generated from coulomb/repo-seed
1.8 KiB
1.8 KiB
Evidence Gap Examples
Status: candidate Updated: 2026-06-05
user-engine should not pretend missing review or governance material exists.
When identity-domain context lacks evidence, policy, control, review, or task
references, the gap must be explicit and handoff-ready.
Gap Shape
gap_id: evidence:no-audit-records
subject:
concept: Account
identifier: acct_example
scope: tenant:acme
reason: No local audit or external evidence reference supports this identity-domain claim.
proposed_disposition: create_or_link_lifecycle_task
owner: user-engine adapter boundary
Privileged Membership Without External Review
gap_id: review:tenant-admin-membership
subject:
concept: Access Grant
identifier: mem_example
scope: tenant:acme
reason: Tenant admin membership has local audit evidence but no external access review reference.
proposed_disposition: link AccessReview through EvidenceReferenceExporter or create review task through LifecycleTaskSink.
Policy Or Control Reference Missing
gap_id: control:tenant-isolation-reference
subject:
concept: Membership Relationship
identifier: mem_example
scope: tenant:acme
reason: Membership is tenant-scoped, but no external policy/control reference was supplied.
proposed_disposition: resolve policy and control through PolicyControlReferenceResolver.
Lifecycle Task Handoff
task_reference:
concept: Task
identifier: task_from_lifecycle_sink
source_gap: review:tenant-admin-membership
summary: Review tenant-admin membership for tenant:acme.
evidence:
- concept: Evidence Source
identifier: aud_example
These examples are intentionally adapter-neutral. The task, review, policy, and
control source of truth belongs to the surrounding NetKingdom systems unless a
future workplan assigns one of those responsibilities to user-engine.