UI coverage audit
Slide deck claims → concrete UI surfaces.
UI Coverage Audit (vs Architecture Slide Deck)
This document maps claims in docs/ARCHITECTURE_SLIDE_DECK.md to concrete UI surfaces in the Next.js dashboard.
If something is “✅ Covered” it means there is a first‑class page or docs surface that exposes it. “🟡 Partial” means it exists but is not surfaced/discoverable or is missing a key workflow.
Entry Points (Slides 4–7)
| Slide | Claim | Status | UI surface |
|---|---|---|---|
| 4 | Developer-first CLI | 🟡 Partial | /docs/cli (renders src/cli/README.md) |
| 5 | Web dashboard (live feed + search + investigations + analytics + admin) | ✅ Covered | / (live feed), /search, /npm/..., /investigation/<scanId>, /analytics, /admin/* |
| 6 | GraphQL API (queries/mutations/subscriptions, auth tiers) | 🟡 Partial | /docs/api (renders docs/graphql-api.md), plus GET /api/graphql in dev |
| 7 | Registry proxy (install-time protection, policy modes, .npmrc setup) | 🟡 Partial | /docs/proxy (renders docs/npm-registry-proxy.md) |
Web Dashboard Feature Claims (Slide 5)
| Claim | Status | Evidence |
|---|---|---|
| Live feed of npm publishes / scans | ✅ Covered | / live feed UI + filters + virtualization |
| Scan history and search | ✅ Covered | /search + recent scans on / + per‑package scan history in /npm/... |
| Investigation deep-dives | ✅ Covered | /investigation/<scanId> (alerts, metadata, snippet viewer, exports) |
| Analytics & trends | ✅ Covered | /analytics (Prisma-backed aggregates) |
| Admin panel for rule management | ✅ Covered | /admin + /admin/alerts, /admin/rules, /admin/false-positives, /admin/patches, /admin/hosted-packages |
Real-time Events (Slide 22)
| Claim | Status | Evidence |
|---|---|---|
| Redis Pub/Sub → dashboard updates | ✅ Covered | Live feed uses GraphQL subscriptions and shows scanStarted/alertDetected/scanCompleted |
| “Instant updates everywhere” | ✅ Covered | Key data pages auto-refresh on scanCompleted events via GraphQL subscriptions (/, /search, /analytics, /npm/*) |
Detection Engine + Alert Docs (Slides 8–12)
| Claim | Status | Evidence |
|---|---|---|
| Modular detection engine → alert types | ✅ Covered | /docs/alerts index + /docs/alerts/<alertType> markdown docs |
| “What this means / what to do” inline guidance | ✅ Covered | Inline expanders via AlertDocInline on live feed, /npm, /investigation |
| Threat scoring (0–100, clean/warn/critical) | ✅ Covered | Score + threat level shown on /npm, /investigation, live feed |
Registry Proxy & Policy Modes (Slide 7)
| Claim | Status | Evidence |
|---|---|---|
| Policy modes: audit/warn/strict | ✅ Covered (docs + generator) | /docs/proxy + “Quick config generator” |
Setup: .npmrc / .yarnrc.yml | ✅ Covered (docs + generator) | /docs/proxy + “Quick config generator” |
Sandbox / Isolation (Slides 13–15)
| Claim | Status | Evidence |
|---|---|---|
| Sandbox modes, secure execution, defense in depth | ✅ Covered (docs) | /docs/sandbox (renders docs/SANDBOX_ARCHITECTURE.md) |
Antifragile / Immune System (Slides 16–19)
| Claim | Status | Evidence |
|---|---|---|
| Rule lifecycle, FP handling, evolution pipeline | ✅ Covered (ops UI) | /admin/* + FP workflows |
| Deep docs for antifragile architecture | ✅ Covered (docs) | /docs/antifragile (renders docs/ANTIFRAGILE_ARCHITECTURE.md) |
Notes / Next UI Adds (to reach 100% “claim coverage”)
- Add a Proxy config generator to
/docs/proxy(copyable.npmrc+ policy JSON). - Add a Docs index that links to all major architecture docs (sandbox, antifragile, proxy, feature inventory).
- Add a User menu/avatar in the top bar (matches Slide 5 mock).