Przejdź do treści

Features

A snapshot of what is shipped today in the customer dashboard. Routes are listed in the form a Secruna admin or customer would type into the browser; the same paths back the API surface.

Inventory

  • /inventory — the canonical list of AI systems discovered in the tenant, with framework tags, last-seen-at timestamp, and verdict badges per applicable rule.
  • /inventory/{id} — single AI system view: artifacts collected, verdicts per rule, edit-facts review trail, manual-entry override.
  • /inventory/new — manual AI system entry for systems the connectors can't reach (Plan 73).

Verdicts and review

  • /hitl/queue — the human-in-the-loop review queue. Reviewers see verdicts that need editing, can change facts, and rerun the classifier with the corrected facts via the RERUN_WITH_FACTS mode.
  • /admin/verdicts/{id} — admin-only cross-tenant detail view for Secruna platform engineers.
  • Bulk operations on verdicts — pass/fail/dismiss multiple at once (shipped pre-v0.11; see Plan 85 in the changelog).

Discovery and connectors

  • /connections — the connector list per tenant: AWS, Azure, GCP, GitHub, plus surveying-tool patterns under the RICS pack.
  • /connections/new — guided OAuth or service-principal setup with corporate-email enforcement (Plan 68) and the Azure connector account picker with cross-account warning (Plan 69).
  • /connections/{id}/reauth — re-authorisation flow with AJAX toast feedback (Plan 72).
  • Discovery worker — runs every two minutes via cron; cp-api also invokes the Container Apps Job directly after a manual "Run discovery" click so the customer doesn't wait for the next tick (Plan 61 Phase 2).

Evidence and exports

  • EU AI Act Annex IV technical documentation export — per-AI-system PDF + HTML.
  • RICS AI Use Disclosure Statement — Plan 96 WI-5, exportable per AI system.
  • RICS Firm AI Register — Plan 96 WI-6, CSV + branded PDF for the whole tenant.
  • Audit log CSV export — for org admins.

Onboarding and tenant settings

  • /onboarding — self-serve signup (Plan 92), session refresh with invite-second-admin nudge (Plan 66), tenant slug collision auto-retry (Plan 67).
  • /settings — display block for tenant settings (Plan 74), connector credential rotation UI (Plan 86), webhook configuration (Plan 78).
  • Member management — invitations, member listing, role taxonomy rename (Plan 71).

Webhooks and integrations

  • /settings/webhooks — push events to SIEM, Slack, or Teams (Plan 78). Configurable per-event subscription.
  • Sentry — error tracking is wired into both cp-api and the frontend.
  • ntfy.sh — production deploy notifications (ADR 006).

Marketing surfaces (separate site)

The customer dashboard above sits at app.secruna.com. The marketing site at secruna.com carries the homepage rewrite (Plan 89, Plan 98), the use-cases pages (/use-cases, /use-cases/rics), and the dashboard explainer overlay (Plan 91) shown to first-time visitors.