## Summary - add persisted customer review acknowledgement truth with capability gating and audit emission - extend the customer review workspace with acknowledgement state, evidence basis details, and accepted-risk lifecycle visibility - add focused feature and browser coverage plus Spec 343 screenshot artifacts and UI audit updates ## Scope - Livewire v4 / Filament v5 surface only; no panel provider changes - no new global assets; no `filament:assets` deployment change for this slice - includes a PostgreSQL migration for `environment_review_acknowledgements` ## Guardrail / Exception / Smoke Coverage - reachable UI surface changed: existing `/admin/reviews/workspace` customer-safe page - UI audit updated in `docs/ui-ux-enterprise-audit/page-reports/ui-006-customer-review-workspace.md` - screenshot artifacts included under `specs/343-customer-review-attestation-accepted-risk-lifecycle/artifacts/screenshots/` - spec package includes plan, tasks, repo-truth map, and state contract for the implemented slice ## Notes - target branch requested: `platform-dev` - branch pushed from commit `aaaad441fd13dbac54e971ab48765c502ced6b3f` Co-authored-by: Ahmed Darrazi <ahmed.darrazi@live.de> Reviewed-on: #415
4.5 KiB
Spec 343 - Review Attestation & Accepted Risk State Contract
Status: draft
Created: 2026-06-01
Scope: Derived UI state contract for Customer Review Workspace acknowledgement + accepted-risk lifecycle
This document defines the derived display contract for Spec 343. It is not a new persisted truth source. The UI must not fabricate states; unsupported concepts must render as not available or deferred.
Contract Rules
- Derived-only: all states come from repo-backed models/fields (plus “absence of record”).
- No legal/e-signature semantics.
- No compliance/certification claims.
- Diagnostics are collapsed by default and capability-gated.
Recommended Contract Shape (illustrative)
Exact implementation may differ, but the UI should consume one coherent contract where practical:
[
'review' => [
'id' => 123,
'status' => 'published',
],
'attestation' => [
'state' => 'required', // not_available | required | acknowledged | re_ack_required
'label' => 'Customer acknowledgement required',
'reason' => 'Review pack is available, but no acknowledgement is recorded.',
'impact' => 'The review is consumable, but not yet acknowledged.',
'primary_next_action' => 'Acknowledge review',
'basis' => [
'review_pack' => 'available', // available | not_available | preparing | expired | unknown
'evidence' => 'available', // available | incomplete | not_available | unknown
],
],
'accepted_risks' => [
'total' => 3,
'expiring' => 1,
'expired' => 1,
'pending' => 0,
'missing_support' => 0,
'missing_required_fields' => 1,
],
'diagnostics_state' => 'collapsed',
]
Attestation States
1) Not Available
Use only when repo truth shows acknowledgement is intentionally unsupported.
| Field | Contract |
|---|---|
| Visible status | Acknowledgement not available |
| Reason | This review does not support acknowledgement yet. |
| Impact | Review consumption is available, but acknowledgement is not tracked. |
| Primary next action | Review accepted risks / findings |
| Action | None (no fake acknowledge button) |
| Diagnostics default | Collapsed |
2) Required
| Field | Contract |
|---|---|
| Visible status | Customer acknowledgement required |
| Reason | Review pack (and/or evidence basis) is available, but no acknowledgement is recorded. |
| Impact | The review can be consumed, but acknowledgement is not yet tracked. |
| Primary next action | Acknowledge review |
| Action | Show acknowledge action only when authorized |
| Diagnostics default | Collapsed |
3) Acknowledged
| Field | Contract |
|---|---|
| Visible status | Review acknowledged |
| Reason | A customer/stakeholder acknowledgement is recorded. |
| Impact | Review consumption has an audit trail. |
| Primary next action | Review accepted risks |
| Action | No “revoke” in v1 unless explicitly in scope + authorized |
| Diagnostics default | Collapsed |
4) Re-acknowledgement Required
Use only when repo truth can detect basis drift after acknowledgement (e.g., review pack/evidence snapshot changed).
| Field | Contract |
|---|---|
| Visible status | Re-acknowledgement required |
| Reason | Review content changed after the last acknowledgement. |
| Impact | Previous acknowledgement may no longer represent the current review package. |
| Primary next action | Re-acknowledge review |
| Diagnostics default | Collapsed |
Accepted Risk Lifecycle Contract
Accepted risks are sourced from FindingException (and their decisions). Customer-safe display should map to these lifecycle signals where repo-backed:
- total accepted risks on record
- expiring soon
- expired
- pending approval
- missing governance support (
missing_support) - missing required fields for defensible governance (owner/rationale/review date), when repo-backed
Copy boundaries
- “No accepted risks recorded for this review” is allowed when the count is zero.
- “No risks exist” is forbidden unless there is a separate, explicit product truth that proves it (not expected).
Evidence / Review Pack Basis
Every attestation state should show what it is based on:
- review pack availability/status
- evidence snapshot availability/completeness
- audit linkage availability (only if repo-backed)
If evidence is missing:
- show “Evidence basis unavailable” (truthful)
- do not block acknowledgement unless the product explicitly requires evidence for acknowledgement (decision must be recorded in spec if introduced)