# AOC dashboard

Purpose
- Monitor Aggregation-Only Contract (AOC) ingestion guardrails across Concelier and Excititor sources.
- Surface violations, verification results, and exportable evidence without mutating source data.

Access and dependencies
- Route: /console/sources.
- Feature flag: aocDashboard.enabled.
- Scopes: ui.read plus advisory.read and vex.read; aoc:verify for verify actions.
- Depends on Concelier and Excititor guard endpoints and Authority tenant scoping.

Layout
- Source tiles for Concelier and Excititor feeds.
- Violations and history table with filters.
- Action bar: run verify, schedule verify, export evidence, open raw docs.

Source tile fields
- Status badge: healthy, warning, critical based on last ingest age and ERR_AOC violations.
- Last ingest timestamp and relative age.
- Violations in the last 24 hours grouped by ERR_AOC code.
- Supersedes depth (average revision chain length).
- Signature pass rate.
- Ingestion latency P95.

Violation drilldown
- Filters by source, timeframe, ERR_AOC code, and severity.
- Detail drawer shows provenance, signature status, supersedes chain, and redacted raw JSON.
- Linked findings and policy overlays are shown as references only.
- Annotations and acknowledgements are stored as structured audit notes.

Verification and actions
- Run verify posts to /aoc/verify with a since window; results include counts and top codes.
- Schedule verify supports daily or weekly cadence with optional notifications.
- Export evidence bundles include tile metrics, verification summaries, and annotations.
- CLI parity: stella aoc verify --tenant <tenant> --since <window>.

Observability
- ingestion_write_total{source,tenant,result}
- aoc_violation_total{source,tenant,code}
- ingestion_signature_verified_total{source,result}
- ingestion_latency_seconds{source,quantile}
- advisory_revision_count{source}

Security and tenancy
- DPoP-bound tokens per tenant; data never crosses tenant boundaries.
- Sensitive fields are redacted using Concelier rules.
- Verify actions are rate limited and audited (action=aoc.verify.ui).

Offline behavior
- Offline snapshot banner shows snapshot time and bundle hash.
- Verification requests queue for later execution and provide CLI guidance.
- Evidence exports default to local paths for air-gap transfer.