add kiro steering files

.kiro/steering/product.md

@@ -0,0 +1,27 @@
+# Product Overview
+
+The STEAM Security Dashboard is a self-hosted vulnerability management tool for the NTS-AEO-STEAM and NTS-AEO-ACCESS-ENG business units. It centralizes CVE tracking, Ivanti host finding triage, AEO compliance posture monitoring, FP/Archer exception workflows, and internal documentation in a single interface.
+
+## Core Capabilities
+
+- Searchable CVE list with per-vendor tracking and document storage
+- NVD API integration for auto-populating CVE metadata
+- Ivanti/RiskSense integration for syncing open host findings with FP workflow tracking
+- Reporting page with charts, advanced filtering, inline editing, and CSV/XLSX export
+- Ivanti Queue for batch-processing FP, Archer, and CARD workflows
+- AEO Compliance page with weekly xlsx upload, diff preview, per-team metric health cards, and device-level violation tracking
+- Archer risk acceptance ticket tracking (EXC numbers) linked to CVE/vendor pairs
+- Knowledge base for internal documentation and policies
+- Role-based access control (viewer, editor, admin) with full audit trail
+
+## User Roles
+
+| Role | Permissions |
+|------|------------|
+| viewer | Read-only access to all data |
+| editor | All viewer permissions plus create/update operations |
+| admin | All editor permissions plus delete, user management, and audit log access |
+
+## Teams Tracked
+
+Only **STEAM** and **ACCESS-ENG** teams are tracked in the compliance module.