stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity
Files
8578065675d58596016eaeaa0eb53bd3897d09fd
git.stella-ops.org/docs/modules/ui/README.md

161 lines
12 KiB
Markdown
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

# StellaOps Console UI
**Status:** Implemented
**Source:** `src/Web/StellaOps.Web/`
**Owner:** UI Guild
> **Related:** See [`../web/`](../web/) for triage-specific UX documentation (Smart-Diff, Triage Canvas, Risk Dashboard).
The Console presents operator dashboards for scans, policies, VEX evidence, runtime posture, and admin workflows.
## Latest updates (2026-03-10)
- Hardened revived `Ops > Policy > Simulation` direct-entry surfaces so coverage, lint, promotion-gate, and diff routes restore stable defaults when host wiring omits pack/version/environment inputs.
- Coverage now hydrates on first render instead of waiting for a second interaction, preventing blank direct-route states on `/ops/policy/simulation/coverage`.
- Added focused frontend verification for the policy simulation defaults helper and direct-route behaviors, plus a live Playwright sweep for `/ops/policy/simulation/coverage`, `/lint`, `/promotion`, and `/diff/policy-pack-001`.
## Latest updates (2026-03-08)
- Shipped the canonical `Releases > Promotions` cutover, including repaired `/release-control/promotions*` and `/releases/promotion-queue*` aliases, release-context promotion wizard handoff, and a usable create-to-detail flow.
- Added checked-feature verification for release promotions at `../../features/checked/web/release-promotions-cutover-ui.md`.
- Preserved canonical `Ops > Platform Setup` leaf URLs so `regions-environments`, `promotion-paths`, `workflows-gates`, and `gate-profiles` no longer rewrite into `Setup > Topology` on direct entry or quick-link navigation.
- Added checked-feature verification for canonical platform-setup route preservation at `../../features/checked/web/platform-setup-canonical-route-preservation-ui.md`.
- Shipped the `Mission Control`, `Security`, and `Ops > Operations` security-leaves cutover, including canonical surfacing for alerts, activity, unknowns, and notifications plus repaired `/analyze/unknowns*` and `/notify` ownership.
- Added checked-feature verification for the security operations leaves cutover at `../../features/checked/web/security-operations-leaves-ui.md`.
- Shipped the canonical `Setup > Topology` and `Setup > Trust & Signing` cutover, including repaired legacy trust bookmarks, fixed `Platform Setup` handoffs, and expanded topology shell exposure.
- Added checked-feature verification for topology and trust administration at `../../features/checked/web/topology-trust-administration-ui.md`.
- Shipped the execution-operations cutover for canonical JobEngine, Scheduler, Dead-Letter, and companion Scanner Ops workflows under `Ops > Operations`.
- Added checked-feature verification for execution operations at `../../features/checked/web/execution-operations-ui.md`.
## Latest updates (2026-03-07)
- Generated the first-pass UI component preservation map at `component-preservation-map/README.md`.
- The preservation map currently tracks 303 candidate components: 167 high-confidence dead surfaces and 136 routed-but-weakly-surfaced surfaces.
- Each candidate now has a stable markdown dossier so later iterations can deepen keep / merge / wire / archive decisions without rebuilding the inventory.
- Added the Decisioning Studio proposal at `policy-decisioning-studio/README.md` to consolidate policy authoring, governance, simulation, VEX decisioning, and release-context gate explanation under one shell.
- Added restoration topic shape notes at `restoration-topics/README.md` for Watchlist, Reachability Witnessing, Platform Ops, Triage explainability, and Workflow Visualization placement.
- Added implementation-ready UX dossiers for Watchlist, Reachability Witnessing, Platform Ops Consolidation, Triage Explainability Workspace, Workflow Visualization and Replay, and shared contextual action patterns.
- Added FE sprint files for the five accepted restoration topics plus a shared sprint for single actions, drawers, tabs, and stray-page placement patterns.
- Shipped the canonical `Setup > Trust & Signing` watchlist shell, including entries, alerts, tuning, and Mission Control or Notifications deep links.
- Added checked-feature verification for watchlist management at `../../features/checked/web/identity-watchlist-management-ui.md`.
- Shipped the canonical `Security > Reachability` witness and proof-of-exposure shell, including cross-shell handoffs from findings, triage, evidence replay, and release detail.
- Added checked-feature verification for reachability witnessing at `../../features/checked/web/reachability-witnessing-ui.md`.
- Shipped the consolidated `Ops > Operations` shell with grouped overview cards, canonical `/ops/operations/*` routes, and legacy `platform-ops` alias cutover.
- Added checked-feature verification for operations consolidation at `../../features/checked/web/operations-consolidation-ui.md`.
- Shipped the canonical offline and air-gap operations flow under `Ops > Operations`, including repaired stale `/ops/*` and `/platform-ops/*` deep links, usable Offline Kit actions, and Evidence or Trust handoffs.
- Added checked-feature verification for offline operations at `../../features/checked/web/offline-operations-ui.md`.
- Shipped the canonical `Quotas & Limits`, `Health & SLO`, and `AOC Compliance` cutover under `Ops > Operations`, including repaired legacy aliases, usable quota exports and payload generation, and route-backed AOC filtering or provenance validation.
- Added checked-feature verification for quota, health, and AOC operations at `../../features/checked/web/quota-health-aoc-operations-ui.md`.
- Shipped the shared contextual placement primitives for tabs, submenu pills, route-aware drawers, list-detail shells, grouped overview cards, and return-to-context headers under `src/Web/StellaOps.Web/src/app/shared/ui/`.
- Added checked-feature verification for the contextual primitives and their first adopted surfaces at `../../features/checked/web/contextual-actions-patterns-ui.md`.
## Latest updates (2026-02-21)
- Runtime mock cutover completed for policy simulation history/conflict/batch flows and graph explorer data loading in `src/Web/StellaOps.Web/src/app/**`.
- Runtime bindings now resolve to backend APIs for:
- Policy simulation history/compare/reproducibility/pin (`/policy/simulations/**`)
- Policy conflict detection/resolution (`/policy/conflicts/**`)
- Policy batch evaluations (`/policy/batch-evaluations/**`)
- Graph explorer tile/metadata reads (`/api/graph/**`)
- Inline component mock datasets were removed from these runtime paths; test/dev mock clients remain available only via explicit test wiring.
## Latest updates (2025-11-30)
- Docs refreshed per `docs/implplan/SPRINT_0331_0001_0001_docs_modules_ui.md`; added observability runbook stub and TASKS mirror.
- Access-control guidance from 2025-11-03 remains valid; ensure Authority scopes are verified before enabling uploads.
## Responsibilities
- Render real-time status for ingestion, scanning, policy, and exports via SSE.
- Provide policy editor, SBOM explorer, and advisory views with accessibility compliance.
- Integrate with Authority for fresh-auth and scope enforcement.
- Support offline bundles with deterministic build outputs.
## Key components
- Angular 21 workspace under `src/Web/StellaOps.Web`.
- Signals-based state management with `@ngrx/signals` store.
- API client generator (`core/api`).
## Integrations & dependencies
- Backend APIs (Scanner, Policy, Notify, Export Center, Attestor).
- Authority for DPoP-protected calls.
- Telemetry streams for observability dashboards.
## Operational notes
- Auth smoke tests in `operations/auth-smoke.md`.
- Observability runbook + dashboard stub in `operations/observability.md` and `operations/dashboards/console-ui-observability.json` (offline import).
- Console architecture doc for layout and SSE fan-out.
- Operator guide: `../../UI_GUIDE.md`. Accessibility: `../../accessibility.md`. Security: `../../security/`.
## Related resources
- ./operations/auth-smoke.md
- ./operations/observability.md
- ./console-architecture.md
- ./component-preservation-map/README.md
- ./restoration-topics/README.md
- ./watchlist-operations/README.md
- ./reachability-witnessing/README.md
- ./platform-ops-consolidation/README.md
- ./offline-operations/README.md
- ./quota-health-aoc-operations/README.md
- ./execution-operations/README.md
- ./topology-trust-administration/README.md
- ./security-operations-leaves/README.md
- ./platform-setup-canonical-route-preservation/README.md
- ./release-promotions-cutover/README.md
- ./triage-explainability-workspace/README.md
- ./workflow-visualization-replay/README.md
- ./contextual-actions-patterns/README.md
## Backlog references
- DOCS-CONSOLE-23-001 … DOCS-CONSOLE-23-003 baseline (done).
- CONSOLE-OBS-52-001 tasks for observability updates.
## Implementation Status
### Current Objectives
- Maintain deterministic behaviour and offline parity across releases
- Keep documentation, telemetry, and runbooks aligned with latest sprint outcomes
- Coordinate with backend services for feature delivery across epics
### Epic Milestones & Workstreams
- Epic 2 Policy Engine & Editor: policy editor simulation and explain UX (in progress)
- Epic 4 Policy Studio: registry, approvals, promotion experiences (planned)
- Epic 5 SBOM Graph Explorer: graph navigation, overlays, diff views (planned)
- Epic 6 Vulnerability Explorer: triage dashboards, findings ledger, audit exports (in progress)
- Epic 8 Advisory AI: advisory summaries, remediation hints with strict provenance (planned)
- Epic 9 Orchestrator Dashboard: job/source monitoring controls (planned)
- Epic 11 Notifications Studio: notifications workspace with previews, audit trails (planned)
### Core Capabilities
- Angular 21 workspace with signals-based state management (@ngrx/signals)
- Real-time status via SSE for ingestion, scanning, policy, exports
- Authority integration: fresh-auth with DPoP-protected calls, scope enforcement
- Accessibility compliance and offline bundle support
- API client generator for type-safe backend integration
### Integration Points
- Backend APIs: Scanner, Policy, Notify, Export Center, Attestor
- Authority: DPoP tokens and scope validation
- Telemetry streams: observability dashboards and SSE fan-out
- Offline bundles: deterministic build outputs
### Operational Assets (Sprint 0331 · 2025-11-30)
- Auth smoke tests: operations/auth-smoke.md
- Observability runbook: operations/observability.md
- Dashboard stub: operations/dashboards/console-ui-observability.json
- Console architecture: console-architecture.md (layout, SSE fan-out)
### Access Control (2025-11-03)
- Authority scopes verified before enabling uploads
- Access-control guidance retained in docs/updates/2025-11-03-vuln-explorer-access-controls.md
### Coordination Approach
- Review AGENTS.md before starting new work
- Sync with cross-cutting teams via docs/implplan/SPRINT_*.md
- Track tasks: DOCS-CONSOLE-23-001…003 (baseline done), CONSOLE-OBS-52-001 (observability)
- Mirror status across sprint tracker and docs/modules/ui/TASKS.md
## Epic alignment
- **Epic 2 Policy Engine & Editor:** deliver deterministic policy authoring, simulation, and explain UX.
- **Epic 4 Policy Studio:** implement registry workspace, approvals, and promotion workflows.
- **Epic 5 SBOM Graph Explorer:** surface graph navigation, overlays, and diff tools.
- **Epic 6 Vulnerability Explorer:** provide triage dashboards, findings ledger views, and audit exports.
- **Epic 8 Advisory AI:** embed advisory summaries, explanations, and remediation hints with citations.
- **Epic 9 Orchestrator Dashboard:** expose source/job monitoring with throttling and replay controls.
- **Epic 11 Notifications Studio:** deliver notifications workspace with rule/channel previews and audits.
Reference in New Issue View Git Blame Copy Permalink