TenantAtlas/specs/354-finding-exceptions-accepted-risk-resolution-guidance-v1/contracts/accepted-risk-guidance-signal-map.md
Ahmed Darrazi 68ff50d460
Some checks failed
PR Fast Feedback / fast-feedback (pull_request) Failing after 3m45s
feat: finding exceptions accepted risk resolution guidance v1 (spec 354)
Implemented the accepted risk resolution guidance, including the AcceptedRiskResolutionAdapter, guidance cards, and updated related Filament views. Added unit, feature, and browser tests.
2026-06-05 04:18:59 +02:00

3.6 KiB

Accepted Risk Guidance Signal Map: Spec 354

Inventory the existing repo-backed signals that may feed accepted-risk resolution guidance without adding new persistence or new workflow truth.

Required Inputs

Signal Current source Notes
Exception status FindingException.status existing lifecycle truth
Validity state FindingException.current_validity_state and resolver output existing governance-support truth
Review due / expiry FindingException.review_due_at, expires_at existing urgency inputs
Decision posture FindingException.currentDecisionType() and FindingExceptionDecision existing lifecycle/action context
Linked finding state Finding + FindingRiskGovernanceResolver existing risk-accepted workflow truth
Owner / rationale presence existing FindingException fields completeness signals only
Related evidence / audit / review context existing linked routes and summaries only secondary links, not primary truth

Guidance Cases

Case key Required signals Primary action Secondary actions Notes
accepted_risk.ready valid support, no urgent expiry, complete governance support inspect accepted risk or no urgent action finding / existing related context where repo-backed calm state only
accepted_risk.expiring expiring validity review accepted risk open finding / existing related context / evidence references high-priority queue case
accepted_risk.expired expired support review accepted risk open finding / decision history no fake auto-renew
accepted_risk.revoked_or_rejected revoked or rejected support open finding or review accepted risk decision history / related context action depends on current repo-backed source owner
accepted_risk.pending pending approval or pending renewal review accepted risk open finding / decision history keep language conservative
accepted_risk.missing_support existing exception record has current_validity_state=missing_support or equivalent repo-real missing-support posture review accepted risk open finding / decision history owner surfaces do not synthesize no-record accepted-risk rows
accepted_risk.fresh_decision_required FindingException::requiresFreshDecisionForFinding() is true and resolver warning copy is present review accepted risk open finding / decision history preserve current repo-real signal; do not broaden into a new stale-governance framework
accepted_risk.incomplete_governance missing owner, rationale, or review support on an existing exception record review accepted risk open finding / existing related context use only repo-backed completeness signals
accepted_risk.wording_reference conservative accepted-risk wording already exists in current review truth no downstream artifact mutation in this slice open accepted risk / open finding when repo-backed owner-surface wording reference only

Guardrail

Current repo truth already exposes one bounded fresh-decision-required signal through FindingException::requiresFreshDecisionForFinding() and FindingRiskGovernanceResolver.

This slice may preserve and surface that signal more clearly, but it must not add a broader timestamp-, diff-, or change-history-based stale-governance framework.

Forbidden Signals

  • live Graph/provider calls during render
  • synthetic review-impact scores
  • inferred customer-safe summaries that are not already repo-backed
  • hidden shell/session context treated as accepted-risk authority
  • legacy query aliases treated as scope authority