ahmido/TenantAtlas
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects 1 Releases Wiki Activity
905b595880
TenantAtlas/specs/253-remove-findings-backfill-runtime-surfaces/data-model.md
ahmido 29ad8852ca
Some checks failed
Main Confidence / confidence (push) Failing after 1m1s
Details
Heavy Governance Lane / heavy-governance (push) Has been skipped
Details
Browser Lane / browser (push) Has been skipped
Details
merge: platform-dev into dev (#295) 
## Summary
- integrate the current `platform-dev` branch into `dev`
- bring the latest platform work from the integration branch into the main development branch
- include the recent findings lifecycle backfill removal slice together with the already accumulated `platform-dev` changes

## Scope
- source branch: `platform-dev`
- target branch: `dev`
- branch role: integration PR, not a single-feature PR

## Validation
- branch state reviewed before PR creation
- `platform-dev` is ahead of `dev` with the expected integration history
- this PR intentionally carries the accumulated `platform-dev` commits into `dev`

## Notes
- this is the correct merge direction for the current workflow, where feature branches land in `platform-dev` first and `platform-dev` is then merged into `dev`
- after merging, `platform-dev` can be recreated fresh from `dev` as usual

Co-authored-by: Ahmed Darrazi <ahmed.darrazi@live.de>
Reviewed-on: #295
2026-04-28 22:11:20 +00:00

121 lines
5.5 KiB
Markdown
Raw Blame History

# Data Model — Remove Findings Lifecycle Backfill Runtime Surfaces
**Spec**: [spec.md](spec.md)
This feature is subtractive. It introduces no new persisted truth and no migration. The data-model impact is the removal of one obsolete runtime family and the reaffirmation of the canonical findings workflow as the only supported path.
## Existing Canonical Entities Reused
### Finding (`findings`)
**Purpose**: Tenant-owned findings workflow truth.
**Key fields (existing)**:
- `id`
- `workspace_id`
- `tenant_id`
- `status`
- `triaged_at`
- `first_seen_at`
- `last_seen_at`
- `times_seen`
- `sla_days`
- `due_at`
**Feature use**:
- Remains the canonical workflow truth for triage, assignment, progress, resolve, risk acceptance, ownership, SLA, due-date, and reviewable behavior.
- Continues to require both `workspace_id` and `tenant_id` as non-null ownership anchors.
- Is in scope only for regression protection, not for lifecycle redesign.
### OperationRun (`operation_runs`)
**Purpose**: Existing canonical execution truth for supported long-running operations.
**Key fields (existing)**:
- `id`
- `workspace_id`
- `tenant_id`
- `type`
- `status`
- `outcome`
- `context`
**Feature use**:
- After cleanup, no supported system, tenant, CLI, or deploy/runtime path may create a new `OperationRun` with `type = findings.lifecycle.backfill`.
- Historical rows may remain stored as legacy data, but the feature does not preserve special retry, cancel, label, or alias handling for them.
### AuditLog (`audit_logs`)
**Purpose**: Existing audit truth for prior lifecycle-backfill starts, blocked starts, and completions.
**Feature use**:
- No new audit action family is introduced.
- Historical rows may remain stored without new cleanup migration or compatibility layer.
- Canonical findings workflow audit behavior remains unchanged and is protected through regression testing.
### OperationalControlActivation (`operational_control_activations`)
**Purpose**: Existing runtime-safety truth for live operational controls.
**Feature use**:
- The cleanup should not add or preserve a `findings.lifecycle.backfill` control key.
- Existing backfill-specific blocked-start branches and tests should be removed because the active control catalog already rejects the key.
## Removed Runtime Families
### FindingsLifecycleBackfillSurface (derived, non-persisted)
**Purpose**: Describes each currently productized entry point that must disappear in the cleanup.
**Runtime fields**:
- `surface_id` — unique identifier such as `system.ops.runbooks`, `tenant.findings.list`, `console.tenantpilot.findings.backfill-lifecycle`, or `console.tenantpilot.run-deploy-runbooks`
- `entry_type``runbook`, `header_action`, `command`, `deploy_hook`, `operation_label`, `capability_trace`, or `test_trace`
- `operator_label` — current visible product label such as `Rebuild Findings Lifecycle` or `Backfill findings lifecycle`
- `owner_path` — current source file that makes the surface real
- `start_seam` — shared service or registry seam that currently powers the entry point
**Feature use**:
- Drives removal planning so the cleanup deletes the source of truth for each surface instead of only hiding one page affordance.
### FindingsLifecycleBackfillExecutionCluster (derived, non-persisted)
**Purpose**: The dedicated runtime chain that currently starts, queues, and finalizes lifecycle backfill.
**Current members**:
- `FindingsLifecycleBackfillRunbookService`
- `TenantpilotBackfillFindingLifecycle`
- `TenantpilotRunDeployRunbooks`
- `BackfillFindingLifecycleJob`
- `BackfillFindingLifecycleWorkspaceJob`
- `BackfillFindingLifecycleTenantIntoWorkspaceRunJob`
**Lifecycle rule**:
- The cluster is deleted in the same slice. No dormant flag, replacement command, or service shim is retained.
### FindingsLifecycleBackfillTrace (derived, non-persisted)
**Purpose**: Registry, catalog, seed, test, and doc references that still advertise lifecycle backfill as supported behavior.
**Trace fields**:
- `trace_type``capability`, `seeder`, `operation_type`, `operation_alias`, `triage_support`, `control_branch`, `test`, `guard`, or `doc`
- `identifier` — exact key such as `platform.runbooks.findings.lifecycle_backfill` or `findings.lifecycle.backfill`
- `owner_path` — file that currently carries the trace
- `removal_reason` — why the trace must disappear with the runtime surface
**Feature use**:
- Ensures cleanup removes registry and test ballast in the same slice instead of leaving the repo to advertise deleted behavior indirectly.
## Data Ownership Notes
- No new tables, settings, or persisted aliases are introduced.
- No migration, historical data rewrite, or archival compatibility layer is planned.
- Historical `OperationRun` and `AuditLog` rows are tolerated legacy data and do not justify preserving the removed runtime path.
- Findings remain tenant-owned and continue to require both `workspace_id` and `tenant_id` as canonical ownership anchors.
- Operational-control truth remains bounded to currently supported controls only; this slice should not keep a removed backfill control key alive through hidden test fixtures or service branches.
## Removal Invariants
- No supported path may create a new `OperationRun` with `type = findings.lifecycle.backfill`.
- No supported page, command catalog, or deploy/runtime hook may advertise lifecycle backfill as an available operator action.
- No compatibility shim, no-op command shell, or fallback alias may remain for the removed path.
- Canonical findings workflow behavior remains unchanged and continues to operate on the existing `Finding` truth.
Reference in New Issue View Git Blame Copy Permalink