stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity
Files
822a92faeebbceea6fa005b7eddb7572a8b29b41
git.stella-ops.org/docs/modules/ui/v2-rewire/pack-01.md
master c2f13fe588 preparation for ui re-shelling
2026-02-18 23:03:07 +02:00

583 lines
30 KiB
Markdown
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

# Pack 1 — Release Control (root menus)
## Legend (used everywhere)
* **CritR** = *Critical Reachable* findings count (hybrid reachability)
* **SBOM** = SBOM presence + freshness (OK / Stale / Missing)
* **Cov** = reachability coverage sources: **B/I/R** = Build / Image (Dover/Docker) / Runtime
Example: `Cov 2/3` means two sources available; hover shows which.
* **Hybrid Reachability** = union/merge of Build + Image + Runtime reachability signals.
---
## 0) Left-nav structure (Release Control as root)
```mermaid
flowchart TB
subgraph LeftNav["Left Nav"]
subgraph RC["Release Control (ROOT)"]
DASH["Dashboard<br/>(formerly: Control Plane)"]
REL["Releases<br/>(formerly: Releases)"]
BUN["Bundles<br/>(NEW: Release Bundle Organizer)"]
APR["Approvals<br/>(formerly: Approvals)"]
DEP["Deployments<br/>(formerly: Active Deployments widget)"]
REG["Regions & Environments<br/>(formerly: env pipeline widget)"]
end
subgraph SR["Security & Risk (group)"]
SR1["Risk Overview (formerly: Security Overview)"]
SR2["Findings (formerly: Security Findings)"]
SR3["Reachability Coverage (NEW)"]
SR4["SBOM Explorer (formerly: SBOM Graph)"]
SR5["VEX Hub (formerly: VEX Hub)"]
SR6["Exceptions (formerly: Exceptions)"]
end
subgraph EA["Evidence & Audit (group)"]
EA1["Decision Capsules (formerly: Evidence Bundles / Packets)"]
EA2["Proof Chains (formerly: Proof Chains)"]
EA3["Replay / Verify (formerly: Replay/Verify)"]
EA4["Export Center (formerly: Export)"]
EA5["Coverage Metrics (formerly: SBOM Lake)"]
end
subgraph IN["Integrations (group)"]
IN1["Integrations Hub (formerly: Integrations)"]
IN2["Feeds & Mirrors (formerly: Operations → Feeds)"]
end
subgraph PO["Platform Ops (group)"]
PO1["Nightly Ops Report (NEW)"]
PO2["Platform Health (formerly: Platform Health)"]
PO3["Jobs / Orchestrator (formerly: Orchestrator)"]
PO4["Scheduler Runs (formerly: Scheduler)"]
PO5["Dead Letter (formerly: Dead Letter)"]
PO6["Quotas & Usage (formerly: Quotas)"]
end
subgraph AD["Administration (group)"]
AD1["Policy Governance"]
AD2["Trust & Signing"]
AD3["Identity & Access"]
AD4["System"]
end
end
```
---
## 1) Release Control — menu/screen graph (Pack 1 scope)
```mermaid
flowchart LR
DASH --> REL
DASH --> BUN
DASH --> APR
DASH --> DEP
DASH --> REG
REL --> RDETAIL["Release Detail"]
BUN --> BDETAIL["Bundle Detail / Compose"]
APR --> ADETAIL["Approval Detail"]
REG --> EDETAIL["Environment Detail"]
DEP --> DDETAIL["Deployment Detail"]
%% common crosslinks (second-class but not buried)
DASH -. "CritR hotspots" .-> FIND["Security & Risk → Findings"]
RDETAIL -. "Risk tab" .-> FIND
BDETAIL -. "Component findings" .-> FIND
ADETAIL -. "Evidence preview" .-> CAPS["Evidence & Audit → Decision Capsule"]
DDETAIL -. "Proof" .-> CAPS
%% nightly ops signal (dashboard card)
DASH -. "Nightly failures" .-> NIGHT["Platform Ops → Nightly Ops Report"]
```
---
# Screen 1 — Dashboard (Release Control)
**Formerly:** `Control Plane` (plus some signals scattered in `Security Overview`, `Integrations`, `Platform Health`).
**Why changed:** Stella Ops needs a **release-centric “mission board”**: what is promoting, what is blocked, and what is risky *by region/env* — including **SBOM status + hybrid reachability (CritR)** and **nightly data freshness**. This prevents “green deploy / red risk” blind spots.
### Mermaid — Dashboard navigation graph
```mermaid
flowchart TB
DASH["Dashboard"] -->|click release row| RDETAIL["Release Detail"]
DASH -->|pending approvals| APR["Approvals"]
DASH -->|active deployments| DEP["Deployments"]
DASH -->|region pipeline| REG["Regions & Environments"]
DASH -->|CritR hotspot| FIND["Security & Risk → Findings (filtered)"]
DASH -->|Nightly failures| NIGHT["Platform Ops → Nightly Ops Report"]
```
### ASCII wireframe — Dashboard
```text
+----------------------------------------------------------------------------------+
| Stella Ops [Search releases/digests/CVEs] Region: All▼ Env: All▼ Time: 24h▼ |
| Status: Offline OK | Feed: Live | Policy Pack: latest | Evidence: ON |
+----------------------------------------------------------------------------------+
| RELEASE CONTROL DASHBOARD (formerly: Control Plane) |
|----------------------------------------------------------------------------------|
| Region Pipelines (Deploy + SBOM + Risk) |
| US-East: Dev[Deploy OK|SBOM OK|CritR 0|Cov 3/3] -> Stg[OK|OK|0|3/3] -> |
| Prod[DEGRADED|SBOM STALE|CritR 4|Cov 2/3] |
| EU-West: Dev[OK|OK|0|3/3] -> Stg[OK|MISSING|CritR ?|Cov 1/3] -> Prod[OK|OK|1|3/3]|
| APAC: ... |
|----------------------------------------------------------------------------------|
| Pending Approvals (2) | Active Deployments (1) |
| - API Gateway v2.1.0 US-E/Prod | - Hotfix 1.2.4 US-East/Prod RUNNING |
| Gate: PASS Approvals: 1/2 | Targets: 1/1 Evidence: sealing... |
| - User Service v3.0.0-rc1 EU/Prod| |
| Gate: BLOCK (CritR 2) | |
|----------------------------------------------------------------------------------|
| Critical Reachable Hotspots (CritR) | Nightly Ops Signals |
| - US-East/Prod: CritR 4 (openssl, log4j...) | SBOM Rescan: WARN (1 failed) |
| - EU-West/Prod: CritR 1 (glibc...) | CVE Feeds: ERROR (NVD stale 18h)|
| - APAC/Stg: CritR 2 (xz...) | Integrations: DEGRADED (Jenkins)|
| [View Findings] | Reachability ingest: WARN (Runtime)|
|----------------------------------------------------------------------------------|
| Recent Releases / Promotions |
| Release Type Status Regions CritR max Evidence |
| Hotfix 1.2.4 Single PROMOTING US-East 4 Sealing... |
| Platform 1.3.0-rc1 Bundle READY All 0 Ready |
|----------------------------------------------------------------------------------|
```
---
# Screen 2 — Releases (ledger)
**Formerly:** `Releases`.
**Why changed:** keep the ledger, but make it **digest-first + bundle-aware**, and show **risk + SBOM freshness + reachability coverage** at the list level so operators dont need to click into each release to see “is it actually safe to promote”.
### Mermaid — Releases navigation graph
```mermaid
flowchart TB
REL["Releases"] -->|select row| RDETAIL["Release Detail"]
REL -->|Create Hotfix| NEWREL["New Release (Single Digest)"]
REL -->|Create from Bundle| BUN["Bundles"]
REL -->|Compare| COMP["Compare Releases (diff)"]
REL -. "Export evidence" .-> EA4["Export Center"]
```
### ASCII wireframe — Releases
```text
+----------------------------------------------------------------------------------+
| Releases (formerly: Releases) [Create Hotfix] [Create from Bundle] |
| Filters: Region▼ Env Path▼ Type▼ Status▼ Search... |
+----------------------------------------------------------------------------------+
| Release / Version Type Status Regions Env Path CritR SBOM |
|----------------------------------------------------------------------------------|
| Hotfix 1.2.4 Single PROMOTING US-East Stg→Prod 4 STALE |
| Platform Release 1.3.0-rc1 Bundle READY All Stg→Prod 0 OK |
| Platform Release 1.2.3 Bundle DEPLOYED All Prod 0 OK |
| Feature Branch 2.0.0-a Bundle DRAFT EU-West Dev - - |
| Platform Release 1.2.2 Bundle ROLLED_BACK US-East Prod - OK |
|----------------------------------------------------------------------------------|
| Row actions: [View] [Compare] [Evidence] [Rollback] [Promote] |
+----------------------------------------------------------------------------------+
```
---
# Screen 3 — Release Detail (case file)
**Formerly:** scattered between `Releases` (list), `Approvals` (decision context), `Security Findings` (risk details), and `Export/Replay`.
**Why changed:** Stella Ops center of gravity is a **release decision bound to a digest** (or bundle digest). This screen becomes the “case file”: promotion edge, risk, reachability sources, policy inputs, approvals, deployment, and evidence — in one place.
### Mermaid — Release Detail navigation graph
```mermaid
flowchart TB
RDETAIL["Release Detail"] --> APR["Approvals (filtered to this release)"]
RDETAIL --> DEP["Deployments (filtered)"]
RDETAIL --> FIND["Findings (filtered)"]
RDETAIL --> CAPS["Decision Capsule (for this edge)"]
RDETAIL --> BDETAIL["Bundle Detail (if Type=Bundle)"]
RDETAIL --> REG["Regions & Environments (focus edge)"]
```
### ASCII wireframe — Release Detail
```text
+----------------------------------------------------------------------------------+
| Release: Hotfix 1.2.4 Type: Single Digest Digest: sha256:abcd... |
| Path: US-East Staging → Production Status: PROMOTING |
| Summary: CritR 4 | SBOM STALE | Cov 2/3 (Build+Image; Runtime missing) |
|----------------------------------------------------------------------------------|
| Promotion Timeline (edges) | Gate Summary |
| Staging → Prod [BLOCKED?] | Policy: PASS |
| - Findings: CritR 4 | Data freshness: WARN (SBOM stale) |
| - Approvals: 1/2 | Reachability: WARN (Runtime missing) |
| - Evidence: Sealing... | Human: PENDING (1 remaining) |
|----------------------------------------------------------------------------------|
| Tabs: [Overview] [Components] [Risk] [Reachability] [Approvals] [Deployments] [Evidence] |
|----------------------------------------------------------------------------------|
| Overview: |
| - Requested by: security-team - Change summary: "Critical security patch" |
| - Inputs frozen: Policy Pack vX.Y - SBOM scan time: 18h ago (stale threshold 6h)|
|----------------------------------------------------------------------------------|
| Risk (summary): |
| CritR: 4 HighR: 7 MedR: 12 (hybrid reachability) |
| Top drivers: openssl CVE-xxxx, libxml2 CVE-yyyy |
| [Open Findings (filtered)] |
|----------------------------------------------------------------------------------|
| Evidence: |
| Decision Capsule: DSSE ✓ Rekor ✓ Replayable ✓ [View Capsule] [Export] |
+----------------------------------------------------------------------------------+
```
---
# Screen 4 — Bundles (Release Bundle Organizer) **NEW**
**Formerly:** not present; *closest concept* was `Export Center → StellaBundle` but that is an **audit/export artifact**, not an operator workflow for composing deployable multi-service releases.
**Why added / why here:** You need a **bundle organizer** to turn “microservice digest + env-derived variables + other microservices + changelog” into a **bundle version** with a **bundle digest**. This stays digest-first (everything pinned by digest), but becomes human-operable for multi-service systems.
### Bundle concept (explicit)
A **Bundle** =
* Components: `service/repo → digest → derived component version`
* Config Snapshot per region/env: references to Vault/Consul inputs + hashes (no secret values)
* Changelog per repo: commit/PR range between previous bundle and this bundle
* Bundle digest: hash of the bundle manifest (components + config snapshot refs + metadata)
* Used to create **Releases** (promotions) across environments.
### Mermaid — Bundles navigation graph
```mermaid
flowchart TB
BUN["Bundles"] -->|select bundle| BDETAIL["Bundle Detail / Compose"]
BUN -->|Create bundle| BCREATE["Create Bundle (from repos/services)"]
BDETAIL -->|Generate Release Candidate| REL["Releases (new release from bundle)"]
BDETAIL -->|Compare to previous bundle| BDIFF["Bundle Diff (components+config+changelog)"]
BDETAIL -->|Fetch config snapshot| CFG["Config Snapshot (Vault/Consul refs)"]
BDETAIL -. "Risk preview" .-> FIND["Findings (bundle-filtered)"]
```
### ASCII wireframe — Bundles (Organizer)
```text
+----------------------------------------------------------------------------------+
| Bundles (NEW) (formerly: N/A; concept overlaps Export Center but different) |
| [Create Bundle] Filters: Repo▼ Region▼ Env▼ Status▼ Search... |
+----------------------------------------------------------------------------------+
| Bundle / Version Status Components Regions Env Baseline CritR SBOM |
|----------------------------------------------------------------------------------|
| Platform Bundle 1.3.0 READY 12 All Stg baseline 0 OK |
| Checkout Bundle 2026.02 DRAFT 7 EU-West Dev baseline - - |
| Hotfix Set 1.2.4 READY 1 US-East Prod baseline 4 STALE|
|----------------------------------------------------------------------------------|
| Row actions: [Compose] [Compare] [Create Release] [Export Manifest] |
+----------------------------------------------------------------------------------+
```
---
# Screen 5 — Bundle Detail / Compose (Bundle “case file”)
**Formerly:** not present; composition typically happens in external tooling (CI/CD templates, Helm charts, spreadsheets).
**Why changed:** This is the missing “organizer” you called out. It makes bundles **auditable, repeatable, and env-config-aware**, while preserving digest-first identity.
### Mermaid — Bundle Detail / Compose graph
```mermaid
flowchart TB
BDETAIL["Bundle Detail / Compose"] -->|Edit components| COMP["Component Picker (repo/service)"]
BDETAIL -->|Pin digest & derive version| MAP["Digest→Version Mapping"]
BDETAIL -->|Fetch env config refs| CFG["Config Snapshot (Vault/Consul)"]
BDETAIL -->|View changelog| CHG["Changelog (per repo)"]
BDETAIL -->|Validate| VAL["Bundle Validation (SBOM, attestation, policy inputs)"]
BDETAIL -->|Lock| LOCK["Lock Bundle (freeze manifest)"]
BDETAIL -->|Create Release| REL["Create Release from Bundle"]
BDETAIL -. "Preview risk" .-> FIND["Findings (bundle-filtered)"]
```
### ASCII wireframe — Bundle Detail / Compose
```text
+----------------------------------------------------------------------------------+
| Bundle: Platform Bundle 1.3.0 Status: DRAFT Bundle Digest: sha256:bund... |
| Baseline: Staging Regions: All Last updated: 5m ago |
| Actions: [Validate] [Lock Bundle] [Create Release] [Export Manifest] |
+----------------------------------------------------------------------------------+
| Tabs: [Components] [Config Snapshots] [Changelog] [Risk Preview] [Evidence Inputs]|
|----------------------------------------------------------------------------------|
| Components (12) |
| Service/Repo Digest Derived Ver SBOM CritR Prov |
| api-service sha256:aaa... 2.1.0 OK 0 SLSA ✓ |
| web-frontend sha256:bbb... 2.0.0 OK 0 SLSA ✓ |
| worker sha256:ccc... 3.1.0 STALE 1 SLSA ✓ |
| ... |
| [Add Component] [Pin Digest] [Import from CI] |
|----------------------------------------------------------------------------------|
| Config Snapshots (refs only — no secret values) |
| Region/Env Vault paths (count) Consul prefixes (count) Snapshot Hash |
| US-East/Prod 12 6 sha256:cfg1... |
| EU-West/Prod 11 6 sha256:cfg2... |
| Notes: "Vault unreachable" would show as ERROR and block Lock/Release optionally |
| [Fetch Snapshots] [View Ref List] [Diff vs previous bundle] |
|----------------------------------------------------------------------------------|
| Changelog (per repo) |
| api-service: v2.0.8 → v2.1.0 (12 PRs) [View] |
| web-frontend: v1.9.1 → v2.0.0 (30 PRs) [View] |
|----------------------------------------------------------------------------------|
```
---
# Screen 6 — Approvals (queue)
**Formerly:** `Approvals`.
**Why changed:** Keep it, but make approvals explicitly tied to **promotion edges** and show the **risk + freshness + reachability** context right in the queue so reviewers dont approve blind.
### Mermaid — Approvals navigation graph
```mermaid
flowchart TB
APR["Approvals"] -->|open request| ADETAIL["Approval Detail"]
APR -->|filter by region/env| APR
ADETAIL -->|Approve/Reject| APR
ADETAIL -. "Open release case file" .-> RDETAIL["Release Detail"]
ADETAIL -. "Open findings" .-> FIND["Findings (filtered)"]
ADETAIL -. "Open capsule preview" .-> CAPS["Decision Capsule"]
```
### ASCII wireframe — Approvals
```text
+----------------------------------------------------------------------------------+
| Approvals (formerly: Approvals) Filters: Region▼ Env▼ Status▼ Risk▼ Search... |
+----------------------------------------------------------------------------------+
| Request Edge Gate Approvals CritR SBOM |
|----------------------------------------------------------------------------------|
| API Gateway v2.1.0 US-East Stg→Prod PASS 1/2 0 OK |
| User Service v3.0.0-rc1 EU-West Stg→Prod BLOCK 0/2 2 OK |
| Notes: BLOCK reasons show inline: (Policy fail / CritR / data stale / missing Cov)|
|----------------------------------------------------------------------------------|
| Actions per row: [Approve] [Reject] [View Detail] |
+----------------------------------------------------------------------------------+
```
---
# Screen 7 — Approval Detail (gate breakdown + evidence preview)
**Formerly:** “View Details” from `Approvals` (implied) + bits from `Findings` and `Export/Replay`.
**Why changed:** The approver needs a single page that explains **why** an edge is blocked/passing, with **hybrid reachability** and **data freshness** spelled out, plus a preview of the evidence capsule that will be sealed.
### Mermaid — Approval Detail graph
```mermaid
flowchart TB
ADETAIL["Approval Detail"] -->|Approve| ACT1["Approve action"]
ADETAIL -->|Reject| ACT2["Reject action"]
ADETAIL --> RDETAIL["Release Detail"]
ADETAIL --> FIND["Findings (edge-filtered)"]
ADETAIL --> CAPS["Decision Capsule Preview"]
```
### ASCII wireframe — Approval Detail
```text
+----------------------------------------------------------------------------------+
| Approval Detail (formerly: Approvals → View Details) |
| Release: User Service v3.0.0-rc1 Edge: EU-West Staging → Production |
|----------------------------------------------------------------------------------|
| Gate Summary: BLOCK |
| - Policy: PASS |
| - Risk: CritR 2 (Hybrid reachability) |
| - SBOM: OK (fresh) |
| - Reachability Coverage: 3/3 (Build+Image+Runtime) |
| - Data Freshness: OK (Feeds synced 2h ago) |
|----------------------------------------------------------------------------------|
| Risk Drivers (CritR): |
| - CVE-XXXX in package foo@1.2.3 Reachable via path: foo->bar->... |
| - CVE-YYYY in package baz@4.5.6 Reachable via runtime trace |
| [Open Findings (filtered)] |
|----------------------------------------------------------------------------------|
| Evidence Preview: |
| Capsule will include: policy inputs, SBOM refs, reachability sources, decision log|
| DSSE: pending seal Rekor: pending Replay: enabled |
| [View Capsule Draft] [Approve] [Reject] |
+----------------------------------------------------------------------------------+
```
---
# Screen 8 — Regions & Environments (promotion graph + env tiles)
**Formerly:** pipeline widget on `Control Plane` (flat, not region-first).
**Why changed:** You explicitly need **Region → Environments** as a first-class topology, and each env must summarize not only “deploy health” but also **SBOM + CritR + Cov**.
### Mermaid — Regions & Environments graph
```mermaid
flowchart TB
REG["Regions & Environments"] -->|select env node| EDETAIL["Environment Detail"]
REG -->|select edge| EDGE["Edge Inspector (gates, approvals, evidence)"]
REG -. "View findings for env" .-> FIND["Findings (env-filtered)"]
REG -. "View deployments for env" .-> DEP["Deployments (env-filtered)"]
```
### ASCII wireframe — Regions & Environments
```text
+----------------------------------------------------------------------------------+
| Regions & Environments (formerly: Control Plane pipeline) Region: US-East▼ |
| [Edit Graph] (role-gated) |
+----------------------------------------------------------------------------------+
| Promotion Graph (US-East) |
| Dev [OK|SBOM OK|CritR 0|Cov 3/3] --> Staging [OK|OK|0|3/3] --> Prod [DEG|STALE|4|2/3] |
| |
| Right Inspector (selected: Prod node) |
| - Deploy health: DEGRADED (1 target failing) |
| - SBOM: STALE (last scan 18h) |
| - CritR: 4 (hybrid) |
| - Coverage: Build ✓ Image ✓ Runtime ✗ |
| - Feed freshness: NVD stale 18h (WARN/ERROR) |
| Actions: [View Findings] [View Deployments] [View Config Snapshot] |
+----------------------------------------------------------------------------------+
```
---
# Screen 9 — Environment Detail (region/env “single pane”)
**Formerly:** no dedicated page; fragments in `Control Plane`, `Platform Health`, `Findings`, and CI/CD/inventory.
**Why changed:** Operators need a **per region/env** summary showing *whats deployed* and *whats risky* with **SBOM status** and **reachability source coverage** — so its clear if risk posture is trustworthy.
### Mermaid — Environment Detail graph
```mermaid
flowchart TB
EDETAIL["Environment Detail"] --> FIND["Findings (env-filtered)"]
EDETAIL --> DEP["Deployments (env-filtered)"]
EDETAIL --> CFG["Config Snapshot refs (env)"]
EDETAIL -. "Nightly issues affecting this env" .-> NIGHT["Nightly Ops Report"]
```
### ASCII wireframe — Environment Detail
```text
+----------------------------------------------------------------------------------+
| Environment Detail US-East / Production (formerly: N/A) |
| Deploy: DEGRADED | SBOM: STALE | CritR: 4 | Cov: 2/3 | Feeds: NVD stale 18h |
+----------------------------------------------------------------------------------+
| Deployed Workloads (by digest) |
| Service Image Digest Version SBOM CritR Last Deploy |
| api-service sha256:aaa... 2.1.0 OK 0 08:12 |
| web-frontend sha256:bbb... 2.0.0 OK 0 08:12 |
| worker sha256:ccc... 3.1.0 STALE 1 08:12 |
|----------------------------------------------------------------------------------|
| Critical Reachable Findings (CritR 4) [Open Findings] |
| - CVE-XXXX foo@1.2.3 reachable via ... |
| - CVE-YYYY bar@4.5.6 reachable via runtime traces (missing today!) |
|----------------------------------------------------------------------------------|
| Config Snapshot (refs only) |
| Vault refs: 12 paths | Consul refs: 6 prefixes | Snapshot hash: sha256:cfg1... |
| [View refs] [Diff vs last snapshot] |
|----------------------------------------------------------------------------------|
| Related: [Deployments] [Approvals] [Evidence] |
+----------------------------------------------------------------------------------+
```
---
# Screen 10 — Deployments (promotion execution view)
**Formerly:** “Active Deployments” widget + implicit status in Releases list.
**Why changed:** Keep the operational view, but tie it to **release/bundle digests** and show **SBOM/risk context** so deployments arent treated as purely operational success/failure.
### Mermaid — Deployments graph
```mermaid
flowchart TB
DEP["Deployments"] -->|select run| DDETAIL["Deployment Detail"]
DEP -->|filter by release/env| DEP
DDETAIL --> RDETAIL["Release Detail"]
DDETAIL --> CAPS["Decision Capsule"]
```
### ASCII wireframe — Deployments
```text
+----------------------------------------------------------------------------------+
| Deployments (formerly: Active Deployments widget) |
| Filters: Region▼ Env▼ Status▼ Release▼ Search... |
+----------------------------------------------------------------------------------+
| Release Region/Env Status Targets SBOM CritR Evidence |
|----------------------------------------------------------------------------------|
| Hotfix 1.2.4 US-East/Prod RUNNING 1/1 STALE 4 Sealing... |
| Platform 1.2.3 EU-West/Prod COMPLETED 3/3 OK 0 Sealed ✓ |
|----------------------------------------------------------------------------------|
| Actions: [View Detail] |
+----------------------------------------------------------------------------------+
```
---
# Screen 11 — Deployment Detail (run + proof)
**Formerly:** not a dedicated PoC screen (implied behind deployment status).
**Why changed:** When something fails, you need traceability: what digest was applied, where, what verification occurred, and what evidence was produced.
### Mermaid — Deployment Detail graph
```mermaid
flowchart TB
DDETAIL["Deployment Detail"] --> CAPS["Decision Capsule (final)"]
DDETAIL --> EDETAIL["Environment Detail"]
DDETAIL --> RDETAIL["Release Detail"]
```
### ASCII wireframe — Deployment Detail
```text
+----------------------------------------------------------------------------------+
| Deployment Detail (formerly: N/A) |
| Release: Hotfix 1.2.4 Edge: US-East Staging→Prod Run: dep-0042 |
| Status: RUNNING Targets: 1/1 Started: 08:12 Actor: deploy-bot |
+----------------------------------------------------------------------------------+
| Steps / Timeline |
| 1) Resolve artifact digests ✓ |
| 2) Fetch config snapshot refs ✓ (vault ok, consul ok) |
| 3) Apply to target(s) ✓ |
| 4) Post-deploy verification WARN (runtime reachability missing) |
| 5) Seal evidence capsule IN PROGRESS |
|----------------------------------------------------------------------------------|
| Deployed Digests |
| - api-service sha256:aaa... - worker sha256:ccc... |
|----------------------------------------------------------------------------------|
| Evidence |
| Capsule: DSSE pending | Rekor pending | Replay enabled |
| [View Capsule] [Replay/Verify] [Export] |
+----------------------------------------------------------------------------------+
```
---
## Release Bundle Organizer — key design notes (so it matches your requirement)
What you asked for, explicitly, is now represented in **Bundles + Bundle Detail**:
* **“microservice with digest becomes version X”**
* Bundle composer maintains a **Digest→Version mapping** per component (derived from git tag/build metadata or manually pinned).
* **“variables derived from vaults and consul for this env”**
* Bundle stores **config snapshot references + hashes** per region/env; values are not shown, but the snapshot is reproducible and auditable.
* **“other microservices becomes bundle along with change log. per repository.”**
* Bundle includes per-repo changelog (diff vs prior bundle baseline).
* **“release digest first”**
* The bundle itself has a **bundle digest** (manifest hash). Promotions can be bound to that digest exactly like a single-image hotfix.
---
Reference in New Issue View Git Blame Copy Permalink