Skip to content

Status lifecycle

Every Sertiq object that flows through a workflow has an explicit status column and a state machine the RPC layer enforces. This page is the canonical reference — UI dropdowns are built from these tables.

┌─────────────────────────┐
▼ │
draft ─► open ─► inProgress ─► closed
│ │ ▲
└───────────┴────────► disputed ─┘
FromToAllowed bySide effects
draftEditor / AdminCreated by autosave; not counted in quota
draftopenEditor / Admin (publish)Assigns NCR-YYYY-NNNN; counts against monthly cap
openinProgressEditor / AdminNone
inProgressclosedEditor / AdminStamps closed_at; feeds analytics
open / inProgressdisputedEditor / AdminSurfaces in escalation view
disputedinProgressEditor / AdminResumes investigation
disputedclosedEditor / AdminStamps closed_at
any(deleted)Admin onlyHard delete; cascades to attachments

A critical-severity NCR cannot be published without a containment_action. The constraint is enforced both client-side and as a CHECK on the table.

draft ─► open ─► inProgress ─► pendingVerification ─► closed
FromToAllowed bySide effects
draftEditor / AdminCreated by autosave; not counted
draftopenEditor / Admin (publish)Notifies assignee via email
openinProgressAssignee / AdminComment ≥3 chars required
inProgresspendingVerificationAssignee / AdminComment required; surfaces in reviewer queue
pendingVerificationclosedReviewer (Admin / Editor ≠ assignee)Stamps closed_at; sets effectiveness_check_due_at = closed_at + 30 days
pendingVerificationinProgressReviewerRe-opens for more work; comment required
any(deleted)Admin onlyHard delete; preserves parent NCR

Every status transition writes a row to capa_updates with the actor, old status, new status, and a comment 3–4,000 characters (enforced by CHECK). There is no silent edit of a CAPA’s state.

After closed_at + 30 days, a closed CAPA surfaces in the Effectiveness queue. verify_capa_effectiveness writes one of:

RatingWhat it means
effectiveRoot cause fixed; no recurrence. Permanent close.
partially_effectiveImprovement seen; residual risk. Open a follow-up CAPA.
ineffectiveProblem recurred or never addressed. Reopen or escalate.

Only admins and editors (other than the assignee) can verify. The verification stamps effectiveness_verified_at / _by.

draft ─► requested ─► approved ─► shipped ─► received ─► closed
│ │
└────► rejected
FromToAllowed bySide effects
draftEditor / AdminAutosave
draftrequestedEditor / AdminGenerates RMA-YYYY-NNNN; sends supplier email if address on file
requestedapprovedEditor / AdminRecords supplier approval reference
requestedrejectedEditor / AdminCloses the flow; counts toward supplier risk
approvedshippedEditor / AdminRecords tracking number
shippedreceivedEditor / AdminRecords receipt evidence
receivedclosedEditor / AdminStamps closed_at
any(deleted)Admin onlyHard delete

RMAs are bound to an NCR — closing an RMA does not close its parent NCR, and vice versa, but the audit .docx cross-references them.

Evaluations are not workflow objects (no inProgress state) — they are a record produced and signed in one sitting. The lifecycle is:

draft ─► finalised ─► (next evaluation supersedes)
FromToAllowed bySide effects
draftEditor / AdminIn-progress scoring
draftfinalisedEditor / AdminStamps evaluated_at; recomputes supplier quality score and risk band

Finalised evaluations are immutable. To correct a mistake, run a new evaluation — historical ones stay in the supplier’s evaluation history for the audit trail.

Suppliers don’t have a workflow status — they have an active / inactive flag.

StateBehaviour
activeAppears in supplier picker; counts against plan limit; included in analytics
inactiveHidden from picker; excluded from limit and risk recompute; historical NCRs / CAPAs still visible

Suppliers with open NCRs or RMAs cannot be hard-deleted — the cascade is blocked at the RPC layer. Close or deactivate first.

Across all objects, draft never counts. Quotas, dashboards, supplier risk scores, AI-call eligibility — every aggregate filters status != 'draft'. See Drafts & autosave.

Every transition listed above writes to audit_log with action, actor_id, target_id, org_id, metadata, created_at. The log is immutable and surfaces under Settings → Audit log for admins.

  • NCRs — fields and severities.
  • CAPA — comment-required updates and effectiveness verification.
  • Drafts & autosave — why drafts don’t count.
  • Glossary — definitions of severity, root cause, etc.