ahmido
b511b08371
Some checks failed
PR Fast Feedback / fast-feedback (pull_request) Failing after 1m0s
This PR removes the legacy "acknowledged" status compatibility for findings and unifies the canonical operation types (e.g., transitioning from baseline_capture to baseline.capture). It includes updated tests, models, and services to reflect these changes. Co-authored-by: Ahmed Darrazi <ahmed.darrazi@live.de> Reviewed-on: #296
121 lines
4.7 KiB
YAML
121 lines
4.7 KiB
YAML
version: 1
|
|
kind: findings-acknowledged-compat-removal
|
|
|
|
scope:
|
|
goal: remove productive acknowledged compatibility from findings workflow truth only
|
|
non_goals:
|
|
- findings lifecycle backfill runtime-surface removal
|
|
- creation-time finding invariant hardening
|
|
- broader findings lifecycle redesign
|
|
- verification acknowledgement cleanup
|
|
- onboarding acknowledgement cleanup
|
|
- restore impact acknowledgement cleanup
|
|
- migration or fallback-reader preservation
|
|
|
|
canonical_status_contract:
|
|
active_open:
|
|
- new
|
|
- triaged
|
|
- in_progress
|
|
- reopened
|
|
terminal:
|
|
- resolved
|
|
- closed
|
|
- risk_accepted
|
|
removed_active_status:
|
|
- acknowledged
|
|
|
|
shared_seams:
|
|
model_and_workflow:
|
|
owner_files:
|
|
- apps/platform/app/Models/Finding.php
|
|
- apps/platform/app/Services/Findings/FindingWorkflowService.php
|
|
- apps/platform/app/Policies/FindingPolicy.php
|
|
requirements:
|
|
- no productive findings workflow helper writes or expects acknowledged
|
|
- open-status query helpers collapse onto the canonical active-open set only
|
|
badge_and_filter_catalogs:
|
|
owner_files:
|
|
- apps/platform/app/Support/Badges/Domains/FindingStatusBadge.php
|
|
- apps/platform/app/Support/Filament/FilterOptionCatalog.php
|
|
requirements:
|
|
- no badge label exposes acknowledged or legacy acknowledged
|
|
- no findings filter offers acknowledged as a current workflow state
|
|
capabilities_and_roles:
|
|
owner_files:
|
|
- apps/platform/app/Support/Auth/Capabilities.php
|
|
- apps/platform/app/Services/Auth/RoleCapabilityMap.php
|
|
requirements:
|
|
- tenant_findings.acknowledge is removed
|
|
- surviving findings capability language stays canonical and tenant-scoped
|
|
tenant_findings_surfaces:
|
|
routes:
|
|
- /admin/t/{tenant}/findings
|
|
- /admin/t/{tenant}/findings/{record}
|
|
owner_files:
|
|
- apps/platform/app/Filament/Resources/FindingResource.php
|
|
- apps/platform/app/Filament/Resources/FindingResource/Pages/ListFindings.php
|
|
- apps/platform/app/Filament/Pages/Findings/MyFindingsInbox.php
|
|
requirements:
|
|
- no visible findings workflow affordance presents acknowledged as current work
|
|
findings_derived_consumers:
|
|
owner_files:
|
|
- apps/platform/app/Support/CustomerHealth/WorkspaceHealthSummaryQuery.php
|
|
- apps/platform/app/Support/Workspaces/WorkspaceOverviewBuilder.php
|
|
- apps/platform/app/Support/GovernanceInbox/GovernanceInboxSectionBuilder.php
|
|
- apps/platform/app/Support/Baselines/BaselineCompareStats.php
|
|
- apps/platform/app/Support/SupportDiagnostics/SupportDiagnosticBundleBuilder.php
|
|
- apps/platform/app/Services/TenantReviews/TenantReviewSectionFactory.php
|
|
- apps/platform/app/Jobs/Alerts/EvaluateAlertsJob.php
|
|
- apps/platform/app/Services/PermissionPosture/PermissionPostureFindingGenerator.php
|
|
- apps/platform/app/Services/EntraAdminRoles/EntraAdminRolesFindingGenerator.php
|
|
- apps/platform/app/Services/Baselines/BaselineAutoCloseService.php
|
|
- apps/platform/app/Services/Findings/FindingAssignmentHygieneService.php
|
|
requirements:
|
|
- counts, previews, review disclosures, diagnostics, and alerts use the same canonical open-status set as findings surfaces
|
|
- no productive findings-derived consumer treats acknowledged as current work
|
|
|
|
retained_behavior:
|
|
findings_workflow_actions:
|
|
- triage
|
|
- start_progress
|
|
- assign
|
|
- resolve
|
|
- close
|
|
- reopen
|
|
- request_exception
|
|
- risk_accept
|
|
guarantees:
|
|
- existing findings lifecycle outcomes remain otherwise unchanged
|
|
- no new workflow state or replacement compatibility path is introduced
|
|
|
|
non_finding_domains:
|
|
untouched:
|
|
- verification check acknowledgement
|
|
- onboarding verification acknowledgement
|
|
- restore impact acknowledgement
|
|
|
|
legacy_data_posture:
|
|
findings_table:
|
|
- acknowledged columns may remain in schema for now without preserving active runtime semantics
|
|
migrations:
|
|
- no new migration or persisted compatibility artifact is allowed in this slice
|
|
|
|
validation_expectations:
|
|
no_new_persistence:
|
|
- no file under apps/platform/database/migrations may change
|
|
- no alias table, persisted mapping, or fallback reader may be introduced
|
|
absence_proof:
|
|
- no productive findings surface exposes acknowledged as current workflow status
|
|
- no productive findings-derived consumer exposes acknowledged as current work
|
|
- no findings capability alias remains for acknowledge semantics
|
|
regression_proof:
|
|
- canonical findings workflow actions still behave unchanged
|
|
- non-finding acknowledgement domains remain untouched
|
|
lane_classification:
|
|
required:
|
|
- fast-feedback
|
|
- confidence
|
|
- heavy-governance
|
|
excluded:
|
|
- browser |