From 0b7b5532f705c0d3215319e536d945afe24d8e11 Mon Sep 17 00:00:00 2001
From: Kevin O'Donnell <kodonnel@gmail.com>
Date: Wed, 6 May 2026 17:07:02 -0400
Subject: [PATCH] docs(aws): align refresh_scan spec with cache-window
 implementation (SUR-2503)

Add @doc/@arg annotations to aws::refresh_scan documenting the actual
cache-window (days_ago rolling window) semantics. Update SUR-2477 on
Linear to remove push-date language that never matched the implementation
and replace it with accurate cache-window descriptions.

Choosing spec-alignment (Path B) over product-change (Path A): the
cache-window logic is correct and fully tested; adding an unverifiable
ECR describe-images call would recreate the same spec/impl gap.
---
 bash/aws.sh | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/bash/aws.sh b/bash/aws.sh
index 6ec1552..9e0e9fc 100644
--- a/bash/aws.sh
+++ b/bash/aws.sh
@@ -153,6 +153,10 @@ function aws::list_findings {
 }
 
 function aws::refresh_scan {
+  @doc Skip re-scanning an ECR image when a COMPLETE scan exists within the days_ago rolling cache window and trigger aws::scan_image otherwise
+  @arg _1_ ECR repository name
+  @arg _2_ image tag
+  @arg _3_ cache window in days default 7 re-scan if last COMPLETE scan is older than this
   local repository=${1:?}
   local tag=${2:?}
   local days_ago=${3:-7}