ahmido/TenantAtlas
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects 1 Releases Wiki Activity
aacd82849a
TenantAtlas/specs/249-customer-review-workspace/tasks.md
ahmido aacd82849a
Some checks failed
Main Confidence / confidence (push) Failing after 54s
Details
feat(reviews): add CustomerReviewWorkspace with audit logging and RBAC enforcement (#289) 
Add `CustomerReviewWorkspace` page for tenant pre-filtered reviews
Add customer workspace links to `EvidenceSnapshotResource`, `ReviewPackResource`, and `TenantReviewResource`
Implement audit logging for `TenantReviewOpened` and `ReviewPackDownloaded` actions
Update ReviewPack download controller to enforce tenant-scoped RBAC
Add tests for ReviewPack download authorization and audit logging

Co-authored-by: Ahmed Darrazi <ahmed.darrazi@live.de>
Reviewed-on: #289
2026-04-28 07:15:41 +00:00

24 KiB
Raw Blame History

description
Task list for feature implementation

Tasks: Customer Review Workspace v1

Input: Design documents from /Users/ahmeddarrazi/Documents/projects/wt-plattform/specs/249-customer-review-workspace/ Prerequisites: /Users/ahmeddarrazi/Documents/projects/wt-plattform/specs/249-customer-review-workspace/plan.md (required), /Users/ahmeddarrazi/Documents/projects/wt-plattform/specs/249-customer-review-workspace/spec.md (required), /Users/ahmeddarrazi/Documents/projects/wt-plattform/specs/249-customer-review-workspace/checklists/requirements.md (required), /Users/ahmeddarrazi/Documents/projects/wt-plattform/specs/249-customer-review-workspace/research.md, /Users/ahmeddarrazi/Documents/projects/wt-plattform/specs/249-customer-review-workspace/data-model.md, /Users/ahmeddarrazi/Documents/projects/wt-plattform/specs/249-customer-review-workspace/contracts/customer-review-workspace.openapi.yaml, /Users/ahmeddarrazi/Documents/projects/wt-plattform/specs/249-customer-review-workspace/quickstart.md

Tests: Required (Pest) for all runtime behavior changes. Keep proof in the narrow confidence lane plus one explicit browser smoke slice, using the targeted Sail commands already captured in the feature spec, plan, and quickstart artifacts.

Test Governance Notes

  • Lane assignment: confidence plus one explicit browser smoke slice are the narrowest sufficient proof for latest-published selection, deny-as-not-found boundaries, capability-gated pack access, and calm customer-safe disclosure.
  • Keep new coverage inside /Users/ahmeddarrazi/Documents/projects/wt-plattform/apps/platform/tests/Feature/Reviews/CustomerReviewWorkspace*.php plus /Users/ahmeddarrazi/Documents/projects/wt-plattform/apps/platform/tests/Browser/Reviews/CustomerReviewWorkspaceSmokeTest.php; do not widen this slice into a new portal or customer-journey test family.
  • Reuse existing workspace membership, tenant membership, published review, review-pack, evidence snapshot, finding, and finding-exception fixtures; any helper introduced for row composition or launch-context state must stay explicit and cheap by default.
  • If implementation needs a bounded local read helper or a new audit action ID, record the outcome as document-in-feature or escalate to follow-up-spec in the final close-out task.

Phase 1: Setup (Shared Infrastructure)

Purpose: Lock the bounded slice, proof commands, and guardrail expectations before runtime edits begin.

  • T001 Review the bounded slice, explicit non-goals, open planning choices, and guardrail outcomes in /Users/ahmeddarrazi/Documents/projects/wt-plattform/specs/249-customer-review-workspace/spec.md, /Users/ahmeddarrazi/Documents/projects/wt-plattform/specs/249-customer-review-workspace/plan.md, and /Users/ahmeddarrazi/Documents/projects/wt-plattform/specs/249-customer-review-workspace/checklists/requirements.md
  • T002 [P] Review the latest-published selection contract, absence-state rules, signed pack-download boundary, and audit expectations in /Users/ahmeddarrazi/Documents/projects/wt-plattform/specs/249-customer-review-workspace/research.md, /Users/ahmeddarrazi/Documents/projects/wt-plattform/specs/249-customer-review-workspace/data-model.md, and /Users/ahmeddarrazi/Documents/projects/wt-plattform/specs/249-customer-review-workspace/contracts/customer-review-workspace.openapi.yaml
  • T003 [P] Confirm the focused Sail/Pest commands, browser smoke command, and smoke-checklist/substitution note in /Users/ahmeddarrazi/Documents/projects/wt-plattform/specs/249-customer-review-workspace/quickstart.md and keep the validation plan unchanged unless touched runtime truth requires an adjacent proof file

Phase 2: Foundational (Blocking Prerequisites)

Purpose: Establish the shared page shell, isolation enforcement, and query seam that every user story depends on.

⚠️ CRITICAL: No user story work should begin until this phase is complete.

  • T004 [P] Add shared authorization coverage for workspace membership, explicit tenant-prefilter targeting, deny-as-not-found 404 boundaries, and capability-first 403 semantics in /Users/ahmeddarrazi/Documents/projects/wt-plattform/apps/platform/tests/Feature/Reviews/CustomerReviewWorkspaceAuthorizationTest.php
  • T005 Create the native read-only workspace page shell and Blade view in /Users/ahmeddarrazi/Documents/projects/wt-plattform/apps/platform/app/Filament/Pages/Reviews/CustomerReviewWorkspace.php and /Users/ahmeddarrazi/Documents/projects/wt-plattform/apps/platform/resources/views/filament/pages/reviews/customer-review-workspace.blade.php, keeping it in the same reviews family as /Users/ahmeddarrazi/Documents/projects/wt-plattform/apps/platform/app/Filament/Pages/Reviews/ReviewRegister.php and touching explicit panel discovery only if repo verification proves the page is not auto-discovered
  • T006 Resolve the row-query seam by reusing or minimally extending /Users/ahmeddarrazi/Documents/projects/wt-plattform/apps/platform/app/Services/TenantReviews/TenantReviewRegisterService.php for workspace access and latest-published-per-entitled-tenant reads; only if that seam cannot safely express the query add a bounded helper beside /Users/ahmeddarrazi/Documents/projects/wt-plattform/apps/platform/app/Filament/Pages/Reviews/CustomerReviewWorkspace.php and record the choice in /Users/ahmeddarrazi/Documents/projects/wt-plattform/specs/249-customer-review-workspace/plan.md
  • T007 [P] Thread Livewire-safe tenant prefilter, highlight, and clear-filter state through /Users/ahmeddarrazi/Documents/projects/wt-plattform/apps/platform/app/Filament/Pages/Reviews/CustomerReviewWorkspace.php, reusing the current workspace-page state patterns from /Users/ahmeddarrazi/Documents/projects/wt-plattform/apps/platform/app/Filament/Pages/Reviews/ReviewRegister.php and /Users/ahmeddarrazi/Documents/projects/wt-plattform/apps/platform/app/Filament/Pages/Monitoring/EvidenceOverview.php

Checkpoint: Foundation ready. The customer-safe page shell, 404/403 boundaries, and query-seam decision are in place.

Phase 3: User Story 1 - Open The Latest Customer-Safe Review (Priority: P1) 🎯 MVP

Goal: Let a readonly-capable tenant actor open one workspace page that shows the latest published customer-safe review for each entitled tenant without surfacing internal-only review states.

Independent Test: Sign in as a readonly-capable tenant actor, open /admin/reviews/workspace, and confirm each visible tenant shows only its latest published review summary while tenants without a published review show a truthful absence state.

Tests for User Story 1

  • T008 [P] [US1] Add workspace page feature coverage for latest published review selection, tenant launch-context highlighting, and truthful no-published-review absence handling in /Users/ahmeddarrazi/Documents/projects/wt-plattform/apps/platform/tests/Feature/Reviews/CustomerReviewWorkspacePageTest.php

Implementation for User Story 1

  • T009 [US1] Compose one derived workspace entry per entitled tenant from existing TenantReview, currentExportReviewPack, and evidenceSnapshot truth in /Users/ahmeddarrazi/Documents/projects/wt-plattform/apps/platform/app/Filament/Pages/Reviews/CustomerReviewWorkspace.php and /Users/ahmeddarrazi/Documents/projects/wt-plattform/apps/platform/app/Services/TenantReviews/TenantReviewRegisterService.php or the bounded helper chosen in T006
  • T010 [US1] Add or reuse safe customer-workspace launch links from /Users/ahmeddarrazi/Documents/projects/wt-plattform/apps/platform/app/Filament/Pages/Reviews/ReviewRegister.php, /Users/ahmeddarrazi/Documents/projects/wt-plattform/apps/platform/app/Filament/Pages/Monitoring/EvidenceOverview.php, /Users/ahmeddarrazi/Documents/projects/wt-plattform/apps/platform/app/Filament/Resources/TenantReviewResource.php, /Users/ahmeddarrazi/Documents/projects/wt-plattform/apps/platform/app/Filament/Resources/ReviewPackResource.php, /Users/ahmeddarrazi/Documents/projects/wt-plattform/apps/platform/app/Filament/Resources/EvidenceSnapshotResource.php, and the nearest tenant dashboard review entry surface under /Users/ahmeddarrazi/Documents/projects/wt-plattform/apps/platform/app/Filament/Widgets/Tenant/ so tenant context arrives as a safe prefilter without creating a second summary shell
  • T011 [US1] Render the calm row summary and route the dominant Open latest review affordance through the existing tenant review detail path in /Users/ahmeddarrazi/Documents/projects/wt-plattform/apps/platform/app/Filament/Pages/Reviews/CustomerReviewWorkspace.php, /Users/ahmeddarrazi/Documents/projects/wt-plattform/apps/platform/resources/views/filament/pages/reviews/customer-review-workspace.blade.php, and /Users/ahmeddarrazi/Documents/projects/wt-plattform/apps/platform/app/Filament/Resources/TenantReviewResource.php
  • T012 [US1] Keep tenants without a published review visible only as truthful absence states and never as draft, ready, failed, or internal-only fallbacks in /Users/ahmeddarrazi/Documents/projects/wt-plattform/apps/platform/app/Filament/Pages/Reviews/CustomerReviewWorkspace.php and /Users/ahmeddarrazi/Documents/projects/wt-plattform/apps/platform/resources/views/filament/pages/reviews/customer-review-workspace.blade.php

Checkpoint: User Story 1 is independently functional when the workspace page truthfully selects the latest published review and handles no-published-review tenants safely.

Phase 4: User Story 2 - Understand Findings And Accepted Risks Without Admin Controls (Priority: P1)

Goal: Let a readonly-capable tenant actor understand key findings and accepted risks from the latest review in calm language without seeing remediation, publishing, or debug controls.

Independent Test: Open the workspace page and the linked latest review detail for a tenant with findings and accepted risks, then confirm the actor can understand the review outcome without seeing admin or remediation actions.

Tests for User Story 2

  • T013 [P] [US2] Extend workspace page feature coverage for key-finding and accepted-risk summaries, hidden raw/support detail by default, and absent admin or remediation controls on the workspace page in /Users/ahmeddarrazi/Documents/projects/wt-plattform/apps/platform/tests/Feature/Reviews/CustomerReviewWorkspacePageTest.php
  • T014 [P] [US2] Add browser smoke coverage for calm default-visible content, one dominant Open latest review action, safe secondary actions, and absent admin or remediation controls in /Users/ahmeddarrazi/Documents/projects/wt-plattform/apps/platform/tests/Browser/Reviews/CustomerReviewWorkspaceSmokeTest.php
  • T015 [P] [US2] Extend the smallest existing tenant-review detail readonly or action-surface test under /Users/ahmeddarrazi/Documents/projects/wt-plattform/apps/platform/tests/Feature/Reviews/ after repo verification so the workspace launch path proves detail inspection stays read-only for readonly-capable actors

Implementation for User Story 2

  • T016 [US2] Render key-finding and accepted-risk summaries by reusing review summary and section payloads from /Users/ahmeddarrazi/Documents/projects/wt-plattform/apps/platform/app/Services/TenantReviews/TenantReviewService.php together with /Users/ahmeddarrazi/Documents/projects/wt-plattform/apps/platform/app/Support/Ui/GovernanceArtifactTruth/ArtifactTruthPresenter.php, /Users/ahmeddarrazi/Documents/projects/wt-plattform/apps/platform/app/Support/RedactionIntegrity.php, /Users/ahmeddarrazi/Documents/projects/wt-plattform/apps/platform/app/Filament/Pages/Reviews/CustomerReviewWorkspace.php, and /Users/ahmeddarrazi/Documents/projects/wt-plattform/apps/platform/resources/views/filament/pages/reviews/customer-review-workspace.blade.php, extending shared helpers only if repo verification shows a missing customer-safe summary field
  • T017 [US2] Keep default-visible content limited to customer-safe outcome, findings, accepted risks, freshness context, and explicit secondary proof links while excluding raw JSON, unrestricted audit metadata, and diagnostics from /Users/ahmeddarrazi/Documents/projects/wt-plattform/apps/platform/resources/views/filament/pages/reviews/customer-review-workspace.blade.php
  • T018 [US2] If the workspace-to-detail handoff exposes any admin, remediation, publish, regenerate, expire, triage, or exception-edit controls to readonly-capable actors, tighten the smallest existing tenant-review detail surface in /Users/ahmeddarrazi/Documents/projects/wt-plattform/apps/platform/app/Filament/Resources/TenantReviewResource.php or its matching page class after repo verification instead of adding a second customer-detail shell

Checkpoint: User Story 2 is independently functional when summaries stay calm, raw detail stays secondary, and readonly actors never see admin or remediation controls in the customer-safe flow.

Phase 5: User Story 3 - Consume The Current Review Pack Safely (Priority: P2)

Goal: Let a readonly-capable tenant actor open or download the current review pack when it already exists, while keeping unavailable states calm and preserving signed-download safety.

Independent Test: From the workspace page, use the pack action for a tenant with a current pack and for one without a current pack, then confirm only the existing safe download path is exposed and no generation or regeneration flow appears.

Tests for User Story 3

  • T019 [P] [US3] Add review-pack access feature coverage for visible download action only with REVIEW_PACK_VIEW, calm unavailable state when no current pack exists, preserved signed download behavior, and truthful audit reuse or additive action-ID wiring in /Users/ahmeddarrazi/Documents/projects/wt-plattform/apps/platform/tests/Feature/Reviews/CustomerReviewWorkspacePackAccessTest.php
  • T020 [P] [US3] If workspace implementation touches pack-download plumbing, extend /Users/ahmeddarrazi/Documents/projects/wt-plattform/apps/platform/tests/Feature/ReviewPack/ReviewPackDownloadTest.php to prove no generate or regenerate path was introduced; otherwise leave pack-download regression coverage unchanged and record that outcome in the final close-out task

Implementation for User Story 3

  • T021 [US3] Surface current review-pack availability and the one safe inline Download review pack shortcut from the existing current-export relation and signed route semantics in /Users/ahmeddarrazi/Documents/projects/wt-plattform/apps/platform/app/Filament/Pages/Reviews/CustomerReviewWorkspace.php, /Users/ahmeddarrazi/Documents/projects/wt-plattform/apps/platform/resources/views/filament/pages/reviews/customer-review-workspace.blade.php, and /Users/ahmeddarrazi/Documents/projects/wt-plattform/apps/platform/app/Services/ReviewPackService.php
  • T022 [US3] Keep review-pack and evidence secondary actions capability-gated through existing REVIEW_PACK_VIEW and EVIDENCE_VIEW checks plus the current resource route helpers in /Users/ahmeddarrazi/Documents/projects/wt-plattform/apps/platform/app/Filament/Pages/Reviews/CustomerReviewWorkspace.php, /Users/ahmeddarrazi/Documents/projects/wt-plattform/apps/platform/resources/views/filament/pages/reviews/customer-review-workspace.blade.php, /Users/ahmeddarrazi/Documents/projects/wt-plattform/apps/platform/app/Filament/Resources/ReviewPackResource.php, and /Users/ahmeddarrazi/Documents/projects/wt-plattform/apps/platform/app/Filament/Resources/EvidenceSnapshotResource.php
  • T023 [US3] Reuse the existing audit pipeline for explicit artifact open or download events surfaced by the workspace page, adding a stable AuditActionId and WorkspaceAuditLogger wiring only if repo verification shows the current review or pack path does not already emit a truthful event in /Users/ahmeddarrazi/Documents/projects/wt-plattform/apps/platform/app/Support/Audit/AuditActionId.php, /Users/ahmeddarrazi/Documents/projects/wt-plattform/apps/platform/app/Services/Audit/WorkspaceAuditLogger.php, and the smallest calling surface selected during implementation

Checkpoint: User Story 3 is independently functional when pack visibility and download stay capability-gated, unavailable states stay calm, and audit reuse remains bounded.

Phase 6: Polish & Cross-Cutting Concerns

Purpose: Run the focused validation suite, capture executed smoke evidence, format touched files, and record the feature-local close-out without widening scope.

  • T024 Run the targeted workspace-page Sail/Pest command from /Users/ahmeddarrazi/Documents/projects/wt-plattform/specs/249-customer-review-workspace/plan.md and /Users/ahmeddarrazi/Documents/projects/wt-plattform/specs/249-customer-review-workspace/quickstart.md against /Users/ahmeddarrazi/Documents/projects/wt-plattform/apps/platform/tests/Feature/Reviews/CustomerReviewWorkspacePageTest.php
  • T025 Run the targeted authorization Sail/Pest command from /Users/ahmeddarrazi/Documents/projects/wt-plattform/specs/249-customer-review-workspace/plan.md and /Users/ahmeddarrazi/Documents/projects/wt-plattform/specs/249-customer-review-workspace/quickstart.md against /Users/ahmeddarrazi/Documents/projects/wt-plattform/apps/platform/tests/Feature/Reviews/CustomerReviewWorkspaceAuthorizationTest.php
  • T026 Run the targeted pack-access Sail/Pest command from /Users/ahmeddarrazi/Documents/projects/wt-plattform/specs/249-customer-review-workspace/plan.md and /Users/ahmeddarrazi/Documents/projects/wt-plattform/specs/249-customer-review-workspace/quickstart.md against /Users/ahmeddarrazi/Documents/projects/wt-plattform/apps/platform/tests/Feature/Reviews/CustomerReviewWorkspacePackAccessTest.php and /Users/ahmeddarrazi/Documents/projects/wt-plattform/apps/platform/tests/Feature/ReviewPack/ReviewPackDownloadTest.php if T020 touched that file
  • T027 Run the explicit browser smoke command from /Users/ahmeddarrazi/Documents/projects/wt-plattform/specs/249-customer-review-workspace/plan.md and /Users/ahmeddarrazi/Documents/projects/wt-plattform/specs/249-customer-review-workspace/quickstart.md against /Users/ahmeddarrazi/Documents/projects/wt-plattform/apps/platform/tests/Browser/Reviews/CustomerReviewWorkspaceSmokeTest.php
  • T028 Satisfy the smoke-evidence checklist in /Users/ahmeddarrazi/Documents/projects/wt-plattform/specs/249-customer-review-workspace/quickstart.md through either a human manual run or an explicitly documented bounded browser-smoke substitution for readonly workspace entry, tenant-prefilter launch, read-only review detail open, pack available or unavailable behavior, and out-of-scope tenant targeting
  • T029 Run dirty-only Pint through Sail for touched platform files using the command recorded in /Users/ahmeddarrazi/Documents/projects/wt-plattform/specs/249-customer-review-workspace/quickstart.md
  • T030 Record the final Guardrail / Exception / Smoke Coverage close-out, lane results, executed smoke-evidence outcome, review outcome class (acceptable-special-case unless implementation proves otherwise), workflow outcome (keep unless implementation proves otherwise), and any bounded document-in-feature note for the TenantReviewRegisterService versus local-helper choice or audit-action wiring in /Users/ahmeddarrazi/Documents/projects/wt-plattform/specs/249-customer-review-workspace/plan.md, /Users/ahmeddarrazi/Documents/projects/wt-plattform/specs/249-customer-review-workspace/quickstart.md, and /Users/ahmeddarrazi/Documents/projects/wt-plattform/specs/249-customer-review-workspace/checklists/requirements.md

Close-out Notes

  • T006 reused TenantReviewRegisterService for workspace entitlement and latest-published-per-tenant reads; no page-local helper was introduced.
  • T010 landed direct customer-workspace launch links on tenant review detail, review-pack detail, evidence related context, and the tenant review-pack widget. ReviewRegister and EvidenceOverview satisfied the task through existing row/detail navigation reuse rather than new duplicate launch buttons.
  • T018 was closed by making the tenant-review detail route enter a customer-safe read-only mode when launched from the workspace path, leaving the normal operator detail route behavior unchanged.
  • T020 touched pack-download plumbing. ReviewPackDownloadTest.php and ReviewPackRbacTest.php were updated and passed after capability enforcement and audit logging were added to the signed download route.
  • T023 reused the existing audit store and WorkspaceAuditLogger with additive tenant_review.opened and review_pack.downloaded action IDs; no new audit store or parallel audit pipeline was introduced.
  • T028 used the bounded Pest browser smoke plus the focused feature lane as the executed smoke evidence. No separate human integrated-browser manual smoke run was performed.

Dependencies & Execution Order

Phase Dependencies

  • Phase 1 (Setup): starts immediately.
  • Phase 2 (Foundational): depends on Phase 1 and blocks all user stories until the page shell, auth boundaries, and query-seam choice are in place.
  • Phase 3 (US1): depends on Phase 2 and establishes the MVP customer-safe workspace path.
  • Phase 4 (US2): depends on Phase 2 and is safest after US1 because both stories extend the same page and view surfaces.
  • Phase 5 (US3): depends on Phase 2 and is safest after US1 because pack actions and audit reuse build on the same workspace rows.
  • Phase 6 (Polish): depends on every implemented story.

User Story Dependencies

  • US1 (P1): first independently shippable increment once Phase 2 is complete.
  • US2 (P1): independently testable after Phase 2, but should merge after US1 because the same page and view files are shared hotspots.
  • US3 (P2): independently testable after Phase 2, but should merge after US1 because pack actions depend on the same workspace row composition.

Within Each User Story

  • Write the listed feature and browser coverage first and make it fail for the intended gap before implementation.
  • Resolve shared service or route-helper decisions before widening the page view for that story.
  • Re-run the narrowest relevant proof command after each story checkpoint before moving to the next story.

Parallel Opportunities

Phase 1

  • T002 and T003 can run in parallel after T001 confirms the bounded slice.

Phase 2

  • T004 and T005 can run in parallel.
  • After T005 establishes the page shell, T006 and T007 can proceed in parallel because the query seam and page-state plumbing touch different primary files.

User Story 1

  • T008 can run before implementation while T009 and T010 are split across service and entry-link work.
  • T011 should follow T009 and T010 because the absence state depends on the final row composition.

User Story 2

  • T013, T014, and T015 can run in parallel.
  • After the tests exist, T016 and T017 can overlap before T018 checks whether the reused detail surface needs a bounded hardening pass.

User Story 3

  • T019 and T020 can run in parallel.
  • After pack-access tests are in place, T021 and T022 can overlap before T023 finalizes audit reuse or additive wiring.

Implementation Strategy

Suggested MVP Scope

  • MVP = Phase 2 + User Story 1 only. That delivers the canonical read-only workspace page, the latest-published selection rule, tenant-prefilter entry, and truthful no-published-review handling without widening into summary hardening or pack-specific follow-up.

Incremental Delivery

  1. Complete Phase 1 and Phase 2.
  2. Deliver US1 and validate the customer-safe workspace path.
  3. Deliver US2 and validate findings, accepted-risk summaries, and absence of admin controls.
  4. Deliver US3 and validate pack visibility, download safety, and audit reuse.
  5. Finish with Phase 6 validation, executed smoke evidence, formatting, and close-out recording.

Team Strategy

  1. Finish Phase 2 together before splitting story work.
  2. Parallelize test authoring inside each story before converging on the shared page and view files.
  3. Sequence merges touching /Users/ahmeddarrazi/Documents/projects/wt-plattform/apps/platform/app/Filament/Pages/Reviews/CustomerReviewWorkspace.php and /Users/ahmeddarrazi/Documents/projects/wt-plattform/apps/platform/resources/views/filament/pages/reviews/customer-review-workspace.blade.php story-by-story because they are the main conflict hotspots for this slice.