UX North Star

This is the UX source of truth for the v0.6 narrative surfaces: Overview, Brief, and Access Chain.

It is written for product designers, Claude Design handoffs, implementation agents, and reviewers. It is not the company positioning page, not an architecture decision, and not the raw source ledger. Product positioning remains in docs/product/positioning/; implementation evidence and clause receipts live in North Star Source Inventory.

What The UX Must Do

SecurityV0 should help a security leader or operator understand:

• what automated workload or non-human identity created the exposure
• how it got there
• what data, system, or action is reachable
• what proof supports the claim
• what decision or action should happen next

The product should feel like a governed evidence system, not a posture dashboard, SIEM console, remediation tracker, or generated report.

Durable UX Principles

Use the existing SecurityV0 Design Principles as the human test for every screen.

1. Finish the sentence. Every title, finding, and remediation fragment must state the business conclusion, not only the technical fact.
2. Guide the eye. The most important thing must be visually obvious within five seconds.
3. Use plain language. Do not make the reader learn internal taxonomy before understanding the risk.
4. Make remediation safe to follow. Name what could break or what must be verified before acting.
5. Be partner-handout ready. A partner should be able to use the screen or report output without rewriting it.
6. Do not add what has not been asked for. Every extra control adds reading cost.

Surface Map

Overview

Audience: CISO and IAM leadership.

Job: rank the top governance exposures so a leader can decide what deserves attention first.

First viewport must answer: O-2

• what is wrong
• why it matters
• what caused it
• what proof supports it
• what action should be reviewed next

Structure: O-3

1. Hero: top exposure
2. Other exposure briefs: ranks 02-04
3. Why these briefs surfaced
4. Related access paths
5. Telemetry / provenance, collapsed unless needed

Rules:

• The hero is a decision object, not a dashboard header. O-4
• The hero field order is Risk, Root cause, Proof, Remediation plan. O-4
• The hero has exactly three CTAs: Open brief, Review remediation plan, View access chain. O-5
• Rows 02-04 have one CTA: Open brief. O-6
• Do not add KPI tiles, posture score, risk score, cluster-total framing, SIEM alert controls, owner assignment, or tracker workflow controls. O-1 O-8 O-9 O-10 O-14

Brief

Audience: shared CISO / analyst landing surface.

Job: explain one clustered exposure compactly enough for leadership review and concretely enough for an analyst who lands directly from SIEM or a ticket.

First viewport must answer: B-3

• what is the root cause
• what is affected
• why it matters now
• what plan or action is recommended
• where it should be sent or tracked if routing is part of the workflow

Top block order: B-4

1. Actionable issue title
2. Severity / execution state
3. Risk
4. Root cause
5. Affected scope
6. Proof
7. Remediation plan
8. Actions

Rules:

• The Brief represents a clustered exposure, not a single path. B-6
• Use Representative access chain when one diagram stands in for multiple related paths. B-12
• Include a compact Related paths in this brief block when the exposure groups several paths. B-19
• Use Remediation plan, not vague advisory language. B-8
• Do not place tracker status, ownership workflow, SIEM alert-console controls, or long narrative paragraphs above the fold. B-1 B-9 B-10 B-13

Access Chain

Audience: analyst / operator first; IAM or security engineering second.

Job: prove one path and show the narrowest useful action.

The page must cover: C-4

• what this path allows
• why this path matters
• the deterministic chain
• path facts
• recommended actions
• evidence

Top decision block: C-6

• Root cause
• What this path allows
• Why this path matters
• Recommended action

Rules:

• Scope every sentence to this path, not the parent cluster. C-1 C-15
• Recommended actions appear above the diagram and render as up to three typed actions: Remediate, Contain, or Investigate. C-7
• Each recommended action needs a title and body. Title-only actions are incomplete. C-22
• The first action sentence must use an imperative verb and a named entity. C-16
• Do not show raw 24-hex MongoDB ObjectIds in user-facing copy. C-17
• Evidence / provenance is collapsed by default. C-12
• Do not add a standalone Findings attached section, self-links to the same chain, auto-remediation claims, or source-system write-back claims. C-11 C-13 X-33

Language Contract

Customer-visible copy is deterministic. Same template plus same source values must render the same prose.

Use:

• Non-human identity
• Governance story
• Access chain
• Execution exposure
• Execution confirmed
• Standing authority
• Remediation plan

Avoid:

• Dormant on narrative UI surfaces
• Posture, risk score, or top clusters drive... on Overview
• could, might, may, likely, or similar probabilistic phrasing in customer-visible conclusions
• authority path in customer-facing copy, except when referencing legacy artifacts
• labels that make SecurityV0 sound like a workflow tracker, SIEM alert console, or CNAPP posture dashboard

The avoid list is CI-enforced where supported by the vocabulary gate: run npm run check:vocab, the third gate of npm run ci. X-1

Visual Contract

• Use a restrained type ramp: 12 / 14 / 16 / 18 / 24 px.
• Do not use text below 12 px.
• Keep uppercase letter spacing restrained.
• Separate surfaces by tonal step, not nested card wrappers.
• Do not introduce score gauges, decorative charts, modals, toasts, or sparkline dashboards on these surfaces.
• Danger nodes with filled red backgrounds need white text.

Currently Drifted (Live Defects)

• Brief composer-first is still transitional: Brief and Overview must prefer deterministic composer output and render No tenant data - first scan pending when required tenant copy cannot be composed. See sv0-platform#1054. B-17
• Chain path-scoped rendering remains structurally fragile until chain-per-path work lands. See sv0-platform#1020. C-15
• Chain raw-identifier leakage is a regression watch item: the prior 24-hex ObjectId defect was fixed in sv0-platform#1028, and future title/body leaks remain blocked by the C-17 contract. C-17
• Chain Reach and Path facts are not fully represented on shipped surfaces; baseline status is tracked in sv0-platform#955, and the full reach schema stays locked by the C-19 contract. C-9 C-19

Recently Settled

• Q-4 (TLD-7 Synthesis): SIEM-out write-OUT class approved; Remediation Plan as distinct page approved. Closed 2026-05-17 on sv0-platform#1018. X-33 X-34
• Q-5 (composer empty-state): No tenant data - first scan pending verbatim, no archetype fallback. Closed 2026-05-17 on sv0-platform#1018. B-17
• Q-1 / Q-3 / Q-6..Q-9 closed prior; see the source inventory for the full resolution log.

Open Question

The remaining unresolved UX question is Chain path layout: confirm whether the requested vertical alignment change refers to the chain diagram or to the four-field top decision block. Q-10 is tracked on sv0-platform#1018. Q-10

Until that is clarified, keep the compact horizontal chain as the proof diagram and avoid turning the page into a large graph.

Reviewer Checklist

Use this checklist on PRs touching the Overview, Brief, Access Chain, narrative copy composers, design contract, vocabulary gate, or governance-story data.

• Does the screen answer the right questions for its audience?
• Does the first viewport make the next decision obvious?
• Is every sentence derived from tenant data or a deterministic template?
• Does the copy avoid banned vocabulary and probabilistic claims?
• Does remediation name the object, action, and safety caveat?
• Are the Brief and Overview partner-handout ready without rewriting?
• Does the Chain prove one path rather than summarizing the cluster?
• Is evidence available without being open by default?
• Are routing, ticketing, SIEM, and tracker controls present only where they serve the page job?

Source Appendix

Detailed clause IDs, source quotes, issue references, durability tiers, and revision history live in North Star Source Inventory. Use that appendix when reviewing drift or resolving a disputed clause; do not make it the first-read path for designers or implementation agents.