ahmido/TenantAtlas
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects 1 Releases Wiki Activity

feat: harden workspace governance attention foundation

Browse Source
This commit is contained in:
Ahmed Darrazi 2026-04-04 23:07:37 +02:00
parent 44898a98ac
commit 140399f96f
46 changed files with 3795 additions and 350 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
.github/agents/copilot-instructions.md vendored
View File

@ -127,6 +127,8 @@ ## Active Technologies
- PostgreSQL unchanged; no new persistence, cache store, or durable dashboard summary artifac (173-tenant-dashboard-truth-alignment) - PostgreSQL unchanged; no new persistence, cache store, or durable dashboard summary artifac (173-tenant-dashboard-truth-alignment)
- PHP 8.4, Laravel 12, Filament v5, Livewire v4, Blade + Filament v5, Livewire v4, Pest v4, Laravel Sail, existing `ArtifactTruthPresenter`, `ArtifactTruthEnvelope`, `TenantReviewReadinessGate`, `EvidenceSnapshotService`, `TenantReviewRegisterService`, and current evidence/review/review-pack resources and pages (174-evidence-freshness-publication-trust) - PHP 8.4, Laravel 12, Filament v5, Livewire v4, Blade + Filament v5, Livewire v4, Pest v4, Laravel Sail, existing `ArtifactTruthPresenter`, `ArtifactTruthEnvelope`, `TenantReviewReadinessGate`, `EvidenceSnapshotService`, `TenantReviewRegisterService`, and current evidence/review/review-pack resources and pages (174-evidence-freshness-publication-trust)
- PostgreSQL with existing `evidence_snapshots`, `evidence_snapshot_items`, `tenant_reviews`, and `review_packs` tables using current summary JSON and timestamps; no schema change planned (174-evidence-freshness-publication-trust) - PostgreSQL with existing `evidence_snapshots`, `evidence_snapshot_items`, `tenant_reviews`, and `review_packs` tables using current summary JSON and timestamps; no schema change planned (174-evidence-freshness-publication-trust)
- PHP 8.4.15 + Laravel 12, Filament v5, Livewire v4, Pest v4, existing `WorkspaceOverviewBuilder`, `TenantGovernanceAggregateResolver`, `BaselineCompareStats`, `BaselineCompareSummaryAssessor`, `WorkspaceSummaryStats`, `WorkspaceNeedsAttention`, `WorkspaceRecentOperations`, `FindingResource`, `BaselineCompareLanding`, `EvidenceSnapshotResource`, `TenantReviewResource`, and canonical admin Operations routes (175-workspace-governance-attention)
- PostgreSQL unchanged; no new persistence, cache table, or materialized aggregate is introduced (175-workspace-governance-attention)
- PHP 8.4.15 (feat/005-bulk-operations) - PHP 8.4.15 (feat/005-bulk-operations)
@ -146,8 +148,8 @@ ## Code Style
PHP 8.4.15: Follow standard conventions PHP 8.4.15: Follow standard conventions
## Recent Changes ## Recent Changes
- 175-workspace-governance-attention: Added PHP 8.4.15 + Laravel 12, Filament v5, Livewire v4, Pest v4, existing `WorkspaceOverviewBuilder`, `TenantGovernanceAggregateResolver`, `BaselineCompareStats`, `BaselineCompareSummaryAssessor`, `WorkspaceSummaryStats`, `WorkspaceNeedsAttention`, `WorkspaceRecentOperations`, `FindingResource`, `BaselineCompareLanding`, `EvidenceSnapshotResource`, `TenantReviewResource`, and canonical admin Operations routes
- 174-evidence-freshness-publication-trust: Added PHP 8.4, Laravel 12, Filament v5, Livewire v4, Blade + Filament v5, Livewire v4, Pest v4, Laravel Sail, existing `ArtifactTruthPresenter`, `ArtifactTruthEnvelope`, `TenantReviewReadinessGate`, `EvidenceSnapshotService`, `TenantReviewRegisterService`, and current evidence/review/review-pack resources and pages - 174-evidence-freshness-publication-trust: Added PHP 8.4, Laravel 12, Filament v5, Livewire v4, Blade + Filament v5, Livewire v4, Pest v4, Laravel Sail, existing `ArtifactTruthPresenter`, `ArtifactTruthEnvelope`, `TenantReviewReadinessGate`, `EvidenceSnapshotService`, `TenantReviewRegisterService`, and current evidence/review/review-pack resources and pages
- 173-tenant-dashboard-truth-alignment: Added PHP 8.4.15 + Laravel 12, Filament v5, Livewire v4, Pest v4, existing `TenantDashboard`, `DashboardKpis`, `NeedsAttention`, `BaselineCompareNow`, `RecentDriftFindings`, `RecentOperations`, `TenantGovernanceAggregateResolver`, `BaselineCompareStats`, `BaselineCompareSummaryAssessor`, `FindingResource`, `OperationRunLinks`, and canonical admin Operations page - 173-tenant-dashboard-truth-alignment: Added PHP 8.4.15 + Laravel 12, Filament v5, Livewire v4, Pest v4, existing `TenantDashboard`, `DashboardKpis`, `NeedsAttention`, `BaselineCompareNow`, `RecentDriftFindings`, `RecentOperations`, `TenantGovernanceAggregateResolver`, `BaselineCompareStats`, `BaselineCompareSummaryAssessor`, `FindingResource`, `OperationRunLinks`, and canonical admin Operations page
- 172-deferred-operator-surfaces-retrofit: Added PHP 8.4, Laravel 12, Livewire v4, Filament v5, Tailwind CSS v4 + `laravel/framework`, `filament/filament`, `livewire/livewire`, `pestphp/pest`
<!-- MANUAL ADDITIONS START --> <!-- MANUAL ADDITIONS START -->
<!-- MANUAL ADDITIONS END --> <!-- MANUAL ADDITIONS END -->

17
app/Filament/Pages/Monitoring/Alerts.php
View File

@ -10,6 +10,7 @@
use App\Models\Workspace; use App\Models\Workspace;
use App\Services\Auth\WorkspaceCapabilityResolver; use App\Services\Auth\WorkspaceCapabilityResolver;
use App\Support\Auth\Capabilities; use App\Support\Auth\Capabilities;
use App\Support\Navigation\CanonicalNavigationContext;
use App\Support\OperateHub\OperateHubShell; use App\Support\OperateHub\OperateHubShell;
use App\Support\Workspaces\WorkspaceContext; use App\Support\Workspaces\WorkspaceContext;
use BackedEnum; use BackedEnum;
@ -79,9 +80,23 @@ protected function getHeaderWidgets(): array
*/ */
protected function getHeaderActions(): array protected function getHeaderActions(): array
{ {
return app(OperateHubShell::class)->headerActions( $actions = app(OperateHubShell::class)->headerActions(
scopeActionName: 'operate_hub_scope_alerts', scopeActionName: 'operate_hub_scope_alerts',
returnActionName: 'operate_hub_return_alerts', returnActionName: 'operate_hub_return_alerts',
); );
$navigationContext = CanonicalNavigationContext::fromRequest(request());
if ($navigationContext?->backLinkLabel !== null && $navigationContext->backLinkUrl !== null) {
array_splice($actions, 1, 0, [
Action::make('operate_hub_back_to_origin_alerts')
->label($navigationContext->backLinkLabel)
->icon('heroicon-o-arrow-left')
->color('gray')
->url($navigationContext->backLinkUrl),
]);
}
return $actions;
} }
} }

20
app/Filament/Pages/Monitoring/Operations.php
View File

@ -74,6 +74,8 @@ public function mount(): void
{ {
$this->navigationContextPayload = is_array(request()->query('nav')) ? request()->query('nav') : null; $this->navigationContextPayload = is_array(request()->query('nav')) ? request()->query('nav') : null;
$this->applyRequestedTenantScope();
app(CanonicalAdminTenantFilterState::class)->sync( app(CanonicalAdminTenantFilterState::class)->sync(
$this->getTableFiltersSessionKey(), $this->getTableFiltersSessionKey(),
['type', 'initiator_name'], ['type', 'initiator_name'],
@ -187,6 +189,17 @@ public function table(Table $table): Table
}); });
} }
private function applyRequestedTenantScope(): void
{
if (! $this->shouldForceWorkspaceWideTenantScope()) {
return;
}
Filament::setTenant(null, true);
app(WorkspaceContext::class)->clearLastTenantId(request());
}
/** /**
* @return array{likely_stale:int,reconciled:int} * @return array{likely_stale:int,reconciled:int}
*/ */
@ -258,6 +271,7 @@ private function scopedSummaryQuery(): ?Builder
private function applyRequestedDashboardPrefilter(): void private function applyRequestedDashboardPrefilter(): void
{ {
if (! $this->shouldForceWorkspaceWideTenantScope()) {
$requestedTenantId = request()->query('tenant_id'); $requestedTenantId = request()->query('tenant_id');
if (is_numeric($requestedTenantId)) { if (is_numeric($requestedTenantId)) {
@ -265,6 +279,7 @@ private function applyRequestedDashboardPrefilter(): void
$this->tableFilters['tenant_id']['value'] = $tenantId; $this->tableFilters['tenant_id']['value'] = $tenantId;
$this->tableDeferredFilters['tenant_id']['value'] = $tenantId; $this->tableDeferredFilters['tenant_id']['value'] = $tenantId;
} }
}
$requestedTab = request()->query('activeTab'); $requestedTab = request()->query('activeTab');
@ -272,4 +287,9 @@ private function applyRequestedDashboardPrefilter(): void
$this->activeTab = (string) $requestedTab; $this->activeTab = (string) $requestedTab;
} }
} }
private function shouldForceWorkspaceWideTenantScope(): bool
{
return request()->query('tenant_scope') === 'all';
}
} }

3
app/Filament/Pages/Workspaces/ManagedTenantOnboardingWizard.php
View File

@ -87,7 +87,6 @@
use Illuminate\Database\QueryException; use Illuminate\Database\QueryException;
use Illuminate\Foundation\Auth\Access\AuthorizesRequests; use Illuminate\Foundation\Auth\Access\AuthorizesRequests;
use Illuminate\Support\Facades\DB; use Illuminate\Support\Facades\DB;
use Illuminate\Support\Facades\Gate;
use Illuminate\Validation\ValidationException; use Illuminate\Validation\ValidationException;
use InvalidArgumentException; use InvalidArgumentException;
use Livewire\Attributes\Locked; use Livewire\Attributes\Locked;
@ -3334,7 +3333,7 @@ private function canInspectOperationRun(OperationRun $run): bool
return false; return false;
} }
return Gate::forUser($user)->allows('view', $run); return $user->can('view', $run);
} }
public function verificationSucceeded(): bool public function verificationSucceeded(): bool

28
app/Filament/Widgets/Workspace/WorkspaceNeedsAttention.php
View File

@ -16,11 +16,21 @@ class WorkspaceNeedsAttention extends Widget
/** /**
* @var array<int, array{ * @var array<int, array{
* key: string,
* tenant_id: int,
* tenant_label: string,
* tenant_route_key: string,
* family: string,
* urgency: string,
* title: string, * title: string,
* body: string, * body: string,
* url: string, * supporting_message: ?string,
* badge: string, * badge: string,
* badge_color: string * badge_color: string,
* destination: array<string, mixed>,
* action_disabled: bool,
* helper_text: ?string,
* url: ?string
* }> * }>
*/ */
public array $items = []; public array $items = [];
@ -37,11 +47,21 @@ class WorkspaceNeedsAttention extends Widget
/** /**
* @param array<int, array{ * @param array<int, array{
* key: string,
* tenant_id: int,
* tenant_label: string,
* tenant_route_key: string,
* family: string,
* urgency: string,
* title: string, * title: string,
* body: string, * body: string,
* url: string, * supporting_message: ?string,
* badge: string, * badge: string,
* badge_color: string * badge_color: string,
* destination: array<string, mixed>,
* action_disabled: bool,
* helper_text: ?string,
* url: ?string
* }> $items * }> $items
* @param array{ * @param array{
* title: string, * title: string,

2
app/Filament/Widgets/Workspace/WorkspaceRecentOperations.php
View File

@ -25,6 +25,7 @@ class WorkspaceRecentOperations extends Widget
* outcome_color: string, * outcome_color: string,
* guidance: ?string, * guidance: ?string,
* started_at: string, * started_at: string,
* destination: array<string, mixed>,
* url: string * url: string
* }> * }>
*/ */
@ -51,6 +52,7 @@ class WorkspaceRecentOperations extends Widget
* outcome_color: string, * outcome_color: string,
* guidance: ?string, * guidance: ?string,
* started_at: string, * started_at: string,
* destination: array<string, mixed>,
* url: string * url: string
* }> $operations * }> $operations
* @param array{ * @param array{

17
app/Filament/Widgets/Workspace/WorkspaceSummaryStats.php
View File

@ -20,9 +20,11 @@ class WorkspaceSummaryStats extends StatsOverviewWidget
* key: string, * key: string,
* label: string, * label: string,
* value: int, * value: int,
* category: string,
* description: string, * description: string,
* destination: ?array<string, mixed>,
* destination_url: ?string, * destination_url: ?string,
* color: string * color: string,
* }> * }>
*/ */
public array $metrics = []; public array $metrics = [];
@ -32,9 +34,11 @@ class WorkspaceSummaryStats extends StatsOverviewWidget
* key: string, * key: string,
* label: string, * label: string,
* value: int, * value: int,
* category: string,
* description: string, * description: string,
* destination: ?array<string, mixed>,
* destination_url: ?string, * destination_url: ?string,
* color: string * color: string,
* }> $metrics * }> $metrics
*/ */
public function mount(array $metrics = []): void public function mount(array $metrics = []): void
@ -53,8 +57,13 @@ protected function getStats(): array
->description($metric['description']) ->description($metric['description'])
->color($metric['color']); ->color($metric['color']);
if ($metric['destination_url'] !== null) { $destination = $metric['destination'] ?? null;
$stat->url($metric['destination_url']); $destinationUrl = is_array($destination) && ($destination['disabled'] ?? false) === false
? ($destination['url'] ?? null)
: ($metric['destination_url'] ?? null);
if (is_string($destinationUrl) && $destinationUrl !== '') {
$stat->url($destinationUrl);
} }
return $stat; return $stat;

3
app/Support/OperationRunLinks.php
View File

@ -79,11 +79,14 @@ public static function index(
?Tenant $tenant = null, ?Tenant $tenant = null,
?CanonicalNavigationContext $context = null, ?CanonicalNavigationContext $context = null,
?string $activeTab = null, ?string $activeTab = null,
bool $allTenants = false,
): string { ): string {
$parameters = $context?->toQuery() ?? []; $parameters = $context?->toQuery() ?? [];
if ($tenant instanceof Tenant) { if ($tenant instanceof Tenant) {
$parameters['tenant_id'] = (int) $tenant->getKey(); $parameters['tenant_id'] = (int) $tenant->getKey();
} elseif ($allTenants) {
$parameters['tenant_scope'] = 'all';
} }
if (is_string($activeTab) && $activeTab !== '') { if (is_string($activeTab) && $activeTab !== '') {

1097
app/Support/Workspaces/WorkspaceOverviewBuilder.php
View File

File diff suppressed because it is too large Load Diff

14
resources/views/filament/pages/workspace-overview.blade.php
View File

@ -26,7 +26,7 @@
</h1> </h1>
<p class="max-w-2xl text-sm leading-6 text-gray-600 dark:text-gray-300"> <p class="max-w-2xl text-sm leading-6 text-gray-600 dark:text-gray-300">
This home stays workspace-scoped even when you were previously working in a tenant. Tenant drill-down remains explicit so the overview never silently narrows itself. This home stays workspace-scoped even when you were previously working in a tenant. Governance risk is ranked ahead of execution noise, and calm wording only appears when the checked workspace domains are genuinely quiet.
</p> </p>
</div> </div>
</x-filament::section> </x-filament::section>
@ -82,6 +82,18 @@ class="rounded-xl border border-gray-200 bg-white px-4 py-3 text-left transition
@endif @endif
<div class="space-y-6"> <div class="space-y-6">
<div class="flex flex-wrap gap-2 text-xs text-gray-600 dark:text-gray-300">
<span class="inline-flex items-center rounded-full border border-danger-200 bg-danger-50 px-3 py-1 font-medium text-danger-700 dark:border-danger-700/50 dark:bg-danger-950/30 dark:text-danger-200">
Governance risk counts affected tenants
</span>
<span class="inline-flex items-center rounded-full border border-warning-200 bg-warning-50 px-3 py-1 font-medium text-warning-700 dark:border-warning-700/50 dark:bg-warning-950/30 dark:text-warning-200">
Activity counts execution load only
</span>
<span class="inline-flex items-center rounded-full border border-gray-200 bg-white px-3 py-1 font-medium text-gray-600 dark:border-white/10 dark:bg-white/5 dark:text-gray-300">
Recent operations stay diagnostic
</span>
</div>
@livewire(\App\Filament\Widgets\Workspace\WorkspaceSummaryStats::class, [ @livewire(\App\Filament\Widgets\Workspace\WorkspaceSummaryStats::class, [
'metrics' => $overview['summary_metrics'] ?? [], 'metrics' => $overview['summary_metrics'] ?? [],
], key('workspace-overview-summary-' . ($workspace['id'] ?? 'none'))) ], key('workspace-overview-summary-' . ($workspace['id'] ?? 'none')))

69
resources/views/filament/widgets/workspace/workspace-needs-attention.blade.php
View File

@ -22,25 +22,66 @@
@else @else
<div class="space-y-3"> <div class="space-y-3">
@foreach ($items as $item) @foreach ($items as $item)
<a @php
href="{{ $item['url'] }}" $destination = $item['destination'] ?? null;
class="block rounded-xl border border-gray-200 bg-gray-50 p-4 transition hover:border-gray-300 hover:bg-white dark:border-white/10 dark:bg-white/5 dark:hover:border-white/20 dark:hover:bg-white/10" $actionUrl = is_array($destination) && ($destination['disabled'] ?? false) === false
> ? ($destination['url'] ?? null)
<div class="flex items-start justify-between gap-3"> : null;
<div class="space-y-1"> @endphp
<div class="text-sm font-semibold text-gray-950 dark:text-white">
{{ $item['title'] }} <div class="rounded-xl border border-gray-200 bg-gray-50 p-4 dark:border-white/10 dark:bg-white/5">
</div> <div class="space-y-3">
<div class="text-sm leading-6 text-gray-600 dark:text-gray-300"> <div class="flex flex-wrap items-start justify-between gap-3">
{{ $item['body'] }} <div class="space-y-2">
</div> <div class="flex flex-wrap items-center gap-2">
</div> <span class="inline-flex items-center rounded-full border border-gray-200 bg-white px-2.5 py-0.5 text-xs font-medium text-gray-700 dark:border-white/10 dark:bg-white/10 dark:text-gray-200">
{{ $item['tenant_label'] }}
</span>
<span class="inline-flex items-center rounded-full border border-gray-200 bg-white px-2.5 py-0.5 text-xs font-medium uppercase tracking-wide text-gray-500 dark:border-white/10 dark:bg-white/10 dark:text-gray-300">
{{ str_replace('_', ' ', $item['urgency']) }}
</span>
<x-filament::badge :color="$item['badge_color']" size="sm"> <x-filament::badge :color="$item['badge_color']" size="sm">
{{ $item['badge'] }} {{ $item['badge'] }}
</x-filament::badge> </x-filament::badge>
</div> </div>
</a>
<div class="text-sm font-semibold text-gray-950 dark:text-white">
{{ $item['title'] }}
</div>
<div class="text-sm leading-6 text-gray-600 dark:text-gray-300">
{{ $item['body'] }}
</div>
@if (filled($item['supporting_message'] ?? null))
<p class="text-xs leading-5 text-gray-500 dark:text-gray-400">
{{ $item['supporting_message'] }}
</p>
@endif
</div>
</div>
<div class="flex flex-wrap items-center gap-3 text-sm">
@if (is_string($actionUrl) && $actionUrl !== '')
<x-filament::link :href="$actionUrl" size="sm">
{{ $destination['label'] ?? 'Open' }}
</x-filament::link>
@else
<span class="text-gray-500 dark:text-gray-400">
{{ $destination['label'] ?? 'Unavailable' }}
</span>
@endif
@if (filled($item['helper_text'] ?? null))
<span class="text-xs text-gray-500 dark:text-gray-400">
{{ $item['helper_text'] }}
</span>
@endif
</div>
</div>
</div>
@endforeach @endforeach
</div> </div>
@endif @endif

26
resources/views/filament/widgets/workspace/workspace-recent-operations.blade.php
View File

@ -1,4 +1,8 @@
<x-filament::section heading="Recent operations"> <x-filament::section heading="Recent operations">
<p class="mb-4 text-xs leading-5 text-gray-500 dark:text-gray-400">
Diagnostic recency across your visible workspace slice. This does not define governance health on its own.
</p>
@if ($operations === []) @if ($operations === [])
<div class="flex h-full flex-col justify-between gap-4"> <div class="flex h-full flex-col justify-between gap-4">
<div class="space-y-2"> <div class="space-y-2">
@ -22,10 +26,13 @@
@else @else
<div class="space-y-3"> <div class="space-y-3">
@foreach ($operations as $operation) @foreach ($operations as $operation)
<a @php
href="{{ $operation['url'] }}" $destination = $operation['destination'] ?? null;
class="block rounded-xl border border-gray-200 bg-gray-50 p-4 transition hover:border-gray-300 hover:bg-white dark:border-white/10 dark:bg-white/5 dark:hover:border-white/20 dark:hover:bg-white/10" $actionUrl = is_array($destination) ? ($destination['url'] ?? null) : ($operation['url'] ?? null);
> @endphp
<div class="rounded-xl border border-gray-200 bg-gray-50 p-4 dark:border-white/10 dark:bg-white/5">
<div class="space-y-3">
<div class="flex items-start justify-between gap-3"> <div class="flex items-start justify-between gap-3">
<div class="min-w-0 space-y-2"> <div class="min-w-0 space-y-2">
<div class="flex flex-wrap items-center gap-2"> <div class="flex flex-wrap items-center gap-2">
@ -60,7 +67,16 @@ class="block rounded-xl border border-gray-200 bg-gray-50 p-4 transition hover:b
{{ $operation['started_at'] }} {{ $operation['started_at'] }}
</div> </div>
</div> </div>
</a>
@if (is_string($actionUrl) && $actionUrl !== '')
<div>
<x-filament::link :href="$actionUrl" size="sm">
{{ $destination['label'] ?? 'Open operation' }}
</x-filament::link>
</div>
@endif
</div>
</div>
@endforeach @endforeach
</div> </div>
@endif @endif

36
specs/175-workspace-governance-attention/checklists/requirements.md Normal file
View File

@ -0,0 +1,36 @@
# Specification Quality Checklist: Spec 175 - Workspace Governance Attention Foundation
**Purpose**: Validate specification completeness and quality before proceeding to planning
**Created**: 2026-04-04
**Feature**: [spec.md](../spec.md)
## Content Quality
- [x] No implementation details (languages, frameworks, APIs)
- [x] Focused on user value and business needs
- [x] Written for non-technical stakeholders
- [x] All mandatory sections completed
## Requirement Completeness
- [x] No [NEEDS CLARIFICATION] markers remain
- [x] Requirements are testable and unambiguous
- [x] Success criteria are measurable
- [x] Success criteria are technology-agnostic (no implementation details)
- [x] All acceptance scenarios are defined
- [x] Edge cases are identified
- [x] Scope is clearly bounded
- [x] Dependencies and assumptions identified
## Feature Readiness
- [x] All functional requirements have clear acceptance criteria
- [x] User scenarios cover primary flows
- [x] Feature meets measurable outcomes defined in Success Criteria
- [x] No implementation details leak into specification
## Notes
- Validation pass completed against the written spec on 2026-04-04.
- No clarification markers were needed because the supplied feature description already defined scope, priorities, constraints, and desired outcomes precisely.
- The spec stays intentionally narrow: it hardens existing workspace surfaces using already-available tenant truth and explicitly rejects new persistence, scores, or matrix-style redesign in this slice.

541
specs/175-workspace-governance-attention/contracts/workspace-governance-attention.openapi.yaml Normal file
View File

@ -0,0 +1,541 @@
openapi: 3.1.0
info:
title: Workspace Governance Attention Internal Surface Contract
version: 0.1.0
summary: Internal logical contract for governance-aware workspace overview semantics
description: |
This contract is an internal planning artifact for Spec 175. It documents how
the existing workspace overview must derive governance-aware summary metrics,
attention items, calmness claims, and drill-through destinations from visible
tenant truth. The rendered routes still return HTML. The structured schemas
below describe the internal page and widget models that must be derivable
before rendering. This does not add a public HTTP API.
servers:
- url: /internal
x-overview-consumers:
- surface: workspace.overview.summary_stats
summarySource:
- workspace_overview_builder
- tenant_governance_aggregate
- operation_run_activity
- alert_delivery_activity
guardScope:
- app/Support/Workspaces/WorkspaceOverviewBuilder.php
- app/Filament/Widgets/Workspace/WorkspaceSummaryStats.php
expectedContract:
- governance_metrics_count_visible_tenants_not_raw_issue_totals
- governance_metrics_are_distinct_from_activity_metrics
- surface: workspace.overview.needs_attention
summarySource:
- workspace_overview_builder
- tenant_governance_aggregate
- existing_evidence_review_truth
- operation_run_activity
- alert_delivery_activity
guardScope:
- app/Support/Workspaces/WorkspaceOverviewBuilder.php
- app/Filament/Widgets/Workspace/WorkspaceNeedsAttention.php
- resources/views/filament/widgets/workspace/workspace-needs-attention.blade.php
expectedContract:
- each_item_identifies_the_visible_tenant_when_tenant_bound
- all_attention_items_are_tenant_bound
- governance_issues_rank_above_activity_only_items
- compare_attention_only_uses_stale_or_compare_specific_action_required_signals
- each_item_has_one_matching_destination_or_a_safe_disabled_state
- surface: workspace.overview.calmness
summarySource:
- workspace_overview_builder
- tenant_governance_aggregate
- operation_run_activity
- alert_delivery_activity
guardScope:
- app/Support/Workspaces/WorkspaceOverviewBuilder.php
- resources/views/filament/pages/workspace-overview.blade.php
expectedContract:
- operations_quiet_alone_is_not_enough_for_calmness
- zero_tenant_and_low_permission_states_do_not_masquerade_as_healthy_calm
- zero_tenant_recovery_uses_switch_workspace_and_low_permission_recovery_uses_operations_index
- surface: workspace.overview.recent_operations
summarySource:
- workspace_overview_builder
- operation_run_recency_query
guardScope:
- app/Filament/Widgets/Workspace/WorkspaceRecentOperations.php
- resources/views/filament/widgets/workspace/workspace-recent-operations.blade.php
expectedContract:
- surface_role_is_diagnostic_recency_not_primary_governance_summary
- recent_operations_remain_filtered_to_visible_tenant_scope
- recent_operations_are_bounded_to_five
paths:
/admin:
get:
summary: Render the governance-aware workspace overview bundle
operationId: viewWorkspaceGovernanceAttentionOverview
responses:
'200':
description: Workspace overview rendered with governance-aware summary, attention, calmness, and recency semantics
content:
text/html:
schema:
type: string
application/vnd.tenantpilot.workspace-governance-attention+json:
schema:
$ref: '#/components/schemas/WorkspaceGovernanceOverviewBundle'
'302':
description: No workspace context is active yet, so the request is redirected to `/admin/choose-workspace`
'404':
description: Workspace is outside entitlement scope
/admin/choose-tenant:
get:
summary: Explicit tenant-entry destination used by workspace drill-down when the operator wants to pick a tenant deliberately
operationId: openChooseTenantFromWorkspaceOverview
responses:
'200':
description: Choose-tenant page opened inside the authenticated admin panel and may bootstrap workspace context from the selected tenant if no workspace is currently active
/admin/choose-workspace:
get:
summary: Default workspace-switch recovery destination for zero-tenant or wrong-workspace states
operationId: openChooseWorkspaceFromWorkspaceOverview
responses:
'200':
description: Choose-workspace page opened so the operator can recover to another entitled workspace context even when no workspace is currently active
/admin/t/{tenant}:
get:
summary: Tenant dashboard fallback or broad tenant drill-through from workspace attention
operationId: openTenantDashboardFromWorkspaceAttention
parameters:
- name: tenant
in: path
required: true
schema:
type: string
responses:
'200':
description: Tenant dashboard opened for the visible tenant named by the workspace item when the dashboard is the allowed fallback or primary tenant landing
'404':
description: Tenant is outside entitlement scope
/admin/t/{tenant}/findings:
get:
summary: Tenant findings destination used by workspace governance and findings attention
operationId: openTenantFindingsFromWorkspaceAttention
parameters:
- name: tenant
in: path
required: true
schema:
type: string
- name: tab
in: query
required: false
schema:
$ref: '#/components/schemas/FindingsTab'
- name: high_severity
in: query
required: false
schema:
type: boolean
- name: governance_validity
in: query
required: false
schema:
$ref: '#/components/schemas/GovernanceValidityFilter'
description: Reproduces directly filterable governance-validity subsets such as `missing_support` or `expiring`; aggregate lapsed-governance attention falls back to the tenant dashboard when the full invalid-governance family cannot be reproduced without narrowing.
responses:
'200':
description: Tenant findings list opened with a subset matching the originating workspace attention item
'403':
description: Actor is in scope but lacks findings inspection capability
'404':
description: Tenant is outside entitlement scope
/admin/t/{tenant}/baseline-compare-landing:
get:
summary: Tenant baseline compare landing used by workspace compare attention
operationId: openTenantBaselineCompareFromWorkspaceAttention
parameters:
- name: tenant
in: path
required: true
schema:
type: string
responses:
'200':
description: Tenant baseline compare landing opened with the same compare posture family summarized by the workspace item
'403':
description: Actor is in scope but lacks the current tenant-view capability required by the compare landing
'404':
description: Tenant is outside entitlement scope
/admin/t/{tenant}/evidence:
get:
summary: Tenant evidence destination used only when existing evidence truth is the most precise workspace next jump
operationId: openTenantEvidenceFromWorkspaceAttention
parameters:
- name: tenant
in: path
required: true
schema:
type: string
responses:
'200':
description: Tenant evidence surface opened for the visible tenant named by the workspace item
'403':
description: Actor is in scope but lacks evidence inspection capability
'404':
description: Tenant is outside entitlement scope
/admin/t/{tenant}/reviews:
get:
summary: Tenant reviews destination used only when existing review truth is the most precise workspace next jump
operationId: openTenantReviewsFromWorkspaceAttention
parameters:
- name: tenant
in: path
required: true
schema:
type: string
responses:
'200':
description: Tenant reviews surface opened for the visible tenant named by the workspace item
'403':
description: Actor is in scope but lacks review inspection capability
'404':
description: Tenant is outside entitlement scope
/admin/operations:
get:
summary: Canonical operations index used by workspace activity and operations-follow-up signals
operationId: openOperationsFromWorkspaceOverview
parameters:
- name: tenant_id
in: query
required: false
schema:
type:
- integer
- string
description: Optional tenant filter when the workspace item points to one tenant's operations follow-up.
- name: activeTab
in: query
required: false
schema:
$ref: '#/components/schemas/OperationsTab'
responses:
'200':
description: Canonical operations index opened with any tenant and tab continuity required by the workspace signal; this remains the workspace-member-safe fallback for low-permission workspace states
'404':
description: Requested tenant context is outside entitlement scope
/admin/operations/{run}:
get:
summary: Canonical operation detail opened from workspace recent operations or operations attention
operationId: openOperationDetailFromWorkspaceOverview
parameters:
- name: run
in: path
required: true
schema:
type:
- integer
- string
responses:
'200':
description: Canonical operation detail opened for the visible run
'403':
description: Actor is in scope but lacks operation detail capability
'404':
description: Operation run is outside entitlement scope
/admin/alerts:
get:
summary: Canonical alerts overview used for alert-only follow-up from the workspace home
operationId: openAlertsOverviewFromWorkspaceOverview
responses:
'200':
description: Alerts overview opened for the current workspace, including delivery follow-up and alert-health context
'403':
description: Actor is in scope but lacks alerts inspection capability
'404':
description: Workspace is outside entitlement scope
components:
schemas:
MetricCategory:
type: string
enum:
- scope
- governance_risk
- activity
- alerts
AttentionFamily:
type: string
enum:
- governance
- findings
- compare
- evidence
- review
- operations
- alerts
AttentionUrgency:
type: string
enum:
- critical
- high
- medium
- supporting
DestinationKind:
type: string
enum:
- choose_tenant
- tenant_dashboard
- tenant_findings
- baseline_compare_landing
- tenant_evidence
- tenant_reviews
- operations_index
- operation_detail
- alerts_overview
- switch_workspace
- none
CheckedDomain:
type: string
enum:
- governance
- findings
- compare
- evidence
- review
- operations
- alerts
- tenant_access
FindingsTab:
type: string
enum:
- all
- needs_action
- overdue
- risk_accepted
- resolved
GovernanceValidityFilter:
type: string
enum:
- missing_support
- expiring
- valid
OperationsTab:
type: string
enum:
- all
- active
- blocked
- failed
- partial
- succeeded
DrillthroughTarget:
type: object
additionalProperties: false
required:
- kind
- disabled
properties:
kind:
$ref: '#/components/schemas/DestinationKind'
url:
type:
- string
- 'null'
tenantRouteKey:
type:
- string
- 'null'
label:
type:
- string
- 'null'
disabled:
type: boolean
helperText:
type:
- string
- 'null'
filters:
type:
- object
- 'null'
additionalProperties: true
WorkspaceSummaryMetric:
type: object
additionalProperties: false
required:
- key
- label
- value
- category
- description
- color
properties:
key:
type: string
label:
type: string
value:
type: integer
minimum: 0
category:
$ref: '#/components/schemas/MetricCategory'
description:
type: string
color:
type: string
destination:
oneOf:
- $ref: '#/components/schemas/DrillthroughTarget'
- type: 'null'
WorkspaceAttentionItem:
type: object
additionalProperties: false
required:
- key
- tenantId
- tenantLabel
- family
- urgency
- title
- body
- badge
- badgeColor
anyOf:
- required:
- destination
properties:
destination:
$ref: '#/components/schemas/DrillthroughTarget'
- required:
- actionDisabled
- helperText
properties:
actionDisabled:
const: true
helperText:
type: string
properties:
key:
type: string
tenantId:
type: integer
tenantLabel:
type: string
family:
$ref: '#/components/schemas/AttentionFamily'
urgency:
$ref: '#/components/schemas/AttentionUrgency'
title:
type: string
body:
type: string
supportingMessage:
type:
- string
- 'null'
badge:
type: string
badgeColor:
type: string
destination:
oneOf:
- $ref: '#/components/schemas/DrillthroughTarget'
- type: 'null'
actionDisabled:
type:
- boolean
- 'null'
helperText:
type:
- string
- 'null'
WorkspaceRecentOperation:
type: object
additionalProperties: false
required:
- id
- title
- statusLabel
- statusColor
- outcomeLabel
- outcomeColor
- startedAt
- destination
properties:
id:
type: integer
title:
type: string
tenantLabel:
type:
- string
- 'null'
statusLabel:
type: string
statusColor:
type: string
outcomeLabel:
type: string
outcomeColor:
type: string
guidance:
type:
- string
- 'null'
startedAt:
type: string
destination:
$ref: '#/components/schemas/DrillthroughTarget'
WorkspaceCalmnessState:
type: object
additionalProperties: false
required:
- isCalm
- checkedDomains
- title
- body
- nextAction
properties:
isCalm:
type: boolean
checkedDomains:
type: array
items:
$ref: '#/components/schemas/CheckedDomain'
title:
type: string
body:
type: string
nextAction:
description: Defaults to `switch_workspace` for zero-tenant recovery and `operations_index` for low-permission workspace-state recovery unless a more specific allowed action exists.
$ref: '#/components/schemas/DrillthroughTarget'
WorkspaceGovernanceOverviewBundle:
type: object
additionalProperties: false
required:
- workspaceId
- workspaceName
- summaryMetrics
- attentionItems
- recentOperations
- calmness
properties:
workspaceId:
type: integer
workspaceName:
type: string
summaryMetrics:
type: array
maxItems: 8
items:
$ref: '#/components/schemas/WorkspaceSummaryMetric'
attentionItems:
type: array
maxItems: 5
items:
$ref: '#/components/schemas/WorkspaceAttentionItem'
recentOperations:
type: array
maxItems: 5
items:
$ref: '#/components/schemas/WorkspaceRecentOperation'
calmness:
$ref: '#/components/schemas/WorkspaceCalmnessState'

313
specs/175-workspace-governance-attention/data-model.md Normal file
View File

@ -0,0 +1,313 @@
# Phase 1 Data Model: Workspace Governance Attention Foundation
## Overview
This feature does not add a table, persisted workspace summary, or new cross-domain runtime subsystem. It aligns the existing workspace overview surface with already-available tenant truth so the workspace home can answer which visible tenants need governance attention, why they need it, and where the operator should jump next.
## Persistent Source Truths
### Workspace
**Purpose**: Scope boundary for the workspace home and all workspace-safe aggregates.
**Key fields**:
- `id`
- `name`
- `slug`
**Validation rules**:
- Workspace overview aggregation must always resolve for one explicit workspace.
- Non-members must receive deny-as-not-found behavior before any workspace truth is rendered.
### Tenant
**Purpose**: Scope boundary and identity anchor for every governance-aware workspace attention item.
**Key fields**:
- `id`
- `workspace_id`
- `external_id`
- `name`
- `status`
**Validation rules**:
- Only active tenants inside the current workspace and inside the current user's entitled tenant slice may contribute to workspace attention or governance-risk metrics.
- Every workspace attention item must identify one visible tenant explicitly.
### Finding
**Purpose**: Source of overdue findings, high-severity active findings, and other governance workflow pressure promoted into workspace attention.
**Key fields**:
- `tenant_id`
- `workspace_id`
- `finding_type`
- `status`
- `severity`
- `due_at`
- `scope_key`
**Validation rules**:
- Canonical open and active semantics remain sourced from existing finding query helpers.
- Workspace promotion must not invent a second finding status universe.
### FindingException / Governance Validity
**Purpose**: Source of lapsed governance and expiring governance truth for risk-accepted findings.
**Key fields**:
- `tenant_id`
- `workspace_id`
- `finding_id`
- `status`
- `current_validity_state`
- `review_due_at`
- `expires_at`
**Validation rules**:
- Lapsed and expiring governance remain derived from existing validity-state rules.
- Workspace promotion must not replace existing governance-validity semantics with a new workspace-specific status family.
### OperationRun
**Purpose**: Source of workspace activity, operation failures, and canonical operation drill-through.
**Key fields**:
- `id`
- `workspace_id`
- `tenant_id`
- `type`
- `status`
- `outcome`
- `created_at`
- `completed_at`
**Validation rules**:
- Active operations and failed or warning operations remain activity truths, not governance truths.
- Workspace attention may still include operations follow-up, but those items must remain semantically distinct from governance items.
### AlertDelivery
**Purpose**: Source of workspace alert-delivery failures that remain supporting attention but no longer define workspace calmness by themselves.
**Key fields**:
- `workspace_id`
- `tenant_id`
- `status`
- `created_at`
**Validation rules**:
- Alert-delivery failures remain lower-priority supporting signals once governance-critical tenant states exist.
### EvidenceSnapshot and TenantReview
**Purpose**: Existing tenant-level evidence and review truth that may serve as a precise workspace drill-through target when already-available truth makes them the best next jump.
**Key fields**:
- `tenant_id`
- `workspace_id`
- `status` or completeness fields on the owning model
- associated detail identifiers needed by tenant evidence or review resources
**Validation rules**:
- This slice does not add a new workspace evidence or review aggregate.
- Evidence or review destinations may only be used when existing tenant truth already makes them the most precise action target.
## Existing Runtime Source Objects
### TenantGovernanceAggregate
**Purpose**: Existing derived tenant summary that already combines compare posture with overdue, expiring, lapsed, and high-severity counts.
**Key consumed fields**:
- `tenantId`
- `workspaceId`
- `compareState`
- `stateFamily`
- `tone`
- `headline`
- `supportingMessage`
- `overdueOpenFindingsCount`
- `expiringGovernanceCount`
- `lapsedGovernanceCount`
- `highSeverityActiveFindingsCount`
- `nextActionLabel`
- `nextActionTarget`
- `positiveClaimAllowed`
- `summaryAssessment`
**Validation rules**:
- Workspace promotion should consume this existing summary contract before considering lower-level recomputation.
- Any workspace calmness or ranking rule based on compare or governance must remain consistent with this aggregate.
### BaselineCompareStats
**Purpose**: Existing compare-backed statistics object underlying the tenant governance aggregate.
**Key consumed fields**:
- `overdueOpenFindingsCount`
- `expiringGovernanceCount`
- `lapsedGovernanceCount`
- `highSeverityActiveFindingsCount`
- compare posture state and evidence-gap fields needed by `summaryAssessment`
**Validation rules**:
- Workspace code should not fork a second compare-summary model while this object already provides the necessary facts.
### BaselineCompareSummaryAssessment
**Purpose**: Existing compare posture contract that maps compare stats into a state family, tone, headline, and next-action intent.
**Key consumed fields**:
- `stateFamily`
- `tone`
- `headline`
- `supportingMessage`
- `reasonCode`
- `nextActionTarget()` semantics as reflected into the aggregate
**Validation rules**:
- Workspace compare attention and calmness suppression should reuse this assessment path rather than inventing a workspace-only tone system.
### WorkspaceOverviewBuilder Payload
**Purpose**: Existing page-level payload that already carries summary metrics, attention items, recent operations, quick actions, and empty states for `/admin`.
**Validation rules**:
- Governance hardening extends this payload shape rather than replacing the page with a new surface framework.
- Existing visible-tenant filtering remains the workspace aggregation guardrail.
## Derived Workspace View Contracts
### Workspace Summary Metric
**Purpose**: Compact workspace stat that answers one scope, governance-risk, or activity question and optionally opens one matching destination.
#### Fields
| Field | Type | Required | Description |
|------|------|----------|-------------|
| `key` | string | yes | Stable metric identity such as `accessible_tenants`, `governance_attention_tenants`, `overdue_findings_tenants`, or `active_operations` |
| `label` | string | yes | Operator-facing label that must accurately describe the counted universe |
| `value` | integer | yes | Metric value |
| `category` | enum | yes | `scope`, `governance_risk`, `activity`, or `alerts` |
| `description` | string | yes | Short explanation of what the metric means |
| `color` | string | yes | Existing tone family used by the widget |
| `destination` | object nullable | no | Shared drill-through contract when the metric is actionable |
#### Validation rules
- Governance-risk metrics count affected visible tenants, not raw issue totals.
- Activity metrics remain activity-only and must not imply governance health.
- The stat strip must make the difference between `governance_risk` and `activity` categories obvious.
### Workspace Attention Item
**Purpose**: One prioritized workspace triage item that names a visible tenant problem and one next jump.
#### Fields
| Field | Type | Required | Description |
|------|------|----------|-------------|
| `key` | string | yes | Stable attention identity such as `tenant_overdue_findings`, `tenant_lapsed_governance`, `tenant_compare_attention`, or `tenant_failed_operation` |
| `tenantId` | integer | yes | Visible tenant identifier |
| `tenantLabel` | string | yes | Tenant name shown to the operator |
| `family` | enum | yes | `governance`, `findings`, `compare`, `evidence`, `review`, `operations`, or `alerts` |
| `urgency` | enum | yes | `critical`, `high`, `medium`, or `supporting` |
| `title` | string | yes | Primary operator-facing summary |
| `body` | string | yes | Short explanation of why this needs attention |
| `badge` | string | yes | Existing family label shown in the UI |
| `badgeColor` | string | yes | Existing tone family used for the item |
| `supportingMessage` | string nullable | no | Secondary explanatory text when needed |
| `destination` | object nullable | no | Shared drill-through contract |
| `actionDisabled` | boolean nullable | no | Whether the visible next step is intentionally disabled |
| `helperText` | string nullable | no | Explanation when the visible next step is disabled |
#### Validation rules
- Every workspace attention item is tenant-bound and must include both `tenantId` and `tenantLabel`.
- Governance, findings, compare, evidence or review, and operations items must remain semantically distinct.
- Compare attention promotes `BaselineCompareSummaryAssessment::STATE_STALE` directly and only treats `BaselineCompareSummaryAssessment::STATE_ACTION_REQUIRED` as materially degraded compare posture when the aggregate's next action remains compare-specific rather than findings-driven.
- `BaselineCompareSummaryAssessment::STATE_CAUTION` stays below the workspace-attention threshold unless another governance signal independently warrants promotion.
- Workspace-wide operations or alert totals remain in summary metrics or recent operations until they can be attributed to one visible tenant.
- Each item may expose one primary destination only.
- Every item must either expose a non-null destination or set `actionDisabled=true` with explanatory `helperText`; null destination without an explicit disabled state is invalid.
- If the most precise destination is not available to the current in-scope user, the item must either use an allowed fallback or expose a disabled explanatory state instead of a clickable dead end.
### Workspace Recent Operation
**Purpose**: One bounded recent-operations entry shown on the workspace overview as diagnostic recency, not governance posture.
#### Fields
| Field | Type | Required | Description |
|------|------|----------|-------------|
| `id` | integer | yes | Operation run identifier |
| `title` | string | yes | Operator-facing operation label |
| `tenantLabel` | string nullable | no | Tenant name when the run is tenant-bound |
| `statusLabel` | string | yes | Human-readable run status |
| `statusColor` | string | yes | Existing tone family for the run status |
| `outcomeLabel` | string | yes | Human-readable run outcome |
| `outcomeColor` | string | yes | Existing tone family for the run outcome |
| `guidance` | string nullable | no | Short follow-up guidance when helpful |
| `startedAt` | string | yes | Render-ready recency label |
| `destination` | object | yes | Canonical operation-detail drill-through target |
#### Validation rules
- The recent-operations collection is bounded to the five most recent visible runs.
- Recent operations remain diagnostic context and do not define calmness on their own.
- `tenantLabel` may be null only when the run is genuinely workspace-wide rather than tenant-bound.
### Workspace Drill-Through Target
**Purpose**: Shared navigation contract used by summary metrics and attention items.
#### Fields
| Field | Type | Required | Description |
|------|------|----------|-------------|
| `kind` | enum | yes | `choose_tenant`, `tenant_dashboard`, `tenant_findings`, `baseline_compare_landing`, `tenant_evidence`, `tenant_reviews`, `operations_index`, `operation_detail`, `alerts_overview`, `switch_workspace`, or `none` |
| `url` | string nullable | no | Destination URL when the target is actionable |
| `tenantRouteKey` | string nullable | no | Tenant route scope when the destination is tenant-bound |
| `filters` | object nullable | no | Query or state needed to reproduce the same subset on the destination |
| `label` | string nullable | no | Primary action label |
| `disabled` | boolean | yes | Whether the target is intentionally non-clickable |
| `helperText` | string nullable | no | Explanation shown when the target is disabled |
#### Validation rules
- `kind=none` may only be used for intentionally passive reassurance states.
- `tenant_findings` must carry the filter state needed to reproduce overdue, high-severity, expiring-governance, or other directly filterable findings subsets when applicable.
- Aggregate lapsed-governance attention uses `tenant_dashboard` when the current tenant findings filters would otherwise narrow the full invalid-governance family to a smaller subset such as `missing_support`.
- `operations_index` may carry tenant and tab filters but must remain the canonical admin operations route and the workspace-member-safe fallback for low-permission workspace states.
- `alerts_overview` targets the existing alerts overview at `/admin/alerts`, which remains the canonical alert-delivery follow-up surface for this slice.
- `switch_workspace` targets `/admin/choose-workspace` and is the default zero-tenant recovery action.
### Workspace Calmness State
**Purpose**: The derived claim that the workspace is currently calm enough for an empty or reassurance state.
#### Fields
| Field | Type | Required | Description |
|------|------|----------|-------------|
| `isCalm` | boolean | yes | Whether the workspace may currently make a calmness claim |
| `checkedDomains` | array<enum> | yes | Domains actually checked before the claim was made: `governance`, `findings`, `compare`, `evidence`, `review`, `operations`, `alerts`, `tenant_access` |
| `title` | string | yes | Empty-state or reassurance title |
| `body` | string | yes | Supporting explanation constrained to the checked domains |
| `nextAction` | object | yes | One bounded next action |
#### Validation rules
- `isCalm=true` is invalid whenever any visible tenant has governance-critical conditions inside the checked domains.
- Zero-tenant states and low-permission states must not masquerade as healthy calmness states.
- Zero-tenant states default `nextAction.kind` to `switch_workspace`, while low-permission states default `nextAction.kind` to `operations_index` unless a more specific allowed in-scope recovery action exists.
- Calm wording must not imply portfolio health beyond the `checkedDomains` list.
## Ranking Rules
1. Governance-critical tenant conditions outrank activity-only and alert-only items.
2. A single tenant may contribute multiple raw issues, but workspace attention should surface a bounded prioritized subset.
3. The stat strip answers portfolio counts by tenant, while the attention list answers which tenant to open next.
4. Recent operations remain supporting recency context and do not participate in calmness unless explicitly modeled as an operations-follow-up issue.

332
specs/175-workspace-governance-attention/plan.md Normal file
View File

@ -0,0 +1,332 @@
# Implementation Plan: Workspace Governance Attention Foundation
**Branch**: `175-workspace-governance-attention` | **Date**: 2026-04-04 | **Spec**: `/Users/ahmeddarrazi/Documents/projects/TenantAtlas/specs/175-workspace-governance-attention/spec.md`
**Input**: Feature specification from `/Users/ahmeddarrazi/Documents/projects/TenantAtlas/specs/175-workspace-governance-attention/spec.md`
**Note**: This plan follows the existing TenantPilot workspace and tenant-truth architecture. It hardens the current workspace overview instead of introducing a new workspace posture subsystem.
## Summary
Promote existing tenant governance truth into the existing workspace overview so `/admin` becomes a trustworthy multi-tenant governance attention surface instead of an operations-first calm surface. The implementation will keep `WorkspaceOverviewBuilder` as the orchestration point, reuse `TenantGovernanceAggregateResolver`, `BaselineCompareStats`, existing findings and compare destinations, and optionally already-available evidence or review surfaces where they provide a more precise next jump. The first slice will harden summary metrics, attention ranking, tenant identification, compare breadth across stale, failed, and degraded states, and calmness semantics; the second slice will preserve activity versus governance separation and protect the new contract with focused workspace overview regression tests.
## Technical Context
**Language/Version**: PHP 8.4.15
**Primary Dependencies**: Laravel 12, Filament v5, Livewire v4, Pest v4, existing `WorkspaceOverviewBuilder`, `TenantGovernanceAggregateResolver`, `BaselineCompareStats`, `BaselineCompareSummaryAssessor`, `WorkspaceSummaryStats`, `WorkspaceNeedsAttention`, `WorkspaceRecentOperations`, `WorkspaceCapabilityResolver`, `CapabilityResolver`, `FindingResource`, `BaselineCompareLanding`, `EvidenceSnapshotResource`, `TenantReviewResource`, and canonical admin Operations routes
**Storage**: PostgreSQL unchanged; no new persistence, cache table, or materialized aggregate is introduced
**Testing**: Pest 4 feature and Livewire-style widget tests through Laravel Sail using existing workspace overview tests plus new governance attention and drill-through coverage
**Target Platform**: Laravel monolith web application in Sail locally and containerized Linux deployment in staging and production
**Project Type**: web application
**Performance Goals**: Keep `/admin` DB-only at render time, keep workspace attention bounded, reuse request-scoped derived-state caching for tenant governance aggregates, and avoid uncontrolled polling or unbounded cross-tenant queries
**Constraints**: No new table, no new workspace posture score, no full portfolio matrix, no new panel/provider, no cross-tenant leakage, no dead-end drill-throughs for visible states, no ad-hoc status taxonomy, and no broad workspace IA redesign
**Scale/Scope**: One workspace landing page, three existing workspace widgets, one builder, one accessible-tenant slice per workspace, six central governance signal families, and focused regression coverage for workspace calmness, ranking, drill-through continuity, and RBAC-safe omission or fallback behavior
## Constitution Check
*GATE: Passed before Phase 0 research. Re-check after Phase 1 design.*
| Principle | Pre-Research | Post-Design | Notes |
|-----------|--------------|-------------|-------|
| Inventory-first / snapshots-second | PASS | PASS | The feature adds no new inventory or snapshot truth. It only changes read-time workspace aggregation over existing records. |
| Read/write separation | PASS | PASS | The slice is read-only workspace overview hardening. No new write path, preview flow, or destructive action is introduced. |
| Graph contract path | N/A | N/A | No Graph call or `config/graph_contracts.php` change is required. |
| Deterministic capabilities | PASS | PASS | Existing workspace membership and tenant capability checks remain authoritative for aggregation and drill-through behavior. |
| RBAC-UX authorization semantics | PASS | PASS | `/admin` remains workspace-scoped, tenant destinations remain tenant-scoped, non-members stay `404`, and members missing downstream capability must not receive dead-end links. |
| Workspace and tenant isolation | PASS | PASS | Aggregation stays limited to visible tenants in the active workspace and uses existing `scopeToAuthorizedTenants()` style filtering. |
| Run observability / Ops-UX | PASS | PASS | No new `OperationRun` type, feedback surface, or lifecycle change is added. Existing operations destinations remain canonical. |
| Data minimization | PASS | PASS | The plan adds no new persistence and no broader route exposure. Only already-visible tenant truth is promoted into the workspace home. |
| Proportionality / no premature abstraction | PASS | PASS | The plan reuses `WorkspaceOverviewBuilder` and `TenantGovernanceAggregateResolver` instead of adding a new workspace posture framework or aggregate layer. |
| Persisted truth / behavioral state | PASS | PASS | No new table, enum, status family, or persisted summary artifact is planned. |
| UI semantics / few layers | PASS | PASS | The feature aligns existing widget semantics rather than introducing a new presenter or badge taxonomy. |
| Badge semantics (BADGE-001) | PASS | PASS | Existing badge and tone domains remain the source for operations and compare posture meaning. New workspace items reuse those semantics rather than inventing new colors or labels. |
| Filament-native UI / Action Surface Contract | PASS | PASS | `WorkspaceOverview` and its widgets remain navigation and inspection surfaces only. No destructive or redundant action model is added. |
| Filament UX-001 | PASS | PASS | No create or edit page is touched. The design keeps governance attention above recent operations and uses bounded empty-state wording. |
| Filament v5 / Livewire v4 compliance | PASS | PASS | The design stays within the current Filament v5 + Livewire v4 stack. |
| Provider registration location | PASS | PASS | No panel/provider registration change is required. Laravel 11+ provider registration remains in `bootstrap/providers.php`. |
| Global search hard rule | PASS | PASS | No global-searchable resource behavior is changed in this slice. |
| Destructive action safety | PASS | PASS | The feature introduces no destructive action. |
| Asset strategy | PASS | PASS | No new assets or `filament:assets` deployment change is required. |
| Testing truth (TEST-TRUTH-001) | PASS | PASS | The plan adds tests around business consequences: false calmness, tenant identification, ordering, continuity, and RBAC-safe navigation behavior. |
## Phase 0 Research
Research outcomes are captured in `/Users/ahmeddarrazi/Documents/projects/TenantAtlas/specs/175-workspace-governance-attention/research.md`.
Key decisions:
- Reuse `WorkspaceOverviewBuilder` as the single orchestration point instead of creating a new workspace posture service.
- Reuse `TenantGovernanceAggregateResolver` and `BaselineCompareStats` per visible tenant as the primary source for lapsed governance, overdue findings, expiring governance, high-severity active findings, and stale, failed, or materially degraded compare posture.
- Count governance risk at the tenant level for workspace summary metrics so the workspace answer is “how many tenants need attention,” not “how many raw issues exist.”
- Rank governance-critical tenant states above activity-only or alert-delivery-only items, while keeping operations and alerts available as lower-priority supporting attention.
- Make every workspace attention item tenant-identifiable and map it to exactly one matching destination, with an RBAC-safe fallback or disabled/non-clickable explanatory state when the exact destination is not allowed.
- Default zero-tenant recovery to the existing choose-workspace route and keep alert-only follow-up on the existing alerts overview route.
- Keep `WorkspaceRecentOperations` as a diagnostic activity surface, not a governance surface.
- Promote evidence or review truth only when an existing tenant-level evidence or review surface already carries a clearer next jump than the tenant dashboard fallback.
- Lean on request-scoped derived-state caching to keep per-tenant aggregate resolution viable for normal workspace sizes without new persistence.
## Phase 1 Design
Design artifacts are created under `/Users/ahmeddarrazi/Documents/projects/TenantAtlas/specs/175-workspace-governance-attention/`:
- `data-model.md`: persistent source truths and derived workspace attention contracts for this slice
- `contracts/workspace-governance-attention.openapi.yaml`: internal surface contract for workspace governance-aware overview semantics and drill-through continuity
- `quickstart.md`: focused implementation and verification workflow
Design highlights:
- `WorkspaceOverviewBuilder` remains the builder boundary and becomes responsible for deriving governance-aware summary metrics, attention candidates, and calmness claims from visible tenants only.
- `TenantGovernanceAggregateResolver` is the primary source for governance-related tenant promotion, mirroring the mature tenant dashboard semantics rather than reinterpreting the same truth a second time.
- Workspace summary metrics are split into scope, governance-risk, and activity categories so the stat strip can no longer blur portfolio activity with portfolio risk.
- Workspace attention items become structured tenant-bound records carrying tenant label, problem family, urgency, and one primary drill-through target.
- `WorkspaceNeedsAttention` remains bounded and prioritized, favoring the highest-value tenant signal per item instead of dumping every raw issue into the workspace surface.
- Compare-driven workspace attention must preserve stale, failed, and materially degraded posture families rather than collapsing them into a single degraded-only bucket.
- Compare attention promotes `STATE_STALE` directly and only treats `STATE_ACTION_REQUIRED` as materially degraded compare posture when the aggregate's next action remains compare-specific rather than findings-driven; `STATE_CAUTION` remains below the workspace-attention threshold unless another governance signal independently warrants promotion.
- Existing evidence and review surfaces stay optional targets in this slice: they are only used when already-available truth makes them the most precise next jump.
- Zero-tenant recovery defaults to `ChooseWorkspace`, and alert-only follow-up reuses the existing alerts overview at `/admin/alerts`.
- `WorkspaceRecentOperations` remains a recency surface and is intentionally prevented from defining calmness on its own.
## Phase 1 — Agent Context Update
Run after artifact generation:
- `.specify/scripts/bash/update-agent-context.sh copilot`
## Project Structure
### Documentation (this feature)
```text
specs/175-workspace-governance-attention/
├── spec.md
├── plan.md
├── research.md
├── data-model.md
├── quickstart.md
├── contracts/
│ └── workspace-governance-attention.openapi.yaml
├── checklists/
│ └── requirements.md
└── tasks.md
```
### Source Code (repository root)
```text
app/
├── Filament/
│ ├── Pages/
│ │ ├── WorkspaceOverview.php
│ │ ├── ChooseTenant.php
│ │ ├── TenantDashboard.php
│ │ └── BaselineCompareLanding.php
│ ├── Resources/
│ │ ├── FindingResource.php
│ │ ├── EvidenceSnapshotResource.php
│ │ └── TenantReviewResource.php
│ └── Widgets/
│ ├── Dashboard/
│ │ └── NeedsAttention.php
│ └── Workspace/
│ ├── WorkspaceSummaryStats.php
│ ├── WorkspaceNeedsAttention.php
│ └── WorkspaceRecentOperations.php
├── Models/
│ ├── Finding.php
│ ├── AlertDelivery.php
│ ├── OperationRun.php
│ ├── EvidenceSnapshot.php
│ └── TenantReview.php
├── Services/
│ └── Auth/
│ ├── WorkspaceCapabilityResolver.php
│ └── CapabilityResolver.php
└── Support/
├── Auth/
│ └── Capabilities.php
├── Baselines/
│ ├── BaselineCompareStats.php
│ ├── BaselineCompareSummaryAssessment.php
│ ├── BaselineCompareSummaryAssessor.php
│ ├── TenantGovernanceAggregate.php
│ └── TenantGovernanceAggregateResolver.php
├── OperationRunLinks.php
└── Workspaces/
└── WorkspaceOverviewBuilder.php
resources/
└── views/
└── filament/
├── pages/
│ └── workspace-overview.blade.php
└── widgets/
└── workspace/
├── workspace-needs-attention.blade.php
└── workspace-recent-operations.blade.php
tests/
└── Feature/
└── Filament/
├── WorkspaceOverviewAccessTest.php
├── WorkspaceOverviewAuthorizationTest.php
├── WorkspaceOverviewContentTest.php
├── WorkspaceOverviewEmptyStatesTest.php
├── WorkspaceOverviewLandingTest.php
├── WorkspaceOverviewNavigationTest.php
├── WorkspaceOverviewOperationsTest.php
├── WorkspaceOverviewPermissionVisibilityTest.php
├── WorkspaceOverviewGovernanceAttentionTest.php
├── WorkspaceOverviewDbOnlyTest.php
├── WorkspaceOverviewDrilldownContinuityTest.php
└── WorkspaceOverviewSummaryMetricsTest.php
```
**Structure Decision**: Keep the feature entirely inside the existing Laravel/Filament monolith. Extend the current workspace overview builder, workspace widgets, tenant truth helpers, and existing destination resources or pages instead of creating a new workspace domain layer.
## Complexity Tracking
> No Constitution Check violations are planned. No exceptions are currently justified.
| Violation | Why Needed | Simpler Alternative Rejected Because |
|-----------|------------|-------------------------------------|
| — | — | — |
## Proportionality Review
> No new enum/status family, persisted entity, abstraction layer, taxonomy, or cross-domain UI framework is planned in this slice.
- **Current operator problem**: The workspace home can look calm even when visible tenants already carry governance-critical problems.
- **Existing structure is insufficient because**: Workspace aggregation currently stops at operations and alerts and fails to propagate already-mature tenant governance truth.
- **Narrowest correct implementation**: Extend the existing workspace overview builder and widgets to consume existing tenant aggregates and destination contracts.
- **Ownership cost created**: Modest additional workspace-level aggregation logic and focused regression coverage.
- **Alternative intentionally rejected**: A new workspace posture subsystem, new persistence, or a matrix-style redesign.
- **Release truth**: Current-release truth.
## Implementation Strategy
### Phase A — Reuse Existing Tenant Truth In The Workspace Builder
**Goal**: Make `WorkspaceOverviewBuilder` governance-aware without creating a parallel truth layer.
| Step | File | Change |
|------|------|--------|
| A.1 | `app/Support/Workspaces/WorkspaceOverviewBuilder.php` | Add a visible-tenant governance promotion pass that resolves `TenantGovernanceAggregate` for accessible tenants and builds a bounded set of governance candidates from overdue findings, lapsed governance, expiring governance, high-severity active findings, stale, failed, or materially degraded compare posture, and optionally already-available evidence or review attention. |
| A.2 | `app/Support/Baselines/TenantGovernanceAggregateResolver.php` and existing tenant truth classes | Reuse existing aggregate outputs as-is; only add plan-level consumption, not a second interpretation layer. |
| A.3 | `tests/Feature/Filament/WorkspaceOverviewGovernanceAttentionTest.php` plus existing overview tests | Prove that visible governance-critical tenants now surface on the workspace home even when operations are quiet. |
### Phase B — Separate Governance Metrics From Activity Metrics
**Goal**: Make the stat strip clearly answer risk versus activity instead of flattening them into one line of numbers.
| Step | File | Change |
|------|------|--------|
| B.1 | `app/Support/Workspaces/WorkspaceOverviewBuilder.php` | Replace or augment the current `needs_attention` stat with one or more tenant-level governance-risk metrics such as tenants needing governance attention, tenants with overdue findings, tenants with lapsed governance, or tenants with stale, failed, or materially degraded compare posture. |
| B.2 | `app/Filament/Widgets/Workspace/WorkspaceSummaryStats.php` and `resources/views/filament/pages/workspace-overview.blade.php` | Preserve the existing stat strip but ensure risk metrics and activity metrics are semantically and visually distinguishable through grouping, wording, and destination meaning. |
| B.3 | `tests/Feature/Filament/WorkspaceOverviewSummaryMetricsTest.php` and existing content tests | Prove that governance metrics count affected visible tenants, activity metrics remain activity-only, and the two meanings are not mixed. |
### Phase C — Make Workspace Attention Tenant-Addressable And Actionable
**Goal**: Turn workspace attention into a real start surface with tenant identity, reason, priority, and next jump.
| Step | File | Change |
|------|------|--------|
| C.1 | `app/Support/Workspaces/WorkspaceOverviewBuilder.php` | Expand the attention item payload to include tenant label, tenant route key or id, problem family, urgency, and one primary target kind. Keep every attention item tenant-bound, leave workspace-wide operations or alert totals in metrics or recency surfaces, and rank governance issues above activity-only items while keeping the list bounded. |
| C.2 | `resources/views/filament/widgets/workspace/workspace-needs-attention.blade.php` | Render tenant identity, family, urgency, and one explicit primary action or a disabled explanatory state when the exact destination is not allowed. |
| C.3 | `tests/Feature/Filament/WorkspaceOverviewDrilldownContinuityTest.php` and `tests/Feature/Filament/WorkspaceOverviewGovernanceAttentionTest.php` | Prove that each central attention family leads to the correct tenant dashboard, findings, compare, evidence, review, or operation destination and that dead-end links are not exposed. |
### Phase D — Fix Workspace Calmness And Empty-State Semantics
**Goal**: Stop the workspace home from claiming calmness when only operations are quiet.
| Step | File | Change |
|------|------|--------|
| D.1 | `app/Support/Workspaces/WorkspaceOverviewBuilder.php` | Change empty-state and calmness logic so calm claims are suppressed whenever visible tenant governance or compare issues exist, even if operations and alerts are healthy. Keep zero-tenant states distinct from healthy states and default their recovery action to the existing choose-workspace route. |
| D.2 | `app/Filament/Widgets/Workspace/WorkspaceNeedsAttention.php`, `resources/views/filament/pages/workspace-overview.blade.php`, and `resources/views/filament/widgets/workspace/workspace-needs-attention.blade.php` | Tighten copy so the workspace can say “nothing urgent” only for the domains actually checked and only when no visible governance-critical tenant state exists. |
| D.3 | `tests/Feature/Filament/WorkspaceOverviewEmptyStatesTest.php` and new governance attention coverage | Prove false calmness is suppressed and low-permission or zero-tenant scenarios remain clearly distinct from healthy calm. |
### Phase E — Preserve Operations As Diagnostic Recency, Not Portfolio Posture
**Goal**: Keep `WorkspaceRecentOperations` useful without letting it dominate workspace risk semantics.
| Step | File | Change |
|------|------|--------|
| E.1 | `app/Filament/Widgets/Workspace/WorkspaceRecentOperations.php` and `resources/views/filament/widgets/workspace/workspace-recent-operations.blade.php` | Preserve existing recency behavior and row-open model, but ensure surrounding copy and page hierarchy keep it clearly subordinate to governance attention and summary metrics. |
| E.2 | `tests/Feature/Filament/WorkspaceOverviewOperationsTest.php` and content tests | Prove operations remain filtered to the visible tenant slice, remain non-polling by default, and no longer define calmness on their own. |
### Phase F — Tighten RBAC-Safe Destination Selection
**Goal**: Ensure visible truth never creates a broken or misleading navigation path.
| Step | File | Change |
|------|------|--------|
| F.1 | `app/Support/Workspaces/WorkspaceOverviewBuilder.php`, `app/Services/Auth/WorkspaceCapabilityResolver.php`, `app/Services/Auth/CapabilityResolver.php`, and tenant resource URL helpers | For each attention family, choose the most precise destination the current in-scope user may actually open; otherwise fall back to an allowed tenant dashboard or disabled explanatory state. Aggregate lapsed-governance attention stays tenant-bound but falls back to the tenant dashboard when the current findings filters would narrow the invalid-governance family. Alert-only follow-up reuses `/admin/alerts`, and zero-tenant recovery reuses `/admin/choose-workspace`. |
| F.2 | `tests/Feature/Filament/WorkspaceOverviewPermissionVisibilityTest.php`, `WorkspaceOverviewAuthorizationTest.php`, and new drilldown tests | Prove non-members still receive `404`, hidden tenants do not affect visible output, and members missing downstream capability do not receive clickable dead-end links. |
### Phase G — Verification And Formatting
**Goal**: Lock the new workspace truth and performance contract in place.
| Step | File | Change |
|------|------|--------|
| G.1 | Workspace overview focused test pack | Add or extend tests for governance promotion, stale, failed, and materially degraded compare breadth, ordering, tenant identity, summary metric separation, calmness suppression, zero-tenant next-step recovery, low-permission operations fallback, drill-through continuity, DB-only query-bounded rendering, and permission-safe fallbacks. |
| G.2 | `vendor/bin/sail bin pint --dirty --format agent` and focused Pest runs | Apply formatting and run the smallest verification pack that covers the builder, workspace view rendering, and navigation behavior. |
## Key Design Decisions
### D-001 — Keep `WorkspaceOverviewBuilder` as the single orchestration boundary
The repo already has one place that constructs the workspace overview payload. Extending that builder is narrower than inventing a separate workspace governance service or presenter layer.
### D-002 — Promote tenant truth by tenant, not by raw issue count
The workspace operator needs to know which tenants need attention first. A tenant-level risk count is a better workspace answer than raw issue totals because it preserves the MSP triage shape and avoids making one noisy tenant dominate the stat strip.
### D-003 — Reuse `TenantGovernanceAggregate` before touching lower-level logic
The tenant dashboard already uses a mature governance aggregate. Workspace attention should consume that same truth path rather than rebuilding overdue, lapsed, or compare logic with new ad-hoc queries.
### D-004 — Keep workspace attention bounded and prioritized
The spec hardens the workspace entry point, not a portfolio matrix. The workspace home should surface the top visible reasons to act, not every raw tenant issue. One high-value item per visible problem family is preferable to a noisy stream.
### D-005 — Treat evidence and review as opportunistic precision targets
Evidence and reviews are in scope only when they already represent the best existing tenant-level next jump. They are not a reason to create a new workspace evidence or review aggregate in this slice.
### D-006 — Calmness is a checked-domain claim, not a decorative empty state
The workspace may only look calm when both governance and activity signals in visible scope are calm. Operations-only quietness is never enough.
### D-007 — Disabled or fallback navigation is preferable to dead-end clicks
If the current in-scope user can see that a tenant has a problem but cannot open the most precise destination, the UI must not offer a clickable link that fails later. The surface must either choose an allowed fallback or render a disabled explanatory state.
## Risk Assessment
| Risk | Impact | Likelihood | Mitigation |
|------|--------|------------|------------|
| Workspace attention becomes noisy by promoting too many tenant signals | High | Medium | Bound the list, rank governance-critical families first, and cap per-page attention items. |
| Per-tenant aggregate resolution introduces avoidable N+1 behavior | High | Medium | Reuse `TenantGovernanceAggregateResolver` request-scoped caching and keep the visible tenant slice bounded. |
| Workspace and tenant truth diverge because workspace logic starts reinterpreting the same facts | High | Medium | Consume `TenantGovernanceAggregate` and existing destinations instead of rebuilding semantics with ad-hoc query logic. |
| Capability gaps create misleading or broken drill-throughs | High | Medium | Implement explicit destination selection with fallback or disabled states and cover it with focused tests. |
| Calmness copy still overstates health after the change | Medium | Medium | Add explicit calmness-suppression tests covering quiet-ops but risky-governance scenarios. |
## Test Strategy
- Extend existing workspace overview tests to preserve landing, navigation, authorization, permission visibility, and operations-slice behavior.
- Add focused governance attention coverage for overdue findings, lapsed governance, expiring governance, high-severity active findings, stale, failed, or materially degraded compare posture, and quiet-ops-but-risky-governance scenarios.
- Add summary-metric tests proving governance-risk metrics count affected visible tenants rather than raw issue counts and remain distinct from activity metrics.
- Add drill-through continuity tests covering tenant dashboard fallback, findings filters, baseline compare landing, evidence or review targets where applicable, and canonical operation detail or index routes.
- Add permission-sensitive tests ensuring non-members remain `404`, invisible tenants do not affect visible output, members missing a downstream capability get a safe fallback or disabled state rather than a clickable dead end, and zero-tenant members receive the choose-workspace recovery action instead of healthy calm messaging.
- Add DB-only and query-bounding verification so render-time aggregation stays inside the plan's performance constraints and benefits from existing request-scoped caching.
- Keep the verification pack Sail-first and run `vendor/bin/sail bin pint --dirty --format agent` before closing implementation.
## Constitution Check (Post-Design)
Re-check result: PASS.
- Livewire v4.0+ compliance: preserved because the design stays inside existing Filament v5 widgets and pages.
- Provider registration location: unchanged; no panel/provider registration work is needed beyond the existing `bootstrap/providers.php` setup.
- Global-searchable resources: unchanged; no resource search behavior is altered.
- Destructive actions: unchanged; the feature adds no destructive action and therefore no new confirmation flow.
- Asset strategy: unchanged; no new asset bundle or deploy-time asset step is introduced.
- Testing plan: focused Pest coverage will be added or extended for workspace overview rendering, governance promotion, calmness suppression, summary metric separation, drill-through continuity, and RBAC-safe behavior.

121
specs/175-workspace-governance-attention/quickstart.md Normal file
View File

@ -0,0 +1,121 @@
# Quickstart: Workspace Governance Attention Foundation
## Goal
Validate that `/admin` no longer appears calm when visible tenants carry governance-critical conditions, that workspace summary metrics distinguish risk from activity, and that workspace attention items identify the correct tenant and open the correct next surface.
## Prerequisites
1. Start Sail.
2. Ensure you have one workspace with multiple visible tenants and current workspace session context.
3. Prepare seeded tenant scenarios for:
- no governance-critical conditions and no unusual activity
- overdue findings with otherwise quiet operations
- lapsed governance
- expiring governance
- high-severity active findings
- stale, failed, or materially degraded compare posture
- activity-only workspace noise with otherwise healthy governance posture
- optional existing evidence or review attention if those truth surfaces are already available
4. Prepare one workspace member who can see the workspace home but lacks at least one downstream tenant destination capability so disabled or fallback attention behavior can be verified.
5. Prepare one workspace member who belongs to the workspace but has zero accessible tenants so the choose-workspace recovery path can be verified.
## Implementation Validation Order
### 1. Run the existing workspace overview baseline pack
```bash
vendor/bin/sail artisan test --compact tests/Feature/Filament/WorkspaceOverviewAccessTest.php
vendor/bin/sail artisan test --compact tests/Feature/Filament/WorkspaceOverviewAuthorizationTest.php
vendor/bin/sail artisan test --compact tests/Feature/Filament/WorkspaceOverviewLandingTest.php
vendor/bin/sail artisan test --compact tests/Feature/Filament/WorkspaceOverviewNavigationTest.php
vendor/bin/sail artisan test --compact tests/Feature/Filament/WorkspaceOverviewContentTest.php
vendor/bin/sail artisan test --compact tests/Feature/Filament/WorkspaceOverviewEmptyStatesTest.php
vendor/bin/sail artisan test --compact tests/Feature/Filament/WorkspaceOverviewPermissionVisibilityTest.php
vendor/bin/sail artisan test --compact tests/Feature/Filament/WorkspaceOverviewOperationsTest.php
```
Expected outcome:
- The existing workspace home still renders, remains workspace-scoped, and preserves current access and operations behavior.
### 2. Run focused governance-attention coverage
```bash
vendor/bin/sail artisan test --compact tests/Feature/Filament/WorkspaceOverviewGovernanceAttentionTest.php
vendor/bin/sail artisan test --compact tests/Feature/Filament/WorkspaceOverviewSummaryMetricsTest.php
```
Expected outcome:
- Visible tenants with overdue findings, lapsed governance, expiring governance, high-severity active findings, or stale, failed, or materially degraded compare posture now promote governance attention into the workspace home.
- Governance-risk metrics count affected tenants and remain distinct from operations or alerts volume.
### 3. Run drill-through continuity and RBAC-safe navigation coverage
```bash
vendor/bin/sail artisan test --compact tests/Feature/Filament/WorkspaceOverviewDrilldownContinuityTest.php
vendor/bin/sail artisan test --compact tests/Feature/Filament/WorkspaceOverviewPermissionVisibilityTest.php
vendor/bin/sail artisan test --compact tests/Feature/Filament/WorkspaceOverviewAuthorizationTest.php
```
Expected outcome:
- Workspace attention items carry tenant context and open the correct findings, compare, evidence, review, tenant dashboard, or operations destination.
- Members missing a downstream capability do not receive clickable dead-end links.
### 4. Re-run workspace empty-state and calmness coverage
```bash
vendor/bin/sail artisan test --compact tests/Feature/Filament/WorkspaceOverviewEmptyStatesTest.php
vendor/bin/sail artisan test --compact tests/Feature/Filament/WorkspaceOverviewGovernanceAttentionTest.php --filter=calm
```
Expected outcome:
- The workspace no longer renders a calm or “nothing urgent” state when visible governance-critical tenant conditions exist.
- Zero-tenant and low-permission states remain clearly distinct from healthy calmness, zero-tenant recovery defaults to `Switch workspace`, and permission-limited recovery defaults to `Open operations` unless a more specific allowed action exists.
### 5. Format touched files
```bash
vendor/bin/sail bin pint --dirty --format agent
```
Expected outcome:
- All changed implementation files conform to project formatting rules.
### 6. Run the final focused verification pack
```bash
vendor/bin/sail artisan test --compact tests/Feature/Filament/WorkspaceOverviewAccessTest.php
vendor/bin/sail artisan test --compact tests/Feature/Filament/WorkspaceOverviewAuthorizationTest.php
vendor/bin/sail artisan test --compact tests/Feature/Filament/WorkspaceOverviewLandingTest.php
vendor/bin/sail artisan test --compact tests/Feature/Filament/WorkspaceOverviewNavigationTest.php
vendor/bin/sail artisan test --compact tests/Feature/Filament/WorkspaceOverviewContentTest.php
vendor/bin/sail artisan test --compact tests/Feature/Filament/WorkspaceOverviewEmptyStatesTest.php
vendor/bin/sail artisan test --compact tests/Feature/Filament/WorkspaceOverviewPermissionVisibilityTest.php
vendor/bin/sail artisan test --compact tests/Feature/Filament/WorkspaceOverviewOperationsTest.php
vendor/bin/sail artisan test --compact tests/Feature/Filament/WorkspaceOverviewDbOnlyTest.php
vendor/bin/sail artisan test --compact tests/Feature/Filament/WorkspaceOverviewGovernanceAttentionTest.php
vendor/bin/sail artisan test --compact tests/Feature/Filament/WorkspaceOverviewSummaryMetricsTest.php
vendor/bin/sail artisan test --compact tests/Feature/Filament/WorkspaceOverviewDrilldownContinuityTest.php
```
Expected outcome:
- The formatted implementation preserves landing, authorization, content, empty-state, operations, governance-attention, stat-separation, and drill-through contracts for the workspace home.
## Manual Smoke Check
1. Open `/admin` for a workspace where one visible tenant has overdue findings but operations are quiet.
2. Confirm the workspace home does not read as calm and identifies the tenant explicitly.
3. Open `/admin` for a workspace where a visible tenant has lapsed governance or stale, failed, or materially degraded compare posture and confirm that tenant is prioritized above activity-only items.
4. Click a governance attention item and confirm the destination reproduces the same tenant problem family.
5. Verify that the summary strip clearly distinguishes tenant risk from active operations.
6. Switch to a healthy workspace and confirm calm wording only appears when both governance and activity domains are truly calm within visible scope.
7. Sign in as the zero-tenant workspace member and confirm the workspace does not look healthy and instead offers `Switch workspace` as the next action.
8. Sign in as the permission-limited workspace member and confirm visible attention does not expose a clickable dead-end link and the page still presents `Open operations` as the valid workspace-safe next action.
## Non-Goals For This Slice
- No database migration.
- No new Graph contract or provider workflow.
- No full portfolio matrix or posture score.
- No new workspace evidence or review aggregate.
- No conversion of recent operations into a primary governance queue.

105
specs/175-workspace-governance-attention/research.md Normal file
View File

@ -0,0 +1,105 @@
# Phase 0 Research: Workspace Governance Attention Foundation
## Decision: Reuse `WorkspaceOverviewBuilder` as the single orchestration point for workspace governance attention
**Rationale**: The current workspace home already builds one typed payload through `WorkspaceOverviewBuilder`, and it already applies visible-tenant scoping plus workspace capability checks before computing metrics, attention, and recency. The missing behavior is not a missing builder seam; it is that the builder currently stops at operations and alerts. Extending that existing orchestration point is narrower than creating a second workspace posture service.
**Alternatives considered**:
- Create a new workspace posture builder or presenter layer: rejected because it would duplicate ownership and violate the repo's bias toward few layers.
- Push governance promotion into widget-local queries: rejected because it would spread truth ownership across multiple workspace widgets.
## Decision: Reuse `TenantGovernanceAggregateResolver` and `BaselineCompareStats` per visible tenant instead of inventing workspace-local governance logic
**Rationale**: The tenant dashboard already uses `TenantGovernanceAggregate`, `BaselineCompareStats`, and `BaselineCompareSummaryAssessor` to answer exactly the governance questions Spec 175 wants to surface at workspace level: overdue findings, lapsed governance, expiring governance, high-severity active findings, and stale, failed, or materially degraded compare posture. Workspace attention should promote that existing tenant truth, not reinterpret it with a weaker query path.
**Alternatives considered**:
- Create a workspace-only aggregation query for overdue, lapsed, and compare states: rejected because it would split truth ownership away from the existing tenant governance path.
- Create a persisted workspace governance summary: rejected because the spec explicitly forbids new persistence and the problem is request-time semantics, not lifecycle truth.
## Decision: Count governance risk by affected tenant, not by raw issue total, in workspace summary metrics
**Rationale**: The workspace question is “which tenants need attention” rather than “how many findings exist.” Counting visible tenants with overdue findings, lapsed governance, or stale, failed, or materially degraded compare posture gives the operator a portfolio answer and avoids one noisy tenant dominating the workspace strip.
**Alternatives considered**:
- Show raw totals for overdue findings or lapsed exceptions across the whole workspace: rejected because it weakens triage value and makes the summary less tenant-actionable.
- Keep the existing single `needs attention` count derived from operations and alerts only: rejected because it preserves the false-calm problem.
## Decision: Rank governance-critical tenant states above activity-only and alert-delivery-only items
**Rationale**: The spec explicitly requires governance-critical states such as lapsed governance, overdue findings, high-severity active findings, and stale, failed, or materially degraded compare posture to outrank active operations and alert-delivery failures. Workspace attention should still include operations or alerts, but only after governance-critical tenant problems have had a chance to surface.
**Alternatives considered**:
- Keep current recency-first ordering with governance added lower down: rejected because it still lets busy but healthier workspaces look more urgent than risky but quiet ones.
- Remove operations and alerts entirely: rejected because they remain useful as supporting attention once governance-critical signals are represented.
## Decision: Make every workspace attention item tenant-identifiable with one primary destination
**Rationale**: The current workspace attention items are generic operations or alert items. Spec 175 requires tenant identity, problem family, relevance, and next jump. A bounded item contract with tenant label plus one primary destination is the narrowest way to satisfy this without turning the workspace home into a matrix or a second diagnostics page.
**Alternatives considered**:
- Continue using generic titles like “operations are still running”: rejected because it does not answer which tenant to open first.
- Add multiple buttons per item: rejected because it makes the attention surface noisier and less decisive.
## Decision: Use RBAC-safe fallback or disabled explanatory states instead of dead-end drill-throughs
**Rationale**: Some workspace members may be able to see that a tenant has a problem but may not hold the most precise downstream capability, such as findings inspection. The constitution permits visible disabled states for in-scope members. The safest behavior is to choose an allowed fallback such as the tenant dashboard or to render a disabled explanatory state instead of a clickable link that ends in `403`.
**Alternatives considered**:
- Hide the tenant problem entirely when the precise destination is not allowed: rejected because it can make the workspace appear calmer than reality.
- Always link to the precise destination and rely on downstream authorization failure: rejected because the spec forbids dead-end drill-throughs.
## Decision: Default zero-tenant recovery to the existing choose-workspace route
**Rationale**: The current admin workspace flow already uses `/admin/choose-workspace` as the canonical recovery surface when no usable workspace or tenant context is available. Reusing that existing route keeps the workspace overview honest for zero-tenant members without inventing a new recovery surface or asking them to infer the next step.
**Alternatives considered**:
- Treat zero-tenant state as a healthy calm empty state: rejected because it hides a scope problem as a health signal.
- Default zero-tenant recovery to a workspace-management surface: rejected because many members can switch workspace but cannot manage workspace memberships.
## Decision: Route alert-only follow-up to the existing alerts overview at `/admin/alerts`
**Rationale**: The app already has an admin alerts overview that serves as the canonical entry point for alert health, rules, and delivery follow-up. Using that route for workspace alert-only attention is narrower and more stable than inventing a new alert-delivery deep-link contract inside this slice.
**Alternatives considered**:
- Send alert-only attention directly to an alert-deliveries list route: rejected because the current operator surface is the alerts overview at `/admin/alerts`.
- Drop alert-only follow-up entirely: rejected because alert delivery remains a valid supporting attention family once governance-critical items are represented.
## Decision: Keep evidence and review promotion opportunistic, not foundational, in this slice
**Rationale**: The codebase already has tenant evidence and review resources, but the current workspace overview has no evidence or review aggregation. Spec 175 allows evidence or review issues where already available. The narrow implementation is to use those surfaces only when existing tenant truth already provides a clear problem family and a clear target, not to build a new workspace evidence or review subsystem.
**Alternatives considered**:
- Exclude evidence and review entirely: rejected because the spec explicitly leaves room for them where they already provide value.
- Build a dedicated workspace evidence or review aggregate now: rejected because it exceeds the foundation scope of the feature.
## Decision: Keep `WorkspaceRecentOperations` as diagnostic recency, not portfolio posture
**Rationale**: The current recent-operations widget already serves a clear supporting role and is covered by existing tests that verify visible-tenant filtering and the absence of polling. The spec does not require changing its query model; it requires preventing that surface from being mistaken for the workspace's main truth surface.
**Alternatives considered**:
- Expand recent operations into the primary attention owner: rejected because it would keep the workspace entry point operations-centered.
- Remove recent operations from the overview: rejected because it still provides useful context when subordinated to governance attention.
## Decision: Treat workspace calmness as a checked-domain claim instead of an operations-only empty state
**Rationale**: The current `WorkspaceNeedsAttention` empty state says “Nothing urgent in your current scope” and explains that recent operations and alert deliveries look healthy. That wording is only valid if the page is consciously limiting its claim to those domains. After governance promotion, calm messaging must be based on both governance and activity signals in visible scope, or else be narrowed explicitly.
**Alternatives considered**:
- Keep the current empty-state wording and rely on new governance items to suppress it sometimes: rejected because the wording still over-claims portfolio health.
- Remove calm messaging entirely: rejected because a truthful all-clear remains useful when the covered domains are genuinely calm.
## Decision: Lean on request-scoped derived-state caching instead of new persistence for performance
**Rationale**: `TenantGovernanceAggregateResolver` already uses request-scoped derived-state caching. That makes per-visible-tenant governance resolution viable for the workspace overview without introducing a new summary table or materialized view. This keeps the implementation within the spec's no-new-persistence constraint.
**Alternatives considered**:
- Add a cached database aggregate or background precompute job: rejected because it introduces durability and lifecycle cost the feature does not need.
- Resolve all tenant governance truth from raw ad-hoc queries without using the resolver: rejected because it ignores an existing request-scope caching seam and increases drift risk.
## Decision: Protect the feature with focused workspace overview regression tests instead of manual review alone
**Rationale**: The highest-risk failures are semantic: false calmness, wrong tenant prioritization, missing tenant labels, or broken destinations. Existing workspace overview tests already cover access, landing, navigation, permission visibility, empty states, content, and operations slice behavior. Extending that suite with governance attention and drill-through coverage is the narrowest way to keep this contract stable.
**Alternatives considered**:
- Rely on manual browser review only: rejected because semantic regressions are subtle and easy to reintroduce.
- Build a full browser-based suite first: rejected because focused Pest coverage is already the repo's normal enforcement layer for Filament truth contracts.

238
specs/175-workspace-governance-attention/spec.md Normal file
View File

@ -0,0 +1,238 @@
# Feature Specification: Spec 175 - Workspace Governance Attention Foundation
**Feature Branch**: `175-workspace-governance-attention`
**Created**: 2026-04-04
**Status**: Draft
**Input**: User description: "Spec 175 — Workspace Governance Attention Foundation"
## Spec Scope Fields *(mandatory)*
- **Scope**: workspace + canonical-view
- **Primary Routes**:
- `/admin` as the workspace-level overview where `WorkspaceOverview`, `WorkspaceSummaryStats`, `WorkspaceNeedsAttention`, and `WorkspaceRecentOperations` establish the first portfolio triage impression
- `/admin/choose-workspace` as the default workspace-switch recovery surface for zero-tenant or wrong-workspace states
- `/admin/choose-tenant` as the deliberate tenant-entry surface when the operator needs to move from workspace triage into one tenant
- `/admin/t/{tenant}` as the tenant dashboard destination for tenant-wide recovery when a workspace attention item needs a broad tenant landing point
- `/admin/t/{tenant}/findings` and tenant finding detail routes as the primary findings and governance drill-through destinations
- `/admin/t/{tenant}/baseline-compare-landing` as the compare-posture destination for stale, failed, or materially degraded compare states
- `/admin/alerts` as the canonical alert overview and delivery follow-up destination for workspace alert issues
- `/admin/operations` and canonical operation detail routes as the operations and execution follow-up destinations
- `/admin/t/{tenant}/evidence` and `/admin/t/{tenant}/reviews` only when an attention item is backed by already-visible evidence or review truth that is more precise than a generic tenant landing
- **Data Ownership**:
- Workspace-owned: workspace context, workspace home composition, workspace-scoped recent operations, and alert-delivery history already summarized on the workspace home
- Tenant-owned but workspace-filtered: visible tenant governance state, findings workflow state, evidence and review truth, and tenant-scoped compare posture that may be promoted into workspace attention
- This feature introduces no new workspace summary record; workspace attention, calmness, and governance stats remain derived over existing workspace and tenant truth
- **RBAC**:
- Workspace membership remains required to render `/admin` and all workspace-level overview aggregates
- Only tenants that are visible within the current operator's entitled workspace scope may contribute to workspace counts, calmness suppression, or attention items
- Alert-related destinations continue to require the existing alert visibility permission, while tenant drill-through destinations continue to require the current tenant-level inspection capability for that surface; baseline compare currently rides on general `tenant.view` rather than a dedicated compare-specific capability
- Non-members or out-of-scope actors remain deny-as-not-found, and the workspace home must not leak hidden tenant posture through counts, wording, or drill-through affordances
For canonical-view specs, the spec MUST define:
- **Default filter behavior when tenant-context is active**: The workspace home remains workspace-scoped even if a tenant was selected earlier in the session. The overview itself must not silently collapse into one tenant. Any drill-through launched from workspace attention or governance stats must preserve the originating tenant and problem family through tenant context or an equivalent pre-applied destination filter.
- **Explicit entitlement checks preventing cross-tenant leakage**: Workspace counts, calmness claims, priority order, and drill-through destinations must be computed only from visible tenants and visible truth surfaces. Inaccessible tenants must not contribute to `needs attention`, governance-risk stats, or empty-state suppression. If a precise destination is not authorized for the current in-scope user, the workspace surface must use an allowed fallback or remove the clickable affordance instead of hinting at hidden data.
## UI/UX Surface Classification *(mandatory when operator-facing surfaces are changed)*
| Surface | Surface Type | Primary Inspect/Open Model | Row Click | Secondary Actions Placement | Destructive Actions Placement | Canonical Collection Route | Canonical Detail Route | Scope Signals | Canonical Noun | Critical Truth Visible by Default | Exception Type |
|---|---|---|---|---|---|---|---|---|---|---|---|
| Workspace overview page | Workspace landing page | The page itself is the canonical workspace entry and hosts the embedded triage surfaces | forbidden | quick actions section only | none | `/admin` | none | Active workspace identity stays visible and embedded items must keep tenant labels explicit | Overview | Whether the workspace currently has governance attention and how that differs from raw activity | Singleton landing surface |
| Workspace `Needs Attention` | Embedded triage summary | Each attention item opens one matching working surface for the named tenant problem | required | none | none | `/admin` | Existing tenant dashboard, findings, baseline compare, evidence, review, or operation detail destination depending on item type | Tenant name, problem family, and urgency must be visible on the item before navigation | Attention / Attention item | The most important visible tenant problems and where to go next | Multi-destination triage surface |
| Workspace summary stats | Embedded status summary / drill-in surface | Each stat opens one matching destination or remains intentionally passive when no actionable set exists | forbidden | none | none | `/admin` | Matching destination for the metric, such as choose tenant, findings, compare, or operations | Workspace identity and a clear split between governance risk and activity volume | Governance attention and Operations | Portfolio risk counts are separated from portfolio activity counts | Mixed metric summary surface |
| Workspace recent operations | Embedded diagnostic recency surface | Each operation row or card opens the canonical operation detail | required | none | none | `/admin/operations` | Existing canonical operation detail route | Workspace context plus visible tenant label on each operation keeps the recency list anchored to one tenant when relevant | Operations / Operation | Recent execution context without pretending to be the main portfolio-risk summary | Diagnostic recency surface |
## Operator Surface Contract *(mandatory when operator-facing surfaces are changed)*
| Surface | Primary Persona | Surface Type | Primary Operator Question | Default-visible Information | Diagnostics-only Information | Status Dimensions Used | Mutation Scope | Primary Actions | Dangerous Actions |
|---|---|---|---|---|---|---|---|---|---|
| Workspace overview page | Workspace operator | Workspace landing page | Which tenants need attention first, and is this workspace actually calm or only operationally quiet? | Workspace identity, governance-aware summary stats, prioritized attention, and recent activity as supporting context | Deep run metadata, raw compare internals, and low-level workflow detail remain on downstream pages | governance attention, compare posture, findings pressure, evidence or review trust where already available, operations activity | none | Choose tenant, open an attention item destination, open operations | none |
| Workspace `Needs Attention` | Workspace operator | Embedded triage summary | Which tenant needs attention now, why, and where should I jump? | Tenant label, problem family, urgency, and one clear next destination | Low-level evidence payloads, verbose status histories, and raw query context remain secondary | governance issue, findings issue, compare issue, evidence or review issue, operations issue | none | Open the matching tenant dashboard, findings list, compare landing, evidence or review surface, or operation detail | none |
| Workspace summary stats | Workspace operator | Embedded status summary / drill-in surface | How much of this workspace is active, and how much of it is governance risk? | Small set of trustworthy counts with explicit governance versus activity meaning | Full tenant-by-tenant breakdown and historical trends remain outside the stat strip | governance attention volume, activity volume | none | Open the matching aggregate destination or tenant entry point | none |
| Workspace recent operations | Workspace operator | Embedded diagnostic recency surface | What has run recently if I need execution context? | Recent operations with tenant label, status, outcome, and recency | Full operation timeline, payload diagnostics, and longer history remain in operations surfaces | recency, execution status, execution outcome | none | Open the selected operation detail | none |
## Proportionality Review *(mandatory when structural complexity is introduced)*
- **New source of truth?**: No. Existing tenant governance, findings, compare, evidence, review, operations, and alert truth remain authoritative.
- **New persisted entity/table/artifact?**: No. This feature explicitly avoids a new workspace posture record or aggregate table.
- **New abstraction?**: No. The narrow change is to tighten workspace aggregation and presentation semantics on existing surfaces.
- **New enum/state/reason family?**: No. Existing governance, compare, findings, and operations state families remain authoritative.
- **New cross-domain UI framework/taxonomy?**: No. The feature aligns existing workspace and tenant surfaces without creating a new posture framework or score system.
- **Current operator problem**: The workspace home can look calm while visible tenants already have governance-critical conditions, which makes the portfolio entry point weaker than the tenant truth operators already rely on.
- **Existing structure is insufficient because**: The current workspace overview summarizes operations and alert activity well enough, but it does not promote tenant governance truth strongly enough to stop false calmness or answer which tenant to open first.
- **Narrowest correct implementation**: Reuse existing tenant governance, findings, compare, and already-available evidence or review truth to harden workspace stats, attention, and empty-state semantics on the current workspace home.
- **Ownership cost**: The repo takes on stricter workspace aggregation rules, a modest amount of copy tightening, and regression coverage for priority order, calmness suppression, and drill-through continuity.
- **Alternative intentionally rejected**: A full portfolio matrix, a workspace posture score, a major workspace redesign, or a new persisted posture model was rejected because the immediate gap is truth propagation on the existing workspace entry point.
- **Release truth**: Current-release truth. The semantic risk already exists on the shipped workspace overview.
## User Scenarios & Testing *(mandatory)*
### User Story 1 - See The Right Tenant First (Priority: P1)
As a workspace operator, I want the workspace home to surface governance-critical tenants before operational noise so that I can start triage from the riskiest visible tenant instead of from the most recent activity.
**Why this priority**: The feature only delivers value if the workspace entry point stops feeling quieter than the visible tenant truth.
**Independent Test**: Can be fully tested by seeding multiple visible tenants with mixes of overdue findings, lapsed governance, stale, failed, or materially degraded compare posture, high-severity active findings, alert failures, and active operations, then verifying that workspace attention promotes governance-critical tenants first.
**Acceptance Scenarios**:
1. **Given** one visible tenant has lapsed governance and another only has active operations, **When** the operator opens `/admin`, **Then** the governance-critical tenant is surfaced as higher-priority workspace attention.
2. **Given** a visible tenant has overdue findings while operations and alerts look healthy, **When** the workspace home loads, **Then** the page still presents governance attention instead of an all-clear impression.
3. **Given** a visible tenant has stale, failed, or materially degraded compare posture but little recent activity, **When** the workspace home loads, **Then** compare risk remains visible on the workspace entry point.
---
### User Story 2 - Distinguish Risk From Activity (Priority: P1)
As a workspace operator, I want the workspace home to separate governance risk from operations activity so that I can tell whether the portfolio is risky, merely busy, or genuinely calm.
**Why this priority**: A workspace overview that mixes posture and activity cannot support MSP triage with confidence.
**Independent Test**: Can be fully tested by rendering the workspace home in scenarios that contain only activity, only governance risk, both, or neither, then verifying that stats, attention, and empty states describe those cases differently.
**Acceptance Scenarios**:
1. **Given** the workspace has active operations but no visible governance-critical tenant states, **When** the overview renders, **Then** activity appears without governance-risk wording.
2. **Given** the workspace has no failed runs or alert failures but visible overdue findings exist, **When** the overview renders, **Then** the page does not present a calm empty state.
3. **Given** the workspace has no visible governance-critical states and no unusual operations issues, **When** the overview renders, **Then** calm messaging may appear and must match the covered truth domains.
---
### User Story 3 - Jump Into The Right Tenant Surface (Priority: P2)
As a workspace operator, I want each attention item to carry tenant identity and a trustworthy next jump so that I can recover the same problem family immediately on a tenant-level working surface.
**Why this priority**: Workspace attention is only trustworthy if the operator can click it and rediscover the same tenant problem without guesswork.
**Independent Test**: Can be fully tested by seeding representative workspace attention cases and verifying that each item names the tenant, names the problem family, and lands on the matching tenant dashboard, findings, compare, evidence, review, or operation destination.
**Acceptance Scenarios**:
1. **Given** a workspace attention item represents overdue findings for one visible tenant, **When** the operator opens it, **Then** the destination is that tenant's findings surface or a precise allowed fallback that preserves the same problem meaning.
2. **Given** a workspace attention item represents stale, failed, or materially degraded compare posture, **When** the operator opens it, **Then** the destination is the same tenant's baseline compare landing.
3. **Given** the operator can see a tenant on the workspace home but lacks a precise downstream capability, **When** the attention surface renders, **Then** it uses an allowed fallback or a disabled non-clickable state instead of a dead-end drill-through.
### Edge Cases
- A single visible tenant may have multiple governance-critical conditions at the same time; the workspace home must stay bounded while still exposing the tenant identity and the highest-priority next action.
- A workspace may be operationally quiet while one or more visible tenants still have overdue findings, lapsed governance, high-severity active findings, or stale, failed, or materially degraded compare posture; calm messaging must stay suppressed in that case.
- A workspace may be busy but healthy from a governance perspective; governance-risk stats and attention must remain calm even when recent operations are active.
- Some visible tenants may contribute only through a broader tenant dashboard drill-through because the operator lacks a more specific downstream capability; the workspace home must not create dead-end links or authorization surprises.
- A user may belong to the workspace but have zero accessible tenants; the zero-tenant state must remain distinct from a healthy calm state and must still provide one valid next step.
- Evidence or review truth may already indicate attention for a visible tenant even when operations are quiet; if that truth is already surfaced on tenant-level pages, the workspace home should be able to promote it without inventing a parallel status language.
## Requirements *(mandatory)*
**Constitution alignment (required):** This feature introduces no new Microsoft Graph call, no new write workflow, and no new queued or scheduled operation. It hardens the workspace home by promoting already-existing tenant-level truth into existing workspace surfaces.
**Constitution alignment (PROP-001 / ABSTR-001 / PERSIST-001 / STATE-001 / BLOAT-001):** This feature is intentionally narrow. It adds no new persistence, no new abstraction layer, no new status family, and no new posture framework. The required change is truthful workspace aggregation over existing tenant truth.
**Constitution alignment (OPS-UX):** No new `OperationRun` type, progress surface, or execution path is introduced. Existing operations surfaces remain the sole execution-truth surfaces. This slice only changes how the workspace home summarizes and points to those existing operations.
**Constitution alignment (RBAC-UX):** The feature lives in the admin workspace plane at `/admin` with drill-through into tenant-context or canonical admin destinations. Non-members or out-of-scope actors remain `404`. In-scope members lacking a downstream capability remain governed by existing server-side authorization on that destination. Workspace aggregation must stay capability-safe and tenant-safe: hidden tenants must not influence visible counts or wording, and attention items must not become clickable dead ends. If the semantically correct destination is not authorized, the item may only remain if an allowed fallback still preserves tenant and problem meaning. No destructive action is introduced.
**Constitution alignment (OPS-EX-AUTH-001):** Not applicable. No authentication-handshake behavior is changed.
**Constitution alignment (BADGE-001):** Existing centralized badge or tone semantics for findings severity, compare posture, and operations status or outcome remain the semantic source. This feature may expose those existing meanings at workspace level, but it must not invent page-local badge vocabularies for calmness, risk, or urgency.
**Constitution alignment (UI-FIL-001):** The feature reuses the existing Filament page and workspace widgets, existing stat cards, and existing shared status primitives. It should harden semantics through aligned copy, ordering, and drill-through meaning rather than through custom local status markup or a new widget family.
**Constitution alignment (UI-NAMING-001):** Operator-facing vocabulary must keep `Governance`, `Findings`, `Baseline Compare`, `Evidence`, `Reviews`, `Operations`, and `Needs attention` distinct. Calm wording must not imply portfolio health when the page only proves operational quietness.
**Constitution alignment (UI-CONST-001 / UI-SURF-001 / UI-HARD-001 / UI-EX-001 / UI-REVIEW-001):** The workspace overview remains the canonical workspace landing surface. `WorkspaceNeedsAttention` is the primary workspace triage surface. `WorkspaceSummaryStats` is a supporting summary strip and must separate risk from activity. `WorkspaceRecentOperations` remains diagnostic recency, not posture. Each affected surface must keep one primary inspect or open model and must not add redundant affordances.
**Constitution alignment (OPSURF-001):** Default-visible content on `/admin` must stay operator-first. Workspace identity, governance attention, and the distinction between risk and activity must remain visible before any diagnostic detail. Mutation scope remains none for all affected surfaces.
**Constitution alignment (UI-SEM-001 / LAYER-001 / TEST-TRUTH-001):** The feature must not create a new workspace posture layer, presenter framework, or persisted summary. It should instead align workspace semantics directly on top of existing tenant governance, findings, compare, evidence, review, and operations truth. Tests must protect business consequences such as false calmness, missing tenant labels, or broken drill-through continuity.
**Constitution alignment (Filament Action Surfaces):** The Action Surface Contract remains satisfied. `WorkspaceOverview` and its widgets remain inspection and drill-through surfaces with no destructive actions, no empty action groups, and no redundant `View` actions. Embedded widgets are exempt from list-action conventions where they are not tables, but each still needs one primary open model.
**Constitution alignment (UX-001 — Layout & Information Architecture):** This feature does not add create or edit screens. It refines the existing workspace landing page. Governance attention must stay above recent operations context, and empty states must use specific, bounded wording plus exactly one next step instead of broad health claims.
### Functional Requirements
- **FR-175-001**: The workspace home MUST become governance-aware rather than remaining a purely operations and alerts summary.
- **FR-175-002**: Workspace attention MUST be able to surface, when present within visible scope, at least lapsed governance, overdue findings, high-severity active findings, and stale, failed, or materially degraded compare posture.
- **FR-175-003**: Workspace attention SHOULD also be able to promote already-available evidence or review truth when that truth is more actionable than a generic tenant landing.
- **FR-175-004**: Every workspace attention item MUST clearly identify the tenant, the problem family, the urgency or relevance, and one clear next jump.
- **FR-175-005**: Workspace attention MUST semantically distinguish governance issues, findings issues, compare posture issues, evidence or review issues, and operations issues rather than flattening them into one generic alert stream.
- **FR-175-006**: Governance-critical tenant states MUST rank at least as high as, and ordinarily above, active-operations-only or alert-delivery-only items in workspace attention ordering.
- **FR-175-007**: The workspace home MUST NOT appear calmer or healthier than the worst visible tenant condition covered by its workspace attention and summary surfaces.
- **FR-175-008**: Calm or empty states on the workspace home MUST only claim calmness across the signal families that were actually checked and MUST NOT imply full portfolio health merely because operations or alerts are quiet.
- **FR-175-009**: Workspace summary stats MUST include at least one real governance-risk metric such as tenants needing governance attention, tenants with overdue findings, tenants with lapsed governance, or tenants with stale, failed, or materially degraded compare posture.
- **FR-175-010**: Workspace summary stats MUST clearly separate governance attention from activity or volume so an operator can tell whether the portfolio is risky, busy, both, or neither.
- **FR-175-011**: Every workspace attention item MUST resolve to one semantically matching destination surface such as the tenant dashboard, tenant findings, tenant baseline compare, tenant evidence, tenant reviews, or canonical operations detail.
- **FR-175-012**: When the exact matching destination is not authorized for the current in-scope user, the workspace home MUST use an allowed fallback that preserves tenant and problem meaning or suppress the clickable affordance rather than exposing a dead-end drill-through.
- **FR-175-013**: Workspace aggregation MUST reuse existing tenant governance aggregate, findings workflow and governance validity truth, compare assessment, and already-shipped evidence or review truth rather than introducing a weaker parallel workspace-only interpretation.
- **FR-175-014**: `WorkspaceRecentOperations` MUST remain an activity and recency surface and MUST NOT be treated as the workspace's primary posture or governance summary.
- **FR-175-015**: Zero-tenant and low-permission workspace states MUST remain distinct from calm or healthy portfolio states and MUST still provide one valid next action. Zero-tenant recovery MUST default to `Switch workspace`, and low-permission workspace-state recovery MUST default to `Open operations` unless a more specific allowed in-scope recovery action exists.
- **FR-175-016**: The feature MUST be achievable without a new table, new persisted workspace summary model, or heavy pre-aggregated materialized view.
- **FR-175-017**: Regression coverage MUST verify governance-attention promotion, priority order, calmness suppression, tenant identification, governance-versus-operations separation, drill-through continuity, RBAC-safe omission or fallback behavior, DB-only query-bounded render behavior, and the absence of schema requirements.
## UI Action Matrix *(mandatory when Filament is changed)*
| Surface | Location | Header Actions | Inspect Affordance (List/Table) | Row Actions (max 2 visible) | Bulk Actions (grouped) | Empty-State CTA(s) | View Header Actions | Create/Edit Save+Cancel | Audit log? | Notes / Exemptions |
|---|---|---|---|---|---|---|---|---|---|---|
| Workspace overview page | `app/Filament/Pages/WorkspaceOverview.php` | Existing page chrome only; no new page-header action required | n/a | n/a | none | One bounded CTA per empty state, aligned to the specific empty condition | n/a | n/a | no new audit behavior | Singleton landing surface whose main job is truthful orientation, not mutation |
| `WorkspaceSummaryStats` | `app/Filament/Widgets/Workspace/WorkspaceSummaryStats.php` | none | Explicit stat click only when the metric has a matching actionable destination | none | none | Zero-value reassurance remains intentionally passive unless a specific next step is required | n/a | n/a | no new audit behavior | Stat meanings must stay honest about whether they represent risk or activity |
| `WorkspaceNeedsAttention` | `app/Filament/Widgets/Workspace/WorkspaceNeedsAttention.php` | none | One explicit destination or one full-item primary open model per attention item | none | none | Healthy fallback remains read-only reassurance only when no covered attention condition exists | n/a | n/a | no new audit behavior | Multi-destination triage widget; no destructive action and no redundant secondary action model |
| `WorkspaceRecentOperations` | `app/Filament/Widgets/Workspace/WorkspaceRecentOperations.php` | none | Each operation row or card opens canonical operation detail | none | none | Existing empty state remains diagnostic and must not imply broader portfolio health | n/a | n/a | no new audit behavior | Diagnostic recency surface; keeps operations context visible without redefining workspace posture |
### Key Entities *(include if feature involves data)*
- **Visible tenant governance state**: The already-derived tenant condition that tells whether a visible tenant currently carries overdue findings, lapsed or expiring governance, stale, failed, or materially degraded compare posture, high-severity active findings, or already-surfaced evidence or review attention.
- **Workspace governance attention item**: A bounded workspace-level triage item that promotes one visible tenant problem into the workspace home with tenant identity, problem family, urgency, and a next jump.
- **Workspace governance metric**: A workspace-level count that describes how many visible tenants currently require governance attention, independent from operations volume.
- **Workspace calmness claim**: Any workspace wording or empty state that implies the portfolio is calm; it is only valid when the covered governance and activity signals are genuinely calm within visible scope.
- **Workspace drill-through contract**: The semantic promise that a workspace stat or attention item can be rediscovered on the surface it opens without losing tenant identity or problem meaning.
## Success Criteria *(mandatory)*
### Measurable Outcomes
- **SC-175-001**: In regression coverage, every seeded workspace scenario containing at least one visible tenant with lapsed governance, overdue findings, high-severity active findings, or stale, failed, or materially degraded compare posture produces at least one governance attention signal on the workspace home and no calm empty state.
- **SC-175-002**: In regression coverage, 100% of covered workspace attention items display tenant context, problem-family context, and either a matching destination or an allowed disabled or fallback state when the exact destination is not authorized.
- **SC-175-003**: In seeded operator review, an operator can identify within 10 seconds which tenant to open first, why that tenant needs attention, and whether the issue is governance or operations.
- **SC-175-004**: In regression coverage, operations-only activity scenarios do not trigger governance-risk wording, and governance-critical tenant scenarios are not ranked beneath pure activity-only or alert-delivery-only items.
- **SC-175-005**: The feature ships without a required schema migration, a new persisted workspace posture model, or a required materialized aggregate view.
- **SC-175-006**: In regression coverage, a dedicated DB-only workspace overview test proves render-time aggregation stays query-bounded for representative visible-tenant scenarios and does not rely on uncontrolled polling or unbounded per-tenant query fanout.
## Assumptions
- Existing tenant governance aggregate, findings workflow state, compare assessment, and already-available evidence or review truth are sufficient to harden the workspace home without inventing a new posture system.
- Existing tenant dashboard, findings, baseline compare, evidence, review, and operations surfaces remain the correct downstream destinations for workspace drill-through.
- The current workspace overview page structure remains in place for this slice; the work changes truth ordering and meaning, not the overall workspace information architecture.
## Non-Goals
- Building a full portfolio matrix or tenant grid
- Introducing a global workspace posture score, grade, or traffic-light system
- Redesigning the entire workspace overview layout
- Adding choose-tenant posture annotations
- Creating new persistence, materialized views, or a new workspace summary artifact
- Extending the work into cross-workspace or platform-wide operator surfaces
## Dependencies
- Existing workspace overview page and workspace widgets
- Existing tenant governance truth, compare assessment, findings governance state, and evidence or review trust work
- Existing tenant dashboard, findings, compare, evidence, review, and operations destinations used as canonical drill-through surfaces
- Existing workspace and tenant RBAC plus capability-safe query scoping
## Follow-up Spec Candidates
- **Spec 176 — Workspace Portfolio Posture Surface** for per-tenant posture summaries, risk concentration, and a first true portfolio matrix
- **Spec 177 — Choose Tenant Posture Annotation** for posture-aware tenant selection and faster triage from tenant pickers
- **Spec 178 — Workspace Portfolio Stats Redesign** for a broader governance-oriented workspace stat model that goes beyond this foundation slice
## Definition of Done
Spec 175 is complete when:
- workspace attention is no longer purely operations-centered,
- governance-relevant tenant problems are visible on the workspace home,
- workspace calmness no longer reads healthier than the worst visible tenant conditions,
- attention items carry tenant identity, problem type, and a meaningful drill-through,
- workspace summary stats include at least one real governance-risk metric and clearly separate risk from activity,
- and the improvement ships without a new persistence structure or a full workspace redesign.

207
specs/175-workspace-governance-attention/tasks.md Normal file
View File

@ -0,0 +1,207 @@
# Tasks: Workspace Governance Attention Foundation
**Input**: Design documents from `/specs/175-workspace-governance-attention/` (`spec.md`, `plan.md`, `research.md`, `data-model.md`, `contracts/`, `quickstart.md`)
**Prerequisites**: `/specs/175-workspace-governance-attention/plan.md` (required), `/specs/175-workspace-governance-attention/spec.md` (required for user stories)
**Tests**: REQUIRED (Pest) for all runtime behavior changes in this repo. Use focused workspace overview coverage in `tests/Feature/Filament/WorkspaceOverviewAccessTest.php`, `tests/Feature/Filament/WorkspaceOverviewAuthorizationTest.php`, `tests/Feature/Filament/WorkspaceOverviewLandingTest.php`, `tests/Feature/Filament/WorkspaceOverviewNavigationTest.php`, `tests/Feature/Filament/WorkspaceOverviewContentTest.php`, `tests/Feature/Filament/WorkspaceOverviewEmptyStatesTest.php`, `tests/Feature/Filament/WorkspaceOverviewPermissionVisibilityTest.php`, `tests/Feature/Filament/WorkspaceOverviewOperationsTest.php`, `tests/Feature/Filament/WorkspaceOverviewGovernanceAttentionTest.php`, `tests/Feature/Filament/WorkspaceOverviewSummaryMetricsTest.php`, `tests/Feature/Filament/WorkspaceOverviewDrilldownContinuityTest.php`, and `tests/Feature/Filament/WorkspaceOverviewDbOnlyTest.php`.
**Operations**: This feature does not create a new `OperationRun` type or change operations lifecycle ownership. Existing canonical Operations routes remain the only operations destinations involved, and the work here is limited to truthful workspace aggregation and destination continuity.
**RBAC**: Preserve workspace membership enforcement on `/admin`, deny-as-not-found `404` for non-members or out-of-scope tenants, capability-safe fallback or disabled states for drill-through items, and visible-tenant-only aggregation.
**Operator Surfaces**: `WorkspaceOverview`, `WorkspaceSummaryStats`, `WorkspaceNeedsAttention`, and `WorkspaceRecentOperations` must stay operator-first, with governance truth above recency context and no dead-end navigation.
**Filament UI Action Surfaces**: No destructive actions or redundant inspect affordances are added. `WorkspaceSummaryStats` and `WorkspaceNeedsAttention` remain drill-through summary surfaces, and `WorkspaceRecentOperations` remains a row-open diagnostic surface.
**Filament UI UX-001**: No new create, edit, or view pages are introduced. Existing workspace landing layout remains in place while semantics, ordering, and empty-state wording are hardened.
**Badges**: Existing badge semantics for findings severity, compare posture, governance validity, operations status, and operations outcome remain authoritative; no new page-local badge vocabulary is introduced.
**Organization**: Tasks are grouped by user story so each story can be implemented and verified as an independent increment.
## Phase 1: Setup (Context And Existing Surface Review)
**Purpose**: Reconfirm the exact workspace overview seams, tenant truth sources, and canonical destinations before changing `/admin` semantics.
- [X] T001 Review current workspace overview composition in `app/Support/Workspaces/WorkspaceOverviewBuilder.php`, `app/Filament/Pages/WorkspaceOverview.php`, `app/Filament/Widgets/Workspace/WorkspaceSummaryStats.php`, `app/Filament/Widgets/Workspace/WorkspaceNeedsAttention.php`, and `app/Filament/Widgets/Workspace/WorkspaceRecentOperations.php`
- [X] T002 [P] Review existing tenant governance and compare truth sources in `app/Support/Baselines/TenantGovernanceAggregateResolver.php`, `app/Support/Baselines/TenantGovernanceAggregate.php`, `app/Support/Baselines/BaselineCompareStats.php`, `app/Support/Baselines/BaselineCompareSummaryAssessor.php`, and `app/Filament/Widgets/Dashboard/NeedsAttention.php`
- [X] T003 [P] Review canonical drill-through destinations and current workspace overview regression seams in `app/Filament/Pages/TenantDashboard.php`, `app/Filament/Pages/BaselineCompareLanding.php`, `app/Filament/Resources/FindingResource/Pages/ListFindings.php`, `app/Filament/Pages/Monitoring/Operations.php`, and `tests/Feature/Filament/WorkspaceOverview*.php`
---
## Phase 2: Foundational (Blocking Payload And Continuity Seams)
**Purpose**: Establish the shared workspace payload and continuity helpers that every user story depends on.
**⚠️ CRITICAL**: No user story work should begin until this phase is complete.
- [X] T004 Create governance-attention and performance regression scaffolding in `tests/Feature/Filament/WorkspaceOverviewGovernanceAttentionTest.php`, `tests/Feature/Filament/WorkspaceOverviewSummaryMetricsTest.php`, `tests/Feature/Filament/WorkspaceOverviewDrilldownContinuityTest.php`, and `tests/Feature/Filament/WorkspaceOverviewDbOnlyTest.php`
- [X] T005 Extend the shared workspace overview payload to match `specs/175-workspace-governance-attention/contracts/workspace-governance-attention.openapi.yaml` for metric categories, calmness state, zero-tenant recovery, and structured attention destinations in `app/Support/Workspaces/WorkspaceOverviewBuilder.php`
- [X] T006 [P] Prepare canonical findings-subset, alerts-overview, and operations-continuity seams for workspace-originated drill-through in `app/Filament/Resources/FindingResource/Pages/ListFindings.php`, `app/Filament/Pages/Monitoring/Alerts.php`, and `app/Support/OperationRunLinks.php`
- [X] T007 [P] Add shared authorization, visibility, zero-tenant recovery, and DB-only query-bounded assertions for workspace governance destinations in `tests/Feature/Filament/WorkspaceOverviewAuthorizationTest.php`, `tests/Feature/Filament/WorkspaceOverviewPermissionVisibilityTest.php`, `tests/Feature/Filament/WorkspaceOverviewEmptyStatesTest.php`, and `tests/Feature/Filament/WorkspaceOverviewDbOnlyTest.php`
**Checkpoint**: The builder exposes the shared payload shape, the destination seams are ready, and the new regression files exist.
---
## Phase 3: User Story 1 - See The Right Tenant First (Priority: P1) 🎯 MVP
**Goal**: Make `/admin` surface governance-critical tenants ahead of operational noise so the riskiest visible tenant is obvious first.
**Independent Test**: Seed multiple visible tenants with overdue findings, lapsed governance, expiring governance, stale, failed, or materially degraded compare posture, high-severity active findings, alerts, and operations, then verify governance-critical tenants rank above activity-only and alert-only items and suppress false calmness.
### Tests for User Story 1
- [X] T008 [P] [US1] Add governance-ranking scenarios for overdue findings, lapsed governance, expiring governance, high-severity active findings, stale, failed, or materially degraded compare posture, and alert-only supporting items in `tests/Feature/Filament/WorkspaceOverviewGovernanceAttentionTest.php`
- [X] T009 [P] [US1] Add false-calmness and zero-tenant distinctness scenarios for quiet operations but risky governance in `tests/Feature/Filament/WorkspaceOverviewEmptyStatesTest.php` and `tests/Feature/Filament/WorkspaceOverviewContentTest.php`
### Implementation for User Story 1
- [X] T010 [US1] Promote visible-tenant governance aggregate states into bounded governance-first attention candidates, including expiring governance, stale, failed, or materially degraded compare posture, and lower-priority alert-only supporting items when they can be attributed to one visible tenant, in `app/Support/Workspaces/WorkspaceOverviewBuilder.php`
- [X] T011 [US1] Render tenant label, problem family, urgency, and governance-first ordering in `app/Filament/Widgets/Workspace/WorkspaceNeedsAttention.php` and `resources/views/filament/widgets/workspace/workspace-needs-attention.blade.php`
- [X] T012 [US1] Align workspace landing copy and calmness framing so operations-only quiet never implies portfolio health in `app/Filament/Pages/WorkspaceOverview.php` and `resources/views/filament/pages/workspace-overview.blade.php`
- [X] T013 [US1] Run focused US1 verification against `tests/Feature/Filament/WorkspaceOverviewGovernanceAttentionTest.php`, `tests/Feature/Filament/WorkspaceOverviewEmptyStatesTest.php`, and `tests/Feature/Filament/WorkspaceOverviewContentTest.php`
**Checkpoint**: The workspace home no longer looks calmer than the worst visible tenant governance state.
---
## Phase 4: User Story 2 - Distinguish Risk From Activity (Priority: P1)
**Goal**: Make the workspace home clearly separate governance risk from operational activity so the portfolio can be read as risky, busy, both, or calm.
**Independent Test**: Render `/admin` in governance-only, activity-only, mixed, and healthy scenarios, then verify metrics, attention, and empty states describe those cases differently and truthfully.
### Tests for User Story 2
- [X] T014 [P] [US2] Add governance-risk-versus-activity metric scenarios, including expiring governance and stale, failed, or materially degraded compare posture counts, in `tests/Feature/Filament/WorkspaceOverviewSummaryMetricsTest.php` and `tests/Feature/Filament/WorkspaceOverviewContentTest.php`
- [X] T015 [P] [US2] Add operations-only, risk-only, mixed, healthy-state, and zero-tenant recovery scenarios in `tests/Feature/Filament/WorkspaceOverviewOperationsTest.php` and `tests/Feature/Filament/WorkspaceOverviewEmptyStatesTest.php`
### Implementation for User Story 2
- [X] T016 [US2] Split workspace summary metrics into scope, governance-risk, activity, and alert categories, preserving expiring governance and stale, failed, or materially degraded compare posture as governance-risk inputs, in `app/Support/Workspaces/WorkspaceOverviewBuilder.php`
- [X] T017 [US2] Update stat-card labels, descriptions, and destination semantics for governance-risk versus activity counts in `app/Filament/Widgets/Workspace/WorkspaceSummaryStats.php` and `resources/views/filament/pages/workspace-overview.blade.php`
- [X] T018 [US2] Keep recent operations diagnostic-only and remove its ability to define calmness on its own in `app/Filament/Widgets/Workspace/WorkspaceRecentOperations.php`, `resources/views/filament/widgets/workspace/workspace-recent-operations.blade.php`, and `app/Support/Workspaces/WorkspaceOverviewBuilder.php`
- [X] T019 [US2] Run focused US2 verification against `tests/Feature/Filament/WorkspaceOverviewSummaryMetricsTest.php`, `tests/Feature/Filament/WorkspaceOverviewOperationsTest.php`, `tests/Feature/Filament/WorkspaceOverviewEmptyStatesTest.php`, and `tests/Feature/Filament/WorkspaceOverviewDbOnlyTest.php`
**Checkpoint**: The summary strip and surrounding copy now distinguish portfolio risk from portfolio activity.
---
## Phase 5: User Story 3 - Jump Into The Right Tenant Surface (Priority: P2)
**Goal**: Make each attention item identify the tenant and open a trustworthy next surface for the same problem family.
**Independent Test**: Seed representative findings, stale, failed, or materially degraded compare, evidence, review, alert, and operations cases, then verify each workspace attention item preserves tenant identity and reaches the correct destination or a safe fallback or disabled state.
### Tests for User Story 3
- [X] T020 [P] [US3] Add drill-through continuity coverage for tenant dashboard, findings, stale, failed, or materially degraded compare posture, evidence, review, alerts overview, and operations destinations in `tests/Feature/Filament/WorkspaceOverviewDrilldownContinuityTest.php`
- [X] T021 [P] [US3] Add capability-limited fallback, non-clickable state, zero-tenant choose-workspace recovery, and low-permission operations fallback coverage in `tests/Feature/Filament/WorkspaceOverviewPermissionVisibilityTest.php` and `tests/Feature/Filament/WorkspaceOverviewAuthorizationTest.php`
### Implementation for User Story 3
- [X] T022 [US3] Implement per-family primary destination selection with tenant-safe fallback or disabled states, explicit alerts-overview routing, `switch_workspace` as the zero-tenant default next action, `operations_index` as the low-permission workspace-state fallback, aggregate lapsed-governance fallback to the tenant dashboard when findings filters would narrow the invalid-governance family, and tenant-scope authorization checks through `app/Services/Auth/CapabilityResolver.php` alongside `app/Services/Auth/WorkspaceCapabilityResolver.php` in `app/Support/Workspaces/WorkspaceOverviewBuilder.php`
- [X] T023 [US3] Wire primary actions and helper text for workspace attention items across findings, compare, evidence, reviews, alerts, and operations, keeping every promoted item tenant-identified, in `app/Filament/Widgets/Workspace/WorkspaceNeedsAttention.php`, `resources/views/filament/widgets/workspace/workspace-needs-attention.blade.php`, and `app/Filament/Pages/WorkspaceOverview.php`
- [X] T024 [US3] Preserve canonical subset continuity for workspace-originated findings and operations drill-throughs, and route aggregate lapsed-governance attention through the tenant dashboard when a findings filter would otherwise narrow the invalid-governance family, in `app/Filament/Resources/FindingResource/Pages/ListFindings.php`, `app/Filament/Pages/Monitoring/Operations.php`, and `app/Support/Workspaces/WorkspaceOverviewBuilder.php`
- [X] T025 [US3] Run focused US3 verification against `tests/Feature/Filament/WorkspaceOverviewDrilldownContinuityTest.php`, `tests/Feature/Filament/WorkspaceOverviewPermissionVisibilityTest.php`, and `tests/Feature/Filament/WorkspaceOverviewAuthorizationTest.php`
**Checkpoint**: Every central attention family now opens the correct tenant surface or a safe, non-deceptive fallback state.
---
## Phase 6: Polish & Cross-Cutting Concerns
**Purpose**: Finish copy alignment, formatting, and the final focused verification pack across all stories.
- [X] T026 [P] Align final operator copy, urgency labels, disabled helper text, zero-tenant recovery wording, and low-permission `Open operations` fallback wording across `app/Filament/Pages/WorkspaceOverview.php`, `app/Filament/Widgets/Workspace/WorkspaceSummaryStats.php`, `app/Filament/Widgets/Workspace/WorkspaceNeedsAttention.php`, `resources/views/filament/pages/workspace-overview.blade.php`, and `resources/views/filament/widgets/workspace/workspace-needs-attention.blade.php`
- [X] T027 Run formatting with `vendor/bin/sail bin pint --dirty --format agent` for `app/Support/Workspaces/WorkspaceOverviewBuilder.php`, `app/Filament/Pages/WorkspaceOverview.php`, `app/Filament/Widgets/Workspace/WorkspaceSummaryStats.php`, `app/Filament/Widgets/Workspace/WorkspaceNeedsAttention.php`, `app/Filament/Widgets/Workspace/WorkspaceRecentOperations.php`, `resources/views/filament/pages/workspace-overview.blade.php`, `resources/views/filament/widgets/workspace/workspace-needs-attention.blade.php`, and `resources/views/filament/widgets/workspace/workspace-recent-operations.blade.php`
- [X] T028 Run the final quickstart verification pack from `specs/175-workspace-governance-attention/quickstart.md` against `tests/Feature/Filament/WorkspaceOverviewAccessTest.php`, `tests/Feature/Filament/WorkspaceOverviewAuthorizationTest.php`, `tests/Feature/Filament/WorkspaceOverviewLandingTest.php`, `tests/Feature/Filament/WorkspaceOverviewNavigationTest.php`, `tests/Feature/Filament/WorkspaceOverviewContentTest.php`, `tests/Feature/Filament/WorkspaceOverviewEmptyStatesTest.php`, `tests/Feature/Filament/WorkspaceOverviewPermissionVisibilityTest.php`, `tests/Feature/Filament/WorkspaceOverviewOperationsTest.php`, `tests/Feature/Filament/WorkspaceOverviewDbOnlyTest.php`, `tests/Feature/Filament/WorkspaceOverviewGovernanceAttentionTest.php`, `tests/Feature/Filament/WorkspaceOverviewSummaryMetricsTest.php`, and `tests/Feature/Filament/WorkspaceOverviewDrilldownContinuityTest.php`
- [X] T029 Run the manual smoke checks in `specs/175-workspace-governance-attention/quickstart.md` for quiet-operations-risky-governance, stale or failed compare posture, healthy workspace, zero-tenant recovery, and permission-limited member scenarios
- [X] T030 Fix the low-permission workspace operations fallback so workspace-originated drill-through clears tenant context and immediately shows workspace-wide follow-up in `app/Support/Workspaces/WorkspaceOverviewBuilder.php`, `app/Support/OperationRunLinks.php`, `app/Filament/Pages/Monitoring/Operations.php`, `tests/Feature/Monitoring/OperationsDashboardDrillthroughTest.php`, and `tests/Feature/Filament/WorkspaceOverviewAuthorizationTest.php`
---
## Dependencies & Execution Order
### Phase Dependencies
- **Setup (Phase 1)**: No dependencies; can start immediately.
- **Foundational (Phase 2)**: Depends on Setup; blocks all user stories.
- **User Story 1 (Phase 3)**: Depends on Foundational completion.
- **User Story 2 (Phase 4)**: Depends on Foundational completion and stays independently testable, though it overlaps with the same workspace builder and page shell.
- **User Story 3 (Phase 5)**: Depends on Foundational completion and benefits from User Stories 1 and 2 because the destination contract is clearer once governance promotion and metric separation are in place.
- **Polish (Phase 6)**: Depends on all desired user stories being complete.
### User Story Dependencies
- **User Story 1 (P1)**: First deliverable and recommended MVP. No dependency on other user stories after Foundational work.
- **User Story 2 (P1)**: Can start after Foundational completion and remains independently testable, though it shares the builder and page shell with US1.
- **User Story 3 (P2)**: Can start after Foundational completion and is best delivered after US1 and US2 because it hardens the attention items already introduced there.
### Within Each User Story
- Story tests should be added before or alongside implementation and must fail before the story is considered complete.
- Builder changes should land before widget and page copy refinements that depend on the new payload.
- Destination continuity changes should land before story-level verification runs.
- Story-level verification should complete before moving on to polish.
### Parallel Opportunities
- Setup review tasks `T002` and `T003` can run in parallel.
- In Foundational work, `T006` and `T007` can run in parallel after `T005` defines the payload contract.
- In US1, `T008` and `T009` can run in parallel.
- In US2, `T014` and `T015` can run in parallel.
- In US3, `T020` and `T021` can run in parallel.
- In Phase 6, `T026` can run while the final verification command set for `T028` is being prepared.
---
## Parallel Example: User Story 1
```bash
# Launch US1 tests in parallel:
T008 tests/Feature/Filament/WorkspaceOverviewGovernanceAttentionTest.php
T009 tests/Feature/Filament/WorkspaceOverviewEmptyStatesTest.php + tests/Feature/Filament/WorkspaceOverviewContentTest.php
```
## Parallel Example: User Story 2
```bash
# Launch US2 test work in parallel:
T014 tests/Feature/Filament/WorkspaceOverviewSummaryMetricsTest.php + tests/Feature/Filament/WorkspaceOverviewContentTest.php
T015 tests/Feature/Filament/WorkspaceOverviewOperationsTest.php + tests/Feature/Filament/WorkspaceOverviewEmptyStatesTest.php
```
## Parallel Example: User Story 3
```bash
# Launch US3 drill-through and fallback tests in parallel:
T020 tests/Feature/Filament/WorkspaceOverviewDrilldownContinuityTest.php
T021 tests/Feature/Filament/WorkspaceOverviewPermissionVisibilityTest.php + tests/Feature/Filament/WorkspaceOverviewAuthorizationTest.php
```
---
## Implementation Strategy
### MVP First (User Story 1 Only)
1. Complete Phase 1: Setup.
2. Complete Phase 2: Foundational.
3. Complete Phase 3: User Story 1.
4. Validate that `/admin` no longer emits a false calm signal when visible tenant governance issues exist.
### Incremental Delivery
1. Ship US1 to make the workspace home governance-aware and suppress false calmness.
2. Add US2 to separate governance risk from activity and protect calmness semantics.
3. Add US3 to harden drill-through continuity and capability-safe fallbacks.
4. Finish with copy alignment, formatting, the quickstart verification pack, and manual smoke checks.
### Suggested MVP Scope
- MVP = Phases 1 through 3 only.
---
## Format Validation
- Every task follows the checklist format `- [ ] T### [P?] [US?] Description with file path`.
- Setup, Foundational, and Polish phases intentionally omit story labels.
- User story phases use `[US1]`, `[US2]`, and `[US3]` labels.
- Parallel markers are used only on tasks that can proceed independently without conflicting incomplete prerequisites.

2
tests/Feature/078/VerificationReportTenantlessTest.php
View File

@ -57,7 +57,7 @@ public function test_renders_verification_report_on_canonical_detail_without_fil
->assertOk() ->assertOk()
->assertSee('Verification report') ->assertSee('Verification report')
->assertDontSee('Verification report unavailable') ->assertDontSee('Verification report unavailable')
->assertSee('Open previous verification') ->assertSee('Open previous operation')
->assertSee('/admin/operations/'.((int) $previousRun->getKey()), false) ->assertSee('/admin/operations/'.((int) $previousRun->getKey()), false)
->assertSee('Token acquisition works'); ->assertSee('Token acquisition works');
} }

18
tests/Feature/144/CanonicalOperationViewerContextMismatchTest.php
View File

@ -44,9 +44,9 @@ public function test_shows_non_blocking_mismatch_context_when_the_selected_tenan
->withSession([WorkspaceContext::SESSION_KEY => (int) $runTenant->workspace_id]) ->withSession([WorkspaceContext::SESSION_KEY => (int) $runTenant->workspace_id])
->get(route('admin.operations.view', ['run' => (int) $run->getKey()])) ->get(route('admin.operations.view', ['run' => (int) $run->getKey()]))
->assertOk() ->assertOk()
->assertSee('Current tenant context differs from this run') ->assertSee('Current tenant context differs from this operation')
->assertSee('Current tenant context: Current Tenant.') ->assertSee('Current tenant context: Current Tenant.')
->assertSee('Run tenant: Run Tenant.') ->assertSee('Operation tenant: Run Tenant.')
->assertSee('canonical workspace view'); ->assertSee('canonical workspace view');
} }
@ -71,7 +71,7 @@ public function test_frames_tenantless_runs_as_workspace_level_even_when_tenant_
->withSession([WorkspaceContext::SESSION_KEY => (int) $selectedTenant->workspace_id]) ->withSession([WorkspaceContext::SESSION_KEY => (int) $selectedTenant->workspace_id])
->get(route('admin.operations.view', ['run' => (int) $run->getKey()])) ->get(route('admin.operations.view', ['run' => (int) $run->getKey()]))
->assertOk() ->assertOk()
->assertSee('Workspace-level run') ->assertSee('Workspace-level operation')
->assertSee('This canonical workspace view is not tied to the current tenant context (Selected Tenant).'); ->assertSee('This canonical workspace view is not tied to the current tenant context (Selected Tenant).');
} }
@ -97,8 +97,8 @@ public function test_keeps_onboarding_tenant_runs_viewable_with_lifecycle_aware_
->withSession([WorkspaceContext::SESSION_KEY => (int) $tenant->workspace_id]) ->withSession([WorkspaceContext::SESSION_KEY => (int) $tenant->workspace_id])
->get(route('admin.operations.view', ['run' => (int) $run->getKey()])) ->get(route('admin.operations.view', ['run' => (int) $run->getKey()]))
->assertOk() ->assertOk()
->assertSee('Run tenant is not available in the current tenant selector') ->assertSee('Operation tenant is not available in the current tenant selector')
->assertSee('Run tenant: Onboarding Tenant.') ->assertSee('Operation tenant: Onboarding Tenant.')
->assertSee('This tenant is currently onboarding') ->assertSee('This tenant is currently onboarding')
->assertSee('Back to Operations') ->assertSee('Back to Operations')
->assertDontSee('This tenant is currently active') ->assertDontSee('This tenant is currently active')
@ -135,8 +135,8 @@ public function test_keeps_archived_tenant_runs_viewable_with_lifecycle_aware_co
->withSession([WorkspaceContext::SESSION_KEY => (int) $activeTenant->workspace_id]) ->withSession([WorkspaceContext::SESSION_KEY => (int) $activeTenant->workspace_id])
->get(route('admin.operations.view', ['run' => (int) $run->getKey()])) ->get(route('admin.operations.view', ['run' => (int) $run->getKey()]))
->assertOk() ->assertOk()
->assertSee('Run tenant is not available in the current tenant selector') ->assertSee('Operation tenant is not available in the current tenant selector')
->assertSee('Run tenant: Archived Tenant.') ->assertSee('Operation tenant: Archived Tenant.')
->assertSee('This tenant is currently archived') ->assertSee('This tenant is currently archived')
->assertSee('Back to Operations') ->assertSee('Back to Operations')
->assertDontSee('deactivated') ->assertDontSee('deactivated')
@ -165,8 +165,8 @@ public function test_keeps_selector_excluded_draft_tenant_runs_viewable_with_lif
->withSession([WorkspaceContext::SESSION_KEY => (int) $tenant->workspace_id]) ->withSession([WorkspaceContext::SESSION_KEY => (int) $tenant->workspace_id])
->get(route('admin.operations.view', ['run' => (int) $run->getKey()])) ->get(route('admin.operations.view', ['run' => (int) $run->getKey()]))
->assertOk() ->assertOk()
->assertSee('Run tenant is not available in the current tenant selector') ->assertSee('Operation tenant is not available in the current tenant selector')
->assertSee('Run tenant: Draft Tenant.') ->assertSee('Operation tenant: Draft Tenant.')
->assertSee('This tenant is currently draft') ->assertSee('This tenant is currently draft')
->assertDontSee('Resume onboarding'); ->assertDontSee('Resume onboarding');
} }

2
tests/Feature/Baselines/BaselineCompareSummaryAssessmentTest.php
View File

@ -125,7 +125,7 @@ function createAssignedBaselineTenant(): array
expect($assessment->stateFamily)->toBe(BaselineCompareSummaryAssessment::STATE_ACTION_REQUIRED) expect($assessment->stateFamily)->toBe(BaselineCompareSummaryAssessment::STATE_ACTION_REQUIRED)
->and($assessment->evaluationResult)->toBe('failed_result') ->and($assessment->evaluationResult)->toBe('failed_result')
->and($assessment->nextActionLabel())->toBe('Review the failed run'); ->and($assessment->nextActionLabel())->toBe('Review the failed operation');
}); });
it('treats stale compare history as a stale summary state instead of positive', function (): void { it('treats stale compare history as a stale summary state instead of positive', function (): void {

2
tests/Feature/Baselines/TenantGovernanceAggregateResolverTest.php
View File

@ -157,7 +157,7 @@ function createTenantGovernanceException(Tenant $tenant, Finding $finding, User
expect($aggregate)->not->toBeNull() expect($aggregate)->not->toBeNull()
->and($aggregate?->stateFamily)->toBe(BaselineCompareSummaryAssessment::STATE_ACTION_REQUIRED) ->and($aggregate?->stateFamily)->toBe(BaselineCompareSummaryAssessment::STATE_ACTION_REQUIRED)
->and($aggregate?->nextActionTarget)->toBe(BaselineCompareSummaryAssessment::NEXT_TARGET_RUN) ->and($aggregate?->nextActionTarget)->toBe(BaselineCompareSummaryAssessment::NEXT_TARGET_RUN)
->and($aggregate?->nextActionLabel)->toBe('Review the failed run') ->and($aggregate?->nextActionLabel)->toBe('Review the failed operation')
->and($aggregate?->headline)->toBe('The latest baseline compare failed before it produced a usable result.'); ->and($aggregate?->headline)->toBe('The latest baseline compare failed before it produced a usable result.');
}); });

4
tests/Feature/Filament/ReferencedTenantLifecyclePresentationTest.php
View File

@ -32,7 +32,7 @@
->withSession([WorkspaceContext::SESSION_KEY => (int) $tenant->workspace_id]) ->withSession([WorkspaceContext::SESSION_KEY => (int) $tenant->workspace_id])
->get(route('admin.operations.view', ['run' => (int) $run->getKey()])) ->get(route('admin.operations.view', ['run' => (int) $run->getKey()]))
->assertOk() ->assertOk()
->assertSee('Run tenant is not available in the current tenant selector') ->assertSee('Operation tenant is not available in the current tenant selector')
->assertSee('This tenant is currently onboarding and may not appear in the tenant selector.') ->assertSee('This tenant is currently onboarding and may not appear in the tenant selector.')
->assertSee('Tenant lifecycle') ->assertSee('Tenant lifecycle')
->assertSee('Onboarding') ->assertSee('Onboarding')
@ -68,7 +68,7 @@
->withSession([WorkspaceContext::SESSION_KEY => (int) $activeTenant->workspace_id]) ->withSession([WorkspaceContext::SESSION_KEY => (int) $activeTenant->workspace_id])
->get(route('admin.operations.view', ['run' => (int) $run->getKey()])) ->get(route('admin.operations.view', ['run' => (int) $run->getKey()]))
->assertOk() ->assertOk()
->assertSee('Run tenant is not available in the current tenant selector') ->assertSee('Operation tenant is not available in the current tenant selector')
->assertSee('This tenant is currently archived and may not appear in the tenant selector.') ->assertSee('This tenant is currently archived and may not appear in the tenant selector.')
->assertSee('Tenant lifecycle') ->assertSee('Tenant lifecycle')
->assertSee('Archived') ->assertSee('Archived')

38
tests/Feature/Filament/WorkspaceOverviewAuthorizationTest.php
View File

@ -22,3 +22,41 @@
->get('/admin') ->get('/admin')
->assertNotFound(); ->assertNotFound();
}); });
it('falls back to workspace-safe operations recovery when only workspace-level activity is actionable', function (): void {
$tenant = \App\Models\Tenant::factory()->create(['status' => 'active']);
[$user, $tenant] = createUserWithTenant($tenant, role: 'readonly', workspaceRole: 'readonly');
[$profile, $snapshot] = seedActiveBaselineForTenant($tenant);
seedBaselineCompareRun($tenant, $profile, $snapshot, workspaceOverviewCompareCoverage());
\App\Models\OperationRun::factory()->tenantlessForWorkspace($tenant->workspace()->firstOrFail())->create([
'status' => \App\Support\OperationRunStatus::Running->value,
'outcome' => \App\Support\OperationRunOutcome::Pending->value,
]);
$workspace = $tenant->workspace()->firstOrFail();
$overview = app(\App\Support\Workspaces\WorkspaceOverviewBuilder::class)->build($workspace, $user);
expect($overview['attention_items'])->toBe([])
->and($overview['calmness']['is_calm'])->toBeFalse()
->and($overview['calmness']['next_action']['kind'])->toBe('operations_index')
->and($overview['calmness']['next_action']['url'])->toContain('tenant_scope=all')
->and($overview['calmness']['next_action']['url'])->toContain('activeTab=blocked');
});
it('uses switch workspace as the zero-tenant recovery action', function (): void {
$user = User::factory()->create();
$workspace = Workspace::factory()->create();
WorkspaceMembership::factory()->create([
'workspace_id' => (int) $workspace->getKey(),
'user_id' => (int) $user->getKey(),
'role' => 'readonly',
]);
$overview = app(\App\Support\Workspaces\WorkspaceOverviewBuilder::class)->build($workspace, $user);
expect($overview['calmness']['is_calm'])->toBeFalse()
->and($overview['calmness']['next_action']['kind'])->toBe('switch_workspace')
->and($overview['attention_empty_state']['action_label'])->toBe('Switch workspace');
});

6
tests/Feature/Filament/WorkspaceOverviewContentTest.php
View File

@ -8,6 +8,8 @@
it('shows workspace identity, summary cards, recent operations, and quick actions', function (): void { it('shows workspace identity, summary cards, recent operations, and quick actions', function (): void {
[$user, $tenant] = createUserWithTenant(role: 'owner'); [$user, $tenant] = createUserWithTenant(role: 'owner');
[$profile, $snapshot] = seedActiveBaselineForTenant($tenant);
seedBaselineCompareRun($tenant, $profile, $snapshot, workspaceOverviewCompareCoverage());
OperationRun::factory()->create([ OperationRun::factory()->create([
'tenant_id' => (int) $tenant->getKey(), 'tenant_id' => (int) $tenant->getKey(),
@ -23,6 +25,7 @@
->assertOk() ->assertOk()
->assertSee('Workspace overview') ->assertSee('Workspace overview')
->assertSee('Accessible tenants') ->assertSee('Accessible tenants')
->assertSee('Governance attention')
->assertSee('Active operations') ->assertSee('Active operations')
->assertSee('Needs attention') ->assertSee('Needs attention')
->assertSee('Recent operations') ->assertSee('Recent operations')
@ -30,6 +33,7 @@
->assertSee('Open operations') ->assertSee('Open operations')
->assertSee('Open alerts') ->assertSee('Open alerts')
->assertSee('Review current and recent workspace-wide operations.') ->assertSee('Review current and recent workspace-wide operations.')
->assertSee('Workspace-wide operations that are still queued or in progress.') ->assertSee('Activity only. Active execution does not imply governance health.')
->assertSee('Governance risk counts affected tenants')
->assertSee('Inventory sync'); ->assertSee('Inventory sync');
}); });

68
tests/Feature/Filament/WorkspaceOverviewDbOnlyTest.php Normal file
View File

@ -0,0 +1,68 @@
<?php
declare(strict_types=1);
use App\Models\Finding;
use App\Models\OperationRun;
use App\Models\Tenant;
use App\Support\Workspaces\WorkspaceContext;
use Illuminate\Support\Facades\DB;
it('renders the workspace overview DB-only with bounded query volume for representative visible-tenant scenarios', function (): void {
$tenantA = Tenant::factory()->create(['status' => 'active']);
[$user, $tenantA] = createUserWithTenant($tenantA, role: 'owner', workspaceRole: 'readonly');
[$profileA, $snapshotA] = seedActiveBaselineForTenant($tenantA);
seedBaselineCompareRun($tenantA, $profileA, $snapshotA, workspaceOverviewCompareCoverage());
Finding::factory()->for($tenantA)->create([
'workspace_id' => (int) $tenantA->workspace_id,
'status' => Finding::STATUS_TRIAGED,
'due_at' => now()->subDay(),
]);
$tenantB = Tenant::factory()->create([
'status' => 'active',
'workspace_id' => (int) $tenantA->workspace_id,
'name' => 'Second Tenant',
]);
createUserWithTenant($tenantB, $user, role: 'owner', workspaceRole: 'readonly');
[$profileB, $snapshotB] = seedActiveBaselineForTenant($tenantB);
seedBaselineCompareRun(
$tenantB,
$profileB,
$snapshotB,
workspaceOverviewCompareCoverage(),
completedAt: now()->subDays(10),
);
$tenantC = Tenant::factory()->create([
'status' => 'active',
'workspace_id' => (int) $tenantA->workspace_id,
'name' => 'Third Tenant',
]);
createUserWithTenant($tenantC, $user, role: 'owner', workspaceRole: 'readonly');
[$profileC, $snapshotC] = seedActiveBaselineForTenant($tenantC);
seedBaselineCompareRun($tenantC, $profileC, $snapshotC, workspaceOverviewCompareCoverage());
OperationRun::factory()->create([
'tenant_id' => (int) $tenantC->getKey(),
'workspace_id' => (int) $tenantC->workspace_id,
'status' => \App\Support\OperationRunStatus::Running->value,
'outcome' => \App\Support\OperationRunOutcome::Pending->value,
]);
DB::flushQueryLog();
DB::enableQueryLog();
$this->actingAs($user);
assertNoOutboundHttp(function () use ($tenantA): void {
$this->withSession([WorkspaceContext::SESSION_KEY => (int) $tenantA->workspace_id])
->get('/admin')
->assertOk()
->assertSee('Governance attention')
->assertSee('Recent operations');
});
expect(count(DB::getQueryLog()))->toBeLessThan(80);
});

178
tests/Feature/Filament/WorkspaceOverviewDrilldownContinuityTest.php Normal file
View File

@ -0,0 +1,178 @@
<?php
declare(strict_types=1);
use App\Filament\Resources\EvidenceSnapshotResource;
use App\Filament\Resources\TenantReviewResource;
use App\Filament\Widgets\Workspace\WorkspaceNeedsAttention;
use App\Models\AlertDelivery;
use App\Models\Finding;
use App\Models\OperationRun;
use App\Models\Tenant;
use App\Support\OperationRunOutcome;
use App\Support\OperationRunStatus;
use App\Support\OperationRunType;
use App\Support\Workspaces\WorkspaceOverviewBuilder;
use Livewire\Livewire;
it('preserves canonical findings, compare, alerts, and operations drill-through continuity from the workspace overview', function (): void {
$tenantDashboard = Tenant::factory()->create(['status' => 'active']);
[$user, $tenantDashboard] = createUserWithTenant($tenantDashboard, role: 'owner', workspaceRole: 'readonly');
[$dashboardProfile, $dashboardSnapshot] = seedActiveBaselineForTenant($tenantDashboard);
seedBaselineCompareRun($tenantDashboard, $dashboardProfile, $dashboardSnapshot, workspaceOverviewCompareCoverage());
Finding::factory()->riskAccepted()->create([
'workspace_id' => (int) $tenantDashboard->workspace_id,
'tenant_id' => (int) $tenantDashboard->getKey(),
]);
$tenantFindings = Tenant::factory()->create([
'status' => 'active',
'workspace_id' => (int) $tenantDashboard->workspace_id,
]);
createUserWithTenant($tenantFindings, $user, role: 'owner', workspaceRole: 'readonly');
[$findingsProfile, $findingsSnapshot] = seedActiveBaselineForTenant($tenantFindings);
seedBaselineCompareRun($tenantFindings, $findingsProfile, $findingsSnapshot, workspaceOverviewCompareCoverage());
Finding::factory()->for($tenantFindings)->create([
'workspace_id' => (int) $tenantFindings->workspace_id,
'status' => Finding::STATUS_TRIAGED,
'due_at' => now()->subDay(),
]);
$tenantCompare = Tenant::factory()->create([
'status' => 'active',
'workspace_id' => (int) $tenantDashboard->workspace_id,
'name' => 'Compare Tenant',
]);
createUserWithTenant($tenantCompare, $user, role: 'owner', workspaceRole: 'readonly');
[$compareProfile, $compareSnapshot] = seedActiveBaselineForTenant($tenantCompare);
seedBaselineCompareRun(
$tenantCompare,
$compareProfile,
$compareSnapshot,
workspaceOverviewCompareCoverage(),
completedAt: now()->subDays(10),
);
$tenantOperations = Tenant::factory()->create([
'status' => 'active',
'workspace_id' => (int) $tenantDashboard->workspace_id,
'name' => 'Operations Tenant',
]);
createUserWithTenant($tenantOperations, $user, role: 'owner', workspaceRole: 'readonly');
[$operationsProfile, $operationsSnapshot] = seedActiveBaselineForTenant($tenantOperations);
seedBaselineCompareRun($tenantOperations, $operationsProfile, $operationsSnapshot, workspaceOverviewCompareCoverage());
OperationRun::factory()->create([
'tenant_id' => (int) $tenantOperations->getKey(),
'workspace_id' => (int) $tenantOperations->workspace_id,
'type' => OperationRunType::PolicySync->value,
'status' => OperationRunStatus::Completed->value,
'outcome' => OperationRunOutcome::Failed->value,
]);
$tenantAlerts = Tenant::factory()->create([
'status' => 'active',
'workspace_id' => (int) $tenantDashboard->workspace_id,
'name' => 'Alerts Tenant',
]);
createUserWithTenant($tenantAlerts, $user, role: 'owner', workspaceRole: 'readonly');
[$alertsProfile, $alertsSnapshot] = seedActiveBaselineForTenant($tenantAlerts);
seedBaselineCompareRun($tenantAlerts, $alertsProfile, $alertsSnapshot, workspaceOverviewCompareCoverage());
AlertDelivery::factory()->create([
'tenant_id' => (int) $tenantAlerts->getKey(),
'workspace_id' => (int) $tenantAlerts->workspace_id,
'status' => AlertDelivery::STATUS_FAILED,
'created_at' => now(),
]);
$workspace = $tenantDashboard->workspace()->firstOrFail();
$overview = app(WorkspaceOverviewBuilder::class)->build($workspace, $user);
$items = collect($overview['attention_items'])->keyBy('key');
expect($items->get('tenant_lapsed_governance')['destination']['kind'])->toBe('tenant_dashboard')
->and($items->get('tenant_overdue_findings')['destination']['kind'])->toBe('tenant_findings')
->and($items->get('tenant_overdue_findings')['destination']['url'])->toContain('tab=overdue')
->and($items->get('tenant_compare_attention')['destination']['kind'])->toBe('baseline_compare_landing')
->and($items->get('tenant_operations_follow_up')['destination']['kind'])->toBe('operations_index')
->and($items->get('tenant_operations_follow_up')['destination']['url'])->toContain('activeTab=blocked')
->and($items->get('tenant_operations_follow_up')['destination']['url'])->toContain('tenant_id='.(string) $tenantOperations->getKey())
->and($items->get('tenant_alert_delivery_failures')['destination']['kind'])->toBe('alerts_overview')
->and($items->get('tenant_alert_delivery_failures')['destination']['url'])->toContain('nav%5Bback_url%5D=');
});
it('renders evidence and review actions through the shared attention-item contract', function (): void {
[$user, $tenant] = createUserWithTenant(role: 'owner', workspaceRole: 'readonly');
$this->actingAs($user);
$evidenceUrl = EvidenceSnapshotResource::getUrl('index', panel: 'tenant', tenant: $tenant);
$reviewUrl = TenantReviewResource::tenantScopedUrl('index', [], $tenant);
$items = [
[
'key' => 'tenant_evidence_attention',
'tenant_id' => (int) $tenant->getKey(),
'tenant_label' => (string) $tenant->name,
'tenant_route_key' => (string) $tenant->external_id,
'family' => 'evidence',
'urgency' => 'high',
'title' => 'Evidence needs refresh',
'body' => 'Current evidence should be refreshed before relying on it.',
'supporting_message' => null,
'badge' => 'Evidence',
'badge_color' => 'warning',
'destination' => [
'kind' => 'tenant_evidence',
'url' => $evidenceUrl,
'tenant_route_key' => (string) $tenant->external_id,
'label' => 'Open evidence',
'disabled' => false,
'helper_text' => null,
'filters' => null,
],
'action_disabled' => false,
'helper_text' => null,
'url' => $evidenceUrl,
],
[
'key' => 'tenant_review_attention',
'tenant_id' => (int) $tenant->getKey(),
'tenant_label' => (string) $tenant->name,
'tenant_route_key' => (string) $tenant->external_id,
'family' => 'review',
'urgency' => 'medium',
'title' => 'Review needs publication work',
'body' => 'The current review is still internal-only.',
'supporting_message' => null,
'badge' => 'Review',
'badge_color' => 'warning',
'destination' => [
'kind' => 'tenant_reviews',
'url' => $reviewUrl,
'tenant_route_key' => (string) $tenant->external_id,
'label' => 'Open review',
'disabled' => false,
'helper_text' => null,
'filters' => null,
],
'action_disabled' => false,
'helper_text' => null,
'url' => $reviewUrl,
],
];
$component = Livewire::test(WorkspaceNeedsAttention::class, [
'items' => $items,
'emptyState' => [],
])
->assertSee('Evidence needs refresh')
->assertSee('Open evidence')
->assertSee('Review needs publication work')
->assertSee('Open review');
expect($component->html())
->toContain($evidenceUrl)
->toContain($reviewUrl);
});

39
tests/Feature/Filament/WorkspaceOverviewEmptyStatesTest.php
View File

@ -2,6 +2,8 @@
declare(strict_types=1); declare(strict_types=1);
use App\Models\Finding;
use App\Models\Tenant;
use App\Models\User; use App\Models\User;
use App\Models\Workspace; use App\Models\Workspace;
use App\Models\WorkspaceMembership; use App\Models\WorkspaceMembership;
@ -22,8 +24,43 @@
->get('/admin') ->get('/admin')
->assertOk() ->assertOk()
->assertSee('No accessible tenants in this workspace') ->assertSee('No accessible tenants in this workspace')
->assertSee('Nothing urgent in your current scope') ->assertSee('This workspace is not calm or healthy yet because your current scope has no visible tenants.')
->assertSee('No recent operations yet') ->assertSee('No recent operations yet')
->assertSee('Switch workspace') ->assertSee('Switch workspace')
->assertDontSee('Choose tenant'); ->assertDontSee('Choose tenant');
}); });
it('does not render a calm state when governance risk exists even if operations are quiet', function (): void {
$tenant = Tenant::factory()->create(['status' => 'active']);
[$user, $tenant] = createUserWithTenant($tenant, role: 'owner', workspaceRole: 'readonly');
[$profile, $snapshot] = seedActiveBaselineForTenant($tenant);
seedBaselineCompareRun($tenant, $profile, $snapshot, workspaceOverviewCompareCoverage());
Finding::factory()->for($tenant)->create([
'workspace_id' => (int) $tenant->workspace_id,
'status' => Finding::STATUS_TRIAGED,
'due_at' => now()->subDay(),
]);
$this->actingAs($user)
->withSession([WorkspaceContext::SESSION_KEY => (int) $tenant->workspace_id])
->get('/admin')
->assertOk()
->assertSee('Overdue findings')
->assertDontSee('Nothing urgent in your visible workspace slice')
->assertDontSee('Visible governance, findings, compare posture, and activity currently look calm.');
});
it('renders the healthy calm state only when visible governance and activity are genuinely quiet', function (): void {
$tenant = Tenant::factory()->create(['status' => 'active']);
[$user, $tenant] = createUserWithTenant($tenant, role: 'owner', workspaceRole: 'readonly');
[$profile, $snapshot] = seedActiveBaselineForTenant($tenant);
seedBaselineCompareRun($tenant, $profile, $snapshot, workspaceOverviewCompareCoverage());
$this->actingAs($user)
->withSession([WorkspaceContext::SESSION_KEY => (int) $tenant->workspace_id])
->get('/admin')
->assertOk()
->assertSee('Nothing urgent in your visible workspace slice')
->assertSee('Visible governance, findings, compare posture, and activity currently look calm.');
});

176
tests/Feature/Filament/WorkspaceOverviewGovernanceAttentionTest.php Normal file
View File

@ -0,0 +1,176 @@
<?php
declare(strict_types=1);
use App\Models\AlertDelivery;
use App\Models\Finding;
use App\Models\FindingException;
use App\Models\OperationRun;
use App\Models\Tenant;
use App\Support\OperationRunOutcome;
use App\Support\OperationRunStatus;
use App\Support\OperationRunType;
use App\Support\Workspaces\WorkspaceOverviewBuilder;
it('prioritizes governance-critical tenants above activity-only and alert-only items', function (): void {
$tenantGovernance = Tenant::factory()->create(['status' => 'active']);
[$user, $tenantGovernance] = createUserWithTenant($tenantGovernance, role: 'owner', workspaceRole: 'readonly');
[$profile, $snapshot] = seedActiveBaselineForTenant($tenantGovernance);
seedBaselineCompareRun($tenantGovernance, $profile, $snapshot, workspaceOverviewCompareCoverage());
Finding::factory()->for($tenantGovernance)->create([
'workspace_id' => (int) $tenantGovernance->workspace_id,
'status' => Finding::STATUS_TRIAGED,
'due_at' => now()->subDay(),
]);
$tenantActivity = Tenant::factory()->create([
'status' => 'active',
'workspace_id' => (int) $tenantGovernance->workspace_id,
'name' => 'Busy Tenant',
]);
createUserWithTenant($tenantActivity, $user, role: 'owner', workspaceRole: 'readonly');
[$activityProfile, $activitySnapshot] = seedActiveBaselineForTenant($tenantActivity);
seedBaselineCompareRun($tenantActivity, $activityProfile, $activitySnapshot, workspaceOverviewCompareCoverage());
OperationRun::factory()->create([
'tenant_id' => (int) $tenantActivity->getKey(),
'workspace_id' => (int) $tenantActivity->workspace_id,
'type' => OperationRunType::InventorySync->value,
'status' => OperationRunStatus::Running->value,
'outcome' => OperationRunOutcome::Pending->value,
]);
$tenantAlerts = Tenant::factory()->create([
'status' => 'active',
'workspace_id' => (int) $tenantGovernance->workspace_id,
'name' => 'Alerts Tenant',
]);
createUserWithTenant($tenantAlerts, $user, role: 'owner', workspaceRole: 'readonly');
[$alertsProfile, $alertsSnapshot] = seedActiveBaselineForTenant($tenantAlerts);
seedBaselineCompareRun($tenantAlerts, $alertsProfile, $alertsSnapshot, workspaceOverviewCompareCoverage());
AlertDelivery::factory()->create([
'tenant_id' => (int) $tenantAlerts->getKey(),
'workspace_id' => (int) $tenantAlerts->workspace_id,
'status' => AlertDelivery::STATUS_FAILED,
'created_at' => now(),
]);
$workspace = $tenantGovernance->workspace()->firstOrFail();
$overview = app(WorkspaceOverviewBuilder::class)->build($workspace, $user);
expect($overview['calmness']['is_calm'])->toBeFalse()
->and($overview['attention_items'])->toHaveCount(3)
->and($overview['attention_items'][0]['key'])->toBe('tenant_overdue_findings')
->and($overview['attention_items'][0]['tenant_label'])->toBe((string) $tenantGovernance->name)
->and($overview['attention_items'][1]['key'])->toBe('tenant_active_operations')
->and($overview['attention_items'][2]['key'])->toBe('tenant_alert_delivery_failures');
});
it('surfaces expiring governance and stale compare posture as governance attention without a false calm state', function (): void {
$tenantExpiring = Tenant::factory()->create(['status' => 'active']);
[$user, $tenantExpiring] = createUserWithTenant($tenantExpiring, role: 'owner', workspaceRole: 'readonly');
[$expiringProfile, $expiringSnapshot] = seedActiveBaselineForTenant($tenantExpiring);
seedBaselineCompareRun($tenantExpiring, $expiringProfile, $expiringSnapshot, workspaceOverviewCompareCoverage());
$finding = Finding::factory()->riskAccepted()->create([
'workspace_id' => (int) $tenantExpiring->workspace_id,
'tenant_id' => (int) $tenantExpiring->getKey(),
]);
FindingException::query()->create([
'workspace_id' => (int) $tenantExpiring->workspace_id,
'tenant_id' => (int) $tenantExpiring->getKey(),
'finding_id' => (int) $finding->getKey(),
'requested_by_user_id' => (int) $user->getKey(),
'owner_user_id' => (int) $user->getKey(),
'approved_by_user_id' => (int) $user->getKey(),
'status' => FindingException::STATUS_EXPIRING,
'current_validity_state' => FindingException::VALIDITY_EXPIRING,
'request_reason' => 'Governance nearly expired',
'approval_reason' => 'Accepted for a short window',
'requested_at' => now()->subDays(2),
'approved_at' => now()->subDay(),
'effective_from' => now()->subDay(),
'expires_at' => now()->addDay(),
'review_due_at' => now()->addDay(),
'evidence_summary' => ['reference_count' => 0],
]);
$tenantStale = Tenant::factory()->create([
'status' => 'active',
'workspace_id' => (int) $tenantExpiring->workspace_id,
'name' => 'Stale Tenant',
]);
createUserWithTenant($tenantStale, $user, role: 'owner', workspaceRole: 'readonly');
[$staleProfile, $staleSnapshot] = seedActiveBaselineForTenant($tenantStale);
seedBaselineCompareRun(
$tenantStale,
$staleProfile,
$staleSnapshot,
workspaceOverviewCompareCoverage(),
completedAt: now()->subDays(10),
);
$workspace = $tenantExpiring->workspace()->firstOrFail();
$overview = app(WorkspaceOverviewBuilder::class)->build($workspace, $user);
$items = collect($overview['attention_items'])->keyBy('key');
expect($overview['calmness']['is_calm'])->toBeFalse()
->and($items->keys()->all())->toContain('tenant_expiring_governance', 'tenant_compare_attention')
->and($items->get('tenant_compare_attention')['badge'])->toBe('Baseline')
->and($items->get('tenant_expiring_governance')['family'])->toBe('governance');
});
it('ranks lapsed governance and failed compare posture ahead of high-severity findings', function (): void {
$tenantLapsed = Tenant::factory()->create(['status' => 'active']);
[$user, $tenantLapsed] = createUserWithTenant($tenantLapsed, role: 'owner', workspaceRole: 'readonly');
[$lapsedProfile, $lapsedSnapshot] = seedActiveBaselineForTenant($tenantLapsed);
seedBaselineCompareRun($tenantLapsed, $lapsedProfile, $lapsedSnapshot, workspaceOverviewCompareCoverage());
Finding::factory()->riskAccepted()->create([
'workspace_id' => (int) $tenantLapsed->workspace_id,
'tenant_id' => (int) $tenantLapsed->getKey(),
]);
$tenantFailedCompare = Tenant::factory()->create([
'status' => 'active',
'workspace_id' => (int) $tenantLapsed->workspace_id,
'name' => 'Failed Compare Tenant',
]);
createUserWithTenant($tenantFailedCompare, $user, role: 'owner', workspaceRole: 'readonly');
[$failedProfile, $failedSnapshot] = seedActiveBaselineForTenant($tenantFailedCompare);
seedBaselineCompareRun(
$tenantFailedCompare,
$failedProfile,
$failedSnapshot,
workspaceOverviewCompareCoverage(),
outcome: OperationRunOutcome::Failed->value,
);
$tenantHighSeverity = Tenant::factory()->create([
'status' => 'active',
'workspace_id' => (int) $tenantLapsed->workspace_id,
'name' => 'High Severity Tenant',
]);
createUserWithTenant($tenantHighSeverity, $user, role: 'owner', workspaceRole: 'readonly');
[$highProfile, $highSnapshot] = seedActiveBaselineForTenant($tenantHighSeverity);
seedBaselineCompareRun($tenantHighSeverity, $highProfile, $highSnapshot, workspaceOverviewCompareCoverage());
Finding::factory()->for($tenantHighSeverity)->create([
'workspace_id' => (int) $tenantHighSeverity->workspace_id,
'status' => Finding::STATUS_TRIAGED,
'severity' => Finding::SEVERITY_CRITICAL,
]);
$workspace = $tenantLapsed->workspace()->firstOrFail();
$overview = app(WorkspaceOverviewBuilder::class)->build($workspace, $user);
expect(collect($overview['attention_items'])->pluck('key')->take(3)->all())
->toBe([
'tenant_lapsed_governance',
'tenant_compare_attention',
'tenant_high_severity_findings',
]);
});

21
tests/Feature/Filament/WorkspaceOverviewOperationsTest.php
View File

@ -40,3 +40,24 @@
expect((string) $response->getContent())->not->toContain('wire:poll'); expect((string) $response->getContent())->not->toContain('wire:poll');
}); });
it('keeps recent operations diagnostic and separate from calm governance messaging', function (): void {
[$user, $tenant] = createUserWithTenant(role: 'owner');
[$profile, $snapshot] = seedActiveBaselineForTenant($tenant);
seedBaselineCompareRun($tenant, $profile, $snapshot, workspaceOverviewCompareCoverage());
OperationRun::factory()->create([
'tenant_id' => (int) $tenant->getKey(),
'workspace_id' => (int) $tenant->workspace_id,
'type' => 'inventory_sync',
'status' => \App\Support\OperationRunStatus::Running->value,
'outcome' => \App\Support\OperationRunOutcome::Pending->value,
]);
$this->actingAs($user)
->withSession([WorkspaceContext::SESSION_KEY => (int) $tenant->workspace_id])
->get('/admin')
->assertOk()
->assertSee('Diagnostic recency across your visible workspace slice. This does not define governance health on its own.')
->assertDontSee('Visible governance, findings, compare posture, and activity currently look calm.');
});

38
tests/Feature/Filament/WorkspaceOverviewPermissionVisibilityTest.php
View File

@ -3,8 +3,12 @@
declare(strict_types=1); declare(strict_types=1);
use App\Models\Tenant; use App\Models\Tenant;
use App\Services\Auth\CapabilityResolver;
use App\Support\Auth\Capabilities;
use App\Support\Workspaces\WorkspaceOverviewBuilder; use App\Support\Workspaces\WorkspaceOverviewBuilder;
use function Pest\Laravel\mock;
it('keeps switch workspace visible while hiding manage workspaces and unauthorized tenant counts for readonly members', function (): void { it('keeps switch workspace visible while hiding manage workspaces and unauthorized tenant counts for readonly members', function (): void {
$tenantA = Tenant::factory()->create(['status' => 'active']); $tenantA = Tenant::factory()->create(['status' => 'active']);
[$user, $tenantA] = createUserWithTenant($tenantA, role: 'owner', workspaceRole: 'readonly'); [$user, $tenantA] = createUserWithTenant($tenantA, role: 'owner', workspaceRole: 'readonly');
@ -24,3 +28,37 @@
->and($quickActionKeys)->toContain('switch_workspace') ->and($quickActionKeys)->toContain('switch_workspace')
->and($quickActionKeys)->not->toContain('manage_workspaces'); ->and($quickActionKeys)->not->toContain('manage_workspaces');
}); });
it('keeps governance attention visible but non-clickable when the tenant membership does not grant drill-through capability', function (): void {
$tenant = Tenant::factory()->create(['status' => 'active']);
[$user, $tenant] = createUserWithTenant($tenant, role: 'readonly', workspaceRole: 'readonly');
[$profile, $snapshot] = seedActiveBaselineForTenant($tenant);
seedBaselineCompareRun($tenant, $profile, $snapshot, workspaceOverviewCompareCoverage());
\App\Models\Finding::factory()->for($tenant)->create([
'workspace_id' => (int) $tenant->workspace_id,
'status' => \App\Models\Finding::STATUS_TRIAGED,
'due_at' => now()->subDay(),
]);
mock(CapabilityResolver::class, function ($mock) use ($tenant): void {
$mock->shouldReceive('primeMemberships')->once();
$mock->shouldReceive('can')
->andReturnUsing(static function (\App\Models\User $user, Tenant $resolvedTenant, string $capability) use ($tenant): bool {
expect((int) $resolvedTenant->getKey())->toBe((int) $tenant->getKey());
return match ($capability) {
Capabilities::TENANT_VIEW, Capabilities::TENANT_FINDINGS_VIEW => false,
default => false,
};
});
});
$workspace = $tenant->workspace()->firstOrFail();
$overview = app(WorkspaceOverviewBuilder::class)->build($workspace, $user);
$item = collect($overview['attention_items'])->firstWhere('key', 'tenant_overdue_findings');
expect($item['action_disabled'])->toBeTrue()
->and($item['destination']['kind'])->toBe('tenant_findings')
->and($item['helper_text'])->not->toBeNull();
});

126
tests/Feature/Filament/WorkspaceOverviewSummaryMetricsTest.php Normal file
View File

@ -0,0 +1,126 @@
<?php
declare(strict_types=1);
use App\Models\AlertDelivery;
use App\Models\Finding;
use App\Models\FindingException;
use App\Models\OperationRun;
use App\Models\Tenant;
use App\Support\Workspaces\WorkspaceOverviewBuilder;
it('counts governance attention by affected tenant instead of raw issue totals', function (): void {
$tenantOverdue = Tenant::factory()->create(['status' => 'active']);
[$user, $tenantOverdue] = createUserWithTenant($tenantOverdue, role: 'owner', workspaceRole: 'readonly');
[$overdueProfile, $overdueSnapshot] = seedActiveBaselineForTenant($tenantOverdue);
seedBaselineCompareRun($tenantOverdue, $overdueProfile, $overdueSnapshot, workspaceOverviewCompareCoverage());
Finding::factory()->count(3)->for($tenantOverdue)->create([
'workspace_id' => (int) $tenantOverdue->workspace_id,
'status' => Finding::STATUS_TRIAGED,
'due_at' => now()->subDay(),
]);
$tenantExpiring = Tenant::factory()->create([
'status' => 'active',
'workspace_id' => (int) $tenantOverdue->workspace_id,
'name' => 'Expiring Tenant',
]);
createUserWithTenant($tenantExpiring, $user, role: 'owner', workspaceRole: 'readonly');
[$expiringProfile, $expiringSnapshot] = seedActiveBaselineForTenant($tenantExpiring);
seedBaselineCompareRun($tenantExpiring, $expiringProfile, $expiringSnapshot, workspaceOverviewCompareCoverage());
$finding = Finding::factory()->riskAccepted()->create([
'workspace_id' => (int) $tenantExpiring->workspace_id,
'tenant_id' => (int) $tenantExpiring->getKey(),
]);
FindingException::query()->create([
'workspace_id' => (int) $tenantExpiring->workspace_id,
'tenant_id' => (int) $tenantExpiring->getKey(),
'finding_id' => (int) $finding->getKey(),
'requested_by_user_id' => (int) $user->getKey(),
'owner_user_id' => (int) $user->getKey(),
'approved_by_user_id' => (int) $user->getKey(),
'status' => FindingException::STATUS_EXPIRING,
'current_validity_state' => FindingException::VALIDITY_EXPIRING,
'request_reason' => 'Pending governance review',
'approval_reason' => 'Short lived exception',
'requested_at' => now()->subDays(2),
'approved_at' => now()->subDay(),
'effective_from' => now()->subDay(),
'expires_at' => now()->addDay(),
'review_due_at' => now()->addDay(),
'evidence_summary' => ['reference_count' => 0],
]);
$tenantStale = Tenant::factory()->create([
'status' => 'active',
'workspace_id' => (int) $tenantOverdue->workspace_id,
'name' => 'Stale Tenant',
]);
createUserWithTenant($tenantStale, $user, role: 'owner', workspaceRole: 'readonly');
[$staleProfile, $staleSnapshot] = seedActiveBaselineForTenant($tenantStale);
seedBaselineCompareRun(
$tenantStale,
$staleProfile,
$staleSnapshot,
workspaceOverviewCompareCoverage(),
completedAt: now()->subDays(10),
);
$tenantFailedCompare = Tenant::factory()->create([
'status' => 'active',
'workspace_id' => (int) $tenantOverdue->workspace_id,
'name' => 'Failed Compare Tenant',
]);
createUserWithTenant($tenantFailedCompare, $user, role: 'owner', workspaceRole: 'readonly');
[$failedProfile, $failedSnapshot] = seedActiveBaselineForTenant($tenantFailedCompare);
seedBaselineCompareRun(
$tenantFailedCompare,
$failedProfile,
$failedSnapshot,
workspaceOverviewCompareCoverage(),
outcome: \App\Support\OperationRunOutcome::Failed->value,
);
$workspace = $tenantOverdue->workspace()->firstOrFail();
$overview = app(WorkspaceOverviewBuilder::class)->build($workspace, $user);
$metrics = collect($overview['summary_metrics'])->keyBy('key');
expect($metrics->get('governance_attention_tenants')['value'])->toBe(4)
->and($metrics->get('governance_attention_tenants')['category'])->toBe('governance_risk')
->and($metrics->get('governance_attention_tenants')['destination']['kind'])->toBe('choose_tenant');
});
it('keeps activity and alerts metrics separate from governance risk', function (): void {
$tenant = Tenant::factory()->create(['status' => 'active']);
[$user, $tenant] = createUserWithTenant($tenant, role: 'owner', workspaceRole: 'readonly');
[$profile, $snapshot] = seedActiveBaselineForTenant($tenant);
seedBaselineCompareRun($tenant, $profile, $snapshot, workspaceOverviewCompareCoverage());
OperationRun::factory()->create([
'tenant_id' => (int) $tenant->getKey(),
'workspace_id' => (int) $tenant->workspace_id,
'status' => \App\Support\OperationRunStatus::Running->value,
'outcome' => \App\Support\OperationRunOutcome::Pending->value,
]);
AlertDelivery::factory()->create([
'tenant_id' => (int) $tenant->getKey(),
'workspace_id' => (int) $tenant->workspace_id,
'status' => AlertDelivery::STATUS_FAILED,
'created_at' => now(),
]);
$workspace = $tenant->workspace()->firstOrFail();
$overview = app(WorkspaceOverviewBuilder::class)->build($workspace, $user);
$metrics = collect($overview['summary_metrics'])->keyBy('key');
expect($metrics->get('governance_attention_tenants')['value'])->toBe(0)
->and($metrics->get('active_operations')['value'])->toBe(1)
->and($metrics->get('active_operations')['category'])->toBe('activity')
->and($metrics->get('active_operations')['destination']['kind'])->toBe('operations_index')
->and($metrics->get('alert_failures')['value'])->toBe(1)
->and($metrics->get('alert_failures')['category'])->toBe('alerts');
});

6
tests/Feature/Monitoring/AuditLogInspectFlowTest.php
View File

@ -93,12 +93,12 @@
->test(AuditLogPage::class) ->test(AuditLogPage::class)
->assertCanSeeTableRecords([$withRunLink, $withoutRunLink]) ->assertCanSeeTableRecords([$withRunLink, $withoutRunLink])
->mountTableAction('inspect', $withRunLink) ->mountTableAction('inspect', $withRunLink)
->assertMountedActionModalSee('Open operation run'); ->assertMountedActionModalSee('Open operation');
$component $component
->call('replaceMountedTableAction', 'inspect', (string) $withoutRunLink->getKey()) ->call('replaceMountedTableAction', 'inspect', (string) $withoutRunLink->getKey())
->assertMountedActionModalSee('Workspace selected for Workspace 1') ->assertMountedActionModalSee('Workspace selected for Workspace 1')
->assertMountedActionModalDontSee('Open operation run') ->assertMountedActionModalDontSee('Open operation')
->assertMountedActionModalDontSee('Baseline compare completed for Operation run'); ->assertMountedActionModalDontSee('Baseline compare completed for Operation run');
}); });
@ -163,5 +163,5 @@
->get(route('admin.monitoring.audit-log')) ->get(route('admin.monitoring.audit-log'))
->assertOk() ->assertOk()
->assertDontSee('Close details') ->assertDontSee('Close details')
->assertDontSee('Open operation run'); ->assertDontSee('Open operation');
}); });

4
tests/Feature/Monitoring/HeaderContextBarTest.php
View File

@ -271,8 +271,8 @@
->get(route('admin.operations.view', ['run' => (int) $run->getKey()])) ->get(route('admin.operations.view', ['run' => (int) $run->getKey()]))
->assertOk() ->assertOk()
->assertSee('Tenant scope: Current Tenant') ->assertSee('Tenant scope: Current Tenant')
->assertSee('Current tenant context differs from this run') ->assertSee('Current tenant context differs from this operation')
->assertSee('Run tenant: Run Tenant.'); ->assertSee('Operation tenant: Run Tenant.');
}); });
it('shows canonical workspace framing on canonical run pages with no selected tenant context', function (): void { it('shows canonical workspace framing on canonical run pages with no selected tenant context', function (): void {

4
tests/Feature/Monitoring/OperationLifecycleFreshnessPresentationTest.php
View File

@ -45,7 +45,7 @@
->get('/admin/operations') ->get('/admin/operations')
->assertOk() ->assertOk()
->assertSee('Likely stale') ->assertSee('Likely stale')
->assertSee('run(s) have already been automatically reconciled'); ->assertSee('operation(s) have already been automatically reconciled');
$this->actingAs($user) $this->actingAs($user)
->withSession([WorkspaceContext::SESSION_KEY => (int) $tenant->workspace_id]) ->withSession([WorkspaceContext::SESSION_KEY => (int) $tenant->workspace_id])
@ -57,7 +57,7 @@
->withSession([WorkspaceContext::SESSION_KEY => (int) $tenant->workspace_id]) ->withSession([WorkspaceContext::SESSION_KEY => (int) $tenant->workspace_id])
->get(route('admin.operations.view', ['run' => (int) $staleRun->getKey()])) ->get(route('admin.operations.view', ['run' => (int) $staleRun->getKey()]))
->assertOk() ->assertOk()
->assertSee('Likely stale run'); ->assertSee('Likely stale operation');
}); });
it('renders lifecycle outcome fallbacks when historical runs are missing stored outcomes', function (): void { it('renders lifecycle outcome fallbacks when historical runs are missing stored outcomes', function (): void {

2
tests/Feature/Monitoring/OperationRunResolvedReferencePresentationTest.php
View File

@ -56,7 +56,7 @@
$this->withSession([WorkspaceContext::SESSION_KEY => (int) $activeTenant->workspace_id]) $this->withSession([WorkspaceContext::SESSION_KEY => (int) $activeTenant->workspace_id])
->get(OperationRunLinks::tenantlessView($run)) ->get(OperationRunLinks::tenantlessView($run))
->assertOk() ->assertOk()
->assertSee('Run tenant is not available in the current tenant selector') ->assertSee('Operation tenant is not available in the current tenant selector')
->assertSee('This tenant is currently archived') ->assertSee('This tenant is currently archived')
->assertSee('Back to Operations') ->assertSee('Back to Operations')
->assertDontSee('← Back to Archived Tenant'); ->assertDontSee('← Back to Archived Tenant');

55
tests/Feature/Monitoring/OperationsDashboardDrillthroughTest.php
View File

@ -141,6 +141,56 @@
->assertCanNotSeeTableRecords([$healthyActive, $otherTenantFailed]); ->assertCanNotSeeTableRecords([$healthyActive, $otherTenantFailed]);
}); });
it('allows workspace-originated operations drill-through to clear tenant context and show workspace-wide follow-up', function (): void {
$tenantA = Tenant::factory()->create();
[$user, $tenantA] = createUserWithTenant(tenant: $tenantA, role: 'owner');
$tenantB = Tenant::factory()->create([
'workspace_id' => (int) $tenantA->workspace_id,
]);
createUserWithTenant(tenant: $tenantB, user: $user, role: 'owner');
$workspaceRun = OperationRun::factory()->tenantlessForWorkspace($tenantA->workspace()->firstOrFail())->create([
'type' => 'inventory_sync',
'status' => OperationRunStatus::Queued->value,
'outcome' => OperationRunOutcome::Pending->value,
'created_at' => now()->subHour(),
]);
$otherTenantFailed = OperationRun::factory()->create([
'tenant_id' => (int) $tenantB->getKey(),
'workspace_id' => (int) $tenantB->workspace_id,
'type' => 'policy.sync',
'status' => OperationRunStatus::Completed->value,
'outcome' => OperationRunOutcome::Failed->value,
]);
$healthyActive = OperationRun::factory()->create([
'tenant_id' => (int) $tenantA->getKey(),
'workspace_id' => (int) $tenantA->workspace_id,
'type' => 'inventory_sync',
'status' => OperationRunStatus::Running->value,
'outcome' => OperationRunOutcome::Pending->value,
'created_at' => now()->subMinute(),
'started_at' => now()->subMinute(),
]);
$this->actingAs($user);
Filament::setTenant($tenantA, true);
session()->put(WorkspaceContext::SESSION_KEY, (int) $tenantA->workspace_id);
Livewire::withQueryParams([
'tenant_scope' => 'all',
'activeTab' => 'blocked',
])
->actingAs($user)
->test(Operations::class)
->assertSet('tableFilters.tenant_id.value', null)
->assertSet('activeTab', 'blocked')
->assertCanSeeTableRecords([$workspaceRun, $otherTenantFailed])
->assertCanNotSeeTableRecords([$healthyActive]);
});
it('builds canonical dashboard operations URLs with tenant and tab continuity', function (): void { it('builds canonical dashboard operations URLs with tenant and tab continuity', function (): void {
$tenant = Tenant::factory()->create(); $tenant = Tenant::factory()->create();
@ -153,5 +203,10 @@
->toBe(route('admin.operations.index', [ ->toBe(route('admin.operations.index', [
'tenant_id' => (int) $tenant->getKey(), 'tenant_id' => (int) $tenant->getKey(),
'activeTab' => 'blocked', 'activeTab' => 'blocked',
]))
->and(OperationRunLinks::index(activeTab: 'blocked', allTenants: true))
->toBe(route('admin.operations.index', [
'tenant_scope' => 'all',
'activeTab' => 'blocked',
])); ]));
}); });

4
tests/Feature/Notifications/OperationRunNotificationTest.php
View File

@ -36,7 +36,7 @@
$notification = $user->notifications()->latest('id')->first(); $notification = $user->notifications()->latest('id')->first();
expect($notification)->not->toBeNull(); expect($notification)->not->toBeNull();
expect($notification->data['body'] ?? null)->toBe('Queued for execution. Open the run for progress and next steps.'); expect($notification->data['body'] ?? null)->toBe('Queued for execution. Open the operation for progress and next steps.');
expect($notification->data['actions'][0]['url'] ?? null) expect($notification->data['actions'][0]['url'] ?? null)
->toBe(OperationRunLinks::view($run, $tenant)); ->toBe(OperationRunLinks::view($run, $tenant));
}); });
@ -87,7 +87,7 @@
$notification = $user->notifications()->latest('id')->first(); $notification = $user->notifications()->latest('id')->first();
expect($notification)->not->toBeNull(); expect($notification)->not->toBeNull();
expect($notification->data['body'] ?? null)->toBe('Queued for execution. Open the run for progress and next steps.'); expect($notification->data['body'] ?? null)->toBe('Queued for execution. Open the operation for progress and next steps.');
expect($notification->data['actions'][0]['url'] ?? null) expect($notification->data['actions'][0]['url'] ?? null)
->toBe(OperationRunLinks::tenantlessView($run)); ->toBe(OperationRunLinks::tenantlessView($run));
}); });

4
tests/Feature/OpsUx/QueuedToastCopyTest.php
View File

@ -8,7 +8,7 @@
$toast = OperationUxPresenter::queuedToast('policy.sync'); $toast = OperationUxPresenter::queuedToast('policy.sync');
expect($toast->getTitle())->toBe('Policy sync queued'); expect($toast->getTitle())->toBe('Policy sync queued');
expect($toast->getBody())->toBe('Queued for execution. Open the run for progress and next steps.'); expect($toast->getBody())->toBe('Queued for execution. Open the operation for progress and next steps.');
})->group('ops-ux'); })->group('ops-ux');
it('enforces queued toast duration within 35 seconds', function (): void { it('enforces queued toast duration within 35 seconds', function (): void {
@ -25,5 +25,5 @@
$toast = OperationUxPresenter::alreadyQueuedToast('backup_set.add_policies'); $toast = OperationUxPresenter::alreadyQueuedToast('backup_set.add_policies');
expect($toast->getTitle())->toBe('Backup set update already queued'); expect($toast->getTitle())->toBe('Backup set update already queued');
expect($toast->getBody())->toBe('A matching run is already queued or running. No action needed unless it stays stuck.'); expect($toast->getBody())->toBe('A matching operation is already queued or running. No action needed unless it stays stuck.');
})->group('ops-ux'); })->group('ops-ux');

2
tests/Feature/OpsUx/TerminalNotificationFailureMessageTest.php
View File

@ -46,7 +46,7 @@
expect($body)->toContain('Execution failed.'); expect($body)->toContain('Execution failed.');
expect($body)->toContain('This is a very long failure message'); expect($body)->toContain('This is a very long failure message');
expect($body)->toContain('Review the run details before retrying.'); expect($body)->toContain('Review the operation details before retrying.');
// Ensure message is not full-length / multiline. // Ensure message is not full-length / multiline.
expect($body)->not->toContain(str_repeat('x', 200)); expect($body)->not->toContain(str_repeat('x', 200));

2
tests/Feature/System/OpsRunbooks/OpsUxStartSurfaceContractTest.php
View File

@ -85,5 +85,5 @@
$this->get($viewUrl) $this->get($viewUrl)
->assertSuccessful() ->assertSuccessful()
->assertSee('Run #'.(int) $run?->getKey()); ->assertSee('Operation #'.(int) $run?->getKey());
}); });

2
tests/Feature/Verification/VerificationReportRedactionTest.php
View File

@ -56,7 +56,7 @@
assertNoOutboundHttp(function () use ($run, $fingerprint): void { assertNoOutboundHttp(function () use ($run, $fingerprint): void {
Livewire::test(TenantlessOperationRunViewer::class, ['run' => $run]) Livewire::test(TenantlessOperationRunViewer::class, ['run' => $run])
->assertSee('Verification report') ->assertSee('Verification report')
->assertSee('Open previous verification') ->assertSee('Open previous operation')
->assertSee($fingerprint) ->assertSee($fingerprint)
->assertSee('Token acquisition works') ->assertSee('Token acquisition works')
->assertDontSee('access_token') ->assertDontSee('access_token')

81
tests/Pest.php
View File

@ -1,5 +1,8 @@
<?php <?php
use App\Models\BaselineProfile;
use App\Models\BaselineSnapshot;
use App\Models\BaselineTenantAssignment;
use App\Models\EvidenceSnapshot; use App\Models\EvidenceSnapshot;
use App\Models\Finding; use App\Models\Finding;
use App\Models\OperationRun; use App\Models\OperationRun;
@ -18,6 +21,9 @@
use App\Services\Tenants\TenantActionPolicySurface; use App\Services\Tenants\TenantActionPolicySurface;
use App\Support\Evidence\EvidenceCompletenessState; use App\Support\Evidence\EvidenceCompletenessState;
use App\Support\Evidence\EvidenceSnapshotStatus; use App\Support\Evidence\EvidenceSnapshotStatus;
use App\Support\OperationRunOutcome;
use App\Support\OperationRunStatus;
use App\Support\OperationRunType;
use App\Support\Providers\ProviderConnectionType; use App\Support\Providers\ProviderConnectionType;
use App\Support\Providers\ProviderConsentStatus; use App\Support\Providers\ProviderConsentStatus;
use App\Support\Providers\ProviderCredentialKind; use App\Support\Providers\ProviderCredentialKind;
@ -346,6 +352,81 @@ function createUserWithTenant(
return [$user, $tenant]; return [$user, $tenant];
} }
/**
* @return array{0: BaselineProfile, 1: BaselineSnapshot}
*/
function seedActiveBaselineForTenant(Tenant $tenant): array
{
$profile = BaselineProfile::factory()->active()->create([
'workspace_id' => (int) $tenant->workspace_id,
]);
$snapshot = BaselineSnapshot::factory()->complete()->create([
'workspace_id' => (int) $tenant->workspace_id,
'baseline_profile_id' => (int) $profile->getKey(),
]);
$profile->forceFill([
'active_snapshot_id' => (int) $snapshot->getKey(),
])->save();
BaselineTenantAssignment::query()->updateOrCreate([
'workspace_id' => (int) $tenant->workspace_id,
'tenant_id' => (int) $tenant->getKey(),
], [
'baseline_profile_id' => (int) $profile->getKey(),
'override_scope_jsonb' => null,
]);
return [$profile, $snapshot];
}
/**
* @param array<string, mixed> $compareContext
*/
function seedBaselineCompareRun(
Tenant $tenant,
BaselineProfile $profile,
BaselineSnapshot $snapshot,
array $compareContext = [],
string $status = OperationRunStatus::Completed->value,
string $outcome = OperationRunOutcome::Succeeded->value,
?\Carbon\CarbonInterface $completedAt = null,
): OperationRun {
$completedAt ??= now();
return OperationRun::factory()->create([
'tenant_id' => (int) $tenant->getKey(),
'workspace_id' => (int) $tenant->workspace_id,
'type' => OperationRunType::BaselineCompare->value,
'status' => $status,
'outcome' => $outcome,
'created_at' => $completedAt,
'completed_at' => $status === OperationRunStatus::Completed->value ? $completedAt : null,
'context' => [
'baseline_profile_id' => (int) $profile->getKey(),
'baseline_snapshot_id' => (int) $snapshot->getKey(),
'baseline_compare' => $compareContext,
],
]);
}
/**
* @return array<string, mixed>
*/
function workspaceOverviewCompareCoverage(): array
{
return [
'reason_code' => \App\Support\Baselines\BaselineCompareReasonCode::NoDriftDetected->value,
'coverage' => [
'effective_types' => ['deviceConfiguration'],
'covered_types' => ['deviceConfiguration'],
'uncovered_types' => [],
'proof' => true,
],
];
}
/** /**
* @return array{tenant: string} * @return array{tenant: string}
*/ */

2
tests/Unit/Support/RelatedActionLabelCatalogTest.php
View File

@ -9,7 +9,7 @@
expect($catalog->entryLabel('baseline_snapshot'))->toBe('Snapshot') expect($catalog->entryLabel('baseline_snapshot'))->toBe('Snapshot')
->and($catalog->actionLabel('baseline_snapshot'))->toBe('View snapshot') ->and($catalog->actionLabel('baseline_snapshot'))->toBe('View snapshot')
->and($catalog->entryLabel('source_run'))->toBe('Run') ->and($catalog->entryLabel('source_run'))->toBe('Operation')
->and($catalog->actionLabel('operations'))->toBe('Open operations'); ->and($catalog->actionLabel('operations'))->toBe('Open operations');
}); });