# Vuln Signal Release Notes ## Current State This working batch turned Vuln Signal into a broader cyber intelligence workspace with: - Centralized navigation and route manifest coverage. - Automatic page orientation through the page guide. - Shared page-family workflow guidance for Core, Intel, Threats, Research, and Status pages. - Shared tool guidance for all tool pages, including privacy notes and next-step pivots. - Strategic hubs for appliance, ransomware, identity, exploit-chain, detection, and executive views. - Beginner onboarding through Start Here and Daily Workflow. - Role Paths for patch teams, SOC, threat intel, exposure owners, leadership, beginners, and maintainers. - Decision Matrix for choosing patch, mitigate, detect, validate, monitor, or escalate lanes. - Evidence Checklist for collecting proof before patching, mitigation, detection, monitoring, or escalation. - Remediation Evidence Pack for proving patched, mitigated, detected, accepted, not-affected, and monitored outcomes. - Stakeholder Matrix for audience-specific vulnerability communication and action requests. - Escalation Ladder for deciding when triage needs emergency patching, SOC, risk, vendor, or leadership escalation. - Handoff Center for copy-ready patch, SOC, asset owner, leadership, exception, and vendor messages. - Action Tracker for local saved-item states, owner notes, deadlines, and follow-up cadence. - Brief Builder for copy-ready daily, weekly, patch, SOC, exception, and data-quality updates. - Methodology page for explaining risk model, trust language, live-derived views, action labels, and limitations. - Data Dictionary for plain-English definitions of portal fields, labels, risk signals, and trust terms. - Coverage Map for explaining strong coverage, partial coverage, and external validation boundaries. - Scenario Library for practical "what do I open when..." response paths. - Runbook Index for situation, cadence, owner, and output-based operating paths. - Exception Register for delayed patch, no-patch, mitigation-first, and accepted-risk workflows. - Metrics Catalog for defining operational metrics, caveats, owners, and review cadence. - Operational Readiness for checking ownership, evidence, telemetry, change, communication, and follow-up preparedness. - Maturity Model for assessing vulnerability operations capability and choosing focused improvements. - Quality Center for release gates, content governance, manual QA, and next-priority planning. - Expanded Playbooks, detail-page handoffs, Search/Saved/Compare guidance, and Diagnostics QA support. ## Automated Checks Run: ```powershell powershell -ExecutionPolicy Bypass -File scripts/check-site.ps1 ``` The checker currently covers: - Local HTML links. - Duplicate HTML IDs. - Page titles, descriptions, main landmarks, and nav landmarks. - Content hygiene for common encoding artifacts. - JS import and dynamic module targets. - Named JS imports. - Route manifest page/container coverage. - Route metadata purpose/workflow coverage. - Page-guide eligibility through `.page-hero`. - Navigation links and HTML pages represented in the route manifest. ## Manual QA Still Required Automated checks cannot prove visual quality. Before treating the site as release-ready, manually review: - Desktop and mobile navigation, especially long dropdowns. - Threat map rendering, filters, campaign cards, and empty states. - Detail page links, copy handoffs, and next-action cards. - Tool pages, especially long output, copy buttons, backend-assisted errors, and mobile textareas. - Search, Saved, and Compare local workflows. - Status, Trust Review, and Diagnostics trust language. - Quality Center links to release docs, governance, manual tests, and next priorities. ## Known Fragile Areas - Live API unavailable states can make data-driven pages look empty. - Threat map visuals depend on campaign data and responsive sizing. - Tool pages can overflow if pasted content is very long. - Saved, Compare, notes, and triage states depend on browser local storage. - Route metadata and route manifest must stay aligned when pages are added. ## Recommended Next Release Gate Before adding another large feature batch: - Run the automated checker. - Open Diagnostics and follow Manual Browser QA. - Test at least one page from each navigation area. - Test one tool from each tool category. - Test one live-data-unavailable state if possible.