ahmido/TenantAtlas
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects 1 Releases Wiki Activity
b3e6dfdb7c
TenantAtlas/specs/392-customer-output-gating-review-pack-navigation/checklists/requirements.md
ahmido dd7139ebe3 Spec392 customer output gating (#463) 
Implements Spec392 customer output gating for review pack downloads, rendered reports, management PDFs, and customer workspace CTAs.

Validation:
- php vendor/bin/pest --filter=Spec392: 12 passed / 58 assertions
- php vendor/bin/pest --filter='ReviewPack|CustomerReviewWorkspace|StoredReport': 283 passed / 1 skipped / 2053 assertions
- affected browser matrix: 12 passed / 420 assertions
- php vendor/bin/pint --dirty: pass
- git diff --check: pass

Notes:
- Deprecated limited-download semantics remain removed.
- Unsafe customer-facing output returns 403/no output.
- Internal preview/report access is operator-only.

Co-authored-by: Ahmed Darrazi <ahmed.darrazi@live.de>
Reviewed-on: #463
2026-06-20 20:54:50 +00:00

62 lines
4.3 KiB
Markdown
Raw Blame History

# Requirements Checklist: Spec 392 - Customer Output Gating & Review Pack Navigation v1
**Purpose**: Validate candidate selection, Spec Kit artifact readiness, constitution alignment, and implementation-loop readiness for Spec 392.
**Created**: 2026-06-20
**Feature**: `specs/392-customer-output-gating-review-pack-navigation/spec.md`
## Candidate Selection Gate
- [x] CHK001 Selected candidate exists in source material: user-provided Spec 392 draft and browser productization BUG-007.
- [x] CHK002 Selected candidate is not already covered by an existing active or completed Spec 392 package.
- [x] CHK003 Related completed specs 342, 347, 351, and 372 are treated as read-only historical context.
- [x] CHK004 Broad Customer Review Workspace v1 completion is explicitly excluded as completed/historical.
- [x] CHK005 Scope is small enough for a bounded implementation loop: customer-output gate enforcement and truthful navigation only.
- [x] CHK006 Close alternatives are deferred instead of hidden inside Spec 392.
## Spec Completeness
- [x] CHK007 `spec.md` defines problem, user value, user stories, functional requirements, non-goals, acceptance criteria, success criteria, assumptions, risks, and follow-up candidates.
- [x] CHK008 `plan.md` lists likely affected repo surfaces and distinguishes implementation touch points from supporting surfaces to inspect.
- [x] CHK009 `tasks.md` is ordered into small phases with tests, route enforcement, UI correction, browser smoke, validation, and explicit non-goals.
- [x] CHK010 No unresolved open question blocks safe implementation.
- [x] CHK011 No template placeholders remain in `spec.md`, `plan.md`, or `tasks.md`.
## Constitution And Architecture Alignment
- [x] CHK012 Spec Candidate Check is filled, scored 11/12, and approved as Core Enterprise.
- [x] CHK013 Proportionality Review is present for the possible narrow gate/result adapter.
- [x] CHK014 The spec does not introduce new migrations, persisted readiness truth, enum/status persistence, provider framework, or customer portal architecture.
- [x] CHK015 Workspace/environment isolation, deny-as-not-found semantics, capability checks, and route-level enforcement are explicit.
- [x] CHK016 UI Surface Impact and UI/Productization Coverage are completed for existing customer-facing/action surfaces.
- [x] CHK017 Cross-cutting shared pattern reuse is explicit and prefers existing readiness/disclosure helpers.
- [x] CHK018 OperationRun impact is bounded to existing proof links only.
- [x] CHK019 Provider boundary check confirms no new provider/platform seam.
- [x] CHK020 Test governance names Unit, Feature/HTTP, Filament/Livewire, and Browser lanes with bounded fixture cost.
## Filament / Livewire / Deployment Contract
- [x] CHK021 Filament v5 explicitly targets Livewire v4.0+; current app info reports Livewire 4.1.4.
- [x] CHK022 Provider registration location is recorded as `apps/platform/bootstrap/providers.php`; no panel provider change is expected.
- [x] CHK023 Global search posture is preserved; no new global-search behavior is planned.
- [x] CHK024 No destructive action is introduced; existing destructive/high-impact actions remain out of scope and must retain confirmation, authorization, audit, and tests.
- [x] CHK025 Asset strategy is unchanged; no Filament asset registration or `filament:assets` deployment change is expected.
- [x] CHK026 Deployment impact explicitly says no env vars, migrations, queues, scheduler, storage topology, Graph scopes, or Dokploy changes are expected.
## Task Readiness
- [x] CHK027 Tasks include repo-truth inventory before implementation.
- [x] CHK028 Tasks include tests before or alongside gate and route enforcement.
- [x] CHK029 Tasks include direct-route bypass protection.
- [x] CHK030 Tasks include customer-workspace CTA destination truth.
- [x] CHK031 Tasks include internal-preview separation.
- [x] CHK032 Tasks include browser smoke and direct URL proof.
- [x] CHK033 Tasks include final validation commands.
- [x] CHK034 Tasks include stop conditions for broader scope.
## Review Outcome
- [x] CHK035 Review outcome class: acceptable-special-case.
- [x] CHK036 Workflow outcome: keep.
- [x] CHK037 Final note location: active feature PR close-out entry `Guardrail / Exception / Smoke Coverage`.
- [x] CHK038 Result: ready for implementation loop after manual artifact review.
Reference in New Issue View Git Blame Copy Permalink