> ## Documentation Index
> Fetch the complete documentation index at: https://docs.encoreos.io/llms.txt
> Use this file to discover all available pages before exploring further.

# Patch Tracking

> View, filter, add, and edit security patches. Filter by severity or status, view per-asset deployment progress, and manage patch metadata.

This page lists all security patches in the IT Security module and provides filtering tools. Navigate to it at `/it/security/patches`.

## Overview

The Patch Tracking page displays a filterable, searchable table of security patches. Each row shows Patch ID, Name, Severity, Release Date, Status, and a deployment progress bar. Filters available: search (Patch ID or Name), Severity (All, Critical, High, Medium, Low), and Status (All, Active, Superseded, Deprecated). The **Add Patch** button navigates to `/it/security/patches/new`.

## Who it's for

This route is protected by `IT_PERMISSIONS.VIEW` (`it.view`) via the module-level `ITViewGuard`. No additional per-route permission gate exists beyond the module guard.

## Before you start

* No prerequisites. The list loads automatically on page load.

## Steps

1. Navigate to **IT > Security > Patch Tracking**, or go directly to `/it/security/patches`.
2. Use the **search box** to filter by Patch ID or name.
3. Use the **Severity** dropdown to focus on a specific severity level.
4. Use the **Status** dropdown to show active, superseded, or deprecated patches.
5. Click a Patch ID link to open the patch detail page.
6. Click **Add Patch** to create a new patch record.

## Key concepts

* **Patch ID** — the vendor-assigned identifier; displayed in monospace and used as the primary identifier.
* **Severity** — `critical | high | medium | low`.
* **Status** — `active | superseded | deprecated`.
* **Deployment progress bar** — visual summary of deployed vs. total tracked assets per patch.

## Viewing a patch

The Patch Details page (`/it/security/patches/:id`) shows patch metadata (Patch ID, Name, Severity badge, Status badge, Release Date, Vendor, Affected Software, Description) and a deployment table listing each asset row with its deployment status, deployed date, and notes. A progress bar summarizes deployed vs. total asset count. The Edit button navigates to `/it/security/patches/:id/edit`.

1. Navigate to **IT > Security > Patch Tracking** and click a patch's ID or name, or navigate directly to `/it/security/patches/:id`.
2. Review the patch metadata in the header and summary cards.
3. Review the **Deployment Status** table to see which assets have received this patch.
4. Click an asset name in the table to navigate to that asset's detail page.
5. Click **Edit** (top right) to modify patch metadata.

**Key fields:**

* **Patch ID** — the vendor-assigned identifier (e.g., `KB5034441`), displayed in monospace.
* **Deployment status** — per-asset statuses include `deployed`, `failed`, `not_applicable`, and a default pending state.
* **DeploymentProgressBar** — visual indicator of `deployed / total` asset count.
* **SeverityBadge** — visual severity indicator (`critical`, `high`, `medium`, `low`).

## Creating a patch

The New Patch page (`/it/security/patches/new`) is a single-step form for adding a security patch record. Required fields are Patch ID and Patch Name; all other fields (severity, release date, status, affected software, description) are optional. On successful submission the user is redirected to the Patch Tracking list at `/it/security/patches`.

Before you start: obtain the vendor-assigned patch identifier (e.g., `KB5034441`) and know the applicable severity level.

1. Navigate to **IT > Security > Patch Tracking** and click **Add Patch**, or go directly to `/it/security/patches/new`.
2. Enter a **Patch ID** (required) — the vendor-assigned identifier.
3. Enter a **Patch Name** (required) — a human-readable label.
4. Select a **Severity**: Critical, High, Medium (default), or Low.
5. Set the **Release Date** (defaults to today).
6. Select a **Status**: Active (default), Superseded, or Deprecated.
7. Optionally enter the **Affected Software** and a **Description**.
8. Click **Create Patch**. On success you are redirected to Patch Tracking.

**Key concepts:**

* **Patch ID** — stored as `patch_id`; the vendor-supplied identifier (e.g., a Microsoft KB number).
* **Severity** — `critical | high | medium | low` from the `SecuritySeverity` type.
* **Status** — `active | superseded | deprecated` from the `PatchStatus` type.
* **Deployment tracking** — once created, patch deployment per asset is tracked separately from the patch record itself.

## Editing a patch

The Edit Patch page (`/it/security/patches/:id/edit`) loads the existing patch via `useSecurityPatch`. Editable fields: patch ID, patch name, severity, release date, status (`active` default), affected software, and description. On save, `updatePatch` is called. A loading skeleton is shown while data fetches; an error state appears if the patch is not found. A back-navigation button is provided.

Permission required: `IT_PERMISSIONS.VIEW` via the outer `ITViewGuard`. No additional per-route gate.

1. Navigate to `/it/security/patches/:id/edit` from the patch detail or list page.
2. Modify patch ID, name, severity, release date, status, affected software, and description.
3. Submit the form to save updates and navigate back.

**Key fields:**

* **patch\_id** — Identifier for the patch (e.g., vendor patch reference).
* **severity** — `SecuritySeverity` type; default `medium`.
* **status** — `PatchStatus` type; default `active`.
* **affected\_software** — Free-text field identifying which software the patch applies to.

## Related

<Columns cols={2}>
  <Card title="IT Service Management" icon="headset" href="/it/overview">
    IT Service Management overview.
  </Card>

  <Card title="Governance & parity" icon="scale-balanced" href="/governance/index" />
</Columns>

<Note>
  This page documents shipped product behavior. It is not medical, legal, or
  billing advice. Verify against your organization's policies and applicable
  regulations before using it for clinical, compliance, or billing decisions.
  Protected health information (PHI) shown in the product is governed by your
  tenant's access controls and is never exposed in this documentation.
</Note>

<Accordion title="Documentation sources">
  * src/routes/it.tsx
  * src/cores/it/pages/security/patches/PatchListPage.tsx
  * src/cores/it/pages/security/patches/PatchDetailPage.tsx
  * src/cores/it/pages/security/patches/NewPatchPage.tsx
  * src/cores/it/pages/security/patches/EditPatchPage.tsx
  * src/cores/it/hooks/usePatchesWithDeploymentStats.ts
  * src/cores/it/hooks/useSecurityPatches.ts
  * src/cores/it/hooks/usePatchDeployments.ts
  * src/cores/it/hooks/useSecurityPatchMutations.ts
  * src/cores/it/types/security.ts
</Accordion>
