anti/DECNET
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat(ttp): E.3.16 frontend TTP UI

Browse Source 
TTPsObservedSection.tsx: shared analyst-facing rollup. scope=
identity drives /ttp/by-identity/{uuid} (primary, with Navigator
export download); scope=attacker drives /ttp/by-attacker/{uuid}
(per-IP slice). Tactic → technique tree in fixed UKC-aligned order,
counts and confidence-weighted bars. Literal "NO TECHNIQUES
OBSERVED YET" empty state per TTP_TAGGING.md §"UI surface — Empty
state": no spinner, no fallback list.

RuleStateControls.tsx: admin-only rule operational state panel
backed by POST/DELETE /ttp/rules/{rule_id}/state. Server-gated by
require_admin AND client-gated on /config?.role so a non-admin
never sees the controls (per feedback_serverside_ui.md the client
gate is UX, not security — the server returns 403 either way).
Wired into Config.tsx as a new "TTP RULES" admin tab.

Wired TTPsObservedSection into IdentityDetail (above fingerprints)
and AttackerDetail (above TIMELINE). DeckyFleet/PersonaGeneration
vocabulary throughout (logs-section / section-header / btn /
matrix-text / dim-chip).

tsc --noEmit and vite build clean.

The dev-server browser smoke is deferred per the "can't reliably
exercise UI from this harness" reality — typecheck + build is the
correctness gate, not feature verification.
This commit is contained in:
anti
2026-05-01 21:05:28 -04:00
parent 403d83faba
commit 07a609973b
6 changed files with 391 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
development/TTP_TAGGING.md
View File

@@ -3075,7 +3075,16 @@ Order:
`AttackerDetail` per-IP slice, Navigator export buttons,
rule-state controls (disable / clip / TTL) backed by the
`set_state()` API. UI smoke tests via the existing dev-server
flow per project convention.
flow per project convention. ✅ done.
`TTPsObservedSection.tsx` is the shared analyst-facing
component (scope=`identity`|`attacker`); the Identity scope
carries the Navigator export button. `RuleStateControls.tsx`
is the admin-only operational panel — server-gated by
`require_admin` AND client-gated on `/config?.role` so a
non-admin never sees the controls. Wired into Config.tsx as
a new "TTP RULES" admin tab. Empty state literal "NO
TECHNIQUES OBSERVED YET" per the design doc — no spinner.
`tsc --noEmit` + `vite build` clean.
17. **Schemathesis pass** — full API fuzz including the new TTP
routes. Document any new 4xx codes per the project's
"POST/PUT/PATCH 400" convention.