Skip to content

Establish Issue Decomposition Audit Framework #50

Description

@Carolyn-Jiang

Type

Governance Improvement

Priority

P0 - Critical


Background

The platform has experienced repeated issues involving:

  • Major UI changes between releases
  • Broken workflows after updates
  • Unclear role boundaries
  • Inconsistent permissions
  • Create-only workflows
  • Edit functionality missing
  • Save functionality missing
  • Delete functionality without restore capability
  • Delete functionality without recreation capability
  • Missing ownership definitions
  • Inconsistent terminology
  • Missing feedback messages
  • Features becoming inaccessible after redesigns

Currently, problems are primarily discovered through user reports.

This approach is reactive and does not provide a systematic mechanism for identifying platform issues before they affect users.

A structured audit framework is required to allow agents to proactively identify issues, propose improvements, and submit findings for human review.


Problem Statement

Current Behavior

The platform relies heavily on user-reported issues.

Consequences include:

  • Undocumented workflow failures
  • Inconsistent permission behavior
  • Untracked UI regressions
  • Missing restore functionality
  • Broken CRUD lifecycles
  • Unclear ownership rules
  • Repeated re-discovery of the same issues

Many problems remain unresolved simply because nobody creates a GitHub Issue.


Expected Behavior

Agents should be able to:

  1. Periodically audit the platform.
  2. Systematically inspect architecture, workflows, UI, and quality.
  3. Identify potential issues.
  4. Create GitHub Issues describing findings.
  5. Submit findings for human review.
  6. Begin remediation only after approval.

The audit process should be standardized and repeatable.


Scope

This issue establishes a formal Issue Decomposition Audit Framework.

This issue does NOT:

  • Fix existing bugs
  • Redesign workflows
  • Modify permissions
  • Change UI

This issue only defines how agents discover and report problems.


Required Deliverables

Deliverable 1: Architecture Audit Framework

Agents must inspect the following categories.

Role Definition

Verify:

  • All system roles are documented
  • Roles have clear responsibilities
  • Role boundaries are understandable
  • Duplicate roles do not exist

Possible Findings:

  • Undefined roles
  • Duplicate roles
  • Missing role descriptions

Permission Matrix

Verify:

  • Permissions are documented
  • Permissions are consistent
  • Permissions match workflows
  • Permission escalation does not exist

Possible Findings:

  • Permission inconsistency
  • Missing permissions
  • Excessive permissions

Ownership Rules

Verify:

  • Every object has an owner
  • Ownership is documented
  • Ownership transfer rules exist
  • Administrative override rules exist

Possible Findings:

  • Missing ownership
  • Ownership conflicts
  • Undefined ownership transfer

Deliverable 2: Workflow Audit Framework

Agents must inspect workflow completeness.


CRUD Lifecycle

For every entity verify:

Create

View

Edit

Save

Delete

Questions:

  • Can records be edited?
  • Can edits be saved?
  • Does data persist?
  • Is deletion intentional?

Possible Findings:

  • Missing edit workflow
  • Missing save workflow
  • Data persistence failures

Restore Lifecycle

Verify:

  • Deleted records can be restored
  • Restore ownership is defined
  • Restore permissions are defined

Possible Findings:

  • Missing restore functionality
  • Undefined restore ownership

Approval Lifecycle

Verify:

  • Reviewers are defined
  • Approvers are defined
  • Rejection handling exists
  • Resubmission workflow exists

Possible Findings:

  • Missing approval workflow
  • Undefined reviewers

Contribution Lifecycle

Verify:

  • Contributions can be created
  • Contributions can be edited
  • Contributions can be saved
  • Contributions can be deleted
  • Metrics persist after updates

Possible Findings:

  • Lost contribution records
  • Missing contribution persistence

Deliverable 3: UI Audit Framework

Agents must inspect UI consistency.


Navigation Consistency

Verify:

  • Navigation remains stable
  • Similar workflows use similar navigation
  • Existing functionality remains discoverable

Possible Findings:

  • Navigation regressions
  • Hidden features

Terminology Consistency

Verify:

  • Labels are understandable
  • Labels are used consistently
  • Duplicate terms do not represent different concepts

Possible Findings:

  • Ambiguous terminology
  • Conflicting terminology

Page Layout Stability

Verify:

  • Updates do not significantly disrupt workflows
  • Users do not need to relearn functionality after minor releases

Possible Findings:

  • Layout regressions
  • Workflow disruption

Feedback Visibility

Verify:

  • Success feedback exists
  • Error feedback exists
  • Loading feedback exists

Possible Findings:

  • Silent failures
  • Missing user feedback

Deliverable 4: Quality Audit Framework

Agents must inspect system reliability.


Regression Testing

Verify:

  • Existing workflows continue functioning after updates
  • Previously fixed bugs remain fixed

Possible Findings:

  • Regression failures
  • Missing test coverage

State Persistence

Verify:

  • Data persists after refresh
  • Data persists after logout/login
  • Data persists after navigation

Possible Findings:

  • Persistence failures
  • Session-related data loss

Feature Inventory

Verify:

  • Features are documented
  • Features have owners
  • Features have workflows

Possible Findings:

  • Orphaned features
  • Undocumented functionality

Change Log

Verify:

  • Governance updates are documented
  • Releases are documented
  • Changes are traceable

Possible Findings:

  • Missing documentation
  • Missing release history

Issue Generation Rules

When a problem is discovered:

The agent must create a GitHub Issue.

Each issue must include:

  • Title
  • Category
  • Severity
  • Problem Statement
  • Current Behavior
  • Expected Behavior
  • Impact
  • Acceptance Criteria

Issue Decomposition Rule

Large findings must be decomposed.

Example:

Incorrect:

Availability System Broken

Correct:

  • Save Function Missing
  • Restore Function Missing
  • Contribution Persistence Failure
  • Permission Inconsistency

One issue should represent one problem whenever practical.


Agent-Created Issue Policy

Purpose

Ensure that discovered problems are formally tracked.

Agents are responsible not only for identifying problems, but also for creating GitHub Issues describing those problems.

Problems may not exist solely in:

  • Audit reports
  • QA reports
  • Chat messages
  • Internal notes
  • Documentation

Every discovered problem must have a corresponding GitHub Issue.


Rule 1

Issue Discovery Creates Issue Ownership

When an agent discovers a problem:

The agent must create a GitHub Issue.

The discovering agent becomes the temporary owner of the issue until human review occurs.


Rule 2

Issue Creation Is Mandatory

The following findings require issue creation:

  • Architecture problems
  • Permission problems
  • Workflow failures
  • UI inconsistencies
  • Navigation regressions
  • Data persistence failures
  • Missing functionality
  • Restore failures
  • Regression failures
  • Documentation gaps

Agents may not silently ignore findings.


Rule 3

Issue Content Requirements

Every agent-created issue must contain:

Title

Category

Examples:

  • Architecture
  • Workflow
  • UI
  • Quality
  • Documentation

Severity

Examples:

  • Critical
  • High
  • Medium
  • Low

Problem Statement

Current Behavior

Expected Behavior

Impact

Acceptance Criteria

Supporting Evidence

Examples:

  • Screenshots
  • Audit findings
  • QA findings
  • Reproduction steps

Rule 4

Human Approval Required

Issue creation does not authorize remediation.

After issue creation:

Issue

Human Review

Human may:

  • Approve
  • Reject
  • Request Revision

Rule 5

Approved Issues

If approved:

Issue

Product

Workflow

Architecture

Implementation

QA

Audit

Release

Agents may begin remediation only after approval.


Rule 6

Rejected Issues

If rejected:

The agent must:

  • Update the issue

or

  • Close the issue

if the problem does not exist.


Rule 7

Issue Closure Authority

Agents may recommend closure.

Humans retain final authority over:

  • Approval
  • Rejection
  • Closure

Rule 8

No Untracked Problems

The following is prohibited:

Problem Found

Fix Implemented

No GitHub Issue

Every remediation effort must originate from an approved GitHub Issue.


Core Principle

If a problem is important enough to fix,
it is important enough to track.

No problem may enter implementation without first becoming a GitHub Issue.


Human Approval Workflow

Agents may discover issues.

Agents may propose issues.

Agents may NOT begin remediation automatically.

Workflow:

Issue Discovery

Issue Proposal

Human Review

Human may:

  • Approve
  • Reject
  • Request Revision

Approved Issue Workflow

If approved:

Issue

Product Manager

Workflow

Architecture

Implementation

QA

Audit

Release


Rejected Issue Workflow

If rejected:

Agent must:

  • Reanalyze findings
  • Update issue proposal

or

  • Close issue

if the problem does not exist.


Closure Rules

Issues may be closed when:

  • Human reviewer confirms no issue exists
  • Expected behavior matches current behavior
  • Duplicate issue already exists
  • Feature intentionally behaves as designed

Only humans may make final closure decisions.


Quarterly Audit Requirement

A full-system audit must be performed:

  • Every quarter

OR

  • Before every major release

whichever occurs first.

The audit must inspect:

  • Architecture Layer
  • Workflow Layer
  • UI Layer
  • Quality Layer

and generate issues for any discovered problems.


Acceptance Criteria

  • Audit framework documented
  • Audit categories defined
  • Issue generation rules defined
  • Human approval workflow defined
  • Issue decomposition rules defined
  • Closure rules defined
  • Quarterly audit process defined

Success Criteria

After implementation:

  • Agents can systematically discover problems.
  • Issues are consistently documented.
  • Large problems are decomposed into manageable issues.
  • Human approval remains required before remediation.
  • Platform quality no longer depends solely on user-reported bugs.
  • Governance becomes proactive rather than reactive.

Core Principle

Agents may discover problems.

Agents may propose issues.

Agents may not begin remediation without human approval.

Human approval remains the gate between problem discovery and system modification.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions