ahmido/TenantAtlas
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects 1 Releases Wiki Activity
platform-dev
TenantAtlas/docs/ui-ux-enterprise-audit/page-reports/ui-012-finding-exceptions-queue.md
ahmido a9c54205bf feat: finding exceptions accepted risk resolution guidance v1 (spec 354) (#425) 
Implemented the accepted risk resolution guidance, including the AcceptedRiskResolutionAdapter, guidance cards, and updated related Filament views. Added unit, feature, and browser tests.

Co-authored-by: Ahmed Darrazi <ahmed.darrazi@live.de>
Reviewed-on: #425
2026-06-05 02:20:46 +00:00

2.8 KiB
Raw Permalink Blame History

UI-012 Finding Exceptions Queue

Field Value
Route /admin/finding-exceptions/queue
Source FindingExceptionsQueue
Area / scope Governance / workspace
Archetype Exceptions / Accepted Risk
Design depth Strategic Surface
Repo truth repo-verified
Screenshot Spec 354 browser proof: ../../specs/354-finding-exceptions-accepted-risk-resolution-guidance-v1/artifacts/screenshots/spec354-ui-026-finding-exceptions-queue-guidance.png
Browser status Re-validated through direct workspace queue routes for expiring and expired accepted-risk states.

First Five Seconds

The page should answer three questions before the operator reads the table:

  1. which exception is in focus
  2. whether the accepted-risk record is ready, expiring, expired, pending, or incomplete
  3. what the next safe action is without widening current approval or rejection authority

Productization Review

  • Decision-first: now explicit. The focused review lane starts with a dominant accepted-risk guidance card before secondary diagnostics.
  • Evidence-first: owner, review due, expiry, decision history, and related finding context stay visible in the same first-screen lane.
  • Context: workspace-owned monitoring surface with explicit exception focus and optional governance-inbox continuity.
  • Customer/auditor safety: high because this queue decides whether accepted risk can still be relied on as actively governed.
  • Diagnostics: secondary. Header actions, sidebar detail, and the queue table remain source-owned under the guidance summary.

Information Inventory

Default content should show dominant governance state, reason, impact, next step, related finding/exception links, owner, review due, expires, current decision, and the surrounding queue context.

Dangerous Actions

Approve and reject actions remain high impact and stay in the existing header-controlled flow. The new guidance must not invent unsupported remediation buttons or bypass confirmation, authorization, and audit semantics.

Spec 354 Follow-up

  • Accepted-risk queue guidance is now derived from existing finding/exception truth through one bounded adapter.
  • The queue shows one dominant guidance case with existing repo-backed secondary links only.
  • Governance Inbox continuity remains intact on downstream exception detail links.
  • Browser proof:
    • spec354-ui-026-finding-exceptions-queue-guidance.png captures the expiring first-screen hierarchy.
    • The same queue route was also re-validated for the expired state in the integrated browser.

Target Direction

Keep this surface as the workspace-owned accepted-risk decision queue. Future changes should extend the bounded guidance adapter or existing queue actions, not create a parallel decision rail or fake auto-fix layer.