ahmido
8a889a863e
## Summary - add the Spec 323 Tenantial enterprise UI audit foundation package - add the UI/UX audit registry artifacts, templates, and supporting brand context placeholder - update Spec Kit prompts/templates plus PR fast-feedback guardrails for ongoing UI productization coverage ## Scope - docs-first audit foundation only - no runtime Laravel, Filament, Livewire, route, auth, or database behavior changes intended ## Validation - [x] `git diff --check` - [ ] application test suite run ## Notes - primary spec: `specs/323-tenantial-enterprise-ui-audit-foundation/` - this branch also updates `.gitea/pull_request_template.md`, `.gitea/workflows/test-pr-fast-feedback.yml`, and `scripts/check-ui-productization-coverage` to make the coverage gate durable for future UI work Co-authored-by: Ahmed Darrazi <ahmed.darrazi@live.de> Reviewed-on: #383
49 lines
1.9 KiB
Markdown
49 lines
1.9 KiB
Markdown
# UI-012 Finding Exceptions Queue
|
|
|
|
| Field | Value |
|
|
| --- | --- |
|
|
| Route | `/admin/finding-exceptions/queue` |
|
|
| Source | `FindingExceptionsQueue` |
|
|
| Area / scope | Governance / workspace |
|
|
| Archetype | Exceptions / Accepted Risk |
|
|
| Design depth | Strategic Surface |
|
|
| Repo truth | repo-verified |
|
|
| Screenshot | `../screenshots/desktop/ui-012-finding-exceptions-queue.png` |
|
|
| Browser status | Reached through workspace route. |
|
|
|
|
## First Five Seconds
|
|
|
|
The page is an accepted-risk queue. It needs to make risk ownership, expiry, evidence basis, and approval/rejection consequences immediately clear.
|
|
|
|
## Productization Review
|
|
|
|
- Decision-first: strong candidate.
|
|
- Evidence-first: exception evidence and linked findings should be visible.
|
|
- Context: workspace hub with environment-filter possibilities.
|
|
- Customer/auditor safety: high, because accepted risk is customer-relevant.
|
|
- Diagnostics: raw finding/provider evidence should be secondary.
|
|
|
|
## Information Inventory
|
|
|
|
Default content should show exception state, requester/owner, affected environment, expiration, evidence links, decision history, and required action.
|
|
|
|
## Dangerous Actions
|
|
|
|
Approve exception, reject renewal, revoke exception, and accept risk are high impact. They require explicit confirmation, authorization, audit, and customer-safe explanation.
|
|
|
|
## Scores
|
|
|
|
| IA | Density | User Clarity | Sellability | Disclosure | Hierarchy | DS Fit | A11y | Responsive | Components | UX Writing | Perf |
|
|
| ---: | ---: | ---: | ---: | ---: | ---: | ---: | ---: | ---: | ---: | ---: | ---: |
|
|
| 3 | 3 | 3 | 4 | 3 | 3 | 4 | 3 | 3 | 4 | 3 | 4 |
|
|
|
|
## Top Issues
|
|
|
|
1. Risk decision language needs product-target treatment.
|
|
2. Evidence basis and expiry must be visible before approval.
|
|
3. Customer-safe accepted-risk wording requires review.
|
|
|
|
## Target Direction
|
|
|
|
P0/P1 individual target depending on customer-review sequencing. Treat as the accepted-risk decision pattern.
|