ahmido/TenantAtlas
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects 1 Releases Wiki Activity
68ff50d460
TenantAtlas/docs/ui-ux-enterprise-audit/page-reports/ui-012-finding-exceptions-queue.md
Ahmed Darrazi 68ff50d460
Some checks failed
PR Fast Feedback / fast-feedback (pull_request) Failing after 3m45s
Details
feat: finding exceptions accepted risk resolution guidance v1 (spec 354) 
Implemented the accepted risk resolution guidance, including the AcceptedRiskResolutionAdapter, guidance cards, and updated related Filament views. Added unit, feature, and browser tests.
2026-06-05 04:18:59 +02:00

2.8 KiB
Raw Blame History

UI-012 Finding Exceptions Queue

Field Value
Route /admin/finding-exceptions/queue
Source FindingExceptionsQueue
Area / scope Governance / workspace
Archetype Exceptions / Accepted Risk
Design depth Strategic Surface
Repo truth repo-verified
Screenshot Spec 354 browser proof: ../../specs/354-finding-exceptions-accepted-risk-resolution-guidance-v1/artifacts/screenshots/spec354-ui-026-finding-exceptions-queue-guidance.png
Browser status Re-validated through direct workspace queue routes for expiring and expired accepted-risk states.

First Five Seconds

The page should answer three questions before the operator reads the table:

  1. which exception is in focus
  2. whether the accepted-risk record is ready, expiring, expired, pending, or incomplete
  3. what the next safe action is without widening current approval or rejection authority

Productization Review

  • Decision-first: now explicit. The focused review lane starts with a dominant accepted-risk guidance card before secondary diagnostics.
  • Evidence-first: owner, review due, expiry, decision history, and related finding context stay visible in the same first-screen lane.
  • Context: workspace-owned monitoring surface with explicit exception focus and optional governance-inbox continuity.
  • Customer/auditor safety: high because this queue decides whether accepted risk can still be relied on as actively governed.
  • Diagnostics: secondary. Header actions, sidebar detail, and the queue table remain source-owned under the guidance summary.

Information Inventory

Default content should show dominant governance state, reason, impact, next step, related finding/exception links, owner, review due, expires, current decision, and the surrounding queue context.

Dangerous Actions

Approve and reject actions remain high impact and stay in the existing header-controlled flow. The new guidance must not invent unsupported remediation buttons or bypass confirmation, authorization, and audit semantics.

Spec 354 Follow-up

  • Accepted-risk queue guidance is now derived from existing finding/exception truth through one bounded adapter.
  • The queue shows one dominant guidance case with existing repo-backed secondary links only.
  • Governance Inbox continuity remains intact on downstream exception detail links.
  • Browser proof:
    • spec354-ui-026-finding-exceptions-queue-guidance.png captures the expiring first-screen hierarchy.
    • The same queue route was also re-validated for the expired state in the integrated browser.

Target Direction

Keep this surface as the workspace-owned accepted-risk decision queue. Future changes should extend the bounded guidance adapter or existing queue actions, not create a parallel decision rail or fake auto-fix layer.