ahmido/TenantAtlas
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects 1 Releases Wiki Activity
platform-dev
TenantAtlas/specs/329-evidence-audit-log-disclosure-productization/checklists/requirements.md
ahmido 7ce066dd00 Spec 329: productize evidence and audit log disclosure (#390) 
## Summary
- productize the Monitoring audit log disclosure flow with richer detail inspection and updated disclosure UI
- expand the evidence overview disclosure experience, including filtering and presentation updates
- wire the monitoring pages into the Filament admin panel and workspace sidebar navigation
- add English and German disclosure copy for the new audit and evidence surfaces
- include Spec 329 implementation artifacts and supporting presenter/route updates

## Tests
- added/updated monitoring acceptance and feature coverage for the disclosure flow
- touched tests include `Spec329EvidenceAuditDisclosureSmokeTest`, `Spec329EvidenceAuditDisclosureProductizationTest`, `AuditLogPageTest`, `AuditLogDetailInspectionTest`, `AuditLogInspectFlowTest`, and related monitoring/navigation coverage
- no additional test run was performed as part of this commit/push/PR workflow

Co-authored-by: Ahmed Darrazi <ahmed.darrazi@live.de>
Reviewed-on: #390
2026-05-19 21:34:23 +00:00

2.6 KiB
Raw Permalink Blame History

Requirements Checklist: Spec 329 - Evidence / Audit Log Disclosure Productization

Purpose: Validate preparation artifact quality before implementation. Created: 2026-05-19 Feature: specs/329-evidence-audit-log-disclosure-productization/spec.md

Content Quality

  • No implementation details leak into product requirements beyond required repo constraints.
  • User value and operator/auditor workflow are clear.
  • Scope is bounded to two existing runtime surfaces.
  • Non-goals explicitly prevent backend/workflow overbuild.
  • Dependencies and historical specs are listed.

Repo Truth And Safety

  • Existing route/class/view/partial paths are named.
  • Repo truth map exists and uses required classifications.
  • No new persisted truth is proposed.
  • No migrations/packages/env/queues/scheduler/storage changes are expected.
  • No legacy tenant query alias support is allowed.
  • No false immutability/certification/compliance/health claims are allowed.

Workspace / Environment Contract

  • Clean workspace-wide entry is specified.
  • Canonical environment_id filter is specified.
  • Visible chip and clear filter are specified.
  • Legacy aliases are rejected.
  • Cross-workspace environment guard is specified.
  • Audit route shell/middleware drift is called out for implementation verification.

RBAC / Audit / Diagnostics

  • Existing capabilities and policies remain authoritative.
  • Unauthorized action behavior is specified.
  • Diagnostics are collapsed/hidden by default.
  • Dangerous actions are out of scope unless spec/plan are updated.
  • No raw payloads/provider secrets/debug traces are default-visible.
  • Audit event first-read fields are specified.
  • Evidence path first-read fields are specified.

Testability

  • Feature tests are listed.
  • Browser smoke flows are listed.
  • Navigation/scope guard tests are listed.
  • pint --dirty and git diff --check are listed.
  • Full-suite status must be reported honestly.

Surface Guardrail Review

  • UI Surface Impact is completed and not contradicted by no-impact wording.
  • Decision-first role is classified for both pages.
  • Audience-aware disclosure hierarchy is explicit.
  • OperationRun link-only impact is explicit.
  • Provider boundary posture is explicit.
  • Test lane and browser family are explicit.

Readiness Decision

  • Spec is ready for implementation planning.
  • No open question blocks a bounded implementation loop.
  • Review outcome class: acceptable-special-case.
  • Workflow outcome: keep.