ahmido/TenantAtlas
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects 1 Releases Wiki Activity
272-operationrun-phase-composite-progress
TenantAtlas/specs/267-artifact-lifecycle-retention/tasks.md
ahmido 6bf8e7f76b feat: 267-artifact-lifecycle-retention → platform-dev (#323) 
Automated PR to merge `267-artifact-lifecycle-retention` into `platform-dev`.

Created by Copilot.

Co-authored-by: Ahmed Darrazi <ahmed.darrazi@live.de>
Reviewed-on: #323
2026-05-03 20:30:51 +00:00

28 KiB
Raw Permalink Blame History

description
Task list for Governance Artifact Lifecycle & Retention v1

Tasks: Governance Artifact Lifecycle & Retention v1

Input: Design documents from specs/267-artifact-lifecycle-retention/
Prerequisites: specs/267-artifact-lifecycle-retention/spec.md, specs/267-artifact-lifecycle-retention/plan.md, specs/267-artifact-lifecycle-retention/research.md, specs/267-artifact-lifecycle-retention/data-model.md, specs/267-artifact-lifecycle-retention/quickstart.md, specs/267-artifact-lifecycle-retention/checklists/requirements.md

Review Artifact: specs/267-artifact-lifecycle-retention/checklists/requirements.md is the outcome-of-record for the review outcome class, workflow outcome, and test-governance outcome. If mutation persistence widens or a current decision-surface edit becomes necessary, update that artifact before continuing. Tests: REQUIRED (Pest). Keep proof bounded to one new shared contract unit suite plus focused feature coverage on existing evidence, review-pack, tenant-review, customer-workspace, findings, and stored-report seams. The canonical proving suite is GovernanceArtifactLifecycleContractTest, EvidenceSnapshotResourceTest, EvidenceSnapshotAuditLogTest, ReviewPackResourceTest, ReviewPackDownloadTest, ReviewPackEntitlementEnforcementTest, TenantReviewLifecycleTest, TenantReviewUiContractTest, CustomerReviewWorkspacePackAccessTest, CustomerReviewWorkspaceLaunchLinksTest, FindingExceptionRenewalTest, FindingExceptionRevocationTest, StoredReportModelTest, PruneStoredReportsCommandTest, and StoredReportFingerprintTest. Browser proof is not part of the default lane; one narrow manual smoke is allowed only if native Feature or controller coverage leaves grouped-action or read-only behavior ambiguous. Operations: No new OperationRun, queue family, export-before-delete workflow, or purge executor is allowed. Existing review-pack generation must keep the shared OperationRun start and completion UX unchanged, and blocked future starts remain pre-run business-state blocks. RBAC: Workspace entitlement and tenant entitlement remain mandatory before any artifact truth, lifecycle badge, download affordance, or mutation affordance is revealed. Non-members and wrong-scope actors stay 404; in-scope members missing the relevant capability stay 403. Existing capabilities such as EVIDENCE_VIEW, REVIEW_PACK_VIEW, REVIEW_PACK_MANAGE, TENANT_REVIEW_VIEW, TENANT_REVIEW_MANAGE, and the current FINDING_EXCEPTION_* checks remain authoritative. Destructive-like lifecycle actions must stay confirmation-backed on existing detail owners only. Shared Pattern Reuse: Reuse ArtifactTruthPresenter, BadgeCatalog, BadgeRenderer, WorkspaceCommercialLifecycleResolver, existing review-pack download authorization, current tenant-review and evidence lifecycle services, current findings aggregate seams, and existing audit logging. Do not create a generic artifact registry, a second lifecycle presenter family, or a new browsing console. Filament / Panel Guardrails: Filament stays v5 on Livewire v4. Provider registration remains unchanged in apps/platform/bootstrap/providers.php. EvidenceSnapshotResource, TenantReviewResource, and ReviewPackResource remain non-searchable, no new globally searchable resource is introduced, and no asset-registration or panel-path change is allowed. Organization: Tasks are grouped by user story so the shared contract, suspended-read-only behavior, and audit plus decision-history rules remain independently implementable and testable on existing repo seams only.

Test Governance Checklist

  • Lane assignment stays Unit plus focused Feature, which is the narrowest sufficient proof for this slice.
  • New or changed tests stay in apps/platform/tests/Unit/Support/GovernanceArtifactTruth/, apps/platform/tests/Feature/Evidence/, apps/platform/tests/Feature/ReviewPack/, apps/platform/tests/Feature/TenantReview/, apps/platform/tests/Feature/Reviews/, apps/platform/tests/Feature/Findings/, apps/platform/tests/Feature/PermissionPosture/, and apps/platform/tests/Feature/EntraAdminRoles/ only.
  • Shared fixtures remain cheap by default through apps/platform/tests/Feature/Concerns/BuildsGovernanceArtifactTruthFixtures.php and the current family factories instead of a new heavy artifact matrix harness.
  • Planned proof uses the canonical commands from plan.md and quickstart.md without widening into browser or unrelated suites.
  • The declared surface profile remains standard-native-filament plus shared-detail-family; CustomerReviewWorkspace stays read-only and scan-first, and accepted-risk decision adoption stays headless in v1.
  • specs/267-artifact-lifecycle-retention/checklists/requirements.md records the current outcome-of-record for the shipped slice. If mutation persistence or current decision-surface edits widen scope, the workflow outcome flips to split before implementation continues.
  • Any drift toward a generic artifact registry, purge engine, closure flow, billing or support-access scope, new browsing console, panel or global-search changes, or browser-heavy default proof resolves as reject-or-split or an explicit follow-up spec.

Implementation Status

  • Delivered the shared read-only lifecycle and retention contract on the existing evidence, tenant-review, and review-pack detail surfaces plus headless stored-report and accepted-risk decision-history seams.
  • Preserved the existing suspended-read-only and signed-download behavior on current services and controller seams without widening into a new console or queue family.
  • Ran the canonical feature and unit proof plus one narrow manual browser smoke in tenant scope.
  • Split hold and deletion-request persistence out of this slice because the bounded current-owner mutation gate did not pass without widening scope.
  • Deferred mutation persistence, new hold or deletion-request actions, and any broader purge or closure workflow to a follow-up slice.

Phase 1: Setup (Shared Context)

Purpose: Confirm the bounded slice, current shared seams, and stop conditions before implementation begins.

  • T001 Review specs/267-artifact-lifecycle-retention/spec.md, specs/267-artifact-lifecycle-retention/plan.md, specs/267-artifact-lifecycle-retention/research.md, specs/267-artifact-lifecycle-retention/data-model.md, specs/267-artifact-lifecycle-retention/quickstart.md, and specs/267-artifact-lifecycle-retention/checklists/requirements.md together so lifecycle truth, retention truth, proof commands, workflow outcomes, and explicit non-goals stay aligned.
  • T002 [P] Confirm the current shared lifecycle-truth seams in apps/platform/app/Support/Ui/GovernanceArtifactTruth/ArtifactTruthPresenter.php, apps/platform/app/Support/Badges/BadgeCatalog.php, and apps/platform/app/Support/Badges/BadgeRenderer.php before adding any new lifecycle or retention vocabulary.
  • T003 [P] Confirm the current artifact owners, review-context surfaces, and lifecycle services in apps/platform/app/Models/EvidenceSnapshot.php, apps/platform/app/Models/TenantReview.php, apps/platform/app/Models/ReviewPack.php, apps/platform/app/Models/StoredReport.php, apps/platform/app/Models/FindingException.php, apps/platform/app/Models/FindingExceptionDecision.php, apps/platform/app/Services/Evidence/EvidenceSnapshotService.php, apps/platform/app/Services/ReviewPackService.php, apps/platform/app/Services/TenantReviews/TenantReviewLifecycleService.php, apps/platform/app/Services/Findings/FindingExceptionService.php, and apps/platform/app/Services/Entitlements/WorkspaceCommercialLifecycleResolver.php.
  • T004 [P] Confirm the current consumer surfaces and controller seams in apps/platform/app/Filament/Resources/EvidenceSnapshotResource.php, apps/platform/app/Filament/Resources/EvidenceSnapshotResource/Pages/ViewEvidenceSnapshot.php, apps/platform/app/Filament/Resources/TenantReviewResource.php, apps/platform/app/Filament/Resources/TenantReviewResource/Pages/ViewTenantReview.php, apps/platform/app/Filament/Resources/ReviewPackResource.php, apps/platform/app/Filament/Resources/ReviewPackResource/Pages/ViewReviewPack.php, apps/platform/app/Filament/Pages/Reviews/CustomerReviewWorkspace.php, and apps/platform/app/Http/Controllers/ReviewPackDownloadController.php.

Phase 2: Foundational (Blocking Prerequisites)

Purpose: Establish the shared governance-artifact lifecycle and retention contract before any story-specific surface work begins.

Critical: No user-story implementation should begin until this phase is complete.

  • T005 [P] Add failing unit coverage in apps/platform/tests/Unit/Support/GovernanceArtifactTruth/GovernanceArtifactLifecycleContractTest.php for immutable artifact reference, lifecycle versus retention separation, hold-over-deletion-request precedence, suspended-read-only not acting as retention truth, and family mapping for evidence snapshots, review packs, stored reports, and accepted-risk decision history.
  • T006 [P] Extend shared test setup in apps/platform/tests/Feature/Concerns/BuildsGovernanceArtifactTruthFixtures.php, apps/platform/database/factories/TenantReviewFactory.php, apps/platform/database/factories/ReviewPackFactory.php, and apps/platform/database/factories/StoredReportFactory.php so existing suites can seed current, historical, superseded, retained, expired-direct-access, and suspended-read-only cases without a new heavy-governance harness.
  • T007 Implement the bounded shared lifecycle and retention contract in apps/platform/app/Support/Ui/GovernanceArtifactTruth/ArtifactTruthPresenter.php so the current presenter emits immutable reference, lifecycle state, retention state, and next allowed or blocked action from one path instead of page-local status fragments.
  • T008 [P] Centralize lifecycle and retention badge vocabulary in apps/platform/app/Support/Badges/BadgeCatalog.php and apps/platform/app/Support/Badges/BadgeRenderer.php so evidence, review, review-pack, customer-workspace, and aggregate-level decision history reuse one meaning for current, historical, superseded, retained, hold, deletion requested, and expired direct access.

Checkpoint: The shared contract, fixtures, and centralized badge language are ready before current surfaces start consuming them.

Phase 3: User Story 1 - Understand What An Artifact Is Allowed To Do Now (Priority: P1)

Goal: Give operators one stable artifact reference, one lifecycle role, one retention state, and one honest next action across the existing evidence, review, and review-pack surfaces while keeping stored-report adoption headless.

Independent Test: Open an evidence snapshot, a tenant review with a current export summary, and a review pack in current, historical, and expired-direct-access states, then verify each surface answers identity, lifecycle, retention, and next action from the first screen without opening raw diagnostics.

Tests for User Story 1

  • T009 [P] [US1] Add failing feature coverage in apps/platform/tests/Feature/Evidence/EvidenceSnapshotResourceTest.php for immutable reference display, lifecycle and retention truth, historical-versus-current evidence semantics, and one dominant next action on the existing evidence resource.
  • T010 [P] [US1] Add failing feature coverage in apps/platform/tests/Feature/TenantReview/TenantReviewUiContractTest.php and apps/platform/tests/Feature/ReviewPack/ReviewPackResourceTest.php for current export summaries, retained-versus-historical review-pack truth, blocked-versus-allowed next action wording, and the absence of page-local lifecycle drift.
  • T011 [P] [US1] Add failing headless coverage in apps/platform/tests/Feature/PermissionPosture/StoredReportModelTest.php and apps/platform/tests/Feature/EntraAdminRoles/StoredReportFingerprintTest.php for stable stored-report reference, latest-versus-historical fingerprint selection, and retention-truth derivation without introducing a dedicated stored-report browsing surface.

Implementation for User Story 1

  • T012 [US1] Adopt the shared lifecycle contract on apps/platform/app/Filament/Resources/EvidenceSnapshotResource.php and apps/platform/app/Filament/Resources/EvidenceSnapshotResource/Pages/ViewEvidenceSnapshot.php so evidence summary surfaces show artifact reference, lifecycle state, retention state, and the next allowed or blocked action without new local badge maps.
  • T013 [US1] Adopt the shared lifecycle contract on apps/platform/app/Filament/Resources/TenantReviewResource.php and apps/platform/app/Filament/Resources/TenantReviewResource/Pages/ViewTenantReview.php so the current export summary states whether the referenced artifact is current, historical, retained, or blocked without widening the review workflow.
  • T014 [US1] Adopt the shared lifecycle contract on apps/platform/app/Filament/Resources/ReviewPackResource.php and apps/platform/app/Filament/Resources/ReviewPackResource/Pages/ViewReviewPack.php so retained and downloadable packs, historical packs, and expired-direct-access packs all speak one lifecycle and retention language.
  • T015 [US1] Extend headless stored-report adoption in apps/platform/app/Models/StoredReport.php and apps/platform/app/Console/Commands/PruneStoredReportsCommand.php so the shared contract can classify current-versus-historical stored reports and retention expectations without creating a stored-report UI or generic purge framework.

Checkpoint: User Story 1 is independently functional when the current artifact surfaces and headless stored-report seams all consume the same lifecycle and retention contract.

Phase 4: User Story 2 - Preserve History During Suspended Read-Only Posture (Priority: P1)

Goal: Preserve authorized read access to retained artifacts and already-generated downloads during suspended-read-only posture while keeping generation and lifecycle mutations blocked on the current surfaces.

Independent Test: Put a workspace into suspended-read-only posture, then verify that retained review packs and review-linked artifacts remain readable on current surfaces while generation or mutation affordances stay blocked with one calm read-only explanation.

Tests for User Story 2

  • T016 [P] [US2] Add failing feature coverage in apps/platform/tests/Feature/ReviewPack/ReviewPackDownloadTest.php, apps/platform/tests/Feature/Reviews/CustomerReviewWorkspacePackAccessTest.php, and apps/platform/tests/Feature/Reviews/CustomerReviewWorkspaceLaunchLinksTest.php for retained-pack access, blocked future generation, read-only explanation fidelity, and keeping CustomerReviewWorkspace scan-first instead of turning it into a new download console.
  • T017 [P] [US2] Add failing feature coverage in apps/platform/tests/Feature/TenantReview/TenantReviewLifecycleTest.php for review-derived artifact truth under suspended-read-only posture and for separating blocked successor generation from still-readable retained history.

Implementation for User Story 2

  • T018 [US2] Extend apps/platform/app/Http/Controllers/ReviewPackDownloadController.php and apps/platform/app/Services/ReviewPackService.php so ready retained downloads keep the current entitled-access behavior while blocked new generation continues to reuse apps/platform/app/Services/Entitlements/WorkspaceCommercialLifecycleResolver.php without becoming retention truth.
  • T019 [US2] Adopt suspended-read-only lifecycle messaging in apps/platform/app/Filament/Pages/Reviews/CustomerReviewWorkspace.php, apps/platform/app/Filament/Resources/TenantReviewResource/Pages/ViewTenantReview.php, and apps/platform/app/Filament/Resources/ReviewPackResource.php so retained history stays visible and tenant-plane mutations stay honestly blocked.
  • T020 [US2] Keep the existing action-surface contract intact in apps/platform/app/Filament/Pages/Reviews/CustomerReviewWorkspace.php and apps/platform/app/Filament/Resources/ReviewPackResource.php so Open review and Download current pack remain contextual actions, CustomerReviewWorkspace stays read-only, and no new browsing console or mutation surface appears.

Checkpoint: User Story 2 is independently functional when suspended-read-only posture preserves retained history without implying new generation, hidden deletion, or a broader console rewrite.

Phase 5: User Story 3 - Audit Every Lifecycle-Sensitive Artifact Action (Priority: P2)

Goal: Keep lifecycle-sensitive actions auditable and authorized while extending the same lifecycle contract to accepted-risk decision history through current aggregate seams only.

Independent Test: Download a retained review pack, perform any in-scope lifecycle mutation that passes the bounded current-owner persistence gate, and inspect accepted-risk decision history through the current aggregate seam to confirm audit proof, authorization behavior, append-only history, and no new decision or artifact console.

Tests for User Story 3

  • T021 [P] [US3] Add failing feature coverage in apps/platform/tests/Feature/Evidence/EvidenceSnapshotAuditLogTest.php and apps/platform/tests/Feature/ReviewPack/ReviewPackDownloadTest.php for artifact-reference-based audit events that record actor, workspace, tenant, source surface, and before-or-after lifecycle or retention truth on download and any lifecycle-sensitive action that passes the bounded current-owner persistence gate.
  • T022 [P] [US3] Add failing feature coverage in apps/platform/tests/Feature/ReviewPack/ReviewPackEntitlementEnforcementTest.php, apps/platform/tests/Feature/Evidence/EvidenceSnapshotResourceTest.php, and apps/platform/tests/Feature/TenantReview/TenantReviewLifecycleTest.php for positive and negative authorization, 404 versus 403 behavior, and destructive-like action gating on current detail owners only.
  • T023 [P] [US3] Add failing feature coverage in apps/platform/tests/Feature/Findings/FindingExceptionRenewalTest.php and apps/platform/tests/Feature/Findings/FindingExceptionRevocationTest.php for headless accepted-risk decision-history lifecycle adoption on the current aggregate seam, append-only historical addressability, and the absence of current-slice DecisionRegister or ViewFindingException changes.

Implementation for User Story 3

  • T024 [US3] Extend apps/platform/app/Services/Evidence/EvidenceSnapshotService.php, apps/platform/app/Services/ReviewPackService.php, and apps/platform/app/Http/Controllers/ReviewPackDownloadController.php so lifecycle-sensitive actions reuse stable audit action IDs and artifact-reference-based audit payloads instead of family-local prose drift, while mutation support remains conditional on the bounded current-owner persistence gate.
  • T025 [US3] Reuse existing capability and policy enforcement in apps/platform/app/Filament/Resources/EvidenceSnapshotResource.php, apps/platform/app/Filament/Resources/EvidenceSnapshotResource/Pages/ViewEvidenceSnapshot.php, apps/platform/app/Filament/Resources/ReviewPackResource.php, apps/platform/app/Filament/Resources/ReviewPackResource/Pages/ViewReviewPack.php, apps/platform/app/Filament/Resources/TenantReviewResource/Pages/ViewTenantReview.php, and apps/platform/app/Http/Controllers/ReviewPackDownloadController.php so detail visibility, linked artifact summaries, direct download, and any bounded mutation paths that remain on evidence or review-pack owners keep correct 404 versus 403 semantics.
  • T026 [US3] Adopt the shared contract on apps/platform/app/Models/FindingException.php, apps/platform/app/Models/FindingExceptionDecision.php, and apps/platform/app/Services/Findings/FindingExceptionService.php so accepted-risk decision history stays append-only, historically addressable, and headless in this slice.
  • T027 [US3] Before adding any new hold, release-hold, or deletion-request support, confirm it can stay on the current evidence-snapshot or review-pack owners and matching detail surfaces only; if not, split the mutation slice and ship read-only lifecycle truth plus existing download audit without widening into current decision surfaces, a cross-family artifact table, purge executor, closure flow, or support-access scope.

Checkpoint: User Story 3 is independently functional when lifecycle-sensitive actions are auditable, authorization stays honest, and decision history adopts the contract headlessly without widening past current seams.

Phase 6: Polish & Cross-Cutting Validation

Purpose: Run the canonical proving suite, format touched files, and explicitly verify that the slice stayed inside its bounded non-goals.

  • T028 [P] Run export PATH="/bin:/usr/bin:/usr/local/bin:$PATH" && cd apps/platform && ./vendor/bin/sail artisan test --compact tests/Unit/Support/GovernanceArtifactTruth/GovernanceArtifactLifecycleContractTest.php.
  • T029 [P] Run export PATH="/bin:/usr/bin:/usr/local/bin:$PATH" && cd apps/platform && ./vendor/bin/sail artisan test --compact tests/Feature/Evidence/EvidenceSnapshotResourceTest.php tests/Feature/Evidence/EvidenceSnapshotAuditLogTest.php.
  • T030 [P] Run export PATH="/bin:/usr/bin:/usr/local/bin:$PATH" && cd apps/platform && ./vendor/bin/sail artisan test --compact tests/Feature/ReviewPack/ReviewPackResourceTest.php tests/Feature/ReviewPack/ReviewPackDownloadTest.php tests/Feature/ReviewPack/ReviewPackEntitlementEnforcementTest.php.
  • T031 [P] Run export PATH="/bin:/usr/bin:/usr/local/bin:$PATH" && cd apps/platform && ./vendor/bin/sail artisan test --compact tests/Feature/TenantReview/TenantReviewLifecycleTest.php tests/Feature/TenantReview/TenantReviewUiContractTest.php tests/Feature/Reviews/CustomerReviewWorkspacePackAccessTest.php tests/Feature/Reviews/CustomerReviewWorkspaceLaunchLinksTest.php.
  • T032 [P] Run export PATH="/bin:/usr/bin:/usr/local/bin:$PATH" && cd apps/platform && ./vendor/bin/sail artisan test --compact tests/Feature/Findings/FindingExceptionRenewalTest.php tests/Feature/Findings/FindingExceptionRevocationTest.php.
  • T033 [P] Run export PATH="/bin:/usr/bin:/usr/local/bin:$PATH" && cd apps/platform && ./vendor/bin/sail artisan test --compact tests/Feature/PermissionPosture/StoredReportModelTest.php tests/Feature/PermissionPosture/PruneStoredReportsCommandTest.php tests/Feature/EntraAdminRoles/StoredReportFingerprintTest.php.
  • T034 [P] Run export PATH="/bin:/usr/bin:/usr/local/bin:$PATH" && cd apps/platform && ./vendor/bin/sail bin pint --dirty --format agent for the touched platform files.
  • T035 [P] Review the implementation against specs/267-artifact-lifecycle-retention/spec.md, specs/267-artifact-lifecycle-retention/plan.md, and specs/267-artifact-lifecycle-retention/checklists/requirements.md to confirm there is no generic artifact registry, no purge engine, no closure flow, no billing or support-access scope, no new browsing console, no current-slice DecisionRegister or ViewFindingException change, no new global-search behavior, no panel-provider change outside apps/platform/bootstrap/providers.php, and no new asset-registration path.
  • T036 [P] Only if native Feature and controller proof still leaves grouped-action or read-only behavior ambiguous, perform one narrow manual smoke on apps/platform/app/Filament/Resources/EvidenceSnapshotResource.php, apps/platform/app/Filament/Resources/ReviewPackResource.php, and apps/platform/app/Filament/Pages/Reviews/CustomerReviewWorkspace.php using the scenarios from specs/267-artifact-lifecycle-retention/quickstart.md.
  • T036 [P] Only if native Feature and controller proof still leaves grouped-action or read-only behavior ambiguous, perform one narrow manual smoke on apps/platform/app/Filament/Resources/EvidenceSnapshotResource.php, apps/platform/app/Filament/Resources/ReviewPackResource.php, and apps/platform/app/Filament/Pages/Reviews/CustomerReviewWorkspace.php using the scenarios from specs/267-artifact-lifecycle-retention/quickstart.md.
  • T037 [P] Re-check specs/267-artifact-lifecycle-retention/checklists/requirements.md and keep the recorded outcomes at acceptable-special-case / split / keep; if the bounded current-owner persistence gate fails or a current decision-surface edit becomes necessary, update the workflow outcome to split before merge.

Dependencies & Execution Order

Phase Dependencies

  • Phase 1 (Setup): no dependencies; start immediately.
  • Phase 2 (Foundational): depends on Phase 1 and blocks all user-story work.
  • Phase 3 (US1): depends on Phase 2 and establishes the visible contract on current artifact surfaces plus headless stored-report adoption.
  • Phase 4 (US2): depends on Phase 3 because suspended-read-only behavior must consume the shared lifecycle truth already visible on review and pack surfaces.
  • Phase 5 (US3): depends on Phase 2 and should land after US1 so audit and decision-history adoption tighten the same shared contract instead of creating a parallel path.
  • Phase 6 (Polish): depends on all desired user stories being complete.

User Story Dependencies

  • US1 (P1): independently testable after Phase 2 and delivers the core lifecycle and retention truth.
  • US2 (P1): independently testable after US1 and delivers the suspended-read-only trust contract without new console work.
  • US3 (P2): independently testable after Phase 2 and hardens audit, authorization, and headless decision-history adoption on existing seams.

Within Each User Story

  • Land the listed Pest coverage first and make it fail for the intended gap.
  • Reuse ArtifactTruthPresenter, shared badges, existing services, and existing detail owners before considering any new support type.
  • Re-run the narrowest relevant canonical proof command before moving to the next story checkpoint.

Parallel Work Examples

US1 Parallel Example

  • T009, T010, and T011 can run in parallel because they touch different test families.
  • After T007 and T008 land, T012, T013, T014, and T015 can split between evidence, tenant-review consumer surfaces, review pack, and stored-report headless adoption.

US2 Parallel Example

  • T016 and T017 can run in parallel because they cover different read-only seams.
  • After US1 is stable, T018 and T019 can run in parallel if one contributor owns controller/service behavior and another owns Filament page messaging; T020 should merge after both to keep the surface contract coherent.

US3 Parallel Example

  • T021, T022, and T023 can run in parallel because they cover audit, authorization, and decision-history suites separately.
  • T024 and T026 can proceed in parallel after the shared contract is stable; T025 and T027 should merge after them so policy and mutation boundaries reflect the final behavior.

Implementation Strategy

Suggested MVP Scope

  • MVP = US1 if the team needs the smallest shippable increment for truthful lifecycle and retention language.
  • Release-ready scope should include US2 before merge whenever suspended-read-only behavior is part of the target acceptance gate for the environment.

Incremental Delivery

  1. Complete Phase 1 and Phase 2.
  2. Deliver US1 on current artifact surfaces plus headless stored-report adoption.
  3. Add US2 to preserve suspended-read-only retained-history access and block mutation truthfully.
  4. Add US3 for audit, authorization, and decision-history adoption on existing seams.
  5. Finish with the canonical proof commands and bounded smoke only if native proof remains ambiguous.

Team Strategy

  1. Settle the shared contract and badge vocabulary first.
  2. Parallelize test work by family before runtime edits widen.
  3. Serialize merges around ArtifactTruthPresenter, ReviewPackDownloadController, CustomerReviewWorkspace, and the accepted-risk aggregate seams so cross-surface lifecycle language stays consistent.

Deferred Follow-Ups / Non-Goals

  • retention and purge governance, including irreversible deletion executors and schedulers
  • workspace or tenant closure lifecycle work
  • billing, subscription, or commercial-state truth changes beyond current suspended-read-only reuse
  • support-access governance, delegated access, or impersonation scope
  • any generic artifact registry, workflow engine, or broad customer artifact portal
  • a dedicated stored-report browsing surface or any current-slice rewrite of existing Spec 265 decision surfaces
  • export-before-deletion workflow and bundle proof
  • provider-lifecycle expansion beyond current artifact truth
  • panel, global-search, provider-registration, or asset-strategy changes for this slice