Operating principle: new pages should either help a defender decide, validate, communicate, or act. If a feature does not support one of those outcomes, it should stay in notes until it has a clearer job.
Quality Center
Keep the portal useful, trustworthy, and calm as it grows.
Use this page before and after large batches. It turns product quality, release checks, content governance, and manual QA into a repeatable workflow.
1Run diagnosticsCheck route wiring, containers, runtime state, and launch readiness.
2Manual QAUse the browser checklist for desktop, mobile, tools, map, and detail flows.
3Govern contentKeep copy, naming, trust language, and page purpose consistent.
4Choose next workPick the next batch from quality-first priorities instead of feature sprawl.
Release Gates
Do not ship a large batch until these checks are healthy
Automated
Local checker passes
Run powershell -ExecutionPolicy Bypass -File scripts/check-site.ps1. It should pass links, IDs, metadata, JS imports, route containers, route metadata, page heroes, and navigation coverage.
Manual
Critical paths reviewed
Open Home, Start Here, Threat Map, Tools, Search, Saved, Compare, one detail page, one strategic hub, Status, and Diagnostics at desktop and mobile widths.
Trust
Data states are honest
Every live-derived page should clearly distinguish loaded data, unavailable API state, filtered-empty state, and analyst assumptions.
Methodology
Risk language is explainable
Users should be able to understand how action labels, trust caveats, live-derived views, and validation steps are meant to be interpreted.
UX
No page feels like a dead end
Each page should have a clear next action: open a queue, pivot to a tool, save/compare, check trust, or return to a broader hub.
Content Rules
The editorial guardrails that keep the site beginner-friendly
One page, one job
Every page should answer a distinct question. If two pages answer the same question, one should become a hub and the other should become a deeper drill-down.
Explain live-derived views
Maps, actor context, ransomware relevance, and exploit-chain views should clearly say when they are inferred from loaded data rather than direct telemetry.
Prefer action labels
Use language like Patch Now, Mitigate First, Validate Exposure, Watch, Draft Detection, and Escalate instead of only severity labels.
Keep beginner paths visible
Start Here, Daily Workflow, Site Map, Learn, Status, and Diagnostics should remain easy to find even as advanced pages grow.
Manual Test Matrix
The fastest useful QA pass after changes
Navigation
Top menu, dropdowns, mobile menu
Check hover/focus, long Tools menu scroll, right-edge dropdowns, mobile toggle, and active states.
Live Data
Loaded, empty, and unavailable states
Check Home, Threat Map, CVEs, Advisories, Status, and strategic hubs when the API succeeds or fails.
Workflow
Details, saving, compare, and handoff
Open a record, save it, add a note, compare it, and copy a remediation or SOC handoff summary.
Tools
Inputs, outputs, copy buttons, overflow
Try one parser, one calculator, one lookup, one detection helper, and one formatter on desktop and mobile.
Improvement Backlog
What to prioritize next when the site feels stable
Make flows measurable
Add visible freshness, coverage, and confidence summaries to more pages so users know whether a view is ready for decisions.
Improve maturity deliberately
Use the Maturity Model to choose one weak capability at a time instead of adding unrelated features.
Reduce duplicate mental models
Use shared guidance modules, route metadata, and Site Map paths before adding new standalone explanation sections.
Strengthen tool privacy notes
Keep local-only tools clearly labeled, and make backend-assisted lookups explicit when network calls are required.
Expand QA automation carefully
Next automated checks should focus on navigation coverage, renderer/container alignment, and docs drift before visual automation.
Recommended next move: after a big content or UI batch, open Diagnostics first, then run the manual matrix only on the critical workflows that changed.