TenantAtlas/docs/ui-ux-enterprise-audit/page-reports/ui-042-review-pack-detail.md
ahmido a5b7300ca9 feat: reduce receipt page surface depth and simplify evidence summaries (#468)
Automated PR created by Codex via Gitea API.

Co-authored-by: Ahmed Darrazi <ahmed.darrazi@live.de>
Reviewed-on: #468
2026-06-22 11:03:10 +00:00

4.6 KiB

UI-042 Review Pack Detail

Field Value
Route /admin/workspaces/{workspace}/environments/{environment}/review-packs/{record}
Source ReviewPackResource::view
Area / scope Reviews / environment artifact detail
Archetype Evidence / Audit
Design depth Strategic Surface
Repo truth browser-verified in Specs 372 and 397
Screenshot specs/372-customer-auditor-surface-safety-pass/artifacts/screenshots/003-review-pack-view-after.png
Browser status Reached in the live in-app browser on 2026-06-05 via the Spec 351 review-output fixture; Spec 397 adds focused textual receipt proof for reduced default internals.

First Five Seconds

The page should answer three questions immediately:

  1. is this pack the current stakeholder-safe export or only a historical artifact
  2. should the actor open the rendered report, download the ZIP, or stop
  3. does this surface permit operator mutation or only read-first inspection

Productization Review

  • Decision-first: Spec 356 moves the primary inspect path to the rendered report instead of treating ZIP download as the first read.
  • Evidence-first: status, expiry, evidence snapshot linkage, and package contract stay visible as artifact truth.
  • Context: environment-bound artifact detail with optional customer-workspace return context.
  • Capability/RBAC awareness: preview and download remain view-authorized; regenerate stays manage-only and confirmation-gated.
  • Customer/auditor safety: rendered preview is only available for the current ready non-expired review-derived pack.
  • Diagnostics/default hierarchy: the ZIP remains the structured appendix and downloadable artifact, not the first-read surface.

Information Inventory

Default-visible content should show pack status, generated/expiry timing, linked review/evidence context, sharing boundary, executive entrypoint guidance, and the current rendered-report launch affordance.

Dangerous Actions

  • Dangerous or high-impact actions: regenerate on the operator detail surface.
  • Current confirmation/evidence posture: regenerate is capability-gated and ->requiresConfirmation(); customer-workspace flow suppresses it entirely.
  • Target handling: keep preview and download read-only; do not let historical/expired packs impersonate the current report path.

Spec 356 Follow-up

Spec 356 productizes this page as the owner-side artifact detail:

  • Open rendered report is now the primary action for current ready packs.
  • ZIP download remains available as the structured appendix artifact.
  • Customer-workspace detail flow keeps regenerate hidden so the page does not compete with read-first stakeholder handoff.

Target Direction

Keep this surface artifact-truth-first and narrowly scoped. Future work should deepen proof hierarchy and browser evidence, not invent a second portal or artifact family.

Spec 372 Follow-up

Spec 372 keeps the existing rendered-report/download action model and reorganizes the detail content.

  • Outcome summary and Output guidance now lead the page
  • Pack readiness and contents owns the first artifact-proof block
  • evidence basis and released-review links appear before storage/operation metadata
  • options, initiator, customer-workspace link, operation link/count, freshness, SHA, and fingerprints moved into collapsed Technical pack details
  • technical pack details are hidden entirely in customer-workspace flow

Browser proof

  • Spec372 screenshot: specs/372-customer-auditor-surface-safety-pass/artifacts/screenshots/003-review-pack-view-after.png
  • Browser smoke verified readiness before technical details and no JavaScript errors or console logs.

Spec 385 Follow-up

Spec 385 extends the existing output-readiness contract on this surface.

  • baseline publication blockers now map to the existing Output not customer-ready guidance state
  • baseline accepted limitations, foundation-only coverage, and exclusions map to disclosed limitation guidance
  • customer-safe exports retain baseline state/counts but drop baseline internal diagnostics from customer payloads
  • rendered-report disclosure policy now includes a baseline readiness proof row for customer-facing profiles

Spec 397 Follow-up

Spec 397 reduces default receipt internals on the Review Pack detail surface.

  • Evidence basis and Evidence completeness keep source proof understandable without leading with raw evidence links.
  • Internal evidence details stay behind the collapsed technical section and are not customer-default dominant.
  • Focused textual browser proof verifies output guidance, pack readiness, evidence basis, and hidden internal evidence detail hierarchy without JavaScript or console errors.