v1.3.35.5 -- Screenshots README inventory restructure¶

A doc-only patch on top of v1.3.35.4. Restructures docs/screenshots/README.md so each entry uses explicit fields (Route / How to reach / What to see / Crop / Status / Embedded in) instead of free-form Notes prose, reorders the inventory by hamburger drawer route, and adds a Setup recipes section for state-changing capture prerequisites.

Zero panel binary change; argosVersion and frontend/package.json deliberately stay at 1.3.35.4. Reuses the v1.3.27.1 / v1.3.34 / v1.3.35.1 precedent: tag- without-rebuild for doc-only changes.

Why¶

Operator's capture session against v1.3.35.4 surfaced three entries whose descriptions had drifted away from the actual UI:

1. host-form-true-detect.png — the previous Notes line said "Host edit modal scrolled to the AppSec section." The real UI has no "AppSec" section in the host form; true_detect_mode lives in the Access fieldset alongside lan_only. Exact label: "True detect mode (don't ban on AppSec alerts)" with sub-text "Alerts logged; no LAPI decisions created. Requires setup-appsec.sh re-run after toggle (script auto-restarts crowdsec)."
2. host-form-dns-provider-dropdown.png — described as being in the Advanced collapsible. Reality: the DNSProviderPicker renders in the TLS section when tls_challenge=dns is selected. Advanced contains only the ACME CA URL override.
3. security-overview.png — the previous Notes implied it was the /security Security tab's overview KPI cards. Reality: /security is a 5-tab page (Banned IPs / Whitelist / Activity / Scenarios / AppSec) with no Overview tab; the file at security-overview.png corresponds to the separate route /security/hosts, rendered by the SecurityOverviewPage component (page heading "Security overview"). The route bookmarks from v1.3.24's split when /security became the global-tab page and per-host WAF overview moved.
4. threats-decisions.png — previously marked [~] RETAKE with a note saying "captured against the legacy /threats URL retired in v1.3.24." Reality: /threats is still a real top-level route (visible in the hamburger between Security and AppSec). It renders a separate decisions list view from /security/banned, with different layout/columns. Both screenshots are valid distinct captures.

These four discrepancies were a structural symptom: the free-form "Notes" column was good at carrying ad-hoc info but bad at keeping the per-entry contract crisp. The restructure to explicit fields makes drift like this caught on the next read, not the next capture session.

What ships¶

Inventory restructure¶

Each entry now has six explicit fields:

Plus a per-entry "Status note" line on [~] retakes explaining what shifted (replaces the prior multi-purpose Notes column).

Reorder by hamburger drawer¶

Sections now follow the live nav order:

1. Auth (login + totp-setup)
2. Dashboard
3. Hosts (form + true-detect + dns-picker + auth-column + detect-badge)
4. Target Groups
5. Security (5 tabs + drift + selfblock + the /security/hosts overview-route entry)
6. Threats (with the /threats vs /security/banned relationship documented)
7. AppSec
8. Notifications
9. Logs
10. Backup
11. System
12. Settings
13. Country bans (under Settings as a sub-section)

Setup recipes¶

Five recipes at the bottom of the file capture state-changing prerequisites that several screenshots need:

• host-with-detect-mode — toggle the checkbox + revert.
• drift-state-induced — demo-only; v1.3.35.2 seed already produces both drift surfaces.
• self-block-induced — demo-only via argos demo seed-self-block --yes + revert.
• country-ban-in-progress — trigger a 9^th country expansion against the demo to capture the async progress bar mid-flow.
• target-group-with-2-targets — manual two-target setup.

Every state-changing recipe carries ⚠ Cambia estado: + the revert step.

Reworded entries (no file deletions)¶

Three entries kept their filenames + [x] status; only their location/route descriptions changed:

Sections preserved verbatim¶

• Capture environment (with one new line: "If you capture against a productive instance instead of the demo stack, the resulting PNGs are NOT safe for public docs without manual review before commit.")
• Browser settings
• Naming convention
• Status legend
• Capture session workflow
• Maintenance (extended with "When a UI surface gets removed" guidance)
• Replacement procedure
• When in doubt

Files changed¶

• docs/screenshots/README.md (rewritten)
• docs/release-notes/v1.3.35.5.md (this file)
• CHANGELOG.md, mkdocs.yml

NOT changed: backend/cmd/argos/main.go argosVersion stays at 1.3.35.4; frontend/package.json version stays at 1.3.35.4; no Go code; no frontend code; no migrations; no smokes; no panel rebuild required.

NOT touched in this commit: no feature page or release notes that embed the renamed-location screenshots. The three entries (DNS picker / security-overview / threats-decisions) keep their filenames so existing ![...] embeds in features/dns-providers.md, features/security-overview.md, features/crowdsec.md, etc. continue to render correctly. If a future redesign actually moves UI to a different filename, that's a separate commit.

Upgrade¶

Doc-only release. Operator action:

cd ~/argos-edge
git pull
# No make sync-prod required; no panel rebuild required.
# Optional: rebuild the docs portal locally to preview:
mkdocs serve

The docs portal at cmos486.github.io/argos-edge rebuilds automatically via the existing docs.yml workflow on the push to main; the release.yml workflow auto-publishes the v1.3.35.5 GitHub release object using this file as the body.

What this enables¶

After v1.3.35.5, the screenshots README is a precise operational guide rather than a drifted prose inventory. Future capture sessions read each entry's How-to-reach as a unit-of-work; deviations between the README and the live UI become loud at edit time rather than silent until the next capture session catches them.