ahmido/TenantAtlas
1
0
Fork 0
Code Issues Pull Requests 2 Actions Packages Projects 1 Releases Wiki Activity
966b7af472
TenantAtlas/specs/258-customer-review-productization/contracts/customer-review-productization.openapi.yaml
ahmido 966b7af472
Some checks failed
PR Fast Feedback / fast-feedback (pull_request) Failing after 1m0s
Details
feat: productize customer review workspace (#310) 
## Summary
- productize the customer review workspace and released-review drilldown into a calmer customer-safe governance flow
- make review-pack and evidence-proof access explicit, capability-aware, and auditable in the shared Filament resources
- add focused Pest coverage, browser smoke coverage, and the full Spec 258 artifact package

## Notes
- Filament stays on v5 with Livewire v4 surfaces; no provider registration changes were introduced
- no new global-search scope, destructive action surface, or asset registration was added
- bounded additive audit action IDs were added for workspace open and evidence proof open events

## Validation
- focused Pest feature suites for workspace, review detail, review-pack, and evidence flows
- bounded browser smoke: `tests/Browser/Reviews/CustomerReviewWorkspaceSmokeTest.php`
- `cd apps/platform && ./vendor/bin/sail bin pint --dirty --format agent`

Co-authored-by: Ahmed Darrazi <ahmed.darrazi@live.de>
Reviewed-on: #310
2026-04-30 18:15:32 +00:00

299 lines
9.1 KiB
YAML
Raw Blame History

openapi: 3.0.3
info:
title: TenantPilot Customer Review Workspace Productization v1 (Conceptual)
version: 0.1.0
description: |
Conceptual contract for the customer-safe productization follow-up in Spec 258.
NOTE: These paths describe existing admin and tenant-scoped routes reused by
the implementation. The schemas document expected derived page/view behavior
for planning purposes only; they do not require a new public REST API.
servers:
- url: /
paths:
/admin/reviews/workspace:
get:
summary: View the productized customer review workspace
description: |
Existing canonical admin-plane workspace page for customer-safe review
consumption. The route stays read-only and reuses current tenant review,
finding, evidence, review-pack, localization, RBAC, and audit truth.
parameters:
- in: query
name: tenant
required: false
schema:
type: string
description: |
Optional tenant prefilter using the existing tenant id or external id
pattern already accepted by the workspace page.
responses:
'200':
description: Workspace page rendered
content:
text/html:
schema:
type: string
application/json:
schema:
$ref: '#/components/schemas/CustomerReviewWorkspacePageModel'
'404':
description: Not found for non-members, actors without entitled tenants, or explicit out-of-scope tenant targeting
/admin/t/{tenant}/reviews/{review}:
get:
summary: Open the released review detail from the customer review workspace
description: |
Existing tenant-scoped released-review detail route reused as the
secondary context surface from the workspace page. The customer-workspace
flow uses the existing `customer_workspace=1` query flag to keep the
detail read-only and customer-safe.
parameters:
- in: path
name: tenant
required: true
schema:
type: integer
- in: path
name: review
required: true
schema:
type: integer
- in: query
name: customer_workspace
required: false
schema:
type: boolean
description: Existing query-context flag that suppresses operator lifecycle actions on the detail surface.
responses:
'200':
description: Released review detail rendered
content:
text/html:
schema:
type: string
application/json:
schema:
$ref: '#/components/schemas/CustomerReviewDetailModel'
'403':
description: Forbidden for an in-scope actor missing the record-level review permission
'404':
description: Not found for non-members, tenant mismatches, or out-of-scope review targets
/admin/t/{tenant}/evidence/{evidenceSnapshot}:
get:
summary: Open an evidence proof route from the customer review flow
description: |
Existing tenant-scoped evidence detail route reused only when the actor
explicitly asks for proof and has the required capability.
parameters:
- in: path
name: tenant
required: true
schema:
type: integer
- in: path
name: evidenceSnapshot
required: true
schema:
type: integer
- in: query
name: source_surface
required: false
schema:
type: string
description: Optional source-surface metadata if proof access is audited through the shared audit pipeline.
responses:
'200':
description: Evidence proof detail rendered
content:
text/html:
schema:
type: string
'403':
description: Forbidden for an in-scope actor missing evidence capability
'404':
description: Not found for non-members, mismatched tenant scope, or unavailable proof targets
/admin/review-packs/{reviewPack}/download:
get:
summary: Download the current review pack
description: |
Existing signed download route reused by the productized customer review
flow. The pack must already exist, be ready, and not be expired.
parameters:
- in: path
name: reviewPack
required: true
schema:
type: integer
- in: query
name: source_surface
required: false
schema:
type: string
description: Existing download metadata hook used by the shared audit path.
responses:
'200':
description: Review pack download stream
content:
application/zip:
schema:
type: string
format: binary
'403':
description: Forbidden because of missing signature or invalid signed URL
'404':
description: Review pack not found, not ready, expired, or out of accessible tenant scope
components:
schemas:
CustomerReviewWorkspacePageModel:
type: object
required:
- workspace_id
- entries
properties:
workspace_id:
type: integer
tenant_filter_id:
type: integer
nullable: true
entries:
type: array
items:
$ref: '#/components/schemas/CustomerReviewWorkspaceEntry'
empty_state_message:
type: string
nullable: true
audit_expectation:
type: string
nullable: true
description: |
Planning-only note describing whether workspace-open auditing is
already covered or requires a bounded shared-audit extension.
CustomerReviewWorkspaceEntry:
type: object
required:
- tenant_id
- tenant_name
- review_access
- review_pack_access
- evidence_proof_access
properties:
tenant_id:
type: integer
tenant_name:
type: string
latest_published_review_id:
type: integer
nullable: true
latest_review_published_at:
type: string
format: date-time
nullable: true
outcome_summary:
type: string
nullable: true
findings_summary:
type: string
nullable: true
accepted_risk_accountability_summary:
$ref: '#/components/schemas/AcceptedRiskAccountabilitySummary'
review_access:
$ref: '#/components/schemas/AccessState'
review_pack_access:
$ref: '#/components/schemas/AccessState'
evidence_proof_access:
$ref: '#/components/schemas/AccessState'
redaction_note:
type: string
nullable: true
absence_note:
type: string
nullable: true
CustomerReviewDetailModel:
type: object
required:
- review_id
- tenant_id
- launched_from_customer_workspace
- operator_actions_hidden
properties:
review_id:
type: integer
tenant_id:
type: integer
launched_from_customer_workspace:
type: boolean
operator_actions_hidden:
type: boolean
narrative_outcome_summary:
type: string
nullable: true
findings_summary:
type: string
nullable: true
accepted_risk_accountability_summary:
$ref: '#/components/schemas/AcceptedRiskAccountabilitySummary'
evidence_summary:
type: string
nullable: true
review_pack_access:
$ref: '#/components/schemas/AccessState'
evidence_proof_access:
$ref: '#/components/schemas/AccessState'
secondary_diagnostics_collapsed:
type: boolean
nullable: true
AcceptedRiskAccountabilitySummary:
type: object
nullable: true
properties:
summary_text:
type: string
accountable_party:
type: string
nullable: true
decision_reason:
type: string
nullable: true
review_due_at:
type: string
format: date-time
nullable: true
expires_at:
type: string
format: date-time
nullable: true
completeness_note:
type: string
nullable: true
AccessState:
type: object
required:
- state
properties:
state:
type: string
enum:
- available
- absent
- unavailable
- expired
- redacted
- partial
message:
type: string
nullable: true
url:
type: string
nullable: true
audit_action_id:
type: string
nullable: true
description: Existing or bounded-additive shared audit action id for the explicit access moment.
Reference in New Issue View Git Blame Copy Permalink