feat(web): add security compliance role map

scripts/security/security-mirror-progress-guard.py

@@ -360,6 +360,7 @@ def validate(root: Path) -> None:
         "s2_106_iwooos_s49_owner_response_dispatch_flow_board",
         "s2_107_security_compliance_iwooos_frontstage_bridge",
         "s2_108_iwooos_frontstage_security_entry_roles",
+        "s2_109_security_compliance_frontstage_route_role_map",
     ]
     assert_equal(
         "progress_delta_ledger.delta_ids",
@@ -624,6 +625,11 @@ def validate(root: Path) -> None:
         [item["action_id"] for item in rollup["next_safe_actions"] if isinstance(item, dict)],
         "show_iwooos_frontstage_security_entry_roles",
     )
+    assert_contains(
+        "rollup.next_safe_actions.action_ids",
+        [item["action_id"] for item in rollup["next_safe_actions"] if isinstance(item, dict)],
+        "show_security_compliance_frontstage_route_role_map",
+    )
     assert_contains(
         "rollup.next_safe_actions.action_ids",
         [item["action_id"] for item in rollup["next_safe_actions"] if isinstance(item, dict)],
@@ -7998,6 +8004,11 @@ def validate(root: Path) -> None:
         security_compliance_page,
         "SecurityComplianceFrontStage",
     )
+    assert_text_contains(
+        "security_compliance_page.frontstage_route_role_map_testid",
+        security_compliance_page,
+        'data-testid="security-compliance-frontstage-route-role-map"',
+    )
     assert_text_contains(
         "iwooos_page.security_compliance_frontstage_testid",
         iwooos_projection_page,
@@ -8028,6 +8039,17 @@ def validate(root: Path) -> None:
             iwooos_projection_page,
             text,
         )
+    for text in [
+        "security_compliance_frontstage_route_role_count=5",
+        "security_compliance_frontstage_primary_source=iwooos",
+        "security_compliance_frontstage_execution_entry_count=0",
+        "security_compliance_frontstage_links_read_only=true",
+    ]:
+        assert_text_contains(
+            "security_compliance_page.frontstage_route_role_boundary",
+            security_compliance_page,
+            text,
+        )
     for text in [
         "secret_value_collection_allowed=false",
         "repo_creation_authorized=false",
@@ -8051,7 +8073,19 @@ def validate(root: Path) -> None:
         list(web_messages_en.keys()),
         "securityCompliance",
     )
-    for key in ["eyebrow", "title", "subtitle", "openIwooos", "boundaryTitle", "boundaryIntro", "items"]:
+    for key in [
+        "eyebrow",
+        "title",
+        "subtitle",
+        "openIwooos",
+        "boundaryTitle",
+        "boundaryIntro",
+        "routeRoleTitle",
+        "routeRoleSubtitle",
+        "routeLabel",
+        "items",
+        "routeRoles",
+    ]:
         assert_contains(
             "web_messages.zh-TW.securityCompliance.frontStage.keys",
             list(web_messages_zh["securityCompliance"]["frontStage"].keys()),
@@ -8073,6 +8107,23 @@ def validate(root: Path) -> None:
             list(web_messages_en["securityCompliance"]["frontStage"]["items"].keys()),
             key,
         )
+    for key in [
+        "iwooosOverview",
+        "securityComplianceHub",
+        "securityMonitor",
+        "complianceStats",
+        "awooopApprovals",
+    ]:
+        assert_contains(
+            "web_messages.zh-TW.securityCompliance.frontStage.routeRoles",
+            list(web_messages_zh["securityCompliance"]["frontStage"]["routeRoles"].keys()),
+            key,
+        )
+        assert_contains(
+            "web_messages.en.securityCompliance.frontStage.routeRoles",
+            list(web_messages_en["securityCompliance"]["frontStage"]["routeRoles"].keys()),
+            key,
+        )
     assert_contains(
         "web_messages.zh-TW.iwooos.securityComplianceFrontStage",
         list(web_messages_zh["iwooos"].keys()),