Spec 342 - Customer Review Consumption State Contract
Status: implemented
Created: 2026-06-01
Scope: Customer Review Workspace first-screen consumption states
This contract defines display states for Customer Review Workspace. These states are presentation labels derived from existing repo truth. They are not a new enum, lifecycle family, persisted status, or platform workflow framework.
Universal Rules
- Default-visible content must answer: status, reason, impact, and primary next action.
- Primary next action must be singular per rendered state.
- Diagnostics default is
Collapsed or Unavailable.
- Raw provider JSON, raw OperationRun payload, fingerprints, stack traces, internal IDs as primary labels, and platform reason families are hidden by default.
- Customer-safe, auditor-ready, evidence-backed, export-ready, healthy, complete, or compliant claims appear only when repo-backed.
- OperationRun proof is not evidence output, review-pack output, or customer-safe readiness.
- External delivery and attestation are unavailable unless implementation discovers repo-backed truth and updates this contract/spec first.
Implementation Notes
- Spec 342 implemented these states as presentation-only, page-local derived payloads on the existing Customer Review Workspace.
- Open findings block a ready-to-share claim even when evidence and review-pack truth are available; the pack/export state remains visible but customer-safe output is
Needs review.
- Accepted-risk summaries are visible by default when repo-backed; full accepted-risk records remain collapsed.
- Findings and accepted-risk follow-up states use concrete decision-card copy based on repo-backed counts, owners, rationale, and review-date context instead of generic issue text.
- The prior repeated readiness summary cards are absorbed into the six-step consumption flow and right-rail proof panels to reduce duplicate status surfaces.
Download review pack appears only as the primary action when the review is actually ready to share; follow-up states keep review-pack availability as status context and route the primary action to the review.
- Diagnostics remain collapsed by default, and raw provider/support payloads, stack traces, fingerprints, and raw OperationRun JSON are not rendered in the default customer-safe surface.
Flow Steps
The review readiness flow uses these steps:
- Review data
- Evidence
- Findings triaged
- Accepted risks reviewed
- Review pack
- Customer-safe output
Presentation Vocabulary
Available
Missing
Required
Generating
Failed
Ready
Needs review
Not ready
Unavailable
Collapsed
Deferred
State Contracts
1. Review Not Ready
| Field |
Contract |
| Visible status |
Review not ready |
| Reason |
Required review data or evidence is missing. |
| Impact |
This review should not be shared as customer-ready yet. |
| Primary next action |
Complete review preparation, only if repo-supported and authorized; otherwise show unavailable. |
| Findings summary |
Unavailable or deferred unless repo-backed review/finding data exists. |
| Accepted risks state |
Unavailable or deferred unless repo-backed exception data exists. |
| Evidence state |
Missing or unavailable. |
| Review pack state |
Unavailable. |
| Customer-safe output state |
Not ready. |
| Export state |
Unavailable. |
| Diagnostics default |
Collapsed/unavailable. |
2. Review Ready, Evidence Missing
| Field |
Contract |
| Visible status |
Review ready, evidence missing |
| Reason |
Review summary exists, but supporting evidence is not available. |
| Impact |
Findings can be discussed, but the review is not evidence-backed yet. |
| Primary next action |
Open review or generate/open evidence only when repo-supported and authorized. |
| Findings summary |
Available when review-derived or finding data is repo-backed. |
| Accepted risks state |
Available when exception data is repo-backed. |
| Evidence state |
Missing. |
| Review pack state |
Required or unavailable. |
| Customer-safe output state |
Needs review or not ready; never evidence-backed. |
| Export state |
Unavailable unless a repo-backed review pack file is independent and valid. |
| Diagnostics default |
Collapsed. |
3. Review Ready With Evidence
| Field |
Contract |
| Visible status |
Review ready with evidence |
| Reason |
Review summary and supporting evidence are available. |
| Impact |
Customer stakeholders can consume the review and inspect evidence. |
| Primary next action |
Review findings or open evidence, based on repo-backed attention state. |
| Findings summary |
Open/attention counts where repo-backed. |
| Accepted risks state |
Visible if accepted risks exist. |
| Evidence state |
Available. |
| Review pack state |
Required, generating, failed, or available from ReviewPack truth. |
| Customer-safe output state |
Needs review or ready only when review/pack truth supports it. |
| Export state |
Available only from ready non-expired pack file truth. |
| Diagnostics default |
Collapsed. |
4. Review Pack Required
| Field |
Contract |
| Visible status |
Review pack required |
| Reason |
Review data exists, but no review pack is available. |
| Impact |
Customer-safe export/download is not ready yet. |
| Primary next action |
Generate review pack only when existing repo action is supported and authorized; otherwise open review/evidence. |
| Findings summary |
Available if repo-backed. |
| Accepted risks state |
Available if repo-backed. |
| Evidence state |
Available or missing from evidence truth. |
| Review pack state |
Required. |
| Customer-safe output state |
Not ready or needs review. |
| Export state |
Unavailable. |
| Diagnostics default |
Collapsed. |
5. Review Pack Available
| Field |
Contract |
| Visible status |
Review pack available |
| Reason |
A review pack is available for this review. |
| Impact |
The review can be consumed and exported according to workspace policy if the pack is repo-backed as customer-safe and authorized. |
| Primary next action |
Open review pack or download review pack when authorized and file metadata supports it. |
| Findings summary |
Still visible; pack availability must not hide findings needing attention. |
| Accepted risks state |
Still visible; accepted risks must not be hidden in diagnostics. |
| Evidence state |
Available or needs review based on linked evidence. |
| Review pack state |
Available. |
| Customer-safe output state |
Ready only when repo-backed; otherwise needs review. |
| Export state |
Available only for ready, non-expired pack with file metadata and authorization. |
| Diagnostics default |
Collapsed. |
6. Findings Need Attention
| Field |
Contract |
| Visible status |
Findings need attention |
| Reason |
One or more findings require customer review or operator follow-up. |
| Impact |
Review should not be treated as complete until findings are assigned, accepted, resolved, or otherwise addressed. |
| Primary next action |
Review findings. |
| Findings summary |
Required; show repo-backed counts and customer-safe row preview. |
| Accepted risks state |
Visible separately if accepted risks also exist. |
| Evidence state |
Available/missing from evidence truth. |
| Review pack state |
Available/required/generating/failed from pack truth. |
| Customer-safe output state |
Needs review unless repo truth proves no action remains. |
| Export state |
Available only when file truth supports it; export does not suppress findings attention. |
| Diagnostics default |
Collapsed. |
7. Accepted Risks Present
| Field |
Contract |
| Visible status |
Accepted risks present |
| Reason |
Some findings have accepted risk decisions. |
| Impact |
Customer stakeholders should review owner, rationale, and expiry/review date where available. |
| Primary next action |
Review accepted risks. |
| Findings summary |
Shows related finding context where repo-backed. |
| Accepted risks state |
Required; show owner/rationale/expiry/review date if present and missing-date copy if not. |
| Evidence state |
Available/missing from evidence truth. |
| Review pack state |
Available/required/generating/failed from pack truth. |
| Customer-safe output state |
Needs review or ready depending on validity and review-pack truth. |
| Export state |
Available only when file truth supports it. |
| Diagnostics default |
Collapsed. |
8. No Findings Requiring Action
| Field |
Contract |
| Visible status |
No findings requiring action |
| Reason |
This review has no open findings requiring customer action. |
| Impact |
Review can be consumed or exported if evidence and review pack are available. |
| Primary next action |
Open review pack or open evidence when authorized and repo-backed. |
| Findings summary |
Shows zero-action state only if repo-backed. |
| Accepted risks state |
Shows none/current state only if repo-backed. |
| Evidence state |
Available/missing from evidence truth. |
| Review pack state |
Available/required/generating/failed from pack truth. |
| Customer-safe output state |
Ready only when evidence/review-pack truth supports it. |
| Export state |
Available only when file truth supports it. |
| Diagnostics default |
Collapsed. |
Unavailable Or Deferred Concepts
| Concept |
Default Contract |
| Customer acknowledgement / attestation |
Do not implement in Spec 342. Show unavailable/deferred copy only if useful. |
| External delivery / email / PSA handoff |
Do not implement in Spec 342. Show unavailable/deferred copy only if useful. |
| Auditor-ready certification |
Do not claim unless future repo truth supports certification semantics. |
| Compliance/healthy claim |
Do not claim from absence of findings alone. |
| Generic customer portal |
Deferred follow-up outside Spec 342. |