TenantAtlas/docs/ui-ux-enterprise-audit/page-reports/ui-101-review-publication-resolution.md
ahmido 83c679cf85 feat: add review publication proof currentness contract (#459)
Automated PR created by Codex via Gitea API.

Co-authored-by: Ahmed Darrazi <ahmed.darrazi@live.de>
Reviewed-on: #459
2026-06-19 19:10:35 +00:00

5.4 KiB

UI-101 Review Publication Resolution

Field Value
Route /admin/workspaces/{workspace}/environments/{environment}/environment-reviews/{record}/resolve-publication
Source EnvironmentReviewResource::resolve-publication
Area / scope Reviews / environment record workflow
Archetype Reviews
Design depth Strategic Surface
Repo truth browser-verified route; feature-tested
Screenshot Spec 386 baseline: desktop, mobile. Spec 387 hardening: detail CTA, decision desktop, confirmation modal, proof expanded, mobile, customer boundary, readonly. Spec 388 proof-state evidence: artifact note
Browser status Browser smoke passed for blocked-review CTA handoff, decision-first resolution page rendering, compact preparation progress, action-specific confirmation copy, technical disclosure, readonly inspection, customer boundary non-leakage, and narrow viewport readability.

First Five Seconds

The page should answer five operator questions immediately: can I publish, why not, what is missing, what should I do now, and whether the action publishes automatically.

Productization Review

  • Decision-first: operator-state page title, blocked reason, missing required reports, next safe action, compact preparation progress, and no-auto-publish copy lead the page.
  • Operator vocabulary: review-pack generation is presented as Prepare export, return-to-publication completion is presented as Return to review, and readonly users receive page-level inspection copy.
  • Evidence-first: report, evidence, review, pack, and operation proof remain available without becoming the default workflow source of truth.
  • Context: route is owned by the Environment Review record and remains environment-scoped.
  • Customer/auditor safety: high, because internal remediation details stay in the admin plane and customer workspace does not expose the case.
  • Diagnostics: proof and operation links are available in collapsed technical disclosure, secondary to the guided fix.

Information Inventory

Default content shows publication blocked state, required reports, compact preparation progress, the next safe action, what happens after the action, and the return-to-review action. Running and failed operation states use normalized operator copy. Case status, proof links, operation links, and implementation terms such as report-backed evidence are technical details behind disclosure or normalized out of operator copy.

Spec 388 adds normalized proof labels inside the existing collapsed technical disclosure: current proof, outdated proof, superseded by newer result, operation running, action failed, proof missing, not available with your permissions, and proof cannot be verified. These labels do not add a new page archetype, route, global search surface, navigation item, or competing primary action.

Dangerous Actions

Cancel resolution is destructive to the local resolution case only, is demoted into the grouped More action, and requires confirmation plus ENVIRONMENT_REVIEW_MANAGE. Step execution is high-impact, uses action-specific confirmation heading/body/submit copy, hides duplicate start actions while a linked operation is running, and delegates to the owning source action: provider verification or Entra scan for required reports, evidence snapshot generation for evidence, review refresh for composition, review-pack generation for export proof, and a non-publishing return-to-review completion step.

Scores

IA Density User Clarity Sellability Disclosure Hierarchy DS Fit A11y Responsive Components UX Writing Perf
9 8 9 8 9 9 8 8 8 8 9 7

Top Issues

  1. Long-running operation states should be rechecked once real queue workers and provider failures are exercised in staging.
  2. Report-step copy may need more specific provider wording if operators repeatedly hit provider-verification prerequisites.
  3. The page intentionally stays sequential in v1; parallel report actions would require a new spec update.

Target Direction

Keep this as a subject-owned admin workflow attached to Environment Review. Do not promote it into top-level navigation, a generic workflow resource, global search, or a customer-facing remediation surface.