52 KiB
52 KiB
I’ll extend the redesign for the remaining “Settings/Admin” screens you just shared, keeping the main IA reorg intact, adding Release Control as a root menu, and introducing the missing Release Bundle Organizer. Below: Mermaid graphs per menu, then per-screen: (1) where it lived before, (2) why it moved/changed, (3) ASCII mock, and each mock includes a “Previously called” line for transition.
1) Updated top-level navigation (keeping the main reorg intact)
flowchart LR
RC[Release Control] --- SR[Security & Risk]
RC --- EA[Evidence & Audit]
RC --- INT[Integrations]
RC --- OPS[Platform Ops]
RC --- ADM[Administration]
SR --- SR1[Findings & Reachability]
SR --- SR2[VEX Hub]
SR --- SR3[Exceptions]
SR --- SR4[Advisory Sources]
EA --- EA1[Evidence Packets]
EA --- EA2[Proof Chains]
EA --- EA3[Replay / Verify]
EA --- EA4[Export Center]
INT --- INT1[SCM]
INT --- INT2[CI/CD]
INT --- INT3[Registries]
INT --- INT4[Secrets]
INT --- INT5[Targets / Runtimes]
INT --- INT6[Feeds]
INT --- INT7[Notification Providers]
OPS --- OPS1[Platform Health]
OPS --- OPS2[Background Jobs]
OPS --- OPS3[Scheduler]
OPS --- OPS4[Dead Letter]
OPS --- OPS5[Quotas & Usage]
OPS --- OPS6[Feed Mirror & AirGap Ops]
OPS --- OPS7[Nightly Ops Report]
ADM --- ADM0[Admin Overview]
ADM --- ADM1[Identity & Access]
ADM --- ADM2[Tenant & Branding]
ADM --- ADM3[Notifications]
ADM --- ADM4[Usage & Limits]
ADM --- ADM5[Policy Governance]
ADM --- ADM6[Trust & Signing]
ADM --- ADM7[System]
PACK: Administration + Release Control Setup + Integrations
2) Administration menu → screen graph
flowchart TB
ADM[Administration] --> A0[Admin Overview]
ADM --> A1[Identity & Access]
ADM --> A2[Tenant & Branding]
ADM --> A3[Notifications]
ADM --> A4[Usage & Limits]
ADM --> A5[Policy Governance]
ADM --> A6[Trust & Signing]
ADM --> A7[System]
A3 -.channels live in.-> INTN[Integrations > Notification Providers]
A4 -.operational drilldown.-> OPSQ[Platform Ops > Quotas & Usage]
A7 -.operational drilldown.-> OPSH[Platform Ops > Platform Health]
A7 -.jobs drilldown.-> OPSJ[Platform Ops > Background Jobs]
A5 -.gates apply to.-> RCG[Release Control > Gates & Approvals]
A6 -.evidence uses.-> EA[Evidence & Audit]
Screen A0 — Administration Overview
Previously: There was no single “admin hub”; admin functions were scattered under Settings (and some under Operations).
Now: Administration → Overview
Why: Admin users need a single choke-point for identity, policy governance, trust, notifications, and tenant controls—without mixing it with runtime ops dashboards.
┌──────────────────────────────────────────────────────────────────────────────┐
│ Top bar: [Search…] [Tenant: Core ▼] [Region: All ▼] [Env: All ▼] [Status: OK] │
├───────────────┬──────────────────────────────────────────────────────────────┤
│ NAV │ Administration — Overview │
│ │ Previously called: (new) — consolidates legacy Settings pages │
│ Release Ctrl │ │
│ Security&Risk │ Quick Health │
│ Evidence │ ┌──────────────┬──────────────┬──────────────┬────────────┐ │
│ Integrations │ │ Integrations │ Policy Pack │ Quotas │ Jobs │ │
│ Platform Ops │ │ 6 ok /2 warn │ Core latest │ 65% scans │ 0 failing │ │
│ Administration│ └──────────────┴──────────────┴──────────────┴────────────┘ │
│ ▸ Overview │ │
│ Identity │ Admin Areas │
│ Tenant │ ┌─────────────────────┐ ┌─────────────────────┐ │
│ Notifications│ │ Identity & Access │ │ Policy Governance │ │
│ Usage&Limits │ │ (Users/Roles/Keys) │ │ (Baselines/Rules) │ │
│ Policy Gov │ │ Formerly: Settings │ │ Formerly: Settings │ │
│ Trust&Sign │ └─────────────────────┘ └─────────────────────┘ │
│ System │ ┌─────────────────────┐ ┌─────────────────────┐ │
│ │ │ Notifications │ │ Trust & Signing │ │
│ │ │ Formerly: Settings │ │ Formerly: Settings │ │
│ │ └─────────────────────┘ └─────────────────────┘ │
│ │ ┌─────────────────────┐ ┌─────────────────────┐ │
│ │ │ Tenant & Branding │ │ Usage & Limits │ │
│ │ │ Formerly: Settings │ │ Formerly: Settings │ │
│ │ └─────────────────────┘ └─────────────────────┘ │
│ │ ┌────────────────────────────────────────────────────────┐ │
│ │ │ System (Admin) — diagnostics & admin tools │ │
│ │ │ Formerly: Settings > System │ │
│ │ └────────────────────────────────────────────────────────┘ │
└───────────────┴──────────────────────────────────────────────────────────────┘
Screen A1 — Identity & Access
Previously: Settings → Identity & Access
Now: Administration → Identity & Access
Why: This is pure admin (RBAC, OAuth, API keys, tenants). It shouldn’t compete with release/security workflows.
┌──────────────────────────────────────────────────────────────────────────────┐
│ Top bar: [Search…] [Tenant: Core ▼] [Admin] │
├───────────────┬──────────────────────────────────────────────────────────────┤
│ NAV │ Identity & Access │
│ Administration│ Previously called: Settings > Identity & Access │
│ Overview │ │
│ ▸ Identity │ Tabs: [Users] [Roles] [OAuth/SSO Clients] [API Tokens] [Tenants] │
│ Tenant │ │
│ Notifications│ [ + Add User ] [Invite] [Import] [Audit Log→] │
│ Usage&Limits │ │
│ Policy Gov │ Users │
│ Trust&Sign │ ┌──────────────────────────────────────────────────────────┐ │
│ System │ │ Name Email Role Status Actions │ │
│ │ │ -------- ----------------- -------- ------- -------- │ │
│ │ │ ... │
│ │ └──────────────────────────────────────────────────────────┘ │
│ │ │
│ │ Notes: API Tokens are used by Agents/CI integrations; link to │
│ │ Integrations → CI/CD for token scope testing. │
└───────────────┴──────────────────────────────────────────────────────────────┘
Screen A2 — Tenant & Branding
Previously: Settings → Tenant / Branding
Now: Administration → Tenant & Branding
Why: Tenant configuration is identity-adjacent (domains, default policy pack, org metadata). Keeping it in Admin prevents accidental mixing with operational tooling.
┌──────────────────────────────────────────────────────────────────────────────┐
│ Top bar: [Search…] [Tenant: Core ▼] │
├───────────────┬──────────────────────────────────────────────────────────────┤
│ NAV │ Tenant & Branding │
│ Administration│ Previously called: Settings > Tenant / Branding │
│ Overview │ │
│ Identity │ Tenants │
│ ▸ Tenant │ ┌──────────────────────────────────────────────────────────┐ │
│ Notifications│ │ Tenant Domain(s) Default Policy Status │ │
│ Usage&Limits │ │ Core core.example.com Core Pack Active │ │
│ Policy Gov │ │ … │ │
│ Trust&Sign │ └──────────────────────────────────────────────────────────┘ │
│ System │ │
│ │ Branding (selected tenant) │
│ │ ┌──────────────────────────────────────────────────────────┐ │
│ │ │ Logo [Upload] App Name [Stella Ops] Support URL […] │ │
│ │ │ Theme: Light/Dark Legal Footer Privacy/License links │ │
│ │ └──────────────────────────────────────────────────────────┘ │
└───────────────┴──────────────────────────────────────────────────────────────┘
Screen A3 — Notifications
Previously: Settings → Notifications
Now: Administration → Notifications
Why: Notification policy (who gets notified, on what events) is governance/admin. The channel connectivity lives in Integrations, but rules/templates remain here.
┌──────────────────────────────────────────────────────────────────────────────┐
│ Top bar: [Search…] [Tenant: Core ▼] │
├───────────────┬──────────────────────────────────────────────────────────────┤
│ NAV │ Notifications │
│ Administration│ Previously called: Settings > Notifications │
│ Overview │ │
│ Identity │ Rules Channels (connectivity) │
│ Tenant │ ┌──────────────────────────┐ ┌───────────────────────────┐ │
│ ▸ Notifications││ + Add Rule │ │ Email ✅ Active │ │
│ Usage&Limits ││ - “Critical reachable…” │ │ Slack ✅ Active │ │
│ Policy Gov ││ - “Bundle blocked…” │ │ Webhook ⚠ Not configured │ │
│ Trust&Sign │└──────────────────────────┘ │ [Manage in Integrations →] │ │
│ System │ └───────────────────────────┘ │
│ │ Templates Delivery / Activity Log │
│ │ ┌──────────────────────────┐ ┌─────────────────────────┐ │
│ │ │ Default templates │ │ View log Export │ │
│ │ │ [Edit Templates] │ │ Filter: last 7d ▼ │ │
│ │ └──────────────────────────┘ └─────────────────────────┘ │
└───────────────┴──────────────────────────────────────────────────────────────┘
Screen A4 — Usage & Limits
Previously: Settings → Usage & Limits
Now: Administration → Usage & Limits (admin-facing)
Why: This becomes the policy/contract view (limits, entitlements, throttle settings). Operational drilldown (queues, retries, per-job usage) stays in Platform Ops.
┌──────────────────────────────────────────────────────────────────────────────┐
│ Top bar: [Search…] [Tenant: Core ▼] [Month: Feb 2026 ▼] │
├───────────────┬──────────────────────────────────────────────────────────────┤
│ NAV │ Usage & Limits │
│ Administration│ Previously called: Settings > Usage & Limits │
│ Overview │ │
│ Identity │ Usage snapshot │
│ Tenant │ ┌──────────────┬──────────────┬──────────────┬────────────┐ │
│ Notifications│ │ Scans 6500/ │ Storage 42/ │ Evidence 2800│ API 15k/ │ │
│ ▸ Usage&Limits│ │ 10k │ 100 GB │ /10k │ 100k │ │
│ Policy Gov │ └──────────────┴──────────────┴──────────────┴────────────┘ │
│ Trust&Sign │ │
│ System │ Limits & throttles (tenant) │
│ │ ┌──────────────────────────────────────────────────────────┐ │
│ │ │ Configure Quotas | Burst rules | Per-integration caps │ │
│ │ │ [Open Platform Ops → Quotas & Usage] (drilldown dashboard) │ │
│ │ └──────────────────────────────────────────────────────────┘ │
└───────────────┴──────────────────────────────────────────────────────────────┘
Screen A5 — Policy Governance
Previously: Settings → Policy Governance
Now: Administration → Policy Governance (with strong cross-links to Release Control gates)
Why: Policies are organizational governance. The effect is felt in Release Control (gates), Security (exceptions), Evidence (decision capsule), but the configuration belongs in Admin.
┌──────────────────────────────────────────────────────────────────────────────┐
│ Top bar: [Search…] [Policy Pack: Core (latest) ▼] │
├───────────────┬──────────────────────────────────────────────────────────────┤
│ NAV │ Policy Governance │
│ Administration│ Previously called: Settings > Policy Governance │
│ Overview │ │
│ Identity │ Policy Baselines (per env/region) Governance Rules │
│ Tenant │ ┌───────────────────────────────┐ ┌─────────────────────┐│
│ Notifications│ │ + Create Baseline │ │ Edit Rules ││
│ Usage&Limits │ │ Baselines: Dev/Stage/Prod │ │ Gate: Reachable crit ││
│ ▸ Policy Gov │ └───────────────────────────────┘ └─────────────────────┘│
│ Trust&Sign │ │
│ System │ Simulation Exception Workflow │
│ │ ┌───────────────────────────────┐ ┌──────────────────────┐│
│ │ │ Run Simulation (what-if) │ │ Configure approvals ││
│ │ │ Inputs: bundle/digest/env │ │ Links to Exceptions ││
│ │ └───────────────────────────────┘ └──────────────────────┘│
│ │ │
│ │ Shortcuts: [Go to Release Control → Gates] [Go to Security → Exceptions] │
└───────────────┴──────────────────────────────────────────────────────────────┘
Screen A6 — Trust & Signing
Previously: Settings → Trust & Signing
Now: Administration → Trust & Signing (but “used by” Evidence & Audit)
Why: Key material, issuers, certs, and transparency log integration are security administration concerns. Evidence consumes these; it shouldn’t configure them.
┌──────────────────────────────────────────────────────────────────────────────┐
│ Top bar: [Search…] [Tenant: Core ▼] │
├───────────────┬──────────────────────────────────────────────────────────────┤
│ NAV │ Trust & Signing │
│ Administration│ Previously called: Settings > Trust & Signing │
│ Overview │ │
│ Identity │ Signing Keys Issuers Certificates │
│ Tenant │ ┌──────────────┐ ┌─────────────┐ ┌────────────────────────┐ │
│ Notifications│ │ Manage Keys │ │ Manage │ │ Manage Certs │ │
│ Usage&Limits │ └──────────────┘ └─────────────┘ └────────────────────────┘ │
│ Policy Gov │ │
│ ▸ Trust&Sign │ Transparency Log Trust Scoring Audit Log │
│ System │ ┌─────────────────────┐ ┌─────────────────┐ ┌─────────────┐ │
│ │ │ Configure Rekor │ │ Edit Score cfg │ │ View log │ │
│ │ └─────────────────────┘ └─────────────────┘ └─────────────┘ │
│ │ │
│ │ Used by: Evidence Packets, Proof Chains, Decision Capsules │
│ │ [Open Evidence & Audit → Proof Chains] │
└───────────────┴──────────────────────────────────────────────────────────────┘
Screen A7 — System (Admin)
Previously: Settings → System
Now: Administration → System (admin-only controls) + links into Platform Ops for the operational views
Why: This page becomes the administrative console (diagnostics, SLO config, admin job controls). Routine monitoring lives in Platform Ops.
┌──────────────────────────────────────────────────────────────────────────────┐
│ Top bar: [Search…] [Tenant: Core ▼] [Admin-only tools] │
├───────────────┬──────────────────────────────────────────────────────────────┤
│ NAV │ System │
│ Administration│ Previously called: Settings > System │
│ Overview │ │
│ Identity │ Health Check Doctor / Diagnostics │
│ Tenant │ ┌─────────────────────────┐ ┌─────────────────────────────┐│
│ Notifications│ │ All systems operational │ │ Run Doctor Export report ││
│ Usage&Limits │ │ [View in Platform Ops →] │ │ Last run: … ││
│ Policy Gov │ └─────────────────────────┘ └─────────────────────────────┘│
│ Trust&Sign │ │
│ ▸ System │ SLO Monitoring Background Jobs (admin controls) │
│ │ ┌─────────────────────────┐ ┌─────────────────────────────┐│
│ │ │ View SLOs / edit targets│ │ View jobs (Platform Ops →) ││
│ │ └─────────────────────────┘ │ Nightly Ops Report (→) ││
│ │ └─────────────────────────────┘│
└───────────────┴──────────────────────────────────────────────────────────────┘
Release Control becomes a ROOT menu (and absorbs “Settings → Release Control”)
3) Release Control setup menu → screen graph
flowchart TB
RC[Release Control] --> RCH[Control Plane]
RC --> RCL[Releases Ledger]
RC --> RCB[Release Bundles]
RC --> RCG[Gates & Approvals]
RC --> RCD[Deployments]
RC --> RCE[Regions & Environments]
RC --> RCP[Promotion Graph]
RC --> RCS[Setup]
RCS --> S1[Environments & Promotion Paths]
RCS --> S2[Targets & Agents]
RCS --> S3[Workflows]
RCS --> S4[Bundle Templates]
RCB --> BO[Release Bundle Organizer]
Screen RC-S0 — Release Control → Setup (hub)
Previously: Settings → Release Control (hub with Environments/Targets/Agents/Workflows)
Now: Release Control → Setup
Why: This configuration directly governs how promotions, deployments, and gates work. It’s operationally part of release control, not general settings.
┌──────────────────────────────────────────────────────────────────────────────┐
│ Top bar: [Search…] [Region: All ▼] [Env: All ▼] │
├───────────────┬──────────────────────────────────────────────────────────────┤
│ NAV │ Release Control — Setup │
│ Release Ctrl │ Previously called: Settings > Release Control │
│ ControlPlane │ │
│ Releases │ Setup areas │
│ Bundles │ ┌───────────────────────┐ ┌───────────────────────┐ │
│ Gates │ │ Environments & Paths │ │ Targets & Agents │ │
│ Deployments │ │ (Dev→Stage→Prod) │ │ (where/how deploy) │ │
│ Regions&Env │ │ Formerly: Environments│ │ Formerly: Targets/Agents│ │
│ Promotion │ └───────────────────────┘ └───────────────────────┘ │
│ ▸ Setup │ ┌───────────────────────┐ ┌───────────────────────────────┐ │
│ │ │ Workflows │ │ Bundle Templates │ │
│ │ │ Formerly: Workflows │ │ (for bundle organizer) │ │
│ │ └───────────────────────┘ └───────────────────────────────┘ │
└───────────────┴──────────────────────────────────────────────────────────────┘
Screen RC-S1 — Environments & Promotion Paths
Previously: Settings → Release Control → Environments
Now: Release Control → Setup → Environments & Promotion Paths (and linked from Regions & Environments)
Why: This is the promotion graph definition (pipelines, stages, gates). It must be adjacent to release visibility.
┌──────────────────────────────────────────────────────────────────────────────┐
│ Release Control / Setup / Environments & Paths │
│ Previously called: Settings > Release Control > Environments │
├──────────────────────────────────────────────────────────────────────────────┤
│ [ + Add Environment ] [ + Add Region ] [Edit Promotion Graph] [Policy Baseline→] │
│ │
│ Regions (left) Promotion Paths (right) │
│ ┌───────────────────────┐ ┌───────────────────────────────────────────┐ │
│ │ US-East │ │ Dev → Stage → Prod │ │
│ │ EU-Sovereign │ │ Gates: SBOM OK | Reachability | Approvals │ │
│ │ AirGap-01 │ │ Exceptions: allowed via workflow │ │
│ └───────────────────────┘ └───────────────────────────────────────────┘ │
│ │
│ Environment details │
│ ┌──────────────────────────────────────────────────────────────────────────┐ │
│ │ Env: Stage (EU-Sovereign) Targets: 3 Agents: 2 Workflow: Blue/Green │ │
│ │ Baseline: Core Policy Pack Notifications: Stage-Release channel │ │
│ └──────────────────────────────────────────────────────────────────────────┘ │
└──────────────────────────────────────────────────────────────────────────────┘
Screen RC-S2 — Targets & Agents
Previously: Settings → Release Control → Targets and Agents
Now: Release Control → Setup → Targets & Agents
Why: These define how releases reach runtime. They are release-control primitives, while the connectors (SSH, Nomad, ECS, etc.) are Integrations.
┌──────────────────────────────────────────────────────────────────────────────┐
│ Release Control / Setup / Targets & Agents │
│ Previously called: Settings > Release Control > Targets + Agents │
├──────────────────────────────────────────────────────────────────────────────┤
│ Targets Agents │
│ [ + Add Target ] [ + Register Agent ] │
│ ┌───────────────────────────────────────────────┐ ┌──────────────────────┐ │
│ │ Name Type Region Status │ │ Agent Region Status │ │
│ │ swarm-01 DockerSwarm EU ✅ Healthy │ │ ag-12 EU ✅ │ │
│ │ ecs-prod AWS ECS US ⚠ Degraded │ │ ag-09 US ⚠ │ │
│ └───────────────────────────────────────────────┘ └──────────────────────┘ │
│ │
│ Mapping │
│ ┌──────────────────────────────────────────────────────────────────────────┐ │
│ │ Env: Stage → Targets: swarm-01, nomad-02 → Agents: ag-12 │ │
│ │ Env: Prod → Targets: ecs-prod → Agents: ag-09 │ │
│ └──────────────────────────────────────────────────────────────────────────┘ │
│ │
│ Notes: Connectivity lives in Integrations > Targets/Runtimes (SSH/VPN creds). │
└──────────────────────────────────────────────────────────────────────────────┘
Screen RC-S3 — Workflows
Previously: Settings → Release Control → Workflows
Now: Release Control → Setup → Workflows
Why: Workflows are the executable “release doctrine” (blue/green, canary, rollback). They must live next to promotions and approvals.
┌──────────────────────────────────────────────────────────────────────────────┐
│ Release Control / Setup / Workflows │
│ Previously called: Settings > Release Control > Workflows │
├──────────────────────────────────────────────────────────────────────────────┤
│ [ + New Workflow ] [Import] [Validate] │
│ │
│ Workflow Templates │
│ ┌──────────────────────────────────────────────────────────────────────────┐ │
│ │ Blue/Green — steps: preflight → deploy → smoke → promote → attest │ │
│ │ Canary — steps: 5% → 25% → 50% → 100% with gates at each stage │ │
│ │ Rollback — steps: select prior digest/bundle → deploy → verify → lock │ │
│ └──────────────────────────────────────────────────────────────────────────┘ │
│ │
│ Default mapping │
│ ┌──────────────────────────────────────────────────────────────────────────┐ │
│ │ Dev: Canary Stage: Blue/Green Prod: Blue/Green (strict gates) │ │
│ └──────────────────────────────────────────────────────────────────────────┘ │
└──────────────────────────────────────────────────────────────────────────────┘
Missing crucial capability added: Release Bundle Organizer
Screen RC-B0 — Release Bundles (Organizer)
Previously: This capability was missing / implicit (digest-first releases existed, but no first-class bundling and config snapshot composition).
Now: Release Control → Bundles → Bundle Organizer
Why: You need a bundle abstraction: “microservice digests + env-derived variables (Vault/Consul) + changelog per repository” becoming an immutable versioned unit that can be gated, approved, exported (air-gap), and promoted.
┌──────────────────────────────────────────────────────────────────────────────┐
│ Release Control / Bundles / Bundle Organizer │
│ Previously called: (new) — fills gap between Release Digest and Multi-svc ship│
├──────────────────────────────────────────────────────────────────────────────┤
│ Bundle: [Repo Group: payments-platform ▼] Version: [v1.8.0 ▼] Status: Draft│
│ [Create Bundle] [Save Draft] [Compute Bundle Digest] [Run Gates] [Request Approval]│
│ │
│ Included Services (digest-first → bundle version) │
│ ┌──────────────────────────────────────────────────────────────────────────┐ │
│ │ Service Image Digest Service Ver SBOM Reachability Gate │ │
│ │ payments-api sha256:… 1.8.0 ✅ OK ✅ runtime ✅ │ │
│ │ billing-worker sha256:… 2.3.1 ⚠ crit ⚠ image-only ❌ │ │
│ │ ui-gateway sha256:… 0.19.4 ✅ OK ✅ build+run ✅ │ │
│ └──────────────────────────────────────────────────────────────────────────┘ │
│ │
│ Variables Snapshot (derived per env) │
│ ┌──────────────────────────────────────────────────────────────────────────┐ │
│ │ Environment: Stage (EU) │ │
│ │ Vault: /kv/stage/payments/* Snapshot: vaultsnap-91a2 Diff: masked │ │
│ │ Consul: /config/stage/payments/* Snapshot: consulsnap-33f1 Diff: masked │ │
│ │ [View resolved manifest] [Export env overlay] │ │
│ └──────────────────────────────────────────────────────────────────────────┘ │
│ │
│ Changelog (per repository) │
│ ┌──────────────────────────────────────────────────────────────────────────┐ │
│ │ payments-api: PR#1823 Fix tax rounding | PR#1831 Upgrade openssl │ │
│ │ billing-worker: PR#944 Retry logic | PR#951 Patch CVE-… │ │
│ │ [Pull from SCM Integration] [Edit release notes] │ │
│ └──────────────────────────────────────────────────────────────────────────┘ │
│ │
│ Evidence hooks │
│ - Generates: Bundle Manifest, Evidence Packet, Decision Capsule, Export Kit │
│ - Links: Security Findings, Exceptions, Approvals, Proof Chains │
└──────────────────────────────────────────────────────────────────────────────┘
Implementation note (UI semantics):
- “Bundle Version” is a human-friendly label; the authoritative identity remains content-addressed (bundle digest) + evidence.
- Vault/Consul snapshots are explicit objects, so auditors can see “what config was used” without exposing secrets (masked diffs).
Integrations is still essential, but kept clean: connectivity & sync health live here
4) Integrations menu → screen graph
flowchart TB
INT[Integrations] --> I0[Overview]
INT --> I1[SCM]
INT --> I2[CI/CD]
INT --> I3[Registries]
INT --> I4[Secrets]
INT --> I5[Targets / Runtimes]
INT --> I6[Feeds]
INT --> I7[Notification Providers]
I0 --> ID[Integration Detail]
I6 -.advisory freshness drives.-> SR4[Security & Risk > Advisory Sources]
I6 -.offline mirroring handled by.-> OPS6[Platform Ops > Feed Mirror & AirGap Ops]
I4 -.config snapshots used by.-> RCB[Release Bundles]
I1 -.changelog used by.-> RCB
I3 -.digests & image sbom used by.-> RC[Release Control]
Screen I0 — Integrations Overview
Previously: Settings → Integrations
Now: Integrations → Overview (root menu)
Why: Integrations are cross-cutting. This page becomes the single source of truth for connectivity + data freshness, with clear escalation links (Nightly Ops Report, Feed Mirror, DLQ).
┌──────────────────────────────────────────────────────────────────────────────┐
│ Top bar: [Search…] [Tenant: Core ▼] │
├───────────────┬──────────────────────────────────────────────────────────────┤
│ NAV │ Integrations │
│ Integrations │ Previously called: Settings > Integrations │
│ ▸ Overview │ │
│ SCM │ Status summary │
│ CI/CD │ ┌───────────────┬───────────────┬───────────────┐ │
│ Registries │ │ Connected: 6 │ Degraded: 1 │ Disconnected:1│ │
│ Secrets │ └───────────────┴───────────────┴───────────────┘ │
│ Targets │ │
│ Feeds │ Filters: [All] [SCM] [CI/CD] [Registries] [Secrets] [Feeds] │
│ Notify Prov │ │
│ │ Cards │
│ │ ┌──────────────────────────────────────────────────────────┐ │
│ │ │ GitHub Enterprise ✅ last sync 5m scope: 42 repos │ │
│ │ │ Jenkins ⚠ degraded last sync 1h errors: 3 │ │
│ │ │ NVD Feed ❌ disconnected last ok: 2d (blocks rescans) │ │
│ │ │ Vault ✅ last sync 10m paths: 18 │ │
│ │ └──────────────────────────────────────────────────────────┘ │
│ │ │
│ │ Escalation: [Nightly Ops Report →] [Platform Ops → DLQ] │
└───────────────┴──────────────────────────────────────────────────────────────┘
Screen ID — Integration Detail (template)
Previously: You’d click an integration card; details were inconsistent. Now: Every integration has a standardized detail page. Why: You need uniform answers to: Is it connected? What data is stale? What is blocked downstream?
┌──────────────────────────────────────────────────────────────────────────────┐
│ Integrations / Detail: NVD Feed │
│ Previously called: Settings > Integrations (card detail) │
├──────────────────────────────────────────────────────────────────────────────┤
│ Status: ❌ Disconnected Last healthy sync: 2d ago Owner: SecOps │
│ [Test Connection] [Reconnect] [View Errors] [Open DLQ] [Open Nightly Report] │
│ │
│ Sync Health │
│ ┌──────────────────────────────────────────────────────────────────────────┐ │
│ │ Schedule: hourly Last attempt: 1h ago Result: timeout │ │
│ │ Freshness SLA: 6h Current freshness: 2d (breach) │ │
│ │ Downstream impact: CVE re-scan blocked; policy “re-evaluate on update” stale│ │
│ └──────────────────────────────────────────────────────────────────────────┘ │
│ │
│ Configuration (readable, safe) │
│ - Endpoint: … │
│ - Auth: (masked) │
│ - Proxy: … │
└──────────────────────────────────────────────────────────────────────────────┘
What happened to “Settings → Security Data”?
This legacy menu item typically mixed two different concerns:
- Connectivity & syncing of advisory sources (NVD/OSV/etc.)
- Security decisioning (how sources are interpreted in policy gates)
Redesign mapping (explicit):
- Connectivity + freshness →
Integrations → Feeds(and offline mirroring inPlatform Ops → Feed Mirror & AirGap Ops) - How advisories affect risk/gates →
Security & Risk → Advisory Sources
(If you want, I’ll produce the Advisory Sources ASCII in the next Security pack so it stays consistent with your “second class screens” requirement.)
Quick confirmation against the constraints you gave
- Main reorganization preserved (same root modules, Release Control is root, Admin is last/root).
- Every screen includes “Previously called …” in the mock header.
- Release bundle organizer added with Vault/Consul variables + per-repo changelog.
If you want the next message to continue, I’ll do the Security Data / Advisory Sources redesign as a focused pack (since it straddles Security & Risk + Integrations + Ops), and include Mermaid + ASCII the same way.