ahmido/TenantAtlas
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects 1 Releases Wiki Activity
platform-dev
TenantAtlas/specs/372-customer-auditor-surface-safety-pass/artifacts/implementation-notes.md
ahmido 22214f22d6 feat(ui): implement customer auditor surface safety pass (#443) 
Applied customer/auditor safety layout changes to CustomerReviewWorkspace, EnvironmentReviewResource, EvidenceSnapshotResource, ReviewPackResource, and StoredReportResource as per Spec 372.

Co-authored-by: Ahmed Darrazi <ahmed.darrazi@live.de>
Reviewed-on: #443
2026-06-12 15:51:30 +00:00

4.4 KiB
Raw Permalink Blame History

Implementation Notes

Status: implementation complete.

Design Decisions

  • Reused the Spec 370/371 hierarchy: outcome first, customer/auditor guidance second, evidence basis before diagnostics, and technical metadata behind collapsed detail.
  • Kept all changes on existing Filament pages/resources. No route, model, migration, policy, service, report renderer, disclosure policy, generator, or portal scope was added.
  • Preserved Specs 342/344/347 workspace and review-pack readiness semantics, but removed OperationRun proof from the default Customer Review Workspace evidence path.
  • Treated Evidence Snapshot as reachable in Spec 372 because the browser smoke fixture reached the scoped detail route successfully.

Copy Changes

  • Customer Review Workspace supporting-action help now references package download and evidence basis only, not operation proof.
  • Environment Review detail now uses Outcome summary, Output guidance, Executive posture, Evidence basis, Technical details, and Sections.
  • Review Pack detail now uses Outcome summary, Output guidance, Pack readiness and contents, and collapsed Technical pack details.
  • Stored Report detail now leads with Report scope and readiness, then the report-specific summary, then collapsed Technical report details, then raw payload.
  • Evidence Snapshot detail now leads with Evidence basis and readiness, Evidence coverage summary, and Related review and report context; provider/source internals live under collapsed technical dimension details.

Action Hierarchy Changes

  • No new actions were introduced.
  • Customer Review Workspace still presents one primary action in the decision card and subordinate supporting actions.
  • Environment Review existing header actions remain source-owned; the stale test assertion was updated from a removed download action name to the current open_current_rendered_report action.
  • Review Pack preview/download/regenerate/expire behavior was preserved; regenerate/expire remain outside the first customer/auditor proof hierarchy.
  • Evidence Snapshot refresh/expire/create behavior was preserved; operation-run navigation is no longer related context.

Metadata Demotion Choices

  • Operation proof was removed from the default Customer Review Workspace evidence path and review-pack side panel.
  • Environment Review status/completeness/fingerprint now sit in collapsed Technical details.
  • Review Pack options, initiator, operation count, freshness, SHA/fingerprint, and OperationRun link now sit in collapsed Technical pack details.
  • Stored Report display reference, source descriptors, provider keys, integrity anchors, and previous fingerprint now sit in collapsed Technical report details.
  • Evidence Snapshot OperationRun, fingerprints, and operation counts now sit in collapsed Technical evidence details; source descriptors/raw summary JSON sit in collapsed per-dimension details.

Evidence / Diagnostics Separation

  • Evidence remains the proof path: snapshot completeness, current export state, pack contents, stored report summaries, and related review/report context.
  • Diagnostics remain technical and collapsed. The browser smoke verified no default operation proof in the Customer Review Workspace and no JavaScript console/runtime errors.

Tests Added Or Updated

  • Added apps/platform/tests/Feature/Filament/Spec372CustomerAuditorSurfaceSafetyTest.php.
  • Added apps/platform/tests/Browser/Spec372CustomerAuditorSurfaceSafetySmokeTest.php.
  • Updated existing workspace, launch-link, stored-report, and evidence-resource tests where stale expectations contradicted the Spec 372 customer/auditor hierarchy.

Known Tradeoffs

  • The Filament app shell is still dense; Spec 372 intentionally did not alter navigation or global layout.
  • Review Pack and Evidence Snapshot still expose technical detail in collapsed sections for authorized operators; this preserves audit/support utility without making diagnostics first-screen truth.
  • Customer-safe readiness remains tied to existing review-pack output contract data. Tests that assert customer-safe readiness now seed non-certification disclosure into the pack summary instead of broadening runtime disclosure semantics.

Out-of-Scope Impacts

  • None confirmed. No migrations, env vars, queues, scheduler, storage topology, Graph contracts/calls, panel providers, routes, report renderer, disclosure policy, customer portal, or legacy compatibility paths were added.