Drift Governance Conditions: UX Implementation Plan
Date: 2026-03-05
Status: Draft v1
Sprint priority: #2
Depends on: G3 backend (scope drift evidence pack enrichment), Clarity UX Restructure (for "Active Governance Conditions" section placement)
Effort estimate: 1-2 days
Owner: TBD
Source: docs/product/notion-synced/drift-ux.md, drift-intelligence-w1.md
Problem
The existing scope drift UX shows a generic finding card. Sergey's drift-ux.md spec defines a specific governance conditions card format with three components (Status, Condition, Evidence) that is significantly different from both the current UI and what G3 and PR #22 implement.
This plan covers the UX layer for drift signals — how they appear in the governance conditions section at both authority path and cluster levels. It extends G3 (which covers the backend evidence pack enrichment) with the specific card format defined in the Notion spec.
Scope
In Scope
- Governance Conditions Card Redesign — New card format for all governance conditions (not just drift)
- Scope Drift Card — Specific content for the drift governance condition
- Cluster-Level Drift Display — Summary-only drift in cluster governance section
- "Active Governance Conditions" rename — From "Active Risk Conditions"
Out of Scope
- Drift detection logic (covered by PR #22 evaluator changes)
- Evidence pack backend enrichment (covered by G3)
- Reachability drift and ownership drift evaluator rules (PR #22 — must land first)
- Graph "was → is" visualization (deferred)
Design: Governance Conditions Card
Card Structure (applies to ALL governance conditions, not just drift)
Each governance condition card has three components:
┌─────────────────────────────────────────────────┐
│ [Active] Since Xd │
│ │
│ Condition text describing the governance issue │
│ in one plain sentence. │
│ │
│ Evidence: │
│ • Key fact 1 │
│ • Key fact 2 │
│ • Detected: Nd ago │
└─────────────────────────────────────────────────┘
| Component | Description | Styling |
|---|---|---|
| Status | "Since Xd" — how long the condition has been active | 12px secondary text, top-right |
| Chip | "Active" status chip | Small pill, top-left |
| Condition | One plain sentence describing the governance issue | 14px semibold, primary text |
| Evidence | 2-3 bullet points with specific data | 12px secondary, muted background |
Runtime Strip (integrated, not a separate block)
On the right side of the governance conditions section header:
- "Last execution" timestamp
- "Observed executions (30d)" count
This replaces the large Runtime Activity block.
Design: Scope Drift Governance Condition
Card Content
| Component | Content |
|---|---|
| Status | "Since 30d" (computed from drift detection date) |
| Condition | "This authority path gained an additional role. The automation now executes with broader privileges than previously observed on this authority path." |
| Evidence | Privilege added: {added_role_name} |
Previously observed roles: {baseline_role_names} | |
Detected: {days_ago}d ago |
Data Requirements
The condition text and evidence fields require:
added_role_names— resolved role display names (from evidence pack, NOT from evidence_refs per G3 spec)baseline_role_names— baseline role display namesdetection_date— when the drift was first detecteddays_since_detection— computed client-side
These are available from:
- G3's
ScopeDriftDetailSectionin the evidence pack (preferred source — has resolved role names) - Finding
evidence_refs.added_role_targets(IDs only — need name resolution) - Finding
explanationtext (fallback — extract from existing explanation string)
Removed Elements
- Remove "intervals" from drift card — the existing interval visualization is not in the Notion spec
- Remove severity badges from governance condition tiles — governance conditions don't have severity; they're binary (present or not)
Design: Cluster-Level Drift
In the Authority Exposure Brief Section C (Governance Conditions), drift appears as a summary only:
Scope drift present across 3 authority paths
Rules:
- Never show drift explanations at cluster level
- Never show drift evidence at cluster level
- Only show presence + affected path count
Backend
Add to cluster governance conditions response:
{
type: "scope_drift",
label: "Scope Drift",
affected_path_count: 3,
summary: "Scope drift present across 3 authority paths"
}
This aggregates from path-level findings where finding_type === "scope_drift" within the cluster.
Governance Condition Types
The "Active Governance Conditions" section displays all active conditions, not just drift. Each type follows the same card structure:
| Finding Type | Condition Template | Evidence Template |
|---|---|---|
scope_drift | "This authority path gained {N} additional role(s)..." | Privilege added, previously observed roles, detected date |
orphaned_ownership | "No active owner governs this authority path..." | Last known owner, owner status, path count |
dormant_authority | "This authority path has not executed in {N} days..." | Last execution date, standing role count |
ownership_degraded | "Primary ownership has degraded to fallback governance..." | Primary owner status, fallback owners |
unproven_execution | "No execution evidence can be deterministically linked..." | Expected evidence source, last check date |
unknown_identity_binding | "Runtime identity binding cannot be determined..." | Expected binding type, investigation status |
Each condition type needs a mapping from finding data to the Status/Condition/Evidence card format.
Implementation Steps
| Step | File(s) | Description | Effort |
|---|---|---|---|
| D1 | ui/src/components/GovernanceConditionCard.tsx (NEW) | Generic card component with Status/Condition/Evidence layout | 2-3 hr |
| D2 | ui/src/components/governance-conditions/ (NEW dir) | Per-type condition renderers (scope-drift, orphaned, dormant, etc.) | 2-3 hr |
| D3 | ui/src/pages/AuthorityPathDetailPage.tsx | Replace "Active Risk Conditions" section with "Active Governance Conditions" using new card components | 1-2 hr |
| D4 | ui/src/pages/AuthorityPathDetailPage.tsx | Remove standalone Runtime Activity block, add compact strip to governance section header | 1 hr |
| D5 | Backend: cluster governance conditions endpoint | Aggregate findings by type across cluster paths, return governance conditions array | 1-2 hr |
| D6 | ui/src/pages/ClusterDetailPage.tsx (or Authority Exposure Brief) | Add Section C governance conditions with summary-only drift | 1 hr |
| D7 | Tests | Component tests for GovernanceConditionCard, condition type renderers | 1-2 hr |
Dependencies
G3 backend (scope drift evidence pack) ──── provides ScopeDriftDetailSection data
PR #22 evaluators (scope/reachability/ownership drift) ──── provides findings
│
▼
D1 + D2 (card components) ──── no code dependencies, can start immediately
│
▼
D3 (authority path detail integration) ──── depends on D1/D2
D4 (runtime strip) ──── depends on D3
│
▼
D5 (cluster backend) ──── depends on PR #22 evaluators
│
▼
D6 (cluster UI) ──── depends on D5, Clarity UX Restructure (Section C placement)
PR Sequence
| PR | Scope | Depends On |
|---|---|---|
| PR-D1 | GovernanceConditionCard component + per-type renderers | None |
| PR-D2 | Authority path detail: replace risk conditions with governance conditions + remove Runtime Activity block | PR-D1, G3 |
| PR-D3 | Cluster detail: Section C governance conditions with drift summary | PR-D2, Clarity C3 |
Risks
| Risk | Impact | Mitigation |
|---|---|---|
| Drift evidence data may not be available if G3 hasn't landed | Medium | Fall back to finding explanation text for condition/evidence fields until ScopeDriftDetailSection is available |
| PR #22 build blockers prevent drift findings from existing | High | Must fix PR #22 (missing reachability-drift.js and ownership-drift.js rule files) before this plan can show reachability/ownership governance conditions |
| Condition text templates need product review | Low | Start with templates from the Notion spec. Flag any types where the template doesn't fit. |
Relationship to Existing Plans
| Plan | Relationship |
|---|---|
G3 (2026-02-25-scope-drift-ux.md) | Complementary — G3 provides the backend data model. This plan provides the UX card format. |
G2 (2026-02-25-remediation-content-generation.md) | Independent — Remediation and governance conditions are separate sections. |
| PR #22 | Depends on — PR #22's evaluator enhancements produce the findings that governance conditions display. PR #22's Top Risk Reducers card is a separate section from governance conditions. |
| Clarity UX Restructure | Depends on — Section C of the Authority Exposure Brief is where cluster-level governance conditions appear. |