Some checks failed
PR Fast Feedback / fast-feedback (pull_request) Failing after 4m44s
Added BaselineReadinessGate, resolution propagation, and disclosure semantics logic per Spec 385. Integrated baseline unreadiness into Customer Review Workspace and Review Packs.
76 lines
4.1 KiB
Markdown
76 lines
4.1 KiB
Markdown
# UI-042 Review Pack Detail
|
|
|
|
| Field | Value |
|
|
| --- | --- |
|
|
| Route | `/admin/workspaces/{workspace}/environments/{environment}/review-packs/{record}` |
|
|
| Source | `ReviewPackResource::view` |
|
|
| Area / scope | Reviews / environment artifact detail |
|
|
| Archetype | Evidence / Audit |
|
|
| Design depth | Strategic Surface |
|
|
| Repo truth | repo-verified |
|
|
| Screenshot | `-` |
|
|
| Browser status | Reached in the live in-app browser on 2026-06-05 via the Spec 351 review-output fixture; verified the preview-first action model, ZIP download secondary action, and customer-workspace return context. |
|
|
|
|
## First Five Seconds
|
|
|
|
The page should answer three questions immediately:
|
|
|
|
1. is this pack the current stakeholder-safe export or only a historical artifact
|
|
2. should the actor open the rendered report, download the ZIP, or stop
|
|
3. does this surface permit operator mutation or only read-first inspection
|
|
|
|
## Productization Review
|
|
|
|
- Decision-first: Spec 356 moves the primary inspect path to the rendered report instead of treating ZIP download as the first read.
|
|
- Evidence-first: status, expiry, evidence snapshot linkage, and package contract stay visible as artifact truth.
|
|
- Context: environment-bound artifact detail with optional customer-workspace return context.
|
|
- Capability/RBAC awareness: preview and download remain view-authorized; regenerate stays manage-only and confirmation-gated.
|
|
- Customer/auditor safety: rendered preview is only available for the current ready non-expired review-derived pack.
|
|
- Diagnostics/default hierarchy: the ZIP remains the structured appendix and downloadable artifact, not the first-read surface.
|
|
|
|
## Information Inventory
|
|
|
|
Default-visible content should show pack status, generated/expiry timing, linked review/evidence context, sharing boundary, executive entrypoint guidance, and the current rendered-report launch affordance.
|
|
|
|
## Dangerous Actions
|
|
|
|
- Dangerous or high-impact actions: `regenerate` on the operator detail surface.
|
|
- Current confirmation/evidence posture: `regenerate` is capability-gated and `->requiresConfirmation()`; customer-workspace flow suppresses it entirely.
|
|
- Target handling: keep preview and download read-only; do not let historical/expired packs impersonate the current report path.
|
|
|
|
## Spec 356 Follow-up
|
|
|
|
Spec 356 productizes this page as the owner-side artifact detail:
|
|
|
|
- `Open rendered report` is now the primary action for current ready packs.
|
|
- ZIP download remains available as the structured appendix artifact.
|
|
- Customer-workspace detail flow keeps `regenerate` hidden so the page does not compete with read-first stakeholder handoff.
|
|
|
|
## Target Direction
|
|
|
|
Keep this surface artifact-truth-first and narrowly scoped. Future work should deepen proof hierarchy and browser evidence, not invent a second portal or artifact family.
|
|
|
|
## Spec 372 Follow-up
|
|
|
|
Spec 372 keeps the existing rendered-report/download action model and reorganizes the detail content.
|
|
|
|
- `Outcome summary` and `Output guidance` now lead the page
|
|
- `Pack readiness and contents` owns the first artifact-proof block
|
|
- evidence basis and released-review links appear before storage/operation metadata
|
|
- options, initiator, customer-workspace link, operation link/count, freshness, SHA, and fingerprints moved into collapsed `Technical pack details`
|
|
- technical pack details are hidden entirely in customer-workspace flow
|
|
|
|
### Browser proof
|
|
|
|
- Spec372 screenshot: `specs/372-customer-auditor-surface-safety-pass/artifacts/screenshots/003-review-pack-view-after.png`
|
|
- Browser smoke verified readiness before technical details and no JavaScript errors or console logs.
|
|
|
|
## Spec 385 Follow-up
|
|
|
|
Spec 385 extends the existing output-readiness contract on this surface.
|
|
|
|
- baseline publication blockers now map to the existing `Output not customer-ready` guidance state
|
|
- baseline accepted limitations, foundation-only coverage, and exclusions map to disclosed limitation guidance
|
|
- customer-safe exports retain baseline state/counts but drop baseline internal diagnostics from customer payloads
|
|
- rendered-report disclosure policy now includes a baseline readiness proof row for customer-facing profiles
|