UI

Target Architecture — Final-State Design

This page describes the final-state user-facing surfaces of the platform. They are Blazor micro-frontends within Factory Studio, built on ConnectSoft.Blazor.ShellTemplate + ConnectSoft.Blazor.UIKit, talking to the platform's APIs through the Studio BFF. They harden the existing Governance & Compliance Center and Security & Access Control studio modules.

The platform exposes two primary surfaces in Factory Studio: the Security Center and the Governance & Compliance Center. Both are read-rich, action-light dashboards designed for security engineers, compliance officers, and platform operators — humans step in only at approval gates and triage.

Surface Map

flowchart TB
    Studio["Factory Studio Shell"] --> SecCenter["Security Center"]
    Studio --> GovCenter["Governance & Compliance Center"]
    SecCenter --> Findings["Security Findings & triage"]
    SecCenter --> Secrets["Secret Governance & rotation"]
    SecCenter --> Risk["Risk dashboard"]
    SecCenter --> Isolation["Tenant Isolation rules"]
    GovCenter --> Policies["Policy authoring & versions"]
    GovCenter --> Approvals["Approval queue"]
    GovCenter --> Audit["Audit explorer"]
    GovCenter --> Compliance["Compliance reports & evidence"]
    GovCenter --> Classification["Data classification"]

Hold "Alt" / "Option" to enable pan & zoom

Security Center

The operational home for the security posture of the factory and everything it produces.

Module	Purpose	Backing API / data
Findings & triage	List, filter, and triage SecurityFindings by severity/status; assign, resolve, suppress with notes.	POST /security-findings, finding queries; SecurityFindingRaised stream.
Secret governance	View SecretReferences, rotation due dates, and leak findings — never secret values. Trigger rotation reminders.	SecretGovernanceService (gRPC via BFF).
Risk dashboard	Composite RiskScores by subject (action/artifact/tenant/agent) with contributing factors and bands.	RiskScoringService; RiskScored stream.
Tenant isolation	Inspect and manage TenantIsolationRules (isolation mode, residency, cross-tenant grants).	TenantIsolationPolicyService.

Key UX principles: severity-first ordering, one-click trace pivot (jump from a finding to its traceId chain in the Audit explorer), and clear "no secret values are ever shown" affordances around secret governance.

Governance & Compliance Center

The home for policy, approvals, audit, classification, and evidence — hardening the existing Governance & Compliance Center.

Module	Purpose	Backing API / data
Policy authoring	Create/version PolicyDefinitions and PolicyRules across the ten governance domains; diff versions; publish.	POST /policies; policy queries.
Approval queue	The human-in-the-loop surface: pending ApprovalRequests with context, risk, and policy reason; approve/reject with justification.	POST /approvals/{id}/approve, POST /approvals/{id}/reject; approval stream.
Audit explorer	Query the immutable, hash-chained audit trail by traceId, subject, action, time; verify chain integrity.	GET /audit.
Compliance reports	Generate and download framework reports / evidence bundles (GDPR/SOC 2/HIPAA-style packs).	POST /compliance/reports; ComplianceReportGenerated stream.
Data classification	Review and (with approval) adjust DataClassification labels and categories.	DataClassificationService; DataClassified stream.

Cross-cutting UI Concerns

• Live updates — surfaces subscribe to the governance event stream (via the Studio BFF over SignalR) so approval queues, findings, and risk update in real time without refresh.
• Trace-first navigation — every record links to its traceId, enabling a pivot from intent → decision → approval → audit across the whole factory.
• RBAC/ABAC-aware — modules and actions render per the viewer's roles and the platform's own policy (e.g. an approver only sees requests they may decide; segregation of duties hides self-raised requests).
• Tenant-scoped — all surfaces are tenant-isolated; cross-tenant views require an explicit, audited isolation grant.
• Accessibility & consistency — built on ConnectSoft.Blazor.UIKit for consistent, accessible components across Studio.

Related

• APIs · Workflows · Security · Observability
• Studio: Governance & Compliance Center · Security & Access Control · Studio Overview