Fix drift checker re-classifying same archived findings every sync

Root cause: archived findings were never removed from ivanti_findings
(state='open'), so they appeared in previousFindings every sync, got
flagged as 'disappeared' every time, and were re-classified by the
drift checker — inflating the BU reassignment count to ~220/sync
when only a handful of genuinely new reassignments existed.

Fixes:
1. Filter out already-archived findings (archived >2h ago) before
   passing to the drift checker — only genuinely new archives get
   classified.
2. Delete disappeared findings from ivanti_findings after archive
   detection so they don't pollute future syncs.
3. Cleaned up 536 stale findings that were accumulated in the table.

The archive activity bar chart should drop from ~500 to near-zero
on the next sync, with only genuinely new disappearances showing.

backend/routes/ivantiFindings.js

@@ -954,6 +954,21 @@ async function syncFindings() {
             console.error('[Ivanti Findings] Archive detection failed (non-fatal):', err.message);
         }
 
+        // Remove archived findings from ivanti_findings to prevent stale re-detection
+        if (archiveResult.disappearedIds && archiveResult.disappearedIds.length > 0) {
+            try {
+                const { rowCount } = await pool.query(
+                    `DELETE FROM ivanti_findings WHERE state = 'open' AND CAST(id AS TEXT) = ANY($1::text[])`,
+                    [archiveResult.disappearedIds.map(String)]
+                );
+                if (rowCount > 0) {
+                    console.log(`[Ivanti Findings] Removed ${rowCount} archived findings from ivanti_findings`);
+                }
+            } catch (err) {
+                console.error('[Ivanti Findings] Failed to clean archived findings from table (non-fatal):', err.message);
+            }
+        }
+
         // Read previous counts BEFORE syncClosedCount updates them — needed for anomaly deltas
         let previousOpenCount = 0;
         let previousClosedCount = 0;
@@ -973,9 +988,23 @@ async function syncFindings() {
         await syncFPWorkflowCounts(allFindings, apiKey, clientId, skipTls);
 
         // Post-sync: BU drift checker for newly archived findings
+        // Filter out findings that were already in ARCHIVED state from a previous sync —
+        // only pass genuinely new disappearances to avoid re-classifying the same set every cycle.
         let classificationBreakdown = { bu_reassignment: 0, severity_drift: 0, closed_on_platform: 0, decommissioned: 0 };
         try {
-            classificationBreakdown = await runBUDriftChecker(archiveResult.disappearedIds, apiKey, clientId, skipTls);
+            let idsToCheck = archiveResult.disappearedIds || [];
+            if (idsToCheck.length > 0) {
+                const { rows: alreadyArchived } = await pool.query(
+                    `SELECT finding_id FROM ivanti_finding_archives
+                     WHERE current_state = 'ARCHIVED'
+                       AND last_transition_at < NOW() - INTERVAL '2 hours'`
+                );
+                const alreadyArchivedSet = new Set(alreadyArchived.map(r => String(r.finding_id)));
+                const newlyArchivedOnly = idsToCheck.filter(id => !alreadyArchivedSet.has(String(id)));
+                console.log(`[BU Drift Checker] ${idsToCheck.length} disappeared total, ${newlyArchivedOnly.length} genuinely new (${alreadyArchivedSet.size} already archived, skipped)`);
+                idsToCheck = newlyArchivedOnly;
+            }
+            classificationBreakdown = await runBUDriftChecker(idsToCheck, apiKey, clientId, skipTls);
         } catch (err) {
             console.error('[Ivanti Findings] BU drift checker failed (non-fatal):', err.message);
         }