Portable export fallbacks

Before using portable fallback

Use portable fallback when no provider-native target can be used safely. The exported file gives the customer a CSV, Markdown or JSON handoff while WebRiskOps keeps the original source, duplicate keys and export status. Use portable fallback for `TICKET_EXPORT_PROVIDER_UNAVAILABLE`, `PORTABLE_EXPORT_REQUIRED`, revoked targets, unsafe endpoints, unsupported provider paths, rate limits or repeated delivery failures.

Create a portable handoff

Follow the path `Provider unavailable → Portable format → Evidence-safe preview → Customer import → Provider-native export if later available`.

1. Open /reports/{report}/ticket-exports and select the report issue or generated fix task that needs handoff. Result: source_type, source_id, severity, affected URL and evidence-safe links are visible before a file is generated.
2. Confirm provider-native export is missing, revoked, unsafe, unsupported, rate limited or repeatedly failing. Result: portable fallback is chosen for a clear product reason instead of avoiding provider setup.
3. Choose portable_export, csv_export, markdown_export or json_export. Result: portable_export_format matches the downstream import or review step.
4. Review title, affected URL, severity, labels, acceptance criteria and evidence-safe links. Result: the exported file gives the external team enough context without raw private artifacts or secrets.
5. Download the file only after source identifiers and idempotency fingerprint are visible. Result: future provider-native export can block or update duplicates for the same source.
6. Import or share the file outside WebRiskOps only through the customer-owned process. Result: WebRiskOps does not treat the file download as proof that remediation is complete.
7. Return to /reports/{report}/ticket-exports if the customer later connects a provider target. Result: the same source can move from portable fallback to provider-native export without duplicate work.

Choose the export format

Pick the format that matches the customer's next automated or import step.

• `csv_export` is for spreadsheet review or tracker bulk import.
• `markdown_export` is for a copyable ticket body with headings, evidence links and acceptance criteria.
• `json_export` is for internal import scripts or automation tools.
• `portable_export` lets WebRiskOps choose the best available portable format for the current source and target.
• Each format should include provider-neutral fields such as source type, source ID, priority, labels and export status.

Import boundaries

Portable fallback does not create or sync provider-native tickets by itself.

• The customer owns the downstream import into Jira, GitHub, GitLab, Bitbucket, Trello, Linear, Azure DevOps, YouTrack, Asana, ClickUp or another tracker.
• WebRiskOps keeps duplicate keys and source identifiers so a future provider-native export can update or block instead of creating another ticket.
• WebRiskOps does not infer that a finding is fixed because a portable file was downloaded.
• If the customer later connects a provider, return to `/reports/{report}/ticket-exports` and choose the active provider target.

Ready and blocked fallback states

Use portable fallback only when the handoff file is safe and the downstream boundary is clear.

• Portable ready means portable_export_format, source_type, source_id and export_status are visible before download.
• Provider unavailable means native export cannot be used safely for this source right now.
• Duplicate guard ready means the source ID and idempotency fingerprint can block duplicate provider-native work later.
• Import boundary clear means the customer owns the downstream import into Jira, GitHub, GitLab, Bitbucket, Trello, Linear, Azure DevOps, YouTrack, Asana, ClickUp or another tracker.
• Unsafe preview blocked means secrets, raw private artifact paths or unredacted personal data must be removed before export.

Continue after portable export

Continue to Status sync and duplicate handling when a provider task already exists or the customer later connects a provider target. Use Ticket export provider overview to choose a provider-native target, or Ticket-only fallback when this portable handoff belongs to a remediation task without connected access.