ahmido/TenantAtlas
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects 1 Releases Wiki Activity
7b394918ce
TenantAtlas/specs/254-remove-acknowledged-compat/data-model.md
ahmido 54fb65a63a
Some checks failed
Main Confidence / confidence (push) Failing after 54s
Details
chore: promote platform-dev to dev (#297) 
This pull request promotes the current state of `platform-dev` to the main integration branch `dev`. It includes recent features, fixes, and architectural refinements validated on the platform development track.

Co-authored-by: Ahmed Darrazi <ahmed.darrazi@live.de>
Reviewed-on: #297
2026-04-29 07:50:16 +00:00

103 lines
4.1 KiB
Markdown
Raw Blame History

# Data Model — Remove Legacy Acknowledged Finding Status Compatibility
**Spec**: [spec.md](spec.md)
This feature is subtractive. It introduces no new persisted truth and no migration. The data-model impact is the removal of one legacy findings workflow branch from productive code and the reaffirmation of the canonical findings lifecycle as the only active status contract.
## Existing Canonical Entities Reused
### Finding (`findings`)
**Purpose**: Tenant-owned findings workflow truth.
**Key fields (existing)**:
- `id`
- `workspace_id`
- `tenant_id`
- `status`
- `triaged_at`
- `in_progress_at`
- `reopened_at`
- `resolved_at`
- `closed_at`
- `risk_accepted_at` via related exception state where applicable
- `first_seen_at`
- `last_seen_at`
- `times_seen`
- `sla_days`
- `due_at`
- `acknowledged_at`
- `acknowledged_by_user_id`
**Feature use**:
- Remains the single canonical workflow truth for findings.
- Continues to require both `workspace_id` and `tenant_id` as ownership anchors.
- Keeps the surviving active status contract: `new`, `triaged`, `in_progress`, `reopened`.
- Keeps the surviving terminal status contract: `resolved`, `closed`, `risk_accepted`.
- `acknowledged_at` and `acknowledged_by_user_id` may remain in schema for now, but they no longer justify an active workflow status, query branch, or UI affordance.
### FindingException (`finding_exceptions`)
**Purpose**: Existing risk-acceptance and exception truth attached to findings.
**Feature use**:
- Remains unchanged.
- Exists only for regression protection so removing `acknowledged` does not collapse or rename risk-governance semantics.
## Removed Active Workflow Contract
### LegacyAcknowledgedFindingStatus (removed, non-persisted contract)
**Previous role**:
- active status constant on `Finding`
- extra member of `openStatusesForQuery()`
- special-case filter and badge label
- capability alias and RBAC wording branch
- compatibility expectation in findings-facing tests and summary consumers
**Removal rule**:
- no productive code path writes `acknowledged` as current findings status
- no productive code path queries `acknowledged` as part of the active open-status set
- no productive findings UI or summary consumer presents `acknowledged` as current work
- no role or capability mapping preserves `tenant_findings.acknowledge`
## Derived Non-Persisted Contracts
### CanonicalFindingOpenStatusSet (derived)
**Members**:
- `new`
- `triaged`
- `in_progress`
- `reopened`
**Consumers**:
- findings resource and inbox queries
- workspace overview and governance inbox summaries
- review/report disclosure helpers that describe current open findings work
- support-diagnostic bundles that group active findings issues
- alerts, hygiene services, and findings generators that still look up active/open findings
### CanonicalFindingWorkflowPermissionSet (derived)
**Purpose**: Surviving capability vocabulary for findings workflow actions.
**Feature use**:
- remove `tenant_findings.acknowledge`
- keep surviving findings permissions and policy checks authoritative
- keep `404` versus `403` semantics unchanged for tenant-scoped findings surfaces
## Data Ownership Notes
- No new table, column, persisted alias, cache, or compatibility projection is introduced.
- No migration or historical data rewrite is planned.
- Review/report and support-diagnostic consumers remain derived over tenant-owned findings truth; they do not become separate persisted status stores.
- Verification-check acknowledgement, onboarding acknowledgement, and restore acknowledgement remain separate domains and are not remodeled here.
## Removal Invariants
- No productive code path may treat `acknowledged` as a current findings workflow status.
- No productive query helper may include `acknowledged` in the active open findings set.
- No shared badge, filter, summary, review/report disclosure, or support-diagnostic grouping may present `acknowledged` as current findings work.
- No new migration or persisted compatibility artifact may be introduced to preserve the removed branch.
- No non-finding acknowledgement domain may change as collateral damage from this cleanup.
Reference in New Issue View Git Blame Copy Permalink