ahmido/TenantAtlas
1
0
Fork 0
Code Issues Pull Requests 2 Actions Packages Projects 1 Releases Wiki Activity
0517305381
TenantAtlas/specs/258-customer-review-productization/tasks.md
ahmido 966b7af472
Some checks failed
PR Fast Feedback / fast-feedback (pull_request) Failing after 1m0s
Details
feat: productize customer review workspace (#310) 
## Summary
- productize the customer review workspace and released-review drilldown into a calmer customer-safe governance flow
- make review-pack and evidence-proof access explicit, capability-aware, and auditable in the shared Filament resources
- add focused Pest coverage, browser smoke coverage, and the full Spec 258 artifact package

## Notes
- Filament stays on v5 with Livewire v4 surfaces; no provider registration changes were introduced
- no new global-search scope, destructive action surface, or asset registration was added
- bounded additive audit action IDs were added for workspace open and evidence proof open events

## Validation
- focused Pest feature suites for workspace, review detail, review-pack, and evidence flows
- bounded browser smoke: `tests/Browser/Reviews/CustomerReviewWorkspaceSmokeTest.php`
- `cd apps/platform && ./vendor/bin/sail bin pint --dirty --format agent`

Co-authored-by: Ahmed Darrazi <ahmed.darrazi@live.de>
Reviewed-on: #310
2026-04-30 18:15:32 +00:00

28 KiB
Raw Blame History

description
Task list for Customer Review Workspace Productization v1

Tasks: Customer Review Workspace Productization v1

Input: Design documents from /Users/ahmeddarrazi/Documents/projects/wt-plattform/specs/258-customer-review-productization/ Prerequisites: /Users/ahmeddarrazi/Documents/projects/wt-plattform/specs/258-customer-review-productization/plan.md (required), /Users/ahmeddarrazi/Documents/projects/wt-plattform/specs/258-customer-review-productization/spec.md (required), /Users/ahmeddarrazi/Documents/projects/wt-plattform/specs/258-customer-review-productization/checklists/requirements.md (required), /Users/ahmeddarrazi/Documents/projects/wt-plattform/specs/258-customer-review-productization/research.md, /Users/ahmeddarrazi/Documents/projects/wt-plattform/specs/258-customer-review-productization/data-model.md, /Users/ahmeddarrazi/Documents/projects/wt-plattform/specs/258-customer-review-productization/contracts/customer-review-productization.openapi.yaml, /Users/ahmeddarrazi/Documents/projects/wt-plattform/specs/258-customer-review-productization/quickstart.md

Tests: Required (Pest) for runtime behavior changes. Keep proof in the narrow confidence lane plus one bounded browser smoke only because this slice changes customer-safe wording, disclosure order, and safe action hierarchy on existing workspace and detail surfaces. Operations: No new OperationRun, queue, remote call, publication flow, remediation flow, or background processing is introduced. Auditability stays on the current shared audit pipeline only. RBAC: Workspace membership remains the first boundary. Non-members or out-of-scope tenant targets remain 404; in-scope actors missing an optional capability get explicit unavailability or 403 only on the gated secondary path. Reuse /Users/ahmeddarrazi/Documents/projects/wt-plattform/apps/platform/app/Services/Auth/RoleCapabilityMap.php and /Users/ahmeddarrazi/Documents/projects/wt-plattform/apps/platform/app/Support/Auth/Capabilities.php; do not add raw capability strings or role-string checks. Shared Pattern Reuse: Reuse /Users/ahmeddarrazi/Documents/projects/wt-plattform/apps/platform/app/Filament/Pages/Reviews/CustomerReviewWorkspace.php, /Users/ahmeddarrazi/Documents/projects/wt-plattform/apps/platform/app/Filament/Resources/TenantReviewResource/Pages/ViewTenantReview.php, /Users/ahmeddarrazi/Documents/projects/wt-plattform/apps/platform/app/Support/Ui/GovernanceArtifactTruth/ArtifactTruthPresenter.php, /Users/ahmeddarrazi/Documents/projects/wt-plattform/apps/platform/app/Support/Ui/GovernanceArtifactTruth/SurfaceCompressionContext.php, existing review-pack and evidence resources, and the shared audit logger rather than creating a new customer shell, presenter family, or persistence layer. Organization: Tasks are grouped by user story so workspace productization, released-review detail hardening, and packaged-proof access remain independently testable after shared seams are settled.

Test Governance Notes

  • Lane assignment: confidence plus one explicit browser smoke remain the narrowest sufficient proof for capability-first RBAC, workspace and tenant isolation, calmer disclosure hierarchy, explicit unavailable states, and auditable pack or proof consumption.
  • Keep new coverage inside /Users/ahmeddarrazi/Documents/projects/wt-plattform/apps/platform/tests/Feature/Reviews/CustomerReviewWorkspace*.php, /Users/ahmeddarrazi/Documents/projects/wt-plattform/apps/platform/tests/Feature/TenantReview/TenantReviewUiContractTest.php, /Users/ahmeddarrazi/Documents/projects/wt-plattform/apps/platform/tests/Feature/TenantReview/TenantReviewExplanationSurfaceTest.php, /Users/ahmeddarrazi/Documents/projects/wt-plattform/apps/platform/tests/Feature/ReviewPack/ReviewPackDownloadTest.php, /Users/ahmeddarrazi/Documents/projects/wt-plattform/apps/platform/tests/Feature/Evidence/EvidenceSnapshotResourceTest.php, /Users/ahmeddarrazi/Documents/projects/wt-plattform/apps/platform/tests/Feature/Evidence/EvidenceSnapshotAuditLogTest.php, and /Users/ahmeddarrazi/Documents/projects/wt-plattform/apps/platform/tests/Browser/Reviews/CustomerReviewWorkspaceSmokeTest.php; do not widen this slice into a new browser family or a broader cross-tenant workboard suite.
  • Reuse existing workspace membership, entitled-tenant, released review, finding exception, evidence snapshot, review pack, localization, and audit fixtures; any helper added during implementation must stay explicit and cheap by default.
  • If implementation finds that workspace-open or proof-open auditing is already fully covered, close the corresponding audit tasks as reuse-only and record the outcome as document-in-feature instead of adding new action IDs.

Phase 1: Setup (Shared Context)

Purpose: Lock the bounded productization delta, current proof lanes, and exact repo anchors before runtime edits begin.

  • T001 Review the bounded slice, non-goals, guardrail outcomes, and required customer-safe behaviors in /Users/ahmeddarrazi/Documents/projects/wt-plattform/specs/258-customer-review-productization/spec.md, /Users/ahmeddarrazi/Documents/projects/wt-plattform/specs/258-customer-review-productization/plan.md, and /Users/ahmeddarrazi/Documents/projects/wt-plattform/specs/258-customer-review-productization/checklists/requirements.md
  • T002 [P] Review route reuse, derived disclosure states, audit expectations, and no-new-persistence constraints in /Users/ahmeddarrazi/Documents/projects/wt-plattform/specs/258-customer-review-productization/research.md, /Users/ahmeddarrazi/Documents/projects/wt-plattform/specs/258-customer-review-productization/data-model.md, and /Users/ahmeddarrazi/Documents/projects/wt-plattform/specs/258-customer-review-productization/contracts/customer-review-productization.openapi.yaml
  • T003 [P] Confirm the focused Sail/Pest commands, the single bounded browser-smoke requirement, and the existing review test family in /Users/ahmeddarrazi/Documents/projects/wt-plattform/specs/258-customer-review-productization/quickstart.md, /Users/ahmeddarrazi/Documents/projects/wt-plattform/apps/platform/tests/Feature/Reviews/, and /Users/ahmeddarrazi/Documents/projects/wt-plattform/apps/platform/tests/Browser/Reviews/

Phase 2: Foundational (Blocking Prerequisites)

Purpose: Settle the shared RBAC, isolation, audit, presenter, and localization seams that every user story depends on.

⚠️ CRITICAL: No user story work should begin until this phase is complete.

  • T004 [P] Add shared authorization coverage for workspace membership, entitled-tenant omission, deny-as-not-found tenant targeting, and in-scope optional-capability denial in /Users/ahmeddarrazi/Documents/projects/wt-plattform/apps/platform/tests/Feature/Reviews/CustomerReviewWorkspaceAuthorizationTest.php
  • T005 Reuse or minimally tighten capability-first workspace and tenant isolation in /Users/ahmeddarrazi/Documents/projects/wt-plattform/apps/platform/app/Filament/Pages/Reviews/CustomerReviewWorkspace.php, /Users/ahmeddarrazi/Documents/projects/wt-plattform/apps/platform/app/Filament/Resources/TenantReviewResource/Pages/ViewTenantReview.php, /Users/ahmeddarrazi/Documents/projects/wt-plattform/apps/platform/app/Services/TenantReviews/TenantReviewRegisterService.php, /Users/ahmeddarrazi/Documents/projects/wt-plattform/apps/platform/app/Support/Auth/Capabilities.php, and existing capability maps so later summary, proof, and pack work stays on one existing seam
  • T006 [P] Verify and extend the shared audit pipeline only where required in /Users/ahmeddarrazi/Documents/projects/wt-plattform/apps/platform/app/Support/Audit/AuditActionId.php, /Users/ahmeddarrazi/Documents/projects/wt-plattform/apps/platform/app/Http/Controllers/ReviewPackDownloadController.php, /Users/ahmeddarrazi/Documents/projects/wt-plattform/apps/platform/app/Filament/Resources/TenantReviewResource/Pages/ViewTenantReview.php, and /Users/ahmeddarrazi/Documents/projects/wt-plattform/apps/platform/app/Filament/Resources/EvidenceSnapshotResource/Pages/ViewEvidenceSnapshot.php for workspace entry, review open, proof open, and pack download moments
  • T007 [P] Confirm the shared customer-safe truth presentation seams to reuse in /Users/ahmeddarrazi/Documents/projects/wt-plattform/apps/platform/app/Support/Ui/GovernanceArtifactTruth/ArtifactTruthPresenter.php, /Users/ahmeddarrazi/Documents/projects/wt-plattform/apps/platform/app/Support/Ui/GovernanceArtifactTruth/SurfaceCompressionContext.php, /Users/ahmeddarrazi/Documents/projects/wt-plattform/apps/platform/app/Filament/Resources/TenantReviewResource.php, /Users/ahmeddarrazi/Documents/projects/wt-plattform/apps/platform/app/Filament/Resources/ReviewPackResource.php, and /Users/ahmeddarrazi/Documents/projects/wt-plattform/apps/platform/app/Filament/Resources/EvidenceSnapshotResource.php before story-specific disclosure changes begin
  • T008 [P] Inventory the bounded copy, localization, and tenant-safe global-search seams for calmer wording, customer-safe disclosure hierarchy, explicit access-state labels, and unchanged review/evidence discoverability in /Users/ahmeddarrazi/Documents/projects/wt-plattform/apps/platform/lang/en/localization.php, /Users/ahmeddarrazi/Documents/projects/wt-plattform/apps/platform/lang/de/localization.php, /Users/ahmeddarrazi/Documents/projects/wt-plattform/apps/platform/resources/views/filament/pages/reviews/customer-review-workspace.blade.php, /Users/ahmeddarrazi/Documents/projects/wt-plattform/apps/platform/app/Filament/Resources/TenantReviewResource/Pages/ViewTenantReview.php, /Users/ahmeddarrazi/Documents/projects/wt-plattform/apps/platform/app/Filament/Resources/ReviewPackResource.php, and /Users/ahmeddarrazi/Documents/projects/wt-plattform/apps/platform/app/Filament/Resources/EvidenceSnapshotResource.php

Checkpoint: Shared RBAC, isolation, audit, presenter, and localization seams are fixed before workspace or detail productization begins.

Phase 3: User Story 1 - Understand The Latest Released Review At A Glance (Priority: P1) 🎯 MVP

Goal: Let an entitled customer reviewer, customer admin, or auditor open one existing workspace route and immediately understand the current released governance record per entitled tenant.

Independent Test: Open /admin/reviews/workspace as an entitled actor and confirm each visible tenant shows only released review truth, customer-safe summary wording, one dominant Open released review action, and explicit absence or unavailable states without leaking internal review lifecycle.

Tests for User Story 1

  • T009 [P] [US1] Extend /Users/ahmeddarrazi/Documents/projects/wt-plattform/apps/platform/tests/Feature/Reviews/CustomerReviewWorkspacePageTest.php for latest released review-only rows, calmer at-a-glance summaries, accepted-risk accountability visibility, evidence or pack availability summaries, and truthful no-released-review states
  • T010 [P] [US1] Extend /Users/ahmeddarrazi/Documents/projects/wt-plattform/apps/platform/tests/Feature/Reviews/CustomerReviewWorkspaceLaunchLinksTest.php for launches into /Users/ahmeddarrazi/Documents/projects/wt-plattform/apps/platform/app/Filament/Pages/Reviews/CustomerReviewWorkspace.php from existing review, evidence, and review-pack detail paths with safe tenant prefilter and no broadened tenant discovery

Implementation for User Story 1

  • T011 [US1] Compose one workspace entry per entitled tenant from released review truth only in /Users/ahmeddarrazi/Documents/projects/wt-plattform/apps/platform/app/Filament/Pages/Reviews/CustomerReviewWorkspace.php and the existing tenant-review register query seam, reusing existing TenantReview, current pack, and evidence relationships without draft or internal fallback
  • T012 [US1] Reuse or minimally tighten launch and prefilter handoffs in /Users/ahmeddarrazi/Documents/projects/wt-plattform/apps/platform/app/Filament/Resources/TenantReviewResource.php, /Users/ahmeddarrazi/Documents/projects/wt-plattform/apps/platform/app/Filament/Resources/ReviewPackResource.php, /Users/ahmeddarrazi/Documents/projects/wt-plattform/apps/platform/app/Filament/Resources/EvidenceSnapshotResource.php, and /Users/ahmeddarrazi/Documents/projects/wt-plattform/apps/platform/app/Filament/Pages/Reviews/CustomerReviewWorkspace.php so review, evidence, and review-pack detail paths enter the workspace with preserved tenant context and no new shell
  • T013 [US1] Rework the default-visible workspace disclosure hierarchy in /Users/ahmeddarrazi/Documents/projects/wt-plattform/apps/platform/app/Filament/Pages/Reviews/CustomerReviewWorkspace.php so outcome, key findings, accepted-risk accountability, evidence availability, and review-pack state appear as decision-first content with exactly one dominant Open released review action
  • T014 [US1] Implement explicit workspace absence, unavailable, partial, expired, and redaction-safe messaging in /Users/ahmeddarrazi/Documents/projects/wt-plattform/apps/platform/app/Filament/Pages/Reviews/CustomerReviewWorkspace.php without introducing a new persisted state family
  • T015 [US1] Update calmer workspace wording and DE or EN localization keys in /Users/ahmeddarrazi/Documents/projects/wt-plattform/apps/platform/lang/en/localization.php, /Users/ahmeddarrazi/Documents/projects/wt-plattform/apps/platform/lang/de/localization.php, and /Users/ahmeddarrazi/Documents/projects/wt-plattform/apps/platform/app/Filament/Pages/Reviews/CustomerReviewWorkspace.php so operator-led language is removed from the customer-safe entry surface

Checkpoint: User Story 1 is independently functional when the workspace truthfully shows only released review summaries for entitled tenants with clear customer-safe wording and explicit access-state handling.

Phase 4: User Story 2 - Understand Why The Review Says What It Says (Priority: P1)

Goal: Let the same actor open the released review detail from the workspace and understand findings, accepted-risk accountability, and proof context without seeing operator or mutation residue.

Independent Test: Open a released review from the workspace and confirm the detail stays read-only, keeps customer-safe disclosure first, preserves tenant and workspace context, and makes optional proof or pack unavailability explicit instead of hiding or leaking content.

Tests for User Story 2

  • T016 [P] [US2] Extend /Users/ahmeddarrazi/Documents/projects/wt-plattform/apps/platform/tests/Feature/Reviews/CustomerReviewWorkspaceNavigationContextTest.php for workspace-to-review handoff, preserved tenant context, safe return semantics, and deny-as-not-found behavior when customer_workspace=1 targets an out-of-scope tenant or review
  • T017 [P] [US2] Extend /Users/ahmeddarrazi/Documents/projects/wt-plattform/apps/platform/tests/Feature/TenantReview/TenantReviewUiContractTest.php, /Users/ahmeddarrazi/Documents/projects/wt-plattform/apps/platform/tests/Feature/ReviewPack/ReviewPackResourceTest.php, and /Users/ahmeddarrazi/Documents/projects/wt-plattform/apps/platform/tests/Feature/Evidence/EvidenceSnapshotResourceTest.php for customer-workspace read-only mode, one dominant safe action, hidden publish or remediation controls, explicit unavailable states for optional secondary actions, and preserved tenant-safe global-search posture across the touched review/evidence/pack resources
  • T018 [P] [US2] Extend /Users/ahmeddarrazi/Documents/projects/wt-plattform/apps/platform/tests/Feature/TenantReview/TenantReviewExplanationSurfaceTest.php for calmer findings language, accepted-risk accountability framing, evidence summary ordering, and hidden raw or support detail by default when the detail is launched from the workspace
  • T019 [P] [US2] Extend /Users/ahmeddarrazi/Documents/projects/wt-plattform/apps/platform/tests/Browser/Reviews/CustomerReviewWorkspaceSmokeTest.php for the calm workspace-to-detail handoff, one dominant primary action, and truthful optional-action unavailable states while keeping browser proof bounded to this single smoke slice

Implementation for User Story 2

  • T020 [US2] Tighten the existing customer-workspace detail mode in /Users/ahmeddarrazi/Documents/projects/wt-plattform/apps/platform/app/Filament/Resources/TenantReviewResource/Pages/ViewTenantReview.php and /Users/ahmeddarrazi/Documents/projects/wt-plattform/apps/platform/app/Filament/Resources/TenantReviewResource.php so the released review remains read-only, capability-aware, and context-preserving without creating a second detail surface
  • T021 [US2] Reuse /Users/ahmeddarrazi/Documents/projects/wt-plattform/apps/platform/app/Support/Ui/GovernanceArtifactTruth/ArtifactTruthPresenter.php, /Users/ahmeddarrazi/Documents/projects/wt-plattform/apps/platform/app/Support/Ui/GovernanceArtifactTruth/SurfaceCompressionContext.php, and the current review and finding-exception relationships to present calmer findings, accepted-risk accountability, and evidence-summary disclosure on the existing released-review detail surface
  • T022 [US2] Reuse the related detail surfaces in /Users/ahmeddarrazi/Documents/projects/wt-plattform/apps/platform/app/Filament/Resources/ReviewPackResource.php, /Users/ahmeddarrazi/Documents/projects/wt-plattform/apps/platform/app/Filament/Resources/ReviewPackResource/Pages/ViewReviewPack.php, /Users/ahmeddarrazi/Documents/projects/wt-plattform/apps/platform/app/Filament/Resources/EvidenceSnapshotResource.php, and /Users/ahmeddarrazi/Documents/projects/wt-plattform/apps/platform/app/Filament/Resources/EvidenceSnapshotResource/Pages/ViewEvidenceSnapshot.php so secondary pack and proof paths preserve customer-safe wording, source context, and explicit unavailable messaging after drilldown
  • T023 [US2] Update customer-safe detail, pack, and proof copy in /Users/ahmeddarrazi/Documents/projects/wt-plattform/apps/platform/lang/en/localization.php, /Users/ahmeddarrazi/Documents/projects/wt-plattform/apps/platform/lang/de/localization.php, /Users/ahmeddarrazi/Documents/projects/wt-plattform/apps/platform/app/Filament/Resources/TenantReviewResource/Pages/ViewTenantReview.php, /Users/ahmeddarrazi/Documents/projects/wt-plattform/apps/platform/app/Filament/Resources/ReviewPackResource.php, and /Users/ahmeddarrazi/Documents/projects/wt-plattform/apps/platform/app/Filament/Resources/EvidenceSnapshotResource.php so calmer wording and the customer-safe disclosure hierarchy stay aligned across the flow

Checkpoint: User Story 2 is independently functional when the released review detail deepens understanding without exposing operator controls, duplicate summaries, or raw support detail by default.

Phase 5: User Story 3 - Safely Consume Packaged Proof And Understand Unavailable States (Priority: P2)

Goal: Let the actor access the current review pack or proof route when entitled, or understand exactly why it is unavailable, expired, absent, or redacted.

Independent Test: From the workspace and released-review detail, verify that current review-pack download and proof routes stay capability-gated, explicit when unavailable, auditable, and never trigger generation, regeneration, publication, or remediation behavior.

Tests for User Story 3

  • T024 [P] [US3] Extend /Users/ahmeddarrazi/Documents/projects/wt-plattform/apps/platform/tests/Feature/Reviews/CustomerReviewWorkspacePackAccessTest.php for available, unavailable, expired, absent, and redacted pack or proof states plus explicit customer-safe messaging on the workspace and released-review detail surfaces
  • T025 [P] [US3] Extend /Users/ahmeddarrazi/Documents/projects/wt-plattform/apps/platform/tests/Feature/ReviewPack/ReviewPackDownloadTest.php for signed current-pack download reuse, source_surface=customer_review_workspace audit metadata, and the absence of generate, regenerate, or publication behavior on this path
  • T026 [P] [US3] Extend /Users/ahmeddarrazi/Documents/projects/wt-plattform/apps/platform/tests/Feature/Evidence/EvidenceSnapshotResourceTest.php and /Users/ahmeddarrazi/Documents/projects/wt-plattform/apps/platform/tests/Feature/Evidence/EvidenceSnapshotAuditLogTest.php for proof-route capability gating, explicit unavailable or redacted handling, and shared audit logging when proof is opened from the customer review flow

Implementation for User Story 3

  • T027 [US3] Reuse /Users/ahmeddarrazi/Documents/projects/wt-plattform/apps/platform/app/Http/Controllers/ReviewPackDownloadController.php, /Users/ahmeddarrazi/Documents/projects/wt-plattform/apps/platform/app/Filament/Resources/ReviewPackResource.php, and /Users/ahmeddarrazi/Documents/projects/wt-plattform/apps/platform/app/Filament/Resources/ReviewPackResource/Pages/ViewReviewPack.php so current-pack access stays capability-first, signed, auditable, and explicit when absent, unavailable, expired, or redacted
  • T028 [US3] Reuse /Users/ahmeddarrazi/Documents/projects/wt-plattform/apps/platform/app/Filament/Resources/EvidenceSnapshotResource.php and /Users/ahmeddarrazi/Documents/projects/wt-plattform/apps/platform/app/Filament/Resources/EvidenceSnapshotResource/Pages/ViewEvidenceSnapshot.php so proof pointers remain customer-safe, capability-gated, and explicit when proof is absent, unavailable, or redacted instead of silently omitted
  • T029 [US3] Finalize shared audit wiring in /Users/ahmeddarrazi/Documents/projects/wt-plattform/apps/platform/app/Support/Audit/AuditActionId.php for workspace entry, review open, proof open, and pack download only where T006 confirmed a real gap, preserving stable tenant, workspace, and source_surface metadata on the existing pipeline
  • T030 [US3] Align pack and proof access wording in /Users/ahmeddarrazi/Documents/projects/wt-plattform/apps/platform/lang/en/localization.php, /Users/ahmeddarrazi/Documents/projects/wt-plattform/apps/platform/lang/de/localization.php, /Users/ahmeddarrazi/Documents/projects/wt-plattform/apps/platform/app/Filament/Pages/Reviews/CustomerReviewWorkspace.php, /Users/ahmeddarrazi/Documents/projects/wt-plattform/apps/platform/app/Filament/Resources/TenantReviewResource/Pages/ViewTenantReview.php, /Users/ahmeddarrazi/Documents/projects/wt-plattform/apps/platform/app/Filament/Resources/ReviewPackResource.php, and /Users/ahmeddarrazi/Documents/projects/wt-plattform/apps/platform/app/Filament/Resources/EvidenceSnapshotResource.php so access, absence, unavailable, expired, and redacted states stay distinct and customer-safe

Checkpoint: User Story 3 is independently functional when current pack and proof access remain bounded, auditable, and explicit under all supported access states.

Phase 6: Polish & Cross-Cutting Concerns

Purpose: Run the narrow validation set, keep formatting clean, and record bounded reviewer outcomes without widening scope.

  • T031 Run export PATH="/bin:/usr/bin:/usr/local/bin:$PATH" && cd apps/platform && ./vendor/bin/sail artisan test --compact tests/Feature/Reviews/CustomerReviewWorkspacePageTest.php tests/Feature/Reviews/CustomerReviewWorkspaceAuthorizationTest.php tests/Feature/Reviews/CustomerReviewWorkspaceLaunchLinksTest.php
  • T032 Run export PATH="/bin:/usr/bin:/usr/local/bin:$PATH" && cd apps/platform && ./vendor/bin/sail artisan test --compact tests/Feature/Reviews/CustomerReviewWorkspaceNavigationContextTest.php tests/Feature/TenantReview/TenantReviewUiContractTest.php tests/Feature/TenantReview/TenantReviewExplanationSurfaceTest.php tests/Feature/Reviews/CustomerReviewWorkspacePackAccessTest.php tests/Feature/ReviewPack/ReviewPackDownloadTest.php tests/Feature/ReviewPack/ReviewPackResourceTest.php tests/Feature/Evidence/EvidenceSnapshotResourceTest.php tests/Feature/Evidence/EvidenceSnapshotAuditLogTest.php
  • T033 Run export PATH="/bin:/usr/bin:/usr/local/bin:$PATH" && cd apps/platform && ./vendor/bin/sail artisan test --compact tests/Browser/Reviews/CustomerReviewWorkspaceSmokeTest.php
  • T034 Run export PATH="/bin:/usr/bin:/usr/local/bin:$PATH" && cd apps/platform && ./vendor/bin/sail bin pint --dirty --format agent
  • T035 Record the final Guardrail / Smoke Coverage close-out, lane results, audit-gap outcome (reuse-only vs bounded additive action IDs), localization or copy scope outcome, global-search safety outcome, and any document-in-feature or follow-up-spec decision in /Users/ahmeddarrazi/Documents/projects/wt-plattform/specs/258-customer-review-productization/plan.md, /Users/ahmeddarrazi/Documents/projects/wt-plattform/specs/258-customer-review-productization/quickstart.md, and /Users/ahmeddarrazi/Documents/projects/wt-plattform/specs/258-customer-review-productization/checklists/requirements.md

Dependencies & Execution Order

Phase Dependencies

  • Phase 1 (Setup): no dependencies; start immediately.
  • Phase 2 (Foundational): depends on Phase 1 and blocks all user stories until RBAC, isolation, audit, presenter, and localization seams are settled.
  • Phase 3 (US1): depends on Phase 2 and delivers the MVP workspace productization slice.
  • Phase 4 (US2): depends on Phase 2 and should follow US1 because it deepens the same review-consumption flow on shared surfaces.
  • Phase 5 (US3): depends on Phase 2 and is safest after US1 or US2 because pack and proof actions build on the same workspace and detail context.
  • Phase 6 (Polish): depends on all implemented stories.

User Story Dependencies

  • US1 (P1): first independently shippable increment once Phase 2 is complete.
  • US2 (P1): independently testable after Phase 2, but should merge after US1 because the same workspace and detail surfaces are shared hotspots.
  • US3 (P2): independently testable after Phase 2, but should merge after US1 because explicit access-state handling depends on the final workspace and detail wording contract.

Within Each User Story

  • Write the listed Pest coverage first and make it fail for the intended gap before runtime implementation.
  • Reuse shared RBAC, audit, presenter, and localization seams before introducing any local helper or new copy mapping.
  • Re-run the narrowest relevant proof command after each story checkpoint before moving to the next story.

Parallel Execution Examples

Phase 1

  • T002 and T003 can run in parallel after T001 confirms the bounded slice.

Phase 2

  • T004, T006, T007, and T008 can run in parallel while T005 settles the shared capability-first control path.

User Story 1

  • T009 and T010 can run in parallel before runtime edits begin.
  • After T011 settles row composition, T012 can proceed before T013 through T015 finalize disclosure, states, and copy.

User Story 2

  • T016, T017, T018, and T019 can run in parallel because they cover different proof surfaces in the same flow.
  • After the tests exist, T020 through T023 should land in order because they touch the same released-review detail family.

User Story 3

  • T024, T025, and T026 can run in parallel.
  • After the tests exist, T027 and T028 can proceed in parallel before T029 and T030 finalize audit and wording alignment.

Implementation Strategy

Suggested MVP Scope

  • MVP = Phase 2 + User Story 1 only. That delivers the calmer customer-safe workspace entry surface, capability-first tenant isolation, explicit access-state handling, and safe launch continuity without yet deepening the released-review detail surface.

Incremental Delivery

  1. Complete Phase 1 and Phase 2.
  2. Deliver US1 and validate the workspace productization contract.
  3. Deliver US2 and validate the released-review detail follow-through.
  4. Deliver US3 and validate packaged-proof access, unavailable states, and audit reuse.
  5. Finish with Phase 6 validation, formatting, and reviewer close-out notes.

Team Strategy

  1. Settle the shared capability, audit, presenter, and localization seams first.
  2. Parallelize test authoring inside each story before converging on the shared workspace and detail files.
  3. Serialize merges around /Users/ahmeddarrazi/Documents/projects/wt-plattform/apps/platform/app/Filament/Pages/Reviews/CustomerReviewWorkspace.php, /Users/ahmeddarrazi/Documents/projects/wt-plattform/apps/platform/resources/views/filament/pages/reviews/customer-review-workspace.blade.php, and /Users/ahmeddarrazi/Documents/projects/wt-plattform/apps/platform/app/Filament/Resources/TenantReviewResource/Pages/ViewTenantReview.php because they are the primary conflict hotspots for this slice.