Phase 2 follow-up.
Once an incident is open, the only mutating RPC is UpdateSaasIncidentStatus. Operators cannot change the assignee, owner team, summary, or severity without recreating the row.
Scope
- Add
UpdateSaasIncident(incident_id, assignee_user_id?, owner_team?, summary?, severity?) RPC.
- All fields optional with proto3
optional semantics so the server can distinguish 'not set' from 'set to empty'.
- Re-validate assignee belongs to the caller's organization (same pattern as
createSaasIncident).
- Emit a timeline event per change and an audit log row.
- Bump
updated_at and last_activity_at.
- Frontend: an 'Edit incident' dialog on
incident-detail-page.tsx.
Acceptance
- Tests cover tenant isolation, cross-tenant assignee rejection, partial updates, and that no-op calls do not emit timeline noise.
- Audit log captures which fields changed (old / new).
Phase 2 follow-up.
Once an incident is open, the only mutating RPC is
UpdateSaasIncidentStatus. Operators cannot change the assignee, owner team, summary, or severity without recreating the row.Scope
UpdateSaasIncident(incident_id, assignee_user_id?, owner_team?, summary?, severity?)RPC.optionalsemantics so the server can distinguish 'not set' from 'set to empty'.createSaasIncident).updated_atandlast_activity_at.incident-detail-page.tsx.Acceptance