ahmido/TenantAtlas
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects 1 Releases Wiki Activity
platform-dev
TenantAtlas/specs/312-customer-review-workspace-v1-completion/tasks.md
ahmido bbc594efbb feat: complete customer review workspace v1 (#367) 
## Summary
- productize the customer review workspace as a workspace-wide customer-safe review hub
- add customer-safe latest review, decision summary, accepted risks, evidence basis, and review-pack presentation updates
- update localized copy, focused feature coverage, browser smoke coverage, and Spec 312 artifacts

## Testing
- `cd apps/platform && ./vendor/bin/sail artisan test --compact tests/Feature/Reviews/CustomerReviewWorkspacePageTest.php tests/Feature/Reviews/CustomerReviewWorkspacePackAccessTest.php tests/Browser/Reviews/CustomerReviewWorkspaceSmokeTest.php`
- `cd apps/platform && ./vendor/bin/sail bin pint --dirty --format agent`
- `git diff --check`

Co-authored-by: Ahmed Darrazi <ahmed.darrazi@live.de>
Reviewed-on: #367
2026-05-15 22:28:15 +00:00

16 KiB
Raw Permalink Blame History

Tasks: Customer Review Workspace v1 Completion

Input: specs/312-customer-review-workspace-v1-completion/spec.md, specs/312-customer-review-workspace-v1-completion/plan.md Prerequisites: Spec 308 and Spec 311 are completed context; do not reopen their runtime scope. Tests: Required. Use Pest 4 focused Feature tests and existing bounded Browser smoke when rendered UI changes.

Test Governance Checklist

  • Lane assignment is named and is the narrowest sufficient proof for the changed behavior.
  • New or changed tests stay in existing focused Review, EnvironmentReview, ReviewPack, and Browser families.
  • Shared helpers, factories, seeds, fixtures, and context defaults stay cheap by default.
  • Planned validation commands cover the change without pulling unrelated suite cost.
  • The declared standard-native-filament / shared-detail-family / conditional global-context-shell profile is explicit.
  • Any material budget, baseline, trend, or escalation note is recorded in the active feature close-out.

Phase 1: Setup And Repo Verification

Purpose: Confirm the branch, dependency specs, repo-real names, and forbidden boundaries before implementation.

  • T001 Confirm current branch is 312-customer-review-workspace-v1-completion.
  • T002 Confirm the working tree does not contain uncommitted Spec 311 shell/sidebar/topbar files.
  • T003 Read specs/312-customer-review-workspace-v1-completion/spec.md, plan.md, tasks.md, and checklists/requirements.md.
  • T004 Read specs/308-decision-register-summary-review-pack/spec.md, plan.md, and tasks.md as completed context only.
  • T005 Read specs/311-workspace-environment-surface-scope-contract/spec.md, plan.md, and tasks.md as completed shell/scope dependency only.
  • T006 Inspect any old WIP patch or stash only selectively, and list candidate Customer Review Workspace files before applying anything.
  • T007 Reject any old WIP changes touching OperateHubShell, TenantPageCategory, NavigationScope, WorkspaceSidebarNavigation, sidebar composition, topbar context, or route-scope contracts.
  • T008 Inspect /Users/ahmeddarrazi/Documents/projects/wt-plattform/apps/platform/app/Filament/Pages/Reviews/CustomerReviewWorkspace.php.
  • T009 Inspect /Users/ahmeddarrazi/Documents/projects/wt-plattform/apps/platform/resources/views/filament/pages/reviews/customer-review-workspace.blade.php.
  • T010 Inspect /Users/ahmeddarrazi/Documents/projects/wt-plattform/apps/platform/app/Services/EnvironmentReviews/EnvironmentReviewRegisterService.php for repo-real latest review query behavior.
  • T011 Inspect /Users/ahmeddarrazi/Documents/projects/wt-plattform/apps/platform/app/Models/EnvironmentReview.php, /Users/ahmeddarrazi/Documents/projects/wt-plattform/apps/platform/app/Support/EnvironmentReviewStatus.php, /Users/ahmeddarrazi/Documents/projects/wt-plattform/apps/platform/app/Models/ReviewPack.php, and /Users/ahmeddarrazi/Documents/projects/wt-plattform/apps/platform/app/Support/ReviewPackStatus.php.
  • T012 Confirm no migration, model, policy, OperationRun type, asset, package, or Review Pack generation semantics change is needed; stop and update spec/plan if false.

Phase 2: Tests First - Workspace, Latest Review, And Filters

Purpose: Prove workspace-wide behavior, deterministic latest review, and filter-aware empty states before runtime changes.

  • T013 [US1] Extend /Users/ahmeddarrazi/Documents/projects/wt-plattform/apps/platform/tests/Feature/Reviews/CustomerReviewWorkspacePageTest.php to assert a latest/current released review section is visible when released reviews exist.
  • T014 [US1] Add deterministic latest selection coverage for published_at desc, repo-real timestamp fallback (generated_at desc unless implementation verifies another field), and id desc tie-breaker.
  • T015 [US1] Add coverage proving draft/ready/failed/internal-only reviews cannot become latest customer-visible reviews.
  • T016 [US4] Add filtered empty-state coverage where active managed_environment_id or tenant filter has no matching released reviews but actor-visible released reviews exist elsewhere in the workspace.
  • T017 [US4] Add global empty-state coverage where no actor-visible released reviews exist anywhere in the workspace.
  • T018 [US4] Add assertions that environment filter labels/copy describe a page-level filter and do not imply global environment context.
  • T019 [US4] Add assertions that query parameters do not introduce /admin/t links or shell/sidebar/topbar-specific customer workspace behavior.

Phase 3: Tests First - Decision Summary, Accepted Risks, Evidence

Purpose: Prove customer-safe summary states and no raw leakage.

  • T020 [US2] Add decision summary requires_awareness rendered HTML assertions using existing Spec 308 governance_package.decision_summary content.
  • T021 [US2] Add decision summary none rendered HTML assertions proving "No decisions require awareness" is distinct from incomplete/unavailable evidence.
  • T022 [US2] Add decision summary unavailable assertions for legacy released review without Spec 308 summary content.
  • T023 [US2] Add decision summary incomplete assertions for review/evidence states where customer-safe decision evidence is incomplete.
  • T024 [US2] Add accepted-risk customer-safe display assertions for title/state/summary/review-due context where existing released-review truth provides it.
  • T025 [US2] Add accepted-risk redaction assertions proving internal workflow notes, approvers/owners when not customer-safe, raw exception payloads, and mutation controls do not appear.
  • T026 [US2] Add evidence basis assertions for complete, no_awareness_required, incomplete, unavailable, and not_generated derived display states where repo-real fixtures can support them.
  • T027 [US2] Add leakage assertions for raw evidence JSON, provider payload dumps, source fingerprints, internal reason-family labels, raw OperationRun URLs, storage paths, policy internals, and debug details.

Phase 4: Tests First - Review Pack Status, Access, Links, And Actions

Purpose: Prove pack status mapping, CTA hierarchy, authorization preservation, and customer-safe handoffs.

  • T028 [US3] Extend /Users/ahmeddarrazi/Documents/projects/wt-plattform/apps/platform/tests/Feature/Reviews/CustomerReviewWorkspacePackAccessTest.php for ready/downloadable pack showing Available and the dominant download/open CTA when actor is authorized.
  • T029 [US3] Add queued/generating pack coverage mapping to Preparing.
  • T030 [US3] Add missing/null pack or missing-file coverage mapping to Not available yet.
  • T031 [US3] Add expired pack coverage mapping to Expired.
  • T032 [US3] Add failed/blocked/unavailable pack coverage if repo-real status exists, mapping to Unavailable.
  • T033 [US3] Add evidence-incomplete review/pack context coverage mapping to Evidence incomplete without changing Review Pack status truth.
  • T034 [US3] Add pack exists but actor lacks download capability coverage proving no download URL is rendered.
  • T035 [US3] Add CTA hierarchy assertions: download/open pack dominates when available and authorized, otherwise open review, filtered empty state uses clear filter.
  • T036 [US3] Extend /Users/ahmeddarrazi/Documents/projects/wt-plattform/apps/platform/tests/Feature/Reviews/CustomerReviewWorkspaceLaunchLinksTest.php for canonical environment-bound review detail handoff and preservation of customer_workspace=1 / source context.
  • T037 [US3] Add no lifecycle action assertions for approve, reject, renew, revoke, close, delete, force delete, restore, rerun, generate, regenerate, and expire.
  • T038 [US3] Add no /admin/t link assertions over rendered workspace HTML and generated hrefs.
  • T039 [US3] Add visible-label assertions proving raw database identifiers are not used as customer-facing labels, headings, badge text, summaries, empty-state copy, or CTA text.

Phase 5: Runtime - Page Payload And Query Behavior

Purpose: Implement only the minimal workspace page shaping required by the failing tests.

  • T040 [US1] Build or refine a private page payload in /Users/ahmeddarrazi/Documents/projects/wt-plattform/apps/platform/app/Filament/Pages/Reviews/CustomerReviewWorkspace.php for latest released review, decision summary, accepted risks, evidence basis, pack status, and primary CTA.
  • T041 [US1] Keep latest released review selection scoped to current workspace, actor-entitled environments, optional page-level environment filter, and deterministic repo-real ordering.
  • T042 [US4] Implement filtered empty-state distinction using scoped existence queries rather than unbounded scans.
  • T043 [US4] Preserve existing explicit tenant and managed_environment_id query prefilter behavior as page-level filters only.
  • T044 [US1] Avoid broad loading of raw evidence payloads; eager-load only existing review, evidence summary, and current pack relationships needed for display.

Phase 6: Runtime - Customer-safe Rendering

Purpose: Render the customer-safe consumption surface using existing Filament/Blade conventions.

  • T045 [US1] Update /Users/ahmeddarrazi/Documents/projects/wt-plattform/apps/platform/resources/views/filament/pages/reviews/customer-review-workspace.blade.php to render the latest/current review section before the list.
  • T046 [US2] Render Decision Summary from existing released-review/governance-package summary content and customer-safe fallback states.
  • T047 [US2] Render accepted risks only from customer-safe released-review truth; do not query or display internal workflow history as customer-facing content.
  • T048 [US2] Render evidence basis with clear complete/no-awareness/incomplete/unavailable/not-generated states.
  • T049 [US3] Render review-pack availability with customer-safe state labels and explanations based on existing Review Pack truth.
  • T050 [US3] Render exactly one visually dominant primary CTA per current review context.
  • T051 [US3] Hide review-pack download/open URL when actor lacks existing capability/policy.
  • T052 [US4] Render filter-aware empty states with clear filter copy and a single clear-filter CTA when appropriate.
  • T053 [US2] Keep raw/internal/support diagnostics absent from the default workspace page.
  • T054 [US2] Use existing Filament/Blade visual language; do not add CSS, JS, images, icon packs, or ad-hoc styling systems.

Phase 7: Runtime - Localization And Handoff Preservation

Purpose: Add minimal copy keys and preserve existing route/link contracts.

  • T055 Add minimal English localization keys in /Users/ahmeddarrazi/Documents/projects/wt-plattform/apps/platform/lang/en/localization.php.
  • T056 Add matching German localization keys in /Users/ahmeddarrazi/Documents/projects/wt-plattform/apps/platform/lang/de/localization.php.
  • T057 Preserve existing customer-safe review detail handoff query parameters in links from Customer Review Workspace.
  • T058 Preserve existing Review Pack download/open authorization and route behavior; do not touch generation/regeneration/expire semantics.
  • T059 Only if tests prove unavoidable, update /Users/ahmeddarrazi/Documents/projects/wt-plattform/apps/platform/app/Filament/Resources/EnvironmentReviewResource.php for customer-safe handoff without redesigning the resource.
  • T060 Only if tests prove unavoidable, update /Users/ahmeddarrazi/Documents/projects/wt-plattform/apps/platform/app/Filament/Resources/ReviewPackResource.php for customer-safe download/open handoff without redesigning the resource.

Phase 8: Guardrails

Purpose: Confirm the implementation stayed inside Spec 312.

  • T061 Confirm no shell/sidebar/topbar files changed: OperateHubShell, TenantPageCategory, NavigationScope, WorkspaceSidebarNavigation.
  • T062 Confirm no RBAC/policy files changed unless a repo-real inconsistency was documented before implementation.
  • T063 Confirm no migrations, tables, columns, models, OperationRun types, persisted status families, or enum/status families were added.
  • T064 Confirm no assets, packages, CSS, JS, images, or icon packs were added.
  • T065 Confirm no Review Pack generation, storage, status machine, expire/regenerate, or OperationRun lifecycle semantics changed.
  • T066 Confirm no operator-only actions appear on the customer-safe workspace.
  • T067 Confirm no pack mutation actions appear on the customer-safe workspace.
  • T068 Confirm no /admin/t links appear in rendered customer-safe workspace HTML.
  • T069 Confirm no raw payload, fingerprint, debug, OperationRun, storage path, policy, or provider-payload leakage appears.
  • T070 Confirm no cross-workspace or cross-environment data influences counts, summaries, links, or empty states.

Phase 9: Validation

Purpose: Run focused lanes and record any non-run reason.

  • T071 Run Customer Review Workspace lane: cd apps/platform && ./vendor/bin/sail artisan test --compact tests/Feature/Reviews/CustomerReviewWorkspacePageTest.php tests/Feature/Reviews/CustomerReviewWorkspaceAuthorizationTest.php tests/Feature/Reviews/CustomerReviewWorkspacePackAccessTest.php tests/Feature/Reviews/CustomerReviewWorkspaceLaunchLinksTest.php
  • T072 Run Environment Review lane: cd apps/platform && ./vendor/bin/sail artisan test --compact tests/Feature/EnvironmentReview/EnvironmentReviewExecutivePackTest.php tests/Feature/EnvironmentReview/EnvironmentReviewCreationTest.php
  • T073 Run Review Pack lane: cd apps/platform && ./vendor/bin/sail artisan test --compact tests/Feature/ReviewPack/EnvironmentReviewDerivedReviewPackTest.php tests/Feature/ReviewPack/ReviewPackDownloadTest.php tests/Feature/ReviewPack/ReviewPackRbacTest.php
  • T074 Run Spec 311 regression lane only if shell/sidebar/topbar-adjacent files were touched: cd apps/platform && ./vendor/bin/sail artisan test --compact tests/Feature/Filament/PanelNavigationSegregationTest.php tests/Feature/Workspaces/GlobalContextShellContractTest.php tests/Feature/Filament/WorkspaceContextTopbarAndTenantSelectionTest.php
  • T075 Run browser smoke if available: cd apps/platform && ./vendor/bin/sail artisan test --compact tests/Browser/Reviews/CustomerReviewWorkspaceSmokeTest.php
  • T076 Run dirty Pint: cd apps/platform && ./vendor/bin/sail bin pint --dirty --format agent
  • T077 Run git diff --check.

Phase 10: Close-out

Purpose: Record implementation evidence and non-goal confirmations.

  • T078 Record changed files in /Users/ahmeddarrazi/Documents/projects/wt-plattform/specs/312-customer-review-workspace-v1-completion/plan.md.
  • T079 Record fulfilled acceptance criteria.
  • T080 Record tests run with outcomes.
  • T081 Record tests not run and exact reason.
  • T082 Record browser smoke result or non-run reason plus rendered HTML compensation.
  • T083 Confirm no migration, no RBAC/policy change, no asset, no OperationRun type, no new persistence/status family.
  • T084 Confirm no Shell/Sidebar/Topbar work.
  • T085 Confirm no ReviewPack generation semantics change.
  • T086 Record leakage guard confirmation.
  • T087 Record remaining gaps and follow-up candidates.

Explicit Non-goal Checklist

  • No shell/sidebar/topbar work.
  • No OperateHubShell, TenantPageCategory, NavigationScope, or WorkspaceSidebarNavigation changes.
  • No RBAC or policy changes unless documented as unavoidable before implementation.
  • No migrations, models, tables, columns, persisted status families, or OperationRun types.
  • No provider connection scope hardening.
  • No billing/entitlement work.
  • No artifact lifecycle/retention work.
  • No AI summary generation.
  • No PSA/support handoff.
  • No broad localization adoption.
  • No Review Pack generation/status/storage semantics change.
  • No customer approval workflow.
  • No canonical link/query cleanup beyond preserving existing handoff.