Resolve blocked or failed states

Before triaging a blocked state

Use this page when WebRiskOps shows a blocked, failed, unavailable or retrying state and the customer needs to know which product workflow owns the next action. Start from the dashboard shortcut or the owning product surface, read the reason fields and continue to the specific troubleshooting guide instead of guessing from the error text alone.

• Find the owning workflow
• Read `blocked_state`, `blocked_reason_code`, `failure_reason` and `workflow_owner` before retrying.
• Stop when unsupported scope, missing evidence, billing, provider, export, pull request, webhook or connectivity blocks ownership of the next action.

Find the owning workflow

Follow the path `Dashboard → Shortcut paths → Reference links and protected steps → Owning workflow → Reason code → Retry, fix, fallback or stop`.

1. Open `/dashboard` and review Shortcut paths. Choose the warning or waiting card that matches the goal, or expand Reference links and protected steps for domain ownership, scope acceptance, payment confirmation or connected service access. Result: the customer starts from the product surface that owns the current state.
2. Read `blocked_state`, `blocked_reason_code`, `workflow_owner` and `failure_reason` before retrying. Result: the next action is based on the product reason, not a guess.
3. For project setup, scope or domain ownership states, open `/projects/{project}` and read Shortest path to first useful report. Result: Project setup, Public page scope and Domain authorization stay in the project workflow.
4. For scan or evidence states, open `/scans/{scanRun}` or `/reports/{report}`. Result: scan failures, blocked pages, Scan to report path, report evidence and missing artifacts stay in the scan/report evidence workflow.
5. For plan, entitlement or credit states, open `/billing`. Result: `package_entitlement_status`, `credit_balance` and checkout readiness decide whether to buy, top up, wait for payment confirmation or choose another plan.
6. For provider, ticket export, webhook or self-hosted states, open `/settings` or the report export page that owns the attempt. Result: provider auth, base URL, webhook retry and connectivity fixes stay in their configured workflow.
7. For repository remediation states, open `/fix-tasks/{fixTask}`. Result: pull request failures stay attached to the fix task, branch, repository and customer approval state.
8. Check `retry_after` before pressing a retry action. Result: rate limits, webhook backoff and provider cooldowns are respected instead of creating duplicate attempts.
9. Never paste provider secrets, passwords, private tokens or customer data into a troubleshooting note. Result: blocked states are resolved by reconnecting, revoking, rotating or using a safe fallback.
10. Stop when the target is unsupported, private, outside accepted scope, missing ownership proof or blocked by provider policy. Result: the page routes to the stop condition instead of asking the customer to bypass it.
11. Continue to the specific troubleshooting guide for the owning workflow. Result: the next page explains exactly what to click, retry, change or stop.

Blocked state owners

Use the owner field before changing plan, provider, report, repository or webhook settings.

• `SCAN_SCOPE_BLOCKED` belongs to the scan run and accepted scope. Open the scan run before changing pages, sitemap input, robots handling or excluded paths.
• `PROJECT_SETUP_REQUIRED` belongs to the project detail page. Open Shortest path to first useful report before changing billing or scan state.
• `DOMAIN_AUTHORIZATION_REQUIRED` belongs to the project domain ownership panel. Publish the active challenge and use Check verification before retrying private scan delivery.
• `EVIDENCE_ARTIFACT_MISSING` belongs to the report evidence panel. Open the report before retrying screenshot, HTML snapshot, PDF or public link actions.
• `PACKAGE_ENTITLEMENT_MISSING` belongs to billing. Open `/billing` and compare `package_entitlement_status`, `credit_balance`, selected plan and checkout confirmation.
• `PROVIDER_AUTH_FAILED` belongs to settings and connector state. Read `provider_error_code`, then reconnect, revoke or rotate the provider without exposing secrets in a note.
• `TICKET_EXPORT_DELIVERY_FAILED` belongs to the report export attempt. Use the export status, destination and safe fallback output before retrying.
• `PULL_REQUEST_CREATION_FAILED` belongs to the fix task. Check repository access, branch naming, customer approval, patch state and ticket-only fallback.
• `WEBHOOK_RETRY_EXHAUSTED` belongs to the webhook retry schedule. Read `retry_after`, endpoint status and authentication before changing delivery settings.
• `SELF_HOSTED_CONNECTIVITY_BLOCKED` belongs to the self-hosted connectivity path. Verify base URL, allowlist, TLS and tunnel status before retrying scans or providers.

Retry or stop rules

Retry only when the owning workflow says the reason is now clear. Stop when the target is outside accepted scope, the customer cannot prove ownership, billing is not ready, the provider rejects access, a private route requires credentials, or `publication_status` prevents sharing.

• Use the product retry button tied to the workflow that owns the state.
• Wait until `retry_after` has passed for webhook, provider or rate-limit states.
• Use a generated export, ticket-only fallback or customer-owned provider reconnect when direct automation is blocked.
• Keep private credentials, payment references, provider tokens and customer data out of troubleshooting notes.

Ready and blocked troubleshooting states

A blocked state is ready to move forward only when the owning page shows the required automated next action.

• Ready: scan scope accepted, evidence artifact regenerated, plan or credit purchase confirmed, provider reconnected, export destination fixed, fix task approved, webhook endpoint recovered or self-hosted connectivity verified.
• Still blocked: unsupported scope, missing ownership proof, unavailable billing entitlement, failed provider authentication, rejected export destination, repository permission failure, exhausted webhook retries or unsafe self-hosted network path.
• Published output stays blocked while `publication_status` shows private, stale, unsafe wording, missing evidence or customer review required.

Continue to the specific guide

After the owning workflow is identified, use the dedicated page for the exact blocked state.

• Scan failures and blocked pages explains `SCAN_SCOPE_BLOCKED`, skipped URLs, robots handling and scan run retry rules.
• Missing evidence explains `EVIDENCE_ARTIFACT_MISSING`, screenshot paths, HTML snapshots and report evidence recovery.
• Plan and credit blocks explains `PACKAGE_ENTITLEMENT_MISSING`, plan readiness and credit top-up states.
• Provider connection errors explains `PROVIDER_AUTH_FAILED`, base URL errors and safe reconnect choices.
• Ticket export failures, Pull request failures, Webhook retries and Self-hosted connectivity cover delivery, repository, retry and network-specific stop conditions.