# Accepted Risk Guidance Signal Map: Spec 354 Inventory the existing repo-backed signals that may feed accepted-risk resolution guidance without adding new persistence or new workflow truth. ## Required Inputs | Signal | Current source | Notes | |---|---|---| | Exception status | `FindingException.status` | existing lifecycle truth | | Validity state | `FindingException.current_validity_state` and resolver output | existing governance-support truth | | Review due / expiry | `FindingException.review_due_at`, `expires_at` | existing urgency inputs | | Decision posture | `FindingException.currentDecisionType()` and `FindingExceptionDecision` | existing lifecycle/action context | | Linked finding state | `Finding` + `FindingRiskGovernanceResolver` | existing risk-accepted workflow truth | | Owner / rationale presence | existing `FindingException` fields | completeness signals only | | Related evidence / audit / review context | existing linked routes and summaries only | secondary links, not primary truth | ## Guidance Cases | Case key | Required signals | Primary action | Secondary actions | Notes | |---|---|---|---|---| | `accepted_risk.ready` | valid support, no urgent expiry, complete governance support | inspect accepted risk or no urgent action | finding / existing related context where repo-backed | calm state only | | `accepted_risk.expiring` | expiring validity | review accepted risk | open finding / existing related context / evidence references | high-priority queue case | | `accepted_risk.expired` | expired support | review accepted risk | open finding / decision history | no fake auto-renew | | `accepted_risk.revoked_or_rejected` | revoked or rejected support | open finding or review accepted risk | decision history / related context | action depends on current repo-backed source owner | | `accepted_risk.pending` | pending approval or pending renewal | review accepted risk | open finding / decision history | keep language conservative | | `accepted_risk.missing_support` | existing exception record has `current_validity_state=missing_support` or equivalent repo-real missing-support posture | review accepted risk | open finding / decision history | owner surfaces do not synthesize no-record accepted-risk rows | | `accepted_risk.fresh_decision_required` | `FindingException::requiresFreshDecisionForFinding()` is true and resolver warning copy is present | review accepted risk | open finding / decision history | preserve current repo-real signal; do not broaden into a new stale-governance framework | | `accepted_risk.incomplete_governance` | missing owner, rationale, or review support on an existing exception record | review accepted risk | open finding / existing related context | use only repo-backed completeness signals | | `accepted_risk.wording_reference` | conservative accepted-risk wording already exists in current review truth | no downstream artifact mutation in this slice | open accepted risk / open finding when repo-backed | owner-surface wording reference only | ## Guardrail Current repo truth already exposes one bounded fresh-decision-required signal through `FindingException::requiresFreshDecisionForFinding()` and `FindingRiskGovernanceResolver`. This slice may preserve and surface that signal more clearly, but it must not add a broader timestamp-, diff-, or change-history-based stale-governance framework. ## Forbidden Signals - live Graph/provider calls during render - synthetic review-impact scores - inferred customer-safe summaries that are not already repo-backed - hidden shell/session context treated as accepted-risk authority - legacy query aliases treated as scope authority