# Implementation Plan: Spec 349 - Customer Review Workspace Output Resolution Guidance **Branch**: `349-customer-review-workspace-output-resolution-guidance` | **Date**: 2026-06-03 | **Spec**: `specs/349-customer-review-workspace-output-resolution-guidance/spec.md` **Input**: User-provided Spec 349 draft + repo truth from current Spec 347 readiness work, current Customer Review Workspace runtime, and current Environment Review detail surface. ## Summary Translate existing Review Pack output-readiness truth into calmer operator guidance without changing the underlying workflow model. This slice should: - reuse current `ReviewPackOutputReadiness` truth - convert the highest-priority limitation into one dominant blocker and one dominant next action - group remaining limitations into compact disclosure - qualify download wording honestly - surface PII/internal-only boundaries explicitly - separate review publication/completeness from output readiness on Environment Review detail This slice must not: - create persistence - create a new workflow engine or state machine - reopen Review Pack generation semantics beyond the already-completed Spec 347 contract - build a portal or renderer - weaken current authorization, workspace isolation, or signed-download safety ## Technical Context - **Language/Version**: PHP 8.4.15, Laravel 12.52.x - **Primary Dependencies**: Filament 5.2.x, Livewire 4.1.x, Pest 4, Tailwind CSS 4 - **Storage**: PostgreSQL; no schema change expected - **Testing**: Pest Feature/Livewire tests plus one bounded Pest Browser smoke file - **Validation Lanes**: confidence + browser - **Target Platform**: `apps/platform` Laravel monolith; Sail-first locally; Dokploy posture unchanged - **Project Type**: web application with server-rendered Filament/Blade surfaces - **Performance Goals**: no new remote calls during render, no new queue family, and no duplicate read-model layer beyond a bounded derived guidance adapter - **Constraints**: no false customer-safe wording, no warning wall, no hidden shell-scope behavior, no new route family, no new persisted guidance state, and no detail-surface redesign outside the output-guidance slice - **Scale/Scope**: one strategic workspace surface, one review detail surface, existing review-pack proof/download path, focused Feature coverage, and one Browser smoke ## UI / Surface Guardrail Plan - **Guardrail scope**: material change to an existing strategic customer-safe review surface plus an existing review detail surface - **Affected routes/pages/actions/states/navigation/panel/provider surfaces**: - `/admin/reviews/workspace` - `apps/platform/app/Filament/Pages/Reviews/CustomerReviewWorkspace.php` - `apps/platform/resources/views/filament/pages/reviews/customer-review-workspace.blade.php` - `apps/platform/app/Filament/Resources/EnvironmentReviewResource.php` - `apps/platform/app/Filament/Resources/EnvironmentReviewResource/Pages/ViewEnvironmentReview.php` - existing review-pack download wording as reached from those surfaces - **No-impact class, if applicable**: N/A - **Native vs custom classification summary**: native Filament page/resource plus existing Blade/infolist composition; no new route or panel/provider - **Shared-family relevance**: status messaging, next-action guidance, disclosure, proof links, qualified download wording - **State layers in scope**: page payload, detail payload, URL-query filter on workspace, derived output-guidance payload only - **Audience modes in scope**: operator-MSP, customer-safe review consumer, support where authorized - **Decision/diagnostic/raw hierarchy plan**: one output verdict first, grouped limitations second, technical details third - **Raw/support gating plan**: keep technical details collapsed or clearly secondary; keep support/raw detail capability-gated where already applicable - **One-primary-action / duplicate-truth control**: preserve one dominant next action and remove repeated blocker summaries from lower panels - **Handling modes by drift class or surface**: review-mandatory - **Repository-signal treatment**: review-mandatory because this is a strategic trust surface - **Special surface test profiles**: `global-context-shell` + `shared-detail-family` - **Required tests or manual smoke**: functional-core + browser smoke - **Exception path and spread control**: one bounded guidance adapter is allowed; no cross-domain framework - **Active feature PR close-out entry**: Guardrail / Smoke Coverage - **UI/Productization coverage decision**: update `docs/ui-ux-enterprise-audit/page-reports/ui-006-customer-review-workspace.md`; add a second report only if implementation proves the existing identity cannot absorb the detail-surface notes cleanly - **Coverage artifacts to update**: existing workspace page report only unless repo truth later proves more is required - **Navigation / Filament provider-panel handling**: N/A; no panel/provider change expected - **Screenshot or page-report need**: yes, because this is a strategic customer-safe surface and one bounded browser smoke will produce proof artifacts ## Shared Pattern & System Fit - **Cross-cutting feature marker**: yes - **Systems touched**: - `App\Support\ReviewPacks\ReviewPackOutputReadiness` - `App\Filament\Pages\Reviews\CustomerReviewWorkspace` - `App\Filament\Resources\EnvironmentReviewResource` - `App\Filament\Resources\EnvironmentReviewResource\Pages\ViewEnvironmentReview` - existing review-pack and evidence link helpers - **Shared abstractions reused**: - current limitation codes and readiness fields from `ReviewPackOutputReadiness` - current workspace link/action helper paths - current Environment Review artifact-truth and summary presentation - **New abstraction introduced? why?**: maybe one narrow `ReviewPackOutputResolutionGuidance`-style adapter if direct extension of `ReviewPackOutputReadiness` would blur raw output truth and UI guidance responsibilities - **Why the existing abstraction was sufficient or insufficient**: current readiness truth is sufficient as the source, but it is not yet shaped for grouped operator guidance across multiple surfaces - **Bounded deviation / spread control**: any new guidance adapter must remain local to review output guidance and must not become a generic workflow-resolution framework ## OperationRun UX Impact - **Touches OperationRun start/completion/link UX?**: existing proof-link usage only - **Central contract reused**: existing Review Pack / Environment Review proof links - **Delegated UX behaviors**: unchanged - **Surface-owned behavior kept local**: one-blocker ranking, grouped limitation copy, and qualified next-action wording - **Queued DB-notification policy**: unchanged - **Terminal notification path**: unchanged - **Exception path**: none ## Provider Boundary & Portability Fit - **Shared provider/platform boundary touched?**: no new provider seam - **Provider-owned seams**: N/A - **Platform-core seams**: output readiness, customer-safe/internal-only/blocked guidance vocabulary - **Neutral platform terms / contracts preserved**: review pack, evidence basis, limitation, customer-safe, internal-only, next action - **Retained provider-specific semantics and why**: only where current review/evidence text already carries provider-backed content - **Bounded extraction or follow-up path**: none ## Current Repo Truth Summary - `App\Support\ReviewPacks\ReviewPackOutputReadiness` already derives: - `readiness_state` - `customer_safe_state` - `primary_reason` - `primary_action` - `limitations` - `section_summary` - `CustomerReviewWorkspace` already folds that truth into: - `effectiveWorkspaceReadinessState()` - `workspaceReadinessLabel()` - `workspaceReadinessReason()` - `workspaceReadinessImpact()` - `workspaceReadinessActions()` - current decision card and proof-panel payloads - Current workspace gaps: - no grouped limitation list tied to one dominant blocker - no explicit technical-details disclosure contract for output guidance - existing primary/secondary action mapping is still spread across multiple helper methods - `EnvironmentReviewResource` / `ViewEnvironmentReview` already own the detail surface: - infolist sections for outcome summary, review, executive posture, and sections - customer-workspace mode that narrows header actions - no explicit summary block separating review publication/completeness from output-readiness/sharing state - Route truth is already stable and workspace/environment scoped; no new route family is needed - Existing page audit identity is `ui-006-customer-review-workspace.md` ## Implementation Approach ### Phase 0 - Repo Truth Gate 1. Re-read the prepared `spec.md`, `plan.md`, `tasks.md`, `repo-truth-map.md`, and `checklists/requirements.md` before runtime edits. 2. Re-check current runtime truth in: - `apps/platform/app/Support/ReviewPacks/ReviewPackOutputReadiness.php` - `apps/platform/app/Filament/Pages/Reviews/CustomerReviewWorkspace.php` - `apps/platform/resources/views/filament/pages/reviews/customer-review-workspace.blade.php` - `apps/platform/app/Filament/Resources/EnvironmentReviewResource.php` - `apps/platform/app/Filament/Resources/EnvironmentReviewResource/Pages/ViewEnvironmentReview.php` 3. Keep `specs/349-customer-review-workspace-output-resolution-guidance/repo-truth-map.md` current if runtime inspection reveals additional bounded truth. ### Phase 1 - Tests First 1. Add focused guidance tests before runtime refactor: - `apps/platform/tests/Feature/ReviewPack/Spec349ReviewPackResolutionGuidanceTest.php` - `apps/platform/tests/Feature/Filament/Spec349CustomerReviewWorkspaceOutputGuidanceTest.php` - `apps/platform/tests/Feature/EnvironmentReview/Spec349EnvironmentReviewOutputGuidanceTest.php` - `apps/platform/tests/Browser/Spec349OutputResolutionGuidanceSmokeTest.php` 2. Lock the following before runtime changes: - one primary output state - one primary next action - grouped limitation disclosure - qualified download wording - explicit PII/internal-only warning - collapsed technical details by default - review detail separation of status dimensions 3. Reuse current review/evidence/review-pack fixtures; do not widen default helper cost. ### Phase 2 - Bounded Guidance Adapter 1. Choose the narrowest implementation home: - extend `ReviewPackOutputReadiness` with derived presentation fields only if raw truth remains legible, or - add a small `ReviewPackOutputResolutionGuidance` companion under `app/Support/ReviewPacks/` 2. Keep the guidance layer derived-only: - display state - label - severity - primary reason - impact - primary action - grouped limitations - secondary actions - technical-details payload 3. If additional display states such as `publication_blocked` are needed, keep them presentation-only and map them from current limitation codes or publish-blocker truth. ### Phase 3 - Action Mapping And Copy 1. Map limitation codes to plain-language guidance: - evidence basis incomplete -> open evidence basis - required sections incomplete -> review section limitations - mapping/control limitations -> review unmapped evidence or control interpretation - publish blockers -> resolve review blockers - contains PII -> review package contents / PII state - export not ready -> review output limitations 2. Prefer existing route helpers and scoped resource URLs. 3. Keep button and notification vocabulary aligned to current localization patterns: `Verb + Object`, conservative sharing language, no false-ready wording. ### Phase 4 - Customer Review Workspace Update 1. Update `CustomerReviewWorkspace` payload building to consume the bounded guidance object instead of scattered reason/action logic. 2. Update the Blade view to show: - one output-guidance label - one primary reason - one impact statement - one primary action - compact grouped limitations - qualified secondary download/action wording - collapsed technical details 3. Preserve current acknowledgement, accepted-risk, findings, and proof sections unless a minimal copy/order change is required to support the one-blocker hierarchy. ### Phase 5 - Environment Review Detail Update 1. Update `EnvironmentReviewResource` / `ViewEnvironmentReview` so the detail surface clearly separates: - review status - output readiness - publication/sharing state 2. Keep fingerprint and raw proof detail secondary or hidden in customer-workspace mode. 3. Preserve customer-workspace-mode access, download safety, and current lifecycle-action behavior outside that mode. ### Phase 6 - Localization, Audit, And Browser Proof 1. Update only the required output-guidance keys in: - `apps/platform/lang/en/localization.php` - `apps/platform/lang/de/localization.php` 2. Update `docs/ui-ux-enterprise-audit/page-reports/ui-006-customer-review-workspace.md` with the new guidance model, one-primary-action rule, grouped limitation behavior, and repo-truth note about the missing `ui-009-review-pack-output-contract.md`. 3. Capture screenshots under `specs/349-customer-review-workspace-output-resolution-guidance/artifacts/screenshots/`. ### Phase 7 - Validation And Close-Out 1. Run focused Feature tests for the new guidance layer and the current Spec 347 regressions. 2. Run the bounded Browser smoke for representative states. 3. Run `pint --dirty` and `git diff --check`. 4. Record any unrelated failures separately without widening scope. ## Validation Plan ```bash cd apps/platform ./vendor/bin/sail artisan test tests/Feature/ReviewPack/Spec349ReviewPackResolutionGuidanceTest.php tests/Feature/Filament/Spec349CustomerReviewWorkspaceOutputGuidanceTest.php tests/Feature/EnvironmentReview/Spec349EnvironmentReviewOutputGuidanceTest.php --compact ./vendor/bin/sail php vendor/bin/pest tests/Browser/Spec349OutputResolutionGuidanceSmokeTest.php --compact ./vendor/bin/sail artisan test --compact --filter=Spec347 ./vendor/bin/sail artisan test --compact --filter=CustomerReviewWorkspace ./vendor/bin/sail artisan test --compact --filter=ReviewPack ./vendor/bin/sail pint --dirty git diff --check ``` ## Deployment Impact - **Env vars**: none expected - **Migrations**: none - **Queues / scheduler**: none - **Storage**: none - **Assets**: no new Filament asset registration expected; `filament:assets` is not newly required by this change