Automated PR created by Codex via Gitea API. Co-authored-by: Ahmed Darrazi <ahmed.darrazi@live.de> Reviewed-on: #468
50 lines
2.8 KiB
Markdown
50 lines
2.8 KiB
Markdown
# UI-046 Evidence Snapshot Detail
|
|
|
|
| Field | Value |
|
|
| --- | --- |
|
|
| Route | `/admin/workspaces/{workspace}/environments/{environment}/evidence/{record}` |
|
|
| Source | `EvidenceSnapshotResource::view` |
|
|
| Area / scope | Evidence / audit |
|
|
| Archetype | Evidence / Audit |
|
|
| Design depth | Strategic Surface |
|
|
| Repo truth | browser-verified in Spec 372 and Spec 397 |
|
|
| Screenshot | `specs/372-customer-auditor-surface-safety-pass/artifacts/screenshots/005-evidence-snapshot-view-after-or-blocked.png` |
|
|
| Browser status | Reached through Spec 372 smoke-login fixture and Spec 397 focused textual receipt proof; mobile capture also completed in Spec 372. |
|
|
|
|
## First Five Seconds
|
|
|
|
The page should answer what evidence was captured, whether it is complete/current, and which review/report context it supports before showing support diagnostics.
|
|
|
|
## Productization Review
|
|
|
|
- Evidence-first: evidence state, completeness, environment, captured/expires dates, and coverage counts appear before diagnostics.
|
|
- Context: related review/report context now points to review pack and customer workspace, not OperationRun proof.
|
|
- Customer/auditor safety: raw source descriptors, fingerprints, operation count, and raw summary JSON are collapsed.
|
|
- Diagnostics: technical evidence details and technical dimension details remain available for authorized operators.
|
|
|
|
## Dangerous Actions
|
|
|
|
Refresh and expire actions are existing header actions. Expire remains destructive/high-impact and confirmation/authorization/audit behavior is preserved by existing resource tests.
|
|
|
|
## Spec 372 Follow-up
|
|
|
|
- Evidence Snapshot is no longer unresolved for this fixture.
|
|
- OperationRun related-context entry was removed.
|
|
- Browser smoke verified desktop and mobile rendering, section ordering, no JavaScript errors, no console logs, and no mobile horizontal overflow.
|
|
|
|
## Spec 385 Follow-up
|
|
|
|
Spec 385 changes the baseline drift posture item from drift-count-only evidence into a readiness-derived evidence item.
|
|
|
|
- baseline readiness now distinguishes trusted no drift, trusted drift, missing evidence, unresolved identity, unsupported coverage, accepted limitations, exclusions, stale proof, and failed proof
|
|
- legacy compare `reason_code` context alone is not treated as trusted no-drift evidence
|
|
- provider-resource binding decisions are consumed only as internal derived diagnostics, not as raw customer-visible evidence fields
|
|
|
|
## Spec 397 Follow-up
|
|
|
|
Spec 397 reduces the default receipt surface.
|
|
|
|
- `Internal evidence dimensions` replaces the old default evidence-dimension framing.
|
|
- Artifact source/detector/source-target detail is no longer default-visible in the dimension summary.
|
|
- Focused textual browser proof verifies outcome, coverage, related context, and collapsed internal evidence detail without JavaScript or console errors.
|