ahmido/TenantAtlas
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects 1 Releases Wiki Activity
7ee4909212
TenantAtlas/specs/249-customer-review-workspace/quickstart.md
ahmido aacd82849a
Some checks failed
Main Confidence / confidence (push) Failing after 54s
Details
feat(reviews): add CustomerReviewWorkspace with audit logging and RBAC enforcement (#289) 
Add `CustomerReviewWorkspace` page for tenant pre-filtered reviews
Add customer workspace links to `EvidenceSnapshotResource`, `ReviewPackResource`, and `TenantReviewResource`
Implement audit logging for `TenantReviewOpened` and `ReviewPackDownloaded` actions
Update ReviewPack download controller to enforce tenant-scoped RBAC
Add tests for ReviewPack download authorization and audit logging

Co-authored-by: Ahmed Darrazi <ahmed.darrazi@live.de>
Reviewed-on: #289
2026-04-28 07:15:41 +00:00

6.3 KiB
Raw Blame History

Quickstart — Customer Review Workspace v1

Preconditions

  • Docker is running and the Sail stack for apps/platform is available.
  • The feature remains inside the existing Laravel monolith and admin plane.
  • The first slice stays read-oriented: no new customer portal, no new identity plane, no new persistence, and no remediation or generation workflow.

Intended Implementation Order

  1. Add the native admin CustomerReviewWorkspace page and its Blade view under the existing reviews family.
  2. Reuse or minimally extend TenantReviewRegisterService to resolve workspace membership, entitled tenants, and latest published reviews per entitled tenant.
  3. Compose customer-safe row content from existing TenantReview summary / section payloads, ArtifactTruthPresenter, currentExportReviewPack, and RedactionIntegrity.
  4. Preserve tenant launch context and remembered filters through Livewire-safe public/query/session-backed state.
  5. Wire Open latest review to the existing tenant-scoped review detail route and keep review-pack consumption on the existing signed download path.
  6. Reuse the existing audit pipeline for any explicit artifact access event that is not already covered by the current review / export flow.
  7. Add focused feature coverage and one browser smoke test, then run Pint.

Targeted Validation Commands (after implementation)

  • export PATH="/bin:/usr/bin:/usr/local/bin:$PATH" && cd apps/platform && ./vendor/bin/sail artisan test --compact tests/Feature/Reviews/CustomerReviewWorkspacePageTest.php
  • export PATH="/bin:/usr/bin:/usr/local/bin:$PATH" && cd apps/platform && ./vendor/bin/sail artisan test --compact tests/Feature/Reviews/CustomerReviewWorkspaceAuthorizationTest.php
  • export PATH="/bin:/usr/bin:/usr/local/bin:$PATH" && cd apps/platform && ./vendor/bin/sail artisan test --compact tests/Feature/Reviews/CustomerReviewWorkspacePackAccessTest.php
  • export PATH="/bin:/usr/bin:/usr/local/bin:$PATH" && cd apps/platform && ./vendor/bin/sail artisan test --compact tests/Browser/Reviews/CustomerReviewWorkspaceSmokeTest.php
  • If implementation changes pack-download plumbing directly: export PATH="/bin:/usr/bin:/usr/local/bin:$PATH" && cd apps/platform && ./vendor/bin/sail artisan test --compact tests/Feature/ReviewPack/ReviewPackDownloadTest.php
  • export PATH="/bin:/usr/bin:/usr/local/bin:$PATH" && cd apps/platform && ./vendor/bin/sail bin pint --dirty --format agent

Smoke Checklist Reference (after implementation)

Implementation close-out used the bounded browser smoke in tests/Browser/Reviews/CustomerReviewWorkspaceSmokeTest.php plus the focused feature lane as the executed smoke evidence. The checklist below remains the human reference checklist, but no separate manual integrated-browser run was executed for this implementation close-out.

  1. Sign in to /admin as a readonly-capable tenant actor, select a workspace, and open /admin/reviews/workspace.
  2. Confirm that the page shows only entitled tenants, the latest customer-safe review posture, and no create, publish, regenerate, refresh, expire, triage, or remediation controls.
  3. Launch the page from an existing tenant-scoped review or evidence route and confirm the tenant prefilter survives the first page load.
  4. Open the latest review for a tenant with a published review and confirm the detail remains read-oriented for the readonly actor.
  5. Use the pack action for a tenant with a current pack and confirm the download path stays signed and customer-safe; for a tenant without a current pack, confirm the page shows a calm unavailable state instead of a generation action.
  6. Attempt an explicit out-of-scope tenant filter or deep link and confirm the result stays not found without leaking tenant existence.

Executed Validation Evidence

  • export PATH="/bin:/usr/bin:/usr/local/bin:$PATH" && cd apps/platform && ./vendor/bin/sail artisan test --compact tests/Feature/Reviews/CustomerReviewWorkspacePageTest.php tests/Feature/Reviews/CustomerReviewWorkspaceAuthorizationTest.php tests/Feature/Reviews/CustomerReviewWorkspacePackAccessTest.php tests/Feature/Reviews/CustomerReviewWorkspaceLaunchLinksTest.php tests/Feature/Evidence/EvidenceSnapshotResourceTest.php tests/Feature/ReviewPack/ReviewPackWidgetTest.php tests/Feature/ReviewPack/ReviewPackResourceTest.php tests/Feature/ReviewPack/ReviewPackDownloadTest.php tests/Feature/ReviewPack/ReviewPackRbacTest.php tests/Feature/TenantReview/TenantReviewUiContractTest.php tests/Browser/Reviews/CustomerReviewWorkspaceSmokeTest.php -> 83 passed (372 assertions)
  • export PATH="/bin:/usr/bin:/usr/local/bin:$PATH" && cd apps/platform && ./vendor/bin/sail artisan test --compact tests/Browser/Reviews/CustomerReviewWorkspaceSmokeTest.php -> 1 passed (19 assertions)
  • export PATH="/bin:/usr/bin:/usr/local/bin:$PATH" && cd apps/platform && ./vendor/bin/sail bin pint --dirty --format agent -> pass

Close-out Notes

  • TenantReviewRegisterService reuse held; no page-local helper was needed.
  • The review-pack download route remained signed, but now also enforces tenant membership and REVIEW_PACK_VIEW at request time.
  • Explicit artifact access is now audited through additive tenant_review.opened and review_pack.downloaded action IDs on the existing audit pipeline.
  • ReviewRegister and EvidenceOverview satisfied the launch-path requirement through existing row/detail navigation reuse rather than new duplicate workspace buttons.

Notes

  • Filament v5 already runs on Livewire v4 in this repo.
  • Panel providers remain registered through ../../apps/platform/bootstrap/providers.php; this slice does not add or move providers.
  • No new globally searchable Resource is part of v1. Existing review, review-pack, and evidence Resources already keep global search disabled.
  • No destructive action belongs on the new workspace page. If implementation accidentally introduces one, it must use ->requiresConfirmation() and stay outside the customer-safe default path.
  • No new registered asset bundle is expected. If implementation later registers a Filament asset anyway, deployment still requires cd apps/platform && php artisan filament:assets.
  • This remains a customer-safe consumption slice only. Review creation, publication, regeneration, remediation, and operator/debug workflows remain on existing internal surfaces or future specs.