Some checks failed
PR Fast Feedback / fast-feedback (pull_request) Failing after 3m45s
Implemented the accepted risk resolution guidance, including the AcceptedRiskResolutionAdapter, guidance cards, and updated related Filament views. Added unit, feature, and browser tests.
3.6 KiB
3.6 KiB
Accepted Risk Guidance Signal Map: Spec 354
Inventory the existing repo-backed signals that may feed accepted-risk resolution guidance without adding new persistence or new workflow truth.
Required Inputs
| Signal | Current source | Notes |
|---|---|---|
| Exception status | FindingException.status |
existing lifecycle truth |
| Validity state | FindingException.current_validity_state and resolver output |
existing governance-support truth |
| Review due / expiry | FindingException.review_due_at, expires_at |
existing urgency inputs |
| Decision posture | FindingException.currentDecisionType() and FindingExceptionDecision |
existing lifecycle/action context |
| Linked finding state | Finding + FindingRiskGovernanceResolver |
existing risk-accepted workflow truth |
| Owner / rationale presence | existing FindingException fields |
completeness signals only |
| Related evidence / audit / review context | existing linked routes and summaries only | secondary links, not primary truth |
Guidance Cases
| Case key | Required signals | Primary action | Secondary actions | Notes |
|---|---|---|---|---|
accepted_risk.ready |
valid support, no urgent expiry, complete governance support | inspect accepted risk or no urgent action | finding / existing related context where repo-backed | calm state only |
accepted_risk.expiring |
expiring validity | review accepted risk | open finding / existing related context / evidence references | high-priority queue case |
accepted_risk.expired |
expired support | review accepted risk | open finding / decision history | no fake auto-renew |
accepted_risk.revoked_or_rejected |
revoked or rejected support | open finding or review accepted risk | decision history / related context | action depends on current repo-backed source owner |
accepted_risk.pending |
pending approval or pending renewal | review accepted risk | open finding / decision history | keep language conservative |
accepted_risk.missing_support |
existing exception record has current_validity_state=missing_support or equivalent repo-real missing-support posture |
review accepted risk | open finding / decision history | owner surfaces do not synthesize no-record accepted-risk rows |
accepted_risk.fresh_decision_required |
FindingException::requiresFreshDecisionForFinding() is true and resolver warning copy is present |
review accepted risk | open finding / decision history | preserve current repo-real signal; do not broaden into a new stale-governance framework |
accepted_risk.incomplete_governance |
missing owner, rationale, or review support on an existing exception record | review accepted risk | open finding / existing related context | use only repo-backed completeness signals |
accepted_risk.wording_reference |
conservative accepted-risk wording already exists in current review truth | no downstream artifact mutation in this slice | open accepted risk / open finding when repo-backed | owner-surface wording reference only |
Guardrail
Current repo truth already exposes one bounded fresh-decision-required signal through FindingException::requiresFreshDecisionForFinding() and FindingRiskGovernanceResolver.
This slice may preserve and surface that signal more clearly, but it must not add a broader timestamp-, diff-, or change-history-based stale-governance framework.
Forbidden Signals
- live Graph/provider calls during render
- synthetic review-impact scores
- inferred customer-safe summaries that are not already repo-backed
- hidden shell/session context treated as accepted-risk authority
- legacy query aliases treated as scope authority