68ff50d460
Some checks failed
PR Fast Feedback / fast-feedback (pull_request) Failing after 3m45s
Implemented the accepted risk resolution guidance, including the AcceptedRiskResolutionAdapter, guidance cards, and updated related Filament views. Added unit, feature, and browser tests.
50 lines
2.8 KiB
Markdown
50 lines
2.8 KiB
Markdown
# UI-012 Finding Exceptions Queue
|
|
|
|
| Field | Value |
|
|
| --- | --- |
|
|
| Route | `/admin/finding-exceptions/queue` |
|
|
| Source | `FindingExceptionsQueue` |
|
|
| Area / scope | Governance / workspace |
|
|
| Archetype | Exceptions / Accepted Risk |
|
|
| Design depth | Strategic Surface |
|
|
| Repo truth | repo-verified |
|
|
| Screenshot | `Spec 354 browser proof: ../../specs/354-finding-exceptions-accepted-risk-resolution-guidance-v1/artifacts/screenshots/spec354-ui-026-finding-exceptions-queue-guidance.png` |
|
|
| Browser status | Re-validated through direct workspace queue routes for expiring and expired accepted-risk states. |
|
|
|
|
## First Five Seconds
|
|
|
|
The page should answer three questions before the operator reads the table:
|
|
|
|
1. which exception is in focus
|
|
2. whether the accepted-risk record is ready, expiring, expired, pending, or incomplete
|
|
3. what the next safe action is without widening current approval or rejection authority
|
|
|
|
## Productization Review
|
|
|
|
- Decision-first: now explicit. The focused review lane starts with a dominant accepted-risk guidance card before secondary diagnostics.
|
|
- Evidence-first: owner, review due, expiry, decision history, and related finding context stay visible in the same first-screen lane.
|
|
- Context: workspace-owned monitoring surface with explicit `exception` focus and optional governance-inbox continuity.
|
|
- Customer/auditor safety: high because this queue decides whether accepted risk can still be relied on as actively governed.
|
|
- Diagnostics: secondary. Header actions, sidebar detail, and the queue table remain source-owned under the guidance summary.
|
|
|
|
## Information Inventory
|
|
|
|
Default content should show dominant governance state, reason, impact, next step, related finding/exception links, owner, review due, expires, current decision, and the surrounding queue context.
|
|
|
|
## Dangerous Actions
|
|
|
|
Approve and reject actions remain high impact and stay in the existing header-controlled flow. The new guidance must not invent unsupported remediation buttons or bypass confirmation, authorization, and audit semantics.
|
|
|
|
## Spec 354 Follow-up
|
|
|
|
- Accepted-risk queue guidance is now derived from existing finding/exception truth through one bounded adapter.
|
|
- The queue shows one dominant guidance case with existing repo-backed secondary links only.
|
|
- Governance Inbox continuity remains intact on downstream exception detail links.
|
|
- Browser proof:
|
|
- `spec354-ui-026-finding-exceptions-queue-guidance.png` captures the expiring first-screen hierarchy.
|
|
- The same queue route was also re-validated for the expired state in the integrated browser.
|
|
|
|
## Target Direction
|
|
|
|
Keep this surface as the workspace-owned accepted-risk decision queue. Future changes should extend the bounded guidance adapter or existing queue actions, not create a parallel decision rail or fake auto-fix layer.
|