ahmido
a9c54205bf
Implemented the accepted risk resolution guidance, including the AcceptedRiskResolutionAdapter, guidance cards, and updated related Filament views. Added unit, feature, and browser tests. Co-authored-by: Ahmed Darrazi <ahmed.darrazi@live.de> Reviewed-on: #425
50 lines
2.8 KiB
Markdown
50 lines
2.8 KiB
Markdown
# UI-012 Finding Exceptions Queue
|
|
|
|
| Field | Value |
|
|
| --- | --- |
|
|
| Route | `/admin/finding-exceptions/queue` |
|
|
| Source | `FindingExceptionsQueue` |
|
|
| Area / scope | Governance / workspace |
|
|
| Archetype | Exceptions / Accepted Risk |
|
|
| Design depth | Strategic Surface |
|
|
| Repo truth | repo-verified |
|
|
| Screenshot | `Spec 354 browser proof: ../../specs/354-finding-exceptions-accepted-risk-resolution-guidance-v1/artifacts/screenshots/spec354-ui-026-finding-exceptions-queue-guidance.png` |
|
|
| Browser status | Re-validated through direct workspace queue routes for expiring and expired accepted-risk states. |
|
|
|
|
## First Five Seconds
|
|
|
|
The page should answer three questions before the operator reads the table:
|
|
|
|
1. which exception is in focus
|
|
2. whether the accepted-risk record is ready, expiring, expired, pending, or incomplete
|
|
3. what the next safe action is without widening current approval or rejection authority
|
|
|
|
## Productization Review
|
|
|
|
- Decision-first: now explicit. The focused review lane starts with a dominant accepted-risk guidance card before secondary diagnostics.
|
|
- Evidence-first: owner, review due, expiry, decision history, and related finding context stay visible in the same first-screen lane.
|
|
- Context: workspace-owned monitoring surface with explicit `exception` focus and optional governance-inbox continuity.
|
|
- Customer/auditor safety: high because this queue decides whether accepted risk can still be relied on as actively governed.
|
|
- Diagnostics: secondary. Header actions, sidebar detail, and the queue table remain source-owned under the guidance summary.
|
|
|
|
## Information Inventory
|
|
|
|
Default content should show dominant governance state, reason, impact, next step, related finding/exception links, owner, review due, expires, current decision, and the surrounding queue context.
|
|
|
|
## Dangerous Actions
|
|
|
|
Approve and reject actions remain high impact and stay in the existing header-controlled flow. The new guidance must not invent unsupported remediation buttons or bypass confirmation, authorization, and audit semantics.
|
|
|
|
## Spec 354 Follow-up
|
|
|
|
- Accepted-risk queue guidance is now derived from existing finding/exception truth through one bounded adapter.
|
|
- The queue shows one dominant guidance case with existing repo-backed secondary links only.
|
|
- Governance Inbox continuity remains intact on downstream exception detail links.
|
|
- Browser proof:
|
|
- `spec354-ui-026-finding-exceptions-queue-guidance.png` captures the expiring first-screen hierarchy.
|
|
- The same queue route was also re-validated for the expired state in the integrated browser.
|
|
|
|
## Target Direction
|
|
|
|
Keep this surface as the workspace-owned accepted-risk decision queue. Future changes should extend the bounded guidance adapter or existing queue actions, not create a parallel decision rail or fake auto-fix layer.
|