git.stella-ops.org/docs/modules/ui/information-architecture.md

StellaOps UI Information Architecture

Overview

This document defines the information architecture (IA) for the StellaOps web interface, including navigation structure, route hierarchy, and role-based access patterns.

Navigation Structure

Primary Navigation

┌─────────────────────────────────────────────────────────────────┐
│ StellaOps                                                       │
├─────────────────────────────────────────────────────────────────┤
│ 🏠 Home                                                          │
│ 📊 Analyze                                                       │
│    ├── Findings                                                 │
│    ├── Vulnerabilities                                          │
│    ├── Reachability                                             │
│    ├── Graph Explorer                                           │
│    ├── Unknowns                       [SPRINT_033]             │
│    └── Binaries                       [SPRINT_038]             │
│ 🔒 Proof                                                         │
│    ├── Proof Chain                                              │
│    ├── CVSS Receipts                                            │
│    └── Attestations                                             │
│ 📜 Policy Studio                                                 │
│    ├── Packs                                                    │
│    ├── Editor                                                   │
│    ├── Simulation                     [SPRINT_021b]            │
│    ├── Approvals                                                │
│    └── Governance                     [SPRINT_021a]            │
│ 🔗 Integrations                                                  │
│    ├── Hub                            [SPRINT_011]             │
│    ├── Registries                     [SPRINT_012]             │
│    ├── SCM                            [SPRINT_013]             │
│    ├── CI/CD                          [SPRINT_014]             │
│    └── Hosts                          [SPRINT_011]             │
│ ⚙️ Ops                                                           │
│    ├── Health                         [SPRINT_032]             │
│    ├── Orchestrator                   [existing]               │
│    │    ├── Jobs                                                │
│    │    ├── Quotas                                              │
│    │    ├── Dead-Letter               [SPRINT_030]             │
│    │    └── SLO                       [SPRINT_031]             │
│    ├── Scheduler                      [SPRINT_017]             │
│    ├── Packs                          [SPRINT_036]             │
│    ├── Signals                        [SPRINT_037]             │
│    ├── Feeds                          [SPRINT_020]             │
│    │    ├── Mirrors                                             │
│    │    ├── Snapshots                                           │
│    │    └── AirGap                                              │
│    ├── Scanner                        [SPRINT_025]             │
│    ├── AOC                            [SPRINT_027]             │
│    └── Exports                        [SPRINT_016]             │
│ 🔐 Admin                                                         │
│    ├── Users                          [existing]               │
│    ├── Tenants                        [existing]               │
│    ├── Tokens                         [existing]               │
│    ├── Audit                          [SPRINT_028]             │
│    ├── Trust                          [SPRINT_018c]            │
│    │    ├── Keys                                                │
│    │    ├── Issuers                   [SPRINT_024]             │
│    │    └── Certificates                                        │
│    ├── Notifications                  [SPRINT_018b]            │
│    ├── Registry Admin                 [SPRINT_023]             │
│    └── Quotas                         [SPRINT_029]             │
└─────────────────────────────────────────────────────────────────┘

Route Hierarchy

Route	Component	Scope Required	Sprint
/	HomeDashboard	authenticated	existing
/dashboard/sources	SourcesDashboard	authenticated	existing
/analyze/findings	FindingsContainer	findings.read	existing
/analyze/findings/:scanId	FindingsContainer	findings.read	existing
/analyze/vulnerabilities	VulnerabilityExplorer	vulnerabilities.read	existing
/analyze/vulnerabilities/:vulnId	VulnerabilityDetail	vulnerabilities.read	existing
/analyze/reachability	ReachabilityCenter	reachability.read	existing
/analyze/graph	GraphExplorer	graph.read	existing
/analyze/unknowns	UnknownsList	scanner.read	SPRINT_033
/analyze/binaries	BinaryIndexBrowser	binaryindex.read	SPRINT_038
/proof/:subjectDigest	ProofChain	proof.read	existing
/cvss/receipts/:receiptId	CvssReceipt	cvss.read	existing
/policy-studio/packs	PolicyWorkspace	policy.read	existing
/policy-studio/packs/:packId/editor	PolicyEditor	policy.author	existing
/policy-studio/packs/:packId/simulate	PolicySimulation	policy.simulate	existing
/policy-studio/packs/:packId/approvals	PolicyApprovals	policy.review	existing
/admin/policy/simulation	PolicySimulationStudio	policy.simulate	SPRINT_021b
/admin/policy/governance	PolicyGovernance	policy.admin	SPRINT_021a
/integrations	IntegrationHub	integrations.read	SPRINT_011
/integrations/registries	RegistryIntegrations	integrations.read	SPRINT_012
/integrations/scm	ScmIntegrations	integrations.read	SPRINT_013
/integrations/ci	CiIntegrations	integrations.read	SPRINT_014
/ops/health	PlatformHealth	ops.health	SPRINT_032
/ops/orchestrator	OrchestratorDashboard	orch.read	existing
/ops/orchestrator/jobs	OrchestratorJobs	orch.read	existing
/ops/orchestrator/jobs/:jobId	OrchestratorJobDetail	orch.read	existing
/ops/orchestrator/quotas	OrchestratorQuotas	orch.operator	existing
/ops/orchestrator/dead-letter	DeadLetterManagement	orch.admin	SPRINT_030
/ops/orchestrator/slo	SloMonitoring	ops.read	SPRINT_031
/ops/scheduler	SchedulerOps	scheduler.read	SPRINT_017
/ops/packs	PackRegistry	orchestrator.read	SPRINT_036
/ops/signals	SignalsDashboard	signals.read	SPRINT_037
/ops/feeds	FeedMirrorOps	feeds.read	SPRINT_020
/ops/scanner	ScannerOps	scanner.admin	SPRINT_025
/ops/aoc	AocComplianceDashboard	ops.audit	SPRINT_027
/ops/exports	EvidenceExports	evidence.read	SPRINT_016
/admin/users	UserManagement	ui.admin	existing
/admin/tenants	TenantManagement	ui.admin	existing
/admin/tokens	TokenManagement	ui.admin	existing
/admin/audit	UnifiedAuditLog	audit.read	SPRINT_028
/admin/trust	TrustDashboard	trust.admin	SPRINT_018c
/admin/notifications	NotificationAdmin	notify.admin	SPRINT_018b
/admin/registry	RegistryAdmin	registry.admin	SPRINT_023
/admin/quotas	QuotaDashboard	quota.admin	SPRINT_029

Role-Based Access Matrix

Roles and Scopes

Role	Scopes	Description
Viewer	*.read	Read-only access to all features
Developer	scanner.read, findings.read, policy.read, proof.read	Day-to-day development workflow
Security Engineer	policy., findings., vulnerabilities., proof.	Security triage and policy management
Operator	orch., scheduler., ops., integrations.	Platform operations
Admin	*.admin, ui.admin	Full administrative access
Tenant Admin	tenant.admin, quota.admin	Tenant-level administration

Feature Visibility by Role

Feature	Viewer	Developer	Security	Operator	Admin
Home Dashboard	✅	✅	✅	✅	✅
Findings	✅	✅	✅	✅	✅
Vulnerability Triage	❌	✅	✅	❌	✅
Policy Editor	❌	❌	✅	❌	✅
Policy Simulation	❌	✅	✅	❌	✅
Orchestrator Jobs	✅	✅	✅	✅	✅
Dead-Letter Queue	❌	❌	❌	✅	✅
SLO Monitoring	❌	❌	❌	✅	✅
Platform Health	❌	❌	❌	✅	✅
Integration Hub	❌	✅	❌	✅	✅
User Management	❌	❌	❌	❌	✅
Audit Log	❌	❌	✅	✅	✅

Navigation State Management

Breadcrumb Strategy

All nested routes should display breadcrumbs for context:

Home > Analyze > Findings > CVE-2024-1234

Home > Ops > Orchestrator > Jobs > job-12345

Home > Policy Studio > Packs > production-baseline > Editor

Deep Linking

All significant states should be deep-linkable:

• Filter states encoded in URL query params
• Tab selections encoded in URL fragments
• Modal states use route params where appropriate

Navigation Guards

// Guard priority order
1. AuthGuard - Verify authentication
2. RoleGuard - Check required scope
3. FeatureGuard - Check feature flags
4. OnboardingGuard - Redirect to onboarding if incomplete
5. OfflineGuard - Redirect to offline view if disconnected

Search and Discovery

Global Search (SPRINT_034)

Cmd+K / Ctrl+K opens command palette with:

• Entity search (CVEs, artifacts, policies, jobs)
• Navigation shortcuts (g h, g f, g p)
• Quick actions (>scan, >vex, >policy)

Contextual Search

Each list view includes contextual search:

• Findings: CVE ID, artifact, package
• Jobs: Job ID, type, status
• Policies: Name, rule content
• Audit: Actor, action, resource

Mobile and Responsive Considerations

Breakpoints

Breakpoint	Min Width	Navigation
xs	0px	Bottom nav, collapsed sidebar
sm	576px	Collapsed sidebar
md	768px	Collapsed sidebar with expand
lg	992px	Full sidebar
xl	1200px	Full sidebar with details panel

Touch Interactions

• Swipe left/right for list actions
• Pull to refresh on list views
• Long press for context menu

Accessibility Navigation

Keyboard Navigation

Key	Action
Tab	Next focusable element
Shift+Tab	Previous focusable element
Enter	Activate selection
Esc	Close modal / Clear selection
?	Show keyboard shortcuts
/	Focus search
j/k	Navigate list items

Skip Links

<a class="skip-link" href="#main-content">Skip to main content</a>
<a class="skip-link" href="#main-nav">Skip to navigation</a>

ARIA Landmarks

<header role="banner">...</header>
<nav role="navigation" aria-label="Main navigation">...</nav>
<main role="main" id="main-content">...</main>
<aside role="complementary">...</aside>
<footer role="contentinfo">...</footer>

Related Documentation

• UI Architecture
• Accessibility Guide
• Offline Implementation
• Component Library