# Security Operations Leaves

## Purpose
- Make the preserved weak-route leaves fully usable from the live shells instead of leaving them reachable only by typed URLs or overview-card luck.
- Keep `Mission Control`, `Security`, and `Ops > Operations` as the owners of their respective operator workflows instead of reviving a separate legacy security-ops product.

## Canonical Owner
- Owner shells:
  - `Mission Control`
  - `Security`
  - `Ops > Operations`
- Primary routes:
  - `/mission-control/alerts`
  - `/mission-control/activity`
  - `/mission-control/release-health`
  - `/mission-control/security-posture`
  - `/security/unknowns`
  - `/security/unknowns/:unknownId`
  - `/security/unknowns/:unknownId/determinization`
  - `/security/unknowns/queue/grey`
  - `/ops/operations/notifications`

## Legacy Alias Policy
- Preserve stale bookmarks and old links by redirecting:
  - `/analyze/unknowns`
  - `/analyze/unknowns/:unknownId`
  - `/analyze/unknowns/:unknownId/determinization`
  - `/analyze/unknowns/queue/grey`
  - `/notify`
- Redirects must preserve query params and fragments so tenant, region, environment, return-to-context, and tab state survive the handoff.
- `Setup > Notifications` remains the admin/configuration surface. `Ops > Operations > Notifications` remains the operator delivery and alert workflow surface.

## UX Rules
- `Mission Control` owns the cross-product alert and recent-activity pages and must surface them directly from the live sidebar.
- `Security` owns unknowns tracking, detail review, grey queue, and determinization flows.
- `Ops > Operations` owns notification delivery, channel health, and operator watchlist handoffs.
- Internal links inside the unknowns subtree must stay inside `/security/unknowns*`, not dead `/analyze/*` routes.
- Browser-level verification should use the mounted notifications page because the local frontend proxy reserves `/notify`; the alias itself is still required in app routing and verified at route-contract level.

## Preserved Value
- Keep:
  - mission alert and activity summaries as operator landing pages
  - unknowns tracking and determinization workflows
  - notification delivery and watchlist handoff workflows
- Why:
  - these are already mounted product capabilities with useful operator actions
  - the product issue was surfacing debt and stale route ownership, not lack of feature value

## Shipped In This Cut
- Added top-level alias coverage for stale `/analyze/unknowns*` and `/notify` entry points.
- Retargeted shared navigation config from dead analyze and notify paths to the canonical security and operations owners.
- Surfaced `Alerts`, `Activity`, `Unknowns`, and `Notifications` from the live sidebar shells.
- Repaired unknowns grey-queue and determinization links so breadcrumbs and return paths stay inside canonical security routes.
- Added focused Angular and Playwright verification for the cutover.

## Related Docs
- `docs/features/checked/web/security-operations-leaves-ui.md`
- `docs/features/checked/web/unknowns-tracking-ui.md`
- `docs/modules/ui/watchlist-operations/README.md`
- `docs/modules/ui/component-preservation-map/RESTORATION_PRIORITIES.md`