stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity
Files
17419ba7c4f8e35ed78033515115088eb40d20a7
git.stella-ops.org/docs-archived/ui-analysis/rework/02-wireframes.md

436 lines
49 KiB
Markdown
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

Below are the redesigned **flagship page wireframes (ASCII)** for Stella Ops as an **evidence-based release control plane** with **hybrid reachability** as a first-class gate and explanation layer.
Im keeping the pages “small” in feel: the **most important words first**, then compact supporting text, with **deep detail behind links/panels**.
---
## 0) Shared Shell (applies to all flagship pages)
```
┌────────────────────────────────────────────────────────────────────────────────────────────┐
│ Stella Ops [ Search: release | digest | CVE | env | target ] Tenant: ACME User ▼ │
│ Offline: OK Feed Snapshot: 2026-01-15 Policy Baseline: prod-baseline v3.1 Evidence: ON│
├───────────────┬────────────────────────────────────────────────────────────────────────────┤
│ CONTROL PLANE │ Breadcrumb: <Section> > <Page> │
│ RELEASES │ │
│ APPROVALS │ <router-outlet> │
│ SECURITY │ │
│ EVIDENCE │ │
│ OPERATIONS │ │
│ SETTINGS │ │
└───────────────┴────────────────────────────────────────────────────────────────────────────┘
Conventions:
- Primary actions are top-right.
- “Open Evidence” and “Open Proof Chain” are always one click away when decisions happen.
- Digests show short form + copy action; full value in hover/expand.
- Gate states: [PASS] [WARN] [BLOCK]
- Reachability states: Reachable / Unreachable / Uncertain + Confidence + Witness link
```
---
## 1) CONTROL PLANE — Overview (new `/`)
**Goal:** answer in one screen: **whats deployed where**, **whats pending**, **what changed**, **what needs me**.
```
┌────────────────────────────────────────────────────────────────────────────────────────────┐
│ CONTROL PLANE │
│ Release governance with evidence. Promote by digest. Explain every decision. [Docs →] │
│ [Create Release]│
├────────────────────────────────────────────────────────────────────────────────────────────┤
│ ENVIRONMENT PIPELINE │
│ ┌───────────┐ ┌───────────┐ ┌───────────┐ ┌───────────┐ │
│ │ DEV │ --->│ QA │ --->│ STAGING │ --->│ PROD │ │
│ │ v1.3.0 │ │ v1.2.5 │ │ v1.2.4 │ │ v1.2.3 │ │
│ │ OK │ │ OK │ │ PENDING │ │ OK │ │
│ └───────────┘ └───────────┘ └───────────┘ └───────────┘ │
│ Deployed by digest. Click an environment to see targets, drift, and evidence. │
├────────────────────────────────────────────────────────────────────────────────────────────┤
│ ┌───────────────────────────────────────────────┐ ┌──────────────────────────────────────┐ │
│ │ ACTION INBOX │ │ DRIFT & RISK CHANGES │ │
│ │ (what needs attention) │ │ (since last evidence) │ │
│ │ │ │ │ │
│ │ • 3 approvals pending │ │ • 2 promotions newly BLOCKED │ │
│ │ • 1 blocked promotion (reachability) │ │ • 5 CVEs updated (1 reachable) │ │
│ │ • 2 failed deployments (retry available) │ │ • 1 feed stale risk (OSV 36h old) │ │
│ │ • 1 key expiring in 14 days │ │ • 0 config drifts in prod │ │
│ │ │ │ │ │
│ │ [Go to Approvals] [Go to Deployments] │ │ [View Drift] [View Security Impact] │ │
│ └───────────────────────────────────────────────┘ └──────────────────────────────────────┘ │
├────────────────────────────────────────────────────────────────────────────────────────────┤
│ PENDING PROMOTIONS │
│ ┌──────────────────────────────────────────────────────────────────────────────────────────┐ │
│ │ Release From → To Status Gates Risk Delta Actions │ │
│ │ v1.2.5 QA → Staging Waiting [PASS][WARN] +2 new CVEs [Open Approval] │ │
│ │ v1.2.6 Dev → QA Auto-approved [PASS] net safer [Deploy Now] │ │
│ └──────────────────────────────────────────────────────────────────────────────────────────┘ │
└────────────────────────────────────────────────────────────────────────────────────────────┘
```
---
## 2) RELEASES — List (`/releases`)
**Goal:** inventory releases as **immutable bundles**, show **where deployed**, and enable **promotion/evidence**.
```
┌────────────────────────────────────────────────────────────────────────────────────────────┐
│ RELEASES │
│ Immutable digest bundles. Promote releases across environments. [Docs →] │
│ [Create Release] [Export CSV] │
├────────────────────────────────────────────────────────────────────────────────────────────┤
│ Filters: [Search release/component/digest…] [Env ▼] [Deployed ▼] [Gate ▼] [Date ▼] │
├────────────────────────────────────────────────────────────────────────────────────────────┤
│ ┌──────────────────────────────────────────────────────────────────────────────────────────┐
│ │ Release Bundle Digest Components Deployed Where Gates Evidence Action│
│ │ v1.2.6 sha256:9c1…3a 12 Dev, QA [PASS] Signed [View]│
│ │ v1.2.5 sha256:7aa…2f 12 QA [WARN] Signed [View]│
│ │ v1.2.4 sha256:0b2…c9 11 Staging [PASS] Signed [View]│
│ │ v1.2.3 sha256:1d9…11 11 Prod [PASS] Signed [View]│
│ └──────────────────────────────────────────────────────────────────────────────────────────┘
│ Multi-select actions: [Request Promotion] [Generate Evidence] [Replay Verify] [Compare] │
└────────────────────────────────────────────────────────────────────────────────────────────┘
```
---
## 3) RELEASES — Release Detail (`/releases/:releaseId`)
**Goal:** one flagship screen that ties **promotion + gates + reachability + evidence + proof chain**.
```
┌────────────────────────────────────────────────────────────────────────────────────────────┐
│ RELEASE v1.2.5 │
│ Bundle: sha256:7aa…2f (copy) Created: 2026-01-15 Source: CI build #882 [Docs →] │
│ [Request Promotion] [Rollback] │
├────────────────────────────────────────────────────────────────────────────────────────────┤
│ DEPLOYMENT MAP │
│ Dev: v1.3.0 (not this) QA: v1.2.5 (THIS) Staging: pending Prod: v1.2.3 │
│ [Open Environment QA] [Open Approval] [Open Deployments] │
├────────────────────────────────────────────────────────────────────────────────────────────┤
│ Tabs: [Overview] [Components] [Gates] [Promotions] [Deployments] [Evidence] [Proof Chain] │
├────────────────────────────────────────────────────────────────────────────────────────────┤
│ OVERVIEW │
│ ┌───────────────────────────────────────────────┐ ┌──────────────────────────────────────┐ │
│ │ GATE SUMMARY (Policy: stg-baseline v3.1) │ │ SECURITY IMPACT │ │
│ │ SBOM signed: [PASS] │ │ New CVEs: 2 (1 reachable) │ │
│ │ Provenance present: [PASS] │ │ Fixed CVEs: 5 │ │
│ │ Reachability coverage: [WARN] 89% │ │ VEX: 2 not-affected, 1 under review │ │
│ │ Critical reachable: [BLOCK] 1 (0.82 conf) │ │ Exceptions: 0 │ │
│ │ │ │ [Open Findings for this Release] │ │
│ │ [Open Reachability Witness] [Explain] │ └──────────────────────────────────────┘ │
│ └───────────────────────────────────────────────┘ │
│ MOST RECENT EVIDENCE PACKET │
│ Evidence: EVD-2026-0045 Signed: YES Verified: YES Feed Snapshot: 2026-01-15 │
│ [Open Evidence Packet] [Export Bundle] [Replay Verify] │
└────────────────────────────────────────────────────────────────────────────────────────────┘
```
---
## 4) APPROVALS — Inbox (`/approvals`)
**Goal:** make approvals the **decision cockpit**: diff-first, evidence-first, reachability-first.
```
┌────────────────────────────────────────────────────────────────────────────────────────────┐
│ APPROVALS │
│ Decide promotions with policy + reachability, backed by signed evidence. [Docs →] │
├────────────────────────────────────────────────────────────────────────────────────────────┤
│ Filters: [Pending ▼] [Env ▼] [Team ▼] [Policy Baseline ▼] [Search…] │
├────────────────────────────────────────────────────────────────────────────────────────────┤
│ ┌──────────────────────────────────────────────────────────────────────────────────────────┐
│ │ PENDING (3) │
│ ├──────────────────────────────────────────────────────────────────────────────────────────┤
│ │ v1.2.5 QA → Staging Requested by: deploy-bot 2h ago │
│ │ WHAT CHANGED: +3 pkgs +2 CVEs (1 reachable) -5 fixed Drift: none │
│ │ GATES: SBOM[PASS] Provenance[PASS] Reachability[BLOCK] VEX[WARN] │
│ │ Actions: [Open] [Open Evidence] [Open Witness] [Request Exception] [Approve] [Reject] │
│ ├──────────────────────────────────────────────────────────────────────────────────────────┤
│ │ v1.2.6 Dev → QA Auto-approved gates. Waiting deploy window. │
│ │ WHAT CHANGED: net safer -2 CVEs Coverage: 92% │
│ │ Actions: [Deploy Now] [Open Evidence] │
│ └──────────────────────────────────────────────────────────────────────────────────────────┘
└────────────────────────────────────────────────────────────────────────────────────────────┘
```
---
## 5) APPROVALS — Approval Detail (`/approvals/:approvalId`)
**Goal:** show everything needed to make a decision—without navigating away.
```
┌────────────────────────────────────────────────────────────────────────────────────────────┐
│ APPROVAL: v1.2.5 QA → Staging │
│ Requested by: deploy-bot 2h ago Policy: stg-baseline v3.1 Feed Snapshot: 2026-01-15 │
│ [Open Evidence] [Docs →] │
├────────────────────────────────────────────────────────────────────────────────────────────┤
│ LEFT: DIFF & GATES RIGHT: DECISION & COMMENTS │
│ ┌───────────────────────────────────────────────────────┐ ┌─────────────────────────────┐ │
│ │ WHAT CHANGED (Diff-first) │ │ DECISION │ │
│ │ Components changed: 3 │ │ [Approve] [Reject] │ │
│ │ New CVEs: 2 (1 reachable) │ │ Require comment: [____] │ │
│ │ Fixed CVEs: 5 │ │ Optional: [Request Exception]│ │
│ │ Config drift: none │ └─────────────────────────────┘ │
│ ├───────────────────────────────────────────────────────┤ │
│ │ GATES (expandable) │ ┌─────────────────────────────┐ │
│ │ SBOM signed: [PASS] │ │ COMMENTS / AUDIT NOTES │ │
│ │ Provenance attested: [PASS] │ │ - user1: needs exception? │ │
│ │ Reachability: [BLOCK] │ │ - sec: confirm witness path │ │
│ │ VEX consensus: [WARN] │ │ [Add comment] │ │
│ │ │ └─────────────────────────────┘ │
│ │ [Explain Gate Results] [Open Proof Chain] │ │
│ └───────────────────────────────────────────────────────┘ │
├────────────────────────────────────────────────────────────────────────────────────────────┤
│ REACHABILITY WITNESS (the moat) │
│ ┌──────────────────────────────────────────────────────────────────────────────────────────┐ │
│ │ Finding: CVE-2026-1234 in log4j │
│ │ State: Reachable Confidence: 0.82 Reason: static path + runtime signal present │
│ │ Witness Path: main() → processRequest() → Logger.log() → vulnerable() │
│ │ Guards: none detected Dynamic loading: no │
│ │ Actions: [Open Full Witness] [Export DOT] [Replay Verify] │
│ └──────────────────────────────────────────────────────────────────────────────────────────┘ │
└────────────────────────────────────────────────────────────────────────────────────────────┘
```
---
## 6) ENVIRONMENTS — List (`/environments`)
**Goal:** show environments as **release destinations** (not just config objects).
```
┌────────────────────────────────────────────────────────────────────────────────────────────┐
│ ENVIRONMENTS │
│ What is deployed where, with policy and evidence. [Docs →] │
├────────────────────────────────────────────────────────────────────────────────────────────┤
│ ┌──────────────────────────────────────────────────────────────────────────────────────────┐
│ │ Environment Current Release Freeze Targets Policy Baseline Last Deploy Action│
│ │ Dev v1.3.0 Off 12 dev-baseline v2.0 10m ago [Open]│
│ │ QA v1.2.5 Off 8 qa-baseline v2.5 2h ago [Open]│
│ │ Staging v1.2.4 On 6 stg-baseline v3.1 6h ago [Open]│
│ │ Prod v1.2.3 Off 20 prod-baseline v3.1 1d ago [Open]│
│ └──────────────────────────────────────────────────────────────────────────────────────────┘
└────────────────────────────────────────────────────────────────────────────────────────────┘
```
---
## 7) ENVIRONMENTS — Environment Detail (`/environments/:envId`)
**Goal:** environment as a “release ledger”: targets, drift, promotions, evidence.
```
┌────────────────────────────────────────────────────────────────────────────────────────────┐
│ ENVIRONMENT: Staging │
│ Current: v1.2.4 Policy: stg-baseline v3.1 Freeze: ON (window 18:0020:00 UTC) [Docs →]│
│ [Request Promotion] [Open Evidence] │
├────────────────────────────────────────────────────────────────────────────────────────────┤
│ Tabs: [Overview] [Targets] [Promotions] [Deployments] [Drift] [Evidence] │
├────────────────────────────────────────────────────────────────────────────────────────────┤
│ OVERVIEW │
│ ┌───────────────────────────────────────────────┐ ┌──────────────────────────────────────┐ │
│ │ RELEASE HISTORY (ledger) │ │ CURRENT RISK SNAPSHOT │ │
│ │ v1.2.2 → v1.2.3 → v1.2.4 (current) │ │ Gate summary: [PASS][WARN] │ │
│ │ Last promotion: QA → Staging 6h ago │ │ Reachability coverage: 89% │ │
│ │ Evidence: EVD-2026-0044 (verified) │ │ Drift since evidence: none │ │
│ │ [Open Proof Chain] │ │ [Open Findings Impacting Staging] │ │
│ └───────────────────────────────────────────────┘ └──────────────────────────────────────┘ │
│ TARGETS (quick view) │
│ ┌──────────────────────────────────────────────────────────────────────────────────────────┐ │
│ │ Target Type Status Deployed Digest Last Seen Action │ │
│ │ stg-host-01 Docker OK sha256:abc… 1m ago [Details] │ │
│ │ stg-compose-02 Compose OK sha256:abc… 1m ago [Details] │ │
│ │ stg-ecs-service ECS OK sha256:abc… 2m ago [Details] │ │
│ └──────────────────────────────────────────────────────────────────────────────────────────┘ │
└────────────────────────────────────────────────────────────────────────────────────────────┘
```
---
## 8) DEPLOYMENTS — List (`/deployments`)
**Goal:** operational truth: deployments as executions with artifacts + evidence.
```
┌────────────────────────────────────────────────────────────────────────────────────────────┐
│ DEPLOYMENTS │
│ Execution history by environment and release, with evidence for every run. [Docs →] │
├────────────────────────────────────────────────────────────────────────────────────────────┤
│ Filters: [Env ▼] [Release ▼] [Status ▼] [Target Type ▼] [Date ▼] [Search…] │
├────────────────────────────────────────────────────────────────────────────────────────────┤
│ ┌──────────────────────────────────────────────────────────────────────────────────────────┐
│ │ Deployment Env Release Started Duration Status Evidence Action │
│ │ DEP-2026-045 Prod v1.2.3 2h ago 3m12s OK Verified [Open] │
│ │ DEP-2026-044 Staging v1.2.4 6h ago 2m55s OK Verified [Open] │
│ │ DEP-2026-043 QA v1.2.5 10h ago 5m01s FAILED Partial [Open] │
│ └──────────────────────────────────────────────────────────────────────────────────────────┘
└────────────────────────────────────────────────────────────────────────────────────────────┘
```
---
## 9) DEPLOYMENTS — Run Detail (`/deployments/:deployId`)
**Goal:** show workflow DAG, logs, generated artifacts (immutable), and evidence.
```
┌────────────────────────────────────────────────────────────────────────────────────────────┐
│ DEPLOYMENT: DEP-2026-045 │
│ Env: Prod Release: v1.2.3 Plan Hash: ph_91a… Agent: prod-agent-02 [Docs→]│
│ [Open Evidence] [Rollback] [Replay Verify]│
├────────────────────────────────────────────────────────────────────────────────────────────┤
│ Tabs: [Workflow] [Targets] [Artifacts] [Logs] [Evidence] │
├────────────────────────────────────────────────────────────────────────────────────────────┤
│ WORKFLOW (DAG) │
│ ┌──────────────────────────────────────────────────────────────────────────────────────────┐ │
│ │ Fetch Digests → Generate compose.stella.lock.yml → Deploy → Verify → Seal Evidence │
│ │ OK OK OK OK OK │
│ └──────────────────────────────────────────────────────────────────────────────────────────┘ │
│ ARTIFACTS (immutable outputs) │
│ ┌──────────────────────────────────────────────────────────────────────────────────────────┐ │
│ │ compose.stella.lock.yml sha256:11a… [View] [Download] │
│ │ deploy.stella.script.dll sha256:22b… [View] [Download] │
│ │ release.evidence.json sha256:33c… [View] [Download] │
│ │ stella.version.json sha256:44d… [View] [Download] │
│ └──────────────────────────────────────────────────────────────────────────────────────────┘ │
└────────────────────────────────────────────────────────────────────────────────────────────┘
```
---
## 10) EVIDENCE — Evidence Center (`/evidence`)
**Goal:** one unified hub for evidence packets (release/promotion/deploy/audit), verification, export, replay.
```
┌────────────────────────────────────────────────────────────────────────────────────────────┐
│ EVIDENCE │
│ Search, verify, export signed evidence packets and proof chains. [Docs →]│
│ [Create Audit Bundle] [Export] │
├────────────────────────────────────────────────────────────────────────────────────────────┤
│ Filters: [Type ▼] [Release ▼] [Env ▼] [Signed ▼] [Verified ▼] [Date ▼] [Search…] │
├────────────────────────────────────────────────────────────────────────────────────────────┤
│ ┌──────────────────────────────────────────────────────────────────────────────────────────┐
│ │ Evidence ID Type Subject Signed Verified Snapshot Action │
│ │ EVD-2026-0045 Promotion v1.2.5 QA→Staging Yes Yes 2026-01-15 [Open] │
│ │ EVD-2026-0044 Deployment DEP-2026-044 Yes Yes 2026-01-15 [Open] │
│ │ EVD-2026-0043 Release v1.2.3 Yes Yes 2026-01-14 [Open] │
│ └──────────────────────────────────────────────────────────────────────────────────────────┘
└────────────────────────────────────────────────────────────────────────────────────────────┘
```
---
## 11) EVIDENCE — Evidence Packet Viewer (`/evidence/:evidenceId`)
**Goal:** evidence as a structured “who/what/why/how/when” record + bundle contents + verify.
```
┌────────────────────────────────────────────────────────────────────────────────────────────┐
│ EVIDENCE PACKET: EVD-2026-0045 │
│ Type: Promotion Subject: v1.2.5 QA→Staging Signed: YES Verified: YES [Docs →]│
│ [Download Bundle] [Open Proof Chain] [Replay Verify]│
├────────────────────────────────────────────────────────────────────────────────────────────┤
│ SUMMARY (audit-friendly) │
│ Who: user1@acme What: release bundle sha256:7aa…2f When: 2026-01-15 10:23 UTC │
│ Why: Gate verdict BLOCK (reachability) + VEX WARN │
│ How: workflow ph_91a… agent prod-agent-02 │
├────────────────────────────────────────────────────────────────────────────────────────────┤
│ CONTENTS │
│ ┌──────────────────────────────────────────────────────────────────────────────────────────┐ │
│ │ SBOM (CycloneDX 1.7) sha256:aa1… [View] [Download] │ │
│ │ Policy verdict (K4 lattice) sha256:bb2… [View] [Explain] │ │
│ │ Reachability witness slice sha256:cc3… [Open Witness] [Export DOT] │ │
│ │ VEX statements (OpenVEX) sha256:dd4… [View] │ │
│ │ Attestations (DSSE) sha256:ee5… [View] │ │
│ └──────────────────────────────────────────────────────────────────────────────────────────┘ │
└────────────────────────────────────────────────────────────────────────────────────────────┘
```
---
## 12) SECURITY — Findings (release-aware) (`/security/findings`)
**Goal:** security becomes decision support: every finding shows **impact on releases/environments**.
```
┌────────────────────────────────────────────────────────────────────────────────────────────┐
│ SECURITY FINDINGS │
│ Findings with reachability and release impact. Triage feeds the release gates. [Docs →]│
├────────────────────────────────────────────────────────────────────────────────────────────┤
│ Filters: [Search CVE/pkg/release…] [Severity ▼] [Reachability ▼] [Env Impact ▼] [Date ▼] │
├────────────────────────────────────────────────────────────────────────────────────────────┤
│ ┌──────────────────────────────────────────────────────────────────────────────────────────┐
│ │ Sev Finding Component Reachability (conf) Impacts Gate Impact │
│ │ CRIT CVE-2026-1234 log4j@2.14.1 Reachable (0.82) v1.2.5 Staging BLOCK │
│ │ HIGH CVE-2026-5678 spring@5.2.1 Uncertain (0.55) v1.2.6 QA WARN │
│ │ MED CVE-2026-9012 commons-io@2.4 Unreachable (0.90) v1.2.3 Prod PASS │
│ └──────────────────────────────────────────────────────────────────────────────────────────┘
│ Selecting a row opens a detail drawer: Witness, VEX status, Exceptions, Evidence links. │
└────────────────────────────────────────────────────────────────────────────────────────────┘
```
---
## 13) SECURITY — Vulnerability Detail (impact-first) (`/security/vulnerabilities/:cveId`)
**Goal:** unify CVE intelligence with **where it matters** (deployed + gated) + VEX + reachability witness.
```
┌────────────────────────────────────────────────────────────────────────────────────────────┐
│ VULNERABILITY: CVE-2026-1234 │
│ Severity: Critical CVSS: 9.8 EPSS: 0.72 Exploited: Yes (KEV) [Docs →]│
│ [Open Findings] [Open Evidence] [Open Witness] │
├────────────────────────────────────────────────────────────────────────────────────────────┤
│ IMPACT (where it matters) │
│ ┌──────────────────────────────────────────────────────────────────────────────────────────┐ │
│ │ Deployed Environments: Staging (via v1.2.5), Prod (via v1.2.3) │ │
│ │ Gate Impact: Blocks QA→Staging promotions for v1.2.5 │ │
│ │ Fix path: Upgrade log4j to 2.17.x (available) │ │
│ └──────────────────────────────────────────────────────────────────────────────────────────┘ │
├────────────────────────────────────────────────────────────────────────────────────────────┤
│ REACHABILITY SUMMARY │
│ State: Reachable Confidence: 0.82 Witness: main()→processRequest()→Logger.log()→vuln() │
│ Guards: none detected Dynamic loading: no │
└────────────────────────────────────────────────────────────────────────────────────────────┘
```
---
## 14) Reachability Witness Viewer (full page when needed) (`/witness/:id`)
**Goal:** this is your “best-in-class” differentiator page—clear, exportable, replayable.
```
┌────────────────────────────────────────────────────────────────────────────────────────────┐
│ REACHABILITY WITNESS │
│ Subject: CVE-2026-1234 Component: log4j@2.14.1 Release: v1.2.5 Env: Staging [Docs →]│
│ State: Reachable Confidence: 0.82 Snapshot: 2026-01-15 Deterministic: YES │
│ [Export DOT] [Export Mermaid] [Replay Verify] │
├────────────────────────────────────────────────────────────────────────────────────────────┤
│ PATH (human-readable) │
│ main() → processRequest() → Logger.log() → vulnerable_function() │
├────────────────────────────────────────────────────────────────────────────────────────────┤
│ EXPLANATION (why confidence is 0.82) │
│ • Static path found: yes │
│ • Runtime signal present: yes │
│ • Guards detected: none │
│ • Dynamic loading: no │
│ • Reflection: no │
├────────────────────────────────────────────────────────────────────────────────────────────┤
│ GRAPH (collapsed by default; expand on demand) │
│ [ Expand Graph Viewer ] │
└────────────────────────────────────────────────────────────────────────────────────────────┘
```
---
Reference in New Issue View Git Blame Copy Permalink