# UI-012 Finding Exceptions Queue

| Field | Value |
| --- | --- |
| Route | `/admin/finding-exceptions/queue` |
| Source | `FindingExceptionsQueue` |
| Area / scope | Governance / workspace |
| Archetype | Exceptions / Accepted Risk |
| Design depth | Strategic Surface |
| Repo truth | repo-verified |
| Screenshot | `../screenshots/desktop/ui-012-finding-exceptions-queue.png` |
| Browser status | Reached through workspace route. |

## First Five Seconds

The page is an accepted-risk queue. It needs to make risk ownership, expiry, evidence basis, and approval/rejection consequences immediately clear.

## Productization Review

- Decision-first: strong candidate.
- Evidence-first: exception evidence and linked findings should be visible.
- Context: workspace hub with environment-filter possibilities.
- Customer/auditor safety: high, because accepted risk is customer-relevant.
- Diagnostics: raw finding/provider evidence should be secondary.

## Information Inventory

Default content should show exception state, requester/owner, affected environment, expiration, evidence links, decision history, and required action.

## Dangerous Actions

Approve exception, reject renewal, revoke exception, and accept risk are high impact. They require explicit confirmation, authorization, audit, and customer-safe explanation.

## Scores

| IA | Density | User Clarity | Sellability | Disclosure | Hierarchy | DS Fit | A11y | Responsive | Components | UX Writing | Perf |
| ---: | ---: | ---: | ---: | ---: | ---: | ---: | ---: | ---: | ---: | ---: | ---: |
| 3 | 3 | 3 | 4 | 3 | 3 | 4 | 3 | 3 | 4 | 3 | 4 |

## Top Issues

1. Risk decision language needs product-target treatment.
2. Evidence basis and expiry must be visible before approval.
3. Customer-safe accepted-risk wording requires review.

## Target Direction

P0/P1 individual target depending on customer-review sequencing. Treat as the accepted-risk decision pattern.