git.stella-ops.org/docs/modules/ui/restoration-topics/reachability-witnessing.md

Reachability Witnessing

Recommendation

Do not restore Witnessing as a separate product.

Merge it into the existing Security > Reachability area as deeper tabs and contextual detail views.

Why

• ReachabilityCenterComponent already owns the top-level coverage-first posture.
• WitnessPageComponent and PoEDrawerComponent are explanation and proof surfaces for the same capability.
• Reachability evidence also matters to findings, triage, and release gates, so the detailed views must be reusable from those contexts.

Primary Placement

• Menu group: Security
• Section: Reachability

Suggested canonical root:

• /security/reachability

Product Shape

Keep one reachability shell and add tabs.

Tabs

• Coverage
  • current fleet/sensor coverage view
• Witnesses
  • searchable list of witness records and witness detail pages
• PoE / Exposure
  • proof-of-exposure artifacts, export/verify actions, and DSSE/Rekor state
• Sensor Gaps
  • missing sensors, stale facts, and remediation queues

Merge Map

Into Coverage

• ReachabilityCenterComponent

Into Witnesses

• WitnessPageComponent
  • becomes the full detail page for a selected witness

Into PoE / Exposure

• PoEDrawerComponent
  • becomes a reusable evidence drawer plus an optional tabbed detail route when permalink is needed

Placement For Single Actions And Small Surfaces

Witness detail

• Full page under Witnesses
• Suggested route:
  • /security/reachability/witnesses/:witnessId

PoE detail

• Default to a right drawer from witness detail, finding detail, triage, or release-context views
• Only create a standalone route for deep-link/export cases:
  • /security/reachability/poe/:artifactId

Export DOT / Mermaid

• Keep as witness-detail actions
• Do not turn export formats into their own pages

Replay verify

• Keep as an action button on witness and PoE detail
• Also expose the same action from release-context evidence pages

Secondary Entry Points

These should deep-link into the same reachability surfaces:

• Security > Findings
  • open witness detail for a finding
• Triage > Artifact Workspace
  • open witness drawer from artifact detail
• Releases or Decisioning Studio release context
  • open witness/PoE evidence when a gate uses reachability proof

What Not To Do

• Do not create a separate sidebar product called Witnessing or Proof of Exposure.
• Do not leave PoE only as a detached drawer with no canonical parent route.
• Do not split coverage, witness detail, and proof detail across different top-level sections.

Route Sketch

• /security/reachability
• /security/reachability/coverage
• /security/reachability/witnesses
• /security/reachability/witnesses/:witnessId
• /security/reachability/poe
• /security/reachability/poe/:artifactId
• /security/reachability/gaps

Detailed UX And Sprint

• Detailed UX dossier: ../reachability-witnessing/README.md
• Implementation sprint: ../../../docs-archived/implplan/SPRINT_20260307_025_FE_reachability_witnessing_merge.md

Corroborating Inputs

• docs/contracts/witness-v1.md
• docs/architecture/EVIDENCE_PIPELINE_ARCHITECTURE.md
• docs/modules/scanner/reachability.md
• src/Web/StellaOps.Web/src/app/features/reachability/reachability-center.component.ts
• src/Web/StellaOps.Web/src/app/features/reachability/witness-page.component.ts
• src/Web/StellaOps.Web/src/app/features/reachability/poe-drawer.component.ts
• src/Web/StellaOps.Web/src/app/routes/security-risk.routes.ts
• src/Web/StellaOps.Web/src/app/routes/evidence.routes.ts

Final Call

This should be restored as deeper reachability UX: one security submenu, four tabs, witness as the full detail page, and PoE as a reusable evidence drawer with an optional permalink route.