stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity
Files
ac22ee3ce20dd18ddb231ba4e06d75c5003914ef
git.stella-ops.org/docs/modules/ui/README.md

139 lines
9.1 KiB
Markdown
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

# StellaOps Console UI
**Status:** Implemented
**Source:** `src/Web/StellaOps.Web/`
**Owner:** UI Guild
> **Related:** See [`../web/`](../web/) for triage-specific UX documentation (Smart-Diff, Triage Canvas, Risk Dashboard).
The Console presents operator dashboards for scans, policies, VEX evidence, runtime posture, and admin workflows.
## Latest updates (2026-03-07)
- Generated the first-pass UI component preservation map at `component-preservation-map/README.md`.
- The preservation map currently tracks 303 candidate components: 167 high-confidence dead surfaces and 136 routed-but-weakly-surfaced surfaces.
- Each candidate now has a stable markdown dossier so later iterations can deepen keep / merge / wire / archive decisions without rebuilding the inventory.
- Added the Decisioning Studio proposal at `policy-decisioning-studio/README.md` to consolidate policy authoring, governance, simulation, VEX decisioning, and release-context gate explanation under one shell.
- Added restoration topic shape notes at `restoration-topics/README.md` for Watchlist, Reachability Witnessing, Platform Ops, Triage explainability, and Workflow Visualization placement.
- Added implementation-ready UX dossiers for Watchlist, Reachability Witnessing, Platform Ops Consolidation, Triage Explainability Workspace, Workflow Visualization and Replay, and shared contextual action patterns.
- Added FE sprint files for the five accepted restoration topics plus a shared sprint for single actions, drawers, tabs, and stray-page placement patterns.
- Shipped the canonical `Setup > Trust & Signing` watchlist shell, including entries, alerts, tuning, and Mission Control or Notifications deep links.
- Added checked-feature verification for watchlist management at `../../features/checked/web/identity-watchlist-management-ui.md`.
- Shipped the canonical `Security > Reachability` witness and proof-of-exposure shell, including cross-shell handoffs from findings, triage, evidence replay, and release detail.
- Added checked-feature verification for reachability witnessing at `../../features/checked/web/reachability-witnessing-ui.md`.
- Shipped the consolidated `Ops > Operations` shell with grouped overview cards, canonical `/ops/operations/*` routes, and legacy `platform-ops` alias cutover.
- Added checked-feature verification for operations consolidation at `../../features/checked/web/operations-consolidation-ui.md`.
- Shipped the canonical offline and air-gap operations flow under `Ops > Operations`, including repaired stale `/ops/*` and `/platform-ops/*` deep links, usable Offline Kit actions, and Evidence or Trust handoffs.
- Added checked-feature verification for offline operations at `../../features/checked/web/offline-operations-ui.md`.
- Shipped the canonical `Quotas & Limits`, `Health & SLO`, and `AOC Compliance` cutover under `Ops > Operations`, including repaired legacy aliases, usable quota exports and payload generation, and route-backed AOC filtering or provenance validation.
- Added checked-feature verification for quota, health, and AOC operations at `../../features/checked/web/quota-health-aoc-operations-ui.md`.
- Shipped the shared contextual placement primitives for tabs, submenu pills, route-aware drawers, list-detail shells, grouped overview cards, and return-to-context headers under `src/Web/StellaOps.Web/src/app/shared/ui/`.
- Added checked-feature verification for the contextual primitives and their first adopted surfaces at `../../features/checked/web/contextual-actions-patterns-ui.md`.
## Latest updates (2026-02-21)
- Runtime mock cutover completed for policy simulation history/conflict/batch flows and graph explorer data loading in `src/Web/StellaOps.Web/src/app/**`.
- Runtime bindings now resolve to backend APIs for:
- Policy simulation history/compare/reproducibility/pin (`/policy/simulations/**`)
- Policy conflict detection/resolution (`/policy/conflicts/**`)
- Policy batch evaluations (`/policy/batch-evaluations/**`)
- Graph explorer tile/metadata reads (`/api/graph/**`)
- Inline component mock datasets were removed from these runtime paths; test/dev mock clients remain available only via explicit test wiring.
## Latest updates (2025-11-30)
- Docs refreshed per `docs/implplan/SPRINT_0331_0001_0001_docs_modules_ui.md`; added observability runbook stub and TASKS mirror.
- Access-control guidance from 2025-11-03 remains valid; ensure Authority scopes are verified before enabling uploads.
## Responsibilities
- Render real-time status for ingestion, scanning, policy, and exports via SSE.
- Provide policy editor, SBOM explorer, and advisory views with accessibility compliance.
- Integrate with Authority for fresh-auth and scope enforcement.
- Support offline bundles with deterministic build outputs.
## Key components
- Angular 21 workspace under `src/Web/StellaOps.Web`.
- Signals-based state management with `@ngrx/signals` store.
- API client generator (`core/api`).
## Integrations & dependencies
- Backend APIs (Scanner, Policy, Notify, Export Center, Attestor).
- Authority for DPoP-protected calls.
- Telemetry streams for observability dashboards.
## Operational notes
- Auth smoke tests in `operations/auth-smoke.md`.
- Observability runbook + dashboard stub in `operations/observability.md` and `operations/dashboards/console-ui-observability.json` (offline import).
- Console architecture doc for layout and SSE fan-out.
- Operator guide: `../../UI_GUIDE.md`. Accessibility: `../../accessibility.md`. Security: `../../security/`.
## Related resources
- ./operations/auth-smoke.md
- ./operations/observability.md
- ./console-architecture.md
- ./component-preservation-map/README.md
- ./restoration-topics/README.md
- ./watchlist-operations/README.md
- ./reachability-witnessing/README.md
- ./platform-ops-consolidation/README.md
- ./offline-operations/README.md
- ./quota-health-aoc-operations/README.md
- ./triage-explainability-workspace/README.md
- ./workflow-visualization-replay/README.md
- ./contextual-actions-patterns/README.md
## Backlog references
- DOCS-CONSOLE-23-001 … DOCS-CONSOLE-23-003 baseline (done).
- CONSOLE-OBS-52-001 tasks for observability updates.
## Implementation Status
### Current Objectives
- Maintain deterministic behaviour and offline parity across releases
- Keep documentation, telemetry, and runbooks aligned with latest sprint outcomes
- Coordinate with backend services for feature delivery across epics
### Epic Milestones & Workstreams
- Epic 2 Policy Engine & Editor: policy editor simulation and explain UX (in progress)
- Epic 4 Policy Studio: registry, approvals, promotion experiences (planned)
- Epic 5 SBOM Graph Explorer: graph navigation, overlays, diff views (planned)
- Epic 6 Vulnerability Explorer: triage dashboards, findings ledger, audit exports (in progress)
- Epic 8 Advisory AI: advisory summaries, remediation hints with strict provenance (planned)
- Epic 9 Orchestrator Dashboard: job/source monitoring controls (planned)
- Epic 11 Notifications Studio: notifications workspace with previews, audit trails (planned)
### Core Capabilities
- Angular 21 workspace with signals-based state management (@ngrx/signals)
- Real-time status via SSE for ingestion, scanning, policy, exports
- Authority integration: fresh-auth with DPoP-protected calls, scope enforcement
- Accessibility compliance and offline bundle support
- API client generator for type-safe backend integration
### Integration Points
- Backend APIs: Scanner, Policy, Notify, Export Center, Attestor
- Authority: DPoP tokens and scope validation
- Telemetry streams: observability dashboards and SSE fan-out
- Offline bundles: deterministic build outputs
### Operational Assets (Sprint 0331 · 2025-11-30)
- Auth smoke tests: operations/auth-smoke.md
- Observability runbook: operations/observability.md
- Dashboard stub: operations/dashboards/console-ui-observability.json
- Console architecture: console-architecture.md (layout, SSE fan-out)
### Access Control (2025-11-03)
- Authority scopes verified before enabling uploads
- Access-control guidance retained in docs/updates/2025-11-03-vuln-explorer-access-controls.md
### Coordination Approach
- Review AGENTS.md before starting new work
- Sync with cross-cutting teams via docs/implplan/SPRINT_*.md
- Track tasks: DOCS-CONSOLE-23-001…003 (baseline done), CONSOLE-OBS-52-001 (observability)
- Mirror status across sprint tracker and docs/modules/ui/TASKS.md
## Epic alignment
- **Epic 2 Policy Engine & Editor:** deliver deterministic policy authoring, simulation, and explain UX.
- **Epic 4 Policy Studio:** implement registry workspace, approvals, and promotion workflows.
- **Epic 5 SBOM Graph Explorer:** surface graph navigation, overlays, and diff tools.
- **Epic 6 Vulnerability Explorer:** provide triage dashboards, findings ledger views, and audit exports.
- **Epic 8 Advisory AI:** embed advisory summaries, explanations, and remediation hints with citations.
- **Epic 9 Orchestrator Dashboard:** expose source/job monitoring with throttling and replay controls.
- **Epic 11 Notifications Studio:** deliver notifications workspace with rule/channel previews and audits.
Reference in New Issue View Git Blame Copy Permalink