ahmido/TenantAtlas
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects 1 Releases Wiki Activity
adb3737298
TenantAtlas/specs/308-decision-register-summary-review-pack/tasks.md
ahmido 77c343fb35 feat: implement decision register summary in environment review packs (#363) 
## Summary
- add decision register summary output to environment review packs
- update environment review evidence composition and localized summary rendering
- add coverage for executive pack and derived review pack behavior
- include spec artifacts for feature 308

## Testing
- cd apps/platform && ./vendor/bin/sail artisan test --compact tests/Feature/EnvironmentReview/EnvironmentReviewExecutivePackTest.php tests/Feature/ReviewPack/EnvironmentReviewDerivedReviewPackTest.php

Co-authored-by: Ahmed Darrazi <ahmed.darrazi@live.de>
Reviewed-on: #363
2026-05-15 12:54:41 +00:00

11 KiB
Raw Blame History

Tasks: Decision Register Customer-Safe Summary & Review-Pack Inclusion

Input: Design documents from /specs/308-decision-register-summary-review-pack/ Prerequisites: spec.md, plan.md, checklists/requirements.md

Tests: Required. Use Pest 4 focused Feature coverage and the existing bounded Browser smoke only if rendered customer-review UI changes.

Test Governance Checklist

  • Lane assignment is named and is the narrowest sufficient proof for the changed behavior.
  • New or changed tests stay in the smallest honest family, and any browser addition is limited to the existing bounded customer-review smoke.
  • Shared helpers, factories, seeds, fixtures, and context defaults stay cheap by default.
  • Planned validation commands cover the change without pulling unrelated suite cost.
  • The declared shared-detail-family / standard-native-filament surface profile is explicit.
  • Any material budget, baseline, trend, or escalation note is recorded in the active feature close-out.

Phase 1: Preparation and Current-Truth Verification

  • T001 Review /Users/ahmeddarrazi/Documents/projects/wt-plattform/specs/308-decision-register-summary-review-pack/spec.md, /Users/ahmeddarrazi/Documents/projects/wt-plattform/specs/308-decision-register-summary-review-pack/plan.md, and /Users/ahmeddarrazi/Documents/projects/wt-plattform/specs/308-decision-register-summary-review-pack/checklists/requirements.md.
  • T002 Inspect current governance_package summary generation in /Users/ahmeddarrazi/Documents/projects/wt-plattform/apps/platform/app/Services/EnvironmentReviews/EnvironmentReviewComposer.php.
  • T003 Inspect current review-derived Review Pack generation in /Users/ahmeddarrazi/Documents/projects/wt-plattform/apps/platform/app/Jobs/GenerateReviewPackJob.php and /Users/ahmeddarrazi/Documents/projects/wt-plattform/apps/platform/app/Services/ReviewPackService.php.
  • T004 Inspect current customer-safe review/package presentation in /Users/ahmeddarrazi/Documents/projects/wt-plattform/apps/platform/app/Filament/Pages/Reviews/CustomerReviewWorkspace.php, /Users/ahmeddarrazi/Documents/projects/wt-plattform/apps/platform/app/Filament/Resources/EnvironmentReviewResource.php, and /Users/ahmeddarrazi/Documents/projects/wt-plattform/apps/platform/app/Filament/Resources/ReviewPackResource.php.
  • T005 Confirm no migration, new model, new capability, new OperationRun type, new global-search resource, or new asset registration is needed; stop and update the spec if this is false.

Phase 2: Tests First - Customer-Safe Review Summary (US1)

  • T006 [US1] Add or extend a focused feature test in /Users/ahmeddarrazi/Documents/projects/wt-plattform/apps/platform/tests/Feature/EnvironmentReview/EnvironmentReviewCreationTest.php or /Users/ahmeddarrazi/Documents/projects/wt-plattform/apps/platform/tests/Feature/EnvironmentReview/EnvironmentReviewExecutivePackTest.php proving a released review summary includes customer-safe decision-summary content when governance decisions require awareness.
  • T007 [US1] Add a no-decisions scenario proving the summary renders a calm none state rather than implying hidden risk.
  • T008 [US1] Add an incomplete/unavailable evidence scenario proving the summary distinguishes unavailable decision data from no decisions when current evidence completeness supports the distinction.
  • T009 [US1] Add assertions that customer-safe review summary content does not include raw JSON, fingerprints, internal reason ownership, platform reason families, raw OperationRun IDs, or OperationRun URLs.

Phase 3: Tests First - Review Pack Inclusion (US2)

  • T010 [US2] Extend /Users/ahmeddarrazi/Documents/projects/wt-plattform/apps/platform/tests/Feature/ReviewPack/EnvironmentReviewDerivedReviewPackTest.php to generate a review-derived Review Pack with governance decisions and assert summary.json includes structured customer-safe decision-summary content.
  • T011 [US2] Extend the same test to assert executive-summary.md includes readable Governance decisions requiring awareness content matching the structured summary.
  • T012 [US2] Add a redaction assertion for include_pii=false proving tenant names, actor/owner labels, and other PII-bearing decision fields are redacted or omitted.
  • T013 [US2] Add an assertion that existing review-derived pack metadata still carries auditor_ready_executive_export.v1, metadata.json, summary.json, sections.json, and executive-summary.md without introducing a new top-level export family.

Phase 4: Tests First - Scope, RBAC, and Lifecycle Boundaries (US3)

  • T014 [US3] Extend /Users/ahmeddarrazi/Documents/projects/wt-plattform/apps/platform/tests/Feature/Reviews/CustomerReviewWorkspacePackAccessTest.php or adjacent review workspace tests to prove hidden workspace/environment decisions do not affect visible customer-safe summary counts or copy.
  • T015 [US3] Add or extend review-pack access assertions proving existing non-member 404 and missing-capability 403 behavior remains unchanged for view/download paths.
  • T016 [US3] Add assertions that customer-safe surfaces do not introduce approve, reject, renew, revoke, closure, or escalation actions.

Phase 5: Implement Customer-Safe Summary Derivation

  • T017 [US1] Extend existing summary composition in /Users/ahmeddarrazi/Documents/projects/wt-plattform/apps/platform/app/Services/EnvironmentReviews/EnvironmentReviewComposer.php with a bounded customer-safe decision summary derived from current review/evidence/decision truth.
  • T018 [US1] Keep the summary additive under existing governance_package payloads, preferring decision_summary and/or clarified governance_decisions keys over new persistence or public framework classes.
  • T019 [US1] Ensure summary entries include customer-safe title, awareness reason/governance state, summary, count, and next-action wording where available.
  • T020 [US1] Ensure no customer-safe summary field copies raw proof URLs, raw OperationRun URLs, source fingerprints, platform reason families, or provider payload dumps.
  • T021 [US1] Preserve existing non-certification / interpretation disclosure when decision-summary content is present.

Phase 6: Implement Review Pack Inclusion

  • T022 [US2] Update /Users/ahmeddarrazi/Documents/projects/wt-plattform/apps/platform/app/Jobs/GenerateReviewPackJob.php so review-derived summary.json includes the customer-safe decision summary from the released review.
  • T023 [US2] Update executive-summary.md generation in /Users/ahmeddarrazi/Documents/projects/wt-plattform/apps/platform/app/Jobs/GenerateReviewPackJob.php to render a concise decision-awareness section from the same structured summary.
  • T024 [US2] Ensure include_pii=false flows through the existing redaction path for any tenant, actor, owner, or customer-identifying decision summary field.
  • T025 [US2] Preserve existing ZIP file names and delivery metadata unless a bounded additive metadata note is required and tested.

Phase 7: Implement Customer Surface Presentation If Needed

  • T026 [US1] If current customer workspace/review detail surfaces do not expose the summary clearly, add a native/shared Filament presentation in /Users/ahmeddarrazi/Documents/projects/wt-plattform/apps/platform/app/Filament/Pages/Reviews/CustomerReviewWorkspace.php or /Users/ahmeddarrazi/Documents/projects/wt-plattform/apps/platform/app/Filament/Resources/EnvironmentReviewResource.php.
  • T027 [US1] Keep exactly one dominant next action on each changed surface (Open review, Download governance package, or existing Download), with decision summary as supporting content.
  • T028 [US1] Use existing Filament sections/infolists/table text and BADGE-001-backed badges where status-like display is needed; do not add ad-hoc CSS, custom cards, local color mappings, or new assets.
  • T029 [US3] Confirm /Users/ahmeddarrazi/Documents/projects/wt-plattform/apps/platform/app/Filament/Pages/Governance/DecisionRegister.php remains an operator surface and is not redesigned for this feature.

Phase 8: Filament, RBAC, and Asset Contract Review

  • T030 Confirm Filament v5 / Livewire v4 compliance for any changed Filament page/resource and do not introduce Livewire v3 references.
  • T031 Confirm panel provider registration remains unchanged in /Users/ahmeddarrazi/Documents/projects/wt-plattform/apps/platform/bootstrap/providers.php.
  • T032 Confirm no globally searchable resource is added or changed; if a resource is unexpectedly changed, verify View/Edit/global-search posture per Filament v5 rules.
  • T033 Confirm no new destructive action is introduced and existing Review Pack destructive-like actions still use ->requiresConfirmation() plus existing authorization.
  • T034 Confirm no frontend assets are registered; deployment filament:assets requirements are unchanged.

Phase 9: Validation

  • T035 Run cd apps/platform && ./vendor/bin/sail artisan test --compact tests/Feature/EnvironmentReview/EnvironmentReviewExecutivePackTest.php tests/Feature/EnvironmentReview/EnvironmentReviewCreationTest.php.
  • T036 Run cd apps/platform && ./vendor/bin/sail artisan test --compact tests/Feature/ReviewPack/EnvironmentReviewDerivedReviewPackTest.php tests/Feature/ReviewPack/ReviewPackResourceTest.php.
  • T037 Run cd apps/platform && ./vendor/bin/sail artisan test --compact tests/Feature/Reviews/CustomerReviewWorkspacePageTest.php tests/Feature/Reviews/CustomerReviewWorkspacePackAccessTest.php.
  • T038 If rendered customer workspace or review detail UI changed, run cd apps/platform && ./vendor/bin/sail artisan test --compact tests/Browser/Reviews/CustomerReviewWorkspaceSmokeTest.php.
  • T039 Run cd apps/platform && ./vendor/bin/sail bin pint --dirty --format agent.
  • T040 Run git diff --check.

Phase 10: Close-Out

  • T041 Record implementation close-out notes in /Users/ahmeddarrazi/Documents/projects/wt-plattform/specs/308-decision-register-summary-review-pack/plan.md, including changed files, no-migration status, no-asset status, test results, browser smoke result or reason not run, and remaining gaps.
  • T042 Confirm customer-safe summary and Review Pack inclusion remain in scope and follow-up candidates are not implemented here.
  • T043 Confirm no application implementation happened outside the selected review/review-pack/customer-safe summary surfaces and focused tests.

Dependency Order

  1. T001-T005 before implementation.
  2. T006-T016 before or alongside implementation changes.
  3. T017-T025 before UI presentation work.
  4. T026-T029 only if rendered UI needs adjustment after summary/export changes.
  5. T030-T040 before close-out.

Parallel Work Guidance

  • T006-T009 can run in parallel with T010-T013 after Phase 1.
  • T014-T016 can run in parallel with summary/export implementation.
  • T030-T034 can be reviewed after implementation before validation.

Non-Goals Checklist

  • No new decision persistence.
  • No new review-pack status or operation type.
  • No customer approval/mutation workflow.
  • No raw OperationRun or proof links in customer-safe default content.
  • No new asset bundle or ad-hoc custom styling.