ahmido/TenantAtlas
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects 1 Releases Wiki Activity
788efee1c2
TenantAtlas/specs/379-management-report-pdf-runtime/checklists/requirements.md
ahmido dbff2a0a90 feat(report): implement management report pdf runtime (#450) 
Added jobs, controllers, and PDF generation logic for management report runtime as defined in Spec 379. Includes artifact migrations, payload builders, and testing coverage.

Co-authored-by: Ahmed Darrazi <ahmed.darrazi@live.de>
Reviewed-on: #450
2026-06-15 11:36:29 +00:00

70 lines
4.7 KiB
Markdown
Raw Blame History

# Requirements Checklist: Spec 379 - Management Report PDF Runtime Validation & Generation Completion
**Purpose**: Preparation readiness review for Spec 379 before application implementation.
**Created**: 2026-06-14
**Feature**: `specs/379-management-report-pdf-runtime/spec.md`
## Candidate And Scope
- [x] CHK001 The selected candidate is directly user-provided and not invented from the automatic queue.
- [x] CHK002 The active automatic candidate queue was not used as an auto-prep source.
- [x] CHK003 Spec 378 is treated as read-only renderer/gateway baseline context, not rewritten.
- [x] CHK004 The smallest v1 slice is staging/Dokploy runtime validation plus one customer-executive Management Report PDF generation/download flow.
- [x] CHK005 New renderer infrastructure, package-governance redo, delivery center, auditor report, billing PDF, AI, and portal scope are out of scope.
## Repo Truth And Dependencies
- [x] CHK006 The package reuses the existing Spec 378 `PdfRenderingGateway` / `PdfRendererClient`.
- [x] CHK007 The package reuses existing rendered-report, profile, disclosure, theme, Review Pack, OperationRun, and audit paths.
- [x] CHK008 The spec records the repo-truth adjustment that Spec 378 contains pending downstream tasks but remains read-only historical baseline.
- [x] CHK009 Runtime validation is a hard gate before generation enablement.
- [x] CHK010 The plan includes deployment impact for staging/Dokploy, env/config, queues, storage, and migrations.
## Security, RBAC, And Isolation
- [x] CHK011 Workspace and managed-environment scope are explicit for generation, storage, lookup, operation, and download.
- [x] CHK012 Non-member or wrong-scope access uses deny-as-not-found semantics.
- [x] CHK013 Scoped member without capability receives 403 after scope is established.
- [x] CHK014 PDF content and audit metadata forbid secrets, signed URLs, raw provider payloads, raw operation context, SQL errors, stack traces, and serialized jobs.
- [x] CHK015 Download must be signed and/or server-authorized and must re-resolve scope before returning bytes.
## OperationRun, Audit, And Artifact Truth
- [x] CHK016 The preferred implementation creates or reuses an OperationRun for generation.
- [x] CHK017 OperationRun lifecycle must flow through `OperationRunService`.
- [x] CHK018 Generation and download audit metadata are specified.
- [x] CHK019 Artifact truth carries source review/pack, workspace, environment, profile, actor, generated time, private storage, and operation-run provenance.
- [x] CHK020 A new artifact table/entity is not approved by default; implementation must stop and update spec/plan if one is required.
## UI And Productization Coverage
- [x] CHK021 UI Surface Impact is marked as changed reachable surfaces, not no-impact.
- [x] CHK022 Affected surfaces are bounded to existing owner detail pages, existing rendered-report source, optional PDF route, and artifact registry only if reused.
- [x] CHK023 Generate action is classified as high-impact artifact creation and requires explicit confirmation.
- [x] CHK024 UI coverage artifacts or checked no-update rationale are required during implementation close-out.
- [x] CHK025 No panel provider or navigation change is planned.
## Testing And Validation
- [x] CHK026 Unit tests are required for runtime validation, payload, readiness, disclosure, and renderer adapter behavior.
- [x] CHK027 Feature tests are required for generation, storage, OperationRun, audit, authorization, and download.
- [x] CHK028 Filament/Livewire action tests are required for the selected owner surface.
- [x] CHK029 Browser/content smoke is required if local fixtures can cover generation/download.
- [x] CHK030 PostgreSQL lane is required if migrations/indexes/schema constraints are introduced.
- [x] CHK031 Spec378 gateway regression is included in validation.
## Filament / Livewire / Deployment Contract
- [x] CHK032 Livewire v4.0+ compliance is explicit; no Livewire v3 APIs are planned.
- [x] CHK033 Provider registration location remains `apps/platform/bootstrap/providers.php`; no panel provider change is planned.
- [x] CHK034 Global search posture remains disabled for StoredReport unless a future spec updates it safely.
- [x] CHK035 Asset strategy expects no new Filament assets; deploy uses existing `filament:assets` only if assets are registered.
- [x] CHK036 Runtime validation is a staging/production promotion gate.
## Review Outcome
- [x] CHK037 Candidate Selection Gate result: PASS with repo-truth adjustment.
- [x] CHK038 Spec Readiness Gate result: PASS for preparation.
- [x] CHK039 Preparation is implementation-ready for a later implementation loop.
- [x] CHK040 No application implementation was performed during preparation.
Reference in New Issue View Git Blame Copy Permalink