stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity
Files
f4eb64fefcd7d2353b42aed44cb732780e861ea4
git.stella-ops.org/docs/modules/ui/security-operations-leaves/README.md

3.1 KiB
Raw Blame History

Security Operations Leaves

Purpose

  • Make the preserved weak-route leaves fully usable from the live shells instead of leaving them reachable only by typed URLs or overview-card luck.
  • Keep Mission Control, Security, and Ops > Operations as the owners of their respective operator workflows instead of reviving a separate legacy security-ops product.

Canonical Owner

  • Owner shells:
    • Mission Control
    • Security
    • Ops > Operations
  • Primary routes:
    • /mission-control/alerts
    • /mission-control/activity
    • /mission-control/release-health
    • /mission-control/security-posture
    • /security/unknowns
    • /security/unknowns/:unknownId
    • /security/unknowns/:unknownId/determinization
    • /security/unknowns/queue/grey
    • /ops/operations/notifications

Legacy Alias Policy

  • Preserve stale bookmarks and old links by redirecting:
    • /analyze/unknowns
    • /analyze/unknowns/:unknownId
    • /analyze/unknowns/:unknownId/determinization
    • /analyze/unknowns/queue/grey
    • /notify
  • Redirects must preserve query params and fragments so tenant, region, environment, return-to-context, and tab state survive the handoff.
  • Setup > Notifications remains the admin/configuration surface. Ops > Operations > Notifications remains the operator delivery and alert workflow surface.

UX Rules

  • Mission Control owns the cross-product alert and recent-activity pages and must surface them directly from the live sidebar.
  • Security owns unknowns tracking, detail review, grey queue, and determinization flows.
  • Ops > Operations owns notification delivery, channel health, and operator watchlist handoffs.
  • Internal links inside the unknowns subtree must stay inside /security/unknowns*, not dead /analyze/* routes.
  • Browser-level verification should use the mounted notifications page because the local frontend proxy reserves /notify; the alias itself is still required in app routing and verified at route-contract level.

Preserved Value

  • Keep:
    • mission alert and activity summaries as operator landing pages
    • unknowns tracking and determinization workflows
    • notification delivery and watchlist handoff workflows
  • Why:
    • these are already mounted product capabilities with useful operator actions
    • the product issue was surfacing debt and stale route ownership, not lack of feature value

Shipped In This Cut

  • Added top-level alias coverage for stale /analyze/unknowns* and /notify entry points.
  • Retargeted shared navigation config from dead analyze and notify paths to the canonical security and operations owners.
  • Surfaced Alerts, Activity, Unknowns, and Notifications from the live sidebar shells.
  • Repaired unknowns grey-queue and determinization links so breadcrumbs and return paths stay inside canonical security routes.
  • Added focused Angular and Playwright verification for the cutover.

Related Docs

  • docs/features/checked/web/security-operations-leaves-ui.md
  • docs/features/checked/web/unknowns-tracking-ui.md
  • docs/modules/ui/watchlist-operations/README.md
  • docs/modules/ui/component-preservation-map/RESTORATION_PRIORITIES.md