# Data Model — Remove Legacy Acknowledged Finding Status Compatibility

**Spec**: [spec.md](spec.md)

This feature is subtractive. It introduces no new persisted truth and no migration. The data-model impact is the removal of one legacy findings workflow branch from productive code and the reaffirmation of the canonical findings lifecycle as the only active status contract.

## Existing Canonical Entities Reused

### Finding (`findings`)

**Purpose**: Tenant-owned findings workflow truth.

**Key fields (existing)**:
- `id`
- `workspace_id`
- `tenant_id`
- `status`
- `triaged_at`
- `in_progress_at`
- `reopened_at`
- `resolved_at`
- `closed_at`
- `risk_accepted_at` via related exception state where applicable
- `first_seen_at`
- `last_seen_at`
- `times_seen`
- `sla_days`
- `due_at`
- `acknowledged_at`
- `acknowledged_by_user_id`

**Feature use**:
- Remains the single canonical workflow truth for findings.
- Continues to require both `workspace_id` and `tenant_id` as ownership anchors.
- Keeps the surviving active status contract: `new`, `triaged`, `in_progress`, `reopened`.
- Keeps the surviving terminal status contract: `resolved`, `closed`, `risk_accepted`.
- `acknowledged_at` and `acknowledged_by_user_id` may remain in schema for now, but they no longer justify an active workflow status, query branch, or UI affordance.

### FindingException (`finding_exceptions`)

**Purpose**: Existing risk-acceptance and exception truth attached to findings.

**Feature use**:
- Remains unchanged.
- Exists only for regression protection so removing `acknowledged` does not collapse or rename risk-governance semantics.

## Removed Active Workflow Contract

### LegacyAcknowledgedFindingStatus (removed, non-persisted contract)

**Previous role**:
- active status constant on `Finding`
- extra member of `openStatusesForQuery()`
- special-case filter and badge label
- capability alias and RBAC wording branch
- compatibility expectation in findings-facing tests and summary consumers

**Removal rule**:
- no productive code path writes `acknowledged` as current findings status
- no productive code path queries `acknowledged` as part of the active open-status set
- no productive findings UI or summary consumer presents `acknowledged` as current work
- no role or capability mapping preserves `tenant_findings.acknowledge`

## Derived Non-Persisted Contracts

### CanonicalFindingOpenStatusSet (derived)

**Members**:
- `new`
- `triaged`
- `in_progress`
- `reopened`

**Consumers**:
- findings resource and inbox queries
- workspace overview and governance inbox summaries
- review/report disclosure helpers that describe current open findings work
- support-diagnostic bundles that group active findings issues
- alerts, hygiene services, and findings generators that still look up active/open findings

### CanonicalFindingWorkflowPermissionSet (derived)

**Purpose**: Surviving capability vocabulary for findings workflow actions.

**Feature use**:
- remove `tenant_findings.acknowledge`
- keep surviving findings permissions and policy checks authoritative
- keep `404` versus `403` semantics unchanged for tenant-scoped findings surfaces

## Data Ownership Notes

- No new table, column, persisted alias, cache, or compatibility projection is introduced.
- No migration or historical data rewrite is planned.
- Review/report and support-diagnostic consumers remain derived over tenant-owned findings truth; they do not become separate persisted status stores.
- Verification-check acknowledgement, onboarding acknowledgement, and restore acknowledgement remain separate domains and are not remodeled here.

## Removal Invariants

- No productive code path may treat `acknowledged` as a current findings workflow status.
- No productive query helper may include `acknowledged` in the active open findings set.
- No shared badge, filter, summary, review/report disclosure, or support-diagnostic grouping may present `acknowledged` as current findings work.
- No new migration or persisted compatibility artifact may be introduced to preserve the removed branch.
- No non-finding acknowledgement domain may change as collateral damage from this cleanup.