.
- UI does not reweight or rewrite aggregated data; actions route through guard endpoints.

Performance and telemetry
- LCP target under 2.5 seconds on a 4 vCPU offline runner with cached assets.
- Route budget under 1.5 seconds after token resolution.
- Telemetry signals: ui_route_render_seconds, ui_filter_apply_total, ui_tenant_switch_total, ui_offline_banner_seconds.

Offline posture
- Offline kits drive read-only views with snapshot ID and staleness banners.
- Actions requiring Authority or verification show CLI guidance.
- Tenants missing from the snapshot are hidden.

Related references
- ui/navigation.md
- ui/downloads.md
- ui/sbom-explorer.md