ahmido/TenantAtlas
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects 1 Releases Wiki Activity
b3e6dfdb7c
TenantAtlas/specs/392-customer-output-gating-review-pack-navigation/checklists/requirements.md
ahmido dd7139ebe3 Spec392 customer output gating (#463) 
Implements Spec392 customer output gating for review pack downloads, rendered reports, management PDFs, and customer workspace CTAs.

Validation:
- php vendor/bin/pest --filter=Spec392: 12 passed / 58 assertions
- php vendor/bin/pest --filter='ReviewPack|CustomerReviewWorkspace|StoredReport': 283 passed / 1 skipped / 2053 assertions
- affected browser matrix: 12 passed / 420 assertions
- php vendor/bin/pint --dirty: pass
- git diff --check: pass

Notes:
- Deprecated limited-download semantics remain removed.
- Unsafe customer-facing output returns 403/no output.
- Internal preview/report access is operator-only.

Co-authored-by: Ahmed Darrazi <ahmed.darrazi@live.de>
Reviewed-on: #463
2026-06-20 20:54:50 +00:00

4.3 KiB
Raw Blame History

Requirements Checklist: Spec 392 - Customer Output Gating & Review Pack Navigation v1

Purpose: Validate candidate selection, Spec Kit artifact readiness, constitution alignment, and implementation-loop readiness for Spec 392.
Created: 2026-06-20
Feature: specs/392-customer-output-gating-review-pack-navigation/spec.md

Candidate Selection Gate

  • CHK001 Selected candidate exists in source material: user-provided Spec 392 draft and browser productization BUG-007.
  • CHK002 Selected candidate is not already covered by an existing active or completed Spec 392 package.
  • CHK003 Related completed specs 342, 347, 351, and 372 are treated as read-only historical context.
  • CHK004 Broad Customer Review Workspace v1 completion is explicitly excluded as completed/historical.
  • CHK005 Scope is small enough for a bounded implementation loop: customer-output gate enforcement and truthful navigation only.
  • CHK006 Close alternatives are deferred instead of hidden inside Spec 392.

Spec Completeness

  • CHK007 spec.md defines problem, user value, user stories, functional requirements, non-goals, acceptance criteria, success criteria, assumptions, risks, and follow-up candidates.
  • CHK008 plan.md lists likely affected repo surfaces and distinguishes implementation touch points from supporting surfaces to inspect.
  • CHK009 tasks.md is ordered into small phases with tests, route enforcement, UI correction, browser smoke, validation, and explicit non-goals.
  • CHK010 No unresolved open question blocks safe implementation.
  • CHK011 No template placeholders remain in spec.md, plan.md, or tasks.md.

Constitution And Architecture Alignment

  • CHK012 Spec Candidate Check is filled, scored 11/12, and approved as Core Enterprise.
  • CHK013 Proportionality Review is present for the possible narrow gate/result adapter.
  • CHK014 The spec does not introduce new migrations, persisted readiness truth, enum/status persistence, provider framework, or customer portal architecture.
  • CHK015 Workspace/environment isolation, deny-as-not-found semantics, capability checks, and route-level enforcement are explicit.
  • CHK016 UI Surface Impact and UI/Productization Coverage are completed for existing customer-facing/action surfaces.
  • CHK017 Cross-cutting shared pattern reuse is explicit and prefers existing readiness/disclosure helpers.
  • CHK018 OperationRun impact is bounded to existing proof links only.
  • CHK019 Provider boundary check confirms no new provider/platform seam.
  • CHK020 Test governance names Unit, Feature/HTTP, Filament/Livewire, and Browser lanes with bounded fixture cost.

Filament / Livewire / Deployment Contract

  • CHK021 Filament v5 explicitly targets Livewire v4.0+; current app info reports Livewire 4.1.4.
  • CHK022 Provider registration location is recorded as apps/platform/bootstrap/providers.php; no panel provider change is expected.
  • CHK023 Global search posture is preserved; no new global-search behavior is planned.
  • CHK024 No destructive action is introduced; existing destructive/high-impact actions remain out of scope and must retain confirmation, authorization, audit, and tests.
  • CHK025 Asset strategy is unchanged; no Filament asset registration or filament:assets deployment change is expected.
  • CHK026 Deployment impact explicitly says no env vars, migrations, queues, scheduler, storage topology, Graph scopes, or Dokploy changes are expected.

Task Readiness

  • CHK027 Tasks include repo-truth inventory before implementation.
  • CHK028 Tasks include tests before or alongside gate and route enforcement.
  • CHK029 Tasks include direct-route bypass protection.
  • CHK030 Tasks include customer-workspace CTA destination truth.
  • CHK031 Tasks include internal-preview separation.
  • CHK032 Tasks include browser smoke and direct URL proof.
  • CHK033 Tasks include final validation commands.
  • CHK034 Tasks include stop conditions for broader scope.

Review Outcome

  • CHK035 Review outcome class: acceptable-special-case.
  • CHK036 Workflow outcome: keep.
  • CHK037 Final note location: active feature PR close-out entry Guardrail / Exception / Smoke Coverage.
  • CHK038 Result: ready for implementation loop after manual artifact review.