Applied customer/auditor safety layout changes to CustomerReviewWorkspace, EnvironmentReviewResource, EvidenceSnapshotResource, ReviewPackResource, and StoredReportResource as per Spec 372. Co-authored-by: Ahmed Darrazi <ahmed.darrazi@live.de> Reviewed-on: #443
67 lines
3.5 KiB
Markdown
67 lines
3.5 KiB
Markdown
# UI-042 Review Pack Detail
|
|
|
|
| Field | Value |
|
|
| --- | --- |
|
|
| Route | `/admin/workspaces/{workspace}/environments/{environment}/review-packs/{record}` |
|
|
| Source | `ReviewPackResource::view` |
|
|
| Area / scope | Reviews / environment artifact detail |
|
|
| Archetype | Evidence / Audit |
|
|
| Design depth | Strategic Surface |
|
|
| Repo truth | repo-verified |
|
|
| Screenshot | `-` |
|
|
| Browser status | Reached in the live in-app browser on 2026-06-05 via the Spec 351 review-output fixture; verified the preview-first action model, ZIP download secondary action, and customer-workspace return context. |
|
|
|
|
## First Five Seconds
|
|
|
|
The page should answer three questions immediately:
|
|
|
|
1. is this pack the current stakeholder-safe export or only a historical artifact
|
|
2. should the actor open the rendered report, download the ZIP, or stop
|
|
3. does this surface permit operator mutation or only read-first inspection
|
|
|
|
## Productization Review
|
|
|
|
- Decision-first: Spec 356 moves the primary inspect path to the rendered report instead of treating ZIP download as the first read.
|
|
- Evidence-first: status, expiry, evidence snapshot linkage, and package contract stay visible as artifact truth.
|
|
- Context: environment-bound artifact detail with optional customer-workspace return context.
|
|
- Capability/RBAC awareness: preview and download remain view-authorized; regenerate stays manage-only and confirmation-gated.
|
|
- Customer/auditor safety: rendered preview is only available for the current ready non-expired review-derived pack.
|
|
- Diagnostics/default hierarchy: the ZIP remains the structured appendix and downloadable artifact, not the first-read surface.
|
|
|
|
## Information Inventory
|
|
|
|
Default-visible content should show pack status, generated/expiry timing, linked review/evidence context, sharing boundary, executive entrypoint guidance, and the current rendered-report launch affordance.
|
|
|
|
## Dangerous Actions
|
|
|
|
- Dangerous or high-impact actions: `regenerate` on the operator detail surface.
|
|
- Current confirmation/evidence posture: `regenerate` is capability-gated and `->requiresConfirmation()`; customer-workspace flow suppresses it entirely.
|
|
- Target handling: keep preview and download read-only; do not let historical/expired packs impersonate the current report path.
|
|
|
|
## Spec 356 Follow-up
|
|
|
|
Spec 356 productizes this page as the owner-side artifact detail:
|
|
|
|
- `Open rendered report` is now the primary action for current ready packs.
|
|
- ZIP download remains available as the structured appendix artifact.
|
|
- Customer-workspace detail flow keeps `regenerate` hidden so the page does not compete with read-first stakeholder handoff.
|
|
|
|
## Target Direction
|
|
|
|
Keep this surface artifact-truth-first and narrowly scoped. Future work should deepen proof hierarchy and browser evidence, not invent a second portal or artifact family.
|
|
|
|
## Spec 372 Follow-up
|
|
|
|
Spec 372 keeps the existing rendered-report/download action model and reorganizes the detail content.
|
|
|
|
- `Outcome summary` and `Output guidance` now lead the page
|
|
- `Pack readiness and contents` owns the first artifact-proof block
|
|
- evidence basis and released-review links appear before storage/operation metadata
|
|
- options, initiator, customer-workspace link, operation link/count, freshness, SHA, and fingerprints moved into collapsed `Technical pack details`
|
|
- technical pack details are hidden entirely in customer-workspace flow
|
|
|
|
### Browser proof
|
|
|
|
- Spec372 screenshot: `specs/372-customer-auditor-surface-safety-pass/artifacts/screenshots/003-review-pack-view-after.png`
|
|
- Browser smoke verified readiness before technical details and no JavaScript errors or console logs.
|