ahmido/TenantAtlas
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects 1 Releases Wiki Activity
b3e6dfdb7c
TenantAtlas/specs/386-review-publication-resolution-workflow-v1/checklists/requirements.md
ahmido ba7622a158 feat: implement ReviewPublicationResolutionWorkflow (Spec 386) (#457) 
## Summary\n- Implements the ReviewPublicationResolutionWorkflow for Spec 386.\n- Adds resolution case/step persistence, policies, services, audit action IDs, and Filament integration.\n- Updates specs, UI/UX documentation, screenshots, and Pest coverage.\n\n## Tests\n- Not run during this handoff; branch was already clean and pushed.\n\n## Target\n- Base: platform-dev\n- Head/topic: 386-review-publication-resolution-workflow-v1

Co-authored-by: Ahmed Darrazi <ahmed.darrazi@live.de>
Reviewed-on: #457
2026-06-18 21:06:20 +00:00

5.2 KiB
Raw Blame History

Requirements Checklist: Spec 386 - Review Publication Resolution Workflow v1

Purpose: Preparation quality and constitution gate for Spec 386 before implementation. Created: 2026-06-18 Feature: specs/386-review-publication-resolution-workflow-v1/spec.md

Candidate And Scope

  • CHK001 The selected candidate is directly user-provided and not invented from an empty auto-prep queue.
  • CHK002 The candidate is not already covered by an existing specs/386-* package.
  • CHK003 Completed dependency specs 350, 351, 367, and 385 are treated as read-only historical/context artifacts.
  • CHK004 The smallest viable slice is Review Publication resolution only.
  • CHK005 Generic workflow engine, generic action-resolution registry, auto-publish, customer self-resolution, and non-review adapters are explicitly out of scope.

Spec Approval Rubric

  • CHK006 The Spec Candidate Check answers the operator workflow, trust/safety, smallest version, complexity, and why-now questions.
  • CHK007 The spec is classified as Core Enterprise.
  • CHK008 Red flags are named and defended.
  • CHK009 The score is at least 7/12 and the decision is approve.
  • CHK010 The proportionality review covers current problem, insufficiency, narrowest implementation, ownership cost, rejected alternative, and release truth.

Repository Truth

  • CHK011 Existing affected sources are named from repo truth, including Environment Review, Evidence Snapshot, Stored Report, Review Pack, OperationRun, ResolutionGuidance, and ReviewPackOutputResolutionGuidance surfaces.
  • CHK012 Source-of-truth boundaries are preserved: OperationRun execution truth, evidence/report/review/pack artifact truth, and case/step workflow state only.
  • CHK013 Review-publication-specific persistence is preferred; generic action_resolution_* persistence requires a spec/plan/tasks update first.
  • CHK014 Pre-production compatibility posture rejects legacy shims, aliases, dual-write, and old payload readers.

UI And Surface Coverage

  • CHK015 UI Surface Impact is completed and identifies existing page changes plus a new subject-driven workflow route/surface.
  • CHK016 UI/Productization Coverage names affected surfaces and coverage artifact expectations.
  • CHK017 Customer-safe non-leakage requirements are explicit.
  • CHK018 Dangerous/high-impact action review is required for queued/artifact/cancel/supersede step actions.
  • CHK019 Tasks include UI coverage/page-report/route-inventory/design-matrix updates for the new workflow surface.
  • CHK020 The spec includes a UI Action Matrix and a Filament v5 implementation close-out contract.

Shared Patterns And OperationRun

  • CHK021 Cross-cutting shared pattern reuse names existing helpers before any local composition.
  • CHK022 Any new service family is bounded to Review Publication and barred from becoming generic workflow infrastructure.
  • CHK023 OperationRun remains execution truth; step links do not duplicate run status/outcome as canonical truth.
  • CHK024 Existing OperationRun start/link/presenter behavior remains delegated to shared/source-owned paths.
  • CHK025 Provider boundary rules keep provider identifiers internal/proof-only and primary workflow language provider-neutral.

RBAC, Security, And Disclosure

  • CHK026 Workspace/environment entitlement and deny-as-not-found boundaries are required for case, step, subject, proof, operation, and artifact resolution.
  • CHK027 Viewing a case does not imply permission to execute every step.
  • CHK028 Customer-safe output forbids internal case details, step lists, failed OperationRun debug, permission blocker internals, raw report state, raw provider payloads, and raw evidence JSON.
  • CHK029 Audit events are specified for case and step lifecycle events.
  • CHK030 No Graph/provider calls are allowed during resolution page render or readiness display.

Test And Validation Readiness

  • CHK031 Test purpose and lanes are explicit: Unit, Feature, Filament/Livewire, PostgreSQL, Browser.
  • CHK032 Tasks include tests before migrations/services/UI implementation.
  • CHK033 Tasks cover duplicate active cases, stale/current proof, failed/running runs, zero-results behavior, and case completion.
  • CHK034 Tasks include RBAC/isolation/audit/customer-leakage tests.
  • CHK035 Tasks include browser-smoke and screenshot artifact decisions.
  • CHK036 Validation commands are present in the spec, plan, and tasks.

Readiness Outcome

  • CHK037 Candidate Selection Gate result: PASS.
  • CHK038 Spec Readiness Gate result: PASS for implementation preparation.
  • CHK039 Review outcome class: acceptable-special-case.
  • CHK040 Workflow outcome: keep.
  • CHK041 Final note location: implementation close-out entry Review Publication Resolution Workflow.

Notes

Preparation is ready for implementation review. The later implementation loop must stop and update spec.md, plan.md, and tasks.md before adding a generic workflow engine, generic action_resolution_* schema, top-level navigation, global-search resource, customer-facing resolution workflow, auto-publish behavior, new Graph/provider call path, or non-review adapter.