22 lines
1.2 KiB
Markdown
22 lines
1.2 KiB
Markdown
# Conflict Handling Prep — PREP-POLICY-ENGINE-40-002-CONFLICT-HANDLING-D
|
|
|
|
Status: Draft (2025-11-20)
|
|
Owners: Policy Guild · Excititor Guild
|
|
Scope: Define conflict-handling rules after severity fusion (40-001).
|
|
|
|
## Dependencies
|
|
- Severity fusion output schema (40-001).
|
|
- Excititor/Console precedence context expectations for conflicts.
|
|
|
|
## Draft approach
|
|
- Detect conflicts when multiple fused severities differ for same `{component_purl, advisory_id}` across tenants or sources.
|
|
- Emit conflict record: `{tenant_id, component_purl, advisory_id, conflicts:[{source, field, value, reason_code}] , resolved_status?, trace_ref}`.
|
|
- Resolution policy: default “no auto-resolve”; optional operator override flag per policy profile.
|
|
|
|
## Acceptance
|
|
- Draft schema at `docs/modules/policy/schemas/policy-conflict@draft.json` and sample at `docs/modules/policy/samples/policy-conflict@draft.json`.
|
|
- Mapping of reason codes to Excititor Console cache/RBAC needs documented once 23-003 finalizes.
|
|
|
|
## Handoff
|
|
This document is the prep artefact for PREP-POLICY-ENGINE-40-002-CONFLICT-HANDLING-D. Update once severity fusion rules are frozen and Console expectations are known; then move implementation to DOING.
|