BP-2213: Zone Builder and other UI improvements

[jeff-matthews]

Purpose

This pull request (PR) updates the docs with Zone Builder terminology and replaces screenshots as needed.

It also updates other screenshots and copy related to several UI enhancements that change how privilege zone management works.

See BP-2213 and v8.5.0 fix version filter

TODO

Engineering is still working on the following issues:

• [ ] BED-6822 (object panel update) moved to next release
• BED-6918 (direct/expanded objects in rule creation sample results)
• Differentiate between BHE and BHCE features

Staging

https://specterops-bp-2213-zone-builder.mintlify.app/analyze-data/privilege-zones/overview

Summary by CodeRabbit

Release Notes

• Documentation
  • Updated documentation with "Zone Builder" terminology for improved clarity
  • Expanded zone and label management workflows with detailed step-by-step instructions
  • Clarified Community Edition versus Enterprise Edition feature availability
  • Enhanced visual documentation with improved accessibility and descriptions
  • Added documentation for Automatic Certification status filter option

_{✏️ Tip: You can customize this high-level summary in your review settings.}

[coderabbitai]

Important

Review skipped

Auto reviews are disabled on base/target branches other than the default branch.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Walkthrough

Documentation updates to the Privilege Zones section rename "Privilege Zones" to "Zone Builder" terminology, add new MDX components (ContactSales, ZoneLabelViews, DeleteZoneLabel), update image references and alt texts, expand instructions with enterprise-specific guidance, and restructure content across multiple pages.

Changes

Cohort / File(s)	Summary
Privilege Zones Documentation Terminology & Content Updates docs/analyze-data/privilege-zones/overview.mdx, docs/analyze-data/privilege-zones/certification.mdx, docs/analyze-data/privilege-zones/history.mdx, docs/analyze-data/privilege-zones/rules.mdx	Renamed "Privilege Zones" to "Zone Builder" throughout; updated image alt texts and sources; expanded status filter options and step-by-step instructions; added Enterprise Edition badges for enterprise-only features; clarified UI paths and control references
Privilege Zones Component Integration & Expansion docs/analyze-data/privilege-zones/labels.mdx, docs/analyze-data/privilege-zones/zones.mdx	Added imports for ZoneLabelViews and DeleteZoneLabel components; significantly expanded content with new sections (Define a Rule, Delete workflows); restructured tabs and detailed descriptions; enhanced visual and textual guidance for editing/deletion operations; added enterprise-specific notes and component integration
Privilege Zones Overview Page Enhancement docs/analyze-data/overview.mdx	Applied cosmetic formatting to MDX front matter (separator changes from ---- to ---); removed intermediate blank lines between Card components; normalized whitespace
Shared Component Snippets docs/snippets/privilege-zones/contact-sales.mdx, docs/snippets/privilege-zones/delete-zone-label.mdx, docs/snippets/privilege-zones/zone-label-views.mdx	Created three new reusable MDX snippet components: ContactSales (sales contact prompt), DeleteZoneLabel (irreversibility warning), and ZoneLabelViews (tab availability note for enterprise/community editions)

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~25 minutes

Possibly related PRs

• BED-6640: Privilege Zone updates #84: Modifies the same Privilege Zones/Zone Builder MDX documentation files with overlapping terminology and feature updates.
• v8.4.0 release notes #110: v8.4.0 release notes documentation that covers the same Privilege Zone/Rules/Zone Builder feature changes and terminology updates.

Suggested labels

Waiting for BH PR

Suggested reviewers

• slokie-so
• StephenHinck
• rtippitt-specterops

Poem

🐰 A Zone Builder's dream, rebranded with care,
Documentation refreshed with snippets to share,
From Privilege Zones old to Builder so new,
With components and badges and views reimproofed too!
The paths are now clear, the steps all spelled out,
This documentation hop brings no doubt! 📋✨

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title 'BP-2213: Zone Builder and other UI improvements' clearly summarizes the main changes, which include Zone Builder terminology updates and UI improvements across documentation.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[StephenHinck]

Left a few comments that need addressing and a couple suggestions. Additionally, privilege-zones/rules L239 (Object deleted from graph) is an Enterprise-only consideration. Please mark it as such.

[StephenHinck]

Looks great

[jeff-matthews]

@coderabbitai review

[coderabbitai]

✅ Actions performed

Review triggered.

Note: CodeRabbit is an incremental review system and does not re-review already reviewed commits. This command is applicable only when automatic reviews are paused.

[coderabbitai]

Actionable comments posted: 1

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (2)

docs/analyze-data/privilege-zones/rules.mdx (1)

83-96: Fix broken in-page link for certification.
There isn’t a “Certification” heading in this file, so #certification won’t resolve. Link to the certification page (or an existing local anchor).

🔗 Suggested fix

-| Automatic Certification |     No    | <Badge shape="rounded" size="sm" stroke color="purple">Enterprise Edition</Badge> An option to choose how BloodHound [certifies](`#certification`) new objects (available for zones only) |
+| Automatic Certification |     No    | <Badge shape="rounded" size="sm" stroke color="purple">Enterprise Edition</Badge> An option to choose how BloodHound [certifies](/analyze-data/privilege-zones/certification) new objects (available for zones only) |

docs/analyze-data/privilege-zones/certification.mdx (1)

44-56: Align tab name with "Certifications" and ensure consistent terminology.
Line 104 of this same file uses "The Certifications tab," but lines 44, 54, and 55 use the singular "Certification." Additionally, overview.mdx references the feature as "Certifications" (plural). Align all instances to use "Certifications" for consistency.

✏️ Proposed wording alignment

-The **Certification** tab in the **Zone Builder** page allows administrators and power users to review, approve, or revoke certifications for objects in zones where manual certification has been configured.
+The **Certifications** tab in the **Zone Builder** page allows administrators and power users to review, approve, or revoke certifications for objects in zones where manual certification has been configured.
...
-  <Step title="Open the Certification tab">
-    Navigate to the **Privilege Zones** > **Certification** tab.
+  <Step title="Open the Certifications tab">
+    Navigate to the **Privilege Zones** > **Certifications** tab.

🤖 Fix all issues with AI agents

In `@docs/analyze-data/privilege-zones/zones.mdx`:
- Around line 129-133: The in-page link "[certification](`#certification`)" in
zones.mdx is broken because there is no "Certification" heading; either add a
matching heading (e.g., add "## Certification" or "### Certification" with the
certification content) to create the `#certification` anchor, or change the link
to point to the correct existing anchor/page (replace
"[certification](`#certification`)" with the proper relative link to the
Certification section or page). Update the text
"[certification](`#certification`)" accordingly to ensure the anchor exists or the
link targets the correct document.

♻️ Duplicate comments (2)

docs/analyze-data/privilege-zones/labels.mdx (1)

139-167: Add an irreversibility warning for label deletion.
Deletion is a destructive action; a short warning would prevent surprises.

✏️ Suggested note

 <Badge shape="rounded" size="sm" stroke color="purple">Enterprise Edition</Badge>
 
+<Note>Deleting a label is irreversible.</Note>
+
 You cannot delete the default **Owned** label, but you can edit its description and rules.

docs/analyze-data/privilege-zones/zones.mdx (1)

150-181: Add an irreversibility warning for zone deletion.
This is a destructive action and should be explicitly called out.

✏️ Suggested note

 <Badge shape="rounded" size="sm" stroke color="purple">Enterprise Edition</Badge>
 
+<Note>Deleting a zone is irreversible.</Note>
+
 You cannot delete the default **Tier Zero** zone, but you can edit its properties. See [Modify Tier Zero](/get-started/security-boundaries/modifying-tier-zero) for more information.

📜 Review details

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between dc7a93c and a5fc53c.

⛔ Files ignored due to path filters (27)

• docs/images/privzones/certification-environment.gif is excluded by !**/*.gif
• docs/images/privzones/certification-note-history.png is excluded by !**/*.png
• docs/images/privzones/certification-note.png is excluded by !**/*.png
• docs/images/privzones/certification-status.gif is excluded by !**/*.gif
• docs/images/privzones/certification.png is excluded by !**/*.png
• docs/images/privzones/certifications-filter.png is excluded by !**/*.png
• docs/images/privzones/certifications-search-filter.png is excluded by !**/*.png
• docs/images/privzones/confirm-label-delete.png is excluded by !**/*.png
• docs/images/privzones/confirm-zone-delete.png is excluded by !**/*.png
• docs/images/privzones/create-label.png is excluded by !**/*.png
• docs/images/privzones/create-zone.png is excluded by !**/*.png
• docs/images/privzones/cypher-rule-config.png is excluded by !**/*.png
• docs/images/privzones/define-label-rule.png is excluded by !**/*.png
• docs/images/privzones/define-zone-rule.png is excluded by !**/*.png
• docs/images/privzones/delete-rule-confirm.png is excluded by !**/*.png
• docs/images/privzones/edit-label-details-view.png is excluded by !**/*.png
• docs/images/privzones/edit-label-summary-view.png is excluded by !**/*.png
• docs/images/privzones/edit-rule.png is excluded by !**/*.png
• docs/images/privzones/edit-zone.png is excluded by !**/*.png
• docs/images/privzones/history-log-filter.png is excluded by !**/*.png
• docs/images/privzones/history-log.png is excluded by !**/*.png
• docs/images/privzones/labels-detail-view.png is excluded by !**/*.png
• docs/images/privzones/labels-summary-view.png is excluded by !**/*.png
• docs/images/privzones/objectid-rule-config.png is excluded by !**/*.png
• docs/images/privzones/reorder-zone.png is excluded by !**/*.png
• docs/images/privzones/zones-detail-view.png is excluded by !**/*.png
• docs/images/privzones/zones-summary-view.png is excluded by !**/*.png

📒 Files selected for processing (10)

• docs/analyze-data/overview.mdx
• docs/analyze-data/privilege-zones/certification.mdx
• docs/analyze-data/privilege-zones/history.mdx
• docs/analyze-data/privilege-zones/labels.mdx
• docs/analyze-data/privilege-zones/overview.mdx
• docs/analyze-data/privilege-zones/rules.mdx
• docs/analyze-data/privilege-zones/zones.mdx
• docs/snippets/privilege-zones/contact-sales.mdx
• docs/snippets/privilege-zones/delete-zone-label.mdx
• docs/snippets/privilege-zones/zone-label-views.mdx

🧰 Additional context used

🧠 Learnings (2)

📚 Learning: 2025-10-02T18:01:39.059Z

Learnt from: StephenHinck
Repo: SpecterOps/bloodhound-docs PR: 67
File: docs/collect-data/enterprise-collection/privileged-collection.mdx:7-7
Timestamp: 2025-10-02T18:01:39.059Z
Learning: In the BloodHound documentation repository, "BloodHound" as a standalone name refers to the entire product family and is appropriate to use when content applies to all products in the family (Enterprise and Community Edition). "BloodHound Enterprise" should be used only when referring specifically to Enterprise-only features or capabilities.

Applied to files:

• docs/snippets/privilege-zones/contact-sales.mdx
• docs/snippets/privilege-zones/zone-label-views.mdx

📚 Learning: 2025-08-08T15:57:55.743Z

Learnt from: StephenHinck
Repo: SpecterOps/bloodhound-docs PR: 42
File: docs/install-data-collector/install-azurehound/system-requirements.mdx:70-73
Timestamp: 2025-08-08T15:57:55.743Z
Learning: For AzureHound docs (docs/install-data-collector/install-azurehound/system-requirements.mdx), prefer explicitly stating:
- Directory Reader must be permanently active (not PIM-eligible only).
- Microsoft Graph application permissions (Directory.Read.All, RoleManagement.Read.All) require admin consent.
- Azure Reader role phrasing: “on all Azure subscriptions, ideally assigned at the tenant root group (root management group) scope.”

Applied to files:

• docs/analyze-data/privilege-zones/rules.mdx

🔇 Additional comments (25)

docs/snippets/privilege-zones/delete-zone-label.mdx (1)

1-1: LGTM!

The reusable warning snippet with the {tab} variable provides a clean, DRY approach for consistent deletion warnings across both zone and label management flows.

docs/snippets/privilege-zones/zone-label-views.mdx (1)

1-1: LGTM!

The snippet correctly differentiates between BloodHound Enterprise and Community Edition features, aligning with the product naming conventions. Based on learnings, "BloodHound Enterprise" is appropriately used for the Enterprise-only Summary View feature.

docs/snippets/privilege-zones/contact-sales.mdx (1)

1-2: LGTM!

The content appropriately references "Privilege Zone Analysis" as the purchasable feature name and includes a helpful link to the zone creation documentation. The prose addresses the clarity concerns from previous review feedback.

docs/analyze-data/overview.mdx (1)

8-10: Verify terminology consistency for the card title.

The card title on Line 9 still uses "Privilege Zones" while the PR objective is to update terminology to "Zone Builder". Please verify whether this should remain as "Privilege Zones" (if it refers to the conceptual feature area) or be updated to "Zone Builder" (if it should match the new UI terminology).

docs/analyze-data/privilege-zones/history.mdx (2)

12-16: LGTM!

The alt text updates correctly reflect the Zone Builder terminology, improving accessibility and consistency with the updated UI naming.

---

22-26: LGTM!

Alt text appropriately updated to match Zone Builder terminology.

docs/analyze-data/privilege-zones/certification.mdx (3)

12-16: Updated Zone Builder imagery reads well.
Alt text aligns with the new terminology and improves accessibility.

---

58-90: Nice addition of Automatic Certification status + updated filters.
The status list and filter visuals map cleanly to the updated UI.

---

104-110: Tip + note dialog visuals look consistent.
The imagery and history log callout reinforce the workflow nicely.

docs/analyze-data/privilege-zones/overview.mdx (2)

6-30: ContactSales CTA and key-concept table update look good.
Nice alignment with the Enterprise messaging and Zone Builder terminology.

---

38-46: Zone Builder feature list reads clear.
The new bullets and badge placement make the section easier to scan.

docs/analyze-data/privilege-zones/rules.mdx (5)

61-74: Zone Builder flow clarification is solid.
The guidance on selecting a zone/label before creating rules is clear.

---

106-132: Sample results guidance and screenshots are clear.
The direct vs expanded object explanation is concise and useful.

---

156-179: Two-path rule lookup workflow is easy to follow.
The search-by-rule and search-by-object split should reduce confusion.

---

191-215: Edit/delete steps are crisp and complete.
The placement and UI cues match the updated flow.

---

241-245: Enterprise-only retention note is well-marked.
Badge placement makes the edition constraint obvious.

docs/analyze-data/privilege-zones/labels.mdx (4)

6-15: Intro refresh and new snippets fit well.
The updated framing around the Owned label reads cleanly.

---

18-41: Summary/Details view explanations are clear.
Good use of the tabbed walkthrough and supporting note.

---

47-95: Create-label flow reads cleanly.
The steps and screenshots map well to the Zone Builder UI.

---

100-137: Edit-label steps are well scoped by edition.
The split between Summary and Details view usage is helpful.

docs/analyze-data/privilege-zones/zones.mdx (5)

7-19: New CTA + view toggle integration looks good.
The snippets add helpful context without clutter.

---

21-45: Summary/Details view copy is clearer.
The expanded descriptions and tip improve discoverability.

---

50-103: Zone creation steps align with Zone Builder UI.
Field descriptions and screenshots are consistent and readable.

---

105-126: Edition-specific edit guidance is helpful.
Clear distinction between Enterprise and Community capabilities.

---

135-147: Zone reordering guidance is clear.
The grip-control explanation and screenshot help.

_{✏️ Tip: You can disable this entire section by setting review_details to false in your review settings.}