# Reachability Witnessing

## Recommendation

Do not restore Witnessing as a separate product.

Merge it into the existing `Security > Reachability` area as deeper tabs and contextual detail views.

## Why

- `ReachabilityCenterComponent` already owns the top-level coverage-first posture.
- `WitnessPageComponent` and `PoEDrawerComponent` are explanation and proof surfaces for the same capability.
- Reachability evidence also matters to findings, triage, and release gates, so the detailed views must be reusable from those contexts.

## Primary Placement

- Menu group: `Security`
- Section: `Reachability`

Suggested canonical root:
- `/security/reachability`

## Product Shape

Keep one reachability shell and add tabs.

### Tabs
- `Coverage`
  - current fleet/sensor coverage view
- `Witnesses`
  - searchable list of witness records and witness detail pages
- `PoE / Exposure`
  - proof-of-exposure artifacts, export/verify actions, and DSSE/Rekor state
- `Sensor Gaps`
  - missing sensors, stale facts, and remediation queues

## Merge Map

### Into `Coverage`
- `ReachabilityCenterComponent`

### Into `Witnesses`
- `WitnessPageComponent`
  - becomes the full detail page for a selected witness

### Into `PoE / Exposure`
- `PoEDrawerComponent`
  - becomes a reusable evidence drawer plus an optional tabbed detail route when permalink is needed

## Placement For Single Actions And Small Surfaces

### Witness detail
- Full page under `Witnesses`
- Suggested route:
  - `/security/reachability/witnesses/:witnessId`

### PoE detail
- Default to a right drawer from witness detail, finding detail, triage, or release-context views
- Only create a standalone route for deep-link/export cases:
  - `/security/reachability/poe/:artifactId`

### Export DOT / Mermaid
- Keep as witness-detail actions
- Do not turn export formats into their own pages

### Replay verify
- Keep as an action button on witness and PoE detail
- Also expose the same action from release-context evidence pages

## Secondary Entry Points

These should deep-link into the same reachability surfaces:

- `Security > Findings`
  - open witness detail for a finding
- `Triage > Artifact Workspace`
  - open witness drawer from artifact detail
- `Releases` or Decisioning Studio release context
  - open witness/PoE evidence when a gate uses reachability proof

## What Not To Do

- Do not create a separate sidebar product called `Witnessing` or `Proof of Exposure`.
- Do not leave PoE only as a detached drawer with no canonical parent route.
- Do not split coverage, witness detail, and proof detail across different top-level sections.

## Route Sketch

- `/security/reachability`
- `/security/reachability/coverage`
- `/security/reachability/witnesses`
- `/security/reachability/witnesses/:witnessId`
- `/security/reachability/poe`
- `/security/reachability/poe/:artifactId`
- `/security/reachability/gaps`

## Detailed UX And Sprint

- Detailed UX dossier: `../reachability-witnessing/README.md`
- Implementation sprint: `../../../docs-archived/implplan/SPRINT_20260307_025_FE_reachability_witnessing_merge.md`

## Corroborating Inputs

- `docs/contracts/witness-v1.md`
- `docs/architecture/EVIDENCE_PIPELINE_ARCHITECTURE.md`
- `docs/modules/scanner/reachability.md`
- `src/Web/StellaOps.Web/src/app/features/reachability/reachability-center.component.ts`
- `src/Web/StellaOps.Web/src/app/features/reachability/witness-page.component.ts`
- `src/Web/StellaOps.Web/src/app/features/reachability/poe-drawer.component.ts`
- `src/Web/StellaOps.Web/src/app/routes/security-risk.routes.ts`
- `src/Web/StellaOps.Web/src/app/routes/evidence.routes.ts`

## Final Call

This should be restored as deeper reachability UX: one security submenu, four tabs, witness as the full detail page, and PoE as a reusable evidence drawer with an optional permalink route.