ahmido/TenantAtlas
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects 1 Releases Wiki Activity
platform-dev
TenantAtlas/specs/342-customer-review-workspace-final-consumption-productization/plan.md
ahmido bf10645dc3 feat: finalize customer review workspace consumption (342) (#414) 
## Summary
- finalize the existing Customer Review Workspace as a customer-safe first-screen consumption surface
- lead the page with one review decision card, readiness flow, findings summary, accepted-risk summary, and secondary proof instead of diagnostics-first presentation
- keep evidence, review-pack, export, audit, and operation proof states explicit and separate so the page does not make false readiness or evidence claims
- add focused Spec 342 Feature and Browser coverage plus the spec-local truth map, state contract, and screenshot artifacts
- preserve the existing workspace-wide route with canonical `environment_id` filtering only and no new portal, backend generation flow, or navigation rewrite

## Validation
- `cd apps/platform && ./vendor/bin/sail artisan test --compact tests/Feature/Filament/Spec342CustomerReviewWorkspaceConsumptionTest.php tests/Feature/Reviews/CustomerReviewWorkspacePageTest.php`
- `cd apps/platform && ./vendor/bin/sail php vendor/bin/pest tests/Browser/Spec342CustomerReviewWorkspaceConsumptionSmokeTest.php tests/Browser/Reviews/CustomerReviewWorkspaceSmokeTest.php --compact`
- `cd apps/platform && ./vendor/bin/sail bin pint --dirty --format agent`
- `git diff --check`

## Notes
- screenshot artifacts are included under `specs/342-customer-review-workspace-final-consumption-productization/artifacts/screenshots/`
- Livewire v4 compliance unchanged
- Filament provider registration remains in `apps/platform/bootstrap/providers.php`
- no globally searchable resource behavior changed in this slice
- no new destructive action behavior was introduced
- no new Filament assets; deploy `filament:assets` posture is unchanged
- full suite was not run in this turn; validation stayed on the focused Spec 342 slices

Co-authored-by: Ahmed Darrazi <ahmed.darrazi@live.de>
Reviewed-on: #414
2026-06-01 08:15:11 +00:00

17 KiB
Raw Permalink Blame History

Implementation Plan: Spec 342 - Customer Review Workspace v1 Final Consumption Productization

Branch: 342-customer-review-workspace-final-consumption-productization | Date: 2026-06-01 | Spec: specs/342-customer-review-workspace-final-consumption-productization/spec.md
Input: User-provided Spec 342 draft + roadmap candidate customer-review-workspace-v1-completion.

Summary

Finalize the existing Customer Review Workspace as a customer-safe consumption surface.

This is a runtime UX productization slice only:

  • no new customer portal
  • no backend review/evidence/review-pack generation rewrite
  • no new persistence or lifecycle/status family
  • no new Graph/provider calls
  • no new routes unless implementation proves a narrow existing route/action link gap
  • no shell/sidebar/topbar or canonical-link cleanup work

The implementation should make the first screen answer:

Is this review ready to consume, what requires attention, and what evidence/review-pack/export truth supports it?

Technical Context

  • Language/Version: PHP 8.4.15, Laravel 12.52.x.
  • Primary Dependencies: Filament v5.2.x, Livewire v4.1.x, Pest v4, Tailwind CSS v4.
  • Storage: PostgreSQL; no schema change expected.
  • Testing: Pest Feature/Livewire tests + one Pest Browser smoke file.
  • Validation Lanes: confidence + browser.
  • Target Platform: apps/platform Laravel monolith; Sail locally; Dokploy/container deployment posture unchanged.
  • Project Type: Web application.
  • Performance Goals: DB-only page render; no Microsoft Graph/provider calls during render; reuse eager-loaded relationships where summary state depends on related review/evidence/pack/finding records.
  • Constraints: no false customer-safe/auditor-ready/export-ready/evidence-backed/compliant claims; no raw diagnostics by default; no cross-workspace/environment leakage; no /admin/t or legacy query alias resurrection.
  • Scale/Scope: one existing strategic page, related proof/detail links, focused tests, one browser smoke, and spec-local artifacts.

UI / Surface Guardrail Plan

  • Guardrail scope: material change to an existing strategic customer-safe review surface.
  • Affected routes/pages/actions/states/navigation/panel/provider surfaces:
    • /admin/reviews/workspace
    • apps/platform/app/Filament/Pages/Reviews/CustomerReviewWorkspace.php
    • apps/platform/resources/views/filament/pages/reviews/customer-review-workspace.blade.php
    • existing linked proof/action surfaces for environment reviews, evidence snapshots, review packs, findings/accepted risks, audit, and operation proof.
  • No-impact class, if applicable: N/A.
  • Native vs custom classification summary: mixed, but existing route uses a native Filament page with Blade composition. New/changed UI should use Filament/shared primitives first.
  • Shared-family relevance: customer-safe review consumption, evidence/report viewer, review pack/export links, status messaging, OperationRun proof links.
  • State layers in scope: page payload, URL-query filter, proof/detail links, diagnostics disclosure.
  • Audience modes in scope: customer/read-only, MSP operator, auditor/account manager, support where authorized.
  • Navigation / Filament provider-panel handling: no navigation or panel provider change expected. Panel providers remain registered in apps/platform/bootstrap/providers.php.
  • Screenshot or page-report need: screenshots required under this spec package during browser smoke. UI audit registry update is required only if implementation changes route/archetype/navigation; otherwise record active close-out no-registry-change rationale.

Shared Pattern & System Fit

  • Cross-cutting feature marker: yes.
  • Systems touched:
    • Customer Review Workspace page/view/payload helpers.
    • Spec 337-style evidence/review-pack process-flow semantics.
    • Existing ArtifactTruthPresenter and badge helpers where available.
    • Existing OperationRunLinks for operation proof links.
    • Existing signed review-pack download route/controller.
    • Existing policy/capability/UI enforcement paths.
  • Shared abstractions reused: existing review/evidence/review-pack status enums, resource URLs, workspace hub environment filter, OperationRunLinks, ArtifactTruthPresenter, BadgeCatalog / BadgeRenderer, UiEnforcement where applicable.
  • New abstraction introduced? why?: none by default. A small derived CustomerReviewWorkspacePresenter may be introduced only if it consolidates scattered page/view state and remains page-local.
  • Why the existing abstraction was sufficient or insufficient: current models and services provide truth; current page may not centralize final consumption state. A local presenter can reduce duplicate Blade/Page logic without becoming a framework.
  • Bounded deviation / spread control: do not create a generic readiness engine, global state taxonomy, new interface, registry, or persisted truth.

OperationRun UX Impact

  • Touches OperationRun start/completion/link UX?: existing proof links only.
  • Central contract reused: existing OperationRun link/resource helpers and authorization.
  • Delegated UX behaviors: operation deep-link URL resolution stays in shared helpers/resources; no new operation start/toast/notification lifecycle.
  • Surface-owned behavior kept local: explanatory distinction between operation proof and customer evidence/review-pack/export truth.
  • Queued DB-notification policy: N/A.
  • Terminal notification path: unchanged.
  • Exception path: none.

Provider Boundary & Portability Fit

  • Shared provider/platform boundary touched?: no new provider boundary.
  • Provider-owned seams: N/A.
  • Platform-core seams: review/evidence/review-pack/finding/audit/operation proof presentation over existing workspace/environment artifacts.
  • Neutral platform terms / contracts preserved: workspace, environment, customer review, evidence, review pack, export, accepted risk, finding, operation proof, audit trail, diagnostics.
  • Retained provider-specific semantics and why: only inside existing customer-safe review/evidence content where repo-backed.
  • Bounded extraction or follow-up path: provider readiness remains a follow-up spec, not part of Spec 342.

Current Repo Truth Summary

  • CustomerReviewWorkspace already exists as a Filament page with slug reviews/workspace, workspace-wide navigation, canonical environment_id filtering, header clear-filter action, table context, and existing page-open audit logging.
  • The current Blade view already renders decision-card, readiness-dimension, follow-up, review-package-index, evidence-aside, review-pack-state, accepted-risk-summary, and diagnostics areas.
  • EnvironmentReview owns review status, completeness, summary, publication timestamps, evidence snapshot, operation run, sections, review packs, and current export review pack.
  • EvidenceSnapshot owns evidence status/completeness, generated/expiry timestamps, items, linked review packs, linked reviews, and operation proof.
  • ReviewPack owns queued/generating/ready/failed/expired state, file metadata, expiry, linked evidence snapshot, environment review, operation run, and signed-download eligibility.
  • Finding and FindingException provide finding severity/status, owner/assignee/due fields, accepted-risk/exception status, current validity, owner/rationale/review dates, decision history, and evidence references where loaded.
  • ReviewPackDownloadController, ReviewPackService, and review-pack tests already prove signed download and authorization paths.
  • Existing relevant tests include tests/Feature/Reviews/*, tests/Feature/ReviewPack/*, tests/Feature/Evidence/*, tests/Feature/Filament/Spec337EvidenceReviewPackProductFlowTest.php, tests/Browser/Spec326CustomerReviewWorkspaceProductizationSmokeTest.php, and tests/Browser/Spec337EvidenceReviewPackProductFlowSmokeTest.php.
  • Related resources inspected for global-search posture should remain disabled or safe; this spec must not enable global search.

Implementation Approach

Phase 0 — Repo Truth Gate

  1. Re-read this spec, plan, tasks, repo-truth-map.md, and customer-review-consumption-state-contract.md.
  2. Re-inspect current Customer Review Workspace page/view and related tests before editing.
  3. Update repo-truth-map.md with any runtime discoveries before code changes.
  4. Mark unsupported concepts such as acknowledgement/attestation or external delivery as unavailable/deferred.

Phase 1 — Tests First

  1. Add Feature/Livewire tests for decision-card status/reason/impact/next-action and hidden raw diagnostics.
  2. Add tests for findings/accepted-risk summaries and unsupported fields.
  3. Add tests for evidence/review-pack/export/operation proof separation.
  4. Add RBAC/context tests for cross-workspace environment filter, diagnostics capability, authorized review-pack download/open actions, and no legacy query alias resurrection.

Phase 2 — Consumption State Contract

  1. Use the spec-local contract as the mapping source for visible states.
  2. If needed, create a small CustomerReviewWorkspacePresenter or page-local payload builder that computes:
    • status, reason, impact, primary next action
    • review readiness flow
    • findings summary
    • accepted-risk summary
    • evidence state
    • review-pack state
    • export state
    • proof items
    • diagnostics state
  3. Keep states derived from existing models only.

Phase 3 — First-Screen Productization

  1. Ensure the first viewport leads with the decision card.
  2. Ensure findings and accepted risks are visible customer-safe summaries.
  3. Ensure evidence, review-pack, export, audit, and operation proof are visible as secondary proof, not raw diagnostics.
  4. Keep the review package index/table as secondary context.
  5. Keep diagnostics collapsed or unavailable by default.

Phase 4 — Actions, RBAC, And Safety

  1. Show only repo-backed, authorized primary/secondary actions.
  2. Keep mutation/generation/repair actions out of the customer-safe default surface unless explicitly authorized and already repo-supported.
  3. If a high-impact action becomes necessary, stop and update spec/plan before implementation.
  4. Preserve existing audit logging and avoid secrets/raw payloads.

Phase 5 — Browser Smoke And Screenshots

  1. Add one bounded Browser smoke file for representative states.
  2. Capture screenshots under this spec package.
  3. Document unreachable states rather than faking fixtures.

Phase 6 — Validation And Close-Out

  1. Run focused Feature/Livewire validation.
  2. Run the bounded Browser smoke.
  3. Run overlapping filter tests, pint --dirty, and git diff --check.
  4. Record UI coverage close-out decision and known gaps.

Test Governance Check

  • Test purpose / classification by changed surface: Feature/Livewire for state/RBAC/context/false claims; Browser for rendered first-screen hierarchy, diagnostics collapsed, and screenshots.
  • Affected validation lanes: confidence + browser.
  • Why this lane mix is the narrowest sufficient proof: page state and authorization are cheaper and deterministic in Feature tests; rendered hierarchy and diagnostics disclosure are the product value and need browser proof.
  • Narrowest proving command(s):
cd apps/platform
./vendor/bin/sail artisan test tests/Feature/Filament/Spec342CustomerReviewWorkspaceConsumptionTest.php --compact
./vendor/bin/sail php vendor/bin/pest tests/Browser/Spec342CustomerReviewWorkspaceConsumptionSmokeTest.php --compact
./vendor/bin/sail artisan test --filter='CustomerReview|ReviewPack|Evidence|AcceptedRisk|Finding|Audit|Spec341' --compact
./vendor/bin/sail pint --dirty
git diff --check
  • Fixture / helper / factory / seed / context cost risks: reuse existing review/evidence/review-pack/finding/exception/audit/operation fixtures; no broad seeding.
  • Expensive defaults or shared helper growth introduced?: no.
  • Heavy-family additions, promotions, or visibility changes: one explicit browser smoke only.
  • Surface-class relief / special coverage rule: no relief; strategic customer-safe surface.
  • Closing validation and reviewer handoff: confirm state truth, hidden diagnostics, RBAC/context safety, one next action, screenshots, and no false readiness claims.
  • Budget / baseline / trend follow-up: none expected.
  • Review-stop questions: Are any claims not repo-backed? Does any state require backend truth? Did a presenter become a framework? Did browser coverage widen? Did a route/shell/query alias regress?
  • Escalation path: document-in-feature for unreachable fixture states; follow-up-spec for missing backend capabilities; reject-or-split for portal/framework/backend generation.
  • Active feature PR close-out entry: Guardrail / Exception / Smoke Coverage.
  • Why no dedicated follow-up spec is needed: final consumption belongs in this active feature; attestation, localization, governance inbox, provider readiness, and PSA handoff remain separate follow-up specs.

Project Structure

Documentation (this feature)

specs/342-customer-review-workspace-final-consumption-productization/
├── spec.md
├── plan.md
├── tasks.md
├── repo-truth-map.md
├── customer-review-consumption-state-contract.md
├── checklists/
│   └── requirements.md
└── artifacts/
    └── screenshots/

Expected implementation touch points

apps/platform/app/Filament/Pages/Reviews/CustomerReviewWorkspace.php
apps/platform/resources/views/filament/pages/reviews/customer-review-workspace.blade.php
apps/platform/tests/Feature/Filament/Spec342CustomerReviewWorkspaceConsumptionTest.php
apps/platform/tests/Browser/Spec342CustomerReviewWorkspaceConsumptionSmokeTest.php

Supporting surfaces to inspect, not broadly redesign

apps/platform/app/Filament/Resources/EnvironmentReviewResource.php
apps/platform/app/Filament/Resources/EvidenceSnapshotResource.php
apps/platform/app/Filament/Resources/ReviewPackResource.php
apps/platform/app/Filament/Resources/FindingExceptionResource.php
apps/platform/app/Filament/Resources/StoredReportResource.php
apps/platform/app/Models/EnvironmentReview.php
apps/platform/app/Models/EvidenceSnapshot.php
apps/platform/app/Models/ReviewPack.php
apps/platform/app/Models/Finding.php
apps/platform/app/Models/FindingException.php
apps/platform/app/Models/OperationRun.php
apps/platform/app/Support/Navigation/WorkspaceHubEnvironmentFilter.php
apps/platform/app/Support/OperationRunLinks.php
apps/platform/app/Support/Ui/GovernanceArtifactTruth/ArtifactTruthPresenter.php

Complexity Tracking

Violation Why Needed Simpler Alternative Rejected Because
Possible page-local presenter May be needed to centralize derived state and avoid duplicate page/view logic Blade-only mapping risks scattered false claims and hard-to-test conditions

Proportionality Review

  • New persisted truth: none.
  • New abstraction: none by default; possible page-local presenter only.
  • New state/status family: no; presentation states derive from existing model truth.
  • Ownership cost: state contract, feature tests, browser smoke, screenshots.
  • Rejected alternatives: copy-only patch, portal architecture, persisted readiness table, global readiness engine.

Constitution Check

  • Inventory-first: pass; all display states derive from last-observed review/evidence/artifact truth.
  • Read/write separation: pass; default surface is read-only consumption. Any existing generation/download action remains policy/audit-backed.
  • Graph contract path: pass; no Graph call during page render.
  • Deterministic capabilities: pass; existing policies/capabilities remain authoritative.
  • RBAC-UX: pass; /admin only, workspace/environment entitlement required, non-member access is deny-as-not-found.
  • Workspace/tenant isolation: pass; environment_id is filter only and must be entitlement-checked.
  • Run observability: pass; no new OperationRun lifecycle. Existing runs are proof only.
  • Data minimization: pass; no secrets/raw payloads/default diagnostics.
  • Test governance: pass; confidence + one browser smoke are explicit.
  • Proportionality / no premature abstraction: pass with bounded presenter guard.
  • Persisted truth / behavioral state: pass; no new persistence or lifecycle state.
  • Shared pattern first: pass; reuse Spec 337/Product Process Flow semantics and existing artifact/operation/badge helpers.
  • Provider boundary: pass; no provider seam change.
  • UI/Productization coverage: pass; existing strategic surface changed, screenshot/close-out coverage required.
  • Filament v5 / Livewire v4 compliance: required; no Livewire v3 or Filament legacy APIs.
  • Provider registration: unchanged in apps/platform/bootstrap/providers.php.
  • Global search: do not enable global search for related resources in this spec.
  • Destructive actions: none expected; any introduced high-impact/destructive action must use Action::make(...)->action(...), ->requiresConfirmation(), authorization, audit, notification, and tests after spec/plan update.
  • Asset strategy: no registered assets expected; if assets are introduced, update deployment to run cd apps/platform && php artisan filament:assets.

Deployment / Ops Impact

No migrations, env vars, packages, queues, scheduler, storage, Graph scopes, Dokploy config, or Filament assets are expected. Runtime impact is UI/page rendering plus tests. If implementation proves otherwise, update spec/plan before coding further.