From 4416f6a25d839489e9179c32eed6629e1b941dac Mon Sep 17 00:00:00 2001
From: Jordan Ramos <jordan.ramos@spectrum.com>
Date: Tue, 12 May 2026 15:27:58 -0600
Subject: [PATCH] Make EXPECTED_BUS configurable via IVANTI_MANAGED_BUS env var
 for multi-tenant drift classification

---
 backend/routes/ivantiFindings.js | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/backend/routes/ivantiFindings.js b/backend/routes/ivantiFindings.js
index 261d48c..09fe2bf 100644
--- a/backend/routes/ivantiFindings.js
+++ b/backend/routes/ivantiFindings.js
@@ -638,7 +638,11 @@ async function syncFPWorkflowCounts(openFindings, apiKey, clientId, skipTls) {
 // ---------------------------------------------------------------------------
 // BU Drift Checker — post-sync classification of newly archived findings
 // ---------------------------------------------------------------------------
-const EXPECTED_BUS = new Set(['NTS-AEO-ACCESS-ENG', 'NTS-AEO-STEAM']);
+// Managed BUs for drift classification — derived from IVANTI_MANAGED_BUS env var.
+// Findings leaving these BUs are classified as bu_reassignment.
+// Each tenant deployment sets this to their own managed teams.
+const MANAGED_BUS_VALUE = process.env.IVANTI_MANAGED_BUS || 'NTS-AEO-ACCESS-ENG,NTS-AEO-STEAM';
+const EXPECTED_BUS = new Set(MANAGED_BUS_VALUE.split(',').map(b => b.trim()).filter(Boolean));
 
 async function runBUDriftChecker(newlyArchivedIds, apiKey, clientId, skipTls) {
     const summary = { bu_reassignment: 0, severity_drift: 0, closed_on_platform: 0, decommissioned: 0 };