# Ultra v1 — Project Context --- ## Project **Project:** Ultra v1 design — conceptual UX from scratch **Site:** ultra.rizlabs.com (currently minimal React dashboard on port 8080) **Preview:** https://ux.rizlabs.com/projects/ultra/ **What we're doing:** Design consultation. Ultra is CLI-first today; this proposes what the GUI **should** be. Same Foundry-coded direction as Egan/veta (Egan/veta were authored 2026-05-23 as Egan/Quanta; renamed per ADR-016). **Role:** UX / design consultation, exploratory **Project overview:** Ultra is a **graph-native network policy lifecycle platform** — open alternative to Tufin/AlgoSec/FireMon. Product is the full firewall-policy lifecycle: > discover → model → analyze → implement → verify → monitor Uses Apache AGE (same graph substrate as Egan/tomo — tomo formerly Piggie, see ADR-016) + PyTorch Geometric (PolicyGAT for structural risk scoring). Primary users: security consultants, MSSP analysts, network engineers, compliance officers. CLI exposes ~40 commands across 9 subcommands. A small React 19 + Vite dashboard exists with ~7 pages, but the CLI is the real interface today. **The opportunity:** Translate the CLI's mental model into a GUI that's *better than the CLI* for analytical phases (gaps, compliance, topology) while staying out of the way during operational phases (`cr push`, `monitor`). Network/security people are CLI-comfortable — the UI has to earn its keep through *visualization* and *workflow*, not by replacing terminal habits. **Primary user (this consultation):** the security consultant / MSSP analyst doing discovery-and-policy work for a client. Comfortable in a terminal but wants a *map* of the network and a *workflow* for moving gaps into change requests. --- ## Navigation structure **No eyebrow / no top nav.** Authenticated tool, sidebar shell. **Sidebar — 5 sections, lifecycle-organized:** - ◆ **Brief** — posture; what's in flight, what changed, what to act on - ◇ **Discover** — Devices, Topology, Configs (what's actually there) - ◇ **Model** — Zones, Policies, Services (what should be there) - ◇ **Decide** — Gaps, Compliance, Change Requests, Risk (GNN) - ◇ **Operate** — Drift monitor, Flow ingest, Verify, Audit This *is* the user's mental model — the CLI's lifecycle made navigable. Sidebar header carries the active environment (network / customer). --- ## Pages in scope | Page | Description | Status | |---|---|---| | Brief / Posture | Home — system state, open change requests, recent gaps, drift events. | Planned | | Topology Explorer | Interactive zone+device graph. Trust-level coloring, zone polygons, rule annotations. | Planned | | Gaps → Change Request | Analytical core + workflow. How a detected gap becomes a deployable change. | Planned | | Compliance Posture | Framework selector (NIST 800-171, NERC CIP). Evidence trail back to zones/rules. | Planned | --- ## Wireframe / layout / design constraints - **Mood: Foundry-coded** — institutional, analytical, panel-disciplined. - **Tokens only** — no hex/rgb. - **Sidebar shell** with active environment in the header. - **Network topology is the visual centerpiece** — Egan-graph-shaped with trust-level coloring + zone polygons. - **The lifecycle is visible** — pages should show where you are in discover → … → monitor. - **Density on the high side**. - **Mobile is real but secondary** — most ops happens on a workstation. --- ## Key decisions made - 5-section IA: Brief / Discover / Model / Decide / Operate. - Brief replaces current overview page. - Topology Explorer is the spine. - Foundry-coded direction. - Reuse Egan patterns aggressively. - New patterns: trust-level color scale, lifecycle pipeline strip, risk-score viz, change-request kanban/timeline. --- ## Open questions - Multi-tenant env switcher: probably yes (MSSP use case). - CLI palette (⌘K → ultra commands): defer to v2. - Brand identity: defer. - Risk-score explainability viz: wireframes show simple "top contributing features"; richer viz is follow-on. --- ## Feedback log **2026-05-23 — Consultation kickoff** - Foundry-coded direction. 5 sections (lifecycle-driven). 4 anchor wireframes. - Greenfield UX (CLI is source of truth for workflows).