# Policy editor workspace

Purpose
- Author, simulate, and approve stella-dsl policies in the Console.
- Provide audit-ready workflows with offline parity.

Access
- Routes: /console/policy and /console/policy/:policyId/:version.
- Scopes: policy:author, policy:review, policy:approve, policy:operate,
  policy:simulate, policy:audit, findings:read.

Workspace layout
- Revision timeline and checklist in the sidebar.
- Editor tabs for DSL, simulation, approvals, runs, and explain.
- Context cards for VEX providers and CLI parity.

Editing and validation
- Monaco editor with lint and compile diagnostics.
- Format and diff actions produce canonical ordering.
- Schema tooltips link to DSL documentation.

Simulation and diff
- Summary cards for added or removed findings.
- Rule hit tables and severity deltas.
- Export simulation outputs in deterministic JSON.

Review and approval
- Line-level comments and approval checklist.
- Fresh-auth required for approval and activation.
- Audit log captures submit, review, approve, and archive events.

Runs and observability
- Run tab shows rule hit heatmaps and queue depth.
- Replay bundles are downloadable for offline verification.

Offline behavior
- Sealed mode uses cached SBOM and advisory data only.
- Bundle export enables offline reviews and approvals.

Related references
- docs/ui/policy-editor.md
- docs/security/policy-governance.md