ahmido/TenantAtlas
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects 1 Releases Wiki Activity
platform-dev
TenantAtlas/specs/326-customer-review-workspace-v1-productization/tasks.md
ahmido c8224843b3 Spec 326: productize customer review workspace (#386) 
## Summary
- productizes the Customer Review Workspace into a more decision-first, customer-safe review surface
- updates the page class, Blade view, and localized copy for the new workspace presentation
- expands feature and browser coverage for workspace behavior, localization, and access rules
- adds the Spec 326 artifact package for this implementation

## Testing
- not run in this session

Co-authored-by: Ahmed Darrazi <ahmed.darrazi@live.de>
Reviewed-on: #386
2026-05-18 13:30:38 +00:00

169 lines
14 KiB
Markdown
Raw Permalink Blame History

# Tasks: Spec 326 - Customer Review Workspace v1 Productization
**Input**: Design documents from `/specs/326-customer-review-workspace-v1-productization/`
**Prerequisites**: `spec.md`, `plan.md`, `repo-truth-map.md`
**Tests**: Required. This is a runtime UI/customer-safe Filament/Livewire page productization with browser smoke.
## Test Governance Checklist
- [x] Lane assignment is named and is the narrowest sufficient proof for the changed behavior.
- [x] New or changed tests stay in the smallest honest family, and the browser addition is explicit.
- [x] Shared helpers, factories, seeds, fixtures, and context defaults stay cheap by default.
- [x] Planned validation commands cover the change without pulling in unrelated lane cost.
- [x] The declared surface test profile (`global-context-shell` plus customer-safe disclosure) is explicit.
- [x] Any material budget, baseline, trend, or escalation note is recorded in the active spec or PR.
## Phase 1: Preparation And Repo Truth
**Purpose**: Confirm runtime truth and prevent invented claims before page edits.
- [x] T001 Re-read `specs/326-customer-review-workspace-v1-productization/spec.md`, `plan.md`, and `repo-truth-map.md`.
- [x] T002 Re-read related completed context only: Specs 312 and 314-325. Do not modify their artifacts.
- [x] T003 Verify current `CustomerReviewWorkspace` route/class/view and existing tests before editing.
- [x] T004 Update `repo-truth-map.md` with any newly discovered source, capability, fallback, or classification before runtime changes.
- [x] T005 Confirm no migration/package/env/queue/storage/deployment asset change is required; if one appears necessary, stop and update spec/plan first.
- [x] T006 Confirm Filament v5 / Livewire v4.0+ compliance and no Livewire v3/Filament legacy API use.
- [x] T007 Confirm panel provider registration remains `apps/platform/bootstrap/providers.php`.
- [x] T008 Confirm related globally searchable resources stay disabled or have safe View/Edit pages; expected related resources remain `protected static bool $isGloballySearchable = false`.
## Phase 2: Feature Tests First
**Purpose**: Lock customer-safe behavior, scope, RBAC, and no-false-green before the UI refactor.
- [x] T009 Add or update a feature test asserting `repo-truth-map.md` exists and lists required data areas.
- [x] T010 Add or update a Feature/Livewire test for the decision-first layout text: `Customer Review Workspace`, `Is this review ready to share?`, `Readiness`, `Evidence`, `Accepted risk`, `Evidence path`, `Review pack`, and `Decision trail`.
- [x] T011 Add or update a Feature/Livewire test that raw diagnostics are hidden by default: `raw payload`, `stack trace`, `provider secret`, `debug metadata`, and `internal exception` must not appear.
- [x] T012 Add or update review-pack readiness tests for available, unavailable, and stale/needs-refresh or explicit unsupported/unavailable state.
- [x] T013 Add or update evidence freshness tests proving evidence state is visible and no generic green/success state appears without repo-backed proof.
- [x] T014 Add or update accepted-risk summary tests for total/current state and expiring/expired/pending where repo-supported; assert internal approval/debug details are absent by default.
- [x] T015 Add or update customer-safe follow-up tests for title, priority/severity if available, owner/due if available, proof state, next action, and no raw diagnostics by default.
- [x] T016 Add or update RBAC tests covering view review, view evidence, export/open review pack, and diagnostics action visibility/unavailability.
- [x] T017 Add or update canonical environment filter tests for `?environment_id=`, visible chip, workspace shell only, clear filter, and provable filtered data.
- [x] T018 Add or update legacy alias rejection tests for `tenant`, `tenant_id`, `managed_environment_id`, `environment`, `tenant_scope`, and `tableFilters`.
- [x] T019 Add or update cross-workspace environment filter guard test returning safe 404/no-access.
## Phase 3: Page Skeleton Productization
**Purpose**: Refactor existing page layout without new backend foundation.
- [x] T020 Update `apps/platform/app/Filament/Pages/Reviews/CustomerReviewWorkspace.php` to expose a repo-truth-bounded payload for header/scope, main decision card, readiness dimensions, evidence path, review pack, accepted risks, follow-ups, and diagnostics disclosure.
- [x] T021 Update `apps/platform/resources/views/filament/pages/reviews/customer-review-workspace.blade.php` to render the decision-first structure before the table.
- [x] T022 Ensure the header/scope area shows workspace-wide vs environment-filtered context, visible environment chip when filtered, and customer-safe review mode.
- [x] T023 Ensure the main decision card shows status, reason, impact, and one primary next action.
- [x] T024 Ensure readiness summary cards show readiness, evidence, and accepted-risk dimensions or repo-verified equivalents.
- [x] T025 Ensure the evidence path panel shows evidence snapshot, review pack, decision trail, accepted-risk records, OperationRun proof, and export artifact as available/unavailable/stale/requires-refresh/not-applicable.
- [x] T026 Ensure the review-pack panel shows status, last generated where available, evidence snapshot where available, export/open availability, staleness/freshness where repo-supported, and operation proof where repo-supported.
- [x] T027 Ensure accepted-risk summary shows counts/states only where repo-supported and uses customer-safe language.
- [x] T028 Ensure customer-safe findings/follow-ups show supported fields and honest unavailable state where source truth is absent.
- [x] T029 Ensure diagnostics/internal details are collapsed or secondary by default and authorized before visibility.
- [x] T030 Keep the existing table as secondary context; it must not be the only default experience, must render from persisted data only, and must not make Graph calls during page render.
## Phase 4: Actions, RBAC, And Safety
**Purpose**: Show only real, authorized actions and preserve read-only default behavior.
- [x] T031 Keep primary action repo-real and authorized: open/download review pack when ready and permitted, otherwise open latest review or show unavailable/follow-up state.
- [x] T032 Add/open evidence, accepted-risk, finding, operation-proof, or diagnostics links only when route and authorization are repo-real.
- [x] T033 Ensure unauthorized actions are hidden or unavailable without leaking sensitive details.
- [x] T034 Verify no customer-safe default action publishes, generates, refreshes, regenerates, expires, revokes, deletes, restores, or mutates tenant/provider state.
- [x] T035 If any high-impact action is unexpectedly required, implement it with `Action::make(...)->action(...)`, `->requiresConfirmation()`, server-side authorization, audit, notification, and tests after updating spec/plan first.
- [x] T036 Ensure existing page-open audit logging remains safe and does not include secrets/raw payloads.
## Phase 5: Workspace / Environment Scope Contract
**Purpose**: Preserve Specs 314-322.
- [x] T037 Verify clean `/admin/reviews/workspace` does not read remembered environment shell state or persisted table filters.
- [x] T038 Verify `/admin/reviews/workspace?environment_id={id}` filters only page data, shows visible chip, and keeps Workspace shell ownership.
- [x] T039 Verify clear filter redirects to clean workspace URL and remains safe after reload.
- [x] T040 Verify legacy aliases are removed/neutralized and do not set filter state.
- [x] T041 Verify cross-workspace or unauthorized `environment_id` returns safe no-access/404.
- [x] T042 Verify back/forward/reload behavior does not resurrect cleared environment filter state.
## Phase 6: Browser Smoke And Screenshots
**Purpose**: Prove the user-facing contract in the integrated browser lane.
- [x] T043 Create `apps/platform/tests/Browser/Spec326CustomerReviewWorkspaceProductizationSmokeTest.php` using existing Pest Browser conventions.
- [x] T044 Browser Flow A: clean workspace entry; assert Workspace shell only, no Environment chip, main decision card, evidence path, diagnostics collapsed, screenshot.
- [x] T045 Browser Flow B: filtered environment entry; assert Workspace shell only, visible chip, filter copy, clear filter, screenshot.
- [x] T046 Browser Flow C: clear filter and reload; assert clean URL, chip does not return, no active Environment shell.
- [x] T047 Browser Flow D: customer-safe disclosure; assert raw diagnostics absent by default, open diagnostics if available/authorized, verify secondary placement.
- [x] T048 Browser Flow E: light mode readability check if supported; capture optional screenshot.
- [x] T049 Save screenshots under `specs/326-customer-review-workspace-v1-productization/artifacts/screenshots/` when generated and ensure they contain no secrets.
## Phase 7: UI Coverage And Documentation Artifacts
**Purpose**: Satisfy UI-COV without unrelated docs churn.
- [x] T050 Decide after runtime diff whether `docs/ui-ux-enterprise-audit/route-inventory.md` or `design-coverage-matrix.md` needs an update.
- [x] T051 If coverage docs are not changed, add a close-out note explaining why existing UI-006 report plus Spec 325 target artifacts remain sufficient for the unchanged route.
- [x] T052 Update `repo-truth-map.md` final classifications for implemented/empty/deferred elements.
- [x] T053 Do not create general documentation files outside required Spec Kit/UI coverage artifacts.
## Phase 8: Validation
**Purpose**: Run narrow proof and report honestly.
- [x] T054 Run `cd apps/platform && ./vendor/bin/sail artisan test tests/Feature/Reviews tests/Feature/Navigation/WorkspaceHubEnvironmentFilterContractTest.php tests/Feature/Navigation/WorkspaceHubClearFilterContractTest.php --compact`.
- [x] T055 Run `cd apps/platform && ./vendor/bin/sail artisan test tests/Browser/Spec326CustomerReviewWorkspaceProductizationSmokeTest.php --compact`.
- [ ] T056 Run `cd apps/platform && ./vendor/bin/sail artisan test --filter='CustomerReviewWorkspace|WorkspaceHub|EnvironmentFilter|ClearFilter|LegacyTenant|Spec322' --compact`. Attempted after T054/T055; the process was killed with signal 9 after the feature/navigation portion completed, so this exact all-matching filtered command is not marked complete.
- [x] T057 Run `cd apps/platform && ./vendor/bin/sail pint --dirty`; `artisan pint` is not registered, so validation used `./vendor/bin/sail pint --dirty` plus explicit touched PHP/localization paths.
- [x] T058 Run `git diff --check`.
- [x] T059 Report full-suite status honestly if not run.
- [x] T060 Confirm no migrations, seeders, packages, env vars, queues, scheduler, storage, deployment assets, backwards compatibility layer, or legacy tenant alias support were added.
## Follow-up Phase: Premium Layout Alignment
**Purpose**: Continue Spec 326 without new numbering and align the Customer Review Workspace runtime UI more closely with the premium Spec 325 target direction.
- [x] T061 Compact the Customer Review Workspace intro and quiet the non-certification disclosure.
- [x] T062 Remove platform-context `tenant` wording from Customer Review Workspace runtime copy and tests.
- [x] T063 Recompose the Blade view into a dense main/aside layout with a decision-first main column and evidence/review-pack/disclosure aside.
- [x] T064 Keep the table as secondary `Review package index` context after the decision and evidence workbench.
- [x] T065 Extend Feature/Browser assertions for main question, evidence path, review-pack panel, accepted-risk panel, disclosure rule, collapsed diagnostics, hidden raw diagnostics, and no platform-context tenant copy.
- [x] T066 Capture `artifacts/screenshots/customer-review-workspace-premium-layout.png`.
- [x] T067 Re-run the requested Spec 326 validation commands and record results honestly. Feature/navigation tests passed, `pint --dirty` passed, and `git diff --check` passed. The requested Pest Browser smoke command was attempted twice in the follow-up and hung without output until manually stopped; manual browser smoke plus screenshot capture passed with no console warnings/errors.
## Follow-up Phase: Accepted-Risk Readiness Alignment
**Purpose**: Keep the premium layout truthful when accepted-risk follow-up is required and avoid a false ready-to-share primary state.
- [x] T068 Align the main decision card with accepted-risk follow-up truth so it shows `Shareable with follow-up` or `Review needed` instead of `Ready to share` when follow-up is required.
- [x] T069 Keep the right-side Evidence / Review Pack / Accepted Risk / Disclosure aside visible and test-addressable at desktop width.
- [x] T070 Shorten the readiness, evidence, review-pack, and accepted-risk state-card copy.
- [x] T071 Add a regression test proving accepted-risk follow-up suppresses the `Ready to share` state.
- [x] T072 Re-run the requested final validation. Feature Reviews passed, Spec 326 Pest Browser smoke passed, `pint --dirty` passed, and `git diff --check` passed. Direct in-app browser verification passed at medium desktop width and the premium-layout screenshot artifact was refreshed.
- [x] T073 Demote `Download review pack` to a secondary action when the main state is `Shareable with follow-up`.
- [x] T074 Move the premium Evidence / Review Pack / Accepted Risk / Disclosure aside to the medium desktop breakpoint and compact the aside panels so it is visible earlier in the first viewport.
## Non-Goals Checklist
- [x] NT001 Do not build an external customer portal.
- [x] NT002 Do not implement external authentication, invitation links, email delivery, or PSA handoff.
- [x] NT003 Do not implement a new review/evidence/review-pack backend.
- [x] NT004 Do not redesign Governance Inbox, Operations Hub, Evidence Overview, Environment Dashboard, Baseline Compare, or Restore Safety Workflow.
- [x] NT005 Do not add migrations unless spec/plan are updated first with proof.
- [x] NT006 Do not rewrite completed Specs 312 or 314-325.
- [x] NT007 Do not add legacy tenant query alias support.
## Required Final Report Content
When implementation later completes, report:
- Changed behavior.
- Customer-safe review surface.
- Evidence / Review Pack / Accepted Risk coverage.
- Files changed.
- Repo truth map status.
- Tests run and results.
- Browser verification and screenshots path.
- Known gaps.
- Remaining follow-ups.
- Diagnostics default state.
- RBAC-visible/hidden actions.
- Repo-verified vs unavailable states.
- Full suite run/not run.
- Explicit no migrations/seeders/packages/env/queues/scheduler/storage/deployment assets/backcompat/legacy aliases statement.
Reference in New Issue View Git Blame Copy Permalink