ahmido/TenantAtlas
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects 1 Releases Wiki Activity
39298f27f2
TenantAtlas/specs/379-management-report-pdf-runtime/checklists/requirements.md
ahmido dbff2a0a90 feat(report): implement management report pdf runtime (#450) 
Added jobs, controllers, and PDF generation logic for management report runtime as defined in Spec 379. Includes artifact migrations, payload builders, and testing coverage.

Co-authored-by: Ahmed Darrazi <ahmed.darrazi@live.de>
Reviewed-on: #450
2026-06-15 11:36:29 +00:00

4.7 KiB
Raw Blame History

Requirements Checklist: Spec 379 - Management Report PDF Runtime Validation & Generation Completion

Purpose: Preparation readiness review for Spec 379 before application implementation. Created: 2026-06-14 Feature: specs/379-management-report-pdf-runtime/spec.md

Candidate And Scope

  • CHK001 The selected candidate is directly user-provided and not invented from the automatic queue.
  • CHK002 The active automatic candidate queue was not used as an auto-prep source.
  • CHK003 Spec 378 is treated as read-only renderer/gateway baseline context, not rewritten.
  • CHK004 The smallest v1 slice is staging/Dokploy runtime validation plus one customer-executive Management Report PDF generation/download flow.
  • CHK005 New renderer infrastructure, package-governance redo, delivery center, auditor report, billing PDF, AI, and portal scope are out of scope.

Repo Truth And Dependencies

  • CHK006 The package reuses the existing Spec 378 PdfRenderingGateway / PdfRendererClient.
  • CHK007 The package reuses existing rendered-report, profile, disclosure, theme, Review Pack, OperationRun, and audit paths.
  • CHK008 The spec records the repo-truth adjustment that Spec 378 contains pending downstream tasks but remains read-only historical baseline.
  • CHK009 Runtime validation is a hard gate before generation enablement.
  • CHK010 The plan includes deployment impact for staging/Dokploy, env/config, queues, storage, and migrations.

Security, RBAC, And Isolation

  • CHK011 Workspace and managed-environment scope are explicit for generation, storage, lookup, operation, and download.
  • CHK012 Non-member or wrong-scope access uses deny-as-not-found semantics.
  • CHK013 Scoped member without capability receives 403 after scope is established.
  • CHK014 PDF content and audit metadata forbid secrets, signed URLs, raw provider payloads, raw operation context, SQL errors, stack traces, and serialized jobs.
  • CHK015 Download must be signed and/or server-authorized and must re-resolve scope before returning bytes.

OperationRun, Audit, And Artifact Truth

  • CHK016 The preferred implementation creates or reuses an OperationRun for generation.
  • CHK017 OperationRun lifecycle must flow through OperationRunService.
  • CHK018 Generation and download audit metadata are specified.
  • CHK019 Artifact truth carries source review/pack, workspace, environment, profile, actor, generated time, private storage, and operation-run provenance.
  • CHK020 A new artifact table/entity is not approved by default; implementation must stop and update spec/plan if one is required.

UI And Productization Coverage

  • CHK021 UI Surface Impact is marked as changed reachable surfaces, not no-impact.
  • CHK022 Affected surfaces are bounded to existing owner detail pages, existing rendered-report source, optional PDF route, and artifact registry only if reused.
  • CHK023 Generate action is classified as high-impact artifact creation and requires explicit confirmation.
  • CHK024 UI coverage artifacts or checked no-update rationale are required during implementation close-out.
  • CHK025 No panel provider or navigation change is planned.

Testing And Validation

  • CHK026 Unit tests are required for runtime validation, payload, readiness, disclosure, and renderer adapter behavior.
  • CHK027 Feature tests are required for generation, storage, OperationRun, audit, authorization, and download.
  • CHK028 Filament/Livewire action tests are required for the selected owner surface.
  • CHK029 Browser/content smoke is required if local fixtures can cover generation/download.
  • CHK030 PostgreSQL lane is required if migrations/indexes/schema constraints are introduced.
  • CHK031 Spec378 gateway regression is included in validation.

Filament / Livewire / Deployment Contract

  • CHK032 Livewire v4.0+ compliance is explicit; no Livewire v3 APIs are planned.
  • CHK033 Provider registration location remains apps/platform/bootstrap/providers.php; no panel provider change is planned.
  • CHK034 Global search posture remains disabled for StoredReport unless a future spec updates it safely.
  • CHK035 Asset strategy expects no new Filament assets; deploy uses existing filament:assets only if assets are registered.
  • CHK036 Runtime validation is a staging/production promotion gate.

Review Outcome

  • CHK037 Candidate Selection Gate result: PASS with repo-truth adjustment.
  • CHK038 Spec Readiness Gate result: PASS for preparation.
  • CHK039 Preparation is implementation-ready for a later implementation loop.
  • CHK040 No application implementation was performed during preparation.