From 2752515da58dc4bceb941491e6e45c7711b0a118 Mon Sep 17 00:00:00 2001 From: ahmido Date: Fri, 24 Apr 2026 05:44:54 +0000 Subject: [PATCH] Spec 235: harden baseline truth and onboarding flows (#271) ## Summary - harden baseline capture truth, compare readiness, and monitoring explanations around latest inventory eligibility, blocked prerequisites, and zero-subject outcomes - improve onboarding verification and bootstrap recovery handling, including admin-consent callback invalidation and queued execution legitimacy/report behavior - align workspace findings/workspace overview signals and refresh the related spec, roadmap, and spec-candidate artifacts ## Validation - `cd apps/platform && ./vendor/bin/sail bin pint --dirty --format agent` - `cd apps/platform && ./vendor/bin/sail artisan test --compact tests/Feature/BaselineDriftEngine/BaselineCaptureAuditEventsTest.php tests/Feature/BaselineDriftEngine/BaselineSnapshotNoTenantIdentifiersTest.php tests/Feature/BaselineDriftEngine/CaptureBaselineContentTest.php tests/Feature/BaselineDriftEngine/CaptureBaselineFullContentOnDemandTest.php tests/Feature/BaselineDriftEngine/CaptureBaselineMetaFallbackTest.php tests/Feature/Baselines/BaselineCaptureTest.php tests/Feature/Baselines/BaselineCompareFindingsTest.php tests/Feature/Baselines/BaselineSnapshotBackfillTest.php tests/Feature/Filament/BaselineCaptureResultExplanationSurfaceTest.php tests/Feature/Filament/BaselineCompareLandingStartSurfaceTest.php tests/Feature/Filament/BaselineProfileCaptureStartSurfaceTest.php tests/Feature/Filament/OperationRunBaselineTruthSurfaceTest.php tests/Feature/Monitoring/AuditCoverageGovernanceTest.php tests/Feature/Monitoring/GovernanceOperationRunSummariesTest.php tests/Feature/Notifications/OperationRunNotificationTest.php tests/Feature/Authorization/OperatorExplanationSurfaceAuthorizationTest.php` - `cd apps/platform && ./vendor/bin/sail artisan test --compact tests/Feature/AdminConsentCallbackTest.php tests/Feature/Filament/WorkspaceOverviewDbOnlyTest.php tests/Feature/Guards/Spec194GovernanceActionSemanticsGuardTest.php tests/Feature/ManagedTenantOnboardingWizardTest.php tests/Feature/Onboarding/OnboardingVerificationTest.php tests/Feature/Operations/QueuedExecutionAuditTrailTest.php tests/Unit/Operations/QueuedExecutionLegitimacyGateTest.php` ## Notes - browser validation was not re-run in this pass Co-authored-by: Ahmed Darrazi Reviewed-on: https://git.cloudarix.de/ahmido/TenantAtlas/pulls/271 --- .github/agents/copilot-instructions.md | 4 +- .specify/memory/constitution.md | 50 +- .specify/templates/checklist-template.md | 19 +- .specify/templates/plan-template.md | 12 + .specify/templates/spec-template.md | 17 + .specify/templates/tasks-template.md | 5 + ...c030f6558770206a939-playwright@1.59.1.json | 2 +- ...2a20c07f69dcc0-playwright-core@1.59.1.json | 2 +- ...67f2a7d955f1a8c79d154b7-rollup@4.60.2.json | 2 +- ...fb812ffb9b71917d3976-color-name@1.1.4.json | 2 +- ...4a258752289abbfa5-@types+estree@1.0.8.json | 2 +- ...ce5601b8d3ff5c58a19202ec50-rxjs@7.8.2.json | 2 +- ...98bb0e03f9c087a6fa107d300-tslib@2.8.1.json | 2 +- ...00e365fe3798d4da3cbaa074-axios@1.15.0.json | 2 +- .../ManagedTenantOnboardingWizard.php | 308 ++++- .../Resources/BaselineProfileResource.php | 37 +- .../Pages/ViewBaselineProfile.php | 14 +- .../AdminConsentCallbackController.php | 48 + .../app/Jobs/CaptureBaselineSnapshotJob.php | 330 +++++- .../app/Livewire/BulkOperationProgress.php | 3 +- .../Notifications/OperationRunCompleted.php | 5 + .../Baselines/BaselineCaptureService.php | 147 +++ .../FindingAssignmentHygieneService.php | 53 +- .../app/Services/OperationRunService.php | 16 +- .../QueuedExecutionLegitimacyGate.php | 53 +- .../Baselines/BaselineCompareStats.php | 33 +- .../Support/Baselines/BaselineReasonCodes.php | 27 +- .../platform/app/Support/OpsUx/ActiveRuns.php | 2 +- .../GovernanceRunDiagnosticSummaryBuilder.php | 75 ++ .../Support/OpsUx/OperationUxPresenter.php | 24 + .../ReasonTranslation/ReasonPresenter.php | 1 + .../ReasonTranslation/ReasonTranslator.php | 77 +- .../Workspaces/WorkspaceOverviewBuilder.php | 34 +- ...ycle_state_to_baseline_snapshots_table.php | 17 +- .../views/admin-consent-callback.blade.php | 2 +- ...ec172DeferredOperatorSurfacesSmokeTest.php | 2 +- .../Feature/AdminConsentCallbackTest.php | 57 + ...torExplanationSurfaceAuthorizationTest.php | 30 + .../BaselineCaptureAuditEventsTest.php | 4 + ...aselineSnapshotNoTenantIdentifiersTest.php | 9 +- .../CaptureBaselineContentTest.php | 4 + ...CaptureBaselineFullContentOnDemandTest.php | 4 + .../CaptureBaselineMetaFallbackTest.php | 9 +- .../Feature/Baselines/BaselineCaptureTest.php | 270 ++++- .../Baselines/BaselineCompareFindingsTest.php | 19 +- .../BaselineSnapshotBackfillTest.php | 7 +- ...ineCaptureResultExplanationSurfaceTest.php | 28 + ...BaselineCompareLandingStartSurfaceTest.php | 90 ++ ...BaselineProfileCaptureStartSurfaceTest.php | 28 + .../OperationRunBaselineTruthSurfaceTest.php | 46 +- .../Filament/WorkspaceOverviewDbOnlyTest.php | 2 +- ...c194GovernanceActionSemanticsGuardTest.php | 2 +- .../ManagedTenantOnboardingWizardTest.php | 384 +++++- .../AuditCoverageGovernanceTest.php | 56 + .../GovernanceOperationRunSummariesTest.php | 75 ++ .../OperationRunNotificationTest.php | 70 ++ .../Onboarding/OnboardingVerificationTest.php | 110 ++ .../QueuedExecutionAuditTrailTest.php | 10 +- .../QueuedExecutionLegitimacyGateTest.php | 91 ++ docs/product/roadmap.md | 30 +- docs/product/spec-candidates.md | 1041 ++++++++++++++++- .../checklists/requirements.md | 36 + .../235-baseline-capture-truth/data-model.md | 164 +++ specs/235-baseline-capture-truth/plan.md | 267 +++++ .../235-baseline-capture-truth/quickstart.md | 164 +++ specs/235-baseline-capture-truth/research.md | 55 + specs/235-baseline-capture-truth/spec.md | 264 +++++ specs/235-baseline-capture-truth/tasks.md | 231 ++++ 68 files changed, 4871 insertions(+), 217 deletions(-) create mode 100644 specs/235-baseline-capture-truth/checklists/requirements.md create mode 100644 specs/235-baseline-capture-truth/data-model.md create mode 100644 specs/235-baseline-capture-truth/plan.md create mode 100644 specs/235-baseline-capture-truth/quickstart.md create mode 100644 specs/235-baseline-capture-truth/research.md create mode 100644 specs/235-baseline-capture-truth/spec.md create mode 100644 specs/235-baseline-capture-truth/tasks.md diff --git a/.github/agents/copilot-instructions.md b/.github/agents/copilot-instructions.md index 0951743d..c295f3a6 100644 --- a/.github/agents/copilot-instructions.md +++ b/.github/agents/copilot-instructions.md @@ -246,6 +246,8 @@ ## Active Technologies - Existing PostgreSQL `operation_runs` records and current session/query-backed monitoring navigation state; no new persistence (233-stale-run-visibility) - PHP 8.4.15, Laravel 12, Filament v5, Livewire v4 + `App\Models\BaselineProfile`, `App\Support\Baselines\BaselineProfileStatus`, `App\Support\Badges\BadgeCatalog`, `App\Support\Badges\BadgeDomain`, `Database\Factories\TenantFactory`, `App\Console\Commands\SeedBackupHealthBrowserFixture`, existing tenant-truth and baseline-profile Pest tests (234-dead-transitional-residue) - Existing PostgreSQL `baseline_profiles` and `tenants` tables; no new persistence and no schema migration in this slice (234-dead-transitional-residue) +- PHP 8.4.15, Laravel 12, Filament v5, Livewire v4 + `BaselineCaptureService`, `CaptureBaselineSnapshotJob`, `BaselineReasonCodes`, `BaselineCompareStats`, `ReasonTranslator`, `GovernanceRunDiagnosticSummaryBuilder`, `OperationRunService`, `BaselineProfile`, `BaselineSnapshot`, `OperationRunOutcome`, existing Filament capture/compare surfaces (235-baseline-capture-truth) +- Existing PostgreSQL tables only; no new table or schema migration is planned in the mainline slice (235-baseline-capture-truth) - PHP 8.4.15 (feat/005-bulk-operations) @@ -280,9 +282,9 @@ ## Code Style PHP 8.4.15: Follow standard conventions ## Recent Changes +- 235-baseline-capture-truth: Added PHP 8.4.15, Laravel 12, Filament v5, Livewire v4 + `BaselineCaptureService`, `CaptureBaselineSnapshotJob`, `BaselineReasonCodes`, `BaselineCompareStats`, `ReasonTranslator`, `GovernanceRunDiagnosticSummaryBuilder`, `OperationRunService`, `BaselineProfile`, `BaselineSnapshot`, `OperationRunOutcome`, existing Filament capture/compare surfaces - 234-dead-transitional-residue: Added PHP 8.4.15, Laravel 12, Filament v5, Livewire v4 + `App\Models\BaselineProfile`, `App\Support\Baselines\BaselineProfileStatus`, `App\Support\Badges\BadgeCatalog`, `App\Support\Badges\BadgeDomain`, `Database\Factories\TenantFactory`, `App\Console\Commands\SeedBackupHealthBrowserFixture`, existing tenant-truth and baseline-profile Pest tests - 233-stale-run-visibility: Added PHP 8.4.15, Laravel 12, Filament v5, Livewire v4 + Filament widgets/resources/pages, Pest v4, `App\Models\OperationRun`, `App\Support\Operations\OperationRunFreshnessState`, `App\Services\Operations\OperationLifecycleReconciler`, `App\Support\OpsUx\OperationUxPresenter`, `App\Support\OpsUx\ActiveRuns`, `App\Support\Badges\BadgeCatalog` / `BadgeRenderer`, `App\Support\Workspaces\WorkspaceOverviewBuilder`, `App\Support\OperationRunLinks` -- 232-operation-run-link-contract: Added PHP 8.4.15, Laravel 12, Filament v5, Livewire v4 + Filament Resources/Pages/Widgets, Pest v4, `App\Support\OperationRunLinks`, `App\Support\System\SystemOperationRunLinks`, `App\Support\Navigation\CanonicalNavigationContext`, `App\Support\Navigation\RelatedNavigationResolver`, existing workspace and tenant authorization helpers ### Pre-production compatibility check diff --git a/.specify/memory/constitution.md b/.specify/memory/constitution.md index dd1f054b..c4431b04 100644 --- a/.specify/memory/constitution.md +++ b/.specify/memory/constitution.md @@ -1,32 +1,28 @@