TenantAtlas/specs/343-customer-review-attestation-accepted-risk-lifecycle/review-attestation-risk-state-contract.md
ahmido 0987527d0e feat: customer review acknowledgement lifecycle (343) (#415)
## Summary
- add persisted customer review acknowledgement truth with capability gating and audit emission
- extend the customer review workspace with acknowledgement state, evidence basis details, and accepted-risk lifecycle visibility
- add focused feature and browser coverage plus Spec 343 screenshot artifacts and UI audit updates

## Scope
- Livewire v4 / Filament v5 surface only; no panel provider changes
- no new global assets; no `filament:assets` deployment change for this slice
- includes a PostgreSQL migration for `environment_review_acknowledgements`

## Guardrail / Exception / Smoke Coverage
- reachable UI surface changed: existing `/admin/reviews/workspace` customer-safe page
- UI audit updated in `docs/ui-ux-enterprise-audit/page-reports/ui-006-customer-review-workspace.md`
- screenshot artifacts included under `specs/343-customer-review-attestation-accepted-risk-lifecycle/artifacts/screenshots/`
- spec package includes plan, tasks, repo-truth map, and state contract for the implemented slice

## Notes
- target branch requested: `platform-dev`
- branch pushed from commit `aaaad441fd13dbac54e971ab48765c502ced6b3f`

Co-authored-by: Ahmed Darrazi <ahmed.darrazi@live.de>
Reviewed-on: #415
2026-06-01 18:00:37 +00:00

4.5 KiB

Spec 343 - Review Attestation & Accepted Risk State Contract

Status: draft
Created: 2026-06-01
Scope: Derived UI state contract for Customer Review Workspace acknowledgement + accepted-risk lifecycle

This document defines the derived display contract for Spec 343. It is not a new persisted truth source. The UI must not fabricate states; unsupported concepts must render as not available or deferred.

Contract Rules

  • Derived-only: all states come from repo-backed models/fields (plus “absence of record”).
  • No legal/e-signature semantics.
  • No compliance/certification claims.
  • Diagnostics are collapsed by default and capability-gated.

Exact implementation may differ, but the UI should consume one coherent contract where practical:

[
    'review' => [
        'id' => 123,
        'status' => 'published',
    ],
    'attestation' => [
        'state' => 'required', // not_available | required | acknowledged | re_ack_required
        'label' => 'Customer acknowledgement required',
        'reason' => 'Review pack is available, but no acknowledgement is recorded.',
        'impact' => 'The review is consumable, but not yet acknowledged.',
        'primary_next_action' => 'Acknowledge review',
        'basis' => [
            'review_pack' => 'available',   // available | not_available | preparing | expired | unknown
            'evidence' => 'available',      // available | incomplete | not_available | unknown
        ],
    ],
    'accepted_risks' => [
        'total' => 3,
        'expiring' => 1,
        'expired' => 1,
        'pending' => 0,
        'missing_support' => 0,
        'missing_required_fields' => 1,
    ],
    'diagnostics_state' => 'collapsed',
]

Attestation States

1) Not Available

Use only when repo truth shows acknowledgement is intentionally unsupported.

Field Contract
Visible status Acknowledgement not available
Reason This review does not support acknowledgement yet.
Impact Review consumption is available, but acknowledgement is not tracked.
Primary next action Review accepted risks / findings
Action None (no fake acknowledge button)
Diagnostics default Collapsed

2) Required

Field Contract
Visible status Customer acknowledgement required
Reason Review pack (and/or evidence basis) is available, but no acknowledgement is recorded.
Impact The review can be consumed, but acknowledgement is not yet tracked.
Primary next action Acknowledge review
Action Show acknowledge action only when authorized
Diagnostics default Collapsed

3) Acknowledged

Field Contract
Visible status Review acknowledged
Reason A customer/stakeholder acknowledgement is recorded.
Impact Review consumption has an audit trail.
Primary next action Review accepted risks
Action No “revoke” in v1 unless explicitly in scope + authorized
Diagnostics default Collapsed

4) Re-acknowledgement Required

Use only when repo truth can detect basis drift after acknowledgement (e.g., review pack/evidence snapshot changed).

Field Contract
Visible status Re-acknowledgement required
Reason Review content changed after the last acknowledgement.
Impact Previous acknowledgement may no longer represent the current review package.
Primary next action Re-acknowledge review
Diagnostics default Collapsed

Accepted Risk Lifecycle Contract

Accepted risks are sourced from FindingException (and their decisions). Customer-safe display should map to these lifecycle signals where repo-backed:

  • total accepted risks on record
  • expiring soon
  • expired
  • pending approval
  • missing governance support (missing_support)
  • missing required fields for defensible governance (owner/rationale/review date), when repo-backed

Copy boundaries

  • “No accepted risks recorded for this review” is allowed when the count is zero.
  • “No risks exist” is forbidden unless there is a separate, explicit product truth that proves it (not expected).

Evidence / Review Pack Basis

Every attestation state should show what it is based on:

  • review pack availability/status
  • evidence snapshot availability/completeness
  • audit linkage availability (only if repo-backed)

If evidence is missing:

  • show “Evidence basis unavailable” (truthful)
  • do not block acknowledgement unless the product explicitly requires evidence for acknowledgement (decision must be recorded in spec if introduced)