TenantAtlas/docs/ui-ux-enterprise-audit/page-reports/ui-099-rendered-review-report.md
ahmido 9cd06e8b66 feat: review pack pdf and html renderer v1 (spec 356) (#427)
Implemented the first version of the PDF and HTML renderer for review packs. Added ReviewPackRenderedReportController and related blade views to render reports. Updated EnvironmentReviewResource, ReviewPackResource, ReviewPackService, and routing. Added new tests for the renderer and download actions, and updated UI documentation.

Co-authored-by: Ahmed Darrazi <ahmed.darrazi@live.de>
Reviewed-on: #427
2026-06-05 20:39:13 +00:00

2.9 KiB

UI-099 Rendered Review Report

Field Value
Route /admin/review-packs/{reviewPack}/report
Source ReviewPackRenderedReportController
Area / scope Reviews / signed stakeholder report
Archetype Reviews
Design depth Strategic Surface
Repo truth repo-verified
Screenshot -
Browser status Reached in the live in-app browser on 2026-06-05 via the Spec 351 review-output fixture; verified the HTML-first toolbar, signed route, evidence/technical-detail sections, and structured appendix rendering.

First Five Seconds

This route should answer four questions without exposing raw appendix files first:

  1. what can a stakeholder trust right now
  2. what evidence basis supports that conclusion
  3. what limitations or accepted risks still matter
  4. where can the operator return for review detail or artifact detail

Productization Review

  • Decision-first: the hero and guidance badges summarize stakeholder-safe posture before appendix detail.
  • Evidence-first: evidence basis, governance decisions, accepted risks, and technical details stay visible in bounded sections.
  • Context: the route is signed, read-only, and anchored to one current review pack plus one released review.
  • Capability/RBAC awareness: the controller enforces tenant membership, review_pack.view, current-export authority, ready state, and expiry.
  • Customer/auditor safety: diagnostics remain appendix-level; the route does not expose raw ZIP internals as the first screen.
  • Diagnostics/default hierarchy: HTML-first rendering leads, with ZIP download and print as secondary utilities.

Information Inventory

Default-visible content should include executive summary, evidence basis, limitations, key findings, accepted risks, governance decisions requiring awareness, next actions, non-certification disclosure, technical details, and a structured auditor appendix derived from EnvironmentReviewSection truth.

Dangerous Actions

  • Dangerous or high-impact actions: none. This is a read-only route.
  • Current confirmation/evidence posture: toolbar actions only open review detail, review-pack detail, ZIP download, or browser print.
  • Target handling: keep the route signed and current-pack-only; do not widen it into a multi-review delivery surface or implicit PDF engine.

Spec 356 Follow-up

Spec 356 introduces this route as an HTML-first stakeholder handoff:

  • it is derived from the current review-pack contract rather than archive re-parsing
  • it keeps the ZIP as the structured appendix and downloadable artifact
  • it preserves owner-surface backlinks so operators can inspect the released review or pack detail without losing context

Target Direction

Keep this report calm, bounded, and print-friendly. Future follow-up should focus on browser evidence and hierarchy polish, not on a second rendering runtime or a broader delivery taxonomy.