ahmido/TenantAtlas
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects 1 Releases Wiki Activity
9e435ea91f
TenantAtlas/docs/ui-ux-enterprise-audit/page-reports/ui-099-rendered-review-report.md
ahmido b7907bd69d feat: add report profile and disclosure policy to rendered review reports (#428) 
Implementing report profiles and disclosure policy as per spec 357.

Co-authored-by: Ahmed Darrazi <ahmed.darrazi@live.de>
Reviewed-on: #428
2026-06-06 09:41:19 +00:00

4.1 KiB
Raw Blame History

UI-099 Rendered Review Report

Field Value
Route /admin/review-packs/{reviewPack}/report
Source ReviewPackRenderedReportController
Area / scope Reviews / signed stakeholder report
Archetype Reviews
Design depth Strategic Surface
Repo truth repo-verified
Screenshot specs/357-report-profiles-disclosure-policy-v1/artifacts/screenshots/spec357-in-app-browser-customer-executive.png
Browser status Reached in the live in-app browser on 2026-06-05 via the Spec 351 review-output fixture plus a signed rendered-report URL; verified HTML-first chrome, effective profile metadata, disclosure-proof badges, and appendix hiding for customer_executive.

First Five Seconds

This route should answer four questions without exposing raw appendix files first:

  1. what can a stakeholder trust right now
  2. what evidence basis supports that conclusion
  3. what limitations or accepted risks still matter
  4. where can the operator return for review detail or artifact detail

Productization Review

  • Decision-first: the hero and guidance badges summarize stakeholder-safe posture before appendix detail.
  • Evidence-first: evidence basis, governance decisions, accepted risks, and technical details stay visible in bounded sections.
  • Audience-first: the route now states effective profile, requested profile, audience boundary, and source surface before appendix detail.
  • Truth-over-presentation: profile-specific filtering may hide appendix detail, but it may not hide readiness, evidence state, disclosure state, or non-certification copy.
  • Context: the route is signed, read-only, and anchored to one current review pack plus one released review.
  • Capability/RBAC awareness: the controller enforces tenant membership, review_pack.view, current-export authority, ready state, and expiry.
  • Customer/auditor safety: diagnostics remain appendix-level; customer-facing profiles fail closed or hide appendix detail when internal-only or PII-bearing scope remains.
  • Diagnostics/default hierarchy: HTML-first rendering leads, with ZIP download and print as secondary utilities.

Information Inventory

Default-visible content should include executive summary, effective profile, audience, requested profile, source metadata, evidence basis, limitations, key findings, accepted risks, governance decisions requiring awareness, next actions, disclosure-proof state badges, and non-certification disclosure. Technical details and the structured appendix remain profile-aware and may be hidden for customer-executive delivery.

Dangerous Actions

  • Dangerous or high-impact actions: none. This is a read-only route.
  • Current confirmation/evidence posture: toolbar actions only open review detail, review-pack detail, ZIP download, or browser print.
  • Target handling: keep the route signed and current-pack-only; do not widen it into a multi-review delivery surface or implicit PDF engine.

Spec 356 Follow-up

Spec 356 introduces this route as an HTML-first stakeholder handoff:

  • it is derived from the current review-pack contract rather than archive re-parsing
  • it keeps the ZIP as the structured appendix and downloadable artifact
  • it preserves owner-surface backlinks so operators can inspect the released review or pack detail without losing context

Spec 357 Follow-up

Spec 357 adds a bounded report-policy layer on the same route:

  • profile selection remains on the signed rendered-report URL seam and fails closed for unknown or placeholder profiles
  • the route now shows effective profile, audience, requested profile, and source surface metadata explicitly
  • disclosure proof is split into verified, assumed, missing, unknown, and not_applicable states instead of silently upgrading stored booleans to verified truth
  • appendix and technical-detail visibility now depend on the effective profile and current internal-only / PII boundary

Target Direction

Keep this report calm, bounded, and print-friendly. Future follow-up should focus on browser evidence and hierarchy polish, not on a second rendering runtime or a broader delivery taxonomy.