ahmido
a9c54205bf
Implemented the accepted risk resolution guidance, including the AcceptedRiskResolutionAdapter, guidance cards, and updated related Filament views. Added unit, feature, and browser tests. Co-authored-by: Ahmed Darrazi <ahmed.darrazi@live.de> Reviewed-on: #425
52 lines
2.8 KiB
Markdown
52 lines
2.8 KiB
Markdown
# UI-036 Exception Detail
|
|
|
|
| Field | Value |
|
|
| --- | --- |
|
|
| Route | `/admin/workspaces/{workspace}/environments/{environment}/finding-exceptions/{record}` |
|
|
| Source | `FindingExceptionResource::view` |
|
|
| Area / scope | Governance / environment detail |
|
|
| Archetype | Exceptions / Accepted Risk |
|
|
| Design depth | Strategic Surface |
|
|
| Repo truth | repo-verified |
|
|
| Screenshot | `Spec 354 browser proof: ../../specs/354-finding-exceptions-accepted-risk-resolution-guidance-v1/artifacts/screenshots/spec354-ui-036-exception-detail-guidance.png` |
|
|
| Browser status | Re-validated through direct environment detail routes for incomplete-governance and calm-ready owner states. |
|
|
|
|
## First Five Seconds
|
|
|
|
The page should answer three questions before the operator drops into decision history:
|
|
|
|
1. is this accepted-risk record still governable
|
|
2. what is missing or urgent right now
|
|
3. which existing lifecycle action owns the next step
|
|
|
|
## Productization Review
|
|
|
|
- Decision-first: now explicit. The accepted-risk guidance section appears before deeper decision history and evidence.
|
|
- Evidence-first: environment, status, validity, owner, review due, expiry, and current decision remain visible in the first guidance block.
|
|
- Context: environment-bound detail page with optional continuity back to workspace-owned governance surfaces.
|
|
- Customer/auditor safety: high because this page explains whether the exception still provides a valid governance basis.
|
|
- Diagnostics: secondary. Decision history and evidence references remain below the first-screen guidance.
|
|
|
|
## Information Inventory
|
|
|
|
Default content should show dominant governance state, reason, impact, next step, environment, lifecycle status, governance validity, owner, review due, expiry, current decision, request reason, and missing governance inputs when applicable.
|
|
|
|
## Dangerous Actions
|
|
|
|
`renew_exception` and `revoke_exception` remain source-owned header actions with current confirmation and authorization boundaries. The guidance section must not duplicate or invent lifecycle mutations.
|
|
|
|
## Spec 354 Follow-up
|
|
|
|
- Incomplete governance support is now first-screen visible before decision history and deep evidence.
|
|
- Calm ready state remains calm and does not render a competing warning stack.
|
|
- Existing repo-backed actions stay intact:
|
|
- `Renew exception`
|
|
- `Revoke exception`
|
|
- Browser proof:
|
|
- `spec354-ui-036-exception-detail-guidance.png` captures the incomplete-governance state.
|
|
- The integrated browser also re-validated the calm ready detail state on the same route family.
|
|
|
|
## Target Direction
|
|
|
|
Keep this page as the accepted-risk lifecycle owner surface. Future work should widen behavior only through existing record actions or bounded continuity links, not by shifting customer-facing or review-output responsibilities onto this detail page.
|