211 lines
28 KiB
Markdown
211 lines
28 KiB
Markdown
---
|
|
|
|
description: "Task list for Compliance Evidence Mapping v1"
|
|
|
|
---
|
|
|
|
# Tasks: Compliance Evidence Mapping v1
|
|
|
|
**Input**: Design documents from `/Users/ahmeddarrazi/Documents/projects/wt-plattform/specs/259-compliance-evidence-mapping/`
|
|
**Prerequisites**: `/Users/ahmeddarrazi/Documents/projects/wt-plattform/specs/259-compliance-evidence-mapping/plan.md` (required), `/Users/ahmeddarrazi/Documents/projects/wt-plattform/specs/259-compliance-evidence-mapping/spec.md` (required), `/Users/ahmeddarrazi/Documents/projects/wt-plattform/specs/259-compliance-evidence-mapping/research.md`, `/Users/ahmeddarrazi/Documents/projects/wt-plattform/specs/259-compliance-evidence-mapping/data-model.md`, `/Users/ahmeddarrazi/Documents/projects/wt-plattform/specs/259-compliance-evidence-mapping/contracts/compliance-evidence-mapping.openapi.yaml`, `/Users/ahmeddarrazi/Documents/projects/wt-plattform/specs/259-compliance-evidence-mapping/quickstart.md`
|
|
|
|
**Tests**: Required (Pest) for runtime behavior changes. Keep proof in the narrow `confidence` lane plus one bounded `browser` smoke because this slice changes review composition, workspace/detail disclosure, evidence-route reuse, and audit traceability on existing surfaces.
|
|
**Operations**: No new `OperationRun`, queue, remote call, destructive action, publication flow, generation flow, or background processing is introduced. Auditability stays on the existing shared audit pipeline only.
|
|
**RBAC**: Workspace membership remains the first boundary. Non-members or out-of-scope tenant targets remain `404`; in-scope actors may receive explicit denial or unavailable messaging only on the reused secondary evidence path. Reuse existing capability registries; do not add raw capability strings or role-string checks.
|
|
**Filament / Provider Safety**: Filament remains v5 on Livewire v4, panel providers remain registered through `/Users/ahmeddarrazi/Documents/projects/wt-plattform/apps/platform/bootstrap/providers.php`, no new panel/provider/path or asset strategy is introduced, and `/Users/ahmeddarrazi/Documents/projects/wt-plattform/apps/platform/app/Filament/Resources/TenantReviewResource.php` plus `/Users/ahmeddarrazi/Documents/projects/wt-plattform/apps/platform/app/Filament/Resources/EvidenceSnapshotResource.php` remain globally disabled.
|
|
**Shared Pattern Reuse**: Reuse `/Users/ahmeddarrazi/Documents/projects/wt-plattform/apps/platform/app/Support/Governance/Controls/CanonicalControlCatalog.php`, `/Users/ahmeddarrazi/Documents/projects/wt-plattform/apps/platform/app/Support/Governance/Controls/CanonicalControlDefinition.php`, `/Users/ahmeddarrazi/Documents/projects/wt-plattform/apps/platform/app/Support/Governance/Controls/CanonicalControlResolver.php`, `/Users/ahmeddarrazi/Documents/projects/wt-plattform/apps/platform/app/Services/TenantReviews/TenantReviewComposer.php`, `/Users/ahmeddarrazi/Documents/projects/wt-plattform/apps/platform/app/Services/TenantReviews/TenantReviewSectionFactory.php`, `/Users/ahmeddarrazi/Documents/projects/wt-plattform/apps/platform/app/Filament/Pages/Reviews/CustomerReviewWorkspace.php`, `/Users/ahmeddarrazi/Documents/projects/wt-plattform/apps/platform/app/Filament/Resources/TenantReviewResource/Pages/ViewTenantReview.php`, `/Users/ahmeddarrazi/Documents/projects/wt-plattform/apps/platform/app/Filament/Resources/EvidenceSnapshotResource/Pages/ViewEvidenceSnapshot.php`, and `/Users/ahmeddarrazi/Documents/projects/wt-plattform/apps/platform/app/Services/Audit/WorkspaceAuditLogger.php` rather than introducing a second interpretation path, a new report engine, framework-specific overlays, or Governance-as-a-Service packaging scope.
|
|
**Organization**: Tasks are grouped by user story so shared interpretation composition, workspace rendering, released-review explanation, and evidence-route traceability remain independently testable after the common seams are settled.
|
|
|
|
## Test Governance Notes
|
|
|
|
- Lane assignment: `confidence` plus one explicit `browser` smoke remain the narrowest sufficient proof for shared interpretation reuse, customer-safe disclosure, tenant isolation, capability-gated evidence drilldown, and interpretation-version traceability.
|
|
- Keep new coverage inside `/Users/ahmeddarrazi/Documents/projects/wt-plattform/apps/platform/tests/Feature/TenantReview/TenantReviewCanonicalControlReferenceTest.php`, `/Users/ahmeddarrazi/Documents/projects/wt-plattform/apps/platform/tests/Feature/TenantReview/TenantReviewUiContractTest.php`, `/Users/ahmeddarrazi/Documents/projects/wt-plattform/apps/platform/tests/Feature/TenantReview/TenantReviewExplanationSurfaceTest.php`, `/Users/ahmeddarrazi/Documents/projects/wt-plattform/apps/platform/tests/Feature/TenantReview/TenantReviewAuditLogTest.php`, `/Users/ahmeddarrazi/Documents/projects/wt-plattform/apps/platform/tests/Feature/Reviews/CustomerReviewWorkspace*.php`, `/Users/ahmeddarrazi/Documents/projects/wt-plattform/apps/platform/tests/Feature/Evidence/EvidenceSnapshotResourceTest.php`, `/Users/ahmeddarrazi/Documents/projects/wt-plattform/apps/platform/tests/Feature/Evidence/EvidenceSnapshotAuditLogTest.php`, and `/Users/ahmeddarrazi/Documents/projects/wt-plattform/apps/platform/tests/Browser/Reviews/CustomerReviewWorkspaceSmokeTest.php`; do not widen this slice into a new browser or export/report test family.
|
|
- Reuse existing released-review, finding, finding-exception, evidence snapshot, entitled-tenant, workspace membership, localization, and audit fixtures; any helper added during implementation must stay explicit and cheap by default.
|
|
- If implementation finds that current action IDs already cover the required audit moments, close the corresponding audit task as metadata enrichment only and record the outcome as `document-in-feature` instead of creating a new audit event family.
|
|
|
|
---
|
|
|
|
## Phase 1: Setup (Shared Context)
|
|
|
|
**Purpose**: Lock the bounded interpretation overlay scope, validation lanes, and exact repo seams before runtime edits begin.
|
|
|
|
- [x] T001 Review the bounded slice, non-goals, guardrail outcomes, and user stories in `/Users/ahmeddarrazi/Documents/projects/wt-plattform/specs/259-compliance-evidence-mapping/spec.md`, `/Users/ahmeddarrazi/Documents/projects/wt-plattform/specs/259-compliance-evidence-mapping/plan.md`, `/Users/ahmeddarrazi/Documents/projects/wt-plattform/specs/259-compliance-evidence-mapping/research.md`, `/Users/ahmeddarrazi/Documents/projects/wt-plattform/specs/259-compliance-evidence-mapping/data-model.md`, `/Users/ahmeddarrazi/Documents/projects/wt-plattform/specs/259-compliance-evidence-mapping/contracts/compliance-evidence-mapping.openapi.yaml`, and `/Users/ahmeddarrazi/Documents/projects/wt-plattform/specs/259-compliance-evidence-mapping/quickstart.md`
|
|
- [x] T002 [P] Review the shared implementation seams in `/Users/ahmeddarrazi/Documents/projects/wt-plattform/apps/platform/app/Support/Governance/Controls/`, `/Users/ahmeddarrazi/Documents/projects/wt-plattform/apps/platform/app/Services/TenantReviews/`, `/Users/ahmeddarrazi/Documents/projects/wt-plattform/apps/platform/app/Filament/Pages/Reviews/CustomerReviewWorkspace.php`, `/Users/ahmeddarrazi/Documents/projects/wt-plattform/apps/platform/app/Filament/Resources/TenantReviewResource.php`, `/Users/ahmeddarrazi/Documents/projects/wt-plattform/apps/platform/app/Filament/Resources/TenantReviewResource/Pages/ViewTenantReview.php`, `/Users/ahmeddarrazi/Documents/projects/wt-plattform/apps/platform/app/Filament/Resources/EvidenceSnapshotResource.php`, `/Users/ahmeddarrazi/Documents/projects/wt-plattform/apps/platform/app/Filament/Resources/EvidenceSnapshotResource/Pages/ViewEvidenceSnapshot.php`, `/Users/ahmeddarrazi/Documents/projects/wt-plattform/apps/platform/app/Services/Audit/WorkspaceAuditLogger.php`, and `/Users/ahmeddarrazi/Documents/projects/wt-plattform/apps/platform/lang/{en,de}/localization.php`
|
|
- [x] T003 [P] Confirm the focused validation commands and existing proof families in `/Users/ahmeddarrazi/Documents/projects/wt-plattform/specs/259-compliance-evidence-mapping/quickstart.md`, `/Users/ahmeddarrazi/Documents/projects/wt-plattform/apps/platform/tests/Feature/TenantReview/`, `/Users/ahmeddarrazi/Documents/projects/wt-plattform/apps/platform/tests/Feature/Reviews/`, `/Users/ahmeddarrazi/Documents/projects/wt-plattform/apps/platform/tests/Feature/Evidence/`, and `/Users/ahmeddarrazi/Documents/projects/wt-plattform/apps/platform/tests/Browser/Reviews/`
|
|
|
|
---
|
|
|
|
## Phase 2: Foundational (Blocking Prerequisites)
|
|
|
|
**Purpose**: Settle the one shared interpretation contract and baseline surface guardrails before any user story-specific rendering work begins.
|
|
|
|
**⚠️ CRITICAL**: No user story work should begin until this phase is complete.
|
|
|
|
- [x] T004 [P] Extend `/Users/ahmeddarrazi/Documents/projects/wt-plattform/apps/platform/tests/Feature/TenantReview/TenantReviewCanonicalControlReferenceTest.php` to lock the bounded `control_interpretation` contract, version-key persistence, limitation flags, and reuse of canonical control references from existing review truth
|
|
- [x] T005 Create the fixed overlay helper in `/Users/ahmeddarrazi/Documents/projects/wt-plattform/apps/platform/app/Support/Governance/Controls/ComplianceEvidenceMappingV1.php` and wire it to reuse `/Users/ahmeddarrazi/Documents/projects/wt-plattform/apps/platform/app/Support/Governance/Controls/CanonicalControlCatalog.php`, `/Users/ahmeddarrazi/Documents/projects/wt-plattform/apps/platform/app/Support/Governance/Controls/CanonicalControlDefinition.php`, and `/Users/ahmeddarrazi/Documents/projects/wt-plattform/apps/platform/app/Support/Governance/Controls/CanonicalControlResolver.php` without introducing a second control taxonomy, new persistence table, or framework registry
|
|
- [x] T006 Extend `/Users/ahmeddarrazi/Documents/projects/wt-plattform/apps/platform/app/Services/TenantReviews/TenantReviewComposer.php` and `/Users/ahmeddarrazi/Documents/projects/wt-plattform/apps/platform/app/Services/TenantReviews/TenantReviewSectionFactory.php` to compose one shared summary/detail interpretation payload into the existing `TenantReview` and `TenantReviewSection` JSON only
|
|
- [x] T007 Extend `/Users/ahmeddarrazi/Documents/projects/wt-plattform/apps/platform/app/Models/TenantReview.php` and `/Users/ahmeddarrazi/Documents/projects/wt-plattform/apps/platform/app/Models/TenantReviewSection.php` with narrow helpers for the stored interpretation version, summary list, limitation counts, and detail-section access so workspace and detail surfaces read one meaning path
|
|
- [x] T008 [P] Extend `/Users/ahmeddarrazi/Documents/projects/wt-plattform/apps/platform/tests/Feature/Reviews/CustomerReviewWorkspaceAuthorizationTest.php` and `/Users/ahmeddarrazi/Documents/projects/wt-plattform/apps/platform/tests/Feature/TenantReview/TenantReviewUiContractTest.php` to freeze deny-as-not-found scope handling, read-only customer-workspace posture, unchanged global-search disablement, and the absence of new destructive or authoring actions on the touched surfaces
|
|
|
|
**Checkpoint**: The stored interpretation contract, access helpers, and no-scope-creep guardrails are fixed before workspace or detail rendering work begins.
|
|
|
|
---
|
|
|
|
## Phase 3: User Story 1 - Understand Control Readiness At A Glance (Priority: P1) 🎯 MVP
|
|
|
|
**Goal**: Let an entitled reviewer open the existing customer review workspace and immediately understand which control areas need follow-up, what evidence basis exists, and what next action is recommended.
|
|
|
|
**Independent Test**: Open `/admin/reviews/workspace` as an entitled read-only actor and confirm each visible tenant shows only the latest released review, a customer-safe mapped-control summary, explicit limitation states, interpretation version disclosure, and one dominant `Open released review` path.
|
|
|
|
### Tests for User Story 1
|
|
|
|
- [x] T009 [P] [US1] Extend `/Users/ahmeddarrazi/Documents/projects/wt-plattform/apps/platform/tests/Feature/Reviews/CustomerReviewWorkspacePageTest.php` for visible interpretation version, non-certification disclosure, control summaries, limitation states, evidence-basis wording, recommended next action, explicit partial or unmapped rows, and the truthful page-level empty state when no entitled released review exists
|
|
- [x] T010 [P] [US1] Extend `/Users/ahmeddarrazi/Documents/projects/wt-plattform/apps/platform/tests/Feature/Reviews/CustomerReviewWorkspaceLaunchLinksTest.php` for safe tenant-prefilter launch behavior and one dominant `Open released review` path from `/Users/ahmeddarrazi/Documents/projects/wt-plattform/apps/platform/app/Filament/Pages/Reviews/CustomerReviewWorkspace.php` that keeps the core customer-safe flow within two interactions or fewer
|
|
|
|
### Implementation for User Story 1
|
|
|
|
- [x] T011 [US1] Update `/Users/ahmeddarrazi/Documents/projects/wt-plattform/apps/platform/app/Services/TenantReviews/TenantReviewRegisterService.php` and `/Users/ahmeddarrazi/Documents/projects/wt-plattform/apps/platform/app/Filament/Pages/Reviews/CustomerReviewWorkspace.php` to build one workspace entry per entitled tenant with a latest released `TenantReview` from its stored `control_interpretation` summary only, while keeping the no-released-review case as a page-level empty state
|
|
- [x] T012 [US1] Render the mapped-control workspace summary in `/Users/ahmeddarrazi/Documents/projects/wt-plattform/apps/platform/resources/views/filament/pages/reviews/customer-review-workspace.blade.php` with interpretation version, non-certification disclosure, evidence basis, limitation flags, and no competing primary action
|
|
- [x] T013 [US1] Keep row-open, tenant-prefilter, and return-path behavior aligned in `/Users/ahmeddarrazi/Documents/projects/wt-plattform/apps/platform/app/Filament/Pages/Reviews/CustomerReviewWorkspace.php` and `/Users/ahmeddarrazi/Documents/projects/wt-plattform/apps/platform/app/Filament/Resources/TenantReviewResource.php` so the dominant inspect path stays the released-review detail without widening discovery
|
|
- [x] T014 [US1] Add workspace summary and limitation wording to `/Users/ahmeddarrazi/Documents/projects/wt-plattform/apps/platform/lang/en/localization.php` and `/Users/ahmeddarrazi/Documents/projects/wt-plattform/apps/platform/lang/de/localization.php` using localization-ready customer-safe labels instead of certification or framework-specific language
|
|
|
|
**Checkpoint**: User Story 1 is independently functional when the workspace truthfully shows released review summaries for entitled tenants with one dominant inspect path and explicit limitation handling.
|
|
|
|
---
|
|
|
|
## Phase 4: User Story 2 - Understand Why A Control Reads This Way (Priority: P1)
|
|
|
|
**Goal**: Let the same actor open the released review detail from the workspace and understand the per-control explanation, evidence basis, accepted-risk influence, and recommended next step without seeing operator-only residue.
|
|
|
|
**Independent Test**: Open a released review from the workspace and verify that each surfaced control explains its state through stored interpretation payloads, stays read-only in `customer_workspace` mode, and keeps supporting evidence as explicit secondary drilldown only.
|
|
|
|
### Tests for User Story 2
|
|
|
|
- [x] T015 [P] [US2] Extend `/Users/ahmeddarrazi/Documents/projects/wt-plattform/apps/platform/tests/Feature/TenantReview/TenantReviewExplanationSurfaceTest.php` for per-control explanation, accepted-risk influence, evidence-basis items, limitation disclosure, and consistency with the stored workspace summary
|
|
- [x] T016 [P] [US2] Extend `/Users/ahmeddarrazi/Documents/projects/wt-plattform/apps/platform/tests/Feature/Reviews/CustomerReviewWorkspaceNavigationContextTest.php` and `/Users/ahmeddarrazi/Documents/projects/wt-plattform/apps/platform/tests/Feature/TenantReview/TenantReviewUiContractTest.php` for `customer_workspace=1` launch semantics, read-only detail mode, and explanation-first layout with no competing header actions
|
|
|
|
### Implementation for User Story 2
|
|
|
|
- [x] T017 [US2] Update `/Users/ahmeddarrazi/Documents/projects/wt-plattform/apps/platform/app/Filament/Resources/TenantReviewResource.php` and `/Users/ahmeddarrazi/Documents/projects/wt-plattform/apps/platform/app/Filament/Resources/TenantReviewResource/Pages/ViewTenantReview.php` to read the shared interpretation section from `TenantReviewSection` and keep customer-workspace mode strictly read-only
|
|
- [x] T018 [US2] Reuse the stored interpretation payload in `/Users/ahmeddarrazi/Documents/projects/wt-plattform/apps/platform/app/Filament/Resources/TenantReviewResource/Pages/ViewTenantReview.php` to render per-control explanation text, evidence basis, accepted-risk context, limitation flags, and recommended next action without page-local remapping
|
|
- [x] T019 [US2] Wire supporting-evidence drilldown through `/Users/ahmeddarrazi/Documents/projects/wt-plattform/apps/platform/app/Filament/Resources/EvidenceSnapshotResource.php` and `/Users/ahmeddarrazi/Documents/projects/wt-plattform/apps/platform/app/Filament/Resources/EvidenceSnapshotResource/Pages/ViewEvidenceSnapshot.php` from `/Users/ahmeddarrazi/Documents/projects/wt-plattform/apps/platform/app/Filament/Resources/TenantReviewResource/Pages/ViewTenantReview.php` so proof stays an explicit in-body, capability-gated route reuse
|
|
- [x] T020 [US2] Add released-review explanation and supporting-evidence wording to `/Users/ahmeddarrazi/Documents/projects/wt-plattform/apps/platform/lang/en/localization.php` and `/Users/ahmeddarrazi/Documents/projects/wt-plattform/apps/platform/lang/de/localization.php` so workspace and detail surfaces share one customer-safe vocabulary
|
|
|
|
**Checkpoint**: User Story 2 is independently functional when the released review detail deepens the same mapped-control meaning without exposing operator actions, duplicate decision summaries, or raw support detail by default.
|
|
|
|
---
|
|
|
|
## Phase 5: User Story 3 - Trust The Interpretation Basis And Its Limits (Priority: P2)
|
|
|
|
**Goal**: Let an entitled reviewer understand which interpretation version they are reading, how that version is traced through audit metadata, and how secondary evidence routes behave without leaking cross-tenant truth.
|
|
|
|
**Independent Test**: Open the workspace, released review detail, and an entitled supporting-evidence route; verify interpretation-version continuity, non-certification wording, audit metadata traceability, capability-gated secondary-path behavior, and deny-as-not-found handling for out-of-scope tenant targets.
|
|
|
|
### Tests for User Story 3
|
|
|
|
- [x] T021 [P] [US3] Extend `/Users/ahmeddarrazi/Documents/projects/wt-plattform/apps/platform/tests/Feature/TenantReview/TenantReviewAuditLogTest.php` and `/Users/ahmeddarrazi/Documents/projects/wt-plattform/apps/platform/tests/Feature/Evidence/EvidenceSnapshotAuditLogTest.php` for `interpretation_version`, `source_surface`, `review_id`, and `tenant_filter_id` metadata on released-review and evidence-open events
|
|
- [x] T022 [P] [US3] Extend `/Users/ahmeddarrazi/Documents/projects/wt-plattform/apps/platform/tests/Feature/Evidence/EvidenceSnapshotResourceTest.php` and `/Users/ahmeddarrazi/Documents/projects/wt-plattform/apps/platform/tests/Browser/Reviews/CustomerReviewWorkspaceSmokeTest.php` for capability-gated evidence reuse, visible interpretation-version continuity, non-certification wording, and workspace-to-detail drilldown behavior
|
|
|
|
### Implementation for User Story 3
|
|
|
|
- [x] T023 [US3] Enrich `/Users/ahmeddarrazi/Documents/projects/wt-plattform/apps/platform/app/Services/Audit/WorkspaceAuditLogger.php` and `/Users/ahmeddarrazi/Documents/projects/wt-plattform/apps/platform/app/Support/Audit/AuditActionId.php` metadata handling for `customer_review_workspace.opened`, `tenant_review.opened`, and `evidence_snapshot.opened` without introducing new audit events or stores
|
|
- Evidence: existing audit events and logger were reused; metadata enrichment is implemented at the existing workspace, review, evidence, and review-pack download call sites, so no new `AuditActionId` value or logger contract change was needed.
|
|
- [x] T024 [US3] Propagate `source_surface`, `tenant_filter_id`, `review_id`, and `interpretation_version` through `/Users/ahmeddarrazi/Documents/projects/wt-plattform/apps/platform/app/Filament/Pages/Reviews/CustomerReviewWorkspace.php`, `/Users/ahmeddarrazi/Documents/projects/wt-plattform/apps/platform/app/Filament/Resources/TenantReviewResource/Pages/ViewTenantReview.php`, and `/Users/ahmeddarrazi/Documents/projects/wt-plattform/apps/platform/app/Filament/Resources/EvidenceSnapshotResource/Pages/ViewEvidenceSnapshot.php` so workspace, detail, and proof reuse one traceable interpretation path
|
|
- [x] T025 [US3] Tighten `/Users/ahmeddarrazi/Documents/projects/wt-plattform/apps/platform/app/Filament/Resources/EvidenceSnapshotResource.php` and `/Users/ahmeddarrazi/Documents/projects/wt-plattform/apps/platform/app/Filament/Resources/EvidenceSnapshotResource/Pages/ViewEvidenceSnapshot.php` so out-of-scope tenant requests stay `404` while in-scope actors get explicit secondary-path denial or unavailability only when capability-gated
|
|
- [x] T026 [US3] Add version-traceability and non-certification localization keys to `/Users/ahmeddarrazi/Documents/projects/wt-plattform/apps/platform/lang/en/localization.php` and `/Users/ahmeddarrazi/Documents/projects/wt-plattform/apps/platform/lang/de/localization.php`, keeping Governance-as-a-Service packaging and framework-specific overlays explicitly out of visible copy
|
|
|
|
**Checkpoint**: User Story 3 is independently functional when interpretation version and audit traceability stay consistent across workspace, detail, and proof surfaces without widening discovery or implying certification.
|
|
|
|
---
|
|
|
|
## Phase 6: Polish & Cross-Cutting Concerns
|
|
|
|
**Purpose**: Run the narrow validation set, keep formatting clean, and record bounded reviewer outcomes without widening scope.
|
|
|
|
- [x] T027 Run `export PATH="/bin:/usr/bin:/usr/local/bin:$PATH" && cd apps/platform && ./vendor/bin/sail artisan test --compact tests/Feature/TenantReview/TenantReviewCanonicalControlReferenceTest.php tests/Feature/Reviews/CustomerReviewWorkspacePageTest.php tests/Feature/Reviews/CustomerReviewWorkspaceAuthorizationTest.php tests/Feature/Reviews/CustomerReviewWorkspaceLaunchLinksTest.php`
|
|
- [x] T028 Run `export PATH="/bin:/usr/bin:/usr/local/bin:$PATH" && cd apps/platform && ./vendor/bin/sail artisan test --compact tests/Feature/Reviews/CustomerReviewWorkspaceNavigationContextTest.php tests/Feature/TenantReview/TenantReviewUiContractTest.php tests/Feature/TenantReview/TenantReviewExplanationSurfaceTest.php tests/Feature/TenantReview/TenantReviewAuditLogTest.php tests/Feature/Evidence/EvidenceSnapshotResourceTest.php tests/Feature/Evidence/EvidenceSnapshotAuditLogTest.php`
|
|
- [x] T029 Run `export PATH="/bin:/usr/bin:/usr/local/bin:$PATH" && cd apps/platform && ./vendor/bin/sail artisan test --compact tests/Browser/Reviews/CustomerReviewWorkspaceSmokeTest.php`
|
|
- [x] T030 Run `export PATH="/bin:/usr/bin:/usr/local/bin:$PATH" && cd apps/platform && ./vendor/bin/sail bin pint --dirty --format agent`
|
|
- [x] T031 Record the final `Guardrail / Smoke Coverage` close-out, shared-interpretation-path outcome, audit-metadata reuse outcome, global-search safety outcome, list-surface review outcome, and any `document-in-feature` or `follow-up-spec` decisions in `/Users/ahmeddarrazi/Documents/projects/wt-plattform/specs/259-compliance-evidence-mapping/plan.md`, `/Users/ahmeddarrazi/Documents/projects/wt-plattform/specs/259-compliance-evidence-mapping/quickstart.md`, and `/Users/ahmeddarrazi/Documents/projects/wt-plattform/specs/259-compliance-evidence-mapping/checklists/requirements.md`
|
|
|
|
---
|
|
|
|
## Dependencies & Execution Order
|
|
|
|
### Phase Dependencies
|
|
|
|
- **Phase 1 (Setup)**: no dependencies; start immediately.
|
|
- **Phase 2 (Foundational)**: depends on Phase 1 and blocks all user stories until the one shared interpretation contract and base guardrails are fixed.
|
|
- **Phase 3 (US1)**: depends on Phase 2 and delivers the MVP workspace interpretation slice.
|
|
- **Phase 4 (US2)**: depends on Phase 2 and should follow US1 because the released-review detail must explain the same stored workspace summary on the same shared path.
|
|
- **Phase 5 (US3)**: depends on Phase 2 and is safest after US1 and US2 because version traceability and evidence-route reuse depend on the shared interpretation already being visible on both surfaces.
|
|
- **Phase 6 (Polish)**: depends on all implemented stories.
|
|
|
|
### User Story Dependencies
|
|
|
|
- **US1 (P1)**: first independently shippable increment once Phase 2 is complete.
|
|
- **US2 (P1)**: independently testable after Phase 2, but should merge after US1 because it deepens the same stored interpretation contract on the released-review detail surface.
|
|
- **US3 (P2)**: independently testable after Phase 2, but should merge after US1 and US2 because audit metadata and evidence-route behavior depend on the shared interpretation being visible end-to-end.
|
|
|
|
### Within Each User Story
|
|
|
|
- Write the listed Pest coverage first and make it fail for the intended gap before runtime implementation.
|
|
- Reuse the stored interpretation contract, existing capability checks, and current audit logger before introducing any local mapper, route family, or copy-only duplication.
|
|
- Re-run the narrowest relevant proof command after each story checkpoint before moving to the next story.
|
|
|
|
---
|
|
|
|
## Parallel Execution Examples
|
|
|
|
### Phase 1
|
|
|
|
- T002 and T003 can run in parallel after T001 confirms the bounded slice.
|
|
|
|
### Phase 2
|
|
|
|
- T004 and T008 can run in parallel while T005 through T007 settle the shared interpretation contract and model-access path.
|
|
|
|
### User Story 1
|
|
|
|
- T009 and T010 can run in parallel before runtime edits begin.
|
|
- After T011 settles row composition, T012 and T014 can proceed before T013 finalizes launch and inspect behavior.
|
|
|
|
### User Story 2
|
|
|
|
- T015 and T016 can run in parallel before detail-surface edits begin.
|
|
- After T017 lands the read-only detail mode, T018 and T020 can proceed before T019 finalizes secondary evidence drilldown.
|
|
|
|
### User Story 3
|
|
|
|
- T021 and T022 can run in parallel before audit and proof-path implementation begins.
|
|
|
|
---
|
|
|
|
## Implementation Strategy
|
|
|
|
### Suggested MVP Scope
|
|
|
|
- MVP = **Phase 2 + User Story 1** only. That delivers the shared interpretation contract plus the workspace rendering that makes the customer-safe control/readiness overlay visible without yet deepening detail and proof behavior.
|
|
|
|
### Incremental Delivery
|
|
|
|
1. Complete Phase 1 and Phase 2.
|
|
2. Deliver US1 and validate the workspace interpretation contract.
|
|
3. Deliver US2 and validate the released-review explanation path.
|
|
4. Deliver US3 and validate audit traceability plus evidence-route reuse.
|
|
5. Finish with Phase 6 validation, formatting, and reviewer close-out notes.
|
|
|
|
### Team Strategy
|
|
|
|
1. Settle `/Users/ahmeddarrazi/Documents/projects/wt-plattform/apps/platform/app/Support/Governance/Controls/ComplianceEvidenceMappingV1.php`, `/Users/ahmeddarrazi/Documents/projects/wt-plattform/apps/platform/app/Services/TenantReviews/TenantReviewComposer.php`, and `/Users/ahmeddarrazi/Documents/projects/wt-plattform/apps/platform/app/Services/TenantReviews/TenantReviewSectionFactory.php` first because every surface depends on that stored interpretation payload.
|
|
2. Parallelize test authoring inside each story before converging on the shared workspace, detail, and evidence files.
|
|
3. Serialize merges around `/Users/ahmeddarrazi/Documents/projects/wt-plattform/apps/platform/app/Filament/Pages/Reviews/CustomerReviewWorkspace.php`, `/Users/ahmeddarrazi/Documents/projects/wt-plattform/apps/platform/app/Filament/Resources/TenantReviewResource/Pages/ViewTenantReview.php`, `/Users/ahmeddarrazi/Documents/projects/wt-plattform/apps/platform/app/Filament/Resources/EvidenceSnapshotResource/Pages/ViewEvidenceSnapshot.php`, and `/Users/ahmeddarrazi/Documents/projects/wt-plattform/apps/platform/lang/{en,de}/localization.php` because they are the highest-conflict hotspots for this slice.
|
|
|
|
---
|
|
|
|
## Notes
|
|
|
|
- This file plans implementation only. No application code is changed by the task-generation step.
|
|
- The interpretation layer stays bounded to one versioned overlay over existing canonical control references and released review truth.
|
|
- No new panel/provider, no OperationRun UX, no destructive actions, no new persistence table, no new report engine, no new asset strategy, no global-search expansion, no framework-specific overlay work, and no Governance-as-a-Service packaging work are included in these tasks.
|