ahmido/TenantAtlas
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects 1 Releases Wiki Activity
platform-dev
TenantAtlas/docs/ui-ux-enterprise-audit/page-reports/ui-036-exception-detail.md
ahmido a9c54205bf feat: finding exceptions accepted risk resolution guidance v1 (spec 354) (#425) 
Implemented the accepted risk resolution guidance, including the AcceptedRiskResolutionAdapter, guidance cards, and updated related Filament views. Added unit, feature, and browser tests.

Co-authored-by: Ahmed Darrazi <ahmed.darrazi@live.de>
Reviewed-on: #425
2026-06-05 02:20:46 +00:00

2.8 KiB
Raw Permalink Blame History

UI-036 Exception Detail

Field Value
Route /admin/workspaces/{workspace}/environments/{environment}/finding-exceptions/{record}
Source FindingExceptionResource::view
Area / scope Governance / environment detail
Archetype Exceptions / Accepted Risk
Design depth Strategic Surface
Repo truth repo-verified
Screenshot Spec 354 browser proof: ../../specs/354-finding-exceptions-accepted-risk-resolution-guidance-v1/artifacts/screenshots/spec354-ui-036-exception-detail-guidance.png
Browser status Re-validated through direct environment detail routes for incomplete-governance and calm-ready owner states.

First Five Seconds

The page should answer three questions before the operator drops into decision history:

  1. is this accepted-risk record still governable
  2. what is missing or urgent right now
  3. which existing lifecycle action owns the next step

Productization Review

  • Decision-first: now explicit. The accepted-risk guidance section appears before deeper decision history and evidence.
  • Evidence-first: environment, status, validity, owner, review due, expiry, and current decision remain visible in the first guidance block.
  • Context: environment-bound detail page with optional continuity back to workspace-owned governance surfaces.
  • Customer/auditor safety: high because this page explains whether the exception still provides a valid governance basis.
  • Diagnostics: secondary. Decision history and evidence references remain below the first-screen guidance.

Information Inventory

Default content should show dominant governance state, reason, impact, next step, environment, lifecycle status, governance validity, owner, review due, expiry, current decision, request reason, and missing governance inputs when applicable.

Dangerous Actions

renew_exception and revoke_exception remain source-owned header actions with current confirmation and authorization boundaries. The guidance section must not duplicate or invent lifecycle mutations.

Spec 354 Follow-up

  • Incomplete governance support is now first-screen visible before decision history and deep evidence.
  • Calm ready state remains calm and does not render a competing warning stack.
  • Existing repo-backed actions stay intact:
    • Renew exception
    • Revoke exception
  • Browser proof:
    • spec354-ui-036-exception-detail-guidance.png captures the incomplete-governance state.
    • The integrated browser also re-validated the calm ready detail state on the same route family.

Target Direction

Keep this page as the accepted-risk lifecycle owner surface. Future work should widen behavior only through existing record actions or bounded continuity links, not by shifting customer-facing or review-output responsibilities onto this detail page.