Phase 2 follow-up.
A proposer cannot withdraw a response action once they propose it; the only way to leave PROPOSED is via Approve / Execute. Operators need a CANCEL path for accidentally proposed actions or after-the-fact context changes.
Scope
- Add
CancelSaasResponseAction(id, reason) RPC.
- Allow cancellation from
PROPOSED or APPROVED states only (NOT after EXECUTING / SUCCEEDED / FAILED).
- Set status to
CANCELLED, persist cancelled_by_user_id and cancelled_at, emit a timeline event and audit log row.
- Update the state machine in
executeSaasResponseAction to reject CANCELLED actions explicitly.
- Frontend: cancel button on the proposed-actions list, with a reason prompt.
Acceptance
- New columns in
saas_response_actions (with migration).
- Tests cover the allowed and disallowed transitions and tenant isolation.
- Cancellation by a third user (neither proposer nor approver) is allowed if they have the right role.
Phase 2 follow-up.
A proposer cannot withdraw a response action once they propose it; the only way to leave
PROPOSEDis via Approve / Execute. Operators need a CANCEL path for accidentally proposed actions or after-the-fact context changes.Scope
CancelSaasResponseAction(id, reason)RPC.PROPOSEDorAPPROVEDstates only (NOT afterEXECUTING/SUCCEEDED/FAILED).CANCELLED, persistcancelled_by_user_idandcancelled_at, emit a timeline event and audit log row.executeSaasResponseActionto rejectCANCELLEDactions explicitly.Acceptance
saas_response_actions(with migration).