ahmido/TenantAtlas
1
0
Fork 0
Code Issues Pull Requests 1 Actions 1 Packages Projects 1 Releases Wiki Activity
platform-dev
TenantAtlas/specs/372-customer-auditor-surface-safety-pass/artifacts/implementation-notes.md
ahmido 22214f22d6 feat(ui): implement customer auditor surface safety pass (#443) 
Applied customer/auditor safety layout changes to CustomerReviewWorkspace, EnvironmentReviewResource, EvidenceSnapshotResource, ReviewPackResource, and StoredReportResource as per Spec 372.

Co-authored-by: Ahmed Darrazi <ahmed.darrazi@live.de>
Reviewed-on: #443
2026-06-12 15:51:30 +00:00

56 lines
4.4 KiB
Markdown
Raw Permalink Blame History

# Implementation Notes
Status: implementation complete.
## Design Decisions
- Reused the Spec 370/371 hierarchy: outcome first, customer/auditor guidance second, evidence basis before diagnostics, and technical metadata behind collapsed detail.
- Kept all changes on existing Filament pages/resources. No route, model, migration, policy, service, report renderer, disclosure policy, generator, or portal scope was added.
- Preserved Specs 342/344/347 workspace and review-pack readiness semantics, but removed OperationRun proof from the default Customer Review Workspace evidence path.
- Treated Evidence Snapshot as reachable in Spec 372 because the browser smoke fixture reached the scoped detail route successfully.
## Copy Changes
- Customer Review Workspace supporting-action help now references package download and evidence basis only, not operation proof.
- Environment Review detail now uses `Outcome summary`, `Output guidance`, `Executive posture`, `Evidence basis`, `Technical details`, and `Sections`.
- Review Pack detail now uses `Outcome summary`, `Output guidance`, `Pack readiness and contents`, and collapsed `Technical pack details`.
- Stored Report detail now leads with `Report scope and readiness`, then the report-specific summary, then collapsed `Technical report details`, then raw payload.
- Evidence Snapshot detail now leads with `Evidence basis and readiness`, `Evidence coverage summary`, and `Related review and report context`; provider/source internals live under collapsed technical dimension details.
## Action Hierarchy Changes
- No new actions were introduced.
- Customer Review Workspace still presents one primary action in the decision card and subordinate supporting actions.
- Environment Review existing header actions remain source-owned; the stale test assertion was updated from a removed download action name to the current `open_current_rendered_report` action.
- Review Pack preview/download/regenerate/expire behavior was preserved; regenerate/expire remain outside the first customer/auditor proof hierarchy.
- Evidence Snapshot refresh/expire/create behavior was preserved; operation-run navigation is no longer related context.
## Metadata Demotion Choices
- Operation proof was removed from the default Customer Review Workspace evidence path and review-pack side panel.
- Environment Review status/completeness/fingerprint now sit in collapsed `Technical details`.
- Review Pack options, initiator, operation count, freshness, SHA/fingerprint, and OperationRun link now sit in collapsed `Technical pack details`.
- Stored Report display reference, source descriptors, provider keys, integrity anchors, and previous fingerprint now sit in collapsed `Technical report details`.
- Evidence Snapshot OperationRun, fingerprints, and operation counts now sit in collapsed `Technical evidence details`; source descriptors/raw summary JSON sit in collapsed per-dimension details.
## Evidence / Diagnostics Separation
- Evidence remains the proof path: snapshot completeness, current export state, pack contents, stored report summaries, and related review/report context.
- Diagnostics remain technical and collapsed. The browser smoke verified no default operation proof in the Customer Review Workspace and no JavaScript console/runtime errors.
## Tests Added Or Updated
- Added `apps/platform/tests/Feature/Filament/Spec372CustomerAuditorSurfaceSafetyTest.php`.
- Added `apps/platform/tests/Browser/Spec372CustomerAuditorSurfaceSafetySmokeTest.php`.
- Updated existing workspace, launch-link, stored-report, and evidence-resource tests where stale expectations contradicted the Spec 372 customer/auditor hierarchy.
## Known Tradeoffs
- The Filament app shell is still dense; Spec 372 intentionally did not alter navigation or global layout.
- Review Pack and Evidence Snapshot still expose technical detail in collapsed sections for authorized operators; this preserves audit/support utility without making diagnostics first-screen truth.
- Customer-safe readiness remains tied to existing review-pack output contract data. Tests that assert customer-safe readiness now seed non-certification disclosure into the pack summary instead of broadening runtime disclosure semantics.
## Out-of-Scope Impacts
- None confirmed. No migrations, env vars, queues, scheduler, storage topology, Graph contracts/calls, panel providers, routes, report renderer, disclosure policy, customer portal, or legacy compatibility paths were added.
Reference in New Issue View Git Blame Copy Permalink