Compare commits
4 Commits
246-suppor
...
dev
| Author | SHA1 | Date | |
|---|---|---|---|
| aacd82849a | |||
| ff3392892b | |||
| e222845a36 | |||
| 6e3736a53f |
4
.github/agents/copilot-instructions.md
vendored
4
.github/agents/copilot-instructions.md
vendored
@ -260,6 +260,8 @@ ## Active Technologies
|
||||
- PostgreSQL via existing `managed_tenant_onboarding_sessions`, `provider_connections`, `operation_runs`, and stored permission-posture data; no new persistence planned (240-tenant-onboarding-readiness)
|
||||
- PHP 8.4 (Laravel 12) + Laravel 12 + Filament v5 + Livewire v4 + Pest; existing `OperationRunLinks`, `GovernanceRunDiagnosticSummaryBuilder`, `ProviderReasonTranslator`, `RelatedNavigationResolver`, `RedactionIntegrity`, `WorkspaceAuditLogger` (241-support-diagnostic-pack)
|
||||
- PostgreSQL via existing `operation_runs`, `provider_connections`, `findings`, `stored_reports`, `tenant_reviews`, `review_packs`, and `audit_logs`; no new persistence planned (241-support-diagnostic-pack)
|
||||
- PHP 8.4, Laravel 12 + Filament v5, Livewire v4, Pest v4, existing review/evidence/review-pack/audit/RBAC support services (249-customer-review-workspace)
|
||||
- PostgreSQL via existing `tenant_reviews`, `review_packs`, `evidence_snapshots`, findings / finding-exception truth, workspace memberships, and `audit_logs`; no new persistence planned (249-customer-review-workspace)
|
||||
|
||||
- PHP 8.4.15 (feat/005-bulk-operations)
|
||||
|
||||
@ -294,9 +296,9 @@ ## Code Style
|
||||
PHP 8.4.15: Follow standard conventions
|
||||
|
||||
## Recent Changes
|
||||
- 249-customer-review-workspace: Added PHP 8.4, Laravel 12 + Filament v5, Livewire v4, Pest v4, existing review/evidence/review-pack/audit/RBAC support services
|
||||
- 241-support-diagnostic-pack: Added PHP 8.4 (Laravel 12) + Laravel 12 + Filament v5 + Livewire v4 + Pest; existing `OperationRunLinks`, `GovernanceRunDiagnosticSummaryBuilder`, `ProviderReasonTranslator`, `RelatedNavigationResolver`, `RedactionIntegrity`, `WorkspaceAuditLogger`
|
||||
- 240-tenant-onboarding-readiness: Added PHP 8.4 (Laravel 12) + Laravel 12 + Filament v5 + Livewire v4 + Pest; existing onboarding services (`OnboardingLifecycleService`, `OnboardingDraftStageResolver`), provider connection summary, verification assist, and Ops-UX helpers
|
||||
- 239-canonical-operation-type-source-of-truth: Added PHP 8.4.15, Laravel 12, Filament v5, Livewire v4 + existing `App\Support\OperationCatalog`, `App\Support\OperationRunType`, `App\Services\OperationRunService`, `App\Services\Providers\ProviderOperationRegistry`, `App\Services\Providers\ProviderOperationStartGate`, `App\Filament\Resources\OperationRunResource`, `App\Filament\Pages\Workspaces\ManagedTenantOnboardingWizard`, `App\Support\Filament\FilterOptionCatalog`, `App\Support\OpsUx\OperationUxPresenter`, `App\Support\References\Resolvers\OperationRunReferenceResolver`, `App\Services\Audit\AuditEventBuilder`, Pest v4
|
||||
<!-- MANUAL ADDITIONS START -->
|
||||
|
||||
### Pre-production compatibility check
|
||||
|
||||
@ -0,0 +1,24 @@
|
||||
<?php
|
||||
|
||||
declare(strict_types=1);
|
||||
|
||||
namespace App\Exceptions\Entitlements;
|
||||
|
||||
final class WorkspaceEntitlementBlockedException extends \RuntimeException
|
||||
{
|
||||
/**
|
||||
* @param array<string, mixed> $decision
|
||||
*/
|
||||
public function __construct(private readonly array $decision)
|
||||
{
|
||||
parent::__construct((string) ($decision['block_reason'] ?? 'Workspace entitlement currently blocks this action.'));
|
||||
}
|
||||
|
||||
/**
|
||||
* @return array<string, mixed>
|
||||
*/
|
||||
public function decision(): array
|
||||
{
|
||||
return $this->decision;
|
||||
}
|
||||
}
|
||||
@ -6,6 +6,7 @@
|
||||
|
||||
use App\Filament\Resources\OperationRunResource;
|
||||
use App\Models\OperationRun;
|
||||
use App\Models\SupportRequest;
|
||||
use App\Models\Tenant;
|
||||
use App\Models\User;
|
||||
use App\Services\Audit\WorkspaceAuditLogger;
|
||||
@ -30,6 +31,7 @@
|
||||
use App\Support\RestoreSafety\RestoreSafetyCopy;
|
||||
use App\Support\Rbac\UiEnforcement;
|
||||
use App\Support\SupportDiagnostics\SupportDiagnosticBundleBuilder;
|
||||
use App\Support\SupportRequests\SupportRequestSubmissionService;
|
||||
use App\Support\Tenants\ReferencedTenantLifecyclePresentation;
|
||||
use App\Support\Tenants\TenantInteractionLane;
|
||||
use App\Support\Tenants\TenantOperabilityQuestion;
|
||||
@ -40,6 +42,10 @@
|
||||
use App\Support\Ui\OperatorExplanation\OperatorExplanationPattern;
|
||||
use Filament\Actions\Action;
|
||||
use Filament\Actions\ActionGroup;
|
||||
use Filament\Forms\Components\Placeholder;
|
||||
use Filament\Forms\Components\Select;
|
||||
use Filament\Forms\Components\TextInput;
|
||||
use Filament\Forms\Components\Textarea;
|
||||
use Filament\Notifications\Notification;
|
||||
use Filament\Pages\Page;
|
||||
use Filament\Schemas\Components\EmbeddedSchema;
|
||||
@ -141,10 +147,6 @@ protected function getHeaderActions(): array
|
||||
? OperationRunLinks::tenantlessView($this->run, $navigationContext)
|
||||
: OperationRunLinks::index());
|
||||
|
||||
if (isset($this->run)) {
|
||||
$actions[] = $this->openSupportDiagnosticsAction();
|
||||
}
|
||||
|
||||
if (! isset($this->run)) {
|
||||
return $actions;
|
||||
}
|
||||
@ -167,6 +169,14 @@ protected function getHeaderActions(): array
|
||||
->color('gray');
|
||||
}
|
||||
|
||||
$actions[] = ActionGroup::make([
|
||||
$this->openSupportDiagnosticsAction(),
|
||||
$this->requestSupportAction(),
|
||||
])
|
||||
->label('More')
|
||||
->icon('heroicon-o-ellipsis-horizontal')
|
||||
->color('gray');
|
||||
|
||||
$actions[] = $this->resumeCaptureAction();
|
||||
|
||||
return $actions;
|
||||
@ -228,8 +238,6 @@ private function openSupportDiagnosticsAction(): Action
|
||||
$action = Action::make('openSupportDiagnostics')
|
||||
->label('Open support diagnostics')
|
||||
->icon('heroicon-o-lifebuoy')
|
||||
->iconButton()
|
||||
->tooltip('Open support diagnostics')
|
||||
->color('gray')
|
||||
->record($this->run)
|
||||
->modal()
|
||||
@ -251,39 +259,85 @@ private function openSupportDiagnosticsAction(): Action
|
||||
->apply();
|
||||
}
|
||||
|
||||
public function authorizeOperationRunSupportRequest(): void
|
||||
{
|
||||
$this->resolveRunTenantForCapability(Capabilities::SUPPORT_REQUESTS_CREATE);
|
||||
}
|
||||
|
||||
private function requestSupportAction(): Action
|
||||
{
|
||||
$action = Action::make('requestSupport')
|
||||
->label('Request support')
|
||||
->icon('heroicon-o-paper-airplane')
|
||||
->record($this->run)
|
||||
->slideOver()
|
||||
->stickyModalHeader()
|
||||
->modalHeading('Request support')
|
||||
->modalDescription('Share a concise summary and TenantAtlas will attach redacted context from the current run.')
|
||||
->modalSubmitActionLabel('Submit support request')
|
||||
->form([
|
||||
Placeholder::make('primary_context')
|
||||
->label('Primary context')
|
||||
->content(fn (): string => OperationRunLinks::identifier($this->run))
|
||||
->columnSpanFull(),
|
||||
Placeholder::make('included_context')
|
||||
->label('Included context')
|
||||
->content(fn (): string => $this->operationSupportRequestAttachmentSummary())
|
||||
->columnSpanFull(),
|
||||
Select::make('severity')
|
||||
->label('Severity')
|
||||
->options(SupportRequest::severityOptions())
|
||||
->default(SupportRequest::SEVERITY_NORMAL)
|
||||
->required()
|
||||
->native(false),
|
||||
TextInput::make('summary')
|
||||
->label('Summary')
|
||||
->required()
|
||||
->columnSpanFull(),
|
||||
Textarea::make('reproduction_notes')
|
||||
->label('Reproduction notes')
|
||||
->rows(4)
|
||||
->columnSpanFull(),
|
||||
TextInput::make('contact_name')
|
||||
->label('Contact name')
|
||||
->default(fn (): ?string => $this->resolveViewerActor()->name),
|
||||
TextInput::make('contact_email')
|
||||
->label('Contact email')
|
||||
->email()
|
||||
->default(fn (): ?string => $this->resolveViewerActor()->email),
|
||||
])
|
||||
->action(function (array $data): void {
|
||||
$actor = $this->resolveViewerActor();
|
||||
|
||||
$supportRequest = app(SupportRequestSubmissionService::class)->submitForOperationRun($this->run, $actor, $data);
|
||||
|
||||
Notification::make()
|
||||
->title('Support request submitted')
|
||||
->body('Reference '.$supportRequest->internal_reference)
|
||||
->success()
|
||||
->send();
|
||||
});
|
||||
|
||||
return UiEnforcement::forAction($action)
|
||||
->requireCapability(Capabilities::SUPPORT_REQUESTS_CREATE)
|
||||
->apply();
|
||||
}
|
||||
|
||||
/**
|
||||
* @return array<string, mixed>
|
||||
*/
|
||||
public function operationRunSupportDiagnosticBundle(): array
|
||||
{
|
||||
$user = auth()->user();
|
||||
$tenant = $this->supportDiagnosticsTenant();
|
||||
|
||||
if (! $user instanceof User || ! $tenant instanceof Tenant) {
|
||||
abort(404);
|
||||
}
|
||||
|
||||
$resolver = app(CapabilityResolver::class);
|
||||
|
||||
if (! $resolver->isMember($user, $tenant)) {
|
||||
abort(404);
|
||||
}
|
||||
|
||||
if (! $resolver->can($user, $tenant, Capabilities::SUPPORT_DIAGNOSTICS_VIEW)) {
|
||||
abort(403);
|
||||
}
|
||||
$user = $this->resolveViewerActor();
|
||||
$tenant = $this->resolveRunTenantForCapability(Capabilities::SUPPORT_DIAGNOSTICS_VIEW);
|
||||
|
||||
return app(SupportDiagnosticBundleBuilder::class)->forOperationRun($this->run, $user);
|
||||
}
|
||||
|
||||
private function auditOperationSupportDiagnosticsOpen(): void
|
||||
{
|
||||
$user = auth()->user();
|
||||
$tenant = $this->supportDiagnosticsTenant();
|
||||
|
||||
if (! $user instanceof User || ! $tenant instanceof Tenant) {
|
||||
abort(404);
|
||||
}
|
||||
$user = $this->resolveViewerActor();
|
||||
$tenant = $this->resolveRunTenantForCapability(Capabilities::SUPPORT_DIAGNOSTICS_VIEW);
|
||||
|
||||
$this->recordSupportDiagnosticsOpened(
|
||||
tenant: $tenant,
|
||||
@ -307,6 +361,59 @@ private function supportDiagnosticsTenant(): ?Tenant
|
||||
return $this->run->loadMissing('tenant')->tenant;
|
||||
}
|
||||
|
||||
private function resolveViewerActor(): User
|
||||
{
|
||||
$user = auth()->user();
|
||||
|
||||
if (! $user instanceof User) {
|
||||
abort(403);
|
||||
}
|
||||
|
||||
return $user;
|
||||
}
|
||||
|
||||
private function resolveRunTenantForCapability(string $capability): Tenant
|
||||
{
|
||||
$tenant = $this->supportDiagnosticsTenant();
|
||||
$user = $this->resolveViewerActor();
|
||||
|
||||
if (! $tenant instanceof Tenant) {
|
||||
abort(404);
|
||||
}
|
||||
|
||||
$resolver = app(CapabilityResolver::class);
|
||||
|
||||
if (! $resolver->isMember($user, $tenant)) {
|
||||
abort(404);
|
||||
}
|
||||
|
||||
if (! $resolver->can($user, $tenant, $capability)) {
|
||||
abort(403);
|
||||
}
|
||||
|
||||
return $tenant;
|
||||
}
|
||||
|
||||
private function operationSupportRequestAttachmentSummary(): string
|
||||
{
|
||||
$tenant = $this->supportDiagnosticsTenant();
|
||||
$user = auth()->user();
|
||||
|
||||
if (! $tenant instanceof Tenant || ! $user instanceof User) {
|
||||
return 'Only canonical redacted run context will be attached.';
|
||||
}
|
||||
|
||||
$resolver = app(CapabilityResolver::class);
|
||||
|
||||
if (! $resolver->isMember($user, $tenant)) {
|
||||
return 'Only canonical redacted run context will be attached.';
|
||||
}
|
||||
|
||||
return $resolver->can($user, $tenant, Capabilities::SUPPORT_DIAGNOSTICS_VIEW)
|
||||
? 'A redacted diagnostic snapshot and the canonical run context will be attached.'
|
||||
: 'Only the canonical redacted run context will be attached because you cannot view support diagnostics.';
|
||||
}
|
||||
|
||||
/**
|
||||
* @param array<string, mixed> $bundle
|
||||
*/
|
||||
|
||||
@ -0,0 +1,497 @@
|
||||
<?php
|
||||
|
||||
declare(strict_types=1);
|
||||
|
||||
namespace App\Filament\Pages\Reviews;
|
||||
|
||||
use App\Filament\Resources\TenantReviewResource;
|
||||
use App\Models\Tenant;
|
||||
use App\Models\ReviewPack;
|
||||
use App\Models\TenantReview;
|
||||
use App\Models\User;
|
||||
use App\Models\Workspace;
|
||||
use App\Services\ReviewPackService;
|
||||
use App\Services\TenantReviews\TenantReviewRegisterService;
|
||||
use App\Support\Auth\Capabilities;
|
||||
use App\Support\Findings\FindingOutcomeSemantics;
|
||||
use App\Support\Filament\TablePaginationProfiles;
|
||||
use App\Support\ReviewPackStatus;
|
||||
use App\Support\Ui\GovernanceArtifactTruth\ArtifactTruthEnvelope;
|
||||
use App\Support\Ui\GovernanceArtifactTruth\ArtifactTruthPresenter;
|
||||
use App\Support\Ui\GovernanceArtifactTruth\CompressedGovernanceOutcome;
|
||||
use App\Support\Ui\GovernanceArtifactTruth\SurfaceCompressionContext;
|
||||
use App\Support\Workspaces\WorkspaceContext;
|
||||
use BackedEnum;
|
||||
use Filament\Actions\Action;
|
||||
use Filament\Pages\Page;
|
||||
use Filament\Tables\Columns\TextColumn;
|
||||
use Filament\Tables\Concerns\InteractsWithTable;
|
||||
use Filament\Tables\Contracts\HasTable;
|
||||
use Filament\Tables\Filters\SelectFilter;
|
||||
use Filament\Tables\Table;
|
||||
use Illuminate\Database\Eloquent\Builder;
|
||||
use Symfony\Component\HttpKernel\Exception\NotFoundHttpException;
|
||||
use UnitEnum;
|
||||
|
||||
class CustomerReviewWorkspace extends Page implements HasTable
|
||||
{
|
||||
use InteractsWithTable;
|
||||
|
||||
public const string DETAIL_CONTEXT_QUERY_KEY = 'customer_workspace';
|
||||
|
||||
private const string SOURCE_SURFACE = 'customer_review_workspace';
|
||||
|
||||
protected static bool $isDiscovered = false;
|
||||
|
||||
protected static string|BackedEnum|null $navigationIcon = 'heroicon-o-document-text';
|
||||
|
||||
protected static string|UnitEnum|null $navigationGroup = 'Reporting';
|
||||
|
||||
protected static ?string $navigationLabel = 'Customer reviews';
|
||||
|
||||
protected static ?int $navigationSort = 44;
|
||||
|
||||
protected static ?string $title = 'Customer Review Workspace';
|
||||
|
||||
protected static ?string $slug = 'reviews/workspace';
|
||||
|
||||
protected string $view = 'filament.pages.reviews.customer-review-workspace';
|
||||
|
||||
public static function tenantPrefilterUrl(Tenant $tenant): string
|
||||
{
|
||||
$tenantIdentifier = filled($tenant->external_id)
|
||||
? (string) $tenant->external_id
|
||||
: (string) $tenant->getKey();
|
||||
|
||||
return static::getUrl(panel: 'admin').'?'.http_build_query([
|
||||
'tenant' => $tenantIdentifier,
|
||||
]);
|
||||
}
|
||||
|
||||
/**
|
||||
* @var array<int, Tenant>|null
|
||||
*/
|
||||
private ?array $authorizedTenants = null;
|
||||
|
||||
public function mount(): void
|
||||
{
|
||||
$this->authorizePageAccess();
|
||||
$this->applyRequestedTenantPrefilter();
|
||||
$this->mountInteractsWithTable();
|
||||
}
|
||||
|
||||
protected function getHeaderActions(): array
|
||||
{
|
||||
return [
|
||||
Action::make('clear_filters')
|
||||
->label('Clear filters')
|
||||
->icon('heroicon-o-x-mark')
|
||||
->color('gray')
|
||||
->visible(fn (): bool => $this->hasActiveFilters())
|
||||
->action(function (): void {
|
||||
$this->clearWorkspaceFilters();
|
||||
}),
|
||||
];
|
||||
}
|
||||
|
||||
public function table(Table $table): Table
|
||||
{
|
||||
return $table
|
||||
->query(fn (): Builder => $this->workspaceQuery())
|
||||
->defaultSort('name')
|
||||
->paginated(TablePaginationProfiles::customPage())
|
||||
->persistFiltersInSession()
|
||||
->persistSearchInSession()
|
||||
->persistSortInSession()
|
||||
->recordUrl(fn (Tenant $record): ?string => $this->latestReviewUrl($record))
|
||||
->columns([
|
||||
TextColumn::make('name')->label('Tenant')->searchable()->sortable(),
|
||||
TextColumn::make('latest_review')
|
||||
->label('Latest review')
|
||||
->badge()
|
||||
->getStateUsing(fn (Tenant $record): string => $this->latestReviewStateLabel($record))
|
||||
->color(fn (Tenant $record): string => $this->latestReviewStateColor($record))
|
||||
->icon(fn (Tenant $record): ?string => $this->latestReviewStateIcon($record))
|
||||
->iconColor(fn (Tenant $record): ?string => $this->latestReviewStateIconColor($record))
|
||||
->description(fn (Tenant $record): ?string => $this->reviewOutcomeDescription($record))
|
||||
->wrap(),
|
||||
TextColumn::make('finding_summary')
|
||||
->label('Key findings')
|
||||
->getStateUsing(fn (Tenant $record): string => $this->findingSummary($record))
|
||||
->wrap(),
|
||||
TextColumn::make('accepted_risk_summary')
|
||||
->label('Accepted risks')
|
||||
->getStateUsing(fn (Tenant $record): string => $this->acceptedRiskSummary($record))
|
||||
->wrap(),
|
||||
TextColumn::make('published_at')
|
||||
->label('Published')
|
||||
->getStateUsing(fn (Tenant $record): ?string => $this->latestPublishedAt($record)?->toDateTimeString())
|
||||
->dateTime()
|
||||
->placeholder('—'),
|
||||
TextColumn::make('review_pack_state')
|
||||
->label('Review pack')
|
||||
->getStateUsing(fn (Tenant $record): string => $this->reviewPackAvailability($record)),
|
||||
])
|
||||
->filters([
|
||||
SelectFilter::make('tenant_id')
|
||||
->label('Tenant')
|
||||
->options(fn (): array => $this->tenantFilterOptions())
|
||||
->default(fn (): ?string => $this->defaultTenantFilter())
|
||||
->query(function (Builder $query, array $data): Builder {
|
||||
$tenantId = $data['value'] ?? null;
|
||||
|
||||
return is_numeric($tenantId)
|
||||
? $query->whereKey((int) $tenantId)
|
||||
: $query;
|
||||
})
|
||||
->searchable(),
|
||||
])
|
||||
->actions([
|
||||
Action::make('open_latest_review')
|
||||
->label('Open latest review')
|
||||
->icon('heroicon-o-arrow-top-right-on-square')
|
||||
->url(fn (Tenant $record): ?string => $this->latestReviewUrl($record))
|
||||
->visible(fn (Tenant $record): bool => $this->latestPublishedReview($record) instanceof TenantReview),
|
||||
Action::make('download_review_pack')
|
||||
->label('Download review pack')
|
||||
->icon('heroicon-o-arrow-down-tray')
|
||||
->url(fn (Tenant $record): ?string => $this->latestReviewPackDownloadUrl($record))
|
||||
->openUrlInNewTab()
|
||||
->visible(fn (Tenant $record): bool => is_string($this->latestReviewPackDownloadUrl($record))),
|
||||
])
|
||||
->bulkActions([])
|
||||
->emptyStateHeading('No entitled tenants match this view')
|
||||
->emptyStateDescription(fn (): string => $this->hasActiveFilters()
|
||||
? 'Clear the current filters to return to the full customer review workspace for your entitled tenants.'
|
||||
: 'Adjust filters to return to the full customer review workspace for your entitled tenants.')
|
||||
->emptyStateActions([
|
||||
Action::make('clear_filters_empty')
|
||||
->label('Clear filters')
|
||||
->icon('heroicon-o-x-mark')
|
||||
->color('gray')
|
||||
->visible(fn (): bool => $this->hasActiveFilters())
|
||||
->action(fn (): mixed => $this->clearWorkspaceFilters()),
|
||||
]);
|
||||
}
|
||||
|
||||
/**
|
||||
* @return array<int, Tenant>
|
||||
*/
|
||||
public function authorizedTenants(): array
|
||||
{
|
||||
if ($this->authorizedTenants !== null) {
|
||||
return $this->authorizedTenants;
|
||||
}
|
||||
|
||||
$user = auth()->user();
|
||||
$workspace = $this->workspace();
|
||||
|
||||
if (! $user instanceof User || ! $workspace instanceof Workspace) {
|
||||
return $this->authorizedTenants = [];
|
||||
}
|
||||
|
||||
return $this->authorizedTenants = app(TenantReviewRegisterService::class)->authorizedTenants($user, $workspace);
|
||||
}
|
||||
|
||||
private function authorizePageAccess(): void
|
||||
{
|
||||
$user = auth()->user();
|
||||
$workspace = $this->workspace();
|
||||
|
||||
if (! $user instanceof User) {
|
||||
abort(403);
|
||||
}
|
||||
|
||||
if (! $workspace instanceof Workspace) {
|
||||
throw new NotFoundHttpException;
|
||||
}
|
||||
|
||||
$service = app(TenantReviewRegisterService::class);
|
||||
|
||||
if (! $service->canAccessWorkspace($user, $workspace)) {
|
||||
throw new NotFoundHttpException;
|
||||
}
|
||||
|
||||
if ($this->authorizedTenants() === []) {
|
||||
throw new NotFoundHttpException;
|
||||
}
|
||||
}
|
||||
|
||||
private function workspaceQuery(): Builder
|
||||
{
|
||||
$user = auth()->user();
|
||||
$workspace = $this->workspace();
|
||||
|
||||
if (! $user instanceof User || ! $workspace instanceof Workspace) {
|
||||
return Tenant::query()->whereRaw('1 = 0');
|
||||
}
|
||||
|
||||
return app(TenantReviewRegisterService::class)->customerWorkspaceTenantQuery($user, $workspace);
|
||||
}
|
||||
|
||||
/**
|
||||
* @return array<string, string>
|
||||
*/
|
||||
private function tenantFilterOptions(): array
|
||||
{
|
||||
return collect($this->authorizedTenants())
|
||||
->mapWithKeys(static fn (Tenant $tenant): array => [
|
||||
(string) $tenant->getKey() => $tenant->name,
|
||||
])
|
||||
->all();
|
||||
}
|
||||
|
||||
private function defaultTenantFilter(): ?string
|
||||
{
|
||||
$tenantId = app(WorkspaceContext::class)->lastTenantId(request());
|
||||
|
||||
return is_int($tenantId) && array_key_exists($tenantId, $this->authorizedTenants())
|
||||
? (string) $tenantId
|
||||
: null;
|
||||
}
|
||||
|
||||
private function applyRequestedTenantPrefilter(): void
|
||||
{
|
||||
$requestedTenant = request()->query('tenant', request()->query('tenant_id'));
|
||||
|
||||
if (! is_string($requestedTenant) && ! is_numeric($requestedTenant)) {
|
||||
return;
|
||||
}
|
||||
|
||||
foreach ($this->authorizedTenants() as $tenant) {
|
||||
if ((string) $tenant->getKey() !== (string) $requestedTenant && (string) $tenant->external_id !== (string) $requestedTenant) {
|
||||
continue;
|
||||
}
|
||||
|
||||
$this->tableFilters['tenant_id']['value'] = (string) $tenant->getKey();
|
||||
$this->tableDeferredFilters['tenant_id']['value'] = (string) $tenant->getKey();
|
||||
|
||||
return;
|
||||
}
|
||||
|
||||
throw new NotFoundHttpException;
|
||||
}
|
||||
|
||||
private function hasActiveFilters(): bool
|
||||
{
|
||||
return $this->currentTenantFilterId() !== null;
|
||||
}
|
||||
|
||||
private function clearWorkspaceFilters(): void
|
||||
{
|
||||
app(WorkspaceContext::class)->clearLastTenantId(request());
|
||||
$this->removeTableFilters();
|
||||
}
|
||||
|
||||
private function currentTenantFilterId(): ?int
|
||||
{
|
||||
$tenantFilter = data_get($this->tableFilters, 'tenant_id.value');
|
||||
|
||||
if (! is_numeric($tenantFilter)) {
|
||||
$tenantFilter = data_get(session()->get($this->getTableFiltersSessionKey(), []), 'tenant_id.value');
|
||||
}
|
||||
|
||||
return is_numeric($tenantFilter) ? (int) $tenantFilter : null;
|
||||
}
|
||||
|
||||
private function workspace(): ?Workspace
|
||||
{
|
||||
$workspaceId = app(WorkspaceContext::class)->currentWorkspaceId(request());
|
||||
|
||||
return is_numeric($workspaceId)
|
||||
? Workspace::query()->whereKey((int) $workspaceId)->first()
|
||||
: null;
|
||||
}
|
||||
|
||||
private function latestPublishedReview(Tenant $tenant): ?TenantReview
|
||||
{
|
||||
$review = $tenant->tenantReviews->first();
|
||||
|
||||
return $review instanceof TenantReview ? $review : null;
|
||||
}
|
||||
|
||||
private function latestReviewUrl(Tenant $tenant): ?string
|
||||
{
|
||||
$review = $this->latestPublishedReview($tenant);
|
||||
|
||||
if (! $review instanceof TenantReview) {
|
||||
return null;
|
||||
}
|
||||
|
||||
return TenantReviewResource::tenantScopedUrl('view', ['record' => $review], $tenant, 'tenant').'?'.http_build_query([
|
||||
self::DETAIL_CONTEXT_QUERY_KEY => 1,
|
||||
]);
|
||||
}
|
||||
|
||||
private function latestReviewPack(Tenant $tenant): ?ReviewPack
|
||||
{
|
||||
$review = $this->latestPublishedReview($tenant);
|
||||
$pack = $review?->currentExportReviewPack;
|
||||
|
||||
return $pack instanceof ReviewPack ? $pack : null;
|
||||
}
|
||||
|
||||
private function latestReviewPackDownloadUrl(Tenant $tenant): ?string
|
||||
{
|
||||
$user = auth()->user();
|
||||
$pack = $this->latestReviewPack($tenant);
|
||||
|
||||
if (! $user instanceof User || ! $pack instanceof ReviewPack) {
|
||||
return null;
|
||||
}
|
||||
|
||||
if (! $user->can(Capabilities::REVIEW_PACK_VIEW, $tenant)) {
|
||||
return null;
|
||||
}
|
||||
|
||||
if ($pack->status !== ReviewPackStatus::Ready->value) {
|
||||
return null;
|
||||
}
|
||||
|
||||
if ($pack->expires_at !== null && $pack->expires_at->isPast()) {
|
||||
return null;
|
||||
}
|
||||
|
||||
return app(ReviewPackService::class)->generateDownloadUrl($pack, [
|
||||
'source_surface' => self::SOURCE_SURFACE,
|
||||
]);
|
||||
}
|
||||
|
||||
private function latestPublishedAt(Tenant $tenant): ?\Illuminate\Support\Carbon
|
||||
{
|
||||
return $this->latestPublishedReview($tenant)?->published_at;
|
||||
}
|
||||
|
||||
private function reviewTruth(Tenant $tenant): ?ArtifactTruthEnvelope
|
||||
{
|
||||
$review = $this->latestPublishedReview($tenant);
|
||||
|
||||
return $review instanceof TenantReview
|
||||
? app(ArtifactTruthPresenter::class)->forTenantReview($review)
|
||||
: null;
|
||||
}
|
||||
|
||||
private function reviewOutcome(Tenant $tenant): ?CompressedGovernanceOutcome
|
||||
{
|
||||
$presenter = app(ArtifactTruthPresenter::class);
|
||||
$review = $this->latestPublishedReview($tenant);
|
||||
$truth = $this->reviewTruth($tenant);
|
||||
|
||||
if (! $review instanceof TenantReview || ! $truth instanceof ArtifactTruthEnvelope) {
|
||||
return null;
|
||||
}
|
||||
|
||||
return $presenter->compressedOutcomeFor($review, SurfaceCompressionContext::reviewRegister())
|
||||
?? $presenter->compressedOutcomeFromEnvelope($truth, SurfaceCompressionContext::reviewRegister());
|
||||
}
|
||||
|
||||
private function latestReviewStateLabel(Tenant $tenant): string
|
||||
{
|
||||
return $this->reviewOutcome($tenant)?->primaryLabel ?? 'No published review';
|
||||
}
|
||||
|
||||
private function latestReviewStateColor(Tenant $tenant): string
|
||||
{
|
||||
return $this->reviewOutcome($tenant)?->primaryBadge->color ?? 'gray';
|
||||
}
|
||||
|
||||
private function latestReviewStateIcon(Tenant $tenant): ?string
|
||||
{
|
||||
return $this->reviewOutcome($tenant)?->primaryBadge->icon;
|
||||
}
|
||||
|
||||
private function latestReviewStateIconColor(Tenant $tenant): ?string
|
||||
{
|
||||
return $this->reviewOutcome($tenant)?->primaryBadge->iconColor;
|
||||
}
|
||||
|
||||
private function reviewOutcomeDescription(Tenant $tenant): ?string
|
||||
{
|
||||
$review = $this->latestPublishedReview($tenant);
|
||||
|
||||
if (! $review instanceof TenantReview) {
|
||||
return 'No published review available yet';
|
||||
}
|
||||
|
||||
$primaryReason = $this->reviewOutcome($tenant)?->primaryReason;
|
||||
$summary = is_array($review->summary) ? $review->summary : [];
|
||||
$findingOutcomes = $summary['finding_outcomes'] ?? null;
|
||||
|
||||
if (! is_array($findingOutcomes)) {
|
||||
return $primaryReason;
|
||||
}
|
||||
|
||||
$findingOutcomeSummary = app(FindingOutcomeSemantics::class)->compactOutcomeSummary($findingOutcomes);
|
||||
|
||||
if ($findingOutcomeSummary === null) {
|
||||
return $primaryReason;
|
||||
}
|
||||
|
||||
return trim($primaryReason.' Terminal outcomes: '.$findingOutcomeSummary.'.');
|
||||
}
|
||||
|
||||
private function findingSummary(Tenant $tenant): string
|
||||
{
|
||||
$review = $this->latestPublishedReview($tenant);
|
||||
|
||||
if (! $review instanceof TenantReview) {
|
||||
return 'No published review available yet';
|
||||
}
|
||||
|
||||
$summary = is_array($review->summary) ? $review->summary : [];
|
||||
$findingCount = (int) ($summary['finding_count'] ?? 0);
|
||||
$findingOutcomes = is_array($summary['finding_outcomes'] ?? null) ? $summary['finding_outcomes'] : [];
|
||||
$terminalOutcomes = app(FindingOutcomeSemantics::class)->compactOutcomeSummary($findingOutcomes);
|
||||
|
||||
if ($findingCount === 0) {
|
||||
return 'No findings recorded in the published review.';
|
||||
}
|
||||
|
||||
if ($terminalOutcomes === null) {
|
||||
return sprintf('%d findings summarized in the published review.', $findingCount);
|
||||
}
|
||||
|
||||
return sprintf('%d findings. Terminal outcomes: %s.', $findingCount, $terminalOutcomes);
|
||||
}
|
||||
|
||||
private function acceptedRiskSummary(Tenant $tenant): string
|
||||
{
|
||||
$review = $this->latestPublishedReview($tenant);
|
||||
|
||||
if (! $review instanceof TenantReview) {
|
||||
return 'No published review available yet';
|
||||
}
|
||||
|
||||
$summary = is_array($review->summary) ? $review->summary : [];
|
||||
$riskAcceptance = is_array($summary['risk_acceptance'] ?? null) ? $summary['risk_acceptance'] : [];
|
||||
$statusMarkedCount = (int) ($riskAcceptance['status_marked_count'] ?? 0);
|
||||
$validGovernedCount = (int) ($riskAcceptance['valid_governed_count'] ?? 0);
|
||||
$warningCount = (int) ($riskAcceptance['warning_count'] ?? 0);
|
||||
|
||||
return match (true) {
|
||||
$statusMarkedCount === 0 => 'No accepted risks recorded.',
|
||||
$warningCount > 0 => sprintf('%d accepted risks need governance follow-up (%d total).', $warningCount, $statusMarkedCount),
|
||||
$validGovernedCount > 0 => sprintf('%d accepted risks are governed.', $validGovernedCount),
|
||||
default => sprintf('%d accepted risks are on record.', $statusMarkedCount),
|
||||
};
|
||||
}
|
||||
|
||||
private function reviewPackAvailability(Tenant $tenant): string
|
||||
{
|
||||
$pack = $this->latestReviewPack($tenant);
|
||||
|
||||
if (! $pack instanceof ReviewPack) {
|
||||
return 'Unavailable';
|
||||
}
|
||||
|
||||
if ($pack->status !== ReviewPackStatus::Ready->value) {
|
||||
return 'Unavailable';
|
||||
}
|
||||
|
||||
if ($pack->expires_at !== null && $pack->expires_at->isPast()) {
|
||||
return 'Unavailable';
|
||||
}
|
||||
|
||||
return 'Available';
|
||||
}
|
||||
}
|
||||
@ -9,6 +9,7 @@
|
||||
use App\Models\TenantReview;
|
||||
use App\Models\User;
|
||||
use App\Models\Workspace;
|
||||
use App\Services\ReviewPackService;
|
||||
use App\Services\TenantReviews\TenantReviewRegisterService;
|
||||
use App\Support\Auth\Capabilities;
|
||||
use App\Support\Badges\BadgeCatalog;
|
||||
@ -176,6 +177,10 @@ public function table(Table $table): Table
|
||||
->visible(fn (TenantReview $record): bool => auth()->user() instanceof User
|
||||
&& auth()->user()->can(Capabilities::TENANT_REVIEW_MANAGE, $record->tenant)
|
||||
&& in_array($record->status, ['ready', 'published'], true))
|
||||
->disabled(fn (TenantReview $record): bool => (bool) (app(ReviewPackService::class)->reviewPackGenerationDecisionForTenant($record->tenant)['is_blocked'] ?? false))
|
||||
->tooltip(fn (TenantReview $record): ?string => (bool) (app(ReviewPackService::class)->reviewPackGenerationDecisionForTenant($record->tenant)['is_blocked'] ?? false)
|
||||
? (string) (app(ReviewPackService::class)->reviewPackGenerationDecisionForTenant($record->tenant)['block_reason'] ?? '')
|
||||
: null)
|
||||
->action(fn (TenantReview $record): mixed => TenantReviewResource::executeExport($record)),
|
||||
])
|
||||
->bulkActions([])
|
||||
|
||||
@ -7,7 +7,11 @@
|
||||
use App\Models\User;
|
||||
use App\Models\Workspace;
|
||||
use App\Models\WorkspaceSetting;
|
||||
use App\Support\Ai\AiPolicyMode;
|
||||
use App\Support\Ai\AiUseCaseCatalog;
|
||||
use App\Services\Auth\WorkspaceCapabilityResolver;
|
||||
use App\Services\Entitlements\WorkspaceEntitlementResolver;
|
||||
use App\Services\Entitlements\WorkspacePlanProfileCatalog;
|
||||
use App\Services\Settings\SettingsResolver;
|
||||
use App\Services\Settings\SettingsWriter;
|
||||
use App\Support\Auth\Capabilities;
|
||||
@ -20,7 +24,9 @@
|
||||
use BackedEnum;
|
||||
use Filament\Actions\Action;
|
||||
use Filament\Forms\Components\KeyValue;
|
||||
use Filament\Forms\Components\Placeholder;
|
||||
use Filament\Forms\Components\Select;
|
||||
use Filament\Forms\Components\Textarea;
|
||||
use Filament\Forms\Components\TextInput;
|
||||
use Filament\Notifications\Notification;
|
||||
use Filament\Pages\Page;
|
||||
@ -51,6 +57,7 @@ class WorkspaceSettings extends Page
|
||||
* @var array<string, array{domain: string, key: string, type: 'int'|'json'|'string'|'bool'}>
|
||||
*/
|
||||
private const SETTING_FIELDS = [
|
||||
'ai_policy_mode' => ['domain' => 'ai', 'key' => 'policy_mode', 'type' => 'string'],
|
||||
'backup_retention_keep_last_default' => ['domain' => 'backup', 'key' => 'retention_keep_last_default', 'type' => 'int'],
|
||||
'backup_retention_min_floor' => ['domain' => 'backup', 'key' => 'retention_min_floor', 'type' => 'int'],
|
||||
'drift_severity_mapping' => ['domain' => 'drift', 'key' => 'severity_mapping', 'type' => 'json'],
|
||||
@ -58,10 +65,23 @@ class WorkspaceSettings extends Page
|
||||
'baseline_alert_min_severity' => ['domain' => 'baseline', 'key' => 'alert_min_severity', 'type' => 'string'],
|
||||
'baseline_auto_close_enabled' => ['domain' => 'baseline', 'key' => 'auto_close_enabled', 'type' => 'bool'],
|
||||
'findings_sla_days' => ['domain' => 'findings', 'key' => 'sla_days', 'type' => 'json'],
|
||||
'entitlements_plan_profile' => ['domain' => 'entitlements', 'key' => 'plan_profile', 'type' => 'string'],
|
||||
'entitlements_managed_tenant_limit_override_value' => ['domain' => 'entitlements', 'key' => 'managed_tenant_limit_override_value', 'type' => 'int'],
|
||||
'entitlements_managed_tenant_limit_override_reason' => ['domain' => 'entitlements', 'key' => 'managed_tenant_limit_override_reason', 'type' => 'string'],
|
||||
'entitlements_review_pack_generation_override_value' => ['domain' => 'entitlements', 'key' => 'review_pack_generation_override_value', 'type' => 'bool'],
|
||||
'entitlements_review_pack_generation_override_reason' => ['domain' => 'entitlements', 'key' => 'review_pack_generation_override_reason', 'type' => 'string'],
|
||||
'operations_operation_run_retention_days' => ['domain' => 'operations', 'key' => 'operation_run_retention_days', 'type' => 'int'],
|
||||
'operations_stuck_run_threshold_minutes' => ['domain' => 'operations', 'key' => 'stuck_run_threshold_minutes', 'type' => 'int'],
|
||||
];
|
||||
|
||||
/**
|
||||
* @var array<string, string>
|
||||
*/
|
||||
private const ENTITLEMENT_OVERRIDE_REASON_FIELDS = [
|
||||
'entitlements_managed_tenant_limit_override_value' => 'entitlements_managed_tenant_limit_override_reason',
|
||||
'entitlements_review_pack_generation_override_value' => 'entitlements_review_pack_generation_override_reason',
|
||||
];
|
||||
|
||||
/**
|
||||
* Fields rendered as Filament KeyValue components (array state, not JSON string).
|
||||
*
|
||||
@ -111,6 +131,14 @@ class WorkspaceSettings extends Page
|
||||
*/
|
||||
public array $resolvedSettings = [];
|
||||
|
||||
/**
|
||||
* @var array{
|
||||
* plan_profile?: array{id: string, label: string, description: string, managed_tenant_limit_default: int, review_pack_generation_default: bool, is_default: bool},
|
||||
* decisions?: array<string, array<string, mixed>>
|
||||
* }
|
||||
*/
|
||||
public array $entitlementSummary = [];
|
||||
|
||||
/**
|
||||
* Per-domain "last modified" metadata: domain => {user_name, updated_at}.
|
||||
*
|
||||
@ -180,6 +208,71 @@ public function content(Schema $schema): Schema
|
||||
return $schema
|
||||
->statePath('data')
|
||||
->schema([
|
||||
Section::make('Workspace entitlements')
|
||||
->description($this->sectionDescription('entitlements', 'Select a plan profile and optional first-slice overrides for onboarding activation and review pack generation.'))
|
||||
->columns(2)
|
||||
->schema([
|
||||
Select::make('entitlements_plan_profile')
|
||||
->label('Plan profile')
|
||||
->options(app(WorkspacePlanProfileCatalog::class)->optionLabels())
|
||||
->placeholder(sprintf('Use default profile (%s)', app(WorkspacePlanProfileCatalog::class)->default()['label']))
|
||||
->native(false)
|
||||
->columnSpanFull()
|
||||
->disabled(fn (): bool => ! $this->currentUserCanManage())
|
||||
->helperText(fn (): string => $this->planProfileFieldHelperText()),
|
||||
TextInput::make('entitlements_managed_tenant_limit_override_value')
|
||||
->label('Managed tenant activation limit override')
|
||||
->placeholder('Unset (uses plan profile default)')
|
||||
->suffix('tenants')
|
||||
->hint('0 or greater')
|
||||
->numeric()
|
||||
->integer()
|
||||
->minValue(0)
|
||||
->disabled(fn (): bool => ! $this->currentUserCanManage())
|
||||
->helperText(fn (): string => $this->managedTenantLimitHelperText())
|
||||
->hintAction($this->makeResetAction('entitlements_managed_tenant_limit_override_value')),
|
||||
Textarea::make('entitlements_managed_tenant_limit_override_reason')
|
||||
->label('Managed tenant activation override reason')
|
||||
->rows(3)
|
||||
->maxLength(500)
|
||||
->disabled(fn (): bool => ! $this->currentUserCanManage())
|
||||
->helperText(fn (): string => $this->managedTenantLimitReasonHelperText()),
|
||||
Select::make('entitlements_review_pack_generation_override_value')
|
||||
->label('Review pack generation override')
|
||||
->options(self::booleanOptions())
|
||||
->placeholder('Unset (uses plan profile default)')
|
||||
->native(false)
|
||||
->disabled(fn (): bool => ! $this->currentUserCanManage())
|
||||
->helperText(fn (): string => $this->reviewPackGenerationHelperText())
|
||||
->hintAction($this->makeResetAction('entitlements_review_pack_generation_override_value')),
|
||||
Textarea::make('entitlements_review_pack_generation_override_reason')
|
||||
->label('Review pack generation override reason')
|
||||
->rows(3)
|
||||
->maxLength(500)
|
||||
->disabled(fn (): bool => ! $this->currentUserCanManage())
|
||||
->helperText(fn (): string => $this->reviewPackGenerationReasonHelperText()),
|
||||
]),
|
||||
Section::make('Workspace AI policy')
|
||||
->description($this->sectionDescription('ai', 'Control whether the workspace disables AI entirely or allows approved internal-only drafts on private-only infrastructure.'))
|
||||
->schema([
|
||||
Select::make('ai_policy_mode')
|
||||
->label('AI posture')
|
||||
->options(AiPolicyMode::optionLabels())
|
||||
->placeholder('Unset (uses default)')
|
||||
->native(false)
|
||||
->disabled(fn (): bool => ! $this->currentUserCanManage())
|
||||
->helperText(fn (): string => $this->aiPolicyModeHelperText())
|
||||
->hintAction($this->makeResetAction('ai_policy_mode')),
|
||||
Placeholder::make('ai_approved_use_cases')
|
||||
->label('Approved use cases')
|
||||
->content(fn (): string => $this->aiApprovedUseCasesText()),
|
||||
Placeholder::make('ai_allowed_provider_classes')
|
||||
->label('Allowed provider classes')
|
||||
->content(fn (): string => $this->aiAllowedProviderClassesText()),
|
||||
Placeholder::make('ai_blocked_data_classifications')
|
||||
->label('Blocked data classifications')
|
||||
->content(fn (): string => $this->aiBlockedDataClassificationsText()),
|
||||
]),
|
||||
Section::make('Backup settings')
|
||||
->description($this->sectionDescription('backup', 'Workspace defaults used when a schedule has no explicit value.'))
|
||||
->schema([
|
||||
@ -455,6 +548,56 @@ public function resetSetting(string $field): void
|
||||
->send();
|
||||
}
|
||||
|
||||
private function resetEntitlementOverridePair(string $field): void
|
||||
{
|
||||
$user = auth()->user();
|
||||
|
||||
if (! $user instanceof User) {
|
||||
abort(403);
|
||||
}
|
||||
|
||||
$this->authorizeWorkspaceManage($user);
|
||||
|
||||
if (! $this->hasEntitlementOverridePair($field)) {
|
||||
Notification::make()
|
||||
->title('Entitlement already uses plan profile default')
|
||||
->success()
|
||||
->send();
|
||||
|
||||
return;
|
||||
}
|
||||
|
||||
$writer = app(SettingsWriter::class);
|
||||
$valueSetting = $this->settingForField($field);
|
||||
$reasonField = self::ENTITLEMENT_OVERRIDE_REASON_FIELDS[$field];
|
||||
$reasonSetting = $this->settingForField($reasonField);
|
||||
|
||||
if ($this->workspaceOverrideForField($field) !== null) {
|
||||
$writer->resetWorkspaceSetting(
|
||||
actor: $user,
|
||||
workspace: $this->workspace,
|
||||
domain: $valueSetting['domain'],
|
||||
key: $valueSetting['key'],
|
||||
);
|
||||
}
|
||||
|
||||
if ($this->workspaceOverrideForField($reasonField) !== null) {
|
||||
$writer->resetWorkspaceSetting(
|
||||
actor: $user,
|
||||
workspace: $this->workspace,
|
||||
domain: $reasonSetting['domain'],
|
||||
key: $reasonSetting['key'],
|
||||
);
|
||||
}
|
||||
|
||||
$this->loadFormState();
|
||||
|
||||
Notification::make()
|
||||
->title('Workspace entitlement override reset')
|
||||
->success()
|
||||
->send();
|
||||
}
|
||||
|
||||
private function loadFormState(): void
|
||||
{
|
||||
$resolver = app(SettingsResolver::class);
|
||||
@ -490,6 +633,7 @@ private function loadFormState(): void
|
||||
$this->data = $data;
|
||||
$this->workspaceOverrides = $workspaceOverrides;
|
||||
$this->resolvedSettings = $resolvedSettings;
|
||||
$this->entitlementSummary = app(WorkspaceEntitlementResolver::class)->summary($this->workspace);
|
||||
|
||||
$this->loadDomainLastModified();
|
||||
}
|
||||
@ -563,15 +707,25 @@ private function makeResetAction(string $field): Action
|
||||
->color('danger')
|
||||
->requiresConfirmation()
|
||||
->action(function () use ($field): void {
|
||||
if ($this->isEntitlementOverrideValueField($field)) {
|
||||
$this->resetEntitlementOverridePair($field);
|
||||
|
||||
return;
|
||||
}
|
||||
|
||||
$this->resetSetting($field);
|
||||
})
|
||||
->disabled(fn (): bool => ! $this->currentUserCanManage() || ! $this->hasWorkspaceOverride($field))
|
||||
->disabled(fn (): bool => ! $this->currentUserCanManage() || ! $this->canResetField($field))
|
||||
->tooltip(function () use ($field): ?string {
|
||||
if (! $this->currentUserCanManage()) {
|
||||
return 'You do not have permission to manage workspace settings.';
|
||||
}
|
||||
|
||||
if (! $this->hasWorkspaceOverride($field)) {
|
||||
if (! $this->canResetField($field)) {
|
||||
if ($this->isEntitlementOverrideValueField($field)) {
|
||||
return 'No workspace override to reset.';
|
||||
}
|
||||
|
||||
return 'No workspace override to reset.';
|
||||
}
|
||||
|
||||
@ -579,6 +733,200 @@ private function makeResetAction(string $field): Action
|
||||
});
|
||||
}
|
||||
|
||||
private function canResetField(string $field): bool
|
||||
{
|
||||
if ($this->isEntitlementOverrideValueField($field)) {
|
||||
return $this->hasEntitlementOverridePair($field);
|
||||
}
|
||||
|
||||
return $this->hasWorkspaceOverride($field);
|
||||
}
|
||||
|
||||
private function isEntitlementOverrideValueField(string $field): bool
|
||||
{
|
||||
return array_key_exists($field, self::ENTITLEMENT_OVERRIDE_REASON_FIELDS);
|
||||
}
|
||||
|
||||
private function hasEntitlementOverridePair(string $field): bool
|
||||
{
|
||||
if (! $this->isEntitlementOverrideValueField($field)) {
|
||||
return false;
|
||||
}
|
||||
|
||||
$reasonField = self::ENTITLEMENT_OVERRIDE_REASON_FIELDS[$field];
|
||||
|
||||
return $this->workspaceOverrideForField($field) !== null
|
||||
|| $this->workspaceOverrideForField($reasonField) !== null;
|
||||
}
|
||||
|
||||
private function planProfileFieldHelperText(): string
|
||||
{
|
||||
$profile = $this->resolvedPlanProfile();
|
||||
$selectedProfile = $this->workspaceOverrideForField('entitlements_plan_profile');
|
||||
|
||||
if (! is_string($selectedProfile) || $selectedProfile === '') {
|
||||
return sprintf('Default profile: %s. %s', $profile['label'], $profile['description']);
|
||||
}
|
||||
|
||||
return sprintf('Effective profile: %s. %s', $profile['label'], $profile['description']);
|
||||
}
|
||||
|
||||
private function managedTenantLimitHelperText(): string
|
||||
{
|
||||
$decision = $this->entitlementDecision(WorkspaceEntitlementResolver::KEY_MANAGED_TENANT_ACTIVATION_LIMIT);
|
||||
$effectiveValue = (int) ($decision['effective_value'] ?? 0);
|
||||
$currentUsage = (int) ($decision['current_usage'] ?? 0);
|
||||
$remainingCapacity = (int) ($decision['remaining_capacity'] ?? 0);
|
||||
|
||||
$capacityText = $remainingCapacity < 0
|
||||
? sprintf('Over limit by %d.', abs($remainingCapacity))
|
||||
: sprintf('%d remaining.', $remainingCapacity);
|
||||
|
||||
return sprintf(
|
||||
'Effective limit: %d active managed tenants. Current usage: %d. %s Source: %s.',
|
||||
$effectiveValue,
|
||||
$currentUsage,
|
||||
$capacityText,
|
||||
$this->entitlementSourceLabel($decision),
|
||||
);
|
||||
}
|
||||
|
||||
private function managedTenantLimitReasonHelperText(): string
|
||||
{
|
||||
return $this->entitlementReasonHelperText(
|
||||
valueField: 'entitlements_managed_tenant_limit_override_value',
|
||||
key: WorkspaceEntitlementResolver::KEY_MANAGED_TENANT_ACTIVATION_LIMIT,
|
||||
);
|
||||
}
|
||||
|
||||
private function reviewPackGenerationHelperText(): string
|
||||
{
|
||||
$decision = $this->entitlementDecision(WorkspaceEntitlementResolver::KEY_REVIEW_PACK_GENERATION_ENABLED);
|
||||
|
||||
return sprintf(
|
||||
'Effective state: %s. Source: %s.',
|
||||
(bool) ($decision['effective_value'] ?? false) ? 'enabled' : 'disabled',
|
||||
$this->entitlementSourceLabel($decision),
|
||||
);
|
||||
}
|
||||
|
||||
private function reviewPackGenerationReasonHelperText(): string
|
||||
{
|
||||
return $this->entitlementReasonHelperText(
|
||||
valueField: 'entitlements_review_pack_generation_override_value',
|
||||
key: WorkspaceEntitlementResolver::KEY_REVIEW_PACK_GENERATION_ENABLED,
|
||||
);
|
||||
}
|
||||
|
||||
private function aiPolicyModeHelperText(): string
|
||||
{
|
||||
$resolved = $this->resolvedSettings['ai_policy_mode'] ?? null;
|
||||
|
||||
if (! is_array($resolved)) {
|
||||
return '';
|
||||
}
|
||||
|
||||
$mode = AiPolicyMode::tryFrom((string) ($resolved['value'] ?? AiPolicyMode::Disabled->value))
|
||||
?? AiPolicyMode::Disabled;
|
||||
|
||||
$prefix = ! $this->hasWorkspaceOverride('ai_policy_mode')
|
||||
? sprintf('Effective posture: %s. Source: %s.', $mode->label(), $this->sourceLabel((string) ($resolved['source'] ?? 'system_default')))
|
||||
: sprintf('Effective posture: %s.', $mode->label());
|
||||
|
||||
return sprintf('%s %s', $prefix, $mode->summary());
|
||||
}
|
||||
|
||||
private function aiApprovedUseCasesText(): string
|
||||
{
|
||||
return implode('; ', app(AiUseCaseCatalog::class)->labels()).'.';
|
||||
}
|
||||
|
||||
private function aiAllowedProviderClassesText(): string
|
||||
{
|
||||
$labels = app(AiUseCaseCatalog::class)->allowedProviderClassLabelsForMode($this->effectiveAiPolicyMode());
|
||||
|
||||
if ($labels === []) {
|
||||
return 'No provider classes are allowed while AI is disabled.';
|
||||
}
|
||||
|
||||
return implode(', ', $labels).'.';
|
||||
}
|
||||
|
||||
private function aiBlockedDataClassificationsText(): string
|
||||
{
|
||||
return implode(', ', app(AiUseCaseCatalog::class)->blockedDataClassificationLabels()).'.';
|
||||
}
|
||||
|
||||
private function effectiveAiPolicyMode(): AiPolicyMode
|
||||
{
|
||||
$resolved = $this->resolvedSettings['ai_policy_mode'] ?? null;
|
||||
|
||||
if (! is_array($resolved)) {
|
||||
return AiPolicyMode::Disabled;
|
||||
}
|
||||
|
||||
return AiPolicyMode::tryFrom((string) ($resolved['value'] ?? AiPolicyMode::Disabled->value))
|
||||
?? AiPolicyMode::Disabled;
|
||||
}
|
||||
|
||||
private function entitlementReasonHelperText(string $valueField, string $key): string
|
||||
{
|
||||
$decision = $this->entitlementDecision($key);
|
||||
$rationale = is_string($decision['rationale'] ?? null) ? $decision['rationale'] : null;
|
||||
|
||||
if ($this->workspaceOverrideForField($valueField) === null) {
|
||||
return 'Required when an explicit override value is set.';
|
||||
}
|
||||
|
||||
if ($rationale === null || $rationale === '') {
|
||||
return 'Required when an explicit override value is set.';
|
||||
}
|
||||
|
||||
return sprintf('Current rationale: %s', $rationale);
|
||||
}
|
||||
|
||||
/**
|
||||
* @return array{id: string, label: string, description: string, managed_tenant_limit_default: int, review_pack_generation_default: bool, is_default: bool}
|
||||
*/
|
||||
private function resolvedPlanProfile(): array
|
||||
{
|
||||
$profile = $this->entitlementSummary['plan_profile'] ?? null;
|
||||
|
||||
if (is_array($profile)) {
|
||||
return $profile;
|
||||
}
|
||||
|
||||
return app(WorkspacePlanProfileCatalog::class)->default();
|
||||
}
|
||||
|
||||
/**
|
||||
* @return array<string, mixed>
|
||||
*/
|
||||
private function entitlementDecision(string $key): array
|
||||
{
|
||||
$decision = $this->entitlementSummary['decisions'][$key] ?? null;
|
||||
|
||||
return is_array($decision) ? $decision : [];
|
||||
}
|
||||
|
||||
/**
|
||||
* @param array<string, mixed> $decision
|
||||
*/
|
||||
private function entitlementSourceLabel(array $decision): string
|
||||
{
|
||||
if (($decision['source'] ?? null) === 'workspace_override') {
|
||||
return 'workspace override';
|
||||
}
|
||||
|
||||
$planProfileLabel = $decision['plan_profile_label'] ?? null;
|
||||
|
||||
if (is_string($planProfileLabel) && $planProfileLabel !== '') {
|
||||
return sprintf('%s plan profile', $planProfileLabel);
|
||||
}
|
||||
|
||||
return 'plan profile default';
|
||||
}
|
||||
|
||||
private function helperTextFor(string $field): string
|
||||
{
|
||||
$resolved = $this->resolvedSettings[$field] ?? null;
|
||||
@ -721,6 +1069,27 @@ private function normalizedInputValues(): array
|
||||
}
|
||||
}
|
||||
|
||||
foreach (self::ENTITLEMENT_OVERRIDE_REASON_FIELDS as $valueField => $reasonField) {
|
||||
if (($normalizedValues[$valueField] ?? null) === null) {
|
||||
$normalizedValues[$reasonField] = null;
|
||||
|
||||
continue;
|
||||
}
|
||||
|
||||
if (($normalizedValues[$reasonField] ?? null) !== null) {
|
||||
continue;
|
||||
}
|
||||
|
||||
$message = match ($valueField) {
|
||||
'entitlements_managed_tenant_limit_override_value' => 'Override reason is required when a managed tenant activation limit override is set.',
|
||||
'entitlements_review_pack_generation_override_value' => 'Override reason is required when a review pack generation override is set.',
|
||||
default => 'Override reason is required when an explicit override is set.',
|
||||
};
|
||||
|
||||
$validationErrors['data.'.$reasonField] ??= [];
|
||||
$validationErrors['data.'.$reasonField][] = $message;
|
||||
}
|
||||
|
||||
return [$normalizedValues, $validationErrors];
|
||||
}
|
||||
|
||||
|
||||
@ -11,6 +11,7 @@
|
||||
use App\Filament\Widgets\Dashboard\RecentDriftFindings;
|
||||
use App\Filament\Widgets\Dashboard\RecentOperations;
|
||||
use App\Filament\Widgets\Dashboard\RecoveryReadiness;
|
||||
use App\Models\SupportRequest;
|
||||
use App\Models\Tenant;
|
||||
use App\Models\User;
|
||||
use App\Services\Audit\WorkspaceAuditLogger;
|
||||
@ -20,8 +21,14 @@
|
||||
use App\Support\ProductTelemetry\ProductUsageEventCatalog;
|
||||
use App\Support\Rbac\UiEnforcement;
|
||||
use App\Support\SupportDiagnostics\SupportDiagnosticBundleBuilder;
|
||||
use App\Support\SupportRequests\SupportRequestSubmissionService;
|
||||
use Filament\Actions\Action;
|
||||
use Filament\Facades\Filament;
|
||||
use Filament\Forms\Components\Placeholder;
|
||||
use Filament\Forms\Components\Select;
|
||||
use Filament\Forms\Components\TextInput;
|
||||
use Filament\Forms\Components\Textarea;
|
||||
use Filament\Notifications\Notification;
|
||||
use Filament\Pages\Dashboard;
|
||||
use Filament\Widgets\Widget;
|
||||
use Filament\Widgets\WidgetConfiguration;
|
||||
@ -70,10 +77,72 @@ public function getColumns(): int|array
|
||||
protected function getHeaderActions(): array
|
||||
{
|
||||
return [
|
||||
$this->requestSupportAction(),
|
||||
$this->openSupportDiagnosticsAction(),
|
||||
];
|
||||
}
|
||||
|
||||
public function authorizeTenantSupportRequest(): void
|
||||
{
|
||||
$this->resolveCurrentTenantForCapability(Capabilities::SUPPORT_REQUESTS_CREATE);
|
||||
}
|
||||
|
||||
private function requestSupportAction(): Action
|
||||
{
|
||||
$action = Action::make('requestSupport')
|
||||
->label('Request support')
|
||||
->icon('heroicon-o-paper-airplane')
|
||||
->color('gray')
|
||||
->slideOver()
|
||||
->stickyModalHeader()
|
||||
->modalHeading('Request support')
|
||||
->modalDescription('Share a concise summary and TenantAtlas will attach redacted context from existing records.')
|
||||
->modalSubmitActionLabel('Submit request')
|
||||
->form([
|
||||
Placeholder::make('included_context')
|
||||
->label('Included context')
|
||||
->content(fn (): string => $this->tenantSupportRequestAttachmentSummary())
|
||||
->columnSpanFull(),
|
||||
Select::make('severity')
|
||||
->label('Severity')
|
||||
->options(SupportRequest::severityOptions())
|
||||
->default(SupportRequest::SEVERITY_NORMAL)
|
||||
->required()
|
||||
->native(false),
|
||||
TextInput::make('summary')
|
||||
->label('Summary')
|
||||
->required()
|
||||
->columnSpanFull(),
|
||||
Textarea::make('reproduction_notes')
|
||||
->label('Reproduction notes')
|
||||
->rows(4)
|
||||
->columnSpanFull(),
|
||||
TextInput::make('contact_name')
|
||||
->label('Contact name')
|
||||
->default(fn (): ?string => $this->resolveDashboardActor()->name),
|
||||
TextInput::make('contact_email')
|
||||
->label('Contact email')
|
||||
->email()
|
||||
->default(fn (): ?string => $this->resolveDashboardActor()->email),
|
||||
])
|
||||
->action(function (array $data): void {
|
||||
$actor = $this->resolveDashboardActor();
|
||||
$tenant = $this->resolveCurrentTenantForCapability(Capabilities::SUPPORT_REQUESTS_CREATE);
|
||||
|
||||
$supportRequest = app(SupportRequestSubmissionService::class)->submitForTenant($tenant, $actor, $data);
|
||||
|
||||
Notification::make()
|
||||
->title('Support request submitted')
|
||||
->body('Reference '.$supportRequest->internal_reference)
|
||||
->success()
|
||||
->send();
|
||||
});
|
||||
|
||||
return UiEnforcement::forAction($action)
|
||||
->requireCapability(Capabilities::SUPPORT_REQUESTS_CREATE)
|
||||
->apply();
|
||||
}
|
||||
|
||||
private function openSupportDiagnosticsAction(): Action
|
||||
{
|
||||
$action = Action::make('openSupportDiagnostics')
|
||||
@ -104,34 +173,16 @@ private function openSupportDiagnosticsAction(): Action
|
||||
*/
|
||||
public function tenantSupportDiagnosticBundle(): array
|
||||
{
|
||||
$user = auth()->user();
|
||||
$tenant = Filament::getTenant();
|
||||
|
||||
if (! $user instanceof User || ! $tenant instanceof Tenant) {
|
||||
abort(404);
|
||||
}
|
||||
|
||||
$resolver = app(CapabilityResolver::class);
|
||||
|
||||
if (! $resolver->isMember($user, $tenant)) {
|
||||
abort(404);
|
||||
}
|
||||
|
||||
if (! $resolver->can($user, $tenant, Capabilities::SUPPORT_DIAGNOSTICS_VIEW)) {
|
||||
abort(403);
|
||||
}
|
||||
$user = $this->resolveDashboardActor();
|
||||
$tenant = $this->resolveCurrentTenantForCapability(Capabilities::SUPPORT_DIAGNOSTICS_VIEW);
|
||||
|
||||
return app(SupportDiagnosticBundleBuilder::class)->forTenant($tenant, $user);
|
||||
}
|
||||
|
||||
private function auditTenantSupportDiagnosticsOpen(): void
|
||||
{
|
||||
$user = auth()->user();
|
||||
$tenant = Filament::getTenant();
|
||||
|
||||
if (! $user instanceof User || ! $tenant instanceof Tenant) {
|
||||
abort(404);
|
||||
}
|
||||
$user = $this->resolveDashboardActor();
|
||||
$tenant = $this->resolveCurrentTenantForCapability(Capabilities::SUPPORT_DIAGNOSTICS_VIEW);
|
||||
|
||||
$this->recordSupportDiagnosticsOpened(
|
||||
tenant: $tenant,
|
||||
@ -172,4 +223,57 @@ private function recordSupportDiagnosticsOpened(Tenant $tenant, array $bundle, U
|
||||
|
||||
$this->supportDiagnosticsAuditKeys[] = $auditKey;
|
||||
}
|
||||
|
||||
private function resolveDashboardActor(): User
|
||||
{
|
||||
$user = auth()->user();
|
||||
|
||||
if (! $user instanceof User) {
|
||||
abort(404);
|
||||
}
|
||||
|
||||
return $user;
|
||||
}
|
||||
|
||||
private function resolveCurrentTenantForCapability(string $capability): Tenant
|
||||
{
|
||||
$user = $this->resolveDashboardActor();
|
||||
$tenant = Filament::getTenant();
|
||||
|
||||
if (! $tenant instanceof Tenant) {
|
||||
abort(404);
|
||||
}
|
||||
|
||||
$resolver = app(CapabilityResolver::class);
|
||||
|
||||
if (! $resolver->isMember($user, $tenant)) {
|
||||
abort(404);
|
||||
}
|
||||
|
||||
if (! $resolver->can($user, $tenant, $capability)) {
|
||||
abort(403);
|
||||
}
|
||||
|
||||
return $tenant;
|
||||
}
|
||||
|
||||
private function tenantSupportRequestAttachmentSummary(): string
|
||||
{
|
||||
$tenant = Filament::getTenant();
|
||||
$user = auth()->user();
|
||||
|
||||
if (! $tenant instanceof Tenant || ! $user instanceof User) {
|
||||
return 'Only canonical redacted tenant context will be attached.';
|
||||
}
|
||||
|
||||
$resolver = app(CapabilityResolver::class);
|
||||
|
||||
if (! $resolver->isMember($user, $tenant)) {
|
||||
return 'Only canonical redacted tenant context will be attached.';
|
||||
}
|
||||
|
||||
return $resolver->can($user, $tenant, Capabilities::SUPPORT_DIAGNOSTICS_VIEW)
|
||||
? 'A redacted diagnostic snapshot and the canonical tenant context will be attached.'
|
||||
: 'Only the canonical redacted tenant context will be attached because you cannot view support diagnostics.';
|
||||
}
|
||||
}
|
||||
|
||||
@ -30,6 +30,7 @@
|
||||
use App\Services\Onboarding\OnboardingDraftResolver;
|
||||
use App\Services\Onboarding\OnboardingDraftStageResolver;
|
||||
use App\Services\Onboarding\OnboardingLifecycleService;
|
||||
use App\Services\Entitlements\WorkspaceEntitlementResolver;
|
||||
use App\Services\OperationRunService;
|
||||
use App\Services\Providers\ProviderConnectionMutationService;
|
||||
use App\Services\Providers\ProviderOperationRegistry;
|
||||
@ -662,7 +663,16 @@ public function content(Schema $schema): Schema
|
||||
Text::make(fn (): string => $this->completionSummaryBootstrapSummary())
|
||||
->badge()
|
||||
->color(fn (): string => $this->completionSummaryBootstrapColor()),
|
||||
Text::make('Activation entitlement')
|
||||
->color('gray'),
|
||||
Text::make(fn (): string => $this->completionSummaryEntitlementSummary())
|
||||
->badge()
|
||||
->color(fn (): string => $this->completionSummaryEntitlementColor()),
|
||||
]),
|
||||
Callout::make('Activation entitlement')
|
||||
->description(fn (): string => $this->completionSummaryEntitlementDetail())
|
||||
->warning()
|
||||
->visible(fn (): bool => $this->completionSummaryEntitlementBlocked()),
|
||||
Callout::make('Bootstrap needs attention')
|
||||
->description(fn (): string => $this->completionSummaryBootstrapRecoveryMessage())
|
||||
->warning()
|
||||
@ -700,9 +710,7 @@ public function content(Schema $schema): Schema
|
||||
->modalSubmitActionLabel('Yes, complete onboarding')
|
||||
->disabled(fn (): bool => ! $this->canCompleteOnboarding()
|
||||
|| ! $this->currentUserCan(Capabilities::WORKSPACE_MANAGED_TENANT_ONBOARD_ACTIVATE))
|
||||
->tooltip(fn (): ?string => $this->currentUserCan(Capabilities::WORKSPACE_MANAGED_TENANT_ONBOARD_ACTIVATE)
|
||||
? null
|
||||
: 'Owner required to complete onboarding.')
|
||||
->tooltip(fn (): ?string => $this->completionActionTooltip())
|
||||
->action(fn () => $this->completeOnboarding()),
|
||||
]),
|
||||
]),
|
||||
@ -4498,6 +4506,10 @@ private function canCompleteOnboarding(): bool
|
||||
return false;
|
||||
}
|
||||
|
||||
if ($this->completionSummaryEntitlementBlocked()) {
|
||||
return false;
|
||||
}
|
||||
|
||||
$user = $this->currentUser();
|
||||
|
||||
if (! app(TenantOperabilityService::class)->outcomeFor(
|
||||
@ -4530,6 +4542,111 @@ private function canCompleteOnboarding(): bool
|
||||
return trim((string) ($this->data['override_reason'] ?? '')) !== '';
|
||||
}
|
||||
|
||||
/**
|
||||
* @return array<string, mixed>
|
||||
*/
|
||||
private function completionSummaryEntitlementDecision(): array
|
||||
{
|
||||
if (! isset($this->workspace) || ! $this->workspace instanceof Workspace) {
|
||||
return [];
|
||||
}
|
||||
|
||||
return app(WorkspaceEntitlementResolver::class)->resolve(
|
||||
$this->workspace,
|
||||
WorkspaceEntitlementResolver::KEY_MANAGED_TENANT_ACTIVATION_LIMIT,
|
||||
);
|
||||
}
|
||||
|
||||
private function completionSummaryEntitlementBlocked(): bool
|
||||
{
|
||||
return (bool) ($this->completionSummaryEntitlementDecision()['is_blocked'] ?? false);
|
||||
}
|
||||
|
||||
private function completionSummaryEntitlementSummary(): string
|
||||
{
|
||||
$decision = $this->completionSummaryEntitlementDecision();
|
||||
$currentUsage = (int) ($decision['current_usage'] ?? 0);
|
||||
$effectiveValue = (int) ($decision['effective_value'] ?? 0);
|
||||
$sourceLabel = $this->completionSummaryEntitlementSourceLabel($decision);
|
||||
|
||||
return sprintf(
|
||||
'%s - %d active of %d allowed (%s)',
|
||||
$this->completionSummaryEntitlementBlocked() ? 'Blocked' : 'Allowed',
|
||||
$currentUsage,
|
||||
$effectiveValue,
|
||||
$sourceLabel,
|
||||
);
|
||||
}
|
||||
|
||||
private function completionSummaryEntitlementDetail(): string
|
||||
{
|
||||
$decision = $this->completionSummaryEntitlementDecision();
|
||||
$currentUsage = (int) ($decision['current_usage'] ?? 0);
|
||||
$effectiveValue = (int) ($decision['effective_value'] ?? 0);
|
||||
$remainingCapacity = (int) ($decision['remaining_capacity'] ?? 0);
|
||||
$sourceLabel = $this->completionSummaryEntitlementSourceLabel($decision);
|
||||
$rationale = is_string($decision['rationale'] ?? null) ? $decision['rationale'] : null;
|
||||
$message = sprintf(
|
||||
'Current usage is %d active managed tenant%s out of %d allowed. Source: %s.',
|
||||
$currentUsage,
|
||||
$currentUsage === 1 ? '' : 's',
|
||||
$effectiveValue,
|
||||
$sourceLabel,
|
||||
);
|
||||
|
||||
if ($remainingCapacity >= 0) {
|
||||
$message .= sprintf(' Remaining capacity: %d.', $remainingCapacity);
|
||||
}
|
||||
|
||||
if ($this->completionSummaryEntitlementBlocked()) {
|
||||
$blockReason = is_string($decision['block_reason'] ?? null) ? $decision['block_reason'] : null;
|
||||
|
||||
if ($blockReason !== null && $blockReason !== '') {
|
||||
$message = $blockReason;
|
||||
}
|
||||
}
|
||||
|
||||
if ($rationale !== null && $rationale !== '' && ($decision['source'] ?? null) === 'workspace_override') {
|
||||
$message .= ' Rationale: '.$rationale;
|
||||
}
|
||||
|
||||
return $message;
|
||||
}
|
||||
|
||||
private function completionSummaryEntitlementColor(): string
|
||||
{
|
||||
return $this->completionSummaryEntitlementBlocked() ? 'warning' : 'success';
|
||||
}
|
||||
|
||||
/**
|
||||
* @param array<string, mixed> $decision
|
||||
*/
|
||||
private function completionSummaryEntitlementSourceLabel(array $decision): string
|
||||
{
|
||||
if (($decision['source'] ?? null) === 'workspace_override') {
|
||||
return 'workspace override';
|
||||
}
|
||||
|
||||
$label = $decision['plan_profile_label'] ?? null;
|
||||
|
||||
return is_string($label) && $label !== ''
|
||||
? sprintf('%s plan profile', $label)
|
||||
: 'plan profile default';
|
||||
}
|
||||
|
||||
private function completionActionTooltip(): ?string
|
||||
{
|
||||
if (! $this->currentUserCan(Capabilities::WORKSPACE_MANAGED_TENANT_ONBOARD_ACTIVATE)) {
|
||||
return 'Owner required to complete onboarding.';
|
||||
}
|
||||
|
||||
if ($this->completionSummaryEntitlementBlocked()) {
|
||||
return $this->completionSummaryEntitlementDetail();
|
||||
}
|
||||
|
||||
return null;
|
||||
}
|
||||
|
||||
private function completionSummaryTenantLine(): string
|
||||
{
|
||||
$tenant = $this->currentManagedTenantRecord();
|
||||
@ -4863,6 +4980,16 @@ public function completeOnboarding(): void
|
||||
return;
|
||||
}
|
||||
|
||||
if ($this->completionSummaryEntitlementBlocked()) {
|
||||
Notification::make()
|
||||
->title('Activation limit reached')
|
||||
->body($this->completionSummaryEntitlementDetail())
|
||||
->warning()
|
||||
->send();
|
||||
|
||||
return;
|
||||
}
|
||||
|
||||
$run = $this->verificationRun();
|
||||
$verificationSucceeded = $this->verificationHasSucceeded();
|
||||
$verificationCanProceed = $this->verificationCanProceed();
|
||||
|
||||
@ -6,6 +6,7 @@
|
||||
|
||||
use App\Filament\Concerns\InteractsWithTenantOwnedRecords;
|
||||
use App\Filament\Concerns\ResolvesPanelTenantContext;
|
||||
use App\Filament\Pages\Reviews\CustomerReviewWorkspace;
|
||||
use App\Filament\Resources\EvidenceSnapshotResource\Pages;
|
||||
use App\Filament\Resources\ReviewPackResource;
|
||||
use App\Models\EvidenceSnapshot;
|
||||
@ -267,6 +268,20 @@ public static function relatedContextEntries(EvidenceSnapshot $record): array
|
||||
)->toArray();
|
||||
}
|
||||
|
||||
if ($record->tenant instanceof Tenant) {
|
||||
$entries[] = RelatedContextEntry::available(
|
||||
key: 'customer_review_workspace',
|
||||
label: 'Customer workspace',
|
||||
value: $record->tenant->name,
|
||||
secondaryValue: 'Open the customer-safe review workspace prefiltered to this tenant.',
|
||||
targetUrl: CustomerReviewWorkspace::tenantPrefilterUrl($record->tenant),
|
||||
targetKind: 'canonical_page',
|
||||
priority: 30,
|
||||
actionLabel: 'Open customer workspace',
|
||||
contextBadge: 'Reporting',
|
||||
)->toArray();
|
||||
}
|
||||
|
||||
return $entries;
|
||||
}
|
||||
|
||||
|
||||
@ -2,7 +2,10 @@
|
||||
|
||||
namespace App\Filament\Resources;
|
||||
|
||||
use App\Filament\Concerns\ResolvesPanelTenantContext;
|
||||
use App\Exceptions\Entitlements\WorkspaceEntitlementBlockedException;
|
||||
use App\Exceptions\ReviewPackEvidenceResolutionException;
|
||||
use App\Filament\Pages\Reviews\CustomerReviewWorkspace;
|
||||
use App\Filament\Resources\EvidenceSnapshotResource as TenantEvidenceSnapshotResource;
|
||||
use App\Filament\Resources\ReviewPackResource\Pages;
|
||||
use App\Models\ReviewPack;
|
||||
@ -10,6 +13,7 @@
|
||||
use App\Models\User;
|
||||
use App\Services\ReviewPackService;
|
||||
use App\Support\Auth\Capabilities;
|
||||
use App\Support\Auth\UiTooltips as AuthUiTooltips;
|
||||
use App\Support\Badges\BadgeCatalog;
|
||||
use App\Support\Badges\BadgeDomain;
|
||||
use App\Support\Badges\BadgeRenderer;
|
||||
@ -45,6 +49,8 @@
|
||||
|
||||
class ReviewPackResource extends Resource
|
||||
{
|
||||
use ResolvesPanelTenantContext;
|
||||
|
||||
protected static ?string $model = ReviewPack::class;
|
||||
|
||||
protected static ?string $tenantOwnershipRelationshipName = 'tenant';
|
||||
@ -102,9 +108,9 @@ public static function canView(Model $record): bool
|
||||
public static function actionSurfaceDeclaration(): ActionSurfaceDeclaration
|
||||
{
|
||||
return ActionSurfaceDeclaration::forResource(ActionSurfaceProfile::CrudListAndView, ActionSurfaceType::ReadOnlyRegistryReport)
|
||||
->satisfy(ActionSurfaceSlot::ListHeader, 'Generate Pack action available in list header.')
|
||||
->satisfy(ActionSurfaceSlot::ListHeader, 'Generate Pack action appears in the list header once review packs exist.')
|
||||
->satisfy(ActionSurfaceSlot::InspectAffordance, ActionSurfaceInspectAffordance::ClickableRow->value)
|
||||
->satisfy(ActionSurfaceSlot::ListEmptyState, 'Empty state includes Generate CTA.')
|
||||
->satisfy(ActionSurfaceSlot::ListEmptyState, 'Empty state carries the single Generate CTA while the registry is empty.')
|
||||
->satisfy(ActionSurfaceSlot::ListRowMoreMenu, 'Clickable-row inspection stays primary while Download remains the only direct row shortcut and Expire is grouped under More.')
|
||||
->exempt(ActionSurfaceSlot::ListBulkMoreGroup, 'No bulk operations are supported for review packs.')
|
||||
->satisfy(ActionSurfaceSlot::DetailHeader, 'Download and Regenerate actions in ViewReviewPack header.');
|
||||
@ -190,6 +196,13 @@ public static function infolist(Schema $schema): Schema
|
||||
? TenantReviewResource::tenantScopedUrl('view', ['record' => $record->tenantReview], $record->tenant)
|
||||
: null)
|
||||
->placeholder('—'),
|
||||
TextEntry::make('customer_workspace')
|
||||
->label('Customer workspace')
|
||||
->state(fn (): string => 'Open workspace')
|
||||
->url(fn (ReviewPack $record): ?string => $record->tenant instanceof Tenant
|
||||
? CustomerReviewWorkspace::tenantPrefilterUrl($record->tenant)
|
||||
: null)
|
||||
->placeholder('—'),
|
||||
TextEntry::make('summary.review_status')
|
||||
->label('Review status')
|
||||
->badge()
|
||||
@ -350,14 +363,37 @@ public static function table(Table $table): Table
|
||||
->emptyStateDescription('Generate a review pack to export tenant data for external review.')
|
||||
->emptyStateIcon('heroicon-o-document-arrow-down')
|
||||
->emptyStateActions([
|
||||
UiEnforcement::forAction(
|
||||
Actions\Action::make('generate_first')
|
||||
->label('Generate first pack')
|
||||
static::generatePackAction(name: 'generate_first', label: 'Generate first pack'),
|
||||
]);
|
||||
}
|
||||
|
||||
public static function generatePackAction(string $name = 'generate_pack', string $label = 'Generate Pack'): Actions\Action
|
||||
{
|
||||
$action = UiEnforcement::forAction(
|
||||
Actions\Action::make($name)
|
||||
->label($label)
|
||||
->icon('heroicon-o-plus')
|
||||
->disabled(fn (): bool => static::reviewPackGenerationBlocked())
|
||||
->action(function (array $data): void {
|
||||
static::executeGeneration($data);
|
||||
})
|
||||
->form([
|
||||
->form(static::reviewPackGenerationFormSchema())
|
||||
)
|
||||
->requireCapability(Capabilities::REVIEW_PACK_MANAGE)
|
||||
->preserveDisabled()
|
||||
->apply();
|
||||
|
||||
$action->tooltip(fn (): ?string => static::reviewPackGenerationActionTooltip());
|
||||
|
||||
return $action;
|
||||
}
|
||||
|
||||
/**
|
||||
* @return array<int, Section>
|
||||
*/
|
||||
public static function reviewPackGenerationFormSchema(): array
|
||||
{
|
||||
return [
|
||||
Section::make('Pack options')
|
||||
->schema([
|
||||
Toggle::make('include_pii')
|
||||
@ -369,22 +405,20 @@ public static function table(Table $table): Table
|
||||
->helperText('Include recent operation history in the export.')
|
||||
->default(config('tenantpilot.review_pack.include_operations_default', true)),
|
||||
]),
|
||||
])
|
||||
)
|
||||
->requireCapability(Capabilities::REVIEW_PACK_MANAGE)
|
||||
->apply(),
|
||||
]);
|
||||
];
|
||||
}
|
||||
|
||||
public static function getEloquentQuery(): Builder
|
||||
{
|
||||
$tenant = Filament::getTenant();
|
||||
$tenant = Tenant::current() ?? static::resolveTenantContextForCurrentPanel() ?? Filament::getTenant();
|
||||
|
||||
if (! $tenant instanceof Tenant) {
|
||||
return parent::getEloquentQuery()->whereRaw('1 = 0');
|
||||
}
|
||||
|
||||
return parent::getEloquentQuery()->where('tenant_id', (int) $tenant->getKey());
|
||||
return parent::getEloquentQuery()
|
||||
->with(['tenant', 'operationRun', 'evidenceSnapshot', 'tenantReview'])
|
||||
->where('tenant_id', (int) $tenant->getKey());
|
||||
}
|
||||
|
||||
public static function getPages(): array
|
||||
@ -458,6 +492,14 @@ public static function executeGeneration(array $data): void
|
||||
|
||||
try {
|
||||
$reviewPack = $service->generate($tenant, $user, $options);
|
||||
} catch (WorkspaceEntitlementBlockedException $exception) {
|
||||
Notification::make()
|
||||
->warning()
|
||||
->title('Review pack generation unavailable')
|
||||
->body($exception->getMessage())
|
||||
->send();
|
||||
|
||||
return;
|
||||
} catch (ReviewPackEvidenceResolutionException $exception) {
|
||||
$reasons = $exception->result->reasons;
|
||||
|
||||
@ -493,4 +535,55 @@ public static function executeGeneration(array $data): void
|
||||
|
||||
OperationUxPresenter::queuedToast('tenant.review_pack.generate')->send();
|
||||
}
|
||||
|
||||
/**
|
||||
* @return array<string, mixed>
|
||||
*/
|
||||
public static function reviewPackGenerationDecision(?Tenant $tenant = null): array
|
||||
{
|
||||
$tenant ??= Tenant::current() ?? static::resolveTenantContextForCurrentPanel() ?? Filament::getTenant();
|
||||
|
||||
if (! $tenant instanceof Tenant) {
|
||||
return [];
|
||||
}
|
||||
|
||||
return app(ReviewPackService::class)->reviewPackGenerationDecisionForTenant($tenant);
|
||||
}
|
||||
|
||||
public static function currentTenantContext(): ?Tenant
|
||||
{
|
||||
$tenant = Tenant::current() ?? static::resolveTenantContextForCurrentPanel() ?? Filament::getTenant();
|
||||
|
||||
return $tenant instanceof Tenant ? $tenant : null;
|
||||
}
|
||||
|
||||
public static function reviewPackGenerationBlocked(?Tenant $tenant = null): bool
|
||||
{
|
||||
return (bool) (static::reviewPackGenerationDecision($tenant)['is_blocked'] ?? false);
|
||||
}
|
||||
|
||||
public static function reviewPackGenerationBlockReason(?Tenant $tenant = null): ?string
|
||||
{
|
||||
$decision = static::reviewPackGenerationDecision($tenant);
|
||||
|
||||
if (! (bool) ($decision['is_blocked'] ?? false)) {
|
||||
return null;
|
||||
}
|
||||
|
||||
$reason = $decision['block_reason'] ?? null;
|
||||
|
||||
return is_string($reason) && $reason !== '' ? $reason : null;
|
||||
}
|
||||
|
||||
public static function reviewPackGenerationActionTooltip(?Tenant $tenant = null): ?string
|
||||
{
|
||||
$tenant ??= static::currentTenantContext();
|
||||
$user = auth()->user();
|
||||
|
||||
if ($tenant instanceof Tenant && $user instanceof User && ! $user->can(Capabilities::REVIEW_PACK_MANAGE, $tenant)) {
|
||||
return AuthUiTooltips::insufficientPermission();
|
||||
}
|
||||
|
||||
return static::reviewPackGenerationBlockReason($tenant);
|
||||
}
|
||||
}
|
||||
|
||||
@ -3,12 +3,7 @@
|
||||
namespace App\Filament\Resources\ReviewPackResource\Pages;
|
||||
|
||||
use App\Filament\Resources\ReviewPackResource;
|
||||
use App\Support\Auth\Capabilities;
|
||||
use App\Support\Rbac\UiEnforcement;
|
||||
use Filament\Actions;
|
||||
use Filament\Forms\Components\Toggle;
|
||||
use Filament\Resources\Pages\ListRecords;
|
||||
use Filament\Schemas\Components\Section;
|
||||
|
||||
class ListReviewPacks extends ListRecords
|
||||
{
|
||||
@ -17,29 +12,13 @@ class ListReviewPacks extends ListRecords
|
||||
protected function getHeaderActions(): array
|
||||
{
|
||||
return [
|
||||
UiEnforcement::forAction(
|
||||
Actions\Action::make('generate_pack')
|
||||
->label('Generate Pack')
|
||||
->icon('heroicon-o-plus')
|
||||
->action(function (array $data): void {
|
||||
ReviewPackResource::executeGeneration($data);
|
||||
})
|
||||
->form([
|
||||
Section::make('Pack options')
|
||||
->schema([
|
||||
Toggle::make('include_pii')
|
||||
->label('Include PII')
|
||||
->helperText('Include personally identifiable information in the export.')
|
||||
->default(config('tenantpilot.review_pack.include_pii_default', true)),
|
||||
Toggle::make('include_operations')
|
||||
->label('Include operations')
|
||||
->helperText('Include recent operation history in the export.')
|
||||
->default(config('tenantpilot.review_pack.include_operations_default', true)),
|
||||
]),
|
||||
])
|
||||
)
|
||||
->requireCapability(Capabilities::REVIEW_PACK_MANAGE)
|
||||
->apply(),
|
||||
ReviewPackResource::generatePackAction()
|
||||
->visible(fn (): bool => $this->tableHasRecords()),
|
||||
];
|
||||
}
|
||||
|
||||
private function tableHasRecords(): bool
|
||||
{
|
||||
return $this->getTableRecords()->count() > 0;
|
||||
}
|
||||
}
|
||||
|
||||
@ -19,20 +19,12 @@ class ViewReviewPack extends ViewRecord
|
||||
|
||||
protected function getHeaderActions(): array
|
||||
{
|
||||
return [
|
||||
Actions\Action::make('download')
|
||||
->label('Download')
|
||||
->icon('heroicon-o-arrow-down-tray')
|
||||
->color('success')
|
||||
->visible(fn (): bool => $this->record->status === ReviewPackStatus::Ready->value)
|
||||
->url(fn (): string => app(ReviewPackService::class)->generateDownloadUrl($this->record))
|
||||
->openUrlInNewTab(),
|
||||
|
||||
UiEnforcement::forAction(
|
||||
$regenerateAction = UiEnforcement::forAction(
|
||||
Actions\Action::make('regenerate')
|
||||
->label('Regenerate')
|
||||
->icon('heroicon-o-arrow-path')
|
||||
->color('primary')
|
||||
->disabled(fn (): bool => ReviewPackResource::reviewPackGenerationBlocked($this->record->tenant))
|
||||
->requiresConfirmation()
|
||||
->modalDescription('This will generate a new review pack with the same options. The current pack will remain available until it expires.')
|
||||
->action(function (array $data): void {
|
||||
@ -67,7 +59,21 @@ protected function getHeaderActions(): array
|
||||
})
|
||||
)
|
||||
->requireCapability(Capabilities::REVIEW_PACK_MANAGE)
|
||||
->apply(),
|
||||
->preserveDisabled()
|
||||
->apply();
|
||||
|
||||
$regenerateAction->tooltip(fn (): ?string => ReviewPackResource::reviewPackGenerationActionTooltip($this->record->tenant));
|
||||
|
||||
return [
|
||||
Actions\Action::make('download')
|
||||
->label('Download')
|
||||
->icon('heroicon-o-arrow-down-tray')
|
||||
->color('success')
|
||||
->visible(fn (): bool => $this->record->status === ReviewPackStatus::Ready->value)
|
||||
->url(fn (): string => app(ReviewPackService::class)->generateDownloadUrl($this->record))
|
||||
->openUrlInNewTab(),
|
||||
|
||||
$regenerateAction,
|
||||
];
|
||||
}
|
||||
}
|
||||
|
||||
@ -6,7 +6,9 @@
|
||||
|
||||
use App\Filament\Concerns\InteractsWithTenantOwnedRecords;
|
||||
use App\Filament\Concerns\ResolvesPanelTenantContext;
|
||||
use App\Filament\Pages\Reviews\CustomerReviewWorkspace;
|
||||
use App\Filament\Resources\TenantReviewResource\Pages;
|
||||
use App\Exceptions\Entitlements\WorkspaceEntitlementBlockedException;
|
||||
use App\Models\EvidenceSnapshot;
|
||||
use App\Models\Tenant;
|
||||
use App\Models\TenantReview;
|
||||
@ -15,6 +17,7 @@
|
||||
use App\Services\ReviewPackService;
|
||||
use App\Services\TenantReviews\TenantReviewService;
|
||||
use App\Support\Auth\Capabilities;
|
||||
use App\Support\Auth\UiTooltips as AuthUiTooltips;
|
||||
use App\Support\Badges\BadgeCatalog;
|
||||
use App\Support\Badges\BadgeDomain;
|
||||
use App\Support\Badges\BadgeRenderer;
|
||||
@ -241,6 +244,25 @@ public static function infolist(Schema $schema): Schema
|
||||
|
||||
public static function table(Table $table): Table
|
||||
{
|
||||
$exportExecutivePackAction = UiEnforcement::forTableAction(
|
||||
Actions\Action::make('export_executive_pack')
|
||||
->label('Export executive pack')
|
||||
->icon('heroicon-o-arrow-down-tray')
|
||||
->visible(fn (TenantReview $record): bool => in_array($record->status, [
|
||||
TenantReviewStatus::Ready->value,
|
||||
TenantReviewStatus::Published->value,
|
||||
], true))
|
||||
->disabled(fn (TenantReview $record): bool => static::reviewPackGenerationBlocked($record->tenant))
|
||||
->action(fn (TenantReview $record): mixed => static::executeExport($record)),
|
||||
fn (TenantReview $record): TenantReview => $record,
|
||||
)
|
||||
->requireCapability(Capabilities::TENANT_REVIEW_MANAGE)
|
||||
->preserveVisibility()
|
||||
->preserveDisabled()
|
||||
->apply();
|
||||
|
||||
$exportExecutivePackAction->tooltip(fn (TenantReview $record): ?string => static::reviewPackGenerationActionTooltip($record->tenant));
|
||||
|
||||
return $table
|
||||
->defaultSort('generated_at', 'desc')
|
||||
->persistFiltersInSession()
|
||||
@ -287,20 +309,7 @@ public static function table(Table $table): Table
|
||||
\App\Support\Filament\FilterPresets::dateRange('review_date', 'Review date', 'generated_at'),
|
||||
])
|
||||
->actions([
|
||||
UiEnforcement::forTableAction(
|
||||
Actions\Action::make('export_executive_pack')
|
||||
->label('Export executive pack')
|
||||
->icon('heroicon-o-arrow-down-tray')
|
||||
->visible(fn (TenantReview $record): bool => in_array($record->status, [
|
||||
TenantReviewStatus::Ready->value,
|
||||
TenantReviewStatus::Published->value,
|
||||
], true))
|
||||
->action(fn (TenantReview $record): mixed => static::executeExport($record)),
|
||||
fn (TenantReview $record): TenantReview => $record,
|
||||
)
|
||||
->requireCapability(Capabilities::TENANT_REVIEW_MANAGE)
|
||||
->preserveVisibility()
|
||||
->apply(),
|
||||
$exportExecutivePackAction,
|
||||
])
|
||||
->bulkActions([])
|
||||
->emptyStateHeading('No tenant reviews yet')
|
||||
@ -423,6 +432,50 @@ public static function executeCreateReview(array $data): void
|
||||
$toast->send();
|
||||
}
|
||||
|
||||
/**
|
||||
* @return array<string, mixed>
|
||||
*/
|
||||
public static function reviewPackGenerationDecision(?Tenant $tenant = null): array
|
||||
{
|
||||
$tenant ??= Filament::getTenant();
|
||||
|
||||
if (! $tenant instanceof Tenant) {
|
||||
return [];
|
||||
}
|
||||
|
||||
return app(ReviewPackService::class)->reviewPackGenerationDecisionForTenant($tenant);
|
||||
}
|
||||
|
||||
public static function reviewPackGenerationBlocked(?Tenant $tenant = null): bool
|
||||
{
|
||||
return (bool) (static::reviewPackGenerationDecision($tenant)['is_blocked'] ?? false);
|
||||
}
|
||||
|
||||
public static function reviewPackGenerationBlockReason(?Tenant $tenant = null): ?string
|
||||
{
|
||||
$decision = static::reviewPackGenerationDecision($tenant);
|
||||
|
||||
if (! (bool) ($decision['is_blocked'] ?? false)) {
|
||||
return null;
|
||||
}
|
||||
|
||||
$reason = $decision['block_reason'] ?? null;
|
||||
|
||||
return is_string($reason) && $reason !== '' ? $reason : null;
|
||||
}
|
||||
|
||||
public static function reviewPackGenerationActionTooltip(?Tenant $tenant = null): ?string
|
||||
{
|
||||
$tenant ??= static::panelTenantContext();
|
||||
$user = auth()->user();
|
||||
|
||||
if ($tenant instanceof Tenant && $user instanceof User && ! $user->can(Capabilities::TENANT_REVIEW_MANAGE, $tenant)) {
|
||||
return AuthUiTooltips::insufficientPermission();
|
||||
}
|
||||
|
||||
return static::reviewPackGenerationBlockReason($tenant);
|
||||
}
|
||||
|
||||
public static function executeExport(TenantReview $review): void
|
||||
{
|
||||
$review->loadMissing(['tenant', 'currentExportReviewPack']);
|
||||
@ -457,6 +510,10 @@ public static function executeExport(TenantReview $review): void
|
||||
'include_pii' => true,
|
||||
'include_operations' => true,
|
||||
]);
|
||||
} catch (WorkspaceEntitlementBlockedException $exception) {
|
||||
Notification::make()->warning()->title('Executive pack export unavailable')->body($exception->getMessage())->send();
|
||||
|
||||
return;
|
||||
} catch (\Throwable $throwable) {
|
||||
Notification::make()->danger()->title('Unable to export executive pack')->body($throwable->getMessage())->send();
|
||||
|
||||
@ -593,6 +650,15 @@ private static function summaryContextLinks(TenantReview $record): array
|
||||
];
|
||||
}
|
||||
|
||||
if ($record->tenant) {
|
||||
$links[] = [
|
||||
'title' => 'Customer workspace',
|
||||
'label' => 'Open customer workspace',
|
||||
'url' => CustomerReviewWorkspace::tenantPrefilterUrl($record->tenant),
|
||||
'description' => 'Open the customer-safe review workspace prefiltered to this tenant.',
|
||||
];
|
||||
}
|
||||
|
||||
if ($record->evidenceSnapshot && $record->tenant) {
|
||||
$links[] = [
|
||||
'title' => 'Evidence snapshot',
|
||||
|
||||
@ -4,12 +4,15 @@
|
||||
|
||||
namespace App\Filament\Resources\TenantReviewResource\Pages;
|
||||
|
||||
use App\Filament\Pages\Reviews\CustomerReviewWorkspace;
|
||||
use App\Filament\Resources\TenantReviewResource;
|
||||
use App\Models\Tenant;
|
||||
use App\Models\TenantReview;
|
||||
use App\Models\User;
|
||||
use App\Services\Audit\WorkspaceAuditLogger;
|
||||
use App\Services\TenantReviews\TenantReviewLifecycleService;
|
||||
use App\Services\TenantReviews\TenantReviewService;
|
||||
use App\Support\Audit\AuditActionId;
|
||||
use App\Support\Auth\Capabilities;
|
||||
use App\Support\Rbac\UiEnforcement;
|
||||
use App\Support\TenantReviewStatus;
|
||||
@ -24,6 +27,13 @@ class ViewTenantReview extends ViewRecord
|
||||
{
|
||||
protected static string $resource = TenantReviewResource::class;
|
||||
|
||||
public function mount(int|string $record): void
|
||||
{
|
||||
parent::mount($record);
|
||||
|
||||
$this->auditCustomerWorkspaceOpen();
|
||||
}
|
||||
|
||||
protected function resolveRecord(int|string $key): Model
|
||||
{
|
||||
return TenantReviewResource::resolveScopedRecordOrFail($key);
|
||||
@ -69,7 +79,7 @@ protected function getHeaderActions(): array
|
||||
->label('Danger')
|
||||
->icon('heroicon-o-archive-box')
|
||||
->color('danger')
|
||||
->visible(fn (): bool => ! $this->record->statusEnum()->isTerminal()),
|
||||
->visible(fn (): bool => ! $this->isCustomerWorkspaceView() && ! $this->record->statusEnum()->isTerminal()),
|
||||
]));
|
||||
}
|
||||
|
||||
@ -85,6 +95,10 @@ private function primaryLifecycleAction(): ?Actions\Action
|
||||
|
||||
private function primaryLifecycleActionName(): ?string
|
||||
{
|
||||
if ($this->isCustomerWorkspaceView()) {
|
||||
return null;
|
||||
}
|
||||
|
||||
if ((string) $this->record->status === TenantReviewStatus::Published->value) {
|
||||
return 'export_executive_pack';
|
||||
}
|
||||
@ -122,6 +136,10 @@ private function secondaryLifecycleActions(): array
|
||||
*/
|
||||
private function secondaryLifecycleActionNames(): array
|
||||
{
|
||||
if ($this->isCustomerWorkspaceView()) {
|
||||
return [];
|
||||
}
|
||||
|
||||
$names = [];
|
||||
|
||||
if ($this->record->isMutable()) {
|
||||
@ -178,7 +196,6 @@ private function refreshReviewAction(): Actions\Action
|
||||
}),
|
||||
)
|
||||
->requireCapability(Capabilities::TENANT_REVIEW_MANAGE)
|
||||
->preserveVisibility()
|
||||
->apply();
|
||||
}
|
||||
|
||||
@ -232,7 +249,7 @@ private function publishReviewAction(): Actions\Action
|
||||
|
||||
private function exportExecutivePackAction(): Actions\Action
|
||||
{
|
||||
return UiEnforcement::forAction(
|
||||
$action = UiEnforcement::forAction(
|
||||
Actions\Action::make('export_executive_pack')
|
||||
->label('Export executive pack')
|
||||
->icon('heroicon-o-arrow-down-tray')
|
||||
@ -241,11 +258,17 @@ private function exportExecutivePackAction(): Actions\Action
|
||||
TenantReviewStatus::Ready->value,
|
||||
TenantReviewStatus::Published->value,
|
||||
], true))
|
||||
->disabled(fn (): bool => TenantReviewResource::reviewPackGenerationBlocked($this->record->tenant))
|
||||
->action(fn (): mixed => TenantReviewResource::executeExport($this->record)),
|
||||
)
|
||||
->requireCapability(Capabilities::TENANT_REVIEW_MANAGE)
|
||||
->preserveVisibility()
|
||||
->preserveDisabled()
|
||||
->apply();
|
||||
|
||||
$action->tooltip(fn (): ?string => TenantReviewResource::reviewPackGenerationActionTooltip($this->record->tenant));
|
||||
|
||||
return $action;
|
||||
}
|
||||
|
||||
private function createNextReviewAction(): Actions\Action
|
||||
@ -319,4 +342,39 @@ private function archiveReviewAction(): Actions\Action
|
||||
->preserveVisibility()
|
||||
->apply();
|
||||
}
|
||||
|
||||
private function isCustomerWorkspaceView(): bool
|
||||
{
|
||||
return request()->boolean(CustomerReviewWorkspace::DETAIL_CONTEXT_QUERY_KEY);
|
||||
}
|
||||
|
||||
private function auditCustomerWorkspaceOpen(): void
|
||||
{
|
||||
if (! $this->isCustomerWorkspaceView()) {
|
||||
return;
|
||||
}
|
||||
|
||||
$user = auth()->user();
|
||||
$tenant = $this->record->tenant;
|
||||
|
||||
if (! $user instanceof User || ! $tenant instanceof Tenant) {
|
||||
return;
|
||||
}
|
||||
|
||||
app(WorkspaceAuditLogger::class)->log(
|
||||
workspace: $tenant->workspace,
|
||||
action: AuditActionId::TenantReviewOpened,
|
||||
context: [
|
||||
'metadata' => [
|
||||
'review_id' => (int) $this->record->getKey(),
|
||||
'source_surface' => 'customer_review_workspace',
|
||||
],
|
||||
],
|
||||
actor: $user,
|
||||
resourceType: 'tenant_review',
|
||||
resourceId: (string) $this->record->getKey(),
|
||||
targetLabel: sprintf('Tenant review #%d', (int) $this->record->getKey()),
|
||||
tenant: $tenant,
|
||||
);
|
||||
}
|
||||
}
|
||||
|
||||
@ -9,6 +9,7 @@
|
||||
use App\Models\PlatformUser;
|
||||
use App\Models\Tenant;
|
||||
use App\Models\Workspace;
|
||||
use App\Services\Entitlements\WorkspaceEntitlementResolver;
|
||||
use App\Support\Auth\PlatformCapabilities;
|
||||
use App\Support\CustomerHealth\WorkspaceHealthSummaryQuery;
|
||||
use App\Support\OperationCatalog;
|
||||
@ -85,6 +86,14 @@ public function runsUrl(): string
|
||||
return SystemOperationRunLinks::index();
|
||||
}
|
||||
|
||||
/**
|
||||
* @return array<string, mixed>
|
||||
*/
|
||||
public function workspaceEntitlementSummary(): array
|
||||
{
|
||||
return app(WorkspaceEntitlementResolver::class)->summary($this->workspace);
|
||||
}
|
||||
|
||||
/**
|
||||
* @return array{
|
||||
* overall: array{label: string, color: string, icon: string|null},
|
||||
|
||||
@ -80,6 +80,9 @@ protected function getHeaderActions(): array
|
||||
$this->pauseRestoreExecuteAction(),
|
||||
$this->resumeRestoreExecuteAction(),
|
||||
$this->viewHistoryRestoreExecuteAction(),
|
||||
$this->pauseAiExecutionAction(),
|
||||
$this->resumeAiExecutionAction(),
|
||||
$this->viewHistoryAiExecutionAction(),
|
||||
];
|
||||
}
|
||||
|
||||
@ -199,6 +202,21 @@ public function viewHistoryRestoreExecuteAction(): Action
|
||||
return $this->historyActionFor('restore.execute');
|
||||
}
|
||||
|
||||
public function pauseAiExecutionAction(): Action
|
||||
{
|
||||
return $this->pauseActionFor('ai.execution');
|
||||
}
|
||||
|
||||
public function resumeAiExecutionAction(): Action
|
||||
{
|
||||
return $this->resumeActionFor('ai.execution');
|
||||
}
|
||||
|
||||
public function viewHistoryAiExecutionAction(): Action
|
||||
{
|
||||
return $this->historyActionFor('ai.execution');
|
||||
}
|
||||
|
||||
private function pauseActionFor(string $controlKey): Action
|
||||
{
|
||||
$label = app(OperationalControlCatalog::class)->label($controlKey);
|
||||
@ -213,7 +231,7 @@ private function pauseActionFor(string $controlKey): Action
|
||||
->form($this->pauseFormSchema($controlKey))
|
||||
->action(function (array $data, AuditRecorder $auditRecorder, WorkspaceAuditLogger $workspaceAuditLogger) use ($controlKey, $label): void {
|
||||
$actor = $this->controlsActor();
|
||||
[$scopeType, $workspace, $reasonText, $expiresAt] = $this->normalizePauseInput($data);
|
||||
[$scopeType, $workspace, $reasonText, $expiresAt] = $this->normalizePauseInput($controlKey, $data);
|
||||
|
||||
$scopeQuery = $this->activationScopeQuery($controlKey, $scopeType, $workspace);
|
||||
|
||||
@ -273,7 +291,7 @@ private function resumeActionFor(string $controlKey): Action
|
||||
->form($this->resumeFormSchema($controlKey))
|
||||
->action(function (array $data, AuditRecorder $auditRecorder, WorkspaceAuditLogger $workspaceAuditLogger) use ($controlKey, $label): void {
|
||||
$actor = $this->controlsActor();
|
||||
[$scopeType, $workspace] = $this->normalizeResumeInput($data);
|
||||
[$scopeType, $workspace] = $this->normalizeResumeInput($controlKey, $data);
|
||||
|
||||
$activation = $this->activationScopeQuery($controlKey, $scopeType, $workspace)
|
||||
->notExpired()
|
||||
@ -331,11 +349,8 @@ private function pauseFormSchema(string $controlKey): array
|
||||
return [
|
||||
Radio::make('scope_type')
|
||||
->label('Scope')
|
||||
->options([
|
||||
'global' => 'Global',
|
||||
'workspace' => 'One workspace',
|
||||
])
|
||||
->default('global')
|
||||
->options($this->scopeOptions($controlKey))
|
||||
->default($this->defaultScopeFor($controlKey))
|
||||
->live()
|
||||
->required(),
|
||||
|
||||
@ -395,11 +410,8 @@ private function resumeFormSchema(string $controlKey): array
|
||||
return [
|
||||
Radio::make('scope_type')
|
||||
->label('Scope')
|
||||
->options([
|
||||
'global' => 'Global',
|
||||
'workspace' => 'One workspace',
|
||||
])
|
||||
->default('global')
|
||||
->options($this->scopeOptions($controlKey))
|
||||
->default($this->defaultScopeFor($controlKey))
|
||||
->live()
|
||||
->required(),
|
||||
|
||||
@ -456,9 +468,9 @@ private function controlsActor(): PlatformUser
|
||||
/**
|
||||
* @return array{0: string, 1: ?Workspace, 2: string, 3: ?CarbonInterface}
|
||||
*/
|
||||
private function normalizePauseInput(array $data): array
|
||||
private function normalizePauseInput(string $controlKey, array $data): array
|
||||
{
|
||||
[$scopeType, $workspace] = $this->resolveScopeInput($data);
|
||||
[$scopeType, $workspace] = $this->resolveScopeInput($controlKey, $data);
|
||||
$reasonText = trim((string) ($data['reason_text'] ?? ''));
|
||||
|
||||
if ($reasonText === '') {
|
||||
@ -485,19 +497,20 @@ private function normalizePauseInput(array $data): array
|
||||
/**
|
||||
* @return array{0: string, 1: ?Workspace}
|
||||
*/
|
||||
private function normalizeResumeInput(array $data): array
|
||||
private function normalizeResumeInput(string $controlKey, array $data): array
|
||||
{
|
||||
return $this->resolveScopeInput($data);
|
||||
return $this->resolveScopeInput($controlKey, $data);
|
||||
}
|
||||
|
||||
/**
|
||||
* @return array{0: string, 1: ?Workspace}
|
||||
*/
|
||||
private function resolveScopeInput(array $data): array
|
||||
private function resolveScopeInput(string $controlKey, array $data): array
|
||||
{
|
||||
$scopeType = (string) ($data['scope_type'] ?? 'global');
|
||||
$supportedScopes = app(OperationalControlCatalog::class)->definition($controlKey)['supported_scopes'] ?? ['global'];
|
||||
|
||||
if (! in_array($scopeType, ['global', 'workspace'], true)) {
|
||||
if (! in_array($scopeType, $supportedScopes, true)) {
|
||||
throw ValidationException::withMessages([
|
||||
'scope_type' => 'Invalid scope selected.',
|
||||
]);
|
||||
@ -526,6 +539,26 @@ private function resolveScopeInput(array $data): array
|
||||
return [$scopeType, $workspace];
|
||||
}
|
||||
|
||||
/**
|
||||
* @return array<string, string>
|
||||
*/
|
||||
private function scopeOptions(string $controlKey): array
|
||||
{
|
||||
$supportedScopes = app(OperationalControlCatalog::class)->definition($controlKey)['supported_scopes'];
|
||||
|
||||
return Arr::only([
|
||||
'global' => 'Global',
|
||||
'workspace' => 'One workspace',
|
||||
], $supportedScopes);
|
||||
}
|
||||
|
||||
private function defaultScopeFor(string $controlKey): string
|
||||
{
|
||||
$supportedScopes = app(OperationalControlCatalog::class)->definition($controlKey)['supported_scopes'];
|
||||
|
||||
return $supportedScopes[0] ?? 'global';
|
||||
}
|
||||
|
||||
private function activationScopeQuery(string $controlKey, string $scopeType, ?Workspace $workspace): \Illuminate\Database\Eloquent\Builder
|
||||
{
|
||||
$query = OperationalControlActivation::query()
|
||||
|
||||
@ -4,6 +4,8 @@
|
||||
|
||||
namespace App\Filament\Widgets\Tenant;
|
||||
|
||||
use App\Exceptions\Entitlements\WorkspaceEntitlementBlockedException;
|
||||
use App\Filament\Pages\Reviews\CustomerReviewWorkspace;
|
||||
use App\Models\OperationRun;
|
||||
use App\Models\ReviewPack;
|
||||
use App\Models\Tenant;
|
||||
@ -18,6 +20,7 @@
|
||||
use App\Support\ReviewPackStatus;
|
||||
use Filament\Actions\Action;
|
||||
use Filament\Facades\Filament;
|
||||
use Filament\Notifications\Notification;
|
||||
use Filament\Widgets\Widget;
|
||||
|
||||
class TenantReviewPackCard extends Widget
|
||||
@ -66,6 +69,18 @@ public function generatePack(bool $includePii = true, bool $includeOperations =
|
||||
/** @var ReviewPackService $service */
|
||||
$service = app(ReviewPackService::class);
|
||||
|
||||
$decision = $service->reviewPackGenerationDecisionForTenant($tenant);
|
||||
|
||||
if ((bool) ($decision['is_blocked'] ?? false)) {
|
||||
Notification::make()
|
||||
->title('Review pack generation unavailable')
|
||||
->body((string) ($decision['block_reason'] ?? 'Workspace entitlement currently blocks review pack generation.'))
|
||||
->warning()
|
||||
->send();
|
||||
|
||||
return;
|
||||
}
|
||||
|
||||
$activeRun = $service->checkActiveRun($tenant)
|
||||
? OperationRun::query()
|
||||
->where('tenant_id', (int) $tenant->getKey())
|
||||
@ -90,10 +105,20 @@ public function generatePack(bool $includePii = true, bool $includeOperations =
|
||||
return;
|
||||
}
|
||||
|
||||
try {
|
||||
$reviewPack = $service->generate($tenant, $user, [
|
||||
'include_pii' => $includePii,
|
||||
'include_operations' => $includeOperations,
|
||||
]);
|
||||
} catch (WorkspaceEntitlementBlockedException $exception) {
|
||||
Notification::make()
|
||||
->title('Review pack generation unavailable')
|
||||
->body($exception->getMessage())
|
||||
->warning()
|
||||
->send();
|
||||
|
||||
return;
|
||||
}
|
||||
|
||||
$runUrl = $reviewPack->operationRun
|
||||
? OperationRunLinks::tenantlessView($reviewPack->operationRun)
|
||||
@ -130,6 +155,14 @@ protected function getViewData(): array
|
||||
$isTenantMember = $user instanceof User && $user->canAccessTenant($tenant);
|
||||
$canView = $isTenantMember && $user->can(Capabilities::REVIEW_PACK_VIEW, $tenant);
|
||||
$canManage = $isTenantMember && $user->can(Capabilities::REVIEW_PACK_MANAGE, $tenant);
|
||||
$service = app(ReviewPackService::class);
|
||||
$generationEntitlement = $canManage
|
||||
? $service->reviewPackGenerationDecisionForTenant($tenant)
|
||||
: null;
|
||||
$generationBlocked = (bool) ($generationEntitlement['is_blocked'] ?? false);
|
||||
$generationBlockReason = is_string($generationEntitlement['block_reason'] ?? null)
|
||||
? $generationEntitlement['block_reason']
|
||||
: null;
|
||||
|
||||
$latestPack = ReviewPack::query()
|
||||
->with(['tenantReview', 'operationRun'])
|
||||
@ -146,6 +179,9 @@ protected function getViewData(): array
|
||||
'pollingInterval' => null,
|
||||
'canView' => $canView,
|
||||
'canManage' => $canManage,
|
||||
'generationBlocked' => $generationBlocked,
|
||||
'generationBlockReason' => $generationBlockReason,
|
||||
'customerWorkspaceUrl' => $canView ? CustomerReviewWorkspace::tenantPrefilterUrl($tenant) : null,
|
||||
'downloadUrl' => null,
|
||||
'failedReason' => null,
|
||||
'reviewUrl' => null,
|
||||
@ -194,6 +230,9 @@ protected function getViewData(): array
|
||||
'pollingInterval' => self::resolvePollingInterval($latestPack),
|
||||
'canView' => $canView,
|
||||
'canManage' => $canManage,
|
||||
'generationBlocked' => $generationBlocked,
|
||||
'generationBlockReason' => $generationBlockReason,
|
||||
'customerWorkspaceUrl' => $canView ? CustomerReviewWorkspace::tenantPrefilterUrl($tenant) : null,
|
||||
'downloadUrl' => $downloadUrl,
|
||||
'failedReason' => $failedReason,
|
||||
'failedReasonDetail' => $failedReasonDetail,
|
||||
@ -224,6 +263,9 @@ private function emptyState(): array
|
||||
'pollingInterval' => null,
|
||||
'canView' => false,
|
||||
'canManage' => false,
|
||||
'generationBlocked' => false,
|
||||
'generationBlockReason' => null,
|
||||
'customerWorkspaceUrl' => null,
|
||||
'downloadUrl' => null,
|
||||
'failedReason' => null,
|
||||
'failedReasonDetail' => null,
|
||||
|
||||
@ -4,7 +4,12 @@
|
||||
|
||||
namespace App\Http\Controllers;
|
||||
|
||||
use App\Models\Tenant;
|
||||
use App\Models\ReviewPack;
|
||||
use App\Models\User;
|
||||
use App\Services\Audit\WorkspaceAuditLogger;
|
||||
use App\Support\Audit\AuditActionId;
|
||||
use App\Support\Auth\Capabilities;
|
||||
use App\Support\ReviewPackStatus;
|
||||
use Illuminate\Http\Request;
|
||||
use Illuminate\Support\Facades\Storage;
|
||||
@ -15,6 +20,21 @@ class ReviewPackDownloadController extends Controller
|
||||
{
|
||||
public function __invoke(Request $request, ReviewPack $reviewPack): StreamedResponse
|
||||
{
|
||||
$user = $request->user();
|
||||
$tenant = $reviewPack->tenant;
|
||||
|
||||
if (! $user instanceof User || ! $tenant instanceof Tenant) {
|
||||
throw new NotFoundHttpException;
|
||||
}
|
||||
|
||||
if (! $user->canAccessTenant($tenant)) {
|
||||
throw new NotFoundHttpException;
|
||||
}
|
||||
|
||||
if (! $user->can(Capabilities::REVIEW_PACK_VIEW, $tenant)) {
|
||||
abort(403);
|
||||
}
|
||||
|
||||
if ($reviewPack->status !== ReviewPackStatus::Ready->value) {
|
||||
throw new NotFoundHttpException;
|
||||
}
|
||||
@ -29,7 +49,26 @@ public function __invoke(Request $request, ReviewPack $reviewPack): StreamedResp
|
||||
throw new NotFoundHttpException;
|
||||
}
|
||||
|
||||
$tenant = $reviewPack->tenant;
|
||||
app(WorkspaceAuditLogger::class)->log(
|
||||
workspace: $tenant->workspace,
|
||||
action: AuditActionId::ReviewPackDownloaded,
|
||||
context: [
|
||||
'metadata' => [
|
||||
'review_pack_id' => (int) $reviewPack->getKey(),
|
||||
'tenant_review_id' => $reviewPack->tenant_review_id !== null
|
||||
? (int) $reviewPack->tenant_review_id
|
||||
: null,
|
||||
'source_surface' => (string) $request->query('source_surface', 'review_pack'),
|
||||
],
|
||||
],
|
||||
actor: $user,
|
||||
resourceType: 'review_pack',
|
||||
resourceId: (string) $reviewPack->getKey(),
|
||||
targetLabel: sprintf('Review pack #%d', (int) $reviewPack->getKey()),
|
||||
tenant: $tenant,
|
||||
operationRunId: $reviewPack->operation_run_id,
|
||||
);
|
||||
|
||||
$filename = sprintf(
|
||||
'review-pack-%s-%s.zip',
|
||||
$tenant?->external_id ?? 'unknown',
|
||||
|
||||
121
apps/platform/app/Models/SupportRequest.php
Normal file
121
apps/platform/app/Models/SupportRequest.php
Normal file
@ -0,0 +1,121 @@
|
||||
<?php
|
||||
|
||||
declare(strict_types=1);
|
||||
|
||||
namespace App\Models;
|
||||
|
||||
use App\Support\Concerns\DerivesWorkspaceIdFromTenant;
|
||||
use Illuminate\Database\Eloquent\Factories\HasFactory;
|
||||
use Illuminate\Database\Eloquent\Model;
|
||||
use Illuminate\Database\Eloquent\Relations\BelongsTo;
|
||||
|
||||
class SupportRequest extends Model
|
||||
{
|
||||
use DerivesWorkspaceIdFromTenant;
|
||||
|
||||
/** @use HasFactory<\Database\Factories\SupportRequestFactory> */
|
||||
use HasFactory;
|
||||
|
||||
public const string PRIMARY_CONTEXT_TENANT = 'tenant';
|
||||
|
||||
public const string PRIMARY_CONTEXT_OPERATION_RUN = 'operation_run';
|
||||
|
||||
public const string ATTACHMENT_MODE_DIAGNOSTIC_SNAPSHOT_ATTACHED = 'diagnostic_snapshot_attached';
|
||||
|
||||
public const string ATTACHMENT_MODE_CANONICAL_CONTEXT_ONLY = 'canonical_context_only';
|
||||
|
||||
public const string SEVERITY_LOW = 'low';
|
||||
|
||||
public const string SEVERITY_NORMAL = 'normal';
|
||||
|
||||
public const string SEVERITY_HIGH = 'high';
|
||||
|
||||
public const string SEVERITY_BLOCKING = 'blocking';
|
||||
|
||||
protected $guarded = [];
|
||||
|
||||
/**
|
||||
* @return array<string, string>
|
||||
*/
|
||||
protected function casts(): array
|
||||
{
|
||||
return [
|
||||
'context_envelope' => 'array',
|
||||
];
|
||||
}
|
||||
|
||||
/**
|
||||
* @return array<string, string>
|
||||
*/
|
||||
public static function severityOptions(): array
|
||||
{
|
||||
return [
|
||||
self::SEVERITY_LOW => 'Low',
|
||||
self::SEVERITY_NORMAL => 'Normal',
|
||||
self::SEVERITY_HIGH => 'High',
|
||||
self::SEVERITY_BLOCKING => 'Blocking',
|
||||
];
|
||||
}
|
||||
|
||||
/**
|
||||
* @return list<string>
|
||||
*/
|
||||
public static function severityValues(): array
|
||||
{
|
||||
return array_keys(self::severityOptions());
|
||||
}
|
||||
|
||||
/**
|
||||
* @return list<string>
|
||||
*/
|
||||
public static function primaryContextTypes(): array
|
||||
{
|
||||
return [
|
||||
self::PRIMARY_CONTEXT_TENANT,
|
||||
self::PRIMARY_CONTEXT_OPERATION_RUN,
|
||||
];
|
||||
}
|
||||
|
||||
/**
|
||||
* @return list<string>
|
||||
*/
|
||||
public static function attachmentModes(): array
|
||||
{
|
||||
return [
|
||||
self::ATTACHMENT_MODE_DIAGNOSTIC_SNAPSHOT_ATTACHED,
|
||||
self::ATTACHMENT_MODE_CANONICAL_CONTEXT_ONLY,
|
||||
];
|
||||
}
|
||||
|
||||
/**
|
||||
* @return BelongsTo<Workspace, $this>
|
||||
*/
|
||||
public function workspace(): BelongsTo
|
||||
{
|
||||
return $this->belongsTo(Workspace::class);
|
||||
}
|
||||
|
||||
/**
|
||||
* @return BelongsTo<Tenant, $this>
|
||||
*/
|
||||
public function tenant(): BelongsTo
|
||||
{
|
||||
return $this->belongsTo(Tenant::class);
|
||||
}
|
||||
|
||||
/**
|
||||
* @return BelongsTo<OperationRun, $this>
|
||||
*/
|
||||
public function operationRun(): BelongsTo
|
||||
{
|
||||
return $this->belongsTo(OperationRun::class);
|
||||
}
|
||||
|
||||
/**
|
||||
* @return BelongsTo<User, $this>
|
||||
*/
|
||||
public function initiator(): BelongsTo
|
||||
{
|
||||
return $this->belongsTo(User::class, 'initiated_by_user_id');
|
||||
}
|
||||
}
|
||||
@ -12,6 +12,7 @@
|
||||
use App\Filament\Pages\Monitoring\FindingExceptionsQueue;
|
||||
use App\Filament\Pages\NoAccess;
|
||||
use App\Filament\Pages\Reviews\ReviewRegister;
|
||||
use App\Filament\Pages\Reviews\CustomerReviewWorkspace;
|
||||
use App\Filament\Pages\Settings\WorkspaceSettings;
|
||||
use App\Filament\Pages\TenantRequiredPermissions;
|
||||
use App\Filament\Pages\WorkspaceOverview;
|
||||
@ -183,6 +184,7 @@ public function panel(Panel $panel): Panel
|
||||
FindingsIntakeQueue::class,
|
||||
MyFindingsInbox::class,
|
||||
FindingExceptionsQueue::class,
|
||||
CustomerReviewWorkspace::class,
|
||||
ReviewRegister::class,
|
||||
])
|
||||
->widgets([
|
||||
|
||||
@ -4,9 +4,10 @@
|
||||
|
||||
namespace App\Services\Audit;
|
||||
|
||||
use App\Models\Tenant;
|
||||
use App\Models\OperationRun;
|
||||
use App\Models\PlatformUser;
|
||||
use App\Models\SupportRequest;
|
||||
use App\Models\Tenant;
|
||||
use App\Models\User;
|
||||
use App\Models\Workspace;
|
||||
use App\Support\Audit\AuditActionId;
|
||||
@ -14,6 +15,7 @@
|
||||
use App\Support\Audit\AuditActorType;
|
||||
use App\Support\Audit\AuditTargetSnapshot;
|
||||
use Carbon\CarbonImmutable;
|
||||
use InvalidArgumentException;
|
||||
|
||||
class WorkspaceAuditLogger
|
||||
{
|
||||
@ -136,4 +138,39 @@ public function logSupportDiagnosticsOpened(
|
||||
tenant: $tenant,
|
||||
);
|
||||
}
|
||||
|
||||
public function logSupportRequestCreated(
|
||||
SupportRequest $supportRequest,
|
||||
User|PlatformUser|null $actor = null,
|
||||
): \App\Models\AuditLog {
|
||||
$supportRequest->loadMissing(['tenant.workspace']);
|
||||
|
||||
$tenant = $supportRequest->tenant;
|
||||
|
||||
if (! $tenant instanceof Tenant) {
|
||||
throw new InvalidArgumentException('Support requests must belong to a tenant.');
|
||||
}
|
||||
|
||||
return $this->log(
|
||||
workspace: $tenant->workspace,
|
||||
action: AuditActionId::SupportRequestCreated,
|
||||
context: [
|
||||
'internal_reference' => $supportRequest->internal_reference,
|
||||
'primary_context_type' => $supportRequest->primary_context_type,
|
||||
'primary_context_id' => $supportRequest->primary_context_type === SupportRequest::PRIMARY_CONTEXT_OPERATION_RUN
|
||||
? (string) $supportRequest->operation_run_id
|
||||
: (string) $tenant->getKey(),
|
||||
'attachment_mode' => $supportRequest->attachment_mode,
|
||||
'redaction_mode' => (string) data_get($supportRequest->context_envelope, 'redaction_mode', 'default_redacted'),
|
||||
],
|
||||
actor: $actor,
|
||||
status: 'success',
|
||||
resourceType: 'support_request',
|
||||
resourceId: (string) $supportRequest->getKey(),
|
||||
targetLabel: $supportRequest->internal_reference,
|
||||
summary: 'Support request created for '.$supportRequest->internal_reference,
|
||||
operationRunId: $supportRequest->operation_run_id !== null ? (int) $supportRequest->operation_run_id : null,
|
||||
tenant: $tenant,
|
||||
);
|
||||
}
|
||||
}
|
||||
|
||||
@ -20,6 +20,7 @@ class RoleCapabilityMap
|
||||
Capabilities::TENANT_DELETE,
|
||||
Capabilities::TENANT_SYNC,
|
||||
Capabilities::SUPPORT_DIAGNOSTICS_VIEW,
|
||||
Capabilities::SUPPORT_REQUESTS_CREATE,
|
||||
Capabilities::TENANT_INVENTORY_SYNC_RUN,
|
||||
Capabilities::TENANT_FINDINGS_VIEW,
|
||||
Capabilities::TENANT_FINDINGS_TRIAGE,
|
||||
@ -65,6 +66,7 @@ class RoleCapabilityMap
|
||||
Capabilities::TENANT_MANAGE,
|
||||
Capabilities::TENANT_SYNC,
|
||||
Capabilities::SUPPORT_DIAGNOSTICS_VIEW,
|
||||
Capabilities::SUPPORT_REQUESTS_CREATE,
|
||||
Capabilities::TENANT_INVENTORY_SYNC_RUN,
|
||||
Capabilities::TENANT_FINDINGS_VIEW,
|
||||
Capabilities::TENANT_FINDINGS_TRIAGE,
|
||||
@ -106,6 +108,7 @@ class RoleCapabilityMap
|
||||
Capabilities::TENANT_VIEW,
|
||||
Capabilities::TENANT_SYNC,
|
||||
Capabilities::SUPPORT_DIAGNOSTICS_VIEW,
|
||||
Capabilities::SUPPORT_REQUESTS_CREATE,
|
||||
Capabilities::TENANT_INVENTORY_SYNC_RUN,
|
||||
Capabilities::TENANT_FINDINGS_VIEW,
|
||||
Capabilities::TENANT_FINDINGS_TRIAGE,
|
||||
|
||||
@ -0,0 +1,327 @@
|
||||
<?php
|
||||
|
||||
declare(strict_types=1);
|
||||
|
||||
namespace App\Services\Entitlements;
|
||||
|
||||
use App\Models\Tenant;
|
||||
use App\Models\Workspace;
|
||||
use App\Models\WorkspaceSetting;
|
||||
use App\Services\Settings\SettingsResolver;
|
||||
use Carbon\CarbonInterface;
|
||||
|
||||
final class WorkspaceEntitlementResolver
|
||||
{
|
||||
public const SETTING_DOMAIN = 'entitlements';
|
||||
|
||||
public const SETTING_PLAN_PROFILE = 'plan_profile';
|
||||
|
||||
public const SETTING_MANAGED_TENANT_LIMIT_OVERRIDE_VALUE = 'managed_tenant_limit_override_value';
|
||||
|
||||
public const SETTING_MANAGED_TENANT_LIMIT_OVERRIDE_REASON = 'managed_tenant_limit_override_reason';
|
||||
|
||||
public const SETTING_REVIEW_PACK_GENERATION_OVERRIDE_VALUE = 'review_pack_generation_override_value';
|
||||
|
||||
public const SETTING_REVIEW_PACK_GENERATION_OVERRIDE_REASON = 'review_pack_generation_override_reason';
|
||||
|
||||
public const KEY_MANAGED_TENANT_ACTIVATION_LIMIT = 'managed_tenant_activation_limit';
|
||||
|
||||
public const KEY_REVIEW_PACK_GENERATION_ENABLED = 'review_pack_generation_enabled';
|
||||
|
||||
public function __construct(
|
||||
private SettingsResolver $settingsResolver,
|
||||
private WorkspacePlanProfileCatalog $planProfileCatalog,
|
||||
) {}
|
||||
|
||||
/**
|
||||
* @return array{
|
||||
* plan_profile: array{id: string, label: string, description: string, managed_tenant_limit_default: int, review_pack_generation_default: bool, is_default: bool},
|
||||
* decisions: array<string, array{
|
||||
* workspace_id: int,
|
||||
* plan_profile_id: string,
|
||||
* plan_profile_label: string,
|
||||
* plan_profile_description: string,
|
||||
* key: string,
|
||||
* effective_value: int|bool,
|
||||
* source: 'plan_profile_default'|'workspace_override',
|
||||
* rationale: string|null,
|
||||
* current_usage: int|null,
|
||||
* remaining_capacity: int|null,
|
||||
* is_blocked: bool,
|
||||
* block_reason: string|null,
|
||||
* last_changed_at: CarbonInterface|null,
|
||||
* last_changed_by: string|null
|
||||
* }>
|
||||
* }
|
||||
*/
|
||||
public function summary(Workspace $workspace): array
|
||||
{
|
||||
$planProfile = $this->resolvePlanProfile($workspace);
|
||||
|
||||
return [
|
||||
'plan_profile' => $planProfile,
|
||||
'decisions' => [
|
||||
self::KEY_MANAGED_TENANT_ACTIVATION_LIMIT => $this->resolve($workspace, self::KEY_MANAGED_TENANT_ACTIVATION_LIMIT, $planProfile),
|
||||
self::KEY_REVIEW_PACK_GENERATION_ENABLED => $this->resolve($workspace, self::KEY_REVIEW_PACK_GENERATION_ENABLED, $planProfile),
|
||||
],
|
||||
];
|
||||
}
|
||||
|
||||
/**
|
||||
* @return array{id: string, label: string, description: string, managed_tenant_limit_default: int, review_pack_generation_default: bool, is_default: bool}
|
||||
*/
|
||||
public function resolvePlanProfile(Workspace $workspace): array
|
||||
{
|
||||
$planProfileId = $this->settingsResolver->resolveValue(
|
||||
workspace: $workspace,
|
||||
domain: self::SETTING_DOMAIN,
|
||||
key: self::SETTING_PLAN_PROFILE,
|
||||
);
|
||||
|
||||
return $this->planProfileCatalog->resolve(is_string($planProfileId) ? $planProfileId : null);
|
||||
}
|
||||
|
||||
/**
|
||||
* @param array{id: string, label: string, description: string, managed_tenant_limit_default: int, review_pack_generation_default: bool, is_default: bool}|null $planProfile
|
||||
* @return array{
|
||||
* workspace_id: int,
|
||||
* plan_profile_id: string,
|
||||
* plan_profile_label: string,
|
||||
* plan_profile_description: string,
|
||||
* key: string,
|
||||
* effective_value: int|bool,
|
||||
* source: 'plan_profile_default'|'workspace_override',
|
||||
* rationale: string|null,
|
||||
* current_usage: int|null,
|
||||
* remaining_capacity: int|null,
|
||||
* is_blocked: bool,
|
||||
* block_reason: string|null,
|
||||
* last_changed_at: CarbonInterface|null,
|
||||
* last_changed_by: string|null
|
||||
* }
|
||||
*/
|
||||
public function resolve(Workspace $workspace, string $key, ?array $planProfile = null): array
|
||||
{
|
||||
$planProfile ??= $this->resolvePlanProfile($workspace);
|
||||
$lastChanged = $this->lastChangedMetadata($workspace);
|
||||
|
||||
return match ($key) {
|
||||
self::KEY_MANAGED_TENANT_ACTIVATION_LIMIT => $this->resolveManagedTenantActivationLimitDecision($workspace, $planProfile, $lastChanged),
|
||||
self::KEY_REVIEW_PACK_GENERATION_ENABLED => $this->resolveReviewPackGenerationDecision($workspace, $planProfile, $lastChanged),
|
||||
default => throw new \InvalidArgumentException(sprintf('Unknown workspace entitlement key: %s', $key)),
|
||||
};
|
||||
}
|
||||
|
||||
/**
|
||||
* @param array{id: string, label: string, description: string, managed_tenant_limit_default: int, review_pack_generation_default: bool, is_default: bool} $planProfile
|
||||
* @param array{last_changed_at: CarbonInterface|null, last_changed_by: string|null} $lastChanged
|
||||
* @return array{
|
||||
* workspace_id: int,
|
||||
* plan_profile_id: string,
|
||||
* plan_profile_label: string,
|
||||
* plan_profile_description: string,
|
||||
* key: string,
|
||||
* effective_value: int,
|
||||
* source: 'plan_profile_default'|'workspace_override',
|
||||
* rationale: string|null,
|
||||
* current_usage: int,
|
||||
* remaining_capacity: int,
|
||||
* is_blocked: bool,
|
||||
* block_reason: string|null,
|
||||
* last_changed_at: CarbonInterface|null,
|
||||
* last_changed_by: string|null
|
||||
* }
|
||||
*/
|
||||
private function resolveManagedTenantActivationLimitDecision(Workspace $workspace, array $planProfile, array $lastChanged): array
|
||||
{
|
||||
$overrideValue = $this->settingsResolver->resolveDetailed(
|
||||
workspace: $workspace,
|
||||
domain: self::SETTING_DOMAIN,
|
||||
key: self::SETTING_MANAGED_TENANT_LIMIT_OVERRIDE_VALUE,
|
||||
);
|
||||
|
||||
$overrideReason = $this->settingsResolver->resolveValue(
|
||||
workspace: $workspace,
|
||||
domain: self::SETTING_DOMAIN,
|
||||
key: self::SETTING_MANAGED_TENANT_LIMIT_OVERRIDE_REASON,
|
||||
);
|
||||
|
||||
$effectiveValue = is_int($overrideValue['value'])
|
||||
? $overrideValue['value']
|
||||
: (int) $planProfile['managed_tenant_limit_default'];
|
||||
|
||||
$source = $overrideValue['source'] === 'workspace_override'
|
||||
? 'workspace_override'
|
||||
: 'plan_profile_default';
|
||||
|
||||
$currentUsage = Tenant::activeQuery()
|
||||
->where('workspace_id', (int) $workspace->getKey())
|
||||
->count();
|
||||
|
||||
$remainingCapacity = $effectiveValue - $currentUsage;
|
||||
$isBlocked = $currentUsage >= $effectiveValue;
|
||||
$rationale = $source === 'workspace_override'
|
||||
? (is_string($overrideReason) && $overrideReason !== '' ? $overrideReason : null)
|
||||
: (string) $planProfile['description'];
|
||||
|
||||
return [
|
||||
'workspace_id' => (int) $workspace->getKey(),
|
||||
'plan_profile_id' => (string) $planProfile['id'],
|
||||
'plan_profile_label' => (string) $planProfile['label'],
|
||||
'plan_profile_description' => (string) $planProfile['description'],
|
||||
'key' => self::KEY_MANAGED_TENANT_ACTIVATION_LIMIT,
|
||||
'effective_value' => $effectiveValue,
|
||||
'source' => $source,
|
||||
'rationale' => $rationale,
|
||||
'current_usage' => $currentUsage,
|
||||
'remaining_capacity' => $remainingCapacity,
|
||||
'is_blocked' => $isBlocked,
|
||||
'block_reason' => $isBlocked
|
||||
? $this->managedTenantLimitBlockReason($currentUsage, $effectiveValue, $source, $planProfile, $rationale)
|
||||
: null,
|
||||
'last_changed_at' => $lastChanged['last_changed_at'],
|
||||
'last_changed_by' => $lastChanged['last_changed_by'],
|
||||
];
|
||||
}
|
||||
|
||||
/**
|
||||
* @param array{id: string, label: string, description: string, managed_tenant_limit_default: int, review_pack_generation_default: bool, is_default: bool} $planProfile
|
||||
* @param array{last_changed_at: CarbonInterface|null, last_changed_by: string|null} $lastChanged
|
||||
* @return array{
|
||||
* workspace_id: int,
|
||||
* plan_profile_id: string,
|
||||
* plan_profile_label: string,
|
||||
* plan_profile_description: string,
|
||||
* key: string,
|
||||
* effective_value: bool,
|
||||
* source: 'plan_profile_default'|'workspace_override',
|
||||
* rationale: string|null,
|
||||
* current_usage: null,
|
||||
* remaining_capacity: null,
|
||||
* is_blocked: bool,
|
||||
* block_reason: string|null,
|
||||
* last_changed_at: CarbonInterface|null,
|
||||
* last_changed_by: string|null
|
||||
* }
|
||||
*/
|
||||
private function resolveReviewPackGenerationDecision(Workspace $workspace, array $planProfile, array $lastChanged): array
|
||||
{
|
||||
$overrideValue = $this->settingsResolver->resolveDetailed(
|
||||
workspace: $workspace,
|
||||
domain: self::SETTING_DOMAIN,
|
||||
key: self::SETTING_REVIEW_PACK_GENERATION_OVERRIDE_VALUE,
|
||||
);
|
||||
|
||||
$overrideReason = $this->settingsResolver->resolveValue(
|
||||
workspace: $workspace,
|
||||
domain: self::SETTING_DOMAIN,
|
||||
key: self::SETTING_REVIEW_PACK_GENERATION_OVERRIDE_REASON,
|
||||
);
|
||||
|
||||
$effectiveValue = is_bool($overrideValue['value'])
|
||||
? $overrideValue['value']
|
||||
: (bool) $planProfile['review_pack_generation_default'];
|
||||
|
||||
$source = $overrideValue['source'] === 'workspace_override'
|
||||
? 'workspace_override'
|
||||
: 'plan_profile_default';
|
||||
|
||||
$rationale = $source === 'workspace_override'
|
||||
? (is_string($overrideReason) && $overrideReason !== '' ? $overrideReason : null)
|
||||
: (string) $planProfile['description'];
|
||||
|
||||
return [
|
||||
'workspace_id' => (int) $workspace->getKey(),
|
||||
'plan_profile_id' => (string) $planProfile['id'],
|
||||
'plan_profile_label' => (string) $planProfile['label'],
|
||||
'plan_profile_description' => (string) $planProfile['description'],
|
||||
'key' => self::KEY_REVIEW_PACK_GENERATION_ENABLED,
|
||||
'effective_value' => $effectiveValue,
|
||||
'source' => $source,
|
||||
'rationale' => $rationale,
|
||||
'current_usage' => null,
|
||||
'remaining_capacity' => null,
|
||||
'is_blocked' => ! $effectiveValue,
|
||||
'block_reason' => $effectiveValue
|
||||
? null
|
||||
: $this->reviewPackGenerationBlockReason($source, $planProfile, $rationale),
|
||||
'last_changed_at' => $lastChanged['last_changed_at'],
|
||||
'last_changed_by' => $lastChanged['last_changed_by'],
|
||||
];
|
||||
}
|
||||
|
||||
/**
|
||||
* @return array{last_changed_at: CarbonInterface|null, last_changed_by: string|null}
|
||||
*/
|
||||
private function lastChangedMetadata(Workspace $workspace): array
|
||||
{
|
||||
$record = WorkspaceSetting::query()
|
||||
->where('workspace_id', (int) $workspace->getKey())
|
||||
->where('domain', self::SETTING_DOMAIN)
|
||||
->whereIn('key', [
|
||||
self::SETTING_PLAN_PROFILE,
|
||||
self::SETTING_MANAGED_TENANT_LIMIT_OVERRIDE_VALUE,
|
||||
self::SETTING_MANAGED_TENANT_LIMIT_OVERRIDE_REASON,
|
||||
self::SETTING_REVIEW_PACK_GENERATION_OVERRIDE_VALUE,
|
||||
self::SETTING_REVIEW_PACK_GENERATION_OVERRIDE_REASON,
|
||||
])
|
||||
->whereNotNull('updated_by_user_id')
|
||||
->with('updatedByUser:id,name')
|
||||
->latest('updated_at')
|
||||
->latest('id')
|
||||
->first();
|
||||
|
||||
if (! $record instanceof WorkspaceSetting) {
|
||||
return [
|
||||
'last_changed_at' => null,
|
||||
'last_changed_by' => null,
|
||||
];
|
||||
}
|
||||
|
||||
return [
|
||||
'last_changed_at' => $record->updated_at,
|
||||
'last_changed_by' => $record->updatedByUser?->name,
|
||||
];
|
||||
}
|
||||
|
||||
/**
|
||||
* @param array{id: string, label: string, description: string, managed_tenant_limit_default: int, review_pack_generation_default: bool, is_default: bool} $planProfile
|
||||
*/
|
||||
private function managedTenantLimitBlockReason(int $currentUsage, int $effectiveValue, string $source, array $planProfile, ?string $rationale): string
|
||||
{
|
||||
$prefix = $source === 'workspace_override'
|
||||
? 'This workspace override currently allows'
|
||||
: sprintf('The %s plan profile currently allows', $planProfile['label']);
|
||||
|
||||
$message = sprintf(
|
||||
'%s %d active managed tenant%s, and this workspace already has %d active managed tenant%s.',
|
||||
$prefix,
|
||||
$effectiveValue,
|
||||
$effectiveValue === 1 ? '' : 's',
|
||||
$currentUsage,
|
||||
$currentUsage === 1 ? '' : 's',
|
||||
);
|
||||
|
||||
if ($source === 'workspace_override' && $rationale !== null) {
|
||||
$message .= ' Reason: '.$rationale;
|
||||
}
|
||||
|
||||
return $message;
|
||||
}
|
||||
|
||||
/**
|
||||
* @param array{id: string, label: string, description: string, managed_tenant_limit_default: int, review_pack_generation_default: bool, is_default: bool} $planProfile
|
||||
*/
|
||||
private function reviewPackGenerationBlockReason(string $source, array $planProfile, ?string $rationale): string
|
||||
{
|
||||
$message = $source === 'workspace_override'
|
||||
? 'Review pack generation is disabled by workspace override.'
|
||||
: sprintf('Review pack generation is disabled by the %s plan profile.', $planProfile['label']);
|
||||
|
||||
if ($source === 'workspace_override' && $rationale !== null) {
|
||||
$message .= ' Reason: '.$rationale;
|
||||
}
|
||||
|
||||
return $message;
|
||||
}
|
||||
}
|
||||
@ -0,0 +1,104 @@
|
||||
<?php
|
||||
|
||||
declare(strict_types=1);
|
||||
|
||||
namespace App\Services\Entitlements;
|
||||
|
||||
final class WorkspacePlanProfileCatalog
|
||||
{
|
||||
/**
|
||||
* @var array<string, array{id: string, label: string, description: string, managed_tenant_limit_default: int, review_pack_generation_default: bool, is_default: bool}>
|
||||
*/
|
||||
private const PROFILES = [
|
||||
'starter' => [
|
||||
'id' => 'starter',
|
||||
'label' => 'Starter',
|
||||
'description' => 'Minimal allowance for early workspace access and low-volume operations.',
|
||||
'managed_tenant_limit_default' => 1,
|
||||
'review_pack_generation_default' => false,
|
||||
'is_default' => false,
|
||||
],
|
||||
'standard' => [
|
||||
'id' => 'standard',
|
||||
'label' => 'Standard',
|
||||
'description' => 'Balanced defaults for most managed workspaces.',
|
||||
'managed_tenant_limit_default' => 25,
|
||||
'review_pack_generation_default' => true,
|
||||
'is_default' => true,
|
||||
],
|
||||
'scale' => [
|
||||
'id' => 'scale',
|
||||
'label' => 'Scale',
|
||||
'description' => 'Higher managed-tenant capacity for larger workspace portfolios.',
|
||||
'managed_tenant_limit_default' => 100,
|
||||
'review_pack_generation_default' => true,
|
||||
'is_default' => false,
|
||||
],
|
||||
];
|
||||
|
||||
/**
|
||||
* @return list<array{id: string, label: string, description: string, managed_tenant_limit_default: int, review_pack_generation_default: bool, is_default: bool}>
|
||||
*/
|
||||
public function all(): array
|
||||
{
|
||||
return array_values(self::PROFILES);
|
||||
}
|
||||
|
||||
/**
|
||||
* @return array{id: string, label: string, description: string, managed_tenant_limit_default: int, review_pack_generation_default: bool, is_default: bool}
|
||||
*/
|
||||
public function default(): array
|
||||
{
|
||||
return self::PROFILES[self::defaultProfileId()];
|
||||
}
|
||||
|
||||
/**
|
||||
* @return array{id: string, label: string, description: string, managed_tenant_limit_default: int, review_pack_generation_default: bool, is_default: bool}|null
|
||||
*/
|
||||
public function find(?string $id): ?array
|
||||
{
|
||||
if ($id === null) {
|
||||
return null;
|
||||
}
|
||||
|
||||
return self::PROFILES[$id] ?? null;
|
||||
}
|
||||
|
||||
/**
|
||||
* @return array{id: string, label: string, description: string, managed_tenant_limit_default: int, review_pack_generation_default: bool, is_default: bool}
|
||||
*/
|
||||
public function resolve(?string $id): array
|
||||
{
|
||||
return $this->find($id) ?? $this->default();
|
||||
}
|
||||
|
||||
/**
|
||||
* @return array<string, string>
|
||||
*/
|
||||
public function optionLabels(): array
|
||||
{
|
||||
return array_map(
|
||||
static fn (array $profile): string => $profile['label'],
|
||||
self::PROFILES,
|
||||
);
|
||||
}
|
||||
|
||||
/**
|
||||
* @return list<string>
|
||||
*/
|
||||
public static function profileIds(): array
|
||||
{
|
||||
return array_keys(self::PROFILES);
|
||||
}
|
||||
|
||||
public static function defaultProfileId(): string
|
||||
{
|
||||
foreach (self::PROFILES as $id => $profile) {
|
||||
if ($profile['is_default']) {
|
||||
return $id;
|
||||
}
|
||||
}
|
||||
|
||||
throw new \RuntimeException('Workspace plan profile catalog is missing a default profile.');
|
||||
}
|
||||
}
|
||||
@ -4,6 +4,7 @@
|
||||
|
||||
namespace App\Services;
|
||||
|
||||
use App\Exceptions\Entitlements\WorkspaceEntitlementBlockedException;
|
||||
use App\Exceptions\ReviewPackEvidenceResolutionException;
|
||||
use App\Jobs\GenerateReviewPackJob;
|
||||
use App\Models\EvidenceSnapshot;
|
||||
@ -13,6 +14,7 @@
|
||||
use App\Models\TenantReview;
|
||||
use App\Models\User;
|
||||
use App\Services\Audit\WorkspaceAuditLogger;
|
||||
use App\Services\Entitlements\WorkspaceEntitlementResolver;
|
||||
use App\Services\Evidence\EvidenceResolutionRequest;
|
||||
use App\Services\Evidence\EvidenceSnapshotResolver;
|
||||
use App\Support\Audit\AuditActionId;
|
||||
@ -28,6 +30,7 @@ public function __construct(
|
||||
private OperationRunService $operationRunService,
|
||||
private EvidenceSnapshotResolver $snapshotResolver,
|
||||
private WorkspaceAuditLogger $auditLogger,
|
||||
private WorkspaceEntitlementResolver $workspaceEntitlementResolver,
|
||||
private ProductTelemetryRecorder $productTelemetryRecorder,
|
||||
) {}
|
||||
|
||||
@ -49,6 +52,8 @@ public function __construct(
|
||||
*/
|
||||
public function generate(Tenant $tenant, User $user, array $options = []): ReviewPack
|
||||
{
|
||||
$this->assertReviewPackGenerationAllowed($tenant);
|
||||
|
||||
$options = $this->normalizeOptions($options);
|
||||
$snapshot = $this->resolveSnapshot($tenant);
|
||||
$fingerprint = $this->computeFingerprintForSnapshot($snapshot, $options);
|
||||
@ -138,6 +143,8 @@ public function generateFromReview(TenantReview $review, User $user, array $opti
|
||||
throw new \InvalidArgumentException('Review exports require an anchored evidence snapshot.');
|
||||
}
|
||||
|
||||
$this->assertReviewPackGenerationAllowed($tenant);
|
||||
|
||||
$options = $this->normalizeOptions($options);
|
||||
$fingerprint = $this->computeFingerprintForReview($review, $options);
|
||||
$existing = $this->findExistingPackForReview($review, $fingerprint);
|
||||
@ -227,18 +234,31 @@ public function computeFingerprint(Tenant $tenant, array $options): string
|
||||
|
||||
/**
|
||||
* Generate a signed download URL for a review pack.
|
||||
*
|
||||
* @param array<string, scalar|null> $parameters
|
||||
*/
|
||||
public function generateDownloadUrl(ReviewPack $pack): string
|
||||
public function generateDownloadUrl(ReviewPack $pack, array $parameters = []): string
|
||||
{
|
||||
$ttlMinutes = (int) config('tenantpilot.review_pack.download_url_ttl_minutes', 60);
|
||||
|
||||
return URL::signedRoute(
|
||||
'admin.review-packs.download',
|
||||
['reviewPack' => $pack->getKey()],
|
||||
array_merge(['reviewPack' => $pack->getKey()], $parameters),
|
||||
now()->addMinutes($ttlMinutes),
|
||||
);
|
||||
}
|
||||
|
||||
/**
|
||||
* @return array<string, mixed>
|
||||
*/
|
||||
public function reviewPackGenerationDecisionForTenant(Tenant $tenant): array
|
||||
{
|
||||
return $this->workspaceEntitlementResolver->resolve(
|
||||
$tenant->workspace,
|
||||
WorkspaceEntitlementResolver::KEY_REVIEW_PACK_GENERATION_ENABLED,
|
||||
);
|
||||
}
|
||||
|
||||
private function recordReviewPackRequestTelemetry(ReviewPack $reviewPack, User $user, string $sourceSurface): void
|
||||
{
|
||||
$this->productTelemetryRecorder->record(
|
||||
@ -314,6 +334,17 @@ private function normalizeOptions(array $options): array
|
||||
];
|
||||
}
|
||||
|
||||
private function assertReviewPackGenerationAllowed(Tenant $tenant): void
|
||||
{
|
||||
$decision = $this->reviewPackGenerationDecisionForTenant($tenant);
|
||||
|
||||
if (! (bool) ($decision['is_blocked'] ?? false)) {
|
||||
return;
|
||||
}
|
||||
|
||||
throw new WorkspaceEntitlementBlockedException($decision);
|
||||
}
|
||||
|
||||
private function computeFingerprintForSnapshot(EvidenceSnapshot $snapshot, array $options): string
|
||||
{
|
||||
$data = [
|
||||
|
||||
@ -12,6 +12,7 @@
|
||||
use App\Services\Auth\RoleCapabilityMap;
|
||||
use App\Support\Auth\Capabilities;
|
||||
use Illuminate\Database\Eloquent\Builder;
|
||||
use Illuminate\Support\Facades\DB;
|
||||
|
||||
final class TenantReviewRegisterService
|
||||
{
|
||||
@ -43,6 +44,55 @@ public function query(User $user, Workspace $workspace): Builder
|
||||
->latest('id');
|
||||
}
|
||||
|
||||
public function latestPublishedQuery(User $user, Workspace $workspace): Builder
|
||||
{
|
||||
$tenantIds = array_keys($this->authorizedTenants($user, $workspace));
|
||||
|
||||
$rankedReviews = TenantReview::query()
|
||||
->select([
|
||||
'tenant_reviews.id',
|
||||
'tenant_reviews.tenant_id',
|
||||
'tenant_reviews.published_at',
|
||||
'tenant_reviews.generated_at',
|
||||
])
|
||||
->selectRaw('ROW_NUMBER() OVER (PARTITION BY tenant_id ORDER BY published_at DESC, generated_at DESC, id DESC) as rn')
|
||||
->forWorkspace((int) $workspace->getKey())
|
||||
->whereIn('tenant_id', $tenantIds === [] ? [-1] : $tenantIds)
|
||||
->published();
|
||||
|
||||
$latestPublishedIds = DB::query()
|
||||
->fromSub($rankedReviews, 'ranked_tenant_reviews')
|
||||
->where('rn', 1)
|
||||
->select('id');
|
||||
|
||||
return TenantReview::query()
|
||||
->with(['tenant', 'evidenceSnapshot', 'currentExportReviewPack'])
|
||||
->forWorkspace((int) $workspace->getKey())
|
||||
->whereIn('tenant_reviews.id', $latestPublishedIds)
|
||||
->orderByDesc('published_at')
|
||||
->orderByDesc('generated_at')
|
||||
->orderByDesc('id');
|
||||
}
|
||||
|
||||
public function customerWorkspaceTenantQuery(User $user, Workspace $workspace): Builder
|
||||
{
|
||||
$tenantIds = array_keys($this->authorizedTenants($user, $workspace));
|
||||
|
||||
return Tenant::query()
|
||||
->where('workspace_id', (int) $workspace->getKey())
|
||||
->whereIn('id', $tenantIds === [] ? [-1] : $tenantIds)
|
||||
->with([
|
||||
'tenantReviews' => fn ($query) => $query
|
||||
->with(['tenant', 'evidenceSnapshot', 'currentExportReviewPack'])
|
||||
->published()
|
||||
->orderByDesc('published_at')
|
||||
->orderByDesc('generated_at')
|
||||
->orderByDesc('id')
|
||||
->limit(1),
|
||||
])
|
||||
->orderBy('name');
|
||||
}
|
||||
|
||||
public function canAccessWorkspace(User $user, Workspace $workspace): bool
|
||||
{
|
||||
return WorkspaceMembership::query()
|
||||
|
||||
27
apps/platform/app/Support/Ai/AiDataClassification.php
Normal file
27
apps/platform/app/Support/Ai/AiDataClassification.php
Normal file
@ -0,0 +1,27 @@
|
||||
<?php
|
||||
|
||||
declare(strict_types=1);
|
||||
|
||||
namespace App\Support\Ai;
|
||||
|
||||
enum AiDataClassification: string
|
||||
{
|
||||
case ProductKnowledge = 'product_knowledge';
|
||||
case OperationalMetadata = 'operational_metadata';
|
||||
case RedactedSupportSummary = 'redacted_support_summary';
|
||||
case PersonalData = 'personal_data';
|
||||
case CustomerConfidential = 'customer_confidential';
|
||||
case RawProviderPayload = 'raw_provider_payload';
|
||||
|
||||
public function label(): string
|
||||
{
|
||||
return match ($this) {
|
||||
self::ProductKnowledge => 'Product knowledge',
|
||||
self::OperationalMetadata => 'Operational metadata',
|
||||
self::RedactedSupportSummary => 'Redacted support summary',
|
||||
self::PersonalData => 'Personal data',
|
||||
self::CustomerConfidential => 'Customer confidential',
|
||||
self::RawProviderPayload => 'Raw provider payload',
|
||||
};
|
||||
}
|
||||
}
|
||||
@ -0,0 +1,39 @@
|
||||
<?php
|
||||
|
||||
declare(strict_types=1);
|
||||
|
||||
namespace App\Support\Ai;
|
||||
|
||||
final class AiDecisionAuditMetadataFactory
|
||||
{
|
||||
/**
|
||||
* @return array<string, mixed>
|
||||
*/
|
||||
public function make(AiExecutionRequest $request, AiExecutionDecision $decision): array
|
||||
{
|
||||
return array_filter([
|
||||
'use_case_key' => $decision->useCaseKey,
|
||||
'decision_outcome' => $decision->outcome,
|
||||
'decision_reason' => $decision->reasonCode->value,
|
||||
'workspace_ai_policy_mode' => $decision->workspaceAiPolicyMode,
|
||||
'requested_provider_class' => $decision->requestedProviderClass,
|
||||
'data_classifications' => $decision->dataClassifications,
|
||||
'source_family' => $decision->sourceFamily,
|
||||
'workspace_id' => $request->workspace?->getKey(),
|
||||
'tenant_id' => $request->tenant?->getKey(),
|
||||
'context_fingerprint' => $this->normalizedFingerprint($request->contextFingerprint),
|
||||
'matched_operational_control_scope' => $decision->matchedOperationalControlScope,
|
||||
], static fn (mixed $value): bool => $value !== null);
|
||||
}
|
||||
|
||||
private function normalizedFingerprint(?string $contextFingerprint): ?string
|
||||
{
|
||||
if (! is_string($contextFingerprint)) {
|
||||
return null;
|
||||
}
|
||||
|
||||
$normalized = trim($contextFingerprint);
|
||||
|
||||
return $normalized === '' ? null : $normalized;
|
||||
}
|
||||
}
|
||||
18
apps/platform/app/Support/Ai/AiDecisionReasonCode.php
Normal file
18
apps/platform/app/Support/Ai/AiDecisionReasonCode.php
Normal file
@ -0,0 +1,18 @@
|
||||
<?php
|
||||
|
||||
declare(strict_types=1);
|
||||
|
||||
namespace App\Support\Ai;
|
||||
|
||||
enum AiDecisionReasonCode: string
|
||||
{
|
||||
case Allowed = 'allowed';
|
||||
case MissingWorkspaceContext = 'missing_workspace_context';
|
||||
case TenantOutsideWorkspace = 'tenant_outside_workspace';
|
||||
case OperationalControlPaused = 'operational_control_paused';
|
||||
case WorkspacePolicyDisabled = 'workspace_policy_disabled';
|
||||
case UnregisteredUseCase = 'unregistered_use_case';
|
||||
case ProviderClassBlocked = 'provider_class_blocked';
|
||||
case DataClassificationBlocked = 'data_classification_blocked';
|
||||
case SourceFamilyMismatch = 'source_family_mismatch';
|
||||
}
|
||||
37
apps/platform/app/Support/Ai/AiExecutionDecision.php
Normal file
37
apps/platform/app/Support/Ai/AiExecutionDecision.php
Normal file
@ -0,0 +1,37 @@
|
||||
<?php
|
||||
|
||||
declare(strict_types=1);
|
||||
|
||||
namespace App\Support\Ai;
|
||||
|
||||
use App\Support\Audit\AuditActionId;
|
||||
|
||||
final readonly class AiExecutionDecision
|
||||
{
|
||||
/**
|
||||
* @param list<string> $dataClassifications
|
||||
* @param array<string, mixed> $auditMetadata
|
||||
*/
|
||||
public function __construct(
|
||||
public string $outcome,
|
||||
public AiDecisionReasonCode $reasonCode,
|
||||
public string $workspaceAiPolicyMode,
|
||||
public ?string $matchedOperationalControlScope,
|
||||
public string $useCaseKey,
|
||||
public string $requestedProviderClass,
|
||||
public array $dataClassifications,
|
||||
public string $sourceFamily,
|
||||
public AuditActionId $auditAction,
|
||||
public array $auditMetadata,
|
||||
) {}
|
||||
|
||||
public function isAllowed(): bool
|
||||
{
|
||||
return $this->outcome === 'allowed';
|
||||
}
|
||||
|
||||
public function isBlocked(): bool
|
||||
{
|
||||
return $this->outcome === 'blocked';
|
||||
}
|
||||
}
|
||||
28
apps/platform/app/Support/Ai/AiExecutionRequest.php
Normal file
28
apps/platform/app/Support/Ai/AiExecutionRequest.php
Normal file
@ -0,0 +1,28 @@
|
||||
<?php
|
||||
|
||||
declare(strict_types=1);
|
||||
|
||||
namespace App\Support\Ai;
|
||||
|
||||
use App\Models\PlatformUser;
|
||||
use App\Models\Tenant;
|
||||
use App\Models\User;
|
||||
use App\Models\Workspace;
|
||||
|
||||
final readonly class AiExecutionRequest
|
||||
{
|
||||
/**
|
||||
* @param list<string> $dataClassifications
|
||||
*/
|
||||
public function __construct(
|
||||
public ?Workspace $workspace,
|
||||
public ?Tenant $tenant,
|
||||
public User|PlatformUser|null $actor,
|
||||
public string $useCaseKey,
|
||||
public string $requestedProviderClass,
|
||||
public array $dataClassifications,
|
||||
public string $sourceFamily,
|
||||
public ?string $callerSurface = null,
|
||||
public ?string $contextFingerprint = null,
|
||||
) {}
|
||||
}
|
||||
43
apps/platform/app/Support/Ai/AiPolicyMode.php
Normal file
43
apps/platform/app/Support/Ai/AiPolicyMode.php
Normal file
@ -0,0 +1,43 @@
|
||||
<?php
|
||||
|
||||
declare(strict_types=1);
|
||||
|
||||
namespace App\Support\Ai;
|
||||
|
||||
enum AiPolicyMode: string
|
||||
{
|
||||
case Disabled = 'disabled';
|
||||
case PrivateOnly = 'private_only';
|
||||
|
||||
public function label(): string
|
||||
{
|
||||
return match ($this) {
|
||||
self::Disabled => 'Disabled',
|
||||
self::PrivateOnly => 'Private only',
|
||||
};
|
||||
}
|
||||
|
||||
public function summary(): string
|
||||
{
|
||||
return match ($this) {
|
||||
self::Disabled => 'No AI execution is allowed for this workspace.',
|
||||
self::PrivateOnly => 'Only approved internal drafts may use private-only AI for approved use cases.',
|
||||
};
|
||||
}
|
||||
|
||||
/**
|
||||
* @return array<string, string>
|
||||
*/
|
||||
public static function optionLabels(): array
|
||||
{
|
||||
return array_reduce(
|
||||
self::cases(),
|
||||
static function (array $labels, self $mode): array {
|
||||
$labels[$mode->value] = $mode->label();
|
||||
|
||||
return $labels;
|
||||
},
|
||||
[],
|
||||
);
|
||||
}
|
||||
}
|
||||
19
apps/platform/app/Support/Ai/AiProviderClass.php
Normal file
19
apps/platform/app/Support/Ai/AiProviderClass.php
Normal file
@ -0,0 +1,19 @@
|
||||
<?php
|
||||
|
||||
declare(strict_types=1);
|
||||
|
||||
namespace App\Support\Ai;
|
||||
|
||||
enum AiProviderClass: string
|
||||
{
|
||||
case LocalPrivate = 'local_private';
|
||||
case ExternalPublic = 'external_public';
|
||||
|
||||
public function label(): string
|
||||
{
|
||||
return match ($this) {
|
||||
self::LocalPrivate => 'Local private',
|
||||
self::ExternalPublic => 'External public',
|
||||
};
|
||||
}
|
||||
}
|
||||
126
apps/platform/app/Support/Ai/AiUseCaseCatalog.php
Normal file
126
apps/platform/app/Support/Ai/AiUseCaseCatalog.php
Normal file
@ -0,0 +1,126 @@
|
||||
<?php
|
||||
|
||||
declare(strict_types=1);
|
||||
|
||||
namespace App\Support\Ai;
|
||||
|
||||
final class AiUseCaseCatalog
|
||||
{
|
||||
/**
|
||||
* @var array<string, array{
|
||||
* key: string,
|
||||
* label: string,
|
||||
* future_consumer: string,
|
||||
* visibility: string,
|
||||
* allowed_provider_classes: list<string>,
|
||||
* allowed_data_classifications: list<string>,
|
||||
* source_family: string,
|
||||
* tenant_context_permitted: bool
|
||||
* }>
|
||||
*/
|
||||
private const USE_CASES = [
|
||||
'product_knowledge.answer_draft' => [
|
||||
'key' => 'product_knowledge.answer_draft',
|
||||
'label' => 'Product knowledge answer draft',
|
||||
'future_consumer' => 'ContextualHelpResolver',
|
||||
'visibility' => 'internal_only_draft',
|
||||
'allowed_provider_classes' => [AiProviderClass::LocalPrivate->value],
|
||||
'allowed_data_classifications' => [
|
||||
AiDataClassification::ProductKnowledge->value,
|
||||
AiDataClassification::OperationalMetadata->value,
|
||||
],
|
||||
'source_family' => 'product_knowledge',
|
||||
'tenant_context_permitted' => false,
|
||||
],
|
||||
'support_diagnostics.summary_draft' => [
|
||||
'key' => 'support_diagnostics.summary_draft',
|
||||
'label' => 'Support diagnostics summary draft',
|
||||
'future_consumer' => 'SupportDiagnosticBundleBuilder',
|
||||
'visibility' => 'internal_only_draft',
|
||||
'allowed_provider_classes' => [AiProviderClass::LocalPrivate->value],
|
||||
'allowed_data_classifications' => [AiDataClassification::RedactedSupportSummary->value],
|
||||
'source_family' => 'support_diagnostics',
|
||||
'tenant_context_permitted' => true,
|
||||
],
|
||||
];
|
||||
|
||||
/**
|
||||
* @return list<array{
|
||||
* key: string,
|
||||
* label: string,
|
||||
* future_consumer: string,
|
||||
* visibility: string,
|
||||
* allowed_provider_classes: list<string>,
|
||||
* allowed_data_classifications: list<string>,
|
||||
* source_family: string,
|
||||
* tenant_context_permitted: bool
|
||||
* }>
|
||||
*/
|
||||
public function all(): array
|
||||
{
|
||||
return array_values(self::USE_CASES);
|
||||
}
|
||||
|
||||
/**
|
||||
* @return array{
|
||||
* key: string,
|
||||
* label: string,
|
||||
* future_consumer: string,
|
||||
* visibility: string,
|
||||
* allowed_provider_classes: list<string>,
|
||||
* allowed_data_classifications: list<string>,
|
||||
* source_family: string,
|
||||
* tenant_context_permitted: bool
|
||||
* }|null
|
||||
*/
|
||||
public function find(string $key): ?array
|
||||
{
|
||||
return self::USE_CASES[$key] ?? null;
|
||||
}
|
||||
|
||||
/**
|
||||
* @return list<string>
|
||||
*/
|
||||
public function labels(): array
|
||||
{
|
||||
return array_map(
|
||||
static fn (array $definition): string => $definition['label'],
|
||||
$this->all(),
|
||||
);
|
||||
}
|
||||
|
||||
/**
|
||||
* @return list<string>
|
||||
*/
|
||||
public function allowedProviderClassLabelsForMode(AiPolicyMode $mode): array
|
||||
{
|
||||
if ($mode === AiPolicyMode::Disabled) {
|
||||
return [];
|
||||
}
|
||||
|
||||
$labels = [];
|
||||
|
||||
foreach ($this->all() as $definition) {
|
||||
foreach ($definition['allowed_provider_classes'] as $providerClass) {
|
||||
$labels[$providerClass] = AiProviderClass::from($providerClass)->label();
|
||||
}
|
||||
}
|
||||
|
||||
return array_values($labels);
|
||||
}
|
||||
|
||||
/**
|
||||
* @return list<string>
|
||||
*/
|
||||
public function blockedDataClassificationLabels(): array
|
||||
{
|
||||
return array_map(
|
||||
static fn (AiDataClassification $classification): string => $classification->label(),
|
||||
[
|
||||
AiDataClassification::PersonalData,
|
||||
AiDataClassification::CustomerConfidential,
|
||||
AiDataClassification::RawProviderPayload,
|
||||
],
|
||||
);
|
||||
}
|
||||
}
|
||||
181
apps/platform/app/Support/Ai/GovernedAiExecutionBoundary.php
Normal file
181
apps/platform/app/Support/Ai/GovernedAiExecutionBoundary.php
Normal file
@ -0,0 +1,181 @@
|
||||
<?php
|
||||
|
||||
declare(strict_types=1);
|
||||
|
||||
namespace App\Support\Ai;
|
||||
|
||||
use App\Services\Audit\WorkspaceAuditLogger;
|
||||
use App\Services\Settings\SettingsResolver;
|
||||
use App\Support\Audit\AuditActionId;
|
||||
use App\Support\OperationalControls\OperationalControlEvaluator;
|
||||
|
||||
final class GovernedAiExecutionBoundary
|
||||
{
|
||||
public function __construct(
|
||||
private readonly AiUseCaseCatalog $useCaseCatalog,
|
||||
private readonly SettingsResolver $settingsResolver,
|
||||
private readonly OperationalControlEvaluator $operationalControls,
|
||||
private readonly AiDecisionAuditMetadataFactory $auditMetadataFactory,
|
||||
private readonly WorkspaceAuditLogger $workspaceAuditLogger,
|
||||
) {}
|
||||
|
||||
public function evaluate(AiExecutionRequest $request): AiExecutionDecision
|
||||
{
|
||||
$decision = $this->decisionFor($request);
|
||||
$metadata = $this->auditMetadataFactory->make($request, $decision);
|
||||
|
||||
$decision = new AiExecutionDecision(
|
||||
outcome: $decision->outcome,
|
||||
reasonCode: $decision->reasonCode,
|
||||
workspaceAiPolicyMode: $decision->workspaceAiPolicyMode,
|
||||
matchedOperationalControlScope: $decision->matchedOperationalControlScope,
|
||||
useCaseKey: $decision->useCaseKey,
|
||||
requestedProviderClass: $decision->requestedProviderClass,
|
||||
dataClassifications: $decision->dataClassifications,
|
||||
sourceFamily: $decision->sourceFamily,
|
||||
auditAction: $decision->auditAction,
|
||||
auditMetadata: $metadata,
|
||||
);
|
||||
|
||||
if ($request->workspace !== null) {
|
||||
$definition = $this->useCaseCatalog->find($request->useCaseKey);
|
||||
|
||||
$this->workspaceAuditLogger->log(
|
||||
workspace: $request->workspace,
|
||||
action: $decision->auditAction,
|
||||
context: ['metadata' => $decision->auditMetadata],
|
||||
actor: $request->actor,
|
||||
status: $decision->isAllowed() ? 'success' : 'blocked',
|
||||
resourceType: 'ai_use_case',
|
||||
resourceId: $request->useCaseKey,
|
||||
targetLabel: $definition['label'] ?? $request->useCaseKey,
|
||||
summary: 'AI execution decision evaluated',
|
||||
tenant: $request->tenant,
|
||||
);
|
||||
}
|
||||
|
||||
return $decision;
|
||||
}
|
||||
|
||||
private function decisionFor(AiExecutionRequest $request): AiExecutionDecision
|
||||
{
|
||||
if ($request->workspace === null) {
|
||||
return $this->blockedDecision(
|
||||
request: $request,
|
||||
reasonCode: AiDecisionReasonCode::MissingWorkspaceContext,
|
||||
workspaceAiPolicyMode: AiPolicyMode::Disabled->value,
|
||||
);
|
||||
}
|
||||
|
||||
if ($request->tenant !== null && (int) $request->tenant->workspace_id !== (int) $request->workspace->getKey()) {
|
||||
return $this->blockedDecision(
|
||||
request: $request,
|
||||
reasonCode: AiDecisionReasonCode::TenantOutsideWorkspace,
|
||||
workspaceAiPolicyMode: AiPolicyMode::Disabled->value,
|
||||
);
|
||||
}
|
||||
|
||||
$controlDecision = $this->operationalControls->evaluate('ai.execution', $request->workspace);
|
||||
|
||||
if ($controlDecision->isPaused()) {
|
||||
return $this->blockedDecision(
|
||||
request: $request,
|
||||
reasonCode: AiDecisionReasonCode::OperationalControlPaused,
|
||||
workspaceAiPolicyMode: $this->resolvedPolicyMode($request),
|
||||
matchedOperationalControlScope: $controlDecision->matchedScopeType,
|
||||
);
|
||||
}
|
||||
|
||||
$policyMode = $this->resolvedPolicyMode($request);
|
||||
|
||||
if ($policyMode === AiPolicyMode::Disabled->value) {
|
||||
return $this->blockedDecision(
|
||||
request: $request,
|
||||
reasonCode: AiDecisionReasonCode::WorkspacePolicyDisabled,
|
||||
workspaceAiPolicyMode: $policyMode,
|
||||
);
|
||||
}
|
||||
|
||||
$definition = $this->useCaseCatalog->find($request->useCaseKey);
|
||||
|
||||
if ($definition === null) {
|
||||
return $this->blockedDecision(
|
||||
request: $request,
|
||||
reasonCode: AiDecisionReasonCode::UnregisteredUseCase,
|
||||
workspaceAiPolicyMode: $policyMode,
|
||||
);
|
||||
}
|
||||
|
||||
if ($definition['source_family'] !== $request->sourceFamily) {
|
||||
return $this->blockedDecision(
|
||||
request: $request,
|
||||
reasonCode: AiDecisionReasonCode::SourceFamilyMismatch,
|
||||
workspaceAiPolicyMode: $policyMode,
|
||||
);
|
||||
}
|
||||
|
||||
if (! in_array($request->requestedProviderClass, $definition['allowed_provider_classes'], true)) {
|
||||
return $this->blockedDecision(
|
||||
request: $request,
|
||||
reasonCode: AiDecisionReasonCode::ProviderClassBlocked,
|
||||
workspaceAiPolicyMode: $policyMode,
|
||||
);
|
||||
}
|
||||
|
||||
foreach ($request->dataClassifications as $classification) {
|
||||
if (! in_array($classification, $definition['allowed_data_classifications'], true)) {
|
||||
return $this->blockedDecision(
|
||||
request: $request,
|
||||
reasonCode: AiDecisionReasonCode::DataClassificationBlocked,
|
||||
workspaceAiPolicyMode: $policyMode,
|
||||
);
|
||||
}
|
||||
}
|
||||
|
||||
return new AiExecutionDecision(
|
||||
outcome: 'allowed',
|
||||
reasonCode: AiDecisionReasonCode::Allowed,
|
||||
workspaceAiPolicyMode: $policyMode,
|
||||
matchedOperationalControlScope: null,
|
||||
useCaseKey: $request->useCaseKey,
|
||||
requestedProviderClass: $request->requestedProviderClass,
|
||||
dataClassifications: $request->dataClassifications,
|
||||
sourceFamily: $request->sourceFamily,
|
||||
auditAction: AuditActionId::AiExecutionDecisionEvaluated,
|
||||
auditMetadata: [],
|
||||
);
|
||||
}
|
||||
|
||||
private function resolvedPolicyMode(AiExecutionRequest $request): string
|
||||
{
|
||||
if ($request->workspace === null) {
|
||||
return AiPolicyMode::Disabled->value;
|
||||
}
|
||||
|
||||
$resolved = $this->settingsResolver->resolveValue($request->workspace, 'ai', 'policy_mode');
|
||||
|
||||
return is_string($resolved) && $resolved !== ''
|
||||
? $resolved
|
||||
: AiPolicyMode::Disabled->value;
|
||||
}
|
||||
|
||||
private function blockedDecision(
|
||||
AiExecutionRequest $request,
|
||||
AiDecisionReasonCode $reasonCode,
|
||||
string $workspaceAiPolicyMode,
|
||||
?string $matchedOperationalControlScope = null,
|
||||
): AiExecutionDecision {
|
||||
return new AiExecutionDecision(
|
||||
outcome: 'blocked',
|
||||
reasonCode: $reasonCode,
|
||||
workspaceAiPolicyMode: $workspaceAiPolicyMode,
|
||||
matchedOperationalControlScope: $matchedOperationalControlScope,
|
||||
useCaseKey: $request->useCaseKey,
|
||||
requestedProviderClass: $request->requestedProviderClass,
|
||||
dataClassifications: $request->dataClassifications,
|
||||
sourceFamily: $request->sourceFamily,
|
||||
auditAction: AuditActionId::AiExecutionDecisionEvaluated,
|
||||
auditMetadata: [],
|
||||
);
|
||||
}
|
||||
}
|
||||
@ -94,12 +94,16 @@ enum AuditActionId: string
|
||||
case TenantReviewRefreshed = 'tenant_review.refreshed';
|
||||
case TenantReviewPublished = 'tenant_review.published';
|
||||
case TenantReviewArchived = 'tenant_review.archived';
|
||||
case TenantReviewOpened = 'tenant_review.opened';
|
||||
case TenantReviewExported = 'tenant_review.exported';
|
||||
case TenantReviewSuccessorCreated = 'tenant_review.successor_created';
|
||||
case ReviewPackDownloaded = 'review_pack.downloaded';
|
||||
case TenantTriageReviewMarkedReviewed = 'tenant_triage_review.marked_reviewed';
|
||||
case TenantTriageReviewMarkedFollowUpNeeded = 'tenant_triage_review.marked_follow_up_needed';
|
||||
|
||||
case SupportDiagnosticsOpened = 'support_diagnostics.opened';
|
||||
case SupportRequestCreated = 'support_request.created';
|
||||
case AiExecutionDecisionEvaluated = 'ai_execution.decision_evaluated';
|
||||
case OperationalControlPaused = 'operational_control.paused';
|
||||
case OperationalControlUpdated = 'operational_control.updated';
|
||||
case OperationalControlResumed = 'operational_control.resumed';
|
||||
@ -236,11 +240,15 @@ private static function labels(): array
|
||||
self::TenantReviewRefreshed->value => 'Tenant review refreshed',
|
||||
self::TenantReviewPublished->value => 'Tenant review published',
|
||||
self::TenantReviewArchived->value => 'Tenant review archived',
|
||||
self::TenantReviewOpened->value => 'Tenant review opened',
|
||||
self::TenantReviewExported->value => 'Tenant review exported',
|
||||
self::TenantReviewSuccessorCreated->value => 'Tenant review next cycle created',
|
||||
self::ReviewPackDownloaded->value => 'Review pack downloaded',
|
||||
self::TenantTriageReviewMarkedReviewed->value => 'Triage review marked reviewed',
|
||||
self::TenantTriageReviewMarkedFollowUpNeeded->value => 'Triage review marked follow-up needed',
|
||||
self::SupportDiagnosticsOpened->value => 'Support diagnostics opened',
|
||||
self::SupportRequestCreated->value => 'Support request created',
|
||||
self::AiExecutionDecisionEvaluated->value => 'AI execution decision evaluated',
|
||||
self::OperationalControlPaused->value => 'Operational control paused',
|
||||
self::OperationalControlUpdated->value => 'Operational control updated',
|
||||
self::OperationalControlResumed->value => 'Operational control resumed',
|
||||
@ -324,9 +332,13 @@ private static function summaries(): array
|
||||
self::TenantReviewRefreshed->value => 'Tenant review refreshed',
|
||||
self::TenantReviewPublished->value => 'Tenant review published',
|
||||
self::TenantReviewArchived->value => 'Tenant review archived',
|
||||
self::TenantReviewOpened->value => 'Tenant review opened',
|
||||
self::TenantReviewExported->value => 'Tenant review exported',
|
||||
self::TenantReviewSuccessorCreated->value => 'Tenant review next cycle created',
|
||||
self::ReviewPackDownloaded->value => 'Review pack downloaded',
|
||||
self::SupportDiagnosticsOpened->value => 'Support diagnostics opened',
|
||||
self::SupportRequestCreated->value => 'Support request created',
|
||||
self::AiExecutionDecisionEvaluated->value => 'AI execution decision evaluated',
|
||||
self::OperationalControlPaused->value => 'Operational control paused',
|
||||
self::OperationalControlUpdated->value => 'Operational control updated',
|
||||
self::OperationalControlResumed->value => 'Operational control resumed',
|
||||
|
||||
@ -72,6 +72,9 @@ class Capabilities
|
||||
// Support diagnostics
|
||||
public const SUPPORT_DIAGNOSTICS_VIEW = 'support_diagnostics.view';
|
||||
|
||||
// Support requests
|
||||
public const SUPPORT_REQUESTS_CREATE = 'support_requests.create';
|
||||
|
||||
// Inventory
|
||||
public const TENANT_INVENTORY_SYNC_RUN = 'tenant_inventory_sync.run';
|
||||
|
||||
|
||||
@ -17,6 +17,13 @@ final class OperationalControlCatalog
|
||||
'operation_types' => ['restore.execute'],
|
||||
'affected_surfaces' => ['tenant.restore_runs.create'],
|
||||
],
|
||||
'ai.execution' => [
|
||||
'key' => 'ai.execution',
|
||||
'label' => 'AI execution',
|
||||
'supported_scopes' => ['global'],
|
||||
'operation_types' => ['ai.execution'],
|
||||
'affected_surfaces' => ['governed_ai.execution'],
|
||||
],
|
||||
];
|
||||
|
||||
/**
|
||||
|
||||
@ -6,6 +6,7 @@
|
||||
|
||||
use App\Models\ProviderConnection;
|
||||
use App\Models\Tenant;
|
||||
use App\Support\Ai\AiDataClassification;
|
||||
use App\Support\Governance\PlatformVocabularyGlossary;
|
||||
use App\Support\Links\RequiredPermissionsLinks;
|
||||
use App\Support\ReasonTranslation\ReasonPresenter;
|
||||
@ -147,6 +148,43 @@ public function knowledgeSource(): array
|
||||
return $this->catalog->knowledgeSource();
|
||||
}
|
||||
|
||||
/**
|
||||
* @return array{
|
||||
* use_case_key: string,
|
||||
* source_family: string,
|
||||
* data_classifications: list<string>,
|
||||
* operational_metadata: array{version: int, topic_count: int},
|
||||
* topics: list<array{
|
||||
* topic_key: string,
|
||||
* surface_families: list<string>,
|
||||
* headline: string,
|
||||
* short_explanation: string,
|
||||
* troubleshooting_steps: list<string>,
|
||||
* safe_next_action: string,
|
||||
* glossary_terms: list<string>,
|
||||
* docs_links: list<array{label: string, kind: string, url: ?string, resolver: ?string}>
|
||||
* }>
|
||||
* }
|
||||
*/
|
||||
public function aiProductKnowledgeAnswerDraftSource(): array
|
||||
{
|
||||
$source = $this->knowledgeSource();
|
||||
|
||||
return [
|
||||
'use_case_key' => 'product_knowledge.answer_draft',
|
||||
'source_family' => 'product_knowledge',
|
||||
'data_classifications' => [
|
||||
AiDataClassification::ProductKnowledge->value,
|
||||
AiDataClassification::OperationalMetadata->value,
|
||||
],
|
||||
'operational_metadata' => [
|
||||
'version' => (int) $source['version'],
|
||||
'topic_count' => (int) $source['topic_count'],
|
||||
],
|
||||
'topics' => $source['topics'],
|
||||
];
|
||||
}
|
||||
|
||||
/**
|
||||
* @param array<string, mixed>|null $verificationReport
|
||||
*/
|
||||
|
||||
@ -4,7 +4,9 @@
|
||||
|
||||
namespace App\Support\Settings;
|
||||
|
||||
use App\Support\Ai\AiPolicyMode;
|
||||
use App\Models\Finding;
|
||||
use App\Services\Entitlements\WorkspacePlanProfileCatalog;
|
||||
|
||||
final class SettingsRegistry
|
||||
{
|
||||
@ -17,6 +19,15 @@ public function __construct()
|
||||
{
|
||||
$this->definitions = [];
|
||||
|
||||
$this->register(new SettingDefinition(
|
||||
domain: 'ai',
|
||||
key: 'policy_mode',
|
||||
type: 'string',
|
||||
systemDefault: AiPolicyMode::Disabled->value,
|
||||
rules: ['required', 'string', 'in:disabled,private_only'],
|
||||
normalizer: static fn (mixed $value): string => strtolower(trim((string) $value)),
|
||||
));
|
||||
|
||||
$this->register(new SettingDefinition(
|
||||
domain: 'backup',
|
||||
key: 'retention_keep_last_default',
|
||||
@ -218,6 +229,91 @@ static function (string $attribute, mixed $value, \Closure $fail): void {
|
||||
rules: ['required', 'integer', 'min:0', 'max:10080'],
|
||||
normalizer: static fn (mixed $value): int => (int) $value,
|
||||
));
|
||||
|
||||
$this->register(new SettingDefinition(
|
||||
domain: 'entitlements',
|
||||
key: 'plan_profile',
|
||||
type: 'string',
|
||||
systemDefault: WorkspacePlanProfileCatalog::defaultProfileId(),
|
||||
rules: [
|
||||
'nullable',
|
||||
'string',
|
||||
'in:'.implode(',', WorkspacePlanProfileCatalog::profileIds()),
|
||||
],
|
||||
normalizer: static function (mixed $value): ?string {
|
||||
if ($value === null) {
|
||||
return null;
|
||||
}
|
||||
|
||||
$normalized = trim((string) $value);
|
||||
|
||||
return $normalized === '' ? null : $normalized;
|
||||
},
|
||||
));
|
||||
|
||||
$this->register(new SettingDefinition(
|
||||
domain: 'entitlements',
|
||||
key: 'managed_tenant_limit_override_value',
|
||||
type: 'int',
|
||||
systemDefault: null,
|
||||
rules: ['nullable', 'integer', 'min:0'],
|
||||
normalizer: static function (mixed $value): ?int {
|
||||
if ($value === null || $value === '') {
|
||||
return null;
|
||||
}
|
||||
|
||||
return (int) $value;
|
||||
},
|
||||
));
|
||||
|
||||
$this->register(new SettingDefinition(
|
||||
domain: 'entitlements',
|
||||
key: 'managed_tenant_limit_override_reason',
|
||||
type: 'string',
|
||||
systemDefault: null,
|
||||
rules: ['nullable', 'string', 'max:500'],
|
||||
normalizer: static function (mixed $value): ?string {
|
||||
if ($value === null) {
|
||||
return null;
|
||||
}
|
||||
|
||||
$normalized = trim((string) $value);
|
||||
|
||||
return $normalized === '' ? null : $normalized;
|
||||
},
|
||||
));
|
||||
|
||||
$this->register(new SettingDefinition(
|
||||
domain: 'entitlements',
|
||||
key: 'review_pack_generation_override_value',
|
||||
type: 'bool',
|
||||
systemDefault: null,
|
||||
rules: ['nullable', 'boolean'],
|
||||
normalizer: static function (mixed $value): ?bool {
|
||||
if ($value === null || $value === '') {
|
||||
return null;
|
||||
}
|
||||
|
||||
return filter_var($value, FILTER_VALIDATE_BOOL);
|
||||
},
|
||||
));
|
||||
|
||||
$this->register(new SettingDefinition(
|
||||
domain: 'entitlements',
|
||||
key: 'review_pack_generation_override_reason',
|
||||
type: 'string',
|
||||
systemDefault: null,
|
||||
rules: ['nullable', 'string', 'max:500'],
|
||||
normalizer: static function (mixed $value): ?string {
|
||||
if ($value === null) {
|
||||
return null;
|
||||
}
|
||||
|
||||
$normalized = trim((string) $value);
|
||||
|
||||
return $normalized === '' ? null : $normalized;
|
||||
},
|
||||
));
|
||||
}
|
||||
|
||||
/**
|
||||
|
||||
@ -19,6 +19,7 @@
|
||||
use App\Models\TenantReview;
|
||||
use App\Models\User;
|
||||
use App\Models\Workspace;
|
||||
use App\Support\Ai\AiDataClassification;
|
||||
use App\Support\Navigation\RelatedNavigationResolver;
|
||||
use App\Support\OperationRunLinks;
|
||||
use App\Support\OpsUx\GovernanceRunDiagnosticSummaryBuilder;
|
||||
@ -133,6 +134,39 @@ public function forOperationRun(OperationRun $run, ?User $actor = null): array
|
||||
);
|
||||
}
|
||||
|
||||
/**
|
||||
* @return array{
|
||||
* use_case_key: string,
|
||||
* source_family: string,
|
||||
* data_classifications: list<string>,
|
||||
* summary: array{
|
||||
* headline: string,
|
||||
* dominant_issue: string,
|
||||
* freshness_state: string,
|
||||
* completeness_note: ?string,
|
||||
* redaction_note: string,
|
||||
* generated_from: string
|
||||
* },
|
||||
* redaction: array{mode: string, markers: list<string>},
|
||||
* notes: list<string>
|
||||
* }
|
||||
*/
|
||||
public function aiSupportDiagnosticsSummaryDraftSource(Tenant $tenant, ?User $actor = null): array
|
||||
{
|
||||
$bundle = $this->forTenant($tenant, $actor);
|
||||
|
||||
return [
|
||||
'use_case_key' => 'support_diagnostics.summary_draft',
|
||||
'source_family' => 'support_diagnostics',
|
||||
'data_classifications' => [
|
||||
AiDataClassification::RedactedSupportSummary->value,
|
||||
],
|
||||
'summary' => $bundle['summary'],
|
||||
'redaction' => $bundle['redaction'],
|
||||
'notes' => $bundle['notes'],
|
||||
];
|
||||
}
|
||||
|
||||
/**
|
||||
* @param list<array<string, mixed>> $sections
|
||||
* @return array<string, mixed>
|
||||
|
||||
@ -0,0 +1,129 @@
|
||||
<?php
|
||||
|
||||
declare(strict_types=1);
|
||||
|
||||
namespace App\Support\SupportRequests;
|
||||
|
||||
use App\Models\OperationRun;
|
||||
use App\Models\Tenant;
|
||||
use App\Models\User;
|
||||
use App\Support\SupportDiagnostics\SupportDiagnosticBundleBuilder;
|
||||
|
||||
final class SupportRequestContextBuilder
|
||||
{
|
||||
public const ATTACHMENT_MODE_DIAGNOSTIC_SNAPSHOT_ATTACHED = 'diagnostic_snapshot_attached';
|
||||
|
||||
public const ATTACHMENT_MODE_CANONICAL_CONTEXT_ONLY = 'canonical_context_only';
|
||||
|
||||
public function __construct(
|
||||
private readonly SupportDiagnosticBundleBuilder $supportDiagnosticBundleBuilder,
|
||||
) {}
|
||||
|
||||
/**
|
||||
* @return array<string, mixed>
|
||||
*/
|
||||
public function forTenant(Tenant $tenant, User $actor, bool $attachDiagnosticSnapshot): array
|
||||
{
|
||||
return $this->buildEnvelope(
|
||||
bundle: $this->supportDiagnosticBundleBuilder->forTenant($tenant, $actor),
|
||||
attachDiagnosticSnapshot: $attachDiagnosticSnapshot,
|
||||
);
|
||||
}
|
||||
|
||||
/**
|
||||
* @return array<string, mixed>
|
||||
*/
|
||||
public function forOperationRun(OperationRun $run, User $actor, bool $attachDiagnosticSnapshot): array
|
||||
{
|
||||
return $this->buildEnvelope(
|
||||
bundle: $this->supportDiagnosticBundleBuilder->forOperationRun($run, $actor),
|
||||
attachDiagnosticSnapshot: $attachDiagnosticSnapshot,
|
||||
);
|
||||
}
|
||||
|
||||
/**
|
||||
* @param array<string, mixed> $bundle
|
||||
* @return array<string, mixed>
|
||||
*/
|
||||
private function buildEnvelope(array $bundle, bool $attachDiagnosticSnapshot): array
|
||||
{
|
||||
$attachmentMode = $attachDiagnosticSnapshot
|
||||
? self::ATTACHMENT_MODE_DIAGNOSTIC_SNAPSHOT_ATTACHED
|
||||
: self::ATTACHMENT_MODE_CANONICAL_CONTEXT_ONLY;
|
||||
|
||||
return [
|
||||
'schema_version' => 1,
|
||||
'generated_from' => 'support_diagnostics_bundle',
|
||||
'attachment_mode' => $attachmentMode,
|
||||
'redaction_mode' => (string) data_get($bundle, 'redaction.mode', 'default_redacted'),
|
||||
'primary_context' => [
|
||||
'type' => (string) data_get($bundle, 'context.type'),
|
||||
'workspace_id' => data_get($bundle, 'context.workspace_id'),
|
||||
'tenant_id' => data_get($bundle, 'context.tenant_id'),
|
||||
'operation_run_id' => data_get($bundle, 'context.operation_run_id'),
|
||||
'workspace_label' => data_get($bundle, 'context.workspace_label'),
|
||||
'tenant_label' => data_get($bundle, 'context.tenant_label'),
|
||||
],
|
||||
'canonical_context' => [
|
||||
'headline' => (string) data_get($bundle, 'summary.headline', data_get($bundle, 'headline')),
|
||||
'dominant_issue' => (string) data_get($bundle, 'summary.dominant_issue', data_get($bundle, 'dominant_issue')),
|
||||
'freshness_state' => (string) data_get($bundle, 'freshness_state'),
|
||||
'completeness_note' => data_get($bundle, 'summary.completeness_note'),
|
||||
'redaction_note' => data_get($bundle, 'summary.redaction_note'),
|
||||
'context' => data_get($bundle, 'context', []),
|
||||
'tenant' => data_get($bundle, 'tenant'),
|
||||
'operation_run' => data_get($bundle, 'operation_run'),
|
||||
'sections' => $this->canonicalSections($bundle),
|
||||
'notes' => is_array($bundle['notes'] ?? null)
|
||||
? array_values($bundle['notes'])
|
||||
: [],
|
||||
],
|
||||
'diagnostic_snapshot' => $attachDiagnosticSnapshot
|
||||
? [
|
||||
'contextual_help' => data_get($bundle, 'contextual_help'),
|
||||
'sections' => is_array($bundle['sections'] ?? null)
|
||||
? array_values($bundle['sections'])
|
||||
: [],
|
||||
'redaction' => is_array($bundle['redaction'] ?? null)
|
||||
? $bundle['redaction']
|
||||
: [],
|
||||
'notes' => is_array($bundle['notes'] ?? null)
|
||||
? array_values($bundle['notes'])
|
||||
: [],
|
||||
]
|
||||
: null,
|
||||
'omissions' => $attachDiagnosticSnapshot
|
||||
? []
|
||||
: [[
|
||||
'type' => 'diagnostic_snapshot',
|
||||
'reason' => 'omitted_without_support_diagnostics_view',
|
||||
'message' => 'Redacted diagnostic evidence was omitted because the creator could not view support diagnostics.',
|
||||
]],
|
||||
];
|
||||
}
|
||||
|
||||
/**
|
||||
* @param array<string, mixed> $bundle
|
||||
* @return list<array<string, mixed>>
|
||||
*/
|
||||
private function canonicalSections(array $bundle): array
|
||||
{
|
||||
if (! is_array($bundle['sections'] ?? null)) {
|
||||
return [];
|
||||
}
|
||||
|
||||
return array_values(array_map(
|
||||
static fn (array $section): array => [
|
||||
'key' => (string) ($section['key'] ?? ''),
|
||||
'label' => (string) ($section['label'] ?? ''),
|
||||
'availability' => (string) ($section['availability'] ?? 'missing'),
|
||||
'summary' => (string) ($section['summary'] ?? ''),
|
||||
'freshness_note' => $section['freshness_note'] ?? null,
|
||||
'references' => is_array($section['references'] ?? null)
|
||||
? array_values($section['references'])
|
||||
: [],
|
||||
],
|
||||
$bundle['sections'],
|
||||
));
|
||||
}
|
||||
}
|
||||
@ -0,0 +1,15 @@
|
||||
<?php
|
||||
|
||||
declare(strict_types=1);
|
||||
|
||||
namespace App\Support\SupportRequests;
|
||||
|
||||
use Illuminate\Support\Str;
|
||||
|
||||
final class SupportRequestReferenceGenerator
|
||||
{
|
||||
public function generate(): string
|
||||
{
|
||||
return 'SR-'.strtoupper((string) Str::ulid());
|
||||
}
|
||||
}
|
||||
@ -0,0 +1,186 @@
|
||||
<?php
|
||||
|
||||
declare(strict_types=1);
|
||||
|
||||
namespace App\Support\SupportRequests;
|
||||
|
||||
use App\Models\OperationRun;
|
||||
use App\Models\SupportRequest;
|
||||
use App\Models\Tenant;
|
||||
use App\Models\User;
|
||||
use App\Services\Audit\WorkspaceAuditLogger;
|
||||
use App\Services\Auth\CapabilityResolver;
|
||||
use App\Support\Auth\Capabilities;
|
||||
use Illuminate\Validation\Rule;
|
||||
use Illuminate\Validation\ValidationException;
|
||||
|
||||
final class SupportRequestSubmissionService
|
||||
{
|
||||
public function __construct(
|
||||
private readonly CapabilityResolver $capabilityResolver,
|
||||
private readonly SupportRequestContextBuilder $supportRequestContextBuilder,
|
||||
private readonly SupportRequestReferenceGenerator $supportRequestReferenceGenerator,
|
||||
private readonly WorkspaceAuditLogger $workspaceAuditLogger,
|
||||
) {}
|
||||
|
||||
/**
|
||||
* @param array<string, mixed> $data
|
||||
*/
|
||||
public function submitForTenant(Tenant $tenant, User $actor, array $data): SupportRequest
|
||||
{
|
||||
$this->authorizeCreation($tenant, $actor);
|
||||
|
||||
return $this->submit(
|
||||
tenant: $tenant,
|
||||
actor: $actor,
|
||||
data: $data,
|
||||
primaryContextType: SupportRequest::PRIMARY_CONTEXT_TENANT,
|
||||
operationRun: null,
|
||||
);
|
||||
}
|
||||
|
||||
/**
|
||||
* @param array<string, mixed> $data
|
||||
*/
|
||||
public function submitForOperationRun(OperationRun $run, User $actor, array $data): SupportRequest
|
||||
{
|
||||
$run->loadMissing('tenant.workspace');
|
||||
|
||||
$tenant = $run->tenant;
|
||||
|
||||
if (! $tenant instanceof Tenant) {
|
||||
abort(404);
|
||||
}
|
||||
|
||||
$this->authorizeCreation($tenant, $actor);
|
||||
|
||||
return $this->submit(
|
||||
tenant: $tenant,
|
||||
actor: $actor,
|
||||
data: $data,
|
||||
primaryContextType: SupportRequest::PRIMARY_CONTEXT_OPERATION_RUN,
|
||||
operationRun: $run,
|
||||
);
|
||||
}
|
||||
|
||||
private function authorizeCreation(Tenant $tenant, User $actor): void
|
||||
{
|
||||
if (! $this->capabilityResolver->isMember($actor, $tenant)) {
|
||||
abort(404);
|
||||
}
|
||||
|
||||
if (! $this->capabilityResolver->can($actor, $tenant, Capabilities::SUPPORT_REQUESTS_CREATE)) {
|
||||
abort(403);
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* @param array<string, mixed> $data
|
||||
*/
|
||||
private function submit(
|
||||
Tenant $tenant,
|
||||
User $actor,
|
||||
array $data,
|
||||
string $primaryContextType,
|
||||
?OperationRun $operationRun,
|
||||
): SupportRequest {
|
||||
$validated = $this->validate($data);
|
||||
$attachDiagnosticSnapshot = $this->capabilityResolver->can($actor, $tenant, Capabilities::SUPPORT_DIAGNOSTICS_VIEW);
|
||||
|
||||
$contextEnvelope = $operationRun instanceof OperationRun
|
||||
? $this->supportRequestContextBuilder->forOperationRun($operationRun, $actor, $attachDiagnosticSnapshot)
|
||||
: $this->supportRequestContextBuilder->forTenant($tenant, $actor, $attachDiagnosticSnapshot);
|
||||
|
||||
$contactName = $validated['contact_name'] ?? $this->normalizeNullableString($actor->name) ?? $this->normalizeNullableString($actor->email);
|
||||
$contactEmail = $validated['contact_email'] ?? $this->normalizeNullableString($actor->email);
|
||||
$connection = SupportRequest::query()->getModel()->getConnection();
|
||||
|
||||
return $connection->transaction(function () use (
|
||||
$actor,
|
||||
$contactEmail,
|
||||
$contactName,
|
||||
$contextEnvelope,
|
||||
$operationRun,
|
||||
$primaryContextType,
|
||||
$tenant,
|
||||
$validated,
|
||||
): SupportRequest {
|
||||
$supportRequest = SupportRequest::query()->create([
|
||||
'workspace_id' => (int) $tenant->workspace_id,
|
||||
'tenant_id' => (int) $tenant->getKey(),
|
||||
'operation_run_id' => $operationRun instanceof OperationRun ? (int) $operationRun->getKey() : null,
|
||||
'initiated_by_user_id' => (int) $actor->getKey(),
|
||||
'internal_reference' => $this->supportRequestReferenceGenerator->generate(),
|
||||
'primary_context_type' => $primaryContextType,
|
||||
'attachment_mode' => (string) data_get($contextEnvelope, 'attachment_mode', SupportRequest::ATTACHMENT_MODE_CANONICAL_CONTEXT_ONLY),
|
||||
'severity' => $validated['severity'],
|
||||
'summary' => $validated['summary'],
|
||||
'reproduction_notes' => $validated['reproduction_notes'],
|
||||
'contact_name' => $contactName,
|
||||
'contact_email' => $contactEmail,
|
||||
'context_envelope' => $contextEnvelope,
|
||||
]);
|
||||
|
||||
$supportRequest->loadMissing(['tenant.workspace']);
|
||||
|
||||
$this->workspaceAuditLogger->logSupportRequestCreated($supportRequest, $actor);
|
||||
|
||||
return $supportRequest;
|
||||
});
|
||||
}
|
||||
|
||||
/**
|
||||
* @param array<string, mixed> $data
|
||||
* @return array{
|
||||
* severity: string,
|
||||
* summary: string,
|
||||
* reproduction_notes: ?string,
|
||||
* contact_name: ?string,
|
||||
* contact_email: ?string,
|
||||
* }
|
||||
*/
|
||||
private function validate(array $data): array
|
||||
{
|
||||
$validated = validator(
|
||||
[
|
||||
'severity' => $data['severity'] ?? SupportRequest::SEVERITY_NORMAL,
|
||||
'summary' => $data['summary'] ?? null,
|
||||
'reproduction_notes' => $data['reproduction_notes'] ?? null,
|
||||
'contact_name' => $data['contact_name'] ?? null,
|
||||
'contact_email' => $data['contact_email'] ?? null,
|
||||
],
|
||||
[
|
||||
'severity' => ['required', 'string', Rule::in(SupportRequest::severityValues())],
|
||||
'summary' => ['required', 'string'],
|
||||
'reproduction_notes' => ['nullable', 'string'],
|
||||
'contact_name' => ['nullable', 'string'],
|
||||
'contact_email' => ['nullable', 'email'],
|
||||
],
|
||||
)->validate();
|
||||
|
||||
$validated['summary'] = trim((string) $validated['summary']);
|
||||
|
||||
if ($validated['summary'] === '') {
|
||||
throw ValidationException::withMessages([
|
||||
'summary' => 'The summary field is required.',
|
||||
]);
|
||||
}
|
||||
|
||||
$validated['reproduction_notes'] = $this->normalizeNullableString($validated['reproduction_notes'] ?? null);
|
||||
$validated['contact_name'] = $this->normalizeNullableString($validated['contact_name'] ?? null);
|
||||
$validated['contact_email'] = $this->normalizeNullableString($validated['contact_email'] ?? null);
|
||||
|
||||
return $validated;
|
||||
}
|
||||
|
||||
private function normalizeNullableString(mixed $value): ?string
|
||||
{
|
||||
if (! is_string($value)) {
|
||||
return null;
|
||||
}
|
||||
|
||||
$normalized = trim($value);
|
||||
|
||||
return $normalized === '' ? null : $normalized;
|
||||
}
|
||||
}
|
||||
@ -39,6 +39,7 @@
|
||||
use App\Filament\System\Pages\Dashboard as SystemDashboard;
|
||||
use App\Filament\System\Pages\Directory\ViewTenant as SystemDirectoryViewTenant;
|
||||
use App\Filament\System\Pages\Directory\ViewWorkspace as SystemDirectoryViewWorkspace;
|
||||
use App\Filament\System\Pages\Ops\Controls;
|
||||
use App\Filament\System\Pages\Ops\Runbooks;
|
||||
use App\Filament\System\Pages\Ops\ViewRun;
|
||||
use App\Filament\System\Pages\RepairWorkspaceOwners;
|
||||
@ -661,6 +662,32 @@ public static function spec195ResidualSurfaceInventory(): array
|
||||
'mustRemainBaselineExempt' => false,
|
||||
'mustNotRemainBaselineExempt' => true,
|
||||
],
|
||||
Controls::class => [
|
||||
'surfaceKey' => 'system_ops_controls',
|
||||
'surfaceName' => 'System Ops Controls',
|
||||
'pageClass' => Controls::class,
|
||||
'panelPlane' => 'system',
|
||||
'surfaceKind' => 'system_utility',
|
||||
'discoveryState' => 'outside_primary_discovery',
|
||||
'closureDecision' => 'separately_governed',
|
||||
'reasonCategory' => 'workflow_specific_governance',
|
||||
'explicitReason' => 'Operational controls is a dedicated system control workbench with confirmation-backed pause, resume, and history actions plus restore-gate coupling, so it remains governed by focused workflow tests instead of the generic declaration-backed contract.',
|
||||
'evidence' => [
|
||||
[
|
||||
'kind' => 'feature_livewire_test',
|
||||
'reference' => 'tests/Feature/System/OpsControls/OperationalControlManagementTest.php',
|
||||
'proves' => 'The controls page keeps capability-gated operational-control actions, confirmation semantics, scope previews, and audited pause or resume behavior under dedicated coverage.',
|
||||
],
|
||||
[
|
||||
'kind' => 'feature_livewire_test',
|
||||
'reference' => 'tests/Feature/Restore/OperationalControlRestoreExecutionGateTest.php',
|
||||
'proves' => 'Restore execution stays coupled to the shared operational-control workflow, including blocked execution and non-retroactive pause behavior after acceptance.',
|
||||
],
|
||||
],
|
||||
'followUpAction' => 'add_guard_only',
|
||||
'mustRemainBaselineExempt' => false,
|
||||
'mustNotRemainBaselineExempt' => true,
|
||||
],
|
||||
RepairWorkspaceOwners::class => [
|
||||
'surfaceKey' => 'repair_workspace_owners',
|
||||
'surfaceName' => 'Repair Workspace Owners',
|
||||
|
||||
98
apps/platform/database/factories/SupportRequestFactory.php
Normal file
98
apps/platform/database/factories/SupportRequestFactory.php
Normal file
@ -0,0 +1,98 @@
|
||||
<?php
|
||||
|
||||
declare(strict_types=1);
|
||||
|
||||
namespace Database\Factories;
|
||||
|
||||
use App\Models\OperationRun;
|
||||
use App\Models\SupportRequest;
|
||||
use App\Models\Tenant;
|
||||
use App\Models\User;
|
||||
use Illuminate\Database\Eloquent\Factories\Factory;
|
||||
use Illuminate\Support\Str;
|
||||
|
||||
/**
|
||||
* @extends \Illuminate\Database\Eloquent\Factories\Factory<\App\Models\SupportRequest>
|
||||
*/
|
||||
class SupportRequestFactory extends Factory
|
||||
{
|
||||
protected $model = SupportRequest::class;
|
||||
|
||||
/**
|
||||
* Define the model's default state.
|
||||
*
|
||||
* @return array<string, mixed>
|
||||
*/
|
||||
public function definition(): array
|
||||
{
|
||||
return [
|
||||
'tenant_id' => Tenant::factory(),
|
||||
'initiated_by_user_id' => User::factory(),
|
||||
'internal_reference' => 'SR-'.strtoupper((string) Str::ulid()),
|
||||
'primary_context_type' => SupportRequest::PRIMARY_CONTEXT_TENANT,
|
||||
'attachment_mode' => SupportRequest::ATTACHMENT_MODE_DIAGNOSTIC_SNAPSHOT_ATTACHED,
|
||||
'severity' => SupportRequest::SEVERITY_NORMAL,
|
||||
'summary' => fake()->sentence(),
|
||||
'reproduction_notes' => fake()->optional()->paragraph(),
|
||||
'contact_name' => fake()->name(),
|
||||
'contact_email' => fake()->safeEmail(),
|
||||
'context_envelope' => [
|
||||
'schema_version' => 1,
|
||||
'generated_from' => 'factory',
|
||||
'attachment_mode' => SupportRequest::ATTACHMENT_MODE_DIAGNOSTIC_SNAPSHOT_ATTACHED,
|
||||
'primary_context' => [
|
||||
'type' => SupportRequest::PRIMARY_CONTEXT_TENANT,
|
||||
],
|
||||
'canonical_context' => [
|
||||
'sections' => [],
|
||||
],
|
||||
'diagnostic_snapshot' => [
|
||||
'sections' => [],
|
||||
],
|
||||
'omissions' => [],
|
||||
],
|
||||
];
|
||||
}
|
||||
|
||||
public function canonicalContextOnly(): static
|
||||
{
|
||||
return $this->state(fn (array $attributes): array => [
|
||||
'attachment_mode' => SupportRequest::ATTACHMENT_MODE_CANONICAL_CONTEXT_ONLY,
|
||||
'context_envelope' => array_replace_recursive($attributes['context_envelope'] ?? [], [
|
||||
'attachment_mode' => SupportRequest::ATTACHMENT_MODE_CANONICAL_CONTEXT_ONLY,
|
||||
'diagnostic_snapshot' => null,
|
||||
'omissions' => [[
|
||||
'type' => 'diagnostic_snapshot',
|
||||
'reason' => 'omitted_without_support_diagnostics_view',
|
||||
]],
|
||||
]),
|
||||
]);
|
||||
}
|
||||
|
||||
public function forOperationRun(OperationRun $operationRun): static
|
||||
{
|
||||
return $this->state(fn (): array => [
|
||||
'tenant_id' => (int) $operationRun->tenant_id,
|
||||
'workspace_id' => (int) $operationRun->workspace_id,
|
||||
'operation_run_id' => (int) $operationRun->getKey(),
|
||||
'primary_context_type' => SupportRequest::PRIMARY_CONTEXT_OPERATION_RUN,
|
||||
'context_envelope' => [
|
||||
'schema_version' => 1,
|
||||
'generated_from' => 'factory',
|
||||
'attachment_mode' => SupportRequest::ATTACHMENT_MODE_DIAGNOSTIC_SNAPSHOT_ATTACHED,
|
||||
'primary_context' => [
|
||||
'type' => SupportRequest::PRIMARY_CONTEXT_OPERATION_RUN,
|
||||
'tenant_id' => (int) $operationRun->tenant_id,
|
||||
'operation_run_id' => (int) $operationRun->getKey(),
|
||||
],
|
||||
'canonical_context' => [
|
||||
'sections' => [],
|
||||
],
|
||||
'diagnostic_snapshot' => [
|
||||
'sections' => [],
|
||||
],
|
||||
'omissions' => [],
|
||||
],
|
||||
]);
|
||||
}
|
||||
}
|
||||
@ -0,0 +1,46 @@
|
||||
<?php
|
||||
|
||||
declare(strict_types=1);
|
||||
|
||||
use Illuminate\Database\Migrations\Migration;
|
||||
use Illuminate\Database\Schema\Blueprint;
|
||||
use Illuminate\Support\Facades\Schema;
|
||||
|
||||
return new class extends Migration
|
||||
{
|
||||
/**
|
||||
* Run the migrations.
|
||||
*/
|
||||
public function up(): void
|
||||
{
|
||||
Schema::create('support_requests', function (Blueprint $table): void {
|
||||
$table->id();
|
||||
$table->foreignId('workspace_id')->constrained('workspaces')->cascadeOnDelete();
|
||||
$table->foreignId('tenant_id')->constrained('tenants')->cascadeOnDelete();
|
||||
$table->foreignId('operation_run_id')->nullable()->constrained('operation_runs')->nullOnDelete();
|
||||
$table->foreignId('initiated_by_user_id')->nullable()->constrained('users')->nullOnDelete();
|
||||
$table->string('internal_reference')->unique();
|
||||
$table->string('primary_context_type');
|
||||
$table->string('attachment_mode');
|
||||
$table->string('severity');
|
||||
$table->text('summary');
|
||||
$table->text('reproduction_notes')->nullable();
|
||||
$table->string('contact_name')->nullable();
|
||||
$table->string('contact_email')->nullable();
|
||||
$table->jsonb('context_envelope')->default('{}');
|
||||
$table->timestamps();
|
||||
|
||||
$table->index(['workspace_id', 'tenant_id']);
|
||||
$table->index(['tenant_id', 'created_at']);
|
||||
$table->index(['operation_run_id', 'created_at']);
|
||||
});
|
||||
}
|
||||
|
||||
/**
|
||||
* Reverse the migrations.
|
||||
*/
|
||||
public function down(): void
|
||||
{
|
||||
Schema::dropIfExists('support_requests');
|
||||
}
|
||||
};
|
||||
@ -0,0 +1,19 @@
|
||||
<x-filament-panels::page>
|
||||
<x-filament::section>
|
||||
<div class="flex flex-col gap-3">
|
||||
<div class="text-lg font-semibold text-gray-900 dark:text-gray-100">
|
||||
Customer-safe review workspace
|
||||
</div>
|
||||
|
||||
<div class="text-sm text-gray-600 dark:text-gray-300">
|
||||
Review the latest published customer-safe posture for each entitled tenant without leaving the current workspace context.
|
||||
</div>
|
||||
|
||||
<div class="text-sm text-gray-600 dark:text-gray-300">
|
||||
Opening a row returns to the existing tenant review detail so evidence, review packs, and audit-aware proof remain on their canonical tenant-scoped surfaces.
|
||||
</div>
|
||||
</div>
|
||||
</x-filament::section>
|
||||
|
||||
{{ $this->table }}
|
||||
</x-filament-panels::page>
|
||||
@ -4,6 +4,11 @@
|
||||
$customerHealthDecision = $this->customerHealthDecision();
|
||||
$tenants = $this->workspaceTenants();
|
||||
$runs = $this->recentRuns();
|
||||
$workspaceEntitlementSummary = $this->workspaceEntitlementSummary();
|
||||
$planProfile = $workspaceEntitlementSummary['plan_profile'] ?? null;
|
||||
$entitlementDecisions = $workspaceEntitlementSummary['decisions'] ?? [];
|
||||
$managedTenantDecision = $entitlementDecisions['managed_tenant_activation_limit'] ?? null;
|
||||
$reviewPackDecision = $entitlementDecisions['review_pack_generation_enabled'] ?? null;
|
||||
@endphp
|
||||
|
||||
<x-filament-panels::page>
|
||||
@ -35,6 +40,58 @@
|
||||
@include('filament.system.pages.directory.partials.customer-health-decision-card', ['decision' => $customerHealthDecision])
|
||||
@endif
|
||||
|
||||
@if (is_array($planProfile) && is_array($managedTenantDecision) && is_array($reviewPackDecision))
|
||||
<x-filament::section>
|
||||
<x-slot name="heading">
|
||||
Workspace entitlements
|
||||
</x-slot>
|
||||
|
||||
<div class="grid grid-cols-1 gap-4 sm:grid-cols-2">
|
||||
<div class="rounded-lg bg-gray-50 px-4 py-3 dark:bg-white/5">
|
||||
<p class="text-xs font-semibold uppercase tracking-wider text-gray-500 dark:text-gray-400">Plan profile</p>
|
||||
<p class="mt-1 text-base font-semibold text-gray-950 dark:text-white">{{ $planProfile['label'] }}</p>
|
||||
<p class="mt-1 text-sm text-gray-500 dark:text-gray-400">{{ $planProfile['description'] }}</p>
|
||||
</div>
|
||||
|
||||
<div class="rounded-lg bg-gray-50 px-4 py-3 dark:bg-white/5">
|
||||
<p class="text-xs font-semibold uppercase tracking-wider text-gray-500 dark:text-gray-400">Last changed</p>
|
||||
<p class="mt-1 text-base font-semibold text-gray-950 dark:text-white">{{ $managedTenantDecision['last_changed_by'] ?? 'Not set' }}</p>
|
||||
<p class="mt-1 text-sm text-gray-500 dark:text-gray-400">{{ $managedTenantDecision['last_changed_at']?->diffForHumans() ?? 'No entitlement override recorded yet.' }}</p>
|
||||
</div>
|
||||
</div>
|
||||
|
||||
<div class="mt-4 space-y-3">
|
||||
<div class="rounded-lg border border-gray-200 px-4 py-3 dark:border-white/10">
|
||||
<div class="flex items-center justify-between gap-4">
|
||||
<div>
|
||||
<p class="text-sm font-semibold text-gray-950 dark:text-white">Managed tenant activation limit</p>
|
||||
<p class="text-sm text-gray-500 dark:text-gray-400">{{ $managedTenantDecision['current_usage'] }} active of {{ $managedTenantDecision['effective_value'] }} allowed</p>
|
||||
</div>
|
||||
<x-filament::badge :color="$managedTenantDecision['source'] === 'workspace_override' ? 'warning' : 'gray'">
|
||||
{{ $managedTenantDecision['source'] === 'workspace_override' ? 'workspace override' : ($managedTenantDecision['plan_profile_label'].' plan profile') }}
|
||||
</x-filament::badge>
|
||||
</div>
|
||||
|
||||
<p class="mt-2 text-sm text-gray-500 dark:text-gray-400">{{ $managedTenantDecision['rationale'] }}</p>
|
||||
</div>
|
||||
|
||||
<div class="rounded-lg border border-gray-200 px-4 py-3 dark:border-white/10">
|
||||
<div class="flex items-center justify-between gap-4">
|
||||
<div>
|
||||
<p class="text-sm font-semibold text-gray-950 dark:text-white">Review pack generation</p>
|
||||
<p class="text-sm text-gray-500 dark:text-gray-400">{{ $reviewPackDecision['effective_value'] ? 'Enabled' : 'Disabled' }}</p>
|
||||
</div>
|
||||
<x-filament::badge :color="$reviewPackDecision['source'] === 'workspace_override' ? 'warning' : 'gray'">
|
||||
{{ $reviewPackDecision['source'] === 'workspace_override' ? 'workspace override' : ($reviewPackDecision['plan_profile_label'].' plan profile') }}
|
||||
</x-filament::badge>
|
||||
</div>
|
||||
|
||||
<p class="mt-2 text-sm text-gray-500 dark:text-gray-400">{{ $reviewPackDecision['rationale'] }}</p>
|
||||
</div>
|
||||
</div>
|
||||
</x-filament::section>
|
||||
@endif
|
||||
|
||||
<x-filament::section>
|
||||
<x-slot name="heading">
|
||||
Tenants summary
|
||||
|
||||
@ -9,6 +9,9 @@
|
||||
/** @var ?string $pollingInterval */
|
||||
/** @var bool $canView */
|
||||
/** @var bool $canManage */
|
||||
/** @var bool $generationBlocked */
|
||||
/** @var ?string $generationBlockReason */
|
||||
/** @var ?string $customerWorkspaceUrl */
|
||||
/** @var ?string $downloadUrl */
|
||||
/** @var ?string $failedReason */
|
||||
/** @var ?string $failedReasonDetail */
|
||||
@ -24,6 +27,12 @@
|
||||
@endif
|
||||
>
|
||||
<x-filament::section heading="Review Pack">
|
||||
@if ($canManage && $generationBlocked && $generationBlockReason)
|
||||
<div class="mb-3 rounded-lg border border-warning-200 bg-warning-50 px-3 py-2 text-sm text-warning-800 dark:border-warning-500/30 dark:bg-warning-500/10 dark:text-warning-200">
|
||||
{{ $generationBlockReason }}
|
||||
</div>
|
||||
@endif
|
||||
|
||||
@if (! $pack)
|
||||
{{-- State 1: No pack --}}
|
||||
<div class="flex flex-col items-center gap-3 py-4 text-center">
|
||||
@ -37,12 +46,15 @@
|
||||
size="sm"
|
||||
wire:click="generatePack"
|
||||
wire:loading.attr="disabled"
|
||||
:disabled="$generationBlocked"
|
||||
>
|
||||
Generate pack
|
||||
</x-filament::button>
|
||||
@endif
|
||||
</div>
|
||||
@elseif ($statusEnum === ReviewPackStatus::Queued || $statusEnum === ReviewPackStatus::Generating)
|
||||
@endif
|
||||
|
||||
@if ($pack && ($statusEnum === ReviewPackStatus::Queued || $statusEnum === ReviewPackStatus::Generating))
|
||||
{{-- State 2: Queued / Generating --}}
|
||||
<div class="flex flex-col gap-3">
|
||||
<div class="flex items-center gap-2">
|
||||
@ -63,7 +75,9 @@
|
||||
Started {{ $pack->created_at?->diffForHumans() ?? '—' }}
|
||||
</div>
|
||||
</div>
|
||||
@elseif ($statusEnum === ReviewPackStatus::Ready)
|
||||
@endif
|
||||
|
||||
@if ($pack && $statusEnum === ReviewPackStatus::Ready)
|
||||
{{-- State 3: Ready --}}
|
||||
<div class="flex flex-col gap-3">
|
||||
<div class="flex items-center gap-2">
|
||||
@ -116,13 +130,16 @@
|
||||
color="gray"
|
||||
wire:click="generatePack"
|
||||
wire:loading.attr="disabled"
|
||||
:disabled="$generationBlocked"
|
||||
>
|
||||
Generate new
|
||||
</x-filament::button>
|
||||
@endif
|
||||
</div>
|
||||
</div>
|
||||
@elseif ($statusEnum === ReviewPackStatus::Failed)
|
||||
@endif
|
||||
|
||||
@if ($pack && $statusEnum === ReviewPackStatus::Failed)
|
||||
{{-- State 4: Failed --}}
|
||||
<div class="flex flex-col gap-3">
|
||||
<div class="flex items-center gap-2">
|
||||
@ -163,12 +180,15 @@
|
||||
size="sm"
|
||||
wire:click="generatePack"
|
||||
wire:loading.attr="disabled"
|
||||
:disabled="$generationBlocked"
|
||||
>
|
||||
Retry
|
||||
</x-filament::button>
|
||||
@endif
|
||||
</div>
|
||||
@elseif ($statusEnum === ReviewPackStatus::Expired)
|
||||
@endif
|
||||
|
||||
@if ($pack && $statusEnum === ReviewPackStatus::Expired)
|
||||
{{-- State 5: Expired --}}
|
||||
<div class="flex flex-col gap-3">
|
||||
<div class="flex items-center gap-2">
|
||||
@ -189,11 +209,25 @@
|
||||
size="sm"
|
||||
wire:click="generatePack"
|
||||
wire:loading.attr="disabled"
|
||||
:disabled="$generationBlocked"
|
||||
>
|
||||
Generate new
|
||||
</x-filament::button>
|
||||
@endif
|
||||
</div>
|
||||
@endif
|
||||
|
||||
@if ($canView && $customerWorkspaceUrl)
|
||||
<div class="mt-3 flex items-center gap-2">
|
||||
<x-filament::button
|
||||
size="sm"
|
||||
color="gray"
|
||||
tag="a"
|
||||
:href="$customerWorkspaceUrl"
|
||||
>
|
||||
Customer workspace
|
||||
</x-filament::button>
|
||||
</div>
|
||||
@endif
|
||||
</x-filament::section>
|
||||
</div>
|
||||
|
||||
@ -0,0 +1,100 @@
|
||||
<?php
|
||||
|
||||
declare(strict_types=1);
|
||||
|
||||
use App\Filament\Resources\TenantReviewResource;
|
||||
use App\Models\ReviewPack;
|
||||
use App\Models\Tenant;
|
||||
use App\Support\TenantReviewStatus;
|
||||
use App\Support\Workspaces\WorkspaceContext;
|
||||
use Illuminate\Foundation\Testing\RefreshDatabase;
|
||||
use Illuminate\Support\Facades\Storage;
|
||||
|
||||
uses(RefreshDatabase::class);
|
||||
|
||||
pest()->browser()->timeout(20_000);
|
||||
|
||||
beforeEach(function (): void {
|
||||
Storage::fake('exports');
|
||||
});
|
||||
|
||||
it('smokes the customer review workspace handoff from tenant review detail', function (): void {
|
||||
$tenantPublished = Tenant::factory()->create(['name' => 'Published Tenant']);
|
||||
[$user, $tenantPublished] = createUserWithTenant(
|
||||
tenant: $tenantPublished,
|
||||
role: 'owner',
|
||||
workspaceRole: 'manager',
|
||||
);
|
||||
|
||||
$tenantWithoutPublished = Tenant::factory()->create([
|
||||
'workspace_id' => (int) $tenantPublished->workspace_id,
|
||||
'name' => 'No Published Tenant',
|
||||
]);
|
||||
|
||||
createUserWithTenant(
|
||||
tenant: $tenantWithoutPublished,
|
||||
user: $user,
|
||||
role: 'owner',
|
||||
workspaceRole: 'manager',
|
||||
);
|
||||
|
||||
$publishedSnapshot = seedTenantReviewEvidence($tenantPublished);
|
||||
$noPublishedSnapshot = seedTenantReviewEvidence($tenantWithoutPublished);
|
||||
|
||||
$publishedReview = composeTenantReviewForTest($tenantPublished, $user, $publishedSnapshot);
|
||||
$publishedReview->forceFill([
|
||||
'status' => TenantReviewStatus::Published->value,
|
||||
'published_at' => now(),
|
||||
'published_by_user_id' => (int) $user->getKey(),
|
||||
])->save();
|
||||
|
||||
$internalOnlyReview = composeTenantReviewForTest($tenantWithoutPublished, $user, $noPublishedSnapshot);
|
||||
$internalOnlyReview->forceFill([
|
||||
'status' => TenantReviewStatus::Ready->value,
|
||||
'published_at' => null,
|
||||
'published_by_user_id' => null,
|
||||
])->save();
|
||||
|
||||
Storage::disk('exports')->put('review-packs/customer-review-workspace-smoke.zip', 'PK-test');
|
||||
|
||||
ReviewPack::factory()->ready()->create([
|
||||
'tenant_id' => (int) $tenantPublished->getKey(),
|
||||
'workspace_id' => (int) $tenantPublished->workspace_id,
|
||||
'tenant_review_id' => (int) $publishedReview->getKey(),
|
||||
'evidence_snapshot_id' => (int) $publishedSnapshot->getKey(),
|
||||
'initiated_by_user_id' => (int) $user->getKey(),
|
||||
'file_path' => 'review-packs/customer-review-workspace-smoke.zip',
|
||||
'file_disk' => 'exports',
|
||||
]);
|
||||
|
||||
$this->actingAs($user)->withSession([
|
||||
WorkspaceContext::SESSION_KEY => (int) $tenantPublished->workspace_id,
|
||||
WorkspaceContext::LAST_TENANT_IDS_SESSION_KEY => [
|
||||
(string) $tenantPublished->workspace_id => (int) $tenantPublished->getKey(),
|
||||
],
|
||||
]);
|
||||
|
||||
visit(TenantReviewResource::tenantScopedUrl('view', ['record' => $publishedReview], $tenantPublished))
|
||||
->waitForText('Related context')
|
||||
->assertSee('Open customer workspace')
|
||||
->assertNoJavaScriptErrors()
|
||||
->assertNoConsoleLogs()
|
||||
->click('Open customer workspace')
|
||||
->waitForText('Customer-safe review workspace')
|
||||
->assertSee('Clear filters')
|
||||
->assertSee('Open latest review')
|
||||
->assertDontSee('Publish review')
|
||||
->assertDontSee('Refresh review')
|
||||
->click('Clear filters')
|
||||
->waitForText('No published review available yet')
|
||||
->assertSee('No published review available yet')
|
||||
->click('Open latest review')
|
||||
->waitForText('Outcome summary')
|
||||
->assertDontSee('Publish review')
|
||||
->assertDontSee('Refresh review')
|
||||
->assertDontSee('Create next review')
|
||||
->assertDontSee('Export executive pack')
|
||||
->assertDontSee('Archive review')
|
||||
->assertNoJavaScriptErrors()
|
||||
->assertNoConsoleLogs();
|
||||
});
|
||||
@ -5,12 +5,14 @@
|
||||
use App\Filament\Resources\BackupScheduleResource\Pages\ListBackupSchedules;
|
||||
use App\Filament\Resources\BackupSetResource\Pages\ListBackupSets;
|
||||
use App\Filament\Resources\ProviderConnectionResource\Pages\ListProviderConnections;
|
||||
use App\Filament\Resources\ReviewPackResource\Pages\ListReviewPacks;
|
||||
use App\Filament\Resources\RestoreRunResource\Pages\ListRestoreRuns;
|
||||
use App\Filament\Resources\TenantResource\Pages\ListTenants;
|
||||
use App\Filament\Resources\Workspaces\Pages\ListWorkspaces;
|
||||
use App\Models\BackupSchedule;
|
||||
use App\Models\BackupSet;
|
||||
use App\Models\ProviderConnection;
|
||||
use App\Models\ReviewPack;
|
||||
use App\Models\RestoreRun;
|
||||
use App\Models\User;
|
||||
use App\Models\Workspace;
|
||||
@ -240,6 +242,47 @@ function getPlacementEmptyStateAction(Testable $component, string $name): ?Actio
|
||||
expect($headerCreate?->isVisible())->toBeTrue();
|
||||
});
|
||||
|
||||
it('shows generate only in empty state when review packs table is empty', function (): void {
|
||||
[$user, $tenant] = createUserWithTenant(role: 'owner');
|
||||
|
||||
$this->actingAs($user);
|
||||
$tenant->makeCurrent();
|
||||
Filament::setTenant($tenant, true);
|
||||
|
||||
$component = Livewire::test(ListReviewPacks::class)
|
||||
->assertTableEmptyStateActionsExistInOrder(['generate_first']);
|
||||
|
||||
$emptyStateGenerate = getPlacementEmptyStateAction($component, 'generate_first');
|
||||
expect($emptyStateGenerate)->not->toBeNull();
|
||||
expect($emptyStateGenerate?->getLabel())->toBe('Generate first pack');
|
||||
|
||||
$headerGenerate = getHeaderAction($component, 'generate_pack');
|
||||
expect($headerGenerate)->not->toBeNull();
|
||||
expect($headerGenerate?->isVisible())->toBeFalse();
|
||||
});
|
||||
|
||||
it('shows generate only in header when review packs table is not empty', function (): void {
|
||||
[$user, $tenant] = createUserWithTenant(role: 'owner');
|
||||
|
||||
$this->actingAs($user);
|
||||
$tenant->makeCurrent();
|
||||
Filament::setTenant($tenant, true);
|
||||
|
||||
ReviewPack::factory()->ready()->create([
|
||||
'tenant_id' => (int) $tenant->getKey(),
|
||||
'workspace_id' => (int) $tenant->workspace_id,
|
||||
'initiated_by_user_id' => (int) $user->getKey(),
|
||||
]);
|
||||
|
||||
$component = Livewire::test(ListReviewPacks::class)
|
||||
->assertCountTableRecords(1);
|
||||
|
||||
$headerGenerate = getHeaderAction($component, 'generate_pack');
|
||||
expect($headerGenerate)->not->toBeNull();
|
||||
expect($headerGenerate?->isVisible())->toBeTrue();
|
||||
expect($headerGenerate?->getLabel())->toBe('Generate Pack');
|
||||
});
|
||||
|
||||
it('shows create only in empty state when tenants table is empty', function (): void {
|
||||
$workspace = Workspace::factory()->create([
|
||||
'archived_at' => now(),
|
||||
|
||||
@ -0,0 +1,111 @@
|
||||
<?php
|
||||
|
||||
declare(strict_types=1);
|
||||
|
||||
use App\Filament\Pages\Settings\WorkspaceSettings;
|
||||
use App\Models\User;
|
||||
use App\Models\Workspace;
|
||||
use App\Models\WorkspaceMembership;
|
||||
use App\Services\Entitlements\WorkspaceEntitlementResolver;
|
||||
use App\Support\Workspaces\WorkspaceContext;
|
||||
use Livewire\Livewire;
|
||||
|
||||
/**
|
||||
* @return array{0: Workspace, 1: User}
|
||||
*/
|
||||
function entitlementSettingsManager(): array
|
||||
{
|
||||
$workspace = Workspace::factory()->create();
|
||||
$user = User::factory()->create();
|
||||
|
||||
WorkspaceMembership::factory()->create([
|
||||
'workspace_id' => (int) $workspace->getKey(),
|
||||
'user_id' => (int) $user->getKey(),
|
||||
'role' => 'manager',
|
||||
]);
|
||||
|
||||
session()->put(WorkspaceContext::SESSION_KEY, (int) $workspace->getKey());
|
||||
|
||||
return [$workspace, $user];
|
||||
}
|
||||
|
||||
it('saves entitlement plan profile and override pairs through the workspace settings page', function (): void {
|
||||
[$workspace, $user] = entitlementSettingsManager();
|
||||
|
||||
$this->actingAs($user)
|
||||
->get(WorkspaceSettings::getUrl(panel: 'admin'))
|
||||
->assertSuccessful()
|
||||
->assertSee('Workspace entitlements');
|
||||
|
||||
$component = Livewire::actingAs($user)
|
||||
->test(WorkspaceSettings::class)
|
||||
->assertSet('data.entitlements_plan_profile', null)
|
||||
->assertSet('data.entitlements_managed_tenant_limit_override_value', null)
|
||||
->assertSet('data.entitlements_managed_tenant_limit_override_reason', null)
|
||||
->assertSet('data.entitlements_review_pack_generation_override_value', null)
|
||||
->assertSet('data.entitlements_review_pack_generation_override_reason', null)
|
||||
->set('data.entitlements_plan_profile', 'starter')
|
||||
->set('data.entitlements_managed_tenant_limit_override_value', 2)
|
||||
->set('data.entitlements_managed_tenant_limit_override_reason', 'Temporary support-approved exception')
|
||||
->set('data.entitlements_review_pack_generation_override_value', '0')
|
||||
->set('data.entitlements_review_pack_generation_override_reason', 'Workspace is temporarily limited to manual reporting only')
|
||||
->callAction('save')
|
||||
->assertHasNoErrors()
|
||||
->assertSet('data.entitlements_plan_profile', 'starter')
|
||||
->assertSet('data.entitlements_managed_tenant_limit_override_value', 2)
|
||||
->assertSet('data.entitlements_managed_tenant_limit_override_reason', 'Temporary support-approved exception')
|
||||
->assertSet('data.entitlements_review_pack_generation_override_value', '0')
|
||||
->assertSet('data.entitlements_review_pack_generation_override_reason', 'Workspace is temporarily limited to manual reporting only');
|
||||
|
||||
$summary = app(WorkspaceEntitlementResolver::class)->summary($workspace);
|
||||
|
||||
expect($summary['plan_profile']['id'])->toBe('starter')
|
||||
->and($summary['decisions'][WorkspaceEntitlementResolver::KEY_MANAGED_TENANT_ACTIVATION_LIMIT])
|
||||
->toMatchArray([
|
||||
'effective_value' => 2,
|
||||
'source' => 'workspace_override',
|
||||
'rationale' => 'Temporary support-approved exception',
|
||||
'last_changed_by' => $user->name,
|
||||
])
|
||||
->and($summary['decisions'][WorkspaceEntitlementResolver::KEY_REVIEW_PACK_GENERATION_ENABLED])
|
||||
->toMatchArray([
|
||||
'effective_value' => false,
|
||||
'source' => 'workspace_override',
|
||||
'rationale' => 'Workspace is temporarily limited to manual reporting only',
|
||||
'last_changed_by' => $user->name,
|
||||
]);
|
||||
|
||||
$component
|
||||
->mountFormComponentAction('entitlements_managed_tenant_limit_override_value', 'reset_entitlements_managed_tenant_limit_override_value', [], 'content')
|
||||
->callMountedFormComponentAction()
|
||||
->assertHasNoErrors()
|
||||
->assertSet('data.entitlements_managed_tenant_limit_override_value', null)
|
||||
->assertSet('data.entitlements_managed_tenant_limit_override_reason', null);
|
||||
|
||||
$summary = app(WorkspaceEntitlementResolver::class)->summary($workspace);
|
||||
|
||||
expect($summary['decisions'][WorkspaceEntitlementResolver::KEY_MANAGED_TENANT_ACTIVATION_LIMIT])
|
||||
->toMatchArray([
|
||||
'effective_value' => 1,
|
||||
'source' => 'plan_profile_default',
|
||||
'rationale' => 'Minimal allowance for early workspace access and low-volume operations.',
|
||||
]);
|
||||
});
|
||||
|
||||
it('requires an override reason when a workspace entitlement override value is set', function (): void {
|
||||
[, $user] = entitlementSettingsManager();
|
||||
|
||||
Livewire::actingAs($user)
|
||||
->test(WorkspaceSettings::class)
|
||||
->set('data.entitlements_managed_tenant_limit_override_value', 3)
|
||||
->set('data.entitlements_managed_tenant_limit_override_reason', '')
|
||||
->callAction('save')
|
||||
->assertHasErrors(['data.entitlements_managed_tenant_limit_override_reason']);
|
||||
|
||||
Livewire::actingAs($user)
|
||||
->test(WorkspaceSettings::class)
|
||||
->set('data.entitlements_review_pack_generation_override_value', '0')
|
||||
->set('data.entitlements_review_pack_generation_override_reason', '')
|
||||
->callAction('save')
|
||||
->assertHasErrors(['data.entitlements_review_pack_generation_override_reason']);
|
||||
});
|
||||
@ -950,6 +950,7 @@ function actionSurfaceSystemPanelContext(array $capabilities): PlatformUser
|
||||
\App\Filament\System\Pages\Dashboard::class,
|
||||
\App\Filament\System\Pages\Ops\ViewRun::class,
|
||||
\App\Filament\System\Pages\Ops\Runbooks::class,
|
||||
\App\Filament\System\Pages\Ops\Controls::class,
|
||||
\App\Filament\System\Pages\RepairWorkspaceOwners::class,
|
||||
\App\Filament\System\Pages\Directory\ViewTenant::class,
|
||||
\App\Filament\System\Pages\Directory\ViewWorkspace::class,
|
||||
|
||||
@ -0,0 +1,49 @@
|
||||
<?php
|
||||
|
||||
declare(strict_types=1);
|
||||
|
||||
use Illuminate\Support\Facades\File;
|
||||
|
||||
it('prevents ai governance surfaces from declaring direct outbound or vendor-specific provider runtime code', function (): void {
|
||||
$root = app_path();
|
||||
|
||||
$files = collect(File::allFiles($root))
|
||||
->map(fn (\SplFileInfo $file): string => str_replace($root.'/', '', $file->getPathname()))
|
||||
->filter(fn (string $relativePath): bool => str_starts_with($relativePath, 'Support/Ai/')
|
||||
|| $relativePath === 'Support/ProductKnowledge/ContextualHelpResolver.php'
|
||||
|| $relativePath === 'Support/SupportDiagnostics/SupportDiagnosticBundleBuilder.php')
|
||||
->values();
|
||||
|
||||
$patterns = [
|
||||
'outbound_http' => '/\bHttp::/',
|
||||
'guzzle_client' => '/\bnew\s+Client\b/',
|
||||
'curl_runtime' => '/\bcurl_/i',
|
||||
'openai_vendor' => '/\bOpenAI\b/i',
|
||||
'anthropic_vendor' => '/\bAnthropic\b/i',
|
||||
'gemini_vendor' => '/\bGemini\b/i',
|
||||
'openrouter_vendor' => '/\bOpenRouter\b/i',
|
||||
'chat_completions_runtime' => '/\bChatCompletion\b/i',
|
||||
];
|
||||
|
||||
$hits = [];
|
||||
|
||||
foreach ($files as $relativePath) {
|
||||
$contents = file_get_contents($root.'/'.$relativePath);
|
||||
|
||||
if (! is_string($contents) || $contents === '') {
|
||||
continue;
|
||||
}
|
||||
|
||||
$lines = preg_split('/\R/', $contents) ?: [];
|
||||
|
||||
foreach ($patterns as $label => $pattern) {
|
||||
foreach ($lines as $index => $line) {
|
||||
if (preg_match($pattern, $line) === 1) {
|
||||
$hits[] = $relativePath.':'.($index + 1).' ['.$label.'] '.trim($line);
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
expect($hits)->toBeEmpty("AI governance surfaces must stay vendor-neutral and must not perform outbound provider runtime calls directly:\n".implode("\n", $hits));
|
||||
});
|
||||
@ -35,6 +35,7 @@ function spec195FormattedIssues(array $issues): string
|
||||
\App\Filament\System\Pages\Dashboard::class,
|
||||
\App\Filament\System\Pages\Ops\ViewRun::class,
|
||||
\App\Filament\System\Pages\Ops\Runbooks::class,
|
||||
\App\Filament\System\Pages\Ops\Controls::class,
|
||||
\App\Filament\System\Pages\RepairWorkspaceOwners::class,
|
||||
\App\Filament\System\Pages\Directory\ViewTenant::class,
|
||||
\App\Filament\System\Pages\Directory\ViewWorkspace::class,
|
||||
@ -67,6 +68,7 @@ function spec195FormattedIssues(array $issues): string
|
||||
|
||||
expect($inventory[\App\Filament\System\Pages\Ops\ViewRun::class]['closureDecision'] ?? null)->toBe('separately_governed')
|
||||
->and($inventory[\App\Filament\System\Pages\Ops\Runbooks::class]['closureDecision'] ?? null)->toBe('separately_governed')
|
||||
->and($inventory[\App\Filament\System\Pages\Ops\Controls::class]['closureDecision'] ?? null)->toBe('separately_governed')
|
||||
->and($inventory[\App\Filament\System\Pages\RepairWorkspaceOwners::class]['closureDecision'] ?? null)->toBe('separately_governed')
|
||||
->and($inventory[\App\Filament\System\Pages\Directory\ViewTenant::class]['closureDecision'] ?? null)->toBe('harmless_special_case')
|
||||
->and($inventory[\App\Filament\System\Pages\Directory\ViewWorkspace::class]['closureDecision'] ?? null)->toBe('harmless_special_case')
|
||||
@ -76,6 +78,7 @@ function spec195FormattedIssues(array $issues): string
|
||||
\App\Filament\System\Pages\Dashboard::class,
|
||||
\App\Filament\System\Pages\Ops\ViewRun::class,
|
||||
\App\Filament\System\Pages\Ops\Runbooks::class,
|
||||
\App\Filament\System\Pages\Ops\Controls::class,
|
||||
\App\Filament\System\Pages\RepairWorkspaceOwners::class,
|
||||
\App\Filament\System\Pages\Directory\ViewTenant::class,
|
||||
\App\Filament\System\Pages\Directory\ViewWorkspace::class,
|
||||
|
||||
@ -0,0 +1,190 @@
|
||||
<?php
|
||||
|
||||
declare(strict_types=1);
|
||||
|
||||
use App\Filament\Pages\Workspaces\ManagedTenantOnboardingWizard;
|
||||
use App\Models\AuditLog;
|
||||
use App\Models\OperationRun;
|
||||
use App\Models\ProviderConnection;
|
||||
use App\Models\Tenant;
|
||||
use App\Models\TenantOnboardingSession;
|
||||
use App\Models\User;
|
||||
use App\Models\Workspace;
|
||||
use App\Services\Entitlements\WorkspaceEntitlementResolver;
|
||||
use App\Services\Settings\SettingsWriter;
|
||||
use App\Support\OperationRunOutcome;
|
||||
use App\Support\OperationRunStatus;
|
||||
use App\Support\Workspaces\WorkspaceContext;
|
||||
use Illuminate\Support\Facades\Queue;
|
||||
use Livewire\Livewire;
|
||||
|
||||
/**
|
||||
* @return array{workspace: Workspace, user: User, tenant: Tenant, draft: TenantOnboardingSession, component: \Livewire\Features\SupportTesting\Testable}
|
||||
*/
|
||||
function readyOnboardingEntitlementContext(int $activeTenantCount = 0, ?int $limitOverride = null, ?string $overrideReason = null): array
|
||||
{
|
||||
Queue::fake();
|
||||
|
||||
$workspace = Workspace::factory()->create();
|
||||
$user = User::factory()->create();
|
||||
|
||||
$tenant = Tenant::factory()->create([
|
||||
'workspace_id' => (int) $workspace->getKey(),
|
||||
'status' => Tenant::STATUS_ONBOARDING,
|
||||
]);
|
||||
|
||||
createUserWithTenant(
|
||||
tenant: $tenant,
|
||||
user: $user,
|
||||
role: 'owner',
|
||||
workspaceRole: 'owner',
|
||||
ensureDefaultMicrosoftProviderConnection: false,
|
||||
);
|
||||
|
||||
if ($activeTenantCount > 0) {
|
||||
Tenant::factory()->count($activeTenantCount)->create([
|
||||
'workspace_id' => (int) $workspace->getKey(),
|
||||
'status' => Tenant::STATUS_ACTIVE,
|
||||
]);
|
||||
}
|
||||
|
||||
$connection = ProviderConnection::factory()->platform()->consentGranted()->create([
|
||||
'workspace_id' => (int) $workspace->getKey(),
|
||||
'tenant_id' => (int) $tenant->getKey(),
|
||||
'provider' => 'microsoft',
|
||||
'entra_tenant_id' => (string) $tenant->tenant_id,
|
||||
'display_name' => 'Ready connection',
|
||||
'is_default' => true,
|
||||
'consent_status' => 'granted',
|
||||
]);
|
||||
|
||||
$run = OperationRun::factory()->create([
|
||||
'tenant_id' => (int) $tenant->getKey(),
|
||||
'workspace_id' => (int) $workspace->getKey(),
|
||||
'user_id' => (int) $user->getKey(),
|
||||
'type' => 'provider.connection.check',
|
||||
'status' => OperationRunStatus::Completed->value,
|
||||
'outcome' => OperationRunOutcome::Succeeded->value,
|
||||
'context' => [
|
||||
'provider' => 'microsoft',
|
||||
'module' => 'health_check',
|
||||
'provider_connection_id' => (int) $connection->getKey(),
|
||||
'target_scope' => [
|
||||
'entra_tenant_id' => (string) $tenant->tenant_id,
|
||||
],
|
||||
],
|
||||
]);
|
||||
|
||||
$draft = createOnboardingDraft([
|
||||
'workspace' => $workspace,
|
||||
'tenant' => $tenant,
|
||||
'started_by' => $user,
|
||||
'updated_by' => $user,
|
||||
'current_step' => 'bootstrap',
|
||||
'state' => [
|
||||
'entra_tenant_id' => (string) $tenant->tenant_id,
|
||||
'tenant_name' => (string) $tenant->name,
|
||||
'provider_connection_id' => (int) $connection->getKey(),
|
||||
'verification_operation_run_id' => (int) $run->getKey(),
|
||||
],
|
||||
]);
|
||||
|
||||
if ($limitOverride !== null) {
|
||||
$writer = app(SettingsWriter::class);
|
||||
$writer->updateWorkspaceSetting(
|
||||
actor: $user,
|
||||
workspace: $workspace,
|
||||
domain: WorkspaceEntitlementResolver::SETTING_DOMAIN,
|
||||
key: WorkspaceEntitlementResolver::SETTING_MANAGED_TENANT_LIMIT_OVERRIDE_VALUE,
|
||||
value: $limitOverride,
|
||||
);
|
||||
|
||||
if ($overrideReason !== null) {
|
||||
$writer->updateWorkspaceSetting(
|
||||
actor: $user,
|
||||
workspace: $workspace,
|
||||
domain: WorkspaceEntitlementResolver::SETTING_DOMAIN,
|
||||
key: WorkspaceEntitlementResolver::SETTING_MANAGED_TENANT_LIMIT_OVERRIDE_REASON,
|
||||
value: $overrideReason,
|
||||
);
|
||||
}
|
||||
}
|
||||
|
||||
session()->put(WorkspaceContext::SESSION_KEY, (int) $workspace->getKey());
|
||||
|
||||
$component = Livewire::actingAs($user)->test(ManagedTenantOnboardingWizard::class, [
|
||||
'onboardingDraft' => (int) $draft->getKey(),
|
||||
]);
|
||||
|
||||
return compact('workspace', 'user', 'tenant', 'draft', 'component');
|
||||
}
|
||||
|
||||
it('allows onboarding activation when the workspace is within its managed tenant limit', function (): void {
|
||||
$context = readyOnboardingEntitlementContext(activeTenantCount: 0);
|
||||
|
||||
$context['component']->call('completeOnboarding');
|
||||
|
||||
$context['tenant']->refresh();
|
||||
|
||||
expect($context['tenant']->status)->toBe(Tenant::STATUS_ACTIVE)
|
||||
->and(AuditLog::query()
|
||||
->where('workspace_id', (int) $context['workspace']->getKey())
|
||||
->where('action', 'managed_tenant_onboarding.activation')
|
||||
->exists())->toBeTrue();
|
||||
});
|
||||
|
||||
it('blocks onboarding activation with a business-state reason when the workspace is at limit', function (): void {
|
||||
$context = readyOnboardingEntitlementContext(
|
||||
activeTenantCount: 1,
|
||||
limitOverride: 1,
|
||||
overrideReason: 'Customer currently allows one active tenant',
|
||||
);
|
||||
|
||||
$decision = app(WorkspaceEntitlementResolver::class)->resolve(
|
||||
$context['workspace'],
|
||||
WorkspaceEntitlementResolver::KEY_MANAGED_TENANT_ACTIVATION_LIMIT,
|
||||
);
|
||||
|
||||
expect($decision['is_blocked'])->toBeTrue();
|
||||
|
||||
$context['component']
|
||||
->assertSee('Activation entitlement')
|
||||
->assertSee('Blocked')
|
||||
->call('completeOnboarding');
|
||||
|
||||
$context['tenant']->refresh();
|
||||
|
||||
expect($context['tenant']->status)->toBe(Tenant::STATUS_ONBOARDING)
|
||||
->and(AuditLog::query()
|
||||
->where('workspace_id', (int) $context['workspace']->getKey())
|
||||
->where('action', 'managed_tenant_onboarding.activation')
|
||||
->exists())->toBeFalse();
|
||||
});
|
||||
|
||||
it('allows onboarding activation when a workspace override raises the limit above current usage', function (): void {
|
||||
$context = readyOnboardingEntitlementContext(
|
||||
activeTenantCount: 1,
|
||||
limitOverride: 2,
|
||||
overrideReason: 'Temporary support-approved exception',
|
||||
);
|
||||
|
||||
$decision = app(WorkspaceEntitlementResolver::class)->resolve(
|
||||
$context['workspace'],
|
||||
WorkspaceEntitlementResolver::KEY_MANAGED_TENANT_ACTIVATION_LIMIT,
|
||||
);
|
||||
|
||||
expect($decision)
|
||||
->toMatchArray([
|
||||
'source' => 'workspace_override',
|
||||
'effective_value' => 2,
|
||||
'current_usage' => 1,
|
||||
'is_blocked' => false,
|
||||
'rationale' => 'Temporary support-approved exception',
|
||||
]);
|
||||
|
||||
$context['component']->call('completeOnboarding');
|
||||
|
||||
$context['tenant']->refresh();
|
||||
|
||||
expect($context['tenant']->status)->toBe(Tenant::STATUS_ACTIVE);
|
||||
});
|
||||
@ -2,14 +2,17 @@
|
||||
|
||||
declare(strict_types=1);
|
||||
|
||||
use App\Filament\System\Pages\Ops\Controls;
|
||||
use App\Filament\Resources\RestoreRunResource;
|
||||
use App\Filament\Resources\RestoreRunResource\Pages\CreateRestoreRun;
|
||||
use App\Models\BackupItem;
|
||||
use App\Models\BackupSet;
|
||||
use App\Models\OperationalControlActivation;
|
||||
use App\Models\PlatformUser;
|
||||
use App\Models\Policy;
|
||||
use App\Models\Tenant;
|
||||
use App\Models\User;
|
||||
use App\Support\Auth\PlatformCapabilities;
|
||||
use Filament\Facades\Filament;
|
||||
use Illuminate\Foundation\Testing\RefreshDatabase;
|
||||
use Livewire\Livewire;
|
||||
@ -131,3 +134,49 @@ function seedRestoreAuthorizationContext(): array
|
||||
->call('create')
|
||||
->assertNotified('Restore execution paused');
|
||||
});
|
||||
|
||||
it('forbids ai execution controls for platform users missing system panel access', function (): void {
|
||||
$user = PlatformUser::factory()->create([
|
||||
'capabilities' => [
|
||||
PlatformCapabilities::OPS_CONTROLS_MANAGE,
|
||||
],
|
||||
'is_active' => true,
|
||||
]);
|
||||
|
||||
$this->actingAs($user, 'platform')
|
||||
->get(Controls::getUrl(panel: 'system'))
|
||||
->assertForbidden();
|
||||
});
|
||||
|
||||
it('forbids ai execution controls for platform users missing ops controls manage', function (): void {
|
||||
$user = PlatformUser::factory()->create([
|
||||
'capabilities' => [
|
||||
PlatformCapabilities::ACCESS_SYSTEM_PANEL,
|
||||
],
|
||||
'is_active' => true,
|
||||
]);
|
||||
|
||||
$this->actingAs($user, 'platform')
|
||||
->get(Controls::getUrl(panel: 'system'))
|
||||
->assertForbidden();
|
||||
});
|
||||
|
||||
it('shows ai execution controls only to platform users with the existing system control capabilities', function (): void {
|
||||
$user = PlatformUser::factory()->create([
|
||||
'capabilities' => [
|
||||
PlatformCapabilities::ACCESS_SYSTEM_PANEL,
|
||||
PlatformCapabilities::OPS_CONTROLS_MANAGE,
|
||||
],
|
||||
'is_active' => true,
|
||||
]);
|
||||
|
||||
$this->actingAs($user, 'platform')
|
||||
->get(Controls::getUrl(panel: 'system'))
|
||||
->assertSuccessful()
|
||||
->assertSee('AI execution');
|
||||
|
||||
Livewire::actingAs($user, 'platform')
|
||||
->test(Controls::class)
|
||||
->assertActionVisible('pause_ai_execution')
|
||||
->assertActionVisible('resume_ai_execution');
|
||||
});
|
||||
@ -3,7 +3,9 @@
|
||||
declare(strict_types=1);
|
||||
|
||||
use App\Models\ReviewPack;
|
||||
use App\Models\AuditLog;
|
||||
use App\Services\ReviewPackService;
|
||||
use App\Support\Audit\AuditActionId;
|
||||
use App\Support\ReviewPackStatus;
|
||||
use Illuminate\Foundation\Testing\RefreshDatabase;
|
||||
use Illuminate\Support\Facades\Storage;
|
||||
@ -41,13 +43,25 @@ function createReadyPackWithFile(?array $packOverrides = []): array
|
||||
it('downloads a ready pack via signed URL with correct headers', function (): void {
|
||||
[$user, $tenant, $pack] = createReadyPackWithFile();
|
||||
|
||||
$signedUrl = app(ReviewPackService::class)->generateDownloadUrl($pack);
|
||||
$signedUrl = app(ReviewPackService::class)->generateDownloadUrl($pack, [
|
||||
'source_surface' => 'customer_review_workspace',
|
||||
]);
|
||||
|
||||
$response = $this->actingAs($user)->get($signedUrl);
|
||||
|
||||
$response->assertOk();
|
||||
$response->assertHeader('X-Review-Pack-SHA256', $pack->sha256);
|
||||
$response->assertDownload();
|
||||
|
||||
$audit = AuditLog::query()
|
||||
->where('action', AuditActionId::ReviewPackDownloaded->value)
|
||||
->latest('id')
|
||||
->first();
|
||||
|
||||
expect($audit)->not->toBeNull()
|
||||
->and($audit?->resource_type)->toBe('review_pack')
|
||||
->and(data_get($audit?->metadata, 'review_pack_id'))->toBe((int) $pack->getKey())
|
||||
->and(data_get($audit?->metadata, 'source_surface'))->toBe('customer_review_workspace');
|
||||
});
|
||||
|
||||
// ─── Expired Signature → 403 ────────────────────────────────
|
||||
|
||||
@ -0,0 +1,190 @@
|
||||
<?php
|
||||
|
||||
declare(strict_types=1);
|
||||
|
||||
use App\Exceptions\Entitlements\WorkspaceEntitlementBlockedException;
|
||||
use App\Filament\Resources\ReviewPackResource;
|
||||
use App\Filament\Widgets\Tenant\TenantReviewPackCard;
|
||||
use App\Models\EvidenceSnapshot;
|
||||
use App\Models\Finding;
|
||||
use App\Models\OperationRun;
|
||||
use App\Models\ReviewPack;
|
||||
use App\Models\StoredReport;
|
||||
use App\Models\Tenant;
|
||||
use App\Models\User;
|
||||
use App\Services\Evidence\EvidenceSnapshotService;
|
||||
use App\Services\ReviewPackService;
|
||||
use App\Services\Settings\SettingsWriter;
|
||||
use App\Support\Evidence\EvidenceSnapshotStatus;
|
||||
use App\Support\OperationRunType;
|
||||
use App\Support\Workspaces\WorkspaceContext;
|
||||
use Illuminate\Support\Facades\Storage;
|
||||
use Livewire\Livewire;
|
||||
|
||||
beforeEach(function (): void {
|
||||
Storage::fake('exports');
|
||||
});
|
||||
|
||||
function seedEntitlementReviewPackSnapshot(Tenant $tenant): EvidenceSnapshot
|
||||
{
|
||||
StoredReport::factory()->create([
|
||||
'tenant_id' => (int) $tenant->getKey(),
|
||||
'report_type' => StoredReport::REPORT_TYPE_PERMISSION_POSTURE,
|
||||
'payload' => ['required_count' => 1, 'granted_count' => 1],
|
||||
]);
|
||||
|
||||
StoredReport::factory()->create([
|
||||
'tenant_id' => (int) $tenant->getKey(),
|
||||
'report_type' => StoredReport::REPORT_TYPE_ENTRA_ADMIN_ROLES,
|
||||
'payload' => ['roles' => [['displayName' => 'Global Administrator']]],
|
||||
]);
|
||||
|
||||
Finding::factory()->create([
|
||||
'tenant_id' => (int) $tenant->getKey(),
|
||||
'workspace_id' => (int) $tenant->workspace_id,
|
||||
]);
|
||||
|
||||
Finding::factory()->create([
|
||||
'tenant_id' => (int) $tenant->getKey(),
|
||||
'workspace_id' => (int) $tenant->workspace_id,
|
||||
'finding_type' => Finding::FINDING_TYPE_DRIFT,
|
||||
]);
|
||||
|
||||
OperationRun::factory()->forTenant($tenant)->create();
|
||||
|
||||
/** @var EvidenceSnapshotService $service */
|
||||
$service = app(EvidenceSnapshotService::class);
|
||||
$payload = $service->buildSnapshotPayload($tenant);
|
||||
|
||||
$snapshot = EvidenceSnapshot::query()->create([
|
||||
'tenant_id' => (int) $tenant->getKey(),
|
||||
'workspace_id' => (int) $tenant->workspace_id,
|
||||
'status' => EvidenceSnapshotStatus::Active->value,
|
||||
'fingerprint' => $payload['fingerprint'],
|
||||
'completeness_state' => $payload['completeness'],
|
||||
'summary' => $payload['summary'],
|
||||
'generated_at' => now(),
|
||||
]);
|
||||
|
||||
foreach ($payload['items'] as $item) {
|
||||
$snapshot->items()->create([
|
||||
'tenant_id' => (int) $tenant->getKey(),
|
||||
'workspace_id' => (int) $tenant->workspace_id,
|
||||
'dimension_key' => $item['dimension_key'],
|
||||
'state' => $item['state'],
|
||||
'required' => $item['required'],
|
||||
'source_kind' => $item['source_kind'],
|
||||
'source_record_type' => $item['source_record_type'],
|
||||
'source_record_id' => $item['source_record_id'],
|
||||
'source_fingerprint' => $item['source_fingerprint'],
|
||||
'measured_at' => $item['measured_at'],
|
||||
'freshness_at' => $item['freshness_at'],
|
||||
'summary_payload' => $item['summary_payload'],
|
||||
'sort_order' => $item['sort_order'],
|
||||
]);
|
||||
}
|
||||
|
||||
return $snapshot;
|
||||
}
|
||||
|
||||
function disableReviewPackGenerationForWorkspace(Tenant $tenant, User $user, string $reason): void
|
||||
{
|
||||
$writer = app(SettingsWriter::class);
|
||||
|
||||
$writer->updateWorkspaceSetting(
|
||||
actor: $user,
|
||||
workspace: $tenant->workspace,
|
||||
domain: 'entitlements',
|
||||
key: 'review_pack_generation_override_value',
|
||||
value: false,
|
||||
);
|
||||
|
||||
$writer->updateWorkspaceSetting(
|
||||
actor: $user,
|
||||
workspace: $tenant->workspace,
|
||||
domain: 'entitlements',
|
||||
key: 'review_pack_generation_override_reason',
|
||||
value: $reason,
|
||||
);
|
||||
}
|
||||
|
||||
it('blocks new review pack generation before creating a review pack or operation run when the workspace is not entitled', function (): void {
|
||||
[$user, $tenant] = createUserWithTenant(role: 'owner');
|
||||
seedEntitlementReviewPackSnapshot($tenant);
|
||||
disableReviewPackGenerationForWorkspace($tenant, $user, 'Workspace is temporarily limited to manual reporting only');
|
||||
$initialRunCount = OperationRun::query()
|
||||
->where('tenant_id', (int) $tenant->getKey())
|
||||
->where('type', OperationRunType::ReviewPackGenerate->value)
|
||||
->count();
|
||||
|
||||
expect(fn (): ReviewPack => app(ReviewPackService::class)->generate($tenant, $user))
|
||||
->toThrow(WorkspaceEntitlementBlockedException::class, 'Workspace is temporarily limited to manual reporting only');
|
||||
|
||||
expect(ReviewPack::query()->count())->toBe(0)
|
||||
->and(OperationRun::query()
|
||||
->where('tenant_id', (int) $tenant->getKey())
|
||||
->where('type', OperationRunType::ReviewPackGenerate->value)
|
||||
->count())->toBe($initialRunCount);
|
||||
});
|
||||
|
||||
it('blocks executive pack export before creating a review pack or operation run when the workspace is not entitled', function (): void {
|
||||
[$user, $tenant] = createUserWithTenant(role: 'owner');
|
||||
$snapshot = seedEntitlementReviewPackSnapshot($tenant);
|
||||
$review = composeTenantReviewForTest($tenant, $user, $snapshot);
|
||||
disableReviewPackGenerationForWorkspace($tenant, $user, 'Workspace is temporarily limited to manual reporting only');
|
||||
$initialRunCount = OperationRun::query()
|
||||
->where('tenant_id', (int) $tenant->getKey())
|
||||
->where('type', OperationRunType::ReviewPackGenerate->value)
|
||||
->count();
|
||||
|
||||
expect(fn (): ReviewPack => app(ReviewPackService::class)->generateFromReview($review, $user))
|
||||
->toThrow(WorkspaceEntitlementBlockedException::class, 'Workspace is temporarily limited to manual reporting only');
|
||||
|
||||
expect(ReviewPack::query()->count())->toBe(0)
|
||||
->and(OperationRun::query()
|
||||
->where('tenant_id', (int) $tenant->getKey())
|
||||
->where('type', OperationRunType::ReviewPackGenerate->value)
|
||||
->count())->toBe($initialRunCount);
|
||||
});
|
||||
|
||||
it('shows the blocked reason on the review pack card and keeps existing pack downloads accessible', function (): void {
|
||||
$tenant = Tenant::factory()->create();
|
||||
[$user, $tenant] = createUserWithTenant(tenant: $tenant, role: 'owner');
|
||||
disableReviewPackGenerationForWorkspace($tenant, $user, 'Workspace is temporarily limited to manual reporting only');
|
||||
$initialRunCount = OperationRun::query()
|
||||
->where('tenant_id', (int) $tenant->getKey())
|
||||
->where('type', OperationRunType::ReviewPackGenerate->value)
|
||||
->count();
|
||||
|
||||
session()->put(WorkspaceContext::SESSION_KEY, (int) $tenant->workspace_id);
|
||||
setTenantPanelContext($tenant);
|
||||
|
||||
Livewire::actingAs($user)
|
||||
->test(TenantReviewPackCard::class, ['record' => $tenant])
|
||||
->assertSee('Workspace is temporarily limited to manual reporting only')
|
||||
->assertSee('Generate pack')
|
||||
->call('generatePack', true, true)
|
||||
->assertHasNoErrors();
|
||||
|
||||
expect(ReviewPack::query()->count())->toBe(0)
|
||||
->and(OperationRun::query()
|
||||
->where('tenant_id', (int) $tenant->getKey())
|
||||
->where('type', OperationRunType::ReviewPackGenerate->value)
|
||||
->count())->toBe($initialRunCount);
|
||||
|
||||
$filePath = 'review-packs/entitlement-download-test.zip';
|
||||
Storage::disk('exports')->put($filePath, 'PK-test');
|
||||
|
||||
$pack = ReviewPack::factory()->ready()->create([
|
||||
'tenant_id' => (int) $tenant->getKey(),
|
||||
'workspace_id' => (int) $tenant->workspace_id,
|
||||
'initiated_by_user_id' => (int) $user->getKey(),
|
||||
'file_path' => $filePath,
|
||||
'file_disk' => 'exports',
|
||||
]);
|
||||
|
||||
$this->actingAs($user)
|
||||
->get(ReviewPackResource::getUrl('view', ['record' => $pack], tenant: $tenant, panel: 'tenant'))
|
||||
->assertOk()
|
||||
->assertSee('Download');
|
||||
});
|
||||
@ -9,11 +9,13 @@
|
||||
use App\Services\ReviewPackService;
|
||||
use App\Support\Auth\UiTooltips;
|
||||
use App\Support\ReviewPackStatus;
|
||||
use Filament\Actions\Action;
|
||||
use Filament\Facades\Filament;
|
||||
use Illuminate\Foundation\Testing\RefreshDatabase;
|
||||
use Illuminate\Support\Facades\Storage;
|
||||
use Illuminate\Support\Facades\URL;
|
||||
use Livewire\Livewire;
|
||||
use Livewire\Features\SupportTesting\Testable;
|
||||
|
||||
uses(RefreshDatabase::class);
|
||||
|
||||
@ -21,6 +23,17 @@
|
||||
Storage::fake('exports');
|
||||
});
|
||||
|
||||
function getReviewPackRbacEmptyStateAction(Testable $component, string $name): ?Action
|
||||
{
|
||||
foreach ($component->instance()->getTable()->getEmptyStateActions() as $action) {
|
||||
if ($action instanceof Action && $action->getName() === $name) {
|
||||
return $action;
|
||||
}
|
||||
}
|
||||
|
||||
return null;
|
||||
}
|
||||
|
||||
// ─── Non-Member Access ───────────────────────────────────────
|
||||
|
||||
it('returns 404 for non-member on list page', function (): void {
|
||||
@ -64,11 +77,9 @@
|
||||
'file_disk' => 'exports',
|
||||
]);
|
||||
|
||||
// Note: download route uses signed middleware, not tenant-scoped RBAC.
|
||||
// Any user with a valid signature can download. This is by design.
|
||||
$signedUrl = app(ReviewPackService::class)->generateDownloadUrl($pack);
|
||||
|
||||
$this->actingAs($user)->get($signedUrl)->assertOk();
|
||||
$this->actingAs($user)->get($signedUrl)->assertNotFound();
|
||||
});
|
||||
|
||||
// ─── REVIEW_PACK_VIEW Member ────────────────────────────────
|
||||
@ -124,11 +135,15 @@
|
||||
$tenant->makeCurrent();
|
||||
Filament::setTenant($tenant, true);
|
||||
|
||||
Livewire::actingAs($user)
|
||||
$component = Livewire::actingAs($user)
|
||||
->test(ListReviewPacks::class)
|
||||
->assertActionVisible('generate_pack')
|
||||
->assertActionDisabled('generate_pack')
|
||||
->assertActionExists('generate_pack', fn ($action): bool => $action->getTooltip() === UiTooltips::insufficientPermission());
|
||||
->assertTableEmptyStateActionsExistInOrder(['generate_first']);
|
||||
|
||||
$emptyStateAction = getReviewPackRbacEmptyStateAction($component, 'generate_first');
|
||||
|
||||
expect($emptyStateAction)->not->toBeNull()
|
||||
->and($emptyStateAction?->isDisabled())->toBeTrue()
|
||||
->and($emptyStateAction?->getTooltip())->toBe(UiTooltips::insufficientPermission());
|
||||
});
|
||||
|
||||
// ─── REVIEW_PACK_MANAGE Member ──────────────────────────────
|
||||
@ -137,6 +152,12 @@
|
||||
$tenant = Tenant::factory()->create();
|
||||
[$user, $tenant] = createUserWithTenant(tenant: $tenant, role: 'owner');
|
||||
|
||||
ReviewPack::factory()->ready()->create([
|
||||
'tenant_id' => (int) $tenant->getKey(),
|
||||
'workspace_id' => (int) $tenant->workspace_id,
|
||||
'initiated_by_user_id' => (int) $user->getKey(),
|
||||
]);
|
||||
|
||||
$tenant->makeCurrent();
|
||||
Filament::setTenant($tenant, true);
|
||||
|
||||
|
||||
@ -13,16 +13,19 @@
|
||||
use App\Models\Tenant;
|
||||
use App\Services\Evidence\EvidenceSnapshotService;
|
||||
use App\Services\ReviewPackService;
|
||||
use App\Services\Settings\SettingsWriter;
|
||||
use App\Support\Auth\UiTooltips;
|
||||
use App\Support\Evidence\EvidenceSnapshotStatus;
|
||||
use App\Support\OperationRunLinks;
|
||||
use App\Support\ReviewPackStatus;
|
||||
use Filament\Actions\Action;
|
||||
use Filament\Actions\ActionGroup;
|
||||
use Filament\Facades\Filament;
|
||||
use Illuminate\Foundation\Testing\RefreshDatabase;
|
||||
use Illuminate\Support\Facades\Queue;
|
||||
use Illuminate\Support\Facades\Storage;
|
||||
use Livewire\Livewire;
|
||||
use Livewire\Features\SupportTesting\Testable;
|
||||
use Tests\Feature\Concerns\BuildsGovernanceArtifactTruthFixtures;
|
||||
|
||||
uses(RefreshDatabase::class, BuildsGovernanceArtifactTruthFixtures::class);
|
||||
@ -31,6 +34,31 @@
|
||||
Storage::fake('exports');
|
||||
});
|
||||
|
||||
function getReviewPackEmptyStateAction(Testable $component, string $name): ?Action
|
||||
{
|
||||
foreach ($component->instance()->getTable()->getEmptyStateActions() as $action) {
|
||||
if ($action instanceof Action && $action->getName() === $name) {
|
||||
return $action;
|
||||
}
|
||||
}
|
||||
|
||||
return null;
|
||||
}
|
||||
|
||||
function getReviewPackHeaderAction(Testable $component, string $name): ?Action
|
||||
{
|
||||
$instance = $component->instance();
|
||||
$instance->cacheInteractsWithHeaderActions();
|
||||
|
||||
foreach ($instance->getCachedHeaderActions() as $action) {
|
||||
if ($action instanceof Action && $action->getName() === $name) {
|
||||
return $action;
|
||||
}
|
||||
}
|
||||
|
||||
return null;
|
||||
}
|
||||
|
||||
function seedReviewPackEvidence(Tenant $tenant): EvidenceSnapshot
|
||||
{
|
||||
StoredReport::factory()->create([
|
||||
@ -130,8 +158,7 @@ function seedReviewPackEvidence(Tenant $tenant): EvidenceSnapshot
|
||||
'tenant_id' => (int) $otherTenant->getKey(),
|
||||
]);
|
||||
|
||||
$tenant->makeCurrent();
|
||||
Filament::setTenant($tenant, true);
|
||||
setTenantPanelContext($tenant);
|
||||
|
||||
Livewire::actingAs($user)
|
||||
->test(ListReviewPacks::class)
|
||||
@ -150,32 +177,112 @@ function seedReviewPackEvidence(Tenant $tenant): EvidenceSnapshot
|
||||
->assertSee('No review packs yet');
|
||||
});
|
||||
|
||||
// ─── List Page Header Action ─────────────────────────────────
|
||||
// ─── List Page Start CTA Placement ───────────────────────────
|
||||
|
||||
it('shows the generate_pack header action for a MANAGE user', function (): void {
|
||||
it('shows generate only in the empty state when no review packs exist', function (): void {
|
||||
$tenant = Tenant::factory()->create();
|
||||
[$user, $tenant] = createUserWithTenant(tenant: $tenant, role: 'owner');
|
||||
|
||||
$tenant->makeCurrent();
|
||||
Filament::setTenant($tenant, true);
|
||||
|
||||
$component = Livewire::actingAs($user)
|
||||
->test(ListReviewPacks::class)
|
||||
->assertTableEmptyStateActionsExistInOrder(['generate_first']);
|
||||
|
||||
$emptyStateAction = getReviewPackEmptyStateAction($component, 'generate_first');
|
||||
$headerAction = getReviewPackHeaderAction($component, 'generate_pack');
|
||||
|
||||
expect($emptyStateAction)->not->toBeNull()
|
||||
->and($emptyStateAction?->getLabel())->toBe('Generate first pack')
|
||||
->and($headerAction)->not->toBeNull()
|
||||
->and($headerAction?->isVisible())->toBeFalse();
|
||||
});
|
||||
|
||||
it('shows generate in the header once review packs exist', function (): void {
|
||||
$tenant = Tenant::factory()->create();
|
||||
[$user, $tenant] = createUserWithTenant(tenant: $tenant, role: 'owner');
|
||||
|
||||
ReviewPack::factory()->ready()->create([
|
||||
'tenant_id' => (int) $tenant->getKey(),
|
||||
'workspace_id' => (int) $tenant->workspace_id,
|
||||
'initiated_by_user_id' => (int) $user->getKey(),
|
||||
]);
|
||||
|
||||
$tenant->makeCurrent();
|
||||
Filament::setTenant($tenant, true);
|
||||
|
||||
Livewire::actingAs($user)
|
||||
->test(ListReviewPacks::class)
|
||||
->assertActionVisible('generate_pack');
|
||||
});
|
||||
|
||||
it('disables the generate_pack action for a readonly user', function (): void {
|
||||
it('disables the generate_first action for a readonly user in the empty state', function (): void {
|
||||
$tenant = Tenant::factory()->create();
|
||||
[$user, $tenant] = createUserWithTenant(tenant: $tenant, role: 'readonly');
|
||||
|
||||
$tenant->makeCurrent();
|
||||
Filament::setTenant($tenant, true);
|
||||
|
||||
Livewire::actingAs($user)
|
||||
$component = Livewire::actingAs($user)
|
||||
->test(ListReviewPacks::class)
|
||||
->assertActionVisible('generate_pack')
|
||||
->assertActionDisabled('generate_pack')
|
||||
->assertActionExists('generate_pack', fn ($action): bool => $action->getTooltip() === UiTooltips::insufficientPermission());
|
||||
->assertTableEmptyStateActionsExistInOrder(['generate_first']);
|
||||
|
||||
$emptyStateAction = getReviewPackEmptyStateAction($component, 'generate_first');
|
||||
|
||||
expect($emptyStateAction)->not->toBeNull()
|
||||
->and($emptyStateAction?->isDisabled())->toBeTrue()
|
||||
->and($emptyStateAction?->getTooltip())->toBe(UiTooltips::insufficientPermission());
|
||||
});
|
||||
|
||||
it('disables review pack generation actions when the workspace entitlement blocks them', function (): void {
|
||||
$tenant = Tenant::factory()->create();
|
||||
[$user, $tenant] = createUserWithTenant(tenant: $tenant, role: 'owner');
|
||||
|
||||
app(SettingsWriter::class)->updateWorkspaceSetting(
|
||||
actor: $user,
|
||||
workspace: $tenant->workspace,
|
||||
domain: 'entitlements',
|
||||
key: 'review_pack_generation_override_value',
|
||||
value: false,
|
||||
);
|
||||
|
||||
app(SettingsWriter::class)->updateWorkspaceSetting(
|
||||
actor: $user,
|
||||
workspace: $tenant->workspace,
|
||||
domain: 'entitlements',
|
||||
key: 'review_pack_generation_override_reason',
|
||||
value: 'Workspace is temporarily limited to manual reporting only',
|
||||
);
|
||||
|
||||
$tenant->makeCurrent();
|
||||
Filament::setTenant($tenant, true);
|
||||
|
||||
expect(ReviewPackResource::reviewPackGenerationActionTooltip($tenant))
|
||||
->toBe('Review pack generation is disabled by workspace override. Reason: Workspace is temporarily limited to manual reporting only');
|
||||
|
||||
$listPage = Livewire::actingAs($user)
|
||||
->test(ListReviewPacks::class)
|
||||
->assertTableEmptyStateActionsExistInOrder(['generate_first']);
|
||||
|
||||
$emptyStateAction = getReviewPackEmptyStateAction($listPage, 'generate_first');
|
||||
$headerAction = getReviewPackHeaderAction($listPage, 'generate_pack');
|
||||
|
||||
expect($emptyStateAction)->not->toBeNull()
|
||||
->and($emptyStateAction?->isDisabled())->toBeTrue()
|
||||
->and($headerAction)->not->toBeNull()
|
||||
->and($headerAction?->isVisible())->toBeFalse();
|
||||
|
||||
$pack = ReviewPack::factory()->ready()->create([
|
||||
'tenant_id' => (int) $tenant->getKey(),
|
||||
'workspace_id' => (int) $tenant->workspace_id,
|
||||
'initiated_by_user_id' => (int) $user->getKey(),
|
||||
]);
|
||||
|
||||
Livewire::actingAs($user)
|
||||
->test(ViewReviewPack::class, ['record' => $pack->getKey()])
|
||||
->assertActionVisible('regenerate')
|
||||
->assertActionDisabled('regenerate');
|
||||
});
|
||||
|
||||
it('reuses an existing ready pack instead of starting a new run', function (): void {
|
||||
@ -225,6 +332,12 @@ function seedReviewPackEvidence(Tenant $tenant): EvidenceSnapshot
|
||||
$tenant = Tenant::factory()->create();
|
||||
[$user, $tenant] = createUserWithTenant(tenant: $tenant, role: 'owner');
|
||||
|
||||
ReviewPack::factory()->failed()->create([
|
||||
'tenant_id' => (int) $tenant->getKey(),
|
||||
'workspace_id' => (int) $tenant->workspace_id,
|
||||
'initiated_by_user_id' => (int) $user->getKey(),
|
||||
]);
|
||||
|
||||
$tenant->makeCurrent();
|
||||
Filament::setTenant($tenant, true);
|
||||
|
||||
@ -236,7 +349,7 @@ function seedReviewPackEvidence(Tenant $tenant): EvidenceSnapshot
|
||||
])
|
||||
->assertNotified();
|
||||
|
||||
expect(ReviewPack::query()->count())->toBe(0);
|
||||
expect(ReviewPack::query()->count())->toBe(1);
|
||||
Queue::assertNothingPushed();
|
||||
});
|
||||
|
||||
|
||||
@ -11,6 +11,9 @@
|
||||
use App\Models\Tenant;
|
||||
use App\Services\Evidence\EvidenceSnapshotService;
|
||||
use App\Support\Evidence\EvidenceSnapshotStatus;
|
||||
use App\Support\OperationRunOutcome;
|
||||
use App\Support\OperationRunStatus;
|
||||
use App\Support\OperationRunType;
|
||||
use App\Support\Providers\ProviderReasonCodes;
|
||||
use App\Support\ReasonTranslation\ReasonPresenter;
|
||||
use Illuminate\Foundation\Testing\RefreshDatabase;
|
||||
@ -48,7 +51,13 @@ function seedWidgetReviewPackSnapshot(Tenant $tenant): EvidenceSnapshot
|
||||
'finding_type' => Finding::FINDING_TYPE_DRIFT,
|
||||
]);
|
||||
|
||||
OperationRun::factory()->forTenant($tenant)->create();
|
||||
OperationRun::factory()->forTenant($tenant)->create([
|
||||
'type' => OperationRunType::TenantReviewCompose->value,
|
||||
'status' => OperationRunStatus::Completed->value,
|
||||
'outcome' => OperationRunOutcome::Succeeded->value,
|
||||
'started_at' => now()->subMinute(),
|
||||
'completed_at' => now(),
|
||||
]);
|
||||
|
||||
/** @var EvidenceSnapshotService $service */
|
||||
$service = app(EvidenceSnapshotService::class);
|
||||
|
||||
@ -0,0 +1,66 @@
|
||||
<?php
|
||||
|
||||
declare(strict_types=1);
|
||||
|
||||
use App\Filament\Pages\Reviews\CustomerReviewWorkspace;
|
||||
use App\Models\Tenant;
|
||||
use App\Models\User;
|
||||
use App\Models\Workspace;
|
||||
use App\Models\WorkspaceMembership;
|
||||
use App\Support\Workspaces\WorkspaceContext;
|
||||
use Illuminate\Foundation\Testing\RefreshDatabase;
|
||||
|
||||
uses(RefreshDatabase::class);
|
||||
|
||||
it('returns 404 for users outside the active workspace on the customer review workspace', function (): void {
|
||||
$workspace = Workspace::factory()->create();
|
||||
$user = User::factory()->create();
|
||||
|
||||
$this->actingAs($user)
|
||||
->withSession([WorkspaceContext::SESSION_KEY => (int) $workspace->getKey()])
|
||||
->get(CustomerReviewWorkspace::getUrl(panel: 'admin'))
|
||||
->assertNotFound();
|
||||
});
|
||||
|
||||
it('returns 404 for workspace members that have no tenant review visibility in the active workspace', function (): void {
|
||||
$workspace = Workspace::factory()->create();
|
||||
$user = User::factory()->create();
|
||||
|
||||
WorkspaceMembership::factory()->create([
|
||||
'workspace_id' => (int) $workspace->getKey(),
|
||||
'user_id' => (int) $user->getKey(),
|
||||
'role' => 'owner',
|
||||
]);
|
||||
|
||||
$this->actingAs($user)
|
||||
->withSession([WorkspaceContext::SESSION_KEY => (int) $workspace->getKey()])
|
||||
->get(CustomerReviewWorkspace::getUrl(panel: 'admin'))
|
||||
->assertNotFound();
|
||||
});
|
||||
|
||||
it('allows entitled workspace members to access the customer review workspace', function (): void {
|
||||
$tenant = Tenant::factory()->create();
|
||||
[$user, $tenant] = createUserWithTenant(tenant: $tenant, role: 'readonly');
|
||||
|
||||
$this->actingAs($user)
|
||||
->withSession([WorkspaceContext::SESSION_KEY => (int) $tenant->workspace_id])
|
||||
->get(CustomerReviewWorkspace::getUrl(panel: 'admin'))
|
||||
->assertOk();
|
||||
});
|
||||
|
||||
it('returns 404 for explicit out-of-scope tenant targeting on the customer review workspace', function (): void {
|
||||
$tenantAllowed = Tenant::factory()->create(['name' => 'Allowed Tenant']);
|
||||
[$user, $tenantAllowed] = createUserWithTenant(tenant: $tenantAllowed, role: 'readonly');
|
||||
|
||||
$tenantDenied = Tenant::factory()->create([
|
||||
'workspace_id' => (int) $tenantAllowed->workspace_id,
|
||||
'name' => 'Denied Tenant',
|
||||
]);
|
||||
$otherOwner = User::factory()->create();
|
||||
createUserWithTenant(tenant: $tenantDenied, user: $otherOwner, role: 'owner');
|
||||
|
||||
$this->actingAs($user)
|
||||
->withSession([WorkspaceContext::SESSION_KEY => (int) $tenantAllowed->workspace_id])
|
||||
->get(CustomerReviewWorkspace::getUrl(panel: 'admin').'?tenant='.(string) $tenantDenied->getKey())
|
||||
->assertNotFound();
|
||||
});
|
||||
@ -0,0 +1,160 @@
|
||||
<?php
|
||||
|
||||
declare(strict_types=1);
|
||||
|
||||
use App\Filament\Pages\Reviews\CustomerReviewWorkspace;
|
||||
use App\Filament\Resources\EvidenceSnapshotResource;
|
||||
use App\Filament\Resources\ReviewPackResource;
|
||||
use App\Filament\Resources\TenantReviewResource\Pages\ViewTenantReview;
|
||||
use App\Filament\Resources\TenantReviewResource;
|
||||
use App\Filament\Widgets\Tenant\TenantReviewPackCard;
|
||||
use App\Models\AuditLog;
|
||||
use App\Models\EvidenceSnapshot;
|
||||
use App\Models\ReviewPack;
|
||||
use App\Models\Tenant;
|
||||
use App\Models\TenantReview;
|
||||
use App\Support\Audit\AuditActionId;
|
||||
use App\Support\Evidence\EvidenceSnapshotStatus;
|
||||
use App\Support\TenantReviewStatus;
|
||||
use Illuminate\Foundation\Testing\RefreshDatabase;
|
||||
use Illuminate\Support\Facades\Storage;
|
||||
use Livewire\Livewire;
|
||||
|
||||
uses(RefreshDatabase::class);
|
||||
|
||||
beforeEach(function (): void {
|
||||
Storage::fake('exports');
|
||||
});
|
||||
|
||||
it('renders a customer workspace link from tenant review detail context', function (): void {
|
||||
$tenant = Tenant::factory()->create();
|
||||
[$user, $tenant] = createUserWithTenant(tenant: $tenant, role: 'owner');
|
||||
$snapshot = seedTenantReviewEvidence($tenant);
|
||||
|
||||
$review = composeTenantReviewForTest($tenant, $user, $snapshot);
|
||||
$review->forceFill([
|
||||
'status' => TenantReviewStatus::Published->value,
|
||||
'published_at' => now(),
|
||||
'published_by_user_id' => (int) $user->getKey(),
|
||||
])->save();
|
||||
|
||||
$this->actingAs($user)
|
||||
->get(TenantReviewResource::tenantScopedUrl('view', ['record' => $review], $tenant))
|
||||
->assertOk()
|
||||
->assertSee(CustomerReviewWorkspace::tenantPrefilterUrl($tenant), false);
|
||||
});
|
||||
|
||||
it('adds a customer workspace entry to evidence snapshot related context', function (): void {
|
||||
$tenant = Tenant::factory()->create();
|
||||
|
||||
$snapshot = EvidenceSnapshot::query()->create([
|
||||
'tenant_id' => (int) $tenant->getKey(),
|
||||
'workspace_id' => (int) $tenant->workspace_id,
|
||||
'status' => EvidenceSnapshotStatus::Active->value,
|
||||
'summary' => [],
|
||||
'generated_at' => now(),
|
||||
]);
|
||||
|
||||
$entry = collect(EvidenceSnapshotResource::relatedContextEntries($snapshot))
|
||||
->firstWhere('key', 'customer_review_workspace');
|
||||
|
||||
expect($entry)->not->toBeNull()
|
||||
->and($entry['targetUrl'] ?? null)->toBe(CustomerReviewWorkspace::tenantPrefilterUrl($tenant));
|
||||
});
|
||||
|
||||
it('renders a customer workspace link from review pack detail context', function (): void {
|
||||
$tenant = Tenant::factory()->create();
|
||||
[$user, $tenant] = createUserWithTenant(tenant: $tenant, role: 'owner');
|
||||
$snapshot = seedTenantReviewEvidence($tenant);
|
||||
|
||||
$review = composeTenantReviewForTest($tenant, $user, $snapshot);
|
||||
$review->forceFill([
|
||||
'status' => TenantReviewStatus::Published->value,
|
||||
'published_at' => now(),
|
||||
'published_by_user_id' => (int) $user->getKey(),
|
||||
])->save();
|
||||
|
||||
Storage::disk('exports')->put('review-packs/customer-workspace-link.zip', 'PK-test');
|
||||
|
||||
$pack = ReviewPack::factory()->ready()->create([
|
||||
'tenant_id' => (int) $tenant->getKey(),
|
||||
'workspace_id' => (int) $tenant->workspace_id,
|
||||
'tenant_review_id' => (int) $review->getKey(),
|
||||
'evidence_snapshot_id' => (int) $snapshot->getKey(),
|
||||
'initiated_by_user_id' => (int) $user->getKey(),
|
||||
'file_path' => 'review-packs/customer-workspace-link.zip',
|
||||
'file_disk' => 'exports',
|
||||
]);
|
||||
|
||||
$this->actingAs($user)
|
||||
->get(ReviewPackResource::getUrl('view', ['record' => $pack], tenant: $tenant, panel: 'tenant'))
|
||||
->assertOk()
|
||||
->assertSee(CustomerReviewWorkspace::tenantPrefilterUrl($tenant), false);
|
||||
});
|
||||
|
||||
it('renders a customer workspace launch button on the tenant review pack widget', function (): void {
|
||||
$tenant = Tenant::factory()->create();
|
||||
[$user, $tenant] = createUserWithTenant(tenant: $tenant, role: 'owner');
|
||||
$snapshot = seedTenantReviewEvidence($tenant);
|
||||
|
||||
$review = composeTenantReviewForTest($tenant, $user, $snapshot);
|
||||
$review->forceFill([
|
||||
'status' => TenantReviewStatus::Published->value,
|
||||
'published_at' => now(),
|
||||
'published_by_user_id' => (int) $user->getKey(),
|
||||
])->save();
|
||||
|
||||
Storage::disk('exports')->put('review-packs/widget-customer-workspace.zip', 'PK-test');
|
||||
|
||||
ReviewPack::factory()->ready()->create([
|
||||
'tenant_id' => (int) $tenant->getKey(),
|
||||
'workspace_id' => (int) $tenant->workspace_id,
|
||||
'tenant_review_id' => (int) $review->getKey(),
|
||||
'evidence_snapshot_id' => (int) $snapshot->getKey(),
|
||||
'initiated_by_user_id' => (int) $user->getKey(),
|
||||
'file_path' => 'review-packs/widget-customer-workspace.zip',
|
||||
'file_disk' => 'exports',
|
||||
]);
|
||||
|
||||
setTenantPanelContext($tenant);
|
||||
|
||||
Livewire::actingAs($user)
|
||||
->test(TenantReviewPackCard::class, ['record' => $tenant])
|
||||
->assertSee('Customer workspace')
|
||||
->assertSee(CustomerReviewWorkspace::tenantPrefilterUrl($tenant), false);
|
||||
});
|
||||
|
||||
it('keeps the linked tenant review detail read-only for a readonly-capable actor', function (): void {
|
||||
$tenant = Tenant::factory()->create();
|
||||
[$user, $tenant] = createUserWithTenant(tenant: $tenant, role: 'readonly');
|
||||
$snapshot = seedTenantReviewEvidence($tenant);
|
||||
|
||||
$review = composeTenantReviewForTest($tenant, $user, $snapshot);
|
||||
$review->forceFill([
|
||||
'status' => TenantReviewStatus::Published->value,
|
||||
'published_at' => now(),
|
||||
'published_by_user_id' => (int) $user->getKey(),
|
||||
])->save();
|
||||
|
||||
setTenantPanelContext($tenant);
|
||||
|
||||
Livewire::withQueryParams([CustomerReviewWorkspace::DETAIL_CONTEXT_QUERY_KEY => 1])
|
||||
->actingAs($user)
|
||||
->test(ViewTenantReview::class, ['record' => $review->getKey()])
|
||||
->assertSee('Outcome summary')
|
||||
->assertActionDoesNotExist('publish_review')
|
||||
->assertActionDoesNotExist('refresh_review')
|
||||
->assertActionDoesNotExist('create_next_review')
|
||||
->assertActionDoesNotExist('export_executive_pack')
|
||||
->assertActionHidden('archive_review');
|
||||
|
||||
$audit = AuditLog::query()
|
||||
->where('action', AuditActionId::TenantReviewOpened->value)
|
||||
->latest('id')
|
||||
->first();
|
||||
|
||||
expect($audit)->not->toBeNull()
|
||||
->and($audit?->resource_type)->toBe('tenant_review')
|
||||
->and(data_get($audit?->metadata, 'review_id'))->toBe((int) $review->getKey())
|
||||
->and(data_get($audit?->metadata, 'source_surface'))->toBe('customer_review_workspace');
|
||||
});
|
||||
@ -0,0 +1,97 @@
|
||||
<?php
|
||||
|
||||
declare(strict_types=1);
|
||||
|
||||
use App\Filament\Pages\Reviews\CustomerReviewWorkspace;
|
||||
use App\Models\ReviewPack;
|
||||
use App\Models\Tenant;
|
||||
use App\Support\TenantReviewStatus;
|
||||
use App\Support\Workspaces\WorkspaceContext;
|
||||
use Illuminate\Foundation\Testing\RefreshDatabase;
|
||||
use Livewire\Livewire;
|
||||
|
||||
uses(RefreshDatabase::class);
|
||||
|
||||
it('shows the ready review-pack action for the latest published review', function (): void {
|
||||
$tenant = Tenant::factory()->create();
|
||||
[$user, $tenant] = createUserWithTenant(tenant: $tenant, role: 'readonly');
|
||||
$snapshot = seedTenantReviewEvidence($tenant);
|
||||
|
||||
$review = composeTenantReviewForTest($tenant, $user, $snapshot);
|
||||
$review->forceFill([
|
||||
'status' => TenantReviewStatus::Published->value,
|
||||
'published_at' => now(),
|
||||
'published_by_user_id' => (int) $user->getKey(),
|
||||
])->save();
|
||||
|
||||
$pack = ReviewPack::factory()->ready()->create([
|
||||
'tenant_id' => (int) $tenant->getKey(),
|
||||
'workspace_id' => (int) $tenant->workspace_id,
|
||||
'tenant_review_id' => (int) $review->getKey(),
|
||||
'evidence_snapshot_id' => (int) $snapshot->getKey(),
|
||||
'initiated_by_user_id' => (int) $user->getKey(),
|
||||
'expires_at' => now()->addDay(),
|
||||
]);
|
||||
|
||||
$review->forceFill([
|
||||
'current_export_review_pack_id' => (int) $pack->getKey(),
|
||||
])->save();
|
||||
|
||||
$this->actingAs($user);
|
||||
setAdminPanelContext();
|
||||
session()->put(WorkspaceContext::SESSION_KEY, (int) $tenant->workspace_id);
|
||||
|
||||
Livewire::actingAs($user)
|
||||
->test(CustomerReviewWorkspace::class)
|
||||
->assertTableActionVisible('open_latest_review', $tenant)
|
||||
->assertTableActionVisible('download_review_pack', $tenant)
|
||||
->assertSee('Available');
|
||||
});
|
||||
|
||||
it('shows an unavailable pack state and hides the download action when no current review pack exists', function (): void {
|
||||
$tenant = Tenant::factory()->create();
|
||||
[$user, $tenant] = createUserWithTenant(tenant: $tenant, role: 'readonly');
|
||||
$snapshot = seedTenantReviewEvidence($tenant);
|
||||
|
||||
$review = composeTenantReviewForTest($tenant, $user, $snapshot);
|
||||
$review->forceFill([
|
||||
'status' => TenantReviewStatus::Published->value,
|
||||
'published_at' => now(),
|
||||
'published_by_user_id' => (int) $user->getKey(),
|
||||
'current_export_review_pack_id' => null,
|
||||
])->save();
|
||||
|
||||
$this->actingAs($user);
|
||||
setAdminPanelContext();
|
||||
session()->put(WorkspaceContext::SESSION_KEY, (int) $tenant->workspace_id);
|
||||
|
||||
Livewire::actingAs($user)
|
||||
->test(CustomerReviewWorkspace::class)
|
||||
->assertTableActionVisible('open_latest_review', $tenant)
|
||||
->assertTableActionHidden('download_review_pack', $tenant)
|
||||
->assertSee('Unavailable');
|
||||
});
|
||||
|
||||
it('hides review and pack actions for tenants without a published review', function (): void {
|
||||
$tenant = Tenant::factory()->create();
|
||||
[$user, $tenant] = createUserWithTenant(tenant: $tenant, role: 'readonly');
|
||||
$snapshot = seedTenantReviewEvidence($tenant);
|
||||
|
||||
$review = composeTenantReviewForTest($tenant, $user, $snapshot);
|
||||
$review->forceFill([
|
||||
'status' => TenantReviewStatus::Ready->value,
|
||||
'published_at' => null,
|
||||
'published_by_user_id' => null,
|
||||
'current_export_review_pack_id' => null,
|
||||
])->save();
|
||||
|
||||
$this->actingAs($user);
|
||||
setAdminPanelContext();
|
||||
session()->put(WorkspaceContext::SESSION_KEY, (int) $tenant->workspace_id);
|
||||
|
||||
Livewire::actingAs($user)
|
||||
->test(CustomerReviewWorkspace::class)
|
||||
->assertTableActionHidden('open_latest_review', $tenant)
|
||||
->assertTableActionHidden('download_review_pack', $tenant)
|
||||
->assertSee('No published review available yet');
|
||||
});
|
||||
@ -0,0 +1,222 @@
|
||||
<?php
|
||||
|
||||
declare(strict_types=1);
|
||||
|
||||
use App\Filament\Pages\Reviews\CustomerReviewWorkspace;
|
||||
use App\Filament\Resources\TenantReviewResource;
|
||||
use App\Models\Tenant;
|
||||
use App\Models\User;
|
||||
use App\Support\TenantReviewStatus;
|
||||
use App\Support\Workspaces\WorkspaceContext;
|
||||
use Illuminate\Foundation\Testing\RefreshDatabase;
|
||||
use Livewire\Livewire;
|
||||
|
||||
uses(RefreshDatabase::class);
|
||||
|
||||
it('lists only the latest published review per entitled tenant on the customer review workspace', function (): void {
|
||||
$tenantA = Tenant::factory()->create(['name' => 'Alpha Tenant']);
|
||||
[$user, $tenantA] = createUserWithTenant(tenant: $tenantA, role: 'readonly');
|
||||
|
||||
$tenantB = Tenant::factory()->create([
|
||||
'workspace_id' => (int) $tenantA->workspace_id,
|
||||
'name' => 'Beta Tenant',
|
||||
]);
|
||||
createUserWithTenant(tenant: $tenantB, user: $user, role: 'readonly');
|
||||
|
||||
$tenantDenied = Tenant::factory()->create([
|
||||
'workspace_id' => (int) $tenantA->workspace_id,
|
||||
'name' => 'Denied Tenant',
|
||||
]);
|
||||
$otherOwner = User::factory()->create();
|
||||
createUserWithTenant(tenant: $tenantDenied, user: $otherOwner, role: 'owner');
|
||||
|
||||
$tenantASnapshot = seedTenantReviewEvidence($tenantA);
|
||||
$tenantBSnapshot = seedTenantReviewEvidence($tenantB);
|
||||
$tenantDeniedSnapshot = seedTenantReviewEvidence($tenantDenied);
|
||||
|
||||
$olderPublishedReview = composeTenantReviewForTest($tenantA, $user, $tenantASnapshot);
|
||||
$olderPublishedReview->forceFill([
|
||||
'status' => TenantReviewStatus::Published->value,
|
||||
'generated_at' => now()->subDays(3),
|
||||
'published_at' => now()->subDays(3),
|
||||
'published_by_user_id' => (int) $user->getKey(),
|
||||
])->save();
|
||||
|
||||
$newerInternalReview = $olderPublishedReview->replicate();
|
||||
$newerInternalReview->forceFill([
|
||||
'tenant_id' => (int) $tenantA->getKey(),
|
||||
'workspace_id' => (int) $tenantA->workspace_id,
|
||||
'evidence_snapshot_id' => (int) $tenantASnapshot->getKey(),
|
||||
'status' => TenantReviewStatus::Ready->value,
|
||||
'generated_at' => now()->subDay(),
|
||||
'published_at' => null,
|
||||
'published_by_user_id' => null,
|
||||
])->save();
|
||||
|
||||
$latestPublishedReview = $olderPublishedReview->replicate();
|
||||
$latestPublishedReview->forceFill([
|
||||
'tenant_id' => (int) $tenantA->getKey(),
|
||||
'workspace_id' => (int) $tenantA->workspace_id,
|
||||
'evidence_snapshot_id' => (int) $tenantASnapshot->getKey(),
|
||||
'status' => TenantReviewStatus::Published->value,
|
||||
'generated_at' => now(),
|
||||
'published_at' => now(),
|
||||
'published_by_user_id' => (int) $user->getKey(),
|
||||
])->save();
|
||||
|
||||
$betaPublishedReview = composeTenantReviewForTest($tenantB, $user, $tenantBSnapshot);
|
||||
$betaPublishedReview->forceFill([
|
||||
'status' => TenantReviewStatus::Published->value,
|
||||
'generated_at' => now()->subHours(2),
|
||||
'published_at' => now()->subHours(2),
|
||||
'published_by_user_id' => (int) $user->getKey(),
|
||||
])->save();
|
||||
|
||||
$deniedPublishedReview = composeTenantReviewForTest($tenantDenied, $otherOwner, $tenantDeniedSnapshot);
|
||||
$deniedPublishedReview->forceFill([
|
||||
'status' => TenantReviewStatus::Published->value,
|
||||
'generated_at' => now()->subHours(3),
|
||||
'published_at' => now()->subHours(3),
|
||||
'published_by_user_id' => (int) $otherOwner->getKey(),
|
||||
])->save();
|
||||
|
||||
$this->actingAs($user);
|
||||
setAdminPanelContext();
|
||||
session()->put(WorkspaceContext::SESSION_KEY, (int) $tenantA->workspace_id);
|
||||
|
||||
Livewire::actingAs($user)
|
||||
->test(CustomerReviewWorkspace::class)
|
||||
->assertCanSeeTableRecords([$tenantA->fresh(), $tenantB->fresh()])
|
||||
->assertCanNotSeeTableRecords([$tenantDenied->fresh()])
|
||||
->assertSee(TenantReviewResource::tenantScopedUrl('view', ['record' => $latestPublishedReview->fresh()], $tenantA), false)
|
||||
->assertSee(TenantReviewResource::tenantScopedUrl('view', ['record' => $betaPublishedReview->fresh()], $tenantB), false)
|
||||
->assertDontSee(TenantReviewResource::tenantScopedUrl('view', ['record' => $olderPublishedReview->fresh()], $tenantA), false)
|
||||
->assertDontSee(TenantReviewResource::tenantScopedUrl('view', ['record' => $newerInternalReview->fresh()], $tenantA), false)
|
||||
->assertDontSee('Publish review')
|
||||
->assertDontSee('Refresh review')
|
||||
->assertDontSee('Create next review')
|
||||
->assertDontSee('Regenerate')
|
||||
->assertDontSee('Expire snapshot')
|
||||
->assertDontSee(TenantReviewResource::tenantScopedUrl('view', ['record' => $deniedPublishedReview->fresh()], $tenantDenied), false);
|
||||
});
|
||||
|
||||
it('shows entitled tenants without a published review as calm absence rows', function (): void {
|
||||
$tenantPublished = Tenant::factory()->create(['name' => 'Published Tenant']);
|
||||
[$user, $tenantPublished] = createUserWithTenant(tenant: $tenantPublished, role: 'readonly');
|
||||
|
||||
$tenantWithoutPublished = Tenant::factory()->create([
|
||||
'workspace_id' => (int) $tenantPublished->workspace_id,
|
||||
'name' => 'No Published Tenant',
|
||||
]);
|
||||
createUserWithTenant(tenant: $tenantWithoutPublished, user: $user, role: 'readonly');
|
||||
|
||||
$publishedSnapshot = seedTenantReviewEvidence($tenantPublished);
|
||||
$noPublishedSnapshot = seedTenantReviewEvidence($tenantWithoutPublished);
|
||||
|
||||
$publishedReview = composeTenantReviewForTest($tenantPublished, $user, $publishedSnapshot);
|
||||
$publishedReview->forceFill([
|
||||
'status' => TenantReviewStatus::Published->value,
|
||||
'published_at' => now()->subHour(),
|
||||
'published_by_user_id' => (int) $user->getKey(),
|
||||
])->save();
|
||||
|
||||
$internalOnlyReview = composeTenantReviewForTest($tenantWithoutPublished, $user, $noPublishedSnapshot);
|
||||
$internalOnlyReview->forceFill([
|
||||
'status' => TenantReviewStatus::Ready->value,
|
||||
'published_at' => null,
|
||||
'published_by_user_id' => null,
|
||||
])->save();
|
||||
|
||||
$this->actingAs($user);
|
||||
setAdminPanelContext();
|
||||
session()->put(WorkspaceContext::SESSION_KEY, (int) $tenantPublished->workspace_id);
|
||||
|
||||
Livewire::actingAs($user)
|
||||
->test(CustomerReviewWorkspace::class)
|
||||
->assertCanSeeTableRecords([$tenantPublished->fresh(), $tenantWithoutPublished->fresh()])
|
||||
->assertSee('No published review')
|
||||
->assertSee('No published review available yet')
|
||||
->assertDontSee(TenantReviewResource::tenantScopedUrl('view', ['record' => $internalOnlyReview->fresh()], $tenantWithoutPublished), false)
|
||||
->assertSee(TenantReviewResource::tenantScopedUrl('view', ['record' => $publishedReview->fresh()], $tenantPublished), false);
|
||||
});
|
||||
|
||||
it('defaults the customer review workspace to the remembered tenant when tenant context is available', function (): void {
|
||||
$tenantA = Tenant::factory()->create(['name' => 'Alpha Tenant']);
|
||||
[$user, $tenantA] = createUserWithTenant(tenant: $tenantA, role: 'readonly');
|
||||
|
||||
$tenantB = Tenant::factory()->create([
|
||||
'workspace_id' => (int) $tenantA->workspace_id,
|
||||
'name' => 'Beta Tenant',
|
||||
]);
|
||||
createUserWithTenant(tenant: $tenantB, user: $user, role: 'readonly');
|
||||
|
||||
$snapshotA = seedTenantReviewEvidence($tenantA);
|
||||
$snapshotB = seedTenantReviewEvidence($tenantB);
|
||||
|
||||
$reviewA = composeTenantReviewForTest($tenantA, $user, $snapshotA);
|
||||
$reviewA->forceFill([
|
||||
'status' => TenantReviewStatus::Published->value,
|
||||
'published_at' => now()->subDay(),
|
||||
'published_by_user_id' => (int) $user->getKey(),
|
||||
])->save();
|
||||
|
||||
$reviewB = composeTenantReviewForTest($tenantB, $user, $snapshotB);
|
||||
$reviewB->forceFill([
|
||||
'status' => TenantReviewStatus::Published->value,
|
||||
'published_at' => now(),
|
||||
'published_by_user_id' => (int) $user->getKey(),
|
||||
])->save();
|
||||
|
||||
$this->actingAs($user);
|
||||
setAdminPanelContext();
|
||||
session()->put(WorkspaceContext::SESSION_KEY, (int) $tenantA->workspace_id);
|
||||
session()->put(WorkspaceContext::LAST_TENANT_IDS_SESSION_KEY, [
|
||||
(string) $tenantA->workspace_id => (int) $tenantB->getKey(),
|
||||
]);
|
||||
|
||||
Livewire::actingAs($user)
|
||||
->test(CustomerReviewWorkspace::class)
|
||||
->assertSet('tableFilters.tenant_id.value', (string) $tenantB->getKey())
|
||||
->filterTable('tenant_id', (string) $tenantB->getKey())
|
||||
->assertCanSeeTableRecords([$tenantB->fresh()])
|
||||
->assertCanNotSeeTableRecords([$tenantA->fresh()]);
|
||||
});
|
||||
|
||||
it('prefilters the customer review workspace from an explicit tenant query parameter and accepts external tenant identifiers', function (): void {
|
||||
$tenantA = Tenant::factory()->create(['name' => 'Alpha Tenant']);
|
||||
[$user, $tenantA] = createUserWithTenant(tenant: $tenantA, role: 'readonly');
|
||||
|
||||
$tenantB = Tenant::factory()->create([
|
||||
'workspace_id' => (int) $tenantA->workspace_id,
|
||||
'name' => 'Beta Tenant',
|
||||
]);
|
||||
createUserWithTenant(tenant: $tenantB, user: $user, role: 'readonly');
|
||||
|
||||
$snapshotA = seedTenantReviewEvidence($tenantA);
|
||||
$snapshotB = seedTenantReviewEvidence($tenantB);
|
||||
|
||||
$reviewA = composeTenantReviewForTest($tenantA, $user, $snapshotA);
|
||||
$reviewA->forceFill([
|
||||
'status' => TenantReviewStatus::Published->value,
|
||||
'published_at' => now(),
|
||||
'published_by_user_id' => (int) $user->getKey(),
|
||||
])->save();
|
||||
|
||||
$reviewB = composeTenantReviewForTest($tenantB, $user, $snapshotB);
|
||||
$reviewB->forceFill([
|
||||
'status' => TenantReviewStatus::Published->value,
|
||||
'published_at' => now()->subDay(),
|
||||
'published_by_user_id' => (int) $user->getKey(),
|
||||
])->save();
|
||||
|
||||
$this->actingAs($user);
|
||||
setAdminPanelContext();
|
||||
session()->put(WorkspaceContext::SESSION_KEY, (int) $tenantA->workspace_id);
|
||||
|
||||
Livewire::withQueryParams(['tenant' => (string) $tenantA->external_id])
|
||||
->test(CustomerReviewWorkspace::class)
|
||||
->assertSet('tableFilters.tenant_id.value', (string) $tenantA->getKey())
|
||||
->filterTable('tenant_id', (string) $tenantA->getKey())
|
||||
->assertCanSeeTableRecords([$tenantA->fresh()])
|
||||
->assertCanNotSeeTableRecords([$tenantB->fresh()]);
|
||||
});
|
||||
@ -0,0 +1,66 @@
|
||||
<?php
|
||||
|
||||
declare(strict_types=1);
|
||||
|
||||
use App\Filament\Pages\Settings\WorkspaceSettings;
|
||||
use App\Models\User;
|
||||
use App\Models\Workspace;
|
||||
use App\Models\WorkspaceMembership;
|
||||
use App\Services\Settings\SettingsResolver;
|
||||
use App\Support\Workspaces\WorkspaceContext;
|
||||
use Livewire\Livewire;
|
||||
|
||||
/**
|
||||
* @return array{0: Workspace, 1: User}
|
||||
*/
|
||||
function workspaceAiPolicyManager(): array
|
||||
{
|
||||
$workspace = Workspace::factory()->create();
|
||||
$user = User::factory()->create();
|
||||
|
||||
WorkspaceMembership::factory()->create([
|
||||
'workspace_id' => (int) $workspace->getKey(),
|
||||
'user_id' => (int) $user->getKey(),
|
||||
'role' => 'manager',
|
||||
]);
|
||||
|
||||
session()->put(WorkspaceContext::SESSION_KEY, (int) $workspace->getKey());
|
||||
|
||||
return [$workspace, $user];
|
||||
}
|
||||
|
||||
it('renders the workspace ai policy section and lets managers save and reset the ai posture', function (): void {
|
||||
[$workspace, $user] = workspaceAiPolicyManager();
|
||||
|
||||
$this->actingAs($user)
|
||||
->get(WorkspaceSettings::getUrl(panel: 'admin'))
|
||||
->assertSuccessful()
|
||||
->assertSee('Workspace AI policy')
|
||||
->assertSee('Disabled')
|
||||
->assertSee('Private only')
|
||||
->assertSee('Approved use cases')
|
||||
->assertSee('Blocked data classifications');
|
||||
|
||||
expect(app(SettingsResolver::class)->resolveValue($workspace, 'ai', 'policy_mode'))
|
||||
->toBe('disabled');
|
||||
|
||||
$component = Livewire::actingAs($user)
|
||||
->test(WorkspaceSettings::class)
|
||||
->assertSet('data.ai_policy_mode', null)
|
||||
->set('data.ai_policy_mode', 'private_only')
|
||||
->callAction('save')
|
||||
->assertHasNoErrors()
|
||||
->assertSet('data.ai_policy_mode', 'private_only');
|
||||
|
||||
expect(app(SettingsResolver::class)->resolveValue($workspace, 'ai', 'policy_mode'))
|
||||
->toBe('private_only');
|
||||
|
||||
$component
|
||||
->mountFormComponentAction('ai_policy_mode', 'reset_ai_policy_mode', [], 'content')
|
||||
->callMountedFormComponentAction()
|
||||
->assertHasNoErrors()
|
||||
->assertSet('data.ai_policy_mode', null);
|
||||
|
||||
expect(app(SettingsResolver::class)->resolveValue($workspace, 'ai', 'policy_mode'))
|
||||
->toBe('disabled');
|
||||
});
|
||||
@ -79,3 +79,76 @@
|
||||
->and(data_get($audit?->metadata, 'before_value'))->toBe(48)
|
||||
->and(data_get($audit?->metadata, 'after_value'))->toBe(30);
|
||||
});
|
||||
|
||||
it('writes a workspace-scoped audit entry when ai policy mode is updated', function (): void {
|
||||
$workspace = Workspace::factory()->create();
|
||||
$user = User::factory()->create();
|
||||
|
||||
WorkspaceMembership::factory()->create([
|
||||
'workspace_id' => (int) $workspace->getKey(),
|
||||
'user_id' => (int) $user->getKey(),
|
||||
'role' => 'manager',
|
||||
]);
|
||||
|
||||
app(SettingsWriter::class)->updateWorkspaceSetting(
|
||||
actor: $user,
|
||||
workspace: $workspace,
|
||||
domain: 'ai',
|
||||
key: 'policy_mode',
|
||||
value: 'private_only',
|
||||
);
|
||||
|
||||
$audit = AuditLog::query()->latest('id')->first();
|
||||
|
||||
expect($audit)->not->toBeNull()
|
||||
->and($audit?->workspace_id)->toBe((int) $workspace->getKey())
|
||||
->and($audit?->tenant_id)->toBeNull()
|
||||
->and($audit?->action)->toBe(AuditActionId::WorkspaceSettingUpdated->value)
|
||||
->and(data_get($audit?->metadata, 'domain'))->toBe('ai')
|
||||
->and(data_get($audit?->metadata, 'key'))->toBe('policy_mode')
|
||||
->and(data_get($audit?->metadata, 'scope'))->toBe('workspace')
|
||||
->and(data_get($audit?->metadata, 'before_value'))->toBeNull()
|
||||
->and(data_get($audit?->metadata, 'after_value'))->toBe('private_only');
|
||||
});
|
||||
|
||||
it('writes a workspace-scoped audit entry when ai policy mode is reset', function (): void {
|
||||
$workspace = Workspace::factory()->create();
|
||||
$user = User::factory()->create();
|
||||
|
||||
WorkspaceMembership::factory()->create([
|
||||
'workspace_id' => (int) $workspace->getKey(),
|
||||
'user_id' => (int) $user->getKey(),
|
||||
'role' => 'manager',
|
||||
]);
|
||||
|
||||
$writer = app(SettingsWriter::class);
|
||||
|
||||
$writer->updateWorkspaceSetting(
|
||||
actor: $user,
|
||||
workspace: $workspace,
|
||||
domain: 'ai',
|
||||
key: 'policy_mode',
|
||||
value: 'private_only',
|
||||
);
|
||||
|
||||
$writer->resetWorkspaceSetting(
|
||||
actor: $user,
|
||||
workspace: $workspace,
|
||||
domain: 'ai',
|
||||
key: 'policy_mode',
|
||||
);
|
||||
|
||||
$audit = AuditLog::query()
|
||||
->where('action', AuditActionId::WorkspaceSettingReset->value)
|
||||
->latest('id')
|
||||
->first();
|
||||
|
||||
expect($audit)->not->toBeNull()
|
||||
->and($audit?->workspace_id)->toBe((int) $workspace->getKey())
|
||||
->and($audit?->tenant_id)->toBeNull()
|
||||
->and(data_get($audit?->metadata, 'domain'))->toBe('ai')
|
||||
->and(data_get($audit?->metadata, 'key'))->toBe('policy_mode')
|
||||
->and(data_get($audit?->metadata, 'scope'))->toBe('workspace')
|
||||
->and(data_get($audit?->metadata, 'before_value'))->toBe('private_only')
|
||||
->and(data_get($audit?->metadata, 'after_value'))->toBe('disabled');
|
||||
});
|
||||
|
||||
@ -44,6 +44,7 @@ function workspaceManagerUser(): array
|
||||
|
||||
$component = Livewire::actingAs($user)
|
||||
->test(WorkspaceSettings::class)
|
||||
->assertSet('data.ai_policy_mode', null)
|
||||
->assertSet('data.backup_retention_keep_last_default', null)
|
||||
->assertSet('data.backup_retention_min_floor', null)
|
||||
->assertSet('data.drift_severity_mapping', [])
|
||||
@ -58,6 +59,7 @@ function workspaceManagerUser(): array
|
||||
->assertSet('data.findings_sla_low', null)
|
||||
->assertSet('data.operations_operation_run_retention_days', null)
|
||||
->assertSet('data.operations_stuck_run_threshold_minutes', null)
|
||||
->set('data.ai_policy_mode', 'private_only')
|
||||
->set('data.backup_retention_keep_last_default', 55)
|
||||
->set('data.backup_retention_min_floor', 12)
|
||||
->set('data.drift_severity_mapping', ['drift' => 'critical'])
|
||||
@ -74,6 +76,7 @@ function workspaceManagerUser(): array
|
||||
->set('data.operations_stuck_run_threshold_minutes', 60)
|
||||
->callAction('save')
|
||||
->assertHasNoErrors()
|
||||
->assertSet('data.ai_policy_mode', 'private_only')
|
||||
->assertSet('data.backup_retention_keep_last_default', 55)
|
||||
->assertSet('data.backup_retention_min_floor', 12)
|
||||
->assertSet('data.baseline_severity_missing_policy', 'critical')
|
||||
@ -97,6 +100,9 @@ function workspaceManagerUser(): array
|
||||
expect(app(SettingsResolver::class)->resolveValue($workspace, 'backup', 'retention_keep_last_default'))
|
||||
->toBe(55);
|
||||
|
||||
expect(app(SettingsResolver::class)->resolveValue($workspace, 'ai', 'policy_mode'))
|
||||
->toBe('private_only');
|
||||
|
||||
expect(app(SettingsResolver::class)->resolveValue($workspace, 'backup', 'retention_min_floor'))
|
||||
->toBe(12);
|
||||
|
||||
@ -142,6 +148,18 @@ function workspaceManagerUser(): array
|
||||
->where('key', 'retention_keep_last_default')
|
||||
->exists())->toBeFalse();
|
||||
|
||||
$component
|
||||
->mountFormComponentAction('ai_policy_mode', 'reset_ai_policy_mode', [], 'content')
|
||||
->callMountedFormComponentAction()
|
||||
->assertHasNoErrors()
|
||||
->assertSet('data.ai_policy_mode', null);
|
||||
|
||||
expect(WorkspaceSetting::query()
|
||||
->where('workspace_id', (int) $workspace->getKey())
|
||||
->where('domain', 'ai')
|
||||
->where('key', 'policy_mode')
|
||||
->exists())->toBeFalse();
|
||||
|
||||
$component
|
||||
->mountFormComponentAction('operations_operation_run_retention_days', 'reset_operations_operation_run_retention_days', [], 'content')
|
||||
->callMountedFormComponentAction()
|
||||
|
||||
@ -5,6 +5,7 @@
|
||||
use App\Filament\Pages\Settings\WorkspaceSettings;
|
||||
use App\Models\User;
|
||||
use App\Models\Workspace;
|
||||
use App\Models\WorkspaceSetting;
|
||||
use App\Support\Workspaces\WorkspaceContext;
|
||||
use Livewire\Livewire;
|
||||
|
||||
@ -12,6 +13,14 @@
|
||||
$workspace = Workspace::factory()->create();
|
||||
$user = User::factory()->create();
|
||||
|
||||
WorkspaceSetting::factory()->create([
|
||||
'workspace_id' => (int) $workspace->getKey(),
|
||||
'domain' => 'ai',
|
||||
'key' => 'policy_mode',
|
||||
'value' => 'private_only',
|
||||
'updated_by_user_id' => null,
|
||||
]);
|
||||
|
||||
session()->put(WorkspaceContext::SESSION_KEY, (int) $workspace->getKey());
|
||||
|
||||
$this->actingAs($user)
|
||||
|
||||
@ -30,6 +30,14 @@
|
||||
'updated_by_user_id' => null,
|
||||
]);
|
||||
|
||||
WorkspaceSetting::factory()->create([
|
||||
'workspace_id' => (int) $workspace->getKey(),
|
||||
'domain' => 'ai',
|
||||
'key' => 'policy_mode',
|
||||
'value' => 'private_only',
|
||||
'updated_by_user_id' => null,
|
||||
]);
|
||||
|
||||
session()->put(WorkspaceContext::SESSION_KEY, (int) $workspace->getKey());
|
||||
|
||||
$this->actingAs($user)
|
||||
@ -38,6 +46,7 @@
|
||||
|
||||
Livewire::actingAs($user)
|
||||
->test(WorkspaceSettings::class)
|
||||
->assertSet('data.ai_policy_mode', 'private_only')
|
||||
->assertSet('data.backup_retention_keep_last_default', 27)
|
||||
->assertSet('data.backup_retention_min_floor', null)
|
||||
->assertSet('data.drift_severity_mapping', [])
|
||||
@ -56,6 +65,8 @@
|
||||
->assertActionDisabled('save')
|
||||
->assertFormComponentActionVisible('backup_retention_keep_last_default', 'reset_backup_retention_keep_last_default', [], 'content')
|
||||
->assertFormComponentActionDisabled('backup_retention_keep_last_default', 'reset_backup_retention_keep_last_default', [], 'content')
|
||||
->assertFormComponentActionVisible('ai_policy_mode', 'reset_ai_policy_mode', [], 'content')
|
||||
->assertFormComponentActionDisabled('ai_policy_mode', 'reset_ai_policy_mode', [], 'content')
|
||||
->assertFormComponentActionVisible('backup_retention_min_floor', 'reset_backup_retention_min_floor', [], 'content')
|
||||
->assertFormComponentActionDisabled('backup_retention_min_floor', 'reset_backup_retention_min_floor', [], 'content')
|
||||
->assertFormComponentActionVisible('drift_severity_mapping', 'reset_drift_severity_mapping', [], 'content')
|
||||
@ -75,6 +86,11 @@
|
||||
->call('save')
|
||||
->assertStatus(403);
|
||||
|
||||
Livewire::actingAs($user)
|
||||
->test(WorkspaceSettings::class)
|
||||
->call('resetSetting', 'ai_policy_mode')
|
||||
->assertStatus(403);
|
||||
|
||||
Livewire::actingAs($user)
|
||||
->test(WorkspaceSettings::class)
|
||||
->call('resetSetting', 'backup_retention_keep_last_default')
|
||||
@ -88,5 +104,12 @@
|
||||
->where('key', 'retention_keep_last_default')
|
||||
->first();
|
||||
|
||||
expect($setting)->not->toBeNull();
|
||||
$aiSetting = WorkspaceSetting::query()
|
||||
->where('workspace_id', (int) $workspace->getKey())
|
||||
->where('domain', 'ai')
|
||||
->where('key', 'policy_mode')
|
||||
->first();
|
||||
|
||||
expect($setting)->not->toBeNull()
|
||||
->and($aiSetting)->not->toBeNull();
|
||||
});
|
||||
|
||||
@ -0,0 +1,166 @@
|
||||
<?php
|
||||
|
||||
declare(strict_types=1);
|
||||
|
||||
use App\Filament\Pages\Operations\TenantlessOperationRunViewer;
|
||||
use App\Models\OperationRun;
|
||||
use App\Models\SupportRequest;
|
||||
use App\Models\Tenant;
|
||||
use App\Models\User;
|
||||
use App\Models\Workspace;
|
||||
use App\Models\WorkspaceMembership;
|
||||
use App\Support\OperationRunLinks;
|
||||
use App\Support\OperationRunOutcome;
|
||||
use App\Support\OperationRunStatus;
|
||||
use App\Support\OperationRunType;
|
||||
use App\Support\Workspaces\WorkspaceContext;
|
||||
use Filament\Actions\Action;
|
||||
use Filament\Actions\ActionGroup;
|
||||
use Filament\Facades\Filament;
|
||||
use Livewire\Livewire;
|
||||
|
||||
uses(\Illuminate\Foundation\Testing\RefreshDatabase::class);
|
||||
|
||||
function operationSupportRequestComponent(User $user, OperationRun $run): \Livewire\Features\SupportTesting\Testable
|
||||
{
|
||||
test()->actingAs($user);
|
||||
Filament::setTenant(null, true);
|
||||
session()->put(WorkspaceContext::SESSION_KEY, (int) $run->workspace_id);
|
||||
|
||||
return Livewire::actingAs($user)->test(TenantlessOperationRunViewer::class, ['run' => $run]);
|
||||
}
|
||||
|
||||
function operationSupportRequestHeaderActions(\Livewire\Features\SupportTesting\Testable $component): array
|
||||
{
|
||||
$instance = $component->instance();
|
||||
|
||||
if ($instance->getCachedHeaderActions() === []) {
|
||||
$instance->cacheInteractsWithHeaderActions();
|
||||
}
|
||||
|
||||
return $instance->getCachedHeaderActions();
|
||||
}
|
||||
|
||||
function operationSupportRequestHeaderPrimaryNames(\Livewire\Features\SupportTesting\Testable $component): array
|
||||
{
|
||||
return collect(operationSupportRequestHeaderActions($component))
|
||||
->reject(static fn ($action): bool => $action instanceof ActionGroup)
|
||||
->map(static fn ($action): ?string => $action instanceof Action ? $action->getName() : null)
|
||||
->filter()
|
||||
->values()
|
||||
->all();
|
||||
}
|
||||
|
||||
function operationSupportRequestHeaderMoreActionNames(\Livewire\Features\SupportTesting\Testable $component): array
|
||||
{
|
||||
$moreGroup = collect(operationSupportRequestHeaderActions($component))
|
||||
->first(static fn ($action): bool => $action instanceof ActionGroup && $action->getLabel() === 'More');
|
||||
|
||||
return collect($moreGroup?->getActions() ?? [])
|
||||
->map(static fn ($action): ?string => $action instanceof Action ? $action->getName() : null)
|
||||
->filter()
|
||||
->values()
|
||||
->all();
|
||||
}
|
||||
|
||||
function operationSupportRequestHeaderMoreAction(\Livewire\Features\SupportTesting\Testable $component, string $name): ?Action
|
||||
{
|
||||
$moreGroup = collect(operationSupportRequestHeaderActions($component))
|
||||
->first(static fn ($action): bool => $action instanceof ActionGroup && $action->getLabel() === 'More');
|
||||
|
||||
$action = collect($moreGroup?->getActions() ?? [])
|
||||
->first(static fn ($action): bool => $action instanceof Action && $action->getName() === $name);
|
||||
|
||||
return $action instanceof Action ? $action : null;
|
||||
}
|
||||
|
||||
it('creates a run-scoped support request from the tenantless operation viewer', function (): void {
|
||||
$tenant = Tenant::factory()->create(['name' => 'Contoso Support Tenant']);
|
||||
[$user, $tenant] = createUserWithTenant(tenant: $tenant, role: 'operator');
|
||||
|
||||
$run = OperationRun::factory()
|
||||
->forTenant($tenant)
|
||||
->create([
|
||||
'type' => OperationRunType::BaselineCompare->value,
|
||||
'status' => OperationRunStatus::Completed->value,
|
||||
'outcome' => OperationRunOutcome::Failed->value,
|
||||
'summary_counts' => [
|
||||
'total' => 0,
|
||||
'processed' => 0,
|
||||
],
|
||||
'failure_summary' => [[
|
||||
'message' => 'Run failed after provider validation.',
|
||||
]],
|
||||
'completed_at' => now()->subMinutes(10),
|
||||
]);
|
||||
|
||||
$component = operationSupportRequestComponent($user, $run);
|
||||
|
||||
expect(operationSupportRequestHeaderPrimaryNames($component))
|
||||
->not->toContain('openSupportDiagnostics')
|
||||
->not->toContain('requestSupport')
|
||||
->and(operationSupportRequestHeaderMoreActionNames($component))
|
||||
->toEqualCanonicalizing(['openSupportDiagnostics', 'requestSupport'])
|
||||
->and(operationSupportRequestHeaderMoreAction($component, 'openSupportDiagnostics')?->isIconButton())
|
||||
->toBeFalse();
|
||||
|
||||
$component
|
||||
->assertActionVisible('openSupportDiagnostics')
|
||||
->assertActionEnabled('openSupportDiagnostics')
|
||||
->assertActionVisible('requestSupport')
|
||||
->assertActionEnabled('requestSupport')
|
||||
->assertActionExists('requestSupport', fn (Action $action): bool => $action->getLabel() === 'Request support')
|
||||
->mountAction('requestSupport')
|
||||
->setActionData([
|
||||
'severity' => SupportRequest::SEVERITY_BLOCKING,
|
||||
'summary' => 'This failed operation needs support escalation.',
|
||||
'reproduction_notes' => 'Open the canonical run detail and submit the request from the grouped secondary action.',
|
||||
])
|
||||
->callMountedAction()
|
||||
->assertHasNoActionErrors()
|
||||
->assertNotified('Support request submitted');
|
||||
|
||||
$supportRequest = SupportRequest::query()->sole();
|
||||
|
||||
expect($supportRequest->internal_reference)->toMatch('/^SR-[0-9A-HJKMNP-TV-Z]{26}$/')
|
||||
->and($supportRequest->workspace_id)->toBe((int) $tenant->workspace_id)
|
||||
->and($supportRequest->tenant_id)->toBe((int) $tenant->getKey())
|
||||
->and($supportRequest->initiated_by_user_id)->toBe((int) $user->getKey())
|
||||
->and($supportRequest->primary_context_type)->toBe(SupportRequest::PRIMARY_CONTEXT_OPERATION_RUN)
|
||||
->and($supportRequest->operation_run_id)->toBe((int) $run->getKey())
|
||||
->and($supportRequest->attachment_mode)->toBe(SupportRequest::ATTACHMENT_MODE_DIAGNOSTIC_SNAPSHOT_ATTACHED)
|
||||
->and($supportRequest->severity)->toBe(SupportRequest::SEVERITY_BLOCKING)
|
||||
->and($supportRequest->summary)->toBe('This failed operation needs support escalation.')
|
||||
->and(data_get($supportRequest->context_envelope, 'primary_context.type'))->toBe('operation_run')
|
||||
->and(data_get($supportRequest->context_envelope, 'primary_context.operation_run_id'))->toBe((int) $run->getKey())
|
||||
->and(data_get($supportRequest->context_envelope, 'diagnostic_snapshot'))->toBeArray();
|
||||
});
|
||||
|
||||
it('keeps tenantless operation detail deny-as-not-found for workspace members without tenant entitlement', function (): void {
|
||||
$workspace = Workspace::factory()->create();
|
||||
$tenant = Tenant::factory()->create([
|
||||
'workspace_id' => (int) $workspace->getKey(),
|
||||
]);
|
||||
|
||||
$user = User::factory()->create();
|
||||
|
||||
WorkspaceMembership::factory()->create([
|
||||
'workspace_id' => (int) $workspace->getKey(),
|
||||
'user_id' => (int) $user->getKey(),
|
||||
'role' => 'owner',
|
||||
]);
|
||||
|
||||
$run = OperationRun::factory()->create([
|
||||
'tenant_id' => (int) $tenant->getKey(),
|
||||
'workspace_id' => (int) $workspace->getKey(),
|
||||
'type' => OperationRunType::BaselineCompare->value,
|
||||
'status' => OperationRunStatus::Completed->value,
|
||||
'outcome' => OperationRunOutcome::Succeeded->value,
|
||||
'completed_at' => now(),
|
||||
]);
|
||||
|
||||
$this->actingAs($user)
|
||||
->withSession([WorkspaceContext::SESSION_KEY => (int) $workspace->getKey()])
|
||||
->get(route('admin.operations.view', ['run' => (int) $run->getKey()]))
|
||||
->assertNotFound();
|
||||
});
|
||||
@ -0,0 +1,204 @@
|
||||
<?php
|
||||
|
||||
declare(strict_types=1);
|
||||
|
||||
use App\Filament\Pages\Operations\TenantlessOperationRunViewer;
|
||||
use App\Filament\Pages\TenantDashboard;
|
||||
use App\Models\AuditLog;
|
||||
use App\Models\OperationRun;
|
||||
use App\Models\ProviderConnection;
|
||||
use App\Models\SupportRequest;
|
||||
use App\Models\Tenant;
|
||||
use App\Models\User;
|
||||
use App\Support\Audit\AuditActionId;
|
||||
use App\Support\OperationRunOutcome;
|
||||
use App\Support\OperationRunStatus;
|
||||
use App\Support\OperationRunType;
|
||||
use App\Support\Providers\ProviderReasonCodes;
|
||||
use App\Support\Providers\ProviderVerificationStatus;
|
||||
use App\Support\Workspaces\WorkspaceContext;
|
||||
use Filament\Facades\Filament;
|
||||
use Livewire\Livewire;
|
||||
|
||||
uses(\Illuminate\Foundation\Testing\RefreshDatabase::class);
|
||||
|
||||
function supportRequestAuditTenantComponent(User $user, Tenant $tenant): \Livewire\Features\SupportTesting\Testable
|
||||
{
|
||||
test()->actingAs($user);
|
||||
session()->put(WorkspaceContext::SESSION_KEY, (int) $tenant->workspace_id);
|
||||
setTenantPanelContext($tenant);
|
||||
|
||||
return Livewire::actingAs($user)->test(TenantDashboard::class);
|
||||
}
|
||||
|
||||
function supportRequestAuditOperationComponent(User $user, OperationRun $run): \Livewire\Features\SupportTesting\Testable
|
||||
{
|
||||
test()->actingAs($user);
|
||||
Filament::setTenant(null, true);
|
||||
session()->put(WorkspaceContext::SESSION_KEY, (int) $run->workspace_id);
|
||||
|
||||
return Livewire::actingAs($user)->test(TenantlessOperationRunViewer::class, ['run' => $run]);
|
||||
}
|
||||
|
||||
it('records a redacted audit entry for tenant-scoped support requests', function (): void {
|
||||
$tenant = Tenant::factory()->create(['name' => 'Audit Support Tenant']);
|
||||
[$user, $tenant] = createUserWithTenant(tenant: $tenant, role: 'owner');
|
||||
|
||||
ProviderConnection::factory()
|
||||
->withCredential()
|
||||
->create([
|
||||
'tenant_id' => (int) $tenant->getKey(),
|
||||
'workspace_id' => (int) $tenant->workspace_id,
|
||||
'display_name' => 'Audit Microsoft connection',
|
||||
'verification_status' => ProviderVerificationStatus::Blocked->value,
|
||||
'last_error_reason_code' => ProviderReasonCodes::ProviderPermissionMissing,
|
||||
'last_error_message' => 'tenant-provider-secret',
|
||||
]);
|
||||
|
||||
supportRequestAuditTenantComponent($user, $tenant)
|
||||
->mountAction('requestSupport')
|
||||
->setActionData([
|
||||
'severity' => SupportRequest::SEVERITY_HIGH,
|
||||
'summary' => 'Need tenant support audit proof.',
|
||||
])
|
||||
->callMountedAction()
|
||||
->assertHasNoActionErrors();
|
||||
|
||||
$supportRequest = SupportRequest::query()->sole();
|
||||
|
||||
$audit = AuditLog::query()
|
||||
->where('action', AuditActionId::SupportRequestCreated->value)
|
||||
->latest('id')
|
||||
->first();
|
||||
|
||||
expect($audit)->not->toBeNull()
|
||||
->and($audit?->workspace_id)->toBe((int) $tenant->workspace_id)
|
||||
->and($audit?->tenant_id)->toBe((int) $tenant->getKey())
|
||||
->and($audit?->resource_type)->toBe('support_request')
|
||||
->and($audit?->resource_id)->toBe((string) $supportRequest->getKey())
|
||||
->and($audit?->target_label)->toBe($supportRequest->internal_reference)
|
||||
->and($audit?->operation_run_id)->toBeNull()
|
||||
->and(data_get($audit?->metadata, 'internal_reference'))->toBe($supportRequest->internal_reference)
|
||||
->and(data_get($audit?->metadata, 'primary_context_type'))->toBe(SupportRequest::PRIMARY_CONTEXT_TENANT)
|
||||
->and(data_get($audit?->metadata, 'primary_context_id'))->toBe((string) $tenant->getKey())
|
||||
->and(data_get($audit?->metadata, 'attachment_mode'))->toBe(SupportRequest::ATTACHMENT_MODE_DIAGNOSTIC_SNAPSHOT_ATTACHED)
|
||||
->and(data_get($audit?->metadata, 'redaction_mode'))->toBe('default_redacted')
|
||||
->and((string) json_encode($audit?->metadata))->not->toContain('tenant-provider-secret');
|
||||
});
|
||||
|
||||
it('records a redacted audit entry for run-scoped support requests', function (): void {
|
||||
$tenant = Tenant::factory()->create();
|
||||
[$user, $tenant] = createUserWithTenant(tenant: $tenant, role: 'operator');
|
||||
|
||||
$run = OperationRun::factory()->create([
|
||||
'tenant_id' => (int) $tenant->getKey(),
|
||||
'workspace_id' => (int) $tenant->workspace_id,
|
||||
'type' => OperationRunType::BaselineCompare->value,
|
||||
'status' => OperationRunStatus::Completed->value,
|
||||
'outcome' => OperationRunOutcome::Failed->value,
|
||||
'summary_counts' => [
|
||||
'total' => 0,
|
||||
'processed' => 0,
|
||||
],
|
||||
'context' => [
|
||||
'raw_response_body' => 'run-provider-secret',
|
||||
],
|
||||
'failure_summary' => [[
|
||||
'message' => 'Run failed after provider validation.',
|
||||
]],
|
||||
'completed_at' => now(),
|
||||
]);
|
||||
|
||||
supportRequestAuditOperationComponent($user, $run)
|
||||
->mountAction('requestSupport')
|
||||
->setActionData([
|
||||
'severity' => SupportRequest::SEVERITY_BLOCKING,
|
||||
'summary' => 'Need run support audit proof.',
|
||||
])
|
||||
->callMountedAction()
|
||||
->assertHasNoActionErrors();
|
||||
|
||||
$supportRequest = SupportRequest::query()->sole();
|
||||
|
||||
$audit = AuditLog::query()
|
||||
->where('action', AuditActionId::SupportRequestCreated->value)
|
||||
->latest('id')
|
||||
->first();
|
||||
|
||||
expect($audit)->not->toBeNull()
|
||||
->and($audit?->workspace_id)->toBe((int) $tenant->workspace_id)
|
||||
->and($audit?->tenant_id)->toBe((int) $tenant->getKey())
|
||||
->and($audit?->resource_type)->toBe('support_request')
|
||||
->and($audit?->resource_id)->toBe((string) $supportRequest->getKey())
|
||||
->and($audit?->target_label)->toBe($supportRequest->internal_reference)
|
||||
->and($audit?->operation_run_id)->toBe((int) $run->getKey())
|
||||
->and(data_get($audit?->metadata, 'internal_reference'))->toBe($supportRequest->internal_reference)
|
||||
->and(data_get($audit?->metadata, 'primary_context_type'))->toBe(SupportRequest::PRIMARY_CONTEXT_OPERATION_RUN)
|
||||
->and(data_get($audit?->metadata, 'primary_context_id'))->toBe((string) $run->getKey())
|
||||
->and(data_get($audit?->metadata, 'attachment_mode'))->toBe(SupportRequest::ATTACHMENT_MODE_DIAGNOSTIC_SNAPSHOT_ATTACHED)
|
||||
->and(data_get($audit?->metadata, 'redaction_mode'))->toBe('default_redacted')
|
||||
->and((string) json_encode($audit?->metadata))->not->toContain('run-provider-secret');
|
||||
});
|
||||
|
||||
it('creates distinct support references for duplicate submissions without outbound http or operation-run side effects', function (): void {
|
||||
$tenant = Tenant::factory()->create();
|
||||
[$user, $tenant] = createUserWithTenant(tenant: $tenant, role: 'operator');
|
||||
|
||||
$run = OperationRun::factory()->create([
|
||||
'tenant_id' => (int) $tenant->getKey(),
|
||||
'workspace_id' => (int) $tenant->workspace_id,
|
||||
'type' => OperationRunType::BaselineCompare->value,
|
||||
'status' => OperationRunStatus::Completed->value,
|
||||
'outcome' => OperationRunOutcome::Failed->value,
|
||||
'summary_counts' => [
|
||||
'total' => 0,
|
||||
'processed' => 0,
|
||||
],
|
||||
'failure_summary' => [[
|
||||
'message' => 'Run failed after provider validation.',
|
||||
]],
|
||||
'completed_at' => now(),
|
||||
]);
|
||||
|
||||
$component = supportRequestAuditOperationComponent($user, $run);
|
||||
$existingRunCount = OperationRun::query()->count();
|
||||
|
||||
assertNoOutboundHttp(function () use ($component): void {
|
||||
$component
|
||||
->mountAction('requestSupport')
|
||||
->setActionData([
|
||||
'severity' => SupportRequest::SEVERITY_HIGH,
|
||||
'summary' => 'Duplicate run support request.',
|
||||
])
|
||||
->callMountedAction()
|
||||
->assertHasNoActionErrors()
|
||||
->mountAction('requestSupport')
|
||||
->setActionData([
|
||||
'severity' => SupportRequest::SEVERITY_HIGH,
|
||||
'summary' => 'Duplicate run support request.',
|
||||
])
|
||||
->callMountedAction()
|
||||
->assertHasNoActionErrors();
|
||||
});
|
||||
|
||||
$supportRequests = SupportRequest::query()
|
||||
->orderBy('id')
|
||||
->get();
|
||||
|
||||
$auditReferences = AuditLog::query()
|
||||
->where('action', AuditActionId::SupportRequestCreated->value)
|
||||
->orderBy('id')
|
||||
->pluck('target_label');
|
||||
|
||||
expect($supportRequests)->toHaveCount(2)
|
||||
->and($supportRequests->pluck('summary')->all())->toBe([
|
||||
'Duplicate run support request.',
|
||||
'Duplicate run support request.',
|
||||
])
|
||||
->and($supportRequests->pluck('internal_reference')->unique())->toHaveCount(2)
|
||||
->and($supportRequests->pluck('operation_run_id')->unique()->all())->toBe([(int) $run->getKey()])
|
||||
->and($auditReferences->all())->toBe($supportRequests->pluck('internal_reference')->all())
|
||||
->and(OperationRun::query()->count())->toBe($existingRunCount)
|
||||
->and($run->fresh()?->status)->toBe(OperationRunStatus::Completed->value)
|
||||
->and($run->fresh()?->outcome)->toBe(OperationRunOutcome::Failed->value);
|
||||
});
|
||||
@ -0,0 +1,75 @@
|
||||
<?php
|
||||
|
||||
declare(strict_types=1);
|
||||
|
||||
use App\Filament\Pages\Operations\TenantlessOperationRunViewer;
|
||||
use App\Filament\Pages\TenantDashboard;
|
||||
use App\Models\OperationRun;
|
||||
use App\Models\SupportRequest;
|
||||
use App\Models\Tenant;
|
||||
use App\Models\User;
|
||||
use App\Support\OperationRunOutcome;
|
||||
use App\Support\OperationRunStatus;
|
||||
use App\Support\OperationRunType;
|
||||
use App\Support\Workspaces\WorkspaceContext;
|
||||
use Filament\Facades\Filament;
|
||||
use Livewire\Livewire;
|
||||
|
||||
uses(\Illuminate\Foundation\Testing\RefreshDatabase::class);
|
||||
|
||||
function supportRequestAuthorizationTenantComponent(User $user, Tenant $tenant): \Livewire\Features\SupportTesting\Testable
|
||||
{
|
||||
test()->actingAs($user);
|
||||
session()->put(WorkspaceContext::SESSION_KEY, (int) $tenant->workspace_id);
|
||||
setTenantPanelContext($tenant);
|
||||
|
||||
return Livewire::actingAs($user)->test(TenantDashboard::class);
|
||||
}
|
||||
|
||||
function supportRequestAuthorizationOperationComponent(User $user, OperationRun $run): \Livewire\Features\SupportTesting\Testable
|
||||
{
|
||||
test()->actingAs($user);
|
||||
Filament::setTenant(null, true);
|
||||
session()->put(WorkspaceContext::SESSION_KEY, (int) $run->workspace_id);
|
||||
|
||||
return Livewire::actingAs($user)->test(TenantlessOperationRunViewer::class, ['run' => $run]);
|
||||
}
|
||||
|
||||
it('returns forbidden for entitled tenant members without support request capability', function (): void {
|
||||
$tenant = Tenant::factory()->create();
|
||||
[$user, $tenant] = createUserWithTenant(tenant: $tenant, role: 'readonly');
|
||||
|
||||
supportRequestAuthorizationTenantComponent($user, $tenant)
|
||||
->assertActionVisible('requestSupport')
|
||||
->assertActionDisabled('requestSupport')
|
||||
->call('authorizeTenantSupportRequest')
|
||||
->assertForbidden();
|
||||
|
||||
expect(SupportRequest::query()->count())->toBe(0);
|
||||
});
|
||||
|
||||
it('returns forbidden for entitled run viewers without support request capability', function (): void {
|
||||
$tenant = Tenant::factory()->create();
|
||||
[$user, $tenant] = createUserWithTenant(tenant: $tenant, role: 'readonly');
|
||||
|
||||
$run = OperationRun::factory()->create([
|
||||
'tenant_id' => (int) $tenant->getKey(),
|
||||
'workspace_id' => (int) $tenant->workspace_id,
|
||||
'type' => OperationRunType::BaselineCompare->value,
|
||||
'status' => OperationRunStatus::Completed->value,
|
||||
'outcome' => OperationRunOutcome::Succeeded->value,
|
||||
'summary_counts' => [
|
||||
'total' => 0,
|
||||
'processed' => 0,
|
||||
],
|
||||
'completed_at' => now(),
|
||||
]);
|
||||
|
||||
supportRequestAuthorizationOperationComponent($user, $run)
|
||||
->assertActionVisible('requestSupport')
|
||||
->assertActionDisabled('requestSupport')
|
||||
->call('authorizeOperationRunSupportRequest')
|
||||
->assertForbidden();
|
||||
|
||||
expect(SupportRequest::query()->count())->toBe(0);
|
||||
});
|
||||
@ -0,0 +1,137 @@
|
||||
<?php
|
||||
|
||||
declare(strict_types=1);
|
||||
|
||||
use App\Filament\Pages\TenantDashboard;
|
||||
use App\Models\SupportRequest;
|
||||
use App\Models\Tenant;
|
||||
use App\Models\User;
|
||||
use App\Models\WorkspaceMembership;
|
||||
use App\Services\Auth\CapabilityResolver;
|
||||
use App\Support\Auth\Capabilities;
|
||||
use App\Support\Workspaces\WorkspaceContext;
|
||||
use Filament\Actions\Action;
|
||||
use Livewire\Livewire;
|
||||
|
||||
use function Pest\Laravel\mock;
|
||||
|
||||
uses(\Illuminate\Foundation\Testing\RefreshDatabase::class);
|
||||
|
||||
function tenantSupportRequestComponent(User $user, Tenant $tenant): \Livewire\Features\SupportTesting\Testable
|
||||
{
|
||||
test()->actingAs($user);
|
||||
session()->put(WorkspaceContext::SESSION_KEY, (int) $tenant->workspace_id);
|
||||
setTenantPanelContext($tenant);
|
||||
|
||||
return Livewire::actingAs($user)->test(TenantDashboard::class);
|
||||
}
|
||||
|
||||
it('creates a tenant support request from the dashboard', function (): void {
|
||||
$tenant = Tenant::factory()->create(['name' => 'Contoso Support Tenant']);
|
||||
[$user, $tenant] = createUserWithTenant(tenant: $tenant, role: 'owner');
|
||||
|
||||
tenantSupportRequestComponent($user, $tenant)
|
||||
->assertActionVisible('requestSupport')
|
||||
->assertActionEnabled('requestSupport')
|
||||
->assertActionExists('requestSupport', fn (Action $action): bool => $action->getLabel() === 'Request support')
|
||||
->mountAction('requestSupport')
|
||||
->setActionData([
|
||||
'severity' => SupportRequest::SEVERITY_HIGH,
|
||||
'summary' => 'Policy sync failed after the latest tenant refresh.',
|
||||
'reproduction_notes' => 'Open the tenant dashboard after a failed sync and request support from the header action.',
|
||||
'contact_name' => 'Ops On Call',
|
||||
'contact_email' => 'ops@example.test',
|
||||
])
|
||||
->callMountedAction()
|
||||
->assertHasNoActionErrors()
|
||||
->assertNotified('Support request submitted');
|
||||
|
||||
$supportRequest = SupportRequest::query()->sole();
|
||||
|
||||
expect($supportRequest->internal_reference)->toMatch('/^SR-[0-9A-HJKMNP-TV-Z]{26}$/')
|
||||
->and($supportRequest->workspace_id)->toBe((int) $tenant->workspace_id)
|
||||
->and($supportRequest->tenant_id)->toBe((int) $tenant->getKey())
|
||||
->and($supportRequest->initiated_by_user_id)->toBe((int) $user->getKey())
|
||||
->and($supportRequest->primary_context_type)->toBe(SupportRequest::PRIMARY_CONTEXT_TENANT)
|
||||
->and($supportRequest->operation_run_id)->toBeNull()
|
||||
->and($supportRequest->attachment_mode)->toBe(SupportRequest::ATTACHMENT_MODE_DIAGNOSTIC_SNAPSHOT_ATTACHED)
|
||||
->and($supportRequest->severity)->toBe(SupportRequest::SEVERITY_HIGH)
|
||||
->and($supportRequest->summary)->toBe('Policy sync failed after the latest tenant refresh.')
|
||||
->and($supportRequest->reproduction_notes)->toContain('failed sync')
|
||||
->and($supportRequest->contact_name)->toBe('Ops On Call')
|
||||
->and($supportRequest->contact_email)->toBe('ops@example.test')
|
||||
->and(data_get($supportRequest->context_envelope, 'primary_context.type'))->toBe('tenant')
|
||||
->and(data_get($supportRequest->context_envelope, 'primary_context.tenant_id'))->toBe((int) $tenant->getKey())
|
||||
->and(data_get($supportRequest->context_envelope, 'diagnostic_snapshot'))->toBeArray();
|
||||
});
|
||||
|
||||
it('stores canonical context only when the creator cannot view support diagnostics', function (): void {
|
||||
$tenant = Tenant::factory()->create();
|
||||
[$user, $tenant] = createUserWithTenant(tenant: $tenant, role: 'owner');
|
||||
|
||||
mock(CapabilityResolver::class, function ($mock) use ($tenant): void {
|
||||
$mock->shouldReceive('primeMemberships')->andReturnNull();
|
||||
$mock->shouldReceive('isMember')
|
||||
->andReturnUsing(static fn ($user, Tenant $resolvedTenant): bool => (int) $resolvedTenant->getKey() === (int) $tenant->getKey());
|
||||
|
||||
$mock->shouldReceive('can')
|
||||
->andReturnUsing(static function ($user, Tenant $resolvedTenant, string $capability) use ($tenant): bool {
|
||||
expect((int) $resolvedTenant->getKey())->toBe((int) $tenant->getKey());
|
||||
|
||||
return match ($capability) {
|
||||
Capabilities::SUPPORT_REQUESTS_CREATE => true,
|
||||
Capabilities::SUPPORT_DIAGNOSTICS_VIEW => false,
|
||||
default => true,
|
||||
};
|
||||
});
|
||||
});
|
||||
|
||||
tenantSupportRequestComponent($user, $tenant)
|
||||
->assertActionVisible('requestSupport')
|
||||
->assertActionEnabled('requestSupport')
|
||||
->mountAction('requestSupport')
|
||||
->setActionData([
|
||||
'summary' => 'Need help reviewing the latest tenant support context.',
|
||||
])
|
||||
->callMountedAction()
|
||||
->assertHasNoActionErrors()
|
||||
->assertNotified('Support request submitted');
|
||||
|
||||
$supportRequest = SupportRequest::query()->sole();
|
||||
|
||||
expect($supportRequest->severity)->toBe(SupportRequest::SEVERITY_NORMAL)
|
||||
->and($supportRequest->contact_name)->toBe($user->name)
|
||||
->and($supportRequest->contact_email)->toBe($user->email)
|
||||
->and($supportRequest->attachment_mode)->toBe(SupportRequest::ATTACHMENT_MODE_CANONICAL_CONTEXT_ONLY)
|
||||
->and(data_get($supportRequest->context_envelope, 'diagnostic_snapshot'))->toBeNull()
|
||||
->and(data_get($supportRequest->context_envelope, 'omissions.0.reason'))->toBe('omitted_without_support_diagnostics_view');
|
||||
});
|
||||
|
||||
it('keeps tenant dashboard support requests deny-as-not-found for workspace members without tenant entitlement', function (): void {
|
||||
$tenant = Tenant::factory()->create();
|
||||
$user = User::factory()->create();
|
||||
|
||||
WorkspaceMembership::factory()->create([
|
||||
'workspace_id' => (int) $tenant->workspace_id,
|
||||
'user_id' => (int) $user->getKey(),
|
||||
'role' => 'operator',
|
||||
]);
|
||||
|
||||
$this->actingAs($user)
|
||||
->withSession([WorkspaceContext::SESSION_KEY => (int) $tenant->workspace_id])
|
||||
->get(TenantDashboard::getUrl(panel: 'tenant', tenant: $tenant))
|
||||
->assertNotFound();
|
||||
});
|
||||
|
||||
it('returns forbidden for entitled tenant members without support request capability', function (): void {
|
||||
$tenant = Tenant::factory()->create();
|
||||
[$user, $tenant] = createUserWithTenant(tenant: $tenant, role: 'readonly');
|
||||
|
||||
tenantSupportRequestComponent($user, $tenant)
|
||||
->assertActionVisible('requestSupport')
|
||||
->assertActionDisabled('requestSupport')
|
||||
->call('authorizeTenantSupportRequest')
|
||||
->assertForbidden();
|
||||
|
||||
expect(SupportRequest::query()->count())->toBe(0);
|
||||
});
|
||||
@ -0,0 +1,109 @@
|
||||
<?php
|
||||
|
||||
declare(strict_types=1);
|
||||
|
||||
use App\Filament\System\Pages\Ops\Controls;
|
||||
use App\Models\AuditLog;
|
||||
use App\Models\OperationalControlActivation;
|
||||
use App\Models\PlatformUser;
|
||||
use App\Models\Tenant;
|
||||
use App\Models\Workspace;
|
||||
use App\Support\Audit\AuditActionId;
|
||||
use App\Support\Auth\PlatformCapabilities;
|
||||
use Filament\Actions\Action;
|
||||
use Filament\Facades\Filament;
|
||||
use Illuminate\Foundation\Testing\RefreshDatabase;
|
||||
use Livewire\Livewire;
|
||||
|
||||
uses(RefreshDatabase::class);
|
||||
|
||||
beforeEach(function (): void {
|
||||
Filament::setCurrentPanel('system');
|
||||
Filament::bootCurrentPanel();
|
||||
});
|
||||
|
||||
function makeAiControlsManager(): PlatformUser
|
||||
{
|
||||
return PlatformUser::factory()->create([
|
||||
'capabilities' => [
|
||||
PlatformCapabilities::ACCESS_SYSTEM_PANEL,
|
||||
PlatformCapabilities::OPS_CONTROLS_MANAGE,
|
||||
],
|
||||
'is_active' => true,
|
||||
]);
|
||||
}
|
||||
|
||||
it('pauses and resumes ai execution through the global-only controls card', function (): void {
|
||||
$workspaceA = Workspace::factory()->create(['name' => 'Acme']);
|
||||
$workspaceB = Workspace::factory()->create(['name' => 'Bravo']);
|
||||
|
||||
Tenant::factory()->count(2)->create(['workspace_id' => (int) $workspaceA->getKey()]);
|
||||
Tenant::factory()->count(1)->create(['workspace_id' => (int) $workspaceB->getKey()]);
|
||||
|
||||
$user = makeAiControlsManager();
|
||||
$this->actingAs($user, 'platform');
|
||||
|
||||
$this->get(Controls::getUrl(panel: 'system'))
|
||||
->assertSuccessful()
|
||||
->assertSee("mountAction('pause_ai_execution')", escape: false);
|
||||
|
||||
$component = Livewire::test(Controls::class)
|
||||
->assertActionExists('pause_ai_execution', fn (Action $action): bool => $action->isConfirmationRequired())
|
||||
->assertActionExists('resume_ai_execution', fn (Action $action): bool => $action->isConfirmationRequired())
|
||||
->assertActionExists('view_history_ai_execution', fn (Action $action): bool => $action->getLabel() === 'View AI execution history');
|
||||
|
||||
$summary = $component->instance()->controlSummary('ai.execution');
|
||||
$preview = $component->instance()->scopeImpactPreview('ai.execution', 'global', null);
|
||||
|
||||
expect($summary['label'])->toBe('AI execution')
|
||||
->and($summary['supported_scopes'])->toBe(['global'])
|
||||
->and($summary['effective_state'])->toBe('enabled')
|
||||
->and($preview['summary'])->toContain('AI execution')
|
||||
->and($preview['workspace_count'])->toBe(2)
|
||||
->and($preview['tenant_count'])->toBe(3);
|
||||
|
||||
$component
|
||||
->callAction('pause_ai_execution', data: [
|
||||
'scope_type' => 'global',
|
||||
'reason_text' => 'Paused for AI rollout review.',
|
||||
'expires_at' => now()->addDay()->toDateTimeString(),
|
||||
])
|
||||
->assertNotified('AI execution paused');
|
||||
|
||||
$activation = OperationalControlActivation::query()
|
||||
->forControl('ai.execution')
|
||||
->forGlobalScope()
|
||||
->first();
|
||||
|
||||
expect($activation)->not->toBeNull()
|
||||
->and($activation?->reason_text)->toBe('Paused for AI rollout review.');
|
||||
|
||||
$pausedSummary = $component->instance()->controlSummary('ai.execution');
|
||||
|
||||
expect($pausedSummary['effective_state'])->toBe('paused')
|
||||
->and($pausedSummary['state_label'])->toBe('Paused globally');
|
||||
|
||||
$component
|
||||
->callAction('resume_ai_execution', data: [
|
||||
'scope_type' => 'global',
|
||||
])
|
||||
->assertNotified('AI execution resumed');
|
||||
|
||||
expect(OperationalControlActivation::query()
|
||||
->forControl('ai.execution')
|
||||
->forGlobalScope()
|
||||
->count())->toBe(0);
|
||||
|
||||
$audits = AuditLog::query()
|
||||
->whereIn('action', [
|
||||
AuditActionId::OperationalControlPaused->value,
|
||||
AuditActionId::OperationalControlResumed->value,
|
||||
])
|
||||
->where('metadata->control_key', 'ai.execution')
|
||||
->orderBy('id')
|
||||
->get();
|
||||
|
||||
expect($audits)->toHaveCount(2)
|
||||
->and($audits[0]->workspace_id)->toBeNull()
|
||||
->and($audits[1]->workspace_id)->toBeNull();
|
||||
});
|
||||
@ -0,0 +1,83 @@
|
||||
<?php
|
||||
|
||||
declare(strict_types=1);
|
||||
|
||||
use App\Filament\System\Pages\Directory\ViewWorkspace;
|
||||
use App\Models\PlatformUser;
|
||||
use App\Models\Tenant;
|
||||
use App\Models\User;
|
||||
use App\Models\Workspace;
|
||||
use App\Models\WorkspaceMembership;
|
||||
use App\Services\Settings\SettingsWriter;
|
||||
use App\Support\Auth\PlatformCapabilities;
|
||||
|
||||
it('renders the read-only workspace entitlement summary on the system workspace detail page', function (): void {
|
||||
$workspace = Workspace::factory()->create(['name' => 'Acme Workspace']);
|
||||
$manager = User::factory()->create(['name' => 'Workspace Manager']);
|
||||
|
||||
WorkspaceMembership::factory()->create([
|
||||
'workspace_id' => (int) $workspace->getKey(),
|
||||
'user_id' => (int) $manager->getKey(),
|
||||
'role' => 'manager',
|
||||
]);
|
||||
|
||||
Tenant::factory()->count(2)->create([
|
||||
'workspace_id' => (int) $workspace->getKey(),
|
||||
'status' => Tenant::STATUS_ACTIVE,
|
||||
]);
|
||||
|
||||
$writer = app(SettingsWriter::class);
|
||||
$writer->updateWorkspaceSetting(
|
||||
actor: $manager,
|
||||
workspace: $workspace,
|
||||
domain: 'entitlements',
|
||||
key: 'plan_profile',
|
||||
value: 'starter',
|
||||
);
|
||||
$writer->updateWorkspaceSetting(
|
||||
actor: $manager,
|
||||
workspace: $workspace,
|
||||
domain: 'entitlements',
|
||||
key: 'managed_tenant_limit_override_value',
|
||||
value: 2,
|
||||
);
|
||||
$writer->updateWorkspaceSetting(
|
||||
actor: $manager,
|
||||
workspace: $workspace,
|
||||
domain: 'entitlements',
|
||||
key: 'managed_tenant_limit_override_reason',
|
||||
value: 'Pilot workspace',
|
||||
);
|
||||
$writer->updateWorkspaceSetting(
|
||||
actor: $manager,
|
||||
workspace: $workspace,
|
||||
domain: 'entitlements',
|
||||
key: 'review_pack_generation_override_value',
|
||||
value: false,
|
||||
);
|
||||
$writer->updateWorkspaceSetting(
|
||||
actor: $manager,
|
||||
workspace: $workspace,
|
||||
domain: 'entitlements',
|
||||
key: 'review_pack_generation_override_reason',
|
||||
value: 'Escalation only',
|
||||
);
|
||||
|
||||
$platformUser = PlatformUser::factory()->create([
|
||||
'capabilities' => [
|
||||
PlatformCapabilities::ACCESS_SYSTEM_PANEL,
|
||||
PlatformCapabilities::DIRECTORY_VIEW,
|
||||
],
|
||||
'is_active' => true,
|
||||
]);
|
||||
|
||||
$this->actingAs($platformUser, 'platform')
|
||||
->get(ViewWorkspace::getUrl(panel: 'system', parameters: ['workspace' => $workspace]))
|
||||
->assertSuccessful()
|
||||
->assertSee('Workspace entitlements')
|
||||
->assertSee('Starter')
|
||||
->assertSee('Pilot workspace')
|
||||
->assertSee('Escalation only')
|
||||
->assertSee('workspace override')
|
||||
->assertDontSee('Save');
|
||||
});
|
||||
@ -0,0 +1,155 @@
|
||||
<?php
|
||||
|
||||
declare(strict_types=1);
|
||||
|
||||
use App\Models\Tenant;
|
||||
use App\Models\User;
|
||||
use App\Models\Workspace;
|
||||
use App\Models\WorkspaceMembership;
|
||||
use App\Services\Entitlements\WorkspaceEntitlementResolver;
|
||||
use App\Services\Settings\SettingsWriter;
|
||||
use Illuminate\Foundation\Testing\RefreshDatabase;
|
||||
|
||||
uses(RefreshDatabase::class);
|
||||
|
||||
/**
|
||||
* @return array{0: Workspace, 1: User}
|
||||
*/
|
||||
function entitledWorkspaceManager(): array
|
||||
{
|
||||
$workspace = Workspace::factory()->create();
|
||||
$user = User::factory()->create();
|
||||
|
||||
WorkspaceMembership::factory()->create([
|
||||
'workspace_id' => (int) $workspace->getKey(),
|
||||
'user_id' => (int) $user->getKey(),
|
||||
'role' => 'manager',
|
||||
]);
|
||||
|
||||
return [$workspace, $user];
|
||||
}
|
||||
|
||||
it('falls back to the default plan profile when a workspace has no entitlement settings', function (): void {
|
||||
[$workspace] = entitledWorkspaceManager();
|
||||
|
||||
$resolver = app(WorkspaceEntitlementResolver::class);
|
||||
|
||||
$managedTenantLimit = $resolver->resolve($workspace, WorkspaceEntitlementResolver::KEY_MANAGED_TENANT_ACTIVATION_LIMIT);
|
||||
$reviewPackGeneration = $resolver->resolve($workspace, WorkspaceEntitlementResolver::KEY_REVIEW_PACK_GENERATION_ENABLED);
|
||||
|
||||
expect($managedTenantLimit)
|
||||
->toMatchArray([
|
||||
'plan_profile_id' => 'standard',
|
||||
'key' => WorkspaceEntitlementResolver::KEY_MANAGED_TENANT_ACTIVATION_LIMIT,
|
||||
'effective_value' => 25,
|
||||
'source' => 'plan_profile_default',
|
||||
'current_usage' => 0,
|
||||
'remaining_capacity' => 25,
|
||||
'is_blocked' => false,
|
||||
])
|
||||
->and($managedTenantLimit['rationale'])->toBe('Balanced defaults for most managed workspaces.')
|
||||
->and($managedTenantLimit['last_changed_at'])->toBeNull()
|
||||
->and($managedTenantLimit['last_changed_by'])->toBeNull();
|
||||
|
||||
expect($reviewPackGeneration)
|
||||
->toMatchArray([
|
||||
'plan_profile_id' => 'standard',
|
||||
'key' => WorkspaceEntitlementResolver::KEY_REVIEW_PACK_GENERATION_ENABLED,
|
||||
'effective_value' => true,
|
||||
'source' => 'plan_profile_default',
|
||||
'is_blocked' => false,
|
||||
]);
|
||||
});
|
||||
|
||||
it('applies the selected plan profile defaults when no explicit override is set', function (): void {
|
||||
[$workspace, $user] = entitledWorkspaceManager();
|
||||
|
||||
app(SettingsWriter::class)->updateWorkspaceSetting(
|
||||
actor: $user,
|
||||
workspace: $workspace,
|
||||
domain: WorkspaceEntitlementResolver::SETTING_DOMAIN,
|
||||
key: WorkspaceEntitlementResolver::SETTING_PLAN_PROFILE,
|
||||
value: 'starter',
|
||||
);
|
||||
|
||||
$resolver = app(WorkspaceEntitlementResolver::class);
|
||||
|
||||
$managedTenantLimit = $resolver->resolve($workspace, WorkspaceEntitlementResolver::KEY_MANAGED_TENANT_ACTIVATION_LIMIT);
|
||||
$reviewPackGeneration = $resolver->resolve($workspace, WorkspaceEntitlementResolver::KEY_REVIEW_PACK_GENERATION_ENABLED);
|
||||
|
||||
expect($managedTenantLimit)
|
||||
->toMatchArray([
|
||||
'plan_profile_id' => 'starter',
|
||||
'effective_value' => 1,
|
||||
'source' => 'plan_profile_default',
|
||||
'current_usage' => 0,
|
||||
'remaining_capacity' => 1,
|
||||
'is_blocked' => false,
|
||||
])
|
||||
->and($managedTenantLimit['last_changed_by'])->toBe($user->name)
|
||||
->and($managedTenantLimit['last_changed_at'])->not->toBeNull();
|
||||
|
||||
expect($reviewPackGeneration)
|
||||
->toMatchArray([
|
||||
'plan_profile_id' => 'starter',
|
||||
'effective_value' => false,
|
||||
'source' => 'plan_profile_default',
|
||||
'is_blocked' => true,
|
||||
])
|
||||
->and($reviewPackGeneration['block_reason'])->toContain('Starter');
|
||||
});
|
||||
|
||||
it('applies workspace override values, rationale, and usage-aware blocking', function (): void {
|
||||
[$workspace, $user] = entitledWorkspaceManager();
|
||||
|
||||
$writer = app(SettingsWriter::class);
|
||||
|
||||
$writer->updateWorkspaceSetting(
|
||||
actor: $user,
|
||||
workspace: $workspace,
|
||||
domain: WorkspaceEntitlementResolver::SETTING_DOMAIN,
|
||||
key: WorkspaceEntitlementResolver::SETTING_PLAN_PROFILE,
|
||||
value: 'starter',
|
||||
);
|
||||
|
||||
$writer->updateWorkspaceSetting(
|
||||
actor: $user,
|
||||
workspace: $workspace,
|
||||
domain: WorkspaceEntitlementResolver::SETTING_DOMAIN,
|
||||
key: WorkspaceEntitlementResolver::SETTING_MANAGED_TENANT_LIMIT_OVERRIDE_VALUE,
|
||||
value: 2,
|
||||
);
|
||||
|
||||
$writer->updateWorkspaceSetting(
|
||||
actor: $user,
|
||||
workspace: $workspace,
|
||||
domain: WorkspaceEntitlementResolver::SETTING_DOMAIN,
|
||||
key: WorkspaceEntitlementResolver::SETTING_MANAGED_TENANT_LIMIT_OVERRIDE_REASON,
|
||||
value: 'Temporary support-approved exception',
|
||||
);
|
||||
|
||||
Tenant::factory()->count(2)->create([
|
||||
'workspace_id' => (int) $workspace->getKey(),
|
||||
'status' => Tenant::STATUS_ACTIVE,
|
||||
]);
|
||||
|
||||
$decision = app(WorkspaceEntitlementResolver::class)->resolve(
|
||||
$workspace,
|
||||
WorkspaceEntitlementResolver::KEY_MANAGED_TENANT_ACTIVATION_LIMIT,
|
||||
);
|
||||
|
||||
expect($decision)
|
||||
->toMatchArray([
|
||||
'plan_profile_id' => 'starter',
|
||||
'effective_value' => 2,
|
||||
'source' => 'workspace_override',
|
||||
'rationale' => 'Temporary support-approved exception',
|
||||
'current_usage' => 2,
|
||||
'remaining_capacity' => 0,
|
||||
'is_blocked' => true,
|
||||
'last_changed_by' => $user->name,
|
||||
])
|
||||
->and($decision['last_changed_at'])->not->toBeNull()
|
||||
->and($decision['block_reason'])->toContain('workspace override')
|
||||
->and($decision['block_reason'])->toContain('Temporary support-approved exception');
|
||||
});
|
||||
@ -0,0 +1,34 @@
|
||||
<?php
|
||||
|
||||
declare(strict_types=1);
|
||||
|
||||
use App\Services\Entitlements\WorkspacePlanProfileCatalog;
|
||||
|
||||
it('exposes a bounded profile catalog with exactly one default profile', function (): void {
|
||||
$catalog = app(WorkspacePlanProfileCatalog::class);
|
||||
$profiles = $catalog->all();
|
||||
|
||||
expect($profiles)
|
||||
->toHaveCount(3)
|
||||
->and(collect($profiles)->where('is_default', true))->toHaveCount(1)
|
||||
->and(WorkspacePlanProfileCatalog::defaultProfileId())->toBe('standard')
|
||||
->and($catalog->default()['label'])->toBe('Standard');
|
||||
});
|
||||
|
||||
it('resolves known profiles and falls back to the default for unknown identifiers', function (): void {
|
||||
$catalog = app(WorkspacePlanProfileCatalog::class);
|
||||
|
||||
expect($catalog->resolve('starter'))
|
||||
->toMatchArray([
|
||||
'id' => 'starter',
|
||||
'managed_tenant_limit_default' => 1,
|
||||
'review_pack_generation_default' => false,
|
||||
])
|
||||
->and($catalog->resolve('missing-profile')['id'])->toBe('standard')
|
||||
->and($catalog->optionLabels())
|
||||
->toMatchArray([
|
||||
'starter' => 'Starter',
|
||||
'standard' => 'Standard',
|
||||
'scale' => 'Scale',
|
||||
]);
|
||||
});
|
||||
@ -0,0 +1,54 @@
|
||||
<?php
|
||||
|
||||
declare(strict_types=1);
|
||||
|
||||
use App\Models\Tenant;
|
||||
use App\Models\Workspace;
|
||||
use App\Support\Ai\AiDataClassification;
|
||||
use App\Support\ProductKnowledge\ContextualHelpResolver;
|
||||
use App\Support\SupportDiagnostics\SupportDiagnosticBundleBuilder;
|
||||
use Illuminate\Foundation\Testing\RefreshDatabase;
|
||||
|
||||
uses(RefreshDatabase::class);
|
||||
|
||||
it('exposes only the approved product knowledge source input for ai answer drafts', function (): void {
|
||||
$source = app(ContextualHelpResolver::class)->aiProductKnowledgeAnswerDraftSource();
|
||||
|
||||
expect($source)->toMatchArray([
|
||||
'use_case_key' => 'product_knowledge.answer_draft',
|
||||
'source_family' => 'product_knowledge',
|
||||
'data_classifications' => [
|
||||
AiDataClassification::ProductKnowledge->value,
|
||||
AiDataClassification::OperationalMetadata->value,
|
||||
],
|
||||
])
|
||||
->and($source['topics'])->not->toBeEmpty()
|
||||
->and($source['operational_metadata'])->toHaveKeys(['version', 'topic_count'])
|
||||
->and($source)->not->toHaveKeys(['tenant', 'tenant_id', 'workspace', 'workspace_id']);
|
||||
});
|
||||
|
||||
it('exposes only the approved redacted support summary input for ai diagnostic drafts', function (): void {
|
||||
$workspace = Workspace::factory()->create();
|
||||
$tenant = Tenant::factory()->create([
|
||||
'workspace_id' => (int) $workspace->getKey(),
|
||||
]);
|
||||
|
||||
$source = app(SupportDiagnosticBundleBuilder::class)->aiSupportDiagnosticsSummaryDraftSource($tenant);
|
||||
|
||||
expect($source)->toMatchArray([
|
||||
'use_case_key' => 'support_diagnostics.summary_draft',
|
||||
'source_family' => 'support_diagnostics',
|
||||
'data_classifications' => [
|
||||
AiDataClassification::RedactedSupportSummary->value,
|
||||
],
|
||||
])
|
||||
->and($source['summary'])->toHaveKeys([
|
||||
'headline',
|
||||
'dominant_issue',
|
||||
'freshness_state',
|
||||
'redaction_note',
|
||||
'generated_from',
|
||||
])
|
||||
->and(data_get($source, 'redaction.mode'))->toBe('default_redacted')
|
||||
->and($source)->not->toHaveKeys(['sections', 'context', 'tenant', 'workspace', 'operation_run']);
|
||||
});
|
||||
@ -0,0 +1,67 @@
|
||||
<?php
|
||||
|
||||
declare(strict_types=1);
|
||||
|
||||
use App\Models\Tenant;
|
||||
use App\Models\Workspace;
|
||||
use App\Support\Ai\AiDataClassification;
|
||||
use App\Support\Ai\AiDecisionAuditMetadataFactory;
|
||||
use App\Support\Ai\AiDecisionReasonCode;
|
||||
use App\Support\Ai\AiExecutionDecision;
|
||||
use App\Support\Ai\AiExecutionRequest;
|
||||
use App\Support\Ai\AiProviderClass;
|
||||
use App\Support\Audit\AuditActionId;
|
||||
use Illuminate\Foundation\Testing\RefreshDatabase;
|
||||
|
||||
uses(RefreshDatabase::class);
|
||||
|
||||
it('builds bounded decision metadata without raw prompt, source, provider, or output payloads', function (): void {
|
||||
$workspace = Workspace::factory()->create();
|
||||
$tenant = Tenant::factory()->create(['workspace_id' => (int) $workspace->getKey()]);
|
||||
|
||||
$request = new AiExecutionRequest(
|
||||
workspace: $workspace,
|
||||
tenant: $tenant,
|
||||
actor: null,
|
||||
useCaseKey: 'support_diagnostics.summary_draft',
|
||||
requestedProviderClass: AiProviderClass::LocalPrivate->value,
|
||||
dataClassifications: [AiDataClassification::RedactedSupportSummary->value],
|
||||
sourceFamily: 'support_diagnostics',
|
||||
callerSurface: 'support_diagnostics',
|
||||
contextFingerprint: 'support_diagnostics:summary:v1',
|
||||
);
|
||||
|
||||
$decision = new AiExecutionDecision(
|
||||
outcome: 'blocked',
|
||||
reasonCode: AiDecisionReasonCode::DataClassificationBlocked,
|
||||
workspaceAiPolicyMode: 'private_only',
|
||||
matchedOperationalControlScope: null,
|
||||
useCaseKey: 'support_diagnostics.summary_draft',
|
||||
requestedProviderClass: AiProviderClass::LocalPrivate->value,
|
||||
dataClassifications: [AiDataClassification::RedactedSupportSummary->value],
|
||||
sourceFamily: 'support_diagnostics',
|
||||
auditAction: AuditActionId::AiExecutionDecisionEvaluated,
|
||||
auditMetadata: [],
|
||||
);
|
||||
|
||||
$metadata = app(AiDecisionAuditMetadataFactory::class)->make($request, $decision);
|
||||
|
||||
expect($metadata)->toMatchArray([
|
||||
'use_case_key' => 'support_diagnostics.summary_draft',
|
||||
'decision_outcome' => 'blocked',
|
||||
'decision_reason' => AiDecisionReasonCode::DataClassificationBlocked->value,
|
||||
'workspace_ai_policy_mode' => 'private_only',
|
||||
'requested_provider_class' => 'local_private',
|
||||
'data_classifications' => ['redacted_support_summary'],
|
||||
'source_family' => 'support_diagnostics',
|
||||
'workspace_id' => (int) $workspace->getKey(),
|
||||
'tenant_id' => (int) $tenant->getKey(),
|
||||
'context_fingerprint' => 'support_diagnostics:summary:v1',
|
||||
])
|
||||
->and($metadata)->not->toHaveKeys([
|
||||
'prompt_text',
|
||||
'source_payload',
|
||||
'provider_payload',
|
||||
'output_text',
|
||||
]);
|
||||
});
|
||||
48
apps/platform/tests/Unit/Support/Ai/AiUseCaseCatalogTest.php
Normal file
48
apps/platform/tests/Unit/Support/Ai/AiUseCaseCatalogTest.php
Normal file
@ -0,0 +1,48 @@
|
||||
<?php
|
||||
|
||||
declare(strict_types=1);
|
||||
|
||||
use App\Support\Ai\AiDataClassification;
|
||||
use App\Support\Ai\AiPolicyMode;
|
||||
use App\Support\Ai\AiUseCaseCatalog;
|
||||
|
||||
it('locks the first slice to the two approved private-only use cases', function (): void {
|
||||
$definitions = app(AiUseCaseCatalog::class)->all();
|
||||
|
||||
expect($definitions)->toHaveCount(2)
|
||||
->and($definitions[0])->toMatchArray([
|
||||
'key' => 'product_knowledge.answer_draft',
|
||||
'label' => 'Product knowledge answer draft',
|
||||
'future_consumer' => 'ContextualHelpResolver',
|
||||
'source_family' => 'product_knowledge',
|
||||
'tenant_context_permitted' => false,
|
||||
])
|
||||
->and($definitions[0]['allowed_provider_classes'])->toBe(['local_private'])
|
||||
->and($definitions[0]['allowed_data_classifications'])->toBe([
|
||||
'product_knowledge',
|
||||
'operational_metadata',
|
||||
])
|
||||
->and($definitions[1])->toMatchArray([
|
||||
'key' => 'support_diagnostics.summary_draft',
|
||||
'label' => 'Support diagnostics summary draft',
|
||||
'future_consumer' => 'SupportDiagnosticBundleBuilder',
|
||||
'source_family' => 'support_diagnostics',
|
||||
'tenant_context_permitted' => true,
|
||||
])
|
||||
->and($definitions[1]['allowed_provider_classes'])->toBe(['local_private'])
|
||||
->and($definitions[1]['allowed_data_classifications'])->toBe([
|
||||
'redacted_support_summary',
|
||||
]);
|
||||
});
|
||||
|
||||
it('derives provider and blocked-data summaries from the catalog for the workspace policy surface', function (): void {
|
||||
$catalog = app(AiUseCaseCatalog::class);
|
||||
|
||||
expect($catalog->allowedProviderClassLabelsForMode(AiPolicyMode::Disabled))->toBe([])
|
||||
->and($catalog->allowedProviderClassLabelsForMode(AiPolicyMode::PrivateOnly))->toBe(['Local private'])
|
||||
->and($catalog->blockedDataClassificationLabels())->toBe([
|
||||
AiDataClassification::PersonalData->label(),
|
||||
AiDataClassification::CustomerConfidential->label(),
|
||||
AiDataClassification::RawProviderPayload->label(),
|
||||
]);
|
||||
});
|
||||
@ -0,0 +1,172 @@
|
||||
<?php
|
||||
|
||||
declare(strict_types=1);
|
||||
|
||||
use App\Models\AuditLog;
|
||||
use App\Models\OperationalControlActivation;
|
||||
use App\Models\Tenant;
|
||||
use App\Models\User;
|
||||
use App\Models\Workspace;
|
||||
use App\Models\WorkspaceMembership;
|
||||
use App\Models\WorkspaceSetting;
|
||||
use App\Support\Ai\AiDataClassification;
|
||||
use App\Support\Ai\AiDecisionReasonCode;
|
||||
use App\Support\Ai\AiExecutionRequest;
|
||||
use App\Support\Ai\AiProviderClass;
|
||||
use App\Support\Ai\GovernedAiExecutionBoundary;
|
||||
use App\Support\Audit\AuditActionId;
|
||||
use Illuminate\Foundation\Testing\RefreshDatabase;
|
||||
|
||||
uses(RefreshDatabase::class);
|
||||
|
||||
/**
|
||||
* @return array{0: Workspace, 1: User}
|
||||
*/
|
||||
function aiPolicyWorkspace(string $policyMode = 'private_only'): array
|
||||
{
|
||||
$workspace = Workspace::factory()->create();
|
||||
$user = User::factory()->create();
|
||||
|
||||
WorkspaceMembership::factory()->create([
|
||||
'workspace_id' => (int) $workspace->getKey(),
|
||||
'user_id' => (int) $user->getKey(),
|
||||
'role' => 'manager',
|
||||
]);
|
||||
|
||||
WorkspaceSetting::query()->create([
|
||||
'workspace_id' => (int) $workspace->getKey(),
|
||||
'domain' => 'ai',
|
||||
'key' => 'policy_mode',
|
||||
'value' => $policyMode,
|
||||
'updated_by_user_id' => (int) $user->getKey(),
|
||||
]);
|
||||
|
||||
return [$workspace, $user];
|
||||
}
|
||||
|
||||
it('allows approved local-private support-diagnostics requests and writes bounded audit metadata', function (): void {
|
||||
[$workspace, $user] = aiPolicyWorkspace();
|
||||
$tenant = Tenant::factory()->create(['workspace_id' => (int) $workspace->getKey()]);
|
||||
|
||||
$decision = assertNoOutboundHttp(fn () => app(GovernedAiExecutionBoundary::class)->evaluate(new AiExecutionRequest(
|
||||
workspace: $workspace,
|
||||
tenant: $tenant,
|
||||
actor: $user,
|
||||
useCaseKey: 'support_diagnostics.summary_draft',
|
||||
requestedProviderClass: AiProviderClass::LocalPrivate->value,
|
||||
dataClassifications: [AiDataClassification::RedactedSupportSummary->value],
|
||||
sourceFamily: 'support_diagnostics',
|
||||
callerSurface: 'support_diagnostics',
|
||||
contextFingerprint: 'support_diagnostics:summary:v1',
|
||||
)));
|
||||
|
||||
expect($decision->isAllowed())->toBeTrue()
|
||||
->and($decision->reasonCode)->toBe(AiDecisionReasonCode::Allowed)
|
||||
->and($decision->workspaceAiPolicyMode)->toBe('private_only')
|
||||
->and($decision->matchedOperationalControlScope)->toBeNull();
|
||||
|
||||
$audit = AuditLog::query()->latest('id')->first();
|
||||
|
||||
expect($audit)->not->toBeNull()
|
||||
->and($audit?->action)->toBe(AuditActionId::AiExecutionDecisionEvaluated->value)
|
||||
->and($audit?->workspace_id)->toBe((int) $workspace->getKey())
|
||||
->and($audit?->tenant_id)->toBe((int) $tenant->getKey())
|
||||
->and(data_get($audit?->metadata, 'decision_outcome'))->toBe('allowed')
|
||||
->and(data_get($audit?->metadata, 'decision_reason'))->toBe(AiDecisionReasonCode::Allowed->value)
|
||||
->and(data_get($audit?->metadata, 'use_case_key'))->toBe('support_diagnostics.summary_draft')
|
||||
->and(data_get($audit?->metadata, 'requested_provider_class'))->toBe('local_private')
|
||||
->and(data_get($audit?->metadata, 'data_classifications'))->toBe(['redacted_support_summary'])
|
||||
->and(data_get($audit?->metadata, 'context_fingerprint'))->toBe('support_diagnostics:summary:v1')
|
||||
->and(data_get($audit?->metadata, 'prompt_text'))->toBeNull()
|
||||
->and(data_get($audit?->metadata, 'output_text'))->toBeNull();
|
||||
});
|
||||
|
||||
it('blocks external-public provider classes before any provider resolution', function (): void {
|
||||
[$workspace, $user] = aiPolicyWorkspace();
|
||||
|
||||
$decision = assertNoOutboundHttp(fn () => app(GovernedAiExecutionBoundary::class)->evaluate(new AiExecutionRequest(
|
||||
workspace: $workspace,
|
||||
tenant: null,
|
||||
actor: $user,
|
||||
useCaseKey: 'product_knowledge.answer_draft',
|
||||
requestedProviderClass: AiProviderClass::ExternalPublic->value,
|
||||
dataClassifications: [
|
||||
AiDataClassification::ProductKnowledge->value,
|
||||
AiDataClassification::OperationalMetadata->value,
|
||||
],
|
||||
sourceFamily: 'product_knowledge',
|
||||
callerSurface: 'product_knowledge',
|
||||
contextFingerprint: 'product_knowledge:answer:v1',
|
||||
)));
|
||||
|
||||
expect($decision->isBlocked())->toBeTrue()
|
||||
->and($decision->reasonCode)->toBe(AiDecisionReasonCode::ProviderClassBlocked)
|
||||
->and($decision->matchedOperationalControlScope)->toBeNull();
|
||||
});
|
||||
|
||||
it('blocks disallowed data classifications before any provider resolution', function (): void {
|
||||
[$workspace, $user] = aiPolicyWorkspace();
|
||||
$tenant = Tenant::factory()->create(['workspace_id' => (int) $workspace->getKey()]);
|
||||
|
||||
$decision = assertNoOutboundHttp(fn () => app(GovernedAiExecutionBoundary::class)->evaluate(new AiExecutionRequest(
|
||||
workspace: $workspace,
|
||||
tenant: $tenant,
|
||||
actor: $user,
|
||||
useCaseKey: 'support_diagnostics.summary_draft',
|
||||
requestedProviderClass: AiProviderClass::LocalPrivate->value,
|
||||
dataClassifications: [AiDataClassification::RawProviderPayload->value],
|
||||
sourceFamily: 'support_diagnostics',
|
||||
callerSurface: 'support_diagnostics',
|
||||
contextFingerprint: 'support_diagnostics:raw:v1',
|
||||
)));
|
||||
|
||||
expect($decision->isBlocked())->toBeTrue()
|
||||
->and($decision->reasonCode)->toBe(AiDecisionReasonCode::DataClassificationBlocked);
|
||||
});
|
||||
|
||||
it('blocks unregistered use cases', function (): void {
|
||||
[$workspace, $user] = aiPolicyWorkspace();
|
||||
|
||||
$decision = assertNoOutboundHttp(fn () => app(GovernedAiExecutionBoundary::class)->evaluate(new AiExecutionRequest(
|
||||
workspace: $workspace,
|
||||
tenant: null,
|
||||
actor: $user,
|
||||
useCaseKey: 'customer_email.reply',
|
||||
requestedProviderClass: AiProviderClass::LocalPrivate->value,
|
||||
dataClassifications: [AiDataClassification::ProductKnowledge->value],
|
||||
sourceFamily: 'product_knowledge',
|
||||
callerSurface: 'product_knowledge',
|
||||
contextFingerprint: 'customer_email:reply:v1',
|
||||
)));
|
||||
|
||||
expect($decision->isBlocked())->toBeTrue()
|
||||
->and($decision->reasonCode)->toBe(AiDecisionReasonCode::UnregisteredUseCase);
|
||||
});
|
||||
|
||||
it('lets the ai execution operational control override an otherwise valid request', function (): void {
|
||||
[$workspace, $user] = aiPolicyWorkspace();
|
||||
|
||||
OperationalControlActivation::factory()->forGlobalScope()->create([
|
||||
'control_key' => 'ai.execution',
|
||||
'reason_text' => 'Paused for AI rollout review.',
|
||||
]);
|
||||
|
||||
$decision = assertNoOutboundHttp(fn () => app(GovernedAiExecutionBoundary::class)->evaluate(new AiExecutionRequest(
|
||||
workspace: $workspace,
|
||||
tenant: null,
|
||||
actor: $user,
|
||||
useCaseKey: 'product_knowledge.answer_draft',
|
||||
requestedProviderClass: AiProviderClass::LocalPrivate->value,
|
||||
dataClassifications: [
|
||||
AiDataClassification::ProductKnowledge->value,
|
||||
AiDataClassification::OperationalMetadata->value,
|
||||
],
|
||||
sourceFamily: 'product_knowledge',
|
||||
callerSurface: 'product_knowledge',
|
||||
contextFingerprint: 'product_knowledge:answer:v1',
|
||||
)));
|
||||
|
||||
expect($decision->isBlocked())->toBeTrue()
|
||||
->and($decision->reasonCode)->toBe(AiDecisionReasonCode::OperationalControlPaused)
|
||||
->and($decision->matchedOperationalControlScope)->toBe('global');
|
||||
});
|
||||
@ -7,12 +7,18 @@
|
||||
it('exposes only active runtime controls in the bounded control catalog', function (): void {
|
||||
$catalog = app(OperationalControlCatalog::class);
|
||||
|
||||
expect($catalog->keys())->toBe(['restore.execute'])
|
||||
expect($catalog->keys())->toBe(['restore.execute', 'ai.execution'])
|
||||
->and($catalog->definition('restore.execute'))->toMatchArray([
|
||||
'key' => 'restore.execute',
|
||||
'label' => 'Restore execution',
|
||||
'supported_scopes' => ['global', 'workspace'],
|
||||
'operation_types' => ['restore.execute'],
|
||||
])
|
||||
->and($catalog->definition('ai.execution'))->toMatchArray([
|
||||
'key' => 'ai.execution',
|
||||
'label' => 'AI execution',
|
||||
'supported_scopes' => ['global'],
|
||||
'operation_types' => ['ai.execution'],
|
||||
]);
|
||||
});
|
||||
|
||||
|
||||
@ -0,0 +1,130 @@
|
||||
<?php
|
||||
|
||||
declare(strict_types=1);
|
||||
|
||||
use App\Models\AuditLog;
|
||||
use App\Models\OperationRun;
|
||||
use App\Models\ProviderConnection;
|
||||
use App\Models\StoredReport;
|
||||
use App\Models\Tenant;
|
||||
use App\Support\OperationRunOutcome;
|
||||
use App\Support\OperationRunStatus;
|
||||
use App\Support\OperationRunType;
|
||||
use App\Support\Providers\ProviderReasonCodes;
|
||||
use App\Support\Providers\ProviderVerificationStatus;
|
||||
use App\Support\SupportRequests\SupportRequestContextBuilder;
|
||||
use Illuminate\Foundation\Testing\RefreshDatabase;
|
||||
|
||||
uses(RefreshDatabase::class);
|
||||
|
||||
it('builds deterministic canonical context with omission markers when diagnostics are not attached', function (): void {
|
||||
$tenant = Tenant::factory()->create(['name' => 'Omission Tenant']);
|
||||
[$user, $tenant] = createUserWithTenant(tenant: $tenant, role: 'operator');
|
||||
|
||||
$builder = app(SupportRequestContextBuilder::class);
|
||||
|
||||
$first = $builder->forTenant($tenant, $user, false);
|
||||
$second = $builder->forTenant($tenant->fresh(), $user, false);
|
||||
$sections = collect($first['canonical_context']['sections'])->keyBy('key');
|
||||
|
||||
expect($first)
|
||||
->toEqual($second)
|
||||
->and($first['attachment_mode'])
|
||||
->toBe(SupportRequestContextBuilder::ATTACHMENT_MODE_CANONICAL_CONTEXT_ONLY)
|
||||
->and($first['diagnostic_snapshot'])
|
||||
->toBeNull()
|
||||
->and(data_get($first, 'primary_context.type'))
|
||||
->toBe('tenant')
|
||||
->and(data_get($first, 'omissions.0.reason'))
|
||||
->toBe('omitted_without_support_diagnostics_view')
|
||||
->and(data_get($sections->get('provider_connection'), 'references.0.label'))
|
||||
->toBe('Provider connection not observed')
|
||||
->and(data_get($sections->get('operation_context'), 'references.0.label'))
|
||||
->toBe('Operation not yet observed')
|
||||
->and(data_get($sections->get('audit_history'), 'references.0.label'))
|
||||
->toBe('Audit event not yet observed');
|
||||
});
|
||||
|
||||
it('attaches a redacted diagnostic snapshot without raw payload content', function (): void {
|
||||
$tenant = Tenant::factory()->create(['name' => 'Redaction Tenant']);
|
||||
[$user, $tenant] = createUserWithTenant(tenant: $tenant, role: 'operator');
|
||||
|
||||
$connection = ProviderConnection::factory()
|
||||
->withCredential()
|
||||
->create([
|
||||
'tenant_id' => (int) $tenant->getKey(),
|
||||
'workspace_id' => (int) $tenant->workspace_id,
|
||||
'display_name' => 'Redaction Connection',
|
||||
'verification_status' => ProviderVerificationStatus::Blocked->value,
|
||||
'last_error_reason_code' => ProviderReasonCodes::ProviderPermissionMissing,
|
||||
'last_error_message' => 'raw-provider-secret-message',
|
||||
'last_health_check_at' => now()->subMinutes(15),
|
||||
]);
|
||||
|
||||
$run = OperationRun::factory()
|
||||
->forTenant($tenant)
|
||||
->create([
|
||||
'type' => OperationRunType::BaselineCompare->value,
|
||||
'status' => OperationRunStatus::Completed->value,
|
||||
'outcome' => OperationRunOutcome::Failed->value,
|
||||
'summary_counts' => [
|
||||
'total' => 0,
|
||||
'processed' => 0,
|
||||
],
|
||||
'context' => [
|
||||
'provider_connection_id' => (int) $connection->getKey(),
|
||||
'raw_response_body' => 'secret-provider-body',
|
||||
],
|
||||
'failure_summary' => [[
|
||||
'message' => 'Run failed after provider validation.',
|
||||
]],
|
||||
'completed_at' => now()->subMinutes(10),
|
||||
]);
|
||||
|
||||
StoredReport::factory()->create([
|
||||
'tenant_id' => (int) $tenant->getKey(),
|
||||
'workspace_id' => (int) $tenant->workspace_id,
|
||||
'report_type' => StoredReport::REPORT_TYPE_PERMISSION_POSTURE,
|
||||
'payload' => [
|
||||
'raw_response_body' => 'stored-report-secret-body',
|
||||
],
|
||||
]);
|
||||
|
||||
AuditLog::query()->create([
|
||||
'workspace_id' => (int) $tenant->workspace_id,
|
||||
'tenant_id' => (int) $tenant->getKey(),
|
||||
'operation_run_id' => (int) $run->getKey(),
|
||||
'action' => 'operation.failed',
|
||||
'resource_type' => 'operation_run',
|
||||
'resource_id' => (string) $run->getKey(),
|
||||
'target_label' => 'Operation #'.$run->getKey(),
|
||||
'metadata' => [
|
||||
'raw_response_body' => 'audit-secret-body',
|
||||
],
|
||||
'outcome' => 'success',
|
||||
'recorded_at' => now()->subMinutes(5),
|
||||
]);
|
||||
|
||||
$builder = app(SupportRequestContextBuilder::class);
|
||||
$envelope = $builder->forOperationRun($run, $user, true);
|
||||
$encoded = json_encode($envelope, JSON_THROW_ON_ERROR);
|
||||
|
||||
expect($envelope['attachment_mode'])
|
||||
->toBe(SupportRequestContextBuilder::ATTACHMENT_MODE_DIAGNOSTIC_SNAPSHOT_ATTACHED)
|
||||
->and(data_get($envelope, 'primary_context.type'))
|
||||
->toBe('operation_run')
|
||||
->and(data_get($envelope, 'primary_context.operation_run_id'))
|
||||
->toBe((int) $run->getKey())
|
||||
->and(data_get($envelope, 'diagnostic_snapshot.redaction.mode'))
|
||||
->toBe('default_redacted')
|
||||
->and(data_get($envelope, 'diagnostic_snapshot.sections.0.key'))
|
||||
->toBe('overview')
|
||||
->and($encoded)
|
||||
->not->toContain('raw-provider-secret-message')
|
||||
->and($encoded)
|
||||
->not->toContain('secret-provider-body')
|
||||
->and($encoded)
|
||||
->not->toContain('stored-report-secret-body')
|
||||
->and($encoded)
|
||||
->not->toContain('audit-secret-body');
|
||||
});
|
||||
@ -0,0 +1,19 @@
|
||||
<?php
|
||||
|
||||
declare(strict_types=1);
|
||||
|
||||
use App\Support\SupportRequests\SupportRequestReferenceGenerator;
|
||||
|
||||
it('generates unique uppercase support references', function (): void {
|
||||
$generator = new SupportRequestReferenceGenerator();
|
||||
|
||||
$first = $generator->generate();
|
||||
$second = $generator->generate();
|
||||
|
||||
expect($first)
|
||||
->toMatch('/^SR-[0-9A-HJKMNP-TV-Z]{26}$/')
|
||||
->and($second)
|
||||
->toMatch('/^SR-[0-9A-HJKMNP-TV-Z]{26}$/')
|
||||
->and($first)
|
||||
->not->toBe($second);
|
||||
});
|
||||
273
docs/product/implementation-ledger.md
Normal file
273
docs/product/implementation-ledger.md
Normal file
@ -0,0 +1,273 @@
|
||||
# TenantPilot Implementation Ledger
|
||||
|
||||
## Purpose
|
||||
|
||||
Dieses Dokument beschreibt den aktuellen repo-basierten Implementierungsstand von TenantPilot. Es ergaenzt `roadmap.md` und `spec-candidates.md`, ersetzt sie aber nicht.
|
||||
|
||||
Bewertungsregeln fuer dieses Ledger:
|
||||
|
||||
- Repo-basiert only: Aussagen zaehlen nur, wenn Code, Datenmodell, Workflow, UI-Adoption oder Test-Artefakte im Repo belastbar darauf hinweisen.
|
||||
- Keine Roadmap- oder Spec-Absicht ohne Repo-Evidence.
|
||||
- `sellable` wird nur dort verwendet, wo UI, Workflow, Datenmodell, RBAC/Audit und passende Test-Artefakte plausibel zusammenpassen.
|
||||
- Backend-only bleibt `foundation-only`.
|
||||
- UI-only gilt nicht als fertig.
|
||||
- Wenn Tests unten als vorhanden markiert sind, bedeutet das: passende Test-Dateien existieren im Repo. Sie wurden fuer dieses Ledger nicht ausgefuehrt.
|
||||
|
||||
## Current Product Position
|
||||
|
||||
TenantPilot ist aktuell ein starkes internes Governance- und Operations-Produkt mit belastbaren Foundations fuer Execution Truth, Baselines/Drift, Findings, Evidence, Reviews, Review Packs, Supportability, Telemetry und Safety Controls. Die Repo-Wahrheit liegt damit ueber einer simplen Lesart von "R1 done / R2 partial". Gleichzeitig ist das Produkt noch nicht voll als kundenseitig konsumierbare Review- und Portfolio-Plattform ausgereift: Customer-safe Review Consumption, Cross-Tenant-Workflows und kommerzielle Lifecycle-Reife sind noch unvollstaendig.
|
||||
|
||||
## Status Model
|
||||
|
||||
- `planned`: nur in Roadmap oder Kandidatenliste, ohne belastbare Repo-Evidence
|
||||
- `specified`: als Spec oder Draft angelegt, aber nicht repo-verifiziert umgesetzt
|
||||
- `implemented_partial`: Teilumsetzung vorhanden, aber noch nicht als fertig bewertbar
|
||||
- `implemented_backend`: belastbare Backend- oder Modelllogik vorhanden, aber keine ausreichende UI-Adoption
|
||||
- `implemented_ui`: sichtbare UI vorhanden, aber Workflow- oder Backend-Proof ist noch zu schwach
|
||||
- `implemented_verified`: Code, Modell, Workflow und Test-Artefakte sind plausibel vorhanden
|
||||
- `adopted`: implementiert und bereits in zentrale Produktoberflaechen oder Kernablaeufe uebernommen
|
||||
- `deferred`: bewusst verschoben
|
||||
- `obsolete`: durch neuere Repo-Realitaet oder andere Implementierung ueberholt
|
||||
|
||||
Evidence-Level im Dokument:
|
||||
|
||||
- `none`: keine belastbare Repo-Evidence
|
||||
- `weak`: duenne Code- oder Doc-Spur, aber kein belastbarer Gesamtworkflow
|
||||
- `medium`: mehrere Repo-Signale, aber noch nicht durchgaengig
|
||||
- `strong`: Datenmodell, Workflow, UI- oder Test-Spur greifen konsistent ineinander
|
||||
|
||||
## Roadmap Coverage Summary
|
||||
|
||||
| Roadmap Area | Status | Evidence Level | UI Ready | Tested | Sellable | Notes |
|
||||
|---|---|---:|---|---|---|---|
|
||||
| R1 Golden Master Governance | adopted | strong | yes | repo tests, not run | yes | Baselines, Drift, Findings und OperationRun-Truth sind breit im Produkt verankert. |
|
||||
| R2 Tenant Reviews, Evidence & Control Foundation | adopted | strong | yes | repo tests, not run | almost | Review-, Evidence- und Control-Foundations sind stark; Customer Review Workspace fehlt noch. |
|
||||
| Alert escalation + notification routing | implemented_verified | strong | partial | repo tests, not run | yes | Alert-Regeln, Dispatch, Cooldown und Quiet Hours sind real. |
|
||||
| Governance & Architecture Hardening | implemented_partial | strong | partial | repo tests, not run | foundation-only | Viele Hardening-Slices sind bereits im Code, die Lane bleibt aber aktiv. |
|
||||
| UI & Product Maturity Polish | implemented_partial | medium | partial | partial repo tests, not run | no | Einzelne Polishing-Slices sind da, aber kein geschlossenes "fertig"-Signal auf Theme-Ebene. |
|
||||
| Secret & Security Hardening | implemented_verified | strong | yes | repo tests, not run | almost | Provider-Verifikation, Permission-Diagnostics und Redaction sind belastbar. |
|
||||
| Baseline Drift Engine (Cutover) | adopted | strong | yes | repo tests, not run | yes | Compare- und Drift-Workflow wirken als produktive Kernfunktion. |
|
||||
| R1.9 Platform Localization v1 | planned | none | no | no | no | Keine belastbare Locale-Foundation im Repo gefunden. |
|
||||
| Product Scalability & Self-Service Foundation | implemented_partial | strong | yes | repo tests, not run | almost | Onboarding, Support, Help und Entitlements sind weit; Billing, Trial und Demo-Reife fehlen. |
|
||||
| R2.0 Canonical Control Catalog Foundation | implemented_verified | strong | partial | repo tests, not run | foundation-only | Bereits implementiert und in Evidence/Reviews referenziert, aber kein eigenstaendiger Kundennutzen-Surface. |
|
||||
| R2 Completion: customer review, support, help | implemented_partial | strong | yes | repo tests, not run | almost | Support und Help sind real; kundensichere Review-Consumption ist noch offen. |
|
||||
| Findings Workflow v2 / Execution Layer | implemented_partial | strong | yes | repo tests, not run | almost | Triage, Ownership, Alerts und Hygiene sind vorhanden; der naechste Operator-Layer fehlt. |
|
||||
| Policy Lifecycle / Ghost Policies | specified | weak | no | no | no | Als Richtung sichtbar, aber nicht als repo-verifizierter Workflow. |
|
||||
| Platform Operations Maturity | implemented_partial | strong | yes | repo tests, not run | almost | System Panel, Control Tower und Ops Controls sind real; CSV/Raw Drilldowns bleiben offen. |
|
||||
| Product Usage, Customer Health & Operational Controls | adopted | strong | yes | repo tests, not run | almost | Diese Mid-term-Lane ist im Repo bereits substanziell vorhanden. |
|
||||
| Private AI Execution & Usage Governance Foundation | planned | none | no | no | no | Keine belastbare AI-Governance-Foundation im Repo. |
|
||||
| MSP Portfolio & Operations | implemented_partial | medium | partial | repo tests, not run | foundation-only | Portfolio-Triage ist da; Compare/Promotion und Decision Workboard fehlen. |
|
||||
| Human-in-the-Loop Autonomous Governance | planned | none | no | no | no | Kein repo-verifizierter Decision-Pack- oder Approval-Workflow. |
|
||||
| Drift & Change Governance | specified | weak | no | no | no | Einzelne Foundations existieren, die thematische Produkt-Lane aber nicht. |
|
||||
| Standardization & Policy Quality | planned | none | no | no | no | Keine starke Repo-Evidence fuer eine Intune-Linting- oder Policy-Quality-Oberflaeche. |
|
||||
| PSA / Ticketing Handoff | planned | none | no | no | no | Support Requests existieren, externe Handoff-Integration aber nicht. |
|
||||
|
||||
## Implemented Capabilities
|
||||
|
||||
| Capability | Status | Backend | UI | Tests | RBAC/Audit | Sellable | Evidence |
|
||||
|---|---|---|---|---|---|---|---|
|
||||
| OperationRun truth layer | implemented_verified | yes | partial | repo tests, not run | yes | foundation-only | `app/Models/OperationRun.php`; `tests/Feature/System/*`; `tests/Feature/ReviewPack/*` |
|
||||
| Baseline profiles, snapshots and compare | implemented_verified | yes | yes | repo tests, not run | yes | yes | `app/Models/BaselineProfile.php`; `app/Models/BaselineSnapshot.php`; `app/Services/Baselines/BaselineCompareService.php` |
|
||||
| Drift findings and governance pressure | adopted | yes | yes | repo tests, not run | yes | yes | `app/Models/Finding.php`; `app/Filament/Widgets/Dashboard/RecentDriftFindings.php`; `tests/Feature/Findings/*` |
|
||||
| Restore workflow with safety gates | implemented_verified | yes | yes | repo tests, not run | yes | yes | `app/Models/OperationRun.php`; restore gates and tests in `tests/Feature/Restore/*` |
|
||||
| Evidence snapshots | implemented_verified | yes | yes | repo tests, not run | yes | foundation-only | `app/Models/EvidenceSnapshot.php`; `app/Services/Evidence/EvidenceSnapshotService.php`; `tests/Feature/Evidence/*` |
|
||||
| Tenant reviews | implemented_verified | yes | yes | repo tests, not run | yes | almost | `app/Models/TenantReview.php`; `app/Services/TenantReviews/TenantReviewService.php`; `tests/Feature/TenantReview/*` |
|
||||
| Review pack generation and export | implemented_verified | yes | yes | repo tests, not run | yes | yes | `app/Models/ReviewPack.php`; `app/Services/ReviewPackService.php`; `tests/Feature/ReviewPack/*` |
|
||||
| Alerts and notification routing | implemented_verified | yes | partial | repo tests, not run | yes | yes | `app/Services/Alerts/AlertDispatchService.php`; `tests/Feature/*Alert*` |
|
||||
| Provider health, onboarding readiness and required permissions | adopted | yes | yes | repo tests, not run | yes | almost | `app/Jobs/ProviderConnectionHealthCheckJob.php`; `app/Services/Onboarding/OnboardingLifecycleService.php`; `app/Filament/Pages/TenantRequiredPermissions.php` |
|
||||
| Permission posture reporting | implemented_verified | yes | yes | repo tests, not run | yes | yes | `app/Services/PermissionPosture/PermissionPostureFindingGenerator.php`; `tests/Feature/PermissionPosture/*` |
|
||||
| Entra admin roles reporting | implemented_verified | yes | yes | repo tests, not run | yes | yes | `app/Services/EntraAdminRoles/EntraAdminRolesReportService.php`; `tests/Feature/EntraAdminRoles/*` |
|
||||
| Stored reports substrate | implemented_verified | yes | partial | repo tests, not run | partial | foundation-only | `app/Models/StoredReport.php`; `tests/Feature/PermissionPosture/StoredReportModelTest.php`; `tests/Feature/EntraAdminRoles/StoredReportFingerprintTest.php` |
|
||||
| Support diagnostics | adopted | yes | yes | repo tests, not run | yes | almost | `app/Support/SupportDiagnostics/SupportDiagnosticBundleBuilder.php`; `app/Filament/Pages/TenantDashboard.php`; `tests/Feature/SupportDiagnostics/*` |
|
||||
| In-app support requests | implemented_verified | yes | yes | repo tests, not run | yes | almost | `app/Models/SupportRequest.php`; `app/Support/SupportRequests/*`; `tests/Feature/SupportRequests/*` |
|
||||
| Product knowledge and contextual help | implemented_partial | yes | yes | repo tests, not run | partial | almost | `app/Support/ProductKnowledge/ContextualHelpCatalog.php`; `tests/Feature/Onboarding/ProductKnowledgeOnboardingHelpTest.php` |
|
||||
| Product telemetry | implemented_verified | yes | yes | repo tests, not run | yes | almost | `app/Models/ProductUsageEvent.php`; `app/Filament/System/Widgets/ProductTelemetryKpis.php`; `tests/Feature/System/ProductTelemetry/*` |
|
||||
| Customer health scoring | implemented_verified | yes | yes | repo tests, not run | partial | almost | `app/Filament/System/Widgets/CustomerHealthKpis.php`; `app/Filament/System/Widgets/CustomerHealthTopWorkspaces.php`; `tests/Feature/System/CustomerHealth/*` |
|
||||
| Operational controls | implemented_verified | yes | yes | repo tests, not run | yes | almost | `app/Models/OperationalControlActivation.php`; `app/Support/OperationalControls/*`; `tests/Feature/System/OpsControls/*` |
|
||||
| Workspace entitlements | implemented_verified | yes | yes | repo tests, not run | yes | foundation-only | `app/Services/Entitlements/WorkspaceEntitlementResolver.php`; `tests/Feature/Filament/Settings/WorkspaceEntitlementsSettingsPageTest.php` |
|
||||
| Capability-first RBAC | adopted | yes | yes | repo tests, not run | yes | foundation-only | `app/Services/Auth/CapabilityResolver.php`; `app/Services/Auth/RoleCapabilityMap.php`; many `tests/Feature/Rbac/*` |
|
||||
| Audit log foundation | adopted | yes | yes | repo tests, not run | yes | foundation-only | `app/Models/AuditLog.php`; `app/Services/Audit/WorkspaceAuditLogger.php`; many audit-focused feature tests |
|
||||
| Canonical control catalog | implemented_verified | yes | partial | repo tests, not run | partial | foundation-only | `app/Support/Governance/Controls/CanonicalControlCatalog.php`; `config/canonical_controls.php`; `tests/Unit/Governance/*` |
|
||||
| Portfolio triage continuity | implemented_verified | yes | yes | repo tests, not run | yes | foundation-only | `app/Services/PortfolioTriage/TenantTriageReviewService.php`; `app/Support/PortfolioTriage/*`; `tests/Feature/Filament/TenantRegistryTriageReviewStateTest.php` |
|
||||
|
||||
## Foundation-Only Capabilities
|
||||
|
||||
- OperationRun truth and canonical operation typing: starke Execution-Foundation, aber kein eigenstaendiger Kundennutzen-Surface.
|
||||
- Audit log foundation: breit genutzt und wichtig fuer Governance, aber allein nicht verkaufbar.
|
||||
- Capability-first RBAC: belastbar und testnah, bleibt aber Enablement-Layer.
|
||||
- Workspace entitlements: reale Gate- und Override-Logik, aber noch keine volle Commercial Lifecycle Story.
|
||||
- Canonical control catalog: starke semantische Foundation fuer Evidence, Findings und Reviews.
|
||||
- Stored reports substrate: wichtig fuer Reports, Evidence und Diagnostics, aber kein eigenstaendiges Produktversprechen.
|
||||
- Evidence snapshot substrate: tragende technische Basis fuer Reviews und Exports.
|
||||
- Operational control registry and evaluator: starke Safety-Control-Foundation, primar operatorseitig.
|
||||
- Customer health scoring: reale interne SaaS-Operations-Layer, aber noch keine eigenstaendige Kundenoberflaeche.
|
||||
- Portfolio triage continuity: sinnvoller Multi-Tenant-Unterbau, aber noch kein vollstaendiges Portfolio-Produkt.
|
||||
|
||||
## Partial Capabilities
|
||||
|
||||
- Customer-facing review consumption: Tenant Reviews, Evidence Snapshots und Review Packs sind stark, aber ein repo-verifizierter Customer Review Workspace fehlt.
|
||||
- Findings Workflow v2: Triage, Assignment, Hygiene und Notifications sind vorhanden, aber kein konsolidierter Decision-/Inbox-Layer.
|
||||
- Product scalability and self-service: Onboarding, Support, Help und Entitlements sind weit, Billing-, Trial- und Demo-Reife aber nicht.
|
||||
- MSP portfolio operations: Portfolio-Triage ist vorhanden, Cross-Tenant Compare und Promotion fehlen.
|
||||
- Platform operations maturity: Control Tower und Ops Controls sind stark, aber einige geplante operatorseitige Drilldowns/Exports fehlen noch.
|
||||
- Product knowledge rollout: Help-Katalog und Resolver sind real, aber noch nicht breit genug adoptiert fuer "fertig".
|
||||
|
||||
## Planned But Not Implemented
|
||||
|
||||
- Platform Localization v1
|
||||
- Private AI Execution & Usage Governance Foundation
|
||||
- Human-in-the-Loop Autonomous Governance
|
||||
- Standardization & Policy Quality / Intune Linting
|
||||
- PSA / Ticketing Handoff
|
||||
- Customer Review Workspace v1
|
||||
- Cross-Tenant Compare and Promotion v1
|
||||
- Later compliance overlays beyond the current control/evidence foundation
|
||||
|
||||
## Release Readiness
|
||||
|
||||
| Release / Theme | Readiness | Notes |
|
||||
|---|---|---|
|
||||
| R1 Golden Master Governance | implemented | Die zentrale Governance- und Execution-Layer ist repo-verifiziert und breit adoptiert. |
|
||||
| R2 Tenant Reviews & Evidence Packs | partially implemented | Reviews, Evidence Snapshots und Review Packs sind stark; kundensichere Consumption fehlt noch. |
|
||||
| R3 MSP Portfolio OS | foundation only | Portfolio-Triage ist da, aber Compare/Promotion und Decision Workflows fehlen. |
|
||||
| Later Compliance Light | foundation only | Canonical Controls, Evidence und Exceptions existieren als Grundlage; ein Compliance-Produkt ist nicht repo-proven. |
|
||||
|
||||
## Commercial Readiness
|
||||
|
||||
### Demo-ready
|
||||
|
||||
- Baseline compare and drift walkthroughs
|
||||
- Review pack generation and export
|
||||
- Provider health, onboarding readiness and required permissions
|
||||
- Support diagnostics
|
||||
- Permission posture and Entra admin roles reporting
|
||||
|
||||
### Almost sellable
|
||||
|
||||
- Review-driven governance workflow around tenant reviews and review packs
|
||||
- Baseline drift and restore governance
|
||||
- Alerting and run visibility for governance operations
|
||||
- Support requests with contextual diagnostics
|
||||
- Provider readiness and permission posture reporting
|
||||
|
||||
### Foundation-only
|
||||
|
||||
- OperationRun truth layer
|
||||
- Audit foundation
|
||||
- Capability-first RBAC
|
||||
- Workspace entitlements
|
||||
- Canonical control catalog
|
||||
- Stored reports substrate
|
||||
- Evidence snapshot substrate
|
||||
- Product telemetry
|
||||
- Customer health scoring
|
||||
- Operational controls
|
||||
- Portfolio triage continuity
|
||||
|
||||
### Not sellable yet
|
||||
|
||||
- Customer Review Workspace v1
|
||||
- Cross-Tenant Compare and Promotion v1
|
||||
- Localization v1
|
||||
- Private AI Execution Governance Foundation
|
||||
- External Support Desk / PSA Handoff
|
||||
- Compliance Light product layer
|
||||
|
||||
## Open Gaps & Blockers
|
||||
|
||||
| Gap | Type | Impact | Roadmap Area | Recommended Spec |
|
||||
|---|---|---|---|---|
|
||||
| Customer-safe review workspace is missing | Release blocker | Existing review and evidence assets cannot yet be consumed as a clear customer-facing surface | R2 completion / Tenant Reviews | P0 Customer Review Workspace v1 |
|
||||
| No consolidated operator decision inbox | UX blocker | Operators still move between findings, runs, alerts and portfolio surfaces to act | Findings Workflow / MSP Portfolio | P0 Decision-Based Governance Inbox v1 |
|
||||
| Cross-tenant compare and promotion is not repo-proven | Release blocker | MSP portfolio story remains partial | MSP Portfolio & Operations | P1 Cross-Tenant Compare and Promotion v1 |
|
||||
| Localization foundation is absent | UX blocker | Product polish and DACH-readiness remain limited | R1.9 Platform Localization v1 | P1 Localization v1 |
|
||||
| Entitlements stop short of full commercial lifecycle | Commercialization blocker | Plan gating exists, but trial, grace and suspension semantics remain incomplete | Product Scalability & Self-Service Foundation | P2 Commercial Entitlements and Billing-State Maturity |
|
||||
| Support requests do not hand off to an external desk | Commercialization blocker | Support operations still depend on manual follow-through outside the product | R2 completion / Support | P2 External Support Desk / PSA Handoff |
|
||||
| AI governance foundation is absent | Architecture blocker | Future AI features would risk trust and policy drift if added directly | Private AI Execution & Usage Governance | P3 Private AI Execution Governance Foundation |
|
||||
| Roadmap understates current repo truth | Architecture blocker | Prioritization can drift because strategy docs lag implementation | Product planning / roadmap maintenance | none - docs alignment |
|
||||
| Test files were not executed for this ledger update | Testing blocker | This document relies on code plus test presence, not live runtime validation | all areas | none - run targeted suites |
|
||||
|
||||
## Recommended Next Specs
|
||||
|
||||
- `P0 Customer Review Workspace v1`: turns existing reviews, evidence and review-pack outputs into a customer-safe read-only product surface.
|
||||
- `P0 Decision-Based Governance Inbox v1`: consolidates existing findings, runs, alerts and triage signals into one operator work surface.
|
||||
- `P1 Cross-Tenant Compare and Promotion v1`: needed to move from portfolio visibility to portfolio action.
|
||||
- `P1 Localization v1`: still absent in repo and becomes more expensive the later it lands.
|
||||
- `P2 Commercial Entitlements and Billing-State Maturity`: extends the already real entitlement substrate into a usable commercial lifecycle.
|
||||
- `P2 External Support Desk / PSA Handoff`: extends support requests beyond internal persistence.
|
||||
- `P3 Private AI Execution Governance Foundation`: should exist before feature-level AI adoption, not after it.
|
||||
|
||||
## Roadmap Drift Notes
|
||||
|
||||
- `roadmap.md` understates the current R2 control foundation. Canonical controls, stored reports, permission posture and Entra admin roles are already repo-real, not just near-term ideas.
|
||||
- `roadmap.md` understates product supportability. Support diagnostics, in-app support requests and contextual help already exist in the repo.
|
||||
- `roadmap.md` understates operational maturity. Product telemetry, customer health and operational controls are already implemented and wired into the system panel.
|
||||
- `roadmap.md` understates commercial foundations. A workspace entitlement resolver, plan profiles and enforcement points already exist, even though full billing-state maturity does not.
|
||||
- The roadmap is stronger at describing missing customer-facing consumption than missing backend foundations. Customer Review Workspace v1, Cross-Tenant Compare and Promotion, Localization and AI Governance still look genuinely unimplemented.
|
||||
- The main drift pattern is underestimation, not overestimation. The only place where optimism should still be resisted is customer-facing review maturity: internal review and evidence foundations are strong, but the repo does not yet prove a finished customer review workspace.
|
||||
|
||||
## Evidence Sources
|
||||
|
||||
Wichtigste Strategie- und Scope-Quellen:
|
||||
|
||||
- `docs/product/roadmap.md`
|
||||
- `docs/product/spec-candidates.md`
|
||||
|
||||
Wichtige Plattform- und UI-Anker:
|
||||
|
||||
- `apps/platform/bootstrap/providers.php`
|
||||
- `apps/platform/app/Providers/Filament/AdminPanelProvider.php`
|
||||
- `apps/platform/app/Providers/Filament/SystemPanelProvider.php`
|
||||
- `apps/platform/app/Filament/Pages/TenantDashboard.php`
|
||||
- `apps/platform/app/Filament/System/Pages/Dashboard.php`
|
||||
- `apps/platform/app/Filament/Pages/TenantRequiredPermissions.php`
|
||||
|
||||
Wichtige Models:
|
||||
|
||||
- `apps/platform/app/Models/OperationRun.php`
|
||||
- `apps/platform/app/Models/Finding.php`
|
||||
- `apps/platform/app/Models/FindingException.php`
|
||||
- `apps/platform/app/Models/BaselineProfile.php`
|
||||
- `apps/platform/app/Models/BaselineSnapshot.php`
|
||||
- `apps/platform/app/Models/EvidenceSnapshot.php`
|
||||
- `apps/platform/app/Models/TenantReview.php`
|
||||
- `apps/platform/app/Models/ReviewPack.php`
|
||||
- `apps/platform/app/Models/StoredReport.php`
|
||||
- `apps/platform/app/Models/SupportRequest.php`
|
||||
- `apps/platform/app/Models/ProductUsageEvent.php`
|
||||
- `apps/platform/app/Models/OperationalControlActivation.php`
|
||||
- `apps/platform/app/Models/AuditLog.php`
|
||||
|
||||
Wichtige Services und Jobs:
|
||||
|
||||
- `apps/platform/app/Services/ReviewPackService.php`
|
||||
- `apps/platform/app/Services/TenantReviews/TenantReviewService.php`
|
||||
- `apps/platform/app/Services/Evidence/EvidenceSnapshotService.php`
|
||||
- `apps/platform/app/Services/Baselines/BaselineCompareService.php`
|
||||
- `apps/platform/app/Services/Alerts/AlertDispatchService.php`
|
||||
- `apps/platform/app/Jobs/ProviderConnectionHealthCheckJob.php`
|
||||
- `apps/platform/app/Services/Onboarding/OnboardingLifecycleService.php`
|
||||
- `apps/platform/app/Services/Entitlements/WorkspaceEntitlementResolver.php`
|
||||
- `apps/platform/app/Services/PortfolioTriage/TenantTriageReviewService.php`
|
||||
- `apps/platform/app/Support/Governance/Controls/CanonicalControlCatalog.php`
|
||||
- `apps/platform/app/Services/Audit/WorkspaceAuditLogger.php`
|
||||
- `apps/platform/app/Services/Auth/CapabilityResolver.php`
|
||||
|
||||
Wichtige Test-Anker im Repo:
|
||||
|
||||
- `apps/platform/tests/Feature/ReviewPack/*`
|
||||
- `apps/platform/tests/Feature/Evidence/*`
|
||||
- `apps/platform/tests/Feature/PermissionPosture/*`
|
||||
- `apps/platform/tests/Feature/EntraAdminRoles/*`
|
||||
- `apps/platform/tests/Feature/SupportDiagnostics/*`
|
||||
- `apps/platform/tests/Feature/SupportRequests/*`
|
||||
- `apps/platform/tests/Feature/System/CustomerHealth/*`
|
||||
- `apps/platform/tests/Feature/System/ProductTelemetry/*`
|
||||
- `apps/platform/tests/Feature/System/OpsControls/*`
|
||||
- `apps/platform/tests/Feature/Filament/TenantRegistryTriageReviewStateTest.php`
|
||||
- `apps/platform/tests/Unit/Governance/*`
|
||||
- `apps/platform/tests/Unit/Entitlements/*`
|
||||
|
||||
## Last Updated
|
||||
|
||||
2026-04-27 on branch `248-private-ai-policy-foundation`
|
||||
@ -104,6 +104,52 @@ ### Data minimization & safe logging
|
||||
|
||||
---
|
||||
|
||||
## Governance & Decision Model
|
||||
|
||||
### Decision-first surfaces (non-negotiable)
|
||||
Every operator-facing surface must default to:
|
||||
- Decision
|
||||
- Reason
|
||||
- Impact
|
||||
- One primary next action
|
||||
|
||||
Diagnostics and evidence must be progressively disclosed.
|
||||
|
||||
### Surface layering (mandatory)
|
||||
All operator surfaces must follow a strict layering model:
|
||||
1. Decision layer (default-visible)
|
||||
2. Diagnostic layer (expandable)
|
||||
3. Evidence layer (deep, raw, or audit-level)
|
||||
|
||||
No surface may start at diagnostic or raw data level.
|
||||
|
||||
### Multiple truth layers (explicit separation)
|
||||
The platform separates:
|
||||
- **Execution truth** (OperationRun)
|
||||
- **Artifact truth** (Reports, Evidence)
|
||||
- **Backup truth** (Snapshots)
|
||||
- **Governance truth** (Findings, Exceptions)
|
||||
|
||||
These layers must never be conflated or implicitly derived from each other.
|
||||
|
||||
### Governance-first model
|
||||
The system models governance explicitly as:
|
||||
- **Expected state** (Baselines)
|
||||
- **Observed state** (Inventory / Evidence)
|
||||
- **Deviations** (Findings)
|
||||
- **Decisions** (Exceptions / Risk acceptance)
|
||||
|
||||
All governance workflows must align with this model.
|
||||
|
||||
### Baselines as reference truth
|
||||
Baselines define the expected state.
|
||||
All comparisons, drift detection, and governance decisions must reference an explicit baseline.
|
||||
Implicit or “last state vs current state” comparisons are forbidden.
|
||||
|
||||
### No false calmness (strict)
|
||||
Missing, stale, or partial data must be explicitly visible.
|
||||
The system must never present a "healthy" or "complete" state without sufficient evidence.
|
||||
|
||||
## UI & Information Architecture
|
||||
|
||||
### UI/UX constitution governs operator surfaces
|
||||
|
||||
File diff suppressed because it is too large
Load Diff
@ -0,0 +1,57 @@
|
||||
# Specification Quality Checklist: Cross-Tenant Compare Preview and Promotion Preflight
|
||||
|
||||
**Purpose**: Validate full preparation-package completeness and implementation readiness before the feature moves into the implementation loop
|
||||
**Created**: 2026-04-27
|
||||
**Feature**: [spec.md](../spec.md)
|
||||
|
||||
## Content Quality
|
||||
|
||||
- [x] Business value and operator outcome stay explicit
|
||||
- [x] The slice is tightly bounded to compare preview, promotion preflight, and portfolio launch continuity
|
||||
- [x] Runtime-governance sections are present for an implementation-ready package
|
||||
- [x] All mandatory sections are completed in `spec.md`, `plan.md`, and `tasks.md`
|
||||
|
||||
## Requirement Completeness
|
||||
|
||||
- [x] No `[NEEDS CLARIFICATION]` markers remain
|
||||
- [x] Requirements are testable and unambiguous
|
||||
- [x] Acceptance scenarios are defined for compare preview, read-only promotion preflight, and launch/return continuity
|
||||
- [x] Edge cases are identified, including explicit rejection of same-tenant compare, cross-workspace attempts, lost entitlement, ambiguous identity, and stale target evidence
|
||||
- [x] Scope is clearly bounded away from actual promotion execution, queues, persisted drafts, mapping automation, customer-facing compare, and multi-provider work
|
||||
- [x] Dependencies, assumptions, risks, and follow-up candidates are identified
|
||||
|
||||
## Feature Readiness
|
||||
|
||||
- [x] The first slice is small enough for a bounded implementation loop
|
||||
- [x] Concrete repo surfaces are named for compare reuse, portfolio launch, audit reuse, and likely new compare support files
|
||||
- [x] Foundational work stays preparation-only and does not imply execution scope or new persistence
|
||||
- [x] The tasks are ordered, testable, and grouped by user story
|
||||
- [x] No unresolved product question blocks implementation once artifact analysis passes
|
||||
|
||||
## Governance Readiness
|
||||
|
||||
- [x] Workspace and tenant isolation rules are explicit, including `404` for non-members and out-of-scope tenants
|
||||
- [x] The capability matrix is explicit: page access = `WORKSPACE_BASELINES_VIEW`, preview data = `TENANT_VIEW` on both tenants, preflight execution = `WORKSPACE_BASELINES_MANAGE`, and manage-denied members see a disabled preflight action with permission guidance
|
||||
- [x] Promotion remains preflight-only, with no write execution, queue, or `OperationRun`
|
||||
- [x] Audit remains bounded to promotion-preflight entry points with no new compare/promotion persistence truth
|
||||
- [x] Livewire v4 and Filament v5 compliance, unchanged provider registration in `bootstrap/providers.php`, no new global-search resource, and no new asset strategy are explicit in the package
|
||||
|
||||
## Test Governance Review
|
||||
|
||||
- [x] Lane fit stays in focused `Unit` plus `Feature` validation only
|
||||
- [x] Fixture and helper growth stays local to compare preview, preflight classification, and launch-context coverage
|
||||
- [x] No browser, heavy-governance, or queue family is introduced implicitly
|
||||
- [x] Minimal validation commands are explicit in the plan
|
||||
- [x] The active feature PR close-out entry remains `Guardrail`
|
||||
|
||||
## Review Outcome
|
||||
|
||||
- [x] Review outcome class: `keep`
|
||||
- [x] Workflow outcome: `keep`
|
||||
- [x] Next command readiness: implementation prep is ready once artifact analysis is clear
|
||||
|
||||
## Notes
|
||||
|
||||
- This checklist validates the preparation package only: `spec.md`, `plan.md`, `tasks.md`, and this checklist artifact. It does not claim that runtime code or a promotion workflow already exists.
|
||||
- The active slice stops before any target mutation, any queued execution, any persisted draft or compare snapshot, and any broader mapping automation.
|
||||
- No new globally searchable resource is introduced, no new asset registration is expected, and deployment behavior remains unchanged unless a later implementation explicitly adds assets.
|
||||
@ -1,24 +1,210 @@
|
||||
# Implementation Plan: Cross-tenant Compare and Promotion
|
||||
# Implementation Plan: Cross-Tenant Compare Preview and Promotion Preflight
|
||||
|
||||
**Date**: 2026-01-07
|
||||
**Spec**: `specs/043-cross-tenant-compare-and-promotion/spec.md`
|
||||
**Branch**: `043-cross-tenant-compare-and-promotion` | **Date**: 2026-04-27 | **Spec**: [spec.md](spec.md)
|
||||
**Input**: Feature specification from [spec.md](spec.md)
|
||||
|
||||
## Summary
|
||||
|
||||
Introduce read-only cross-tenant comparison views; optionally add promotion with strong safety gates.
|
||||
Refresh Spec 043 into a narrow, implementation-ready workflow that adds one canonical workspace-context compare page under `/admin`, one reusable compare preview builder, and one read-only promotion preflight action. The slice reuses existing baseline compare subject identity, portfolio-triage context continuity, capability resolvers, and workspace audit logging. It deliberately stops before actual promotion execution, queueing, or persisted promotion drafts.
|
||||
|
||||
## Dependencies
|
||||
Filament remains on Livewire v4, no panel-provider registration changes are required (`bootstrap/providers.php` remains the authoritative provider registration location), no globally searchable compare resource is added, and no new panel asset bundle is expected.
|
||||
|
||||
- Inventory core + UI (Specs 040–041)
|
||||
- Strong authorization model for multi-tenant access
|
||||
## Technical Context
|
||||
|
||||
## Deliverables
|
||||
**Language/Version**: PHP 8.4, Laravel 12
|
||||
**Primary Dependencies**: Filament v5, Livewire v4, Pest v4, existing baseline compare services, portfolio-triage seams, audit services, and capability resolvers
|
||||
**Storage**: PostgreSQL via existing inventory, policy-version, and audit tables; no new compare or promotion table
|
||||
**Testing**: Pest v4 `Unit` and `Feature` coverage only
|
||||
**Validation Lanes**: fast-feedback, confidence
|
||||
**Target Platform**: Laravel monolith in `apps/platform`, admin panel only (`/admin`)
|
||||
**Project Type**: Web application (Laravel monolith with Filament pages)
|
||||
**Performance Goals**: compare preview and promotion preflight stay synchronous and derived from existing persisted truth; no background execution path in v1
|
||||
**Constraints**: no target mutation, no `OperationRun`, no queue, no new persisted draft, no cross-workspace compare, no raw payload view by default
|
||||
**Scale/Scope**: 2 tenant selectors, 1 canonical compare page, 1 preflight action, 1 launch/return continuity path, focused reuse of existing compare builders
|
||||
|
||||
- Tenant selection + comparison view
|
||||
- Safe diff output and export
|
||||
- (Optional) gated promotion workflow
|
||||
## UI / Surface Guardrail Plan
|
||||
|
||||
## Risks
|
||||
- **Guardrail scope**: one new canonical compare page plus one launch action from existing tenant-registry/portfolio context
|
||||
- **Native vs custom classification summary**: native Filament page with shared compare/audit/navigation primitives
|
||||
- **Shared-family relevance**: canonical admin pages, compare drill-down patterns, launch actions, audit-backed modal/action copy
|
||||
- **State layers in scope**: page, query state
|
||||
- **Audience modes in scope**: operator-MSP only
|
||||
- **Decision/diagnostic/raw hierarchy plan**: decision-first compare summary, diagnostics second, raw evidence stays on existing tenant/baseline surfaces
|
||||
- **Raw/support gating plan**: no new raw/support surface; keep payload proof behind existing pages
|
||||
- **One-primary-action / duplicate-truth control**: the compare page keeps one dominant next action, `Generate promotion preflight`; drill-down and return actions stay secondary
|
||||
- **Launch default**: the tenant-registry launch action prefills the launched tenant as `target tenant`; the operator chooses the source tenant explicitly
|
||||
- **Handling modes by drift class or surface**: review-mandatory; any actual promotion execution or queue path is exception-required and out of scope
|
||||
- **Repository-signal treatment**: review-mandatory
|
||||
- **Special surface test profiles**: standard-native-filament
|
||||
- **Required tests or manual smoke**: functional-core, state-contract
|
||||
- **Exception path and spread control**: none
|
||||
- **Active feature PR close-out entry**: Guardrail
|
||||
|
||||
- Data leakage across tenants
|
||||
- Over-scoping promotion beyond safe MVP
|
||||
## Shared Pattern & System Fit
|
||||
|
||||
- **Cross-cutting feature marker**: yes
|
||||
- **Systems touched**:
|
||||
- `App\Filament\Pages\BaselineCompareLanding`
|
||||
- `App\Filament\Pages\BaselineCompareMatrix`
|
||||
- `App\Filament\Resources\TenantResource`
|
||||
- `App\Filament\Resources\TenantResource\Pages\ListTenants`
|
||||
- `App\Services\Baselines\BaselineCompareService`
|
||||
- `App\Support\Baselines\BaselineCompareMatrixBuilder`
|
||||
- `App\Support\Baselines\Compare\CompareStrategyRegistry`
|
||||
- `App\Services\PortfolioTriage\TenantTriageReviewService`
|
||||
- `App\Services\Audit\WorkspaceAuditLogger`
|
||||
- `App\Support\Audit\AuditActionId`
|
||||
- `App\Support\Navigation\CanonicalNavigationContext`
|
||||
- **Shared abstractions reused**: capability resolvers, baseline compare strategy selection, canonical navigation context, existing audit recorder/logger path, and tenant-registry return-state conventions
|
||||
- **New abstraction introduced? why?**: one narrow compare preview builder and one narrow promotion preflight service, because no existing service accepts source+target tenant scope and computes promotion readiness without execution
|
||||
- **Why the existing abstraction was sufficient or insufficient**: tenant-level baseline compare is sufficient for subject identity, evidence posture, and drill-down semantics, but insufficient for dual-tenant scope and promotion-readiness reasoning
|
||||
- **Bounded deviation / spread control**: no local compare sidecars on tenant pages; future callers must route through the canonical compare page and its services
|
||||
|
||||
## OperationRun UX Impact
|
||||
|
||||
- **Touches OperationRun start/completion/link UX?**: no
|
||||
- **Central contract reused**: `N/A`
|
||||
- **Delegated UX behaviors**: `N/A`
|
||||
- **Surface-owned behavior kept local**: compare preview and preflight remain synchronous and read-only
|
||||
- **Queued DB-notification policy**: `N/A`
|
||||
- **Terminal notification path**: `N/A`
|
||||
- **Exception path**: none
|
||||
|
||||
## Provider Boundary & Portability Fit
|
||||
|
||||
- **Shared provider/platform boundary touched?**: yes
|
||||
- **Provider-owned seams**: Microsoft-first inventory subject identity and policy-type mapping remain inside existing baseline compare strategy selection and inventory data
|
||||
- **Platform-core seams**: source/target tenant scope, compare preview contract, promotion preflight contract, operator-facing readiness vocabulary
|
||||
- **Neutral platform terms / contracts preserved**: `source tenant`, `target tenant`, `governed subject`, `compare preview`, `promotion preflight`, and `blocked reason`
|
||||
- **Retained provider-specific semantics and why**: existing policy-type and inventory semantics remain Microsoft-first because this repo still has one real provider domain; the compare page should not invent fake provider-neutral mapping logic above that seam
|
||||
- **Bounded extraction or follow-up path**: follow-up-spec only if later provider domains become current-release truth
|
||||
|
||||
## Constitution Check
|
||||
|
||||
*GATE: Must pass before implementation preparation continues.*
|
||||
|
||||
- Inventory-first: PASS. Compare preview and preflight derive from existing inventory and policy-version truth rather than a new compare snapshot.
|
||||
- Read/write separation: PASS. This slice stays read-only; no write execution is introduced.
|
||||
- Graph contract path: PASS. No new Graph endpoint or direct provider call is added.
|
||||
- Deterministic capabilities: PASS. Reuse existing capability registries such as `Capabilities::TENANT_VIEW`, `Capabilities::WORKSPACE_BASELINES_VIEW`, `Capabilities::WORKSPACE_BASELINES_MANAGE`, and existing tenant sync/manage seams.
|
||||
- Workspace and tenant isolation: PASS. The compare page must resolve workspace membership first and source/target entitlement second, with `404` for inaccessible tenants.
|
||||
- RBAC-UX plane separation: PASS. This slice lives only in `/admin`; no `/system` or cross-plane route is introduced.
|
||||
- Destructive action discipline: PASS by non-use. The slice contains no destructive action.
|
||||
- Global search: PASS. No new Resource or Global Search result is introduced.
|
||||
- OperationRun / Ops-UX: PASS by non-use. Actual promotion execution is deferred.
|
||||
- Data minimization: PASS. The compare page summarizes derived readiness and blocks; raw payloads stay on existing tenant/baseline pages.
|
||||
- Test governance: PASS. Proof stays in `Unit` plus `Feature`; no browser or heavy-governance expansion is planned.
|
||||
- Proportionality / no premature abstraction: PASS. One preview builder and one preflight service are justified by the dual-tenant workflow; no new persistence or framework layer is added.
|
||||
- Persisted truth: PASS. No new compare or promotion table.
|
||||
- Behavioral state: PASS. Readiness and blocked reasons remain derived, not persisted.
|
||||
- Shared pattern first / UI semantics / Filament-native UI: PASS. Existing compare, navigation, and audit paths are extended rather than replaced.
|
||||
- Provider boundary: PASS. Microsoft-shaped subject matching stays in existing strategy seams; the page contract stays platform-neutral.
|
||||
- Filament/Laravel panel safety: PASS. Filament v5 remains on Livewire v4, no provider registration change beyond `bootstrap/providers.php`, and no new assets are planned.
|
||||
|
||||
**Gate evaluation**: PASS.
|
||||
|
||||
## Test Governance Check
|
||||
|
||||
- **Test purpose / classification by changed surface**: `Feature` for the compare page, launch context, auth, and audit; `Unit` for compare preview matching and promotion-preflight classification
|
||||
- **Affected validation lanes**: fast-feedback, confidence
|
||||
- **Why this lane mix is the narrowest sufficient proof**: feature tests prove the Filament page and launch path while unit tests keep preview/preflight rules cheap and isolated. Browser or heavy-governance coverage is not required for the first read-only slice.
|
||||
- **Narrowest proving command(s)**:
|
||||
- `export PATH="/bin:/usr/bin:/usr/local/bin:$PATH" && cd apps/platform && ./vendor/bin/sail artisan test --compact tests/Unit/Support/PortfolioCompare/CrossTenantComparePreviewBuilderTest.php`
|
||||
- `export PATH="/bin:/usr/bin:/usr/local/bin:$PATH" && cd apps/platform && ./vendor/bin/sail artisan test --compact tests/Unit/Support/PortfolioCompare/CrossTenantPromotionPreflightTest.php`
|
||||
- `export PATH="/bin:/usr/bin:/usr/local/bin:$PATH" && cd apps/platform && ./vendor/bin/sail artisan test --compact tests/Feature/PortfolioCompare/CrossTenantComparePageTest.php`
|
||||
- `export PATH="/bin:/usr/bin:/usr/local/bin:$PATH" && cd apps/platform && ./vendor/bin/sail artisan test --compact tests/Feature/PortfolioCompare/CrossTenantCompareAuthorizationTest.php`
|
||||
- `export PATH="/bin:/usr/bin:/usr/local/bin:$PATH" && cd apps/platform && ./vendor/bin/sail artisan test --compact tests/Feature/PortfolioCompare/CrossTenantPromotionPreflightAuditTest.php`
|
||||
- `export PATH="/bin:/usr/bin:/usr/local/bin:$PATH" && cd apps/platform && ./vendor/bin/sail artisan test --compact tests/Feature/PortfolioCompare/CrossTenantCompareLaunchContextTest.php`
|
||||
- **Fixture / helper / factory / seed / context cost risks**: reuse existing inventory, baseline compare, tenant registry, and portfolio-triage fixtures; avoid browser setup, queue fixtures, or seeded promotion history
|
||||
- **Expensive defaults or shared helper growth introduced?**: no
|
||||
- **Heavy-family additions, promotions, or visibility changes**: none
|
||||
- **Surface-class relief / special coverage rule**: standard-native-filament
|
||||
- **Closing validation and reviewer handoff**: rerun the six focused commands above and confirm the slice remains read-only, deny-as-not-found-safe, and grounded on existing compare + portfolio seams
|
||||
- **Budget / baseline / trend follow-up**: none expected
|
||||
- **Review-stop questions**: lane fit, hidden fixture growth, accidental write execution, accidental queue/runtime scope
|
||||
- **Escalation path**: `document-in-feature` for contained lane drift, `reject-or-split` for any attempt to add execution scope
|
||||
- **Active feature PR close-out entry**: Guardrail
|
||||
- **Why no dedicated follow-up spec is needed**: test upkeep remains feature-local; only actual promotion execution or multi-provider compare would warrant a separate follow-up spec
|
||||
|
||||
## Project Structure
|
||||
|
||||
### Documentation (this feature)
|
||||
|
||||
```text
|
||||
specs/043-cross-tenant-compare-and-promotion/
|
||||
├── checklists/
|
||||
│ └── requirements.md
|
||||
├── spec.md
|
||||
├── plan.md
|
||||
└── tasks.md
|
||||
```
|
||||
|
||||
This refresh intentionally limits itself to the core preparation package plus `checklists/requirements.md`. No additional research/data-model/contracts artifact is required to make the narrowed slice implementation-ready.
|
||||
|
||||
### Source Code (repository root)
|
||||
|
||||
```text
|
||||
apps/platform/
|
||||
├── app/
|
||||
│ ├── Filament/Pages/
|
||||
│ │ ├── BaselineCompareLanding.php
|
||||
│ │ ├── BaselineCompareMatrix.php
|
||||
│ │ └── [new canonical compare page]
|
||||
│ ├── Filament/Resources/TenantResource.php
|
||||
│ ├── Filament/Resources/TenantResource/Pages/ListTenants.php
|
||||
│ ├── Models/
|
||||
│ │ ├── InventoryItem.php
|
||||
│ │ └── PolicyVersion.php
|
||||
│ ├── Services/Audit/
|
||||
│ │ └── WorkspaceAuditLogger.php
|
||||
│ ├── Services/Baselines/
|
||||
│ │ └── BaselineCompareService.php
|
||||
│ ├── Services/PortfolioTriage/
|
||||
│ │ └── TenantTriageReviewService.php
|
||||
│ ├── Support/Audit/AuditActionId.php
|
||||
│ ├── Support/Baselines/
|
||||
│ │ ├── BaselineCompareMatrixBuilder.php
|
||||
│ │ └── Compare/CompareStrategyRegistry.php
|
||||
│ └── Support/PortfolioCompare/ or Services/PortfolioCompare/
|
||||
└── tests/
|
||||
├── Feature/PortfolioCompare/
|
||||
└── Unit/Support/PortfolioCompare/
|
||||
```
|
||||
|
||||
**Structure Decision**: keep implementation inside `apps/platform`, reuse existing compare and portfolio seams, and introduce at most one small `PortfolioCompare` support/service namespace for the new dual-tenant preview/preflight logic.
|
||||
|
||||
## Complexity Tracking
|
||||
|
||||
| Violation | Why Needed | Simpler Alternative Rejected Because |
|
||||
|-----------|------------|-------------------------------------|
|
||||
| New compare preview builder | dual-tenant compare needs one place to translate existing inventory/baseline truth into a canonical preview contract | page-local mapping would duplicate compare logic and drift from existing baseline compare seams |
|
||||
| New promotion preflight service | readiness reasoning must stay read-only and auditable before any execution path exists | bolting readiness rules into the page would make later reuse and testing brittle |
|
||||
|
||||
## Proportionality Review
|
||||
|
||||
- **Current operator problem**: portfolio operators still lack one bounded surface that answers whether a target tenant can follow a source tenant.
|
||||
- **Existing structure is insufficient because**: existing baseline compare is tenant-vs-reference, not tenant-vs-tenant, and portfolio triage does not compute promotion readiness.
|
||||
- **Narrowest correct implementation**: one canonical page plus one preview builder and one preflight service, no new table, no execution path.
|
||||
- **Ownership cost created**: maintain a small preview/preflight contract and a focused test family.
|
||||
- **Alternative intentionally rejected**: actual promotion execution, persisted promotion drafts, and local compare sidecars were rejected as premature.
|
||||
- **Release truth**: current-release gap, not speculative platform work.
|
||||
|
||||
## Implementation Strategy
|
||||
|
||||
### Suggested MVP Scope
|
||||
|
||||
MVP = **US1 + US2 together**. A compare page without a promotion preflight leaves the core decision incomplete, and a preflight without a canonical compare page has no trustworthy operator context.
|
||||
|
||||
### Incremental Delivery
|
||||
|
||||
1. Reuse current compare, navigation, capability, and audit seams.
|
||||
2. Deliver the canonical compare preview.
|
||||
3. Add the read-only promotion preflight on top of the same page and services.
|
||||
4. Add launch/return continuity from portfolio-triage and tenant-registry context.
|
||||
5. Finish with narrow validation and formatting.
|
||||
|
||||
### Team Strategy
|
||||
|
||||
1. Settle the preview/preflight contracts first.
|
||||
2. Parallelize unit tests for preview/preflight rules and feature tests for page/auth behavior.
|
||||
3. Serialize merges around the canonical compare page and the shared `PortfolioCompare` service namespace so the page contract does not drift.
|
||||
|
||||
@ -1,59 +1,293 @@
|
||||
# Feature Specification: Cross-tenant Compare and Promotion
|
||||
# Feature Specification: Cross-Tenant Compare Preview and Promotion Preflight
|
||||
|
||||
**Feature Branch**: `feat/043-cross-tenant-compare-and-promotion`
|
||||
**Feature Branch**: `043-cross-tenant-compare-and-promotion`
|
||||
**Created**: 2026-01-07
|
||||
**Status**: Draft
|
||||
**Updated**: 2026-04-27
|
||||
**Status**: Ready for implementation
|
||||
**Input**: Refresh existing Spec 043 against `docs/product/spec-candidates.md`, `docs/product/implementation-ledger.md`, and `docs/product/roadmap.md` so the feature becomes a narrow, implementation-ready slice instead of a broad future ambition.
|
||||
|
||||
## Purpose
|
||||
## Spec Candidate Check *(mandatory - SPEC-GATE-001)*
|
||||
|
||||
Enable safe cross-tenant comparison of inventory and, optionally, controlled promotion workflows.
|
||||
- **Problem**: TenantPilot now has portfolio visibility, triage continuity, and strong tenant-level baseline compare surfaces, but operators still lack one canonical workspace-level path to compare a source tenant to a target tenant and prepare a safe promotion decision.
|
||||
- **Today's failure**: Operators can see that tenants differ, but they still reconstruct cross-tenant decisions manually across tenant registry, baseline compare, and tenant detail surfaces. Promotion remains a roadmap phrase, not a bounded product workflow.
|
||||
- **User-visible improvement**: An authorized workspace operator can select a source and target tenant, review a structured compare preview of governed subjects, and generate a read-only promotion preflight that shows what is ready, blocked, or requires manual mapping before any write path exists.
|
||||
- **Smallest enterprise-capable version**: One canonical `/admin` compare surface, one compare preview builder, one read-only promotion preflight action, deep links back to existing tenant and baseline compare surfaces, and bounded audit metadata for preflight entry points. No actual promotion execution ships in this slice.
|
||||
- **Explicit non-goals**: No cutover, no write execution, no queue or `OperationRun`, no automatic target remapping of groups/tags/named locations, no cross-workspace compare, no customer-facing compare workspace, no provider marketplace, and no new persisted promotion draft entity.
|
||||
- **Permanent complexity imported**: One canonical compare page, one narrow compare scope contract, one preview/preflight builder pair, one small audit metadata shape, and focused unit plus feature coverage.
|
||||
- **Why now**: The implementation ledger explicitly identifies cross-tenant compare and promotion as one of the remaining real product gaps. It is the missing bridge between portfolio visibility and portfolio action.
|
||||
- **Why not local**: A local compare action on one tenant page would duplicate entitlement, matching, audit, and promotion-readiness logic and would not create a reusable, canonical workspace workflow.
|
||||
- **Approval class**: Workflow Compression
|
||||
- **Red flags triggered**: New page + new compare/preflight service pair. Defense: the slice stays read-only, introduces no new table, reuses existing baseline compare and portfolio triage seams, and defers actual execution.
|
||||
- **Score**: Nutzen: 2 | Dringlichkeit: 2 | Scope: 2 | Komplexitaet: 1 | Produktnaehe: 1 | Wiederverwendung: 2 | **Gesamt: 10/12**
|
||||
- **Decision**: approve
|
||||
|
||||
Comparison is read-only by default. Any write/promotion behavior must be explicitly gated, audited, and separately authorized.
|
||||
## Spec Scope Fields *(mandatory)*
|
||||
|
||||
## User Scenarios & Testing
|
||||
- **Scope**: canonical-view
|
||||
- **Primary Routes**:
|
||||
- new canonical admin compare page under `/admin` for cross-tenant compare preview and promotion preflight
|
||||
- existing `/admin/tenants` portfolio/registry surfaces as launch and return context
|
||||
- existing tenant detail and baseline compare pages as secondary drill-down targets rather than duplicated local detail panes
|
||||
- **Data Ownership**:
|
||||
- compare preview and promotion preflight remain derived from existing tenant-owned inventory, policy-version, and baseline-compare truth
|
||||
- no new compare snapshot, promotion draft, or mapping table is introduced in v1
|
||||
- audit remains on the existing workspace audit log only
|
||||
- **RBAC**:
|
||||
- non-members or actors outside workspace scope receive `404`
|
||||
- launch-action visibility requires established workspace context, `Capabilities::WORKSPACE_BASELINES_VIEW` on the workspace, and `Capabilities::TENANT_VIEW` on the launched tenant
|
||||
- opening the compare page requires established workspace context and `Capabilities::WORKSPACE_BASELINES_VIEW` on the workspace
|
||||
- loading preview data requires `Capabilities::TENANT_VIEW` on both source and target tenants
|
||||
- executing promotion preflight requires the preview permissions plus `Capabilities::WORKSPACE_BASELINES_MANAGE` on the workspace
|
||||
- for established members who can view compare but lack `Capabilities::WORKSPACE_BASELINES_MANAGE`, the preflight action remains visible but disabled with explicit permission help text; server-side attempts still return `403`
|
||||
- the implementation must stay on existing capability registries instead of raw strings and must not introduce a new promotion capability family for this slice
|
||||
|
||||
### Scenario 1: Compare two tenants (read-only)
|
||||
- Given the operator has access to Tenant A and Tenant B
|
||||
- When they select two tenants and a set of policy types
|
||||
- Then they can see differences in presence and key metadata
|
||||
For canonical-view specs, the spec MUST define:
|
||||
|
||||
### Scenario 2: Compare with a stable reference
|
||||
- Given a reference selection scope
|
||||
- When the operator runs comparison
|
||||
- Then results are stable and reproducible for that scope
|
||||
- **Default filter behavior when tenant-context is active**: if launched from the tenant registry or portfolio-triage context, prefill the launched tenant as the `target tenant`, leave the `source tenant` intentionally user-selected, and preserve a return context token.
|
||||
- **Explicit entitlement checks preventing cross-tenant leakage**: the compare surface must validate workspace membership first, then validate both source and target tenant entitlement before any preview data loads. Any inaccessible tenant input is treated as not found.
|
||||
|
||||
### Scenario 3: Promotion is explicitly gated (optional)
|
||||
- Given promotion is enabled by policy
|
||||
- When the operator initiates promotion
|
||||
- Then the system requires explicit confirmation and records an audit event
|
||||
## Cross-Cutting / Shared Pattern Reuse *(mandatory when the feature touches notifications, status messaging, action links, header actions, dashboard signals/cards, navigation entry points, evidence/report viewers, or any other existing shared operator interaction family; otherwise write `N/A - no shared interaction family touched`)*
|
||||
|
||||
## Functional Requirements
|
||||
- **Cross-cutting feature?**: yes
|
||||
- **Interaction class(es)**: navigation entry points, compare/drill-down actions, audit metadata, and canonical workspace-context pages
|
||||
- **Systems touched**: `ListTenants`, portfolio-triage state, `CanonicalNavigationContext`, `BaselineCompareLanding`, `BaselineCompareMatrix`, `BaselineCompareService`, `CompareStrategyRegistry`, `WorkspaceAuditLogger`, and `AuditActionId`
|
||||
- **Existing pattern(s) to extend**: canonical `/admin` workspace-context pages, baseline compare preview patterns, portfolio-triage return-state patterns, and existing workspace audit metadata patterns
|
||||
- **Shared contract / presenter / builder / renderer to reuse**: `CanonicalNavigationContext`, `ActionSurfaceDeclaration`, `BaselineCompareService`, `BaselineCompareMatrixBuilder`, `CompareStrategyRegistry`, `TenantTriageReviewService`, and `WorkspaceAuditLogger`
|
||||
- **Why the existing shared path is sufficient or insufficient**: existing tenant-level baseline compare surfaces already solve stable subject matching, result framing, and drill-down semantics, but they are insufficient for cross-tenant compare because they do not accept dual-tenant scope or produce a promotion-readiness preflight.
|
||||
- **Allowed deviation and why**: none. The new surface should extend current compare and navigation patterns, not invent a parallel compare UX family.
|
||||
- **Consistency impact**: source tenant, target tenant, compare preview, promotion preflight, blocked reason, and ready/manual mapping language must stay consistent across page copy, modal copy, audit prose, and deep links.
|
||||
- **Review focus**: reviewers must block new local compare widgets or tenant-specific preflight sidecars that bypass the canonical compare page or its shared preview/preflight services.
|
||||
|
||||
- FR1: Support selecting two tenants within authorized scope.
|
||||
- FR2: Provide read-only diff views based on inventory metadata and stable identifiers.
|
||||
- FR3: Provide exportable comparison results.
|
||||
- FR4: If promotion is included:
|
||||
- require explicit enablement
|
||||
- require explicit confirmation per operation
|
||||
- record audit logs
|
||||
- support dry-run/preview
|
||||
## OperationRun UX Impact *(mandatory when the feature creates, queues, deduplicates, resumes, blocks, completes, or deep-links to an `OperationRun`; otherwise write `N/A - no OperationRun start or link semantics touched`)*
|
||||
|
||||
## Non-Functional Requirements
|
||||
- **Touches OperationRun start/completion/link UX?**: no
|
||||
- **Shared OperationRun UX contract/layer reused**: `N/A`
|
||||
- **Delegated start/completion UX behaviors**: `N/A`
|
||||
- **Local surface-owned behavior that remains**: compare preview and promotion preflight stay synchronous and read-only in v1
|
||||
- **Queued DB-notification policy**: `N/A`
|
||||
- **Terminal notification path**: `N/A`
|
||||
- **Exception required?**: none
|
||||
|
||||
- NFR1: Enforce tenant isolation and least privilege across tenant selection and data access.
|
||||
- NFR2: Comparison must not expose secrets or unsafe payload fields.
|
||||
## Provider Boundary / Platform Core Check *(mandatory when the feature changes shared provider/platform seams, identity scope, governed-subject taxonomy, compare strategy selection, provider connection descriptors, or operator vocabulary that may leak provider-specific semantics into platform-core truth; otherwise write `N/A - no shared provider/platform boundary touched`)*
|
||||
|
||||
- **Shared provider/platform boundary touched?**: yes
|
||||
- **Boundary classification**: mixed
|
||||
- **Seams affected**: compare subject identity, compare strategy reuse, promotion preflight reason vocabulary, and operator-facing compare terminology
|
||||
- **Neutral platform terms preserved or introduced**: `source tenant`, `target tenant`, `governed subject`, `compare preview`, `promotion preflight`, `mapping gap`, and `blocked reason`
|
||||
- **Provider-specific semantics retained and why**: Microsoft-first policy-type and inventory semantics remain inside existing compare strategy and inventory seams because the repo currently has one real provider domain. They should not leak deeper into the page contract than necessary.
|
||||
- **Why this does not deepen provider coupling accidentally**: the page and services stay anchored on existing compare registries and inventory identifiers instead of inventing Microsoft-specific page contracts or raw Graph payload handling.
|
||||
- **Follow-up path**: future multi-provider compare remains a separate follow-up spec if it ever becomes current-release truth.
|
||||
|
||||
## UI / Surface Guardrail Impact *(mandatory when operator-facing surfaces are changed; otherwise write `N/A`)*
|
||||
|
||||
| Surface / Change | Operator-facing surface change? | Native vs Custom | Shared-Family Relevance | State Layers Touched | Exception Needed? | Low-Impact / `N/A` Note |
|
||||
|---|---|---|---|---|---|---|
|
||||
| Canonical cross-tenant compare page | yes | Native Filament page plus shared compare primitives | compare preview, navigation, audit-backed preflight action | page, query state, compare summary, modal/action state | no | Reuses baseline compare language and drill-down patterns instead of a custom standalone shell |
|
||||
| Tenant registry / portfolio launch action | yes | Native Filament action | navigation entry point, contextual launch | table state, query/deep-link state | no | Extends existing portfolio-triage return-state handling |
|
||||
| Actual promotion execution surface | no | N/A | none | none | no | `N/A - explicitly deferred` |
|
||||
|
||||
## Decision-First Surface Role *(mandatory when operator-facing surfaces are changed)*
|
||||
|
||||
| Surface | Decision Role | Human-in-the-loop Moment | Immediately Visible for First Decision | On-Demand Detail / Evidence | Why This Is Primary or Why Not | Workflow Alignment | Attention-load Reduction |
|
||||
|---|---|---|---|---|---|---|---|
|
||||
| Canonical cross-tenant compare page | Primary Decision Surface | Operator decides whether the target tenant is ready for promotion planning or still blocked by scope and mapping gaps | source/target summary, ready/blocked/manual counts, top blockers, and next action | tenant drill-down, baseline compare drill-down, subject-level diagnostics | Primary because it is the first canonical workspace place where cross-tenant action becomes decidable | Moves from portfolio triage into compare and preflight without manual reconstruction | Replaces cross-page mental diffing with one bounded decision surface |
|
||||
| Tenant registry / portfolio launch action | Secondary Context | Operator chooses when to leave the tenant registry for compare | current tenant context and preserved return state | compare details live on the compare page | Secondary because it launches the decision surface rather than hosting it | Keeps portfolio review flow intact | Reduces repeated tenant re-selection and filter loss |
|
||||
|
||||
## Audience-Aware Disclosure *(mandatory when operator-facing surfaces are changed)*
|
||||
|
||||
| Surface | Audience Modes In Scope | Decision-First Default-Visible Content | Operator Diagnostics | Support / Raw Evidence | One Dominant Next Action | Hidden / Gated By Default | Duplicate-Truth Prevention |
|
||||
|---|---|---|---|---|---|---|---|
|
||||
| Canonical cross-tenant compare page | operator-MSP | source/target summary, compare counts, preflight readiness summary, top blocked reasons | subject-level mapping gaps and deep links to tenant-specific evidence | raw payloads remain on existing tenant/baseline pages, not this surface | `Generate promotion preflight` | raw JSON, provider IDs, and low-level evidence stay behind existing detail pages | compare page states the decision truth once; drill-down pages add proof rather than rephrasing the same blocker |
|
||||
| Tenant registry / portfolio launch action | operator-MSP | current tenant context and compare launch intent | return-state token only | none | `Compare tenants` | any future write action remains absent | launch action does not duplicate compare summaries on the registry row |
|
||||
|
||||
## UI/UX Surface Classification *(mandatory when operator-facing surfaces are changed)*
|
||||
|
||||
| Surface | Action Surface Class | Surface Type | Likely Next Operator Action | Primary Inspect/Open Model | Row Click | Secondary Actions Placement | Destructive Actions Placement | Canonical Collection Route | Canonical Detail Route | Scope Signals | Canonical Noun | Critical Truth Visible by Default | Exception Type / Justification |
|
||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||
| Canonical cross-tenant compare page | Utility / Workspace Decision | Draft apply analysis | Generate promotion preflight or open drill-down evidence | explicit selectors plus focused compare/preflight panels | forbidden | drill-down links and secondary navigation stay below the summary/preflight sections | none in v1 | new canonical `/admin` compare route | same page with shareable query state | workspace context plus source/target tenant chips | Cross-tenant compare | whether the target is ready, blocked, or needs manual mapping | none |
|
||||
| Tenant registry / portfolio launch action | List / Table / Launch Context | Launch context support | Open compare with current tenant prefilled | explicit action from tenant list or triage context | preserved existing row behavior | compare entry is a safe secondary action | none | `/admin/tenants` | compare route | current workspace and tenant | Tenant registry | why the action launches compare, not promotion | existing tenant registry action hierarchy remains valid |
|
||||
|
||||
## Operator Surface Contract *(mandatory when operator-facing surfaces are changed)*
|
||||
|
||||
| Surface | Primary Persona | Decision / Operator Action Supported | Surface Type | Primary Operator Question | Default-visible Information | Diagnostics-only Information | Status Dimensions Used | Mutation Scope | Primary Actions | Dangerous Actions |
|
||||
|---|---|---|---|---|---|---|---|---|---|---|
|
||||
| Canonical cross-tenant compare page | Workspace operator / MSP operator | Decide whether a target tenant is ready for a later promotion workflow | Canonical decision page | Can this target tenant safely follow the selected source tenant for the chosen governed subjects? | source/target summary, compare counts, blocked reasons, ready/manual counts, and next action | subject-level mappings, stale evidence signals, and deep links to existing tenant compare/detail surfaces | compare state, readiness, mapping confidence, evidence freshness | TenantPilot only in v1 | Generate promotion preflight, open source tenant, open target tenant | none |
|
||||
| Tenant registry / portfolio launch action | Workspace operator / MSP operator | Start compare from an existing portfolio review path | Registry action | Which tenant should I compare next without losing context? | current tenant identity and compare launch intent | preserved triage filters and return token | launch context only | none | Compare tenants | none |
|
||||
|
||||
## Proportionality Review *(mandatory when structural complexity is introduced)*
|
||||
|
||||
- **New source of truth?**: no
|
||||
- **New persisted entity/table/artifact?**: no
|
||||
- **New abstraction?**: yes - one narrow compare preview builder and one narrow promotion preflight service
|
||||
- **New enum/state/reason family?**: no new persisted state family; readiness and blocked reasons remain derived from compare/preflight results
|
||||
- **New cross-domain UI framework/taxonomy?**: no
|
||||
- **Current operator problem**: operators can identify tenants that need attention but cannot reach a trustworthy cross-tenant decision without manual reconstruction.
|
||||
- **Existing structure is insufficient because**: existing tenant-level baseline compare pages and portfolio triage state do not support dual-tenant scope or promotion-readiness reasoning.
|
||||
- **Narrowest correct implementation**: derive compare preview and promotion preflight from existing inventory/baseline truth, keep the page canonical and read-only, and audit only the preflight entry points.
|
||||
- **Ownership cost**: maintain one compare page, one preview builder, one preflight service, and a handful of focused tests.
|
||||
- **Alternative intentionally rejected**: actual promotion execution and persisted draft plans were rejected because they would add write risk, queue semantics, and new truth before the compare/preflight workflow is proven.
|
||||
- **Release truth**: current-release workflow gap, not future-release platform speculation
|
||||
|
||||
### Compatibility posture
|
||||
|
||||
This feature assumes a pre-production environment.
|
||||
|
||||
Backward compatibility, legacy aliases, migration shims, historical fixtures, and compatibility-specific tests are out of scope unless explicitly required by this spec.
|
||||
|
||||
Canonical replacement is preferred over preservation.
|
||||
|
||||
## Testing / Lane / Runtime Impact *(mandatory for runtime behavior changes)*
|
||||
|
||||
- **Test purpose / classification**: Unit, Feature
|
||||
- **Validation lane(s)**: fast-feedback, confidence
|
||||
- **Why this classification and these lanes are sufficient**: unit coverage proves preview matching and promotion-preflight classification without Filament overhead, while focused feature coverage proves page rendering, launch context, audit, and `404`/`403` semantics on the canonical compare surface.
|
||||
- **New or expanded test families**: one focused `PortfolioCompare` feature family and one focused `Unit/Support/PortfolioCompare` family
|
||||
- **Fixture / helper cost impact**: moderate; reuse existing tenant, workspace, inventory, baseline compare, and portfolio-triage fixtures instead of adding browser setup or queue scaffolding
|
||||
- **Heavy-family visibility / justification**: none; do not widen this slice into browser or heavy-governance lanes by default
|
||||
- **Special surface test profile**: standard-native-filament
|
||||
- **Standard-native relief or required special coverage**: ordinary feature coverage is sufficient for the page and launch actions; a small unit test set must prove preflight classification and no-write semantics
|
||||
- **Reviewer handoff**: reviewers must confirm that the slice stays read-only, reuses baseline compare and portfolio seams, preserves deny-as-not-found semantics for inaccessible tenants, and does not smuggle in actual promotion execution
|
||||
- **Budget / baseline / trend impact**: low increase in unit + feature only
|
||||
- **Escalation needed**: none
|
||||
- **Active feature PR close-out entry**: Guardrail
|
||||
- **Planned validation commands**:
|
||||
- `export PATH="/bin:/usr/bin:/usr/local/bin:$PATH" && cd apps/platform && ./vendor/bin/sail artisan test --compact tests/Unit/Support/PortfolioCompare/CrossTenantComparePreviewBuilderTest.php`
|
||||
- `export PATH="/bin:/usr/bin:/usr/local/bin:$PATH" && cd apps/platform && ./vendor/bin/sail artisan test --compact tests/Unit/Support/PortfolioCompare/CrossTenantPromotionPreflightTest.php`
|
||||
- `export PATH="/bin:/usr/bin:/usr/local/bin:$PATH" && cd apps/platform && ./vendor/bin/sail artisan test --compact tests/Feature/PortfolioCompare/CrossTenantComparePageTest.php`
|
||||
- `export PATH="/bin:/usr/bin:/usr/local/bin:$PATH" && cd apps/platform && ./vendor/bin/sail artisan test --compact tests/Feature/PortfolioCompare/CrossTenantCompareAuthorizationTest.php`
|
||||
- `export PATH="/bin:/usr/bin:/usr/local/bin:$PATH" && cd apps/platform && ./vendor/bin/sail artisan test --compact tests/Feature/PortfolioCompare/CrossTenantPromotionPreflightAuditTest.php`
|
||||
- `export PATH="/bin:/usr/bin:/usr/local/bin:$PATH" && cd apps/platform && ./vendor/bin/sail artisan test --compact tests/Feature/PortfolioCompare/CrossTenantCompareLaunchContextTest.php`
|
||||
|
||||
## Scope Boundaries
|
||||
|
||||
### In Scope
|
||||
|
||||
- one canonical workspace-context compare page for source/target tenant selection
|
||||
- read-only compare preview using stable governed-subject identity and existing compare strategy patterns
|
||||
- one read-only promotion preflight action that classifies ready, blocked, and manual-mapping subjects
|
||||
- workspace audit metadata for preflight entry points
|
||||
- launch and return continuity from portfolio-triage/tenant-registry context
|
||||
- deep links to existing tenant and baseline compare detail pages instead of duplicated proof surfaces
|
||||
|
||||
### Non-Goals
|
||||
|
||||
- actual promotion execution or target mutation
|
||||
- queueing, retries, or `OperationRun`
|
||||
- persisted compare snapshots or promotion draft tables
|
||||
- automatic mapping writers for groups, scope tags, filters, named locations, or app references
|
||||
- customer-facing review or compare surfaces
|
||||
- cross-workspace compare
|
||||
- multi-provider compare frameworks
|
||||
|
||||
## Assumptions
|
||||
|
||||
- existing inventory and baseline compare seams already provide enough stable subject identity to drive a first compare preview
|
||||
- current portfolio-triage return-state patterns are sufficient for launch and back-navigation continuity
|
||||
- a read-only preflight is valuable before any write path exists and can be audited without introducing a second persistence truth
|
||||
|
||||
## Risks
|
||||
|
||||
- some compare subjects may still need provider-specific mapping logic before they can produce a trustworthy readiness result
|
||||
- target inventory freshness or missing evidence may block preflight more often than expected and needs explicit reasoning on the page
|
||||
- a later implementation could try to add actual promotion execution inside this slice; that must be rejected as scope growth
|
||||
|
||||
## Follow-up Candidates
|
||||
|
||||
- Cross-tenant promotion execution with preview -> confirmation -> queued run -> verify
|
||||
- Managed mapping workflows for named locations, assignments, groups, and filters
|
||||
- Cross-tenant decision inbox integration after compare/preflight exists
|
||||
|
||||
## User Scenarios & Testing *(mandatory)*
|
||||
|
||||
### User Story 1 - Compare two authorized tenants (Priority: P1)
|
||||
|
||||
As a workspace operator, I want to compare one source tenant to one target tenant from a canonical workspace surface so I can see where governed subjects match, differ, or are missing without reconstructing the answer manually.
|
||||
|
||||
**Why this priority**: This is the smallest valuable slice that turns portfolio visibility into a concrete operator decision surface.
|
||||
|
||||
**Independent Test**: Open the compare page with two authorized tenants, choose governed-subject filters, and verify that the compare preview shows reproducible ready/different/missing results and drill-down links.
|
||||
|
||||
**Acceptance Scenarios**:
|
||||
|
||||
1. **Given** an operator has access to both selected tenants, **When** they open the compare page and run the preview, **Then** they see a structured compare summary grouped by governed-subject state rather than a raw payload diff.
|
||||
2. **Given** the same source and target selection, **When** the operator reloads or shares the preview URL, **Then** the compare state is reproducible for the same scoped selection.
|
||||
3. **Given** the operator selects the same tenant as both source and target, **When** they try to run the preview, **Then** the page rejects the selection as invalid and does not produce compare or preflight output.
|
||||
|
||||
---
|
||||
|
||||
### User Story 2 - Generate a promotion preflight without writing (Priority: P1)
|
||||
|
||||
As a workspace operator, I want a read-only promotion preflight that tells me what is ready, blocked, or needs manual mapping before any cross-tenant write path exists.
|
||||
|
||||
**Why this priority**: Promotion language is not trustworthy until the product can explain why a target is or is not ready in a bounded, auditable way.
|
||||
|
||||
**Independent Test**: From an authorized compare preview, trigger the preflight action and verify that the page shows readiness counts, blocked reasons, and manual-mapping requirements without mutating source or target tenants.
|
||||
|
||||
**Acceptance Scenarios**:
|
||||
|
||||
1. **Given** a compare preview contains subjects with stable identity and usable target conditions, **When** the operator generates a promotion preflight, **Then** those subjects appear as ready with a clear explanation.
|
||||
2. **Given** some subjects are missing identifiers, stale, or blocked by target conditions, **When** the operator generates the preflight, **Then** those subjects appear as blocked or manual-mapping-required with explicit reasons.
|
||||
3. **Given** the operator generates a preflight, **When** the action completes, **Then** no target mutation, queued run, or provider write occurs.
|
||||
4. **Given** the operator can view compare but lacks `WORKSPACE_BASELINES_MANAGE`, **When** they reach the compare page, **Then** the preflight action is visibly disabled with permission guidance and any forced request is rejected server-side.
|
||||
|
||||
---
|
||||
|
||||
### User Story 3 - Launch compare from portfolio context without losing return state (Priority: P2)
|
||||
|
||||
As a workspace operator, I want to enter compare from the tenant registry or portfolio-triage context and return without losing my working filters so compare becomes part of the portfolio workflow instead of a detached utility.
|
||||
|
||||
**Why this priority**: The workflow is much less useful if compare starts from scratch and breaks the operator's portfolio-review context.
|
||||
|
||||
**Independent Test**: Launch compare from the tenant registry with active triage filters, verify one tenant is prefilled, and verify the return path restores the prior registry state.
|
||||
|
||||
**Acceptance Scenarios**:
|
||||
|
||||
1. **Given** the tenant registry has active portfolio-triage filters, **When** the operator launches compare from a tenant row or contextual action, **Then** the compare page preserves a return token and prefills the launched tenant as the `target tenant`.
|
||||
2. **Given** the operator returns from compare, **When** the registry reloads, **Then** the prior triage filters are restored.
|
||||
|
||||
### Edge Cases
|
||||
|
||||
- source and target tenant are the same tenant: reject the selection as invalid input and do not compute preview or preflight
|
||||
- source and target tenants belong to different workspaces
|
||||
- one selected tenant is no longer visible or never belonged to the actor's scope
|
||||
- compare subjects have ambiguous identity or duplicate matches
|
||||
- target evidence is stale or missing, making readiness impossible to prove
|
||||
|
||||
## Requirements *(mandatory)*
|
||||
|
||||
### Functional Requirements
|
||||
|
||||
- **FR1**: The feature MUST provide one canonical workspace-context compare surface for selecting source and target tenants.
|
||||
- **FR2**: The feature MUST enforce workspace membership and source/target tenant entitlement before loading compare data; inaccessible tenants resolve as `404`.
|
||||
- **FR3**: The compare preview MUST use stable governed-subject identity and existing inventory/baseline compare seams rather than raw JSON diffing.
|
||||
- **FR4**: The compare preview MUST stay read-only and MUST deep-link to existing tenant or baseline detail surfaces for proof instead of duplicating raw diagnostics locally.
|
||||
- **FR5**: The feature MUST provide a read-only promotion preflight action that classifies subjects as ready, blocked, or manual-mapping-required.
|
||||
- **FR6**: The preflight MUST NOT execute a target write, queue a run, or persist a promotion draft artifact.
|
||||
- **FR7**: The preflight MUST explain blocked and manual states with explicit operator-readable reasons.
|
||||
- **FR8**: The feature MUST reuse existing capability registries with this exact split: page access = `WORKSPACE_BASELINES_VIEW`, preview data = `TENANT_VIEW` on both tenants, preflight execution = `WORKSPACE_BASELINES_MANAGE`.
|
||||
- **FR9**: The feature MUST preserve launch and return continuity from the tenant registry / portfolio-triage path.
|
||||
- **FR10**: The feature MUST record bounded workspace audit metadata for promotion-preflight entry points only.
|
||||
- **FR11**: The compare page MUST reject same-tenant selection before preview or preflight runs.
|
||||
|
||||
### Non-Functional Requirements
|
||||
|
||||
- **NFR1**: The feature MUST preserve workspace and tenant isolation and MUST NOT leak source or target hints to unauthorized actors.
|
||||
- **NFR2**: The compare page MUST remain operator-first, decision-first, and must not expose raw payloads by default.
|
||||
- **NFR3**: The implementation MUST remain Filament-native on Livewire v4 and must not introduce a second compare shell or custom status framework.
|
||||
- **NFR4**: The slice MUST not introduce new assets or new globally searchable resources.
|
||||
|
||||
## Success Criteria
|
||||
|
||||
- SC1: Operators can identify which tenant differs for a given policy type in under 2 minutes.
|
||||
- SC2: Read-only comparisons are reproducible when run again with the same scope.
|
||||
|
||||
## Out of Scope
|
||||
|
||||
- Bulk remediation without preview/confirmation.
|
||||
- **SC1**: An authorized operator can produce a cross-tenant compare preview from one canonical page without switching across multiple tenant detail surfaces.
|
||||
- **SC2**: The same source, target, and filter selection produces reproducible compare output.
|
||||
- **SC3**: A promotion preflight clearly separates ready, blocked, and manual subjects without performing any write.
|
||||
- **SC4**: Unauthorized source/target combinations remain deny-as-not-found.
|
||||
- **SC5**: View-only members can inspect compare results but cannot execute preflight, and the UI makes that boundary explicit.
|
||||
|
||||
## Related Specs
|
||||
|
||||
- Program: `specs/039-inventory-program/spec.md`
|
||||
- Core: `specs/040-inventory-core/spec.md`
|
||||
- UI: `specs/041-inventory-ui/spec.md`
|
||||
- Drift: `specs/044-drift-mvp/spec.md`
|
||||
- Foundation follow-up context: `docs/product/spec-candidates.md` (`Cross-Tenant Compare and Promotion v1`)
|
||||
|
||||
@ -1,7 +1,190 @@
|
||||
# Tasks: Cross-tenant Compare and Promotion
|
||||
---
|
||||
|
||||
- [ ] T001 Define authorized tenant selection rules
|
||||
- [ ] T002 Read-only compare UI and diff rules
|
||||
- [ ] T003 Export capability for comparison results
|
||||
- [ ] T004 If enabled: promotion workflow with preview + confirm + audit
|
||||
- [ ] T005 Tests: tenant isolation, authorization, reproducibility
|
||||
description: "Task list for Cross-Tenant Compare Preview and Promotion Preflight"
|
||||
|
||||
---
|
||||
|
||||
# Tasks: Cross-Tenant Compare Preview and Promotion Preflight
|
||||
|
||||
**Input**: Design documents from `/Users/ahmeddarrazi/Documents/projects/wt-plattform/specs/043-cross-tenant-compare-and-promotion/`
|
||||
**Prerequisites**: `/Users/ahmeddarrazi/Documents/projects/wt-plattform/specs/043-cross-tenant-compare-and-promotion/plan.md` (required), `/Users/ahmeddarrazi/Documents/projects/wt-plattform/specs/043-cross-tenant-compare-and-promotion/spec.md` (required)
|
||||
|
||||
**Tests**: REQUIRED (Pest) for runtime behavior changes. Keep proof in narrow `Unit` plus `Feature` lanes only; do not add browser or heavy-governance coverage by default for this first read-only slice.
|
||||
**Operations**: No new `OperationRun`, queue, retry, monitoring page, or execution ledger is introduced. Promotion remains preflight-only.
|
||||
**RBAC**: Existing workspace and tenant membership semantics remain authoritative. Non-members or actors lacking source or target tenant entitlement receive `404`; members who reach the canonical compare surface but lack the required capability receive `403`. Page access uses `Capabilities::WORKSPACE_BASELINES_VIEW`, preview data uses `Capabilities::TENANT_VIEW` on both tenants, and preflight execution adds `Capabilities::WORKSPACE_BASELINES_MANAGE`.
|
||||
**Provider Boundary**: The page contract stays platform-neutral (`source tenant`, `target tenant`, `governed subject`, `promotion preflight`) while reusing Microsoft-first inventory and baseline compare seams under the hood.
|
||||
**Organization**: Tasks are grouped by user story so compare preview, promotion preflight, and portfolio launch continuity remain independently testable once the shared contracts exist.
|
||||
|
||||
## Test Governance Checklist
|
||||
|
||||
- [ ] Lane assignment stays `Unit` plus `Feature` and remains the narrowest sufficient proof for the changed behavior.
|
||||
- [ ] New or changed tests stay in `apps/platform/tests/Unit/Support/PortfolioCompare/` and `apps/platform/tests/Feature/PortfolioCompare/` only.
|
||||
- [ ] Shared helpers, fixtures, and context defaults stay cheap by default; do not add browser setup, queue scaffolding, or seeded promotion history.
|
||||
- [ ] Planned validation commands cover compare preview, promotion preflight, launch continuity, audit, and authorization without widening scope.
|
||||
- [ ] The declared surface test profile remains `standard-native-filament` because the slice adds one canonical page and one launch action on existing surfaces.
|
||||
- [ ] Any deferred execution, mapping automation, or multi-provider follow-up resolves as `document-in-feature` or `follow-up-spec`, not hidden scope growth.
|
||||
|
||||
## Phase 1: Setup (Shared Context)
|
||||
|
||||
**Purpose**: Confirm the narrowed slice, the reusable compare seams, and the reviewer stop conditions before implementation begins.
|
||||
|
||||
- [ ] T001 Review the narrowed compare-preview and promotion-preflight slice in `/Users/ahmeddarrazi/Documents/projects/wt-plattform/specs/043-cross-tenant-compare-and-promotion/spec.md` and `/Users/ahmeddarrazi/Documents/projects/wt-plattform/specs/043-cross-tenant-compare-and-promotion/plan.md` together with the current candidate and ledger references.
|
||||
- [ ] T002 [P] Confirm the compare and subject-identity seams that this slice must reuse in `apps/platform/app/Filament/Pages/BaselineCompareLanding.php`, `apps/platform/app/Filament/Pages/BaselineCompareMatrix.php`, `apps/platform/app/Services/Baselines/BaselineCompareService.php`, `apps/platform/app/Support/Baselines/BaselineCompareMatrixBuilder.php`, `apps/platform/app/Support/Baselines/Compare/CompareStrategyRegistry.php`, `apps/platform/app/Models/InventoryItem.php`, and `apps/platform/app/Models/PolicyVersion.php`.
|
||||
- [ ] T003 [P] Confirm the portfolio launch, authorization, and audit seams that this slice must reuse in `apps/platform/app/Filament/Resources/TenantResource.php`, `apps/platform/app/Filament/Resources/TenantResource/Pages/ListTenants.php`, `apps/platform/app/Services/PortfolioTriage/TenantTriageReviewService.php`, `apps/platform/app/Services/Audit/WorkspaceAuditLogger.php`, `apps/platform/app/Support/Audit/AuditActionId.php`, `apps/platform/app/Services/Auth/CapabilityResolver.php`, and `apps/platform/app/Services/Auth/WorkspaceCapabilityResolver.php`.
|
||||
|
||||
---
|
||||
|
||||
## Phase 2: Foundational (Blocking Prerequisites)
|
||||
|
||||
**Purpose**: Add the shared compare scope and promotion-preflight primitives that every user story depends on.
|
||||
|
||||
**Critical**: No user-story work should begin until this phase is complete.
|
||||
|
||||
- [ ] T004 [P] Define the minimal compare-page input/output shape inside `apps/platform/app/Support/PortfolioCompare/` or `apps/platform/app/Services/PortfolioCompare/` for source tenant, target tenant, governed-subject filters, and preflight output without adding a wider DTO or resolver framework.
|
||||
- [ ] T005 [P] Implement source-plus-target entitlement checks inside the canonical compare page and shared preview/preflight services using the existing capability resolvers so workspace membership, source entitlement, target entitlement, and capability denial all follow existing `404`/`403` semantics.
|
||||
- [ ] T006 Implement the compare preview builder so it reuses stable governed-subject identity from existing inventory and baseline compare seams and produces a canonical preview summary without storing new compare truth.
|
||||
- [ ] T007 Implement the promotion-preflight service so it classifies governed subjects as ready, blocked, or manual-mapping-required and explicitly performs no target mutation, queue dispatch, or `OperationRun` creation.
|
||||
- [ ] T008 [P] Add bounded preflight audit action IDs and metadata shaping in `apps/platform/app/Support/Audit/AuditActionId.php` and `apps/platform/app/Services/Audit/WorkspaceAuditLogger.php` for promotion-preflight entry points only.
|
||||
|
||||
**Checkpoint**: Shared compare scope, entitlement resolution, preview building, preflight classification, and audit metadata exist; user stories can proceed independently.
|
||||
|
||||
---
|
||||
|
||||
## Phase 3: User Story 1 - Compare Two Authorized Tenants (Priority: P1) MVP
|
||||
|
||||
**Goal**: Give an authorized workspace operator one canonical compare page that shows a reproducible source-vs-target preview without cross-page reconstruction.
|
||||
|
||||
**Independent Test**: Open the compare page with two authorized tenants, apply governed-subject filters, and verify that the preview shows match/difference/missing states plus drill-down links.
|
||||
|
||||
### Tests for User Story 1
|
||||
|
||||
- [ ] T009 [P] [US1] Add feature coverage for rendering the canonical compare page, selecting source and target tenants, rejecting same-tenant selection, and showing one default-visible compare summary with no duplicate decision truth or raw/support evidence in `apps/platform/tests/Feature/PortfolioCompare/CrossTenantComparePageTest.php`.
|
||||
- [ ] T010 [P] [US1] Add feature coverage for `404` vs `403` semantics across source/target entitlement, workspace `WORKSPACE_BASELINES_VIEW`, tenant `TENANT_VIEW`, visible-disabled preflight UX for members lacking `WORKSPACE_BASELINES_MANAGE`, and server-side denial of forced preflight requests in `apps/platform/tests/Feature/PortfolioCompare/CrossTenantCompareAuthorizationTest.php`.
|
||||
- [ ] T011 [P] [US1] Add unit coverage for compare preview subject matching and reproducible summary output in `apps/platform/tests/Unit/Support/PortfolioCompare/CrossTenantComparePreviewBuilderTest.php`.
|
||||
|
||||
### Implementation for User Story 1
|
||||
|
||||
- [ ] T012 [US1] Add the canonical compare page under `apps/platform/app/Filament/Pages/` with source/target selectors, governed-subject filters, shareable query state, and compare preview summary built from the shared preview builder.
|
||||
- [ ] T013 [US1] Reuse existing baseline compare and inventory seams so the compare page deep-links to tenant-level proof surfaces instead of duplicating raw diagnostics.
|
||||
- [ ] T014 [US1] Keep page copy, chips, and summary wording aligned to `source tenant`, `target tenant`, `governed subject`, and `compare preview` rather than Microsoft-first or execution-first vocabulary.
|
||||
|
||||
**Checkpoint**: User Story 1 is independently functional when the canonical page produces a reproducible compare preview for two authorized tenants.
|
||||
|
||||
---
|
||||
|
||||
## Phase 4: User Story 2 - Generate a Read-Only Promotion Preflight (Priority: P1)
|
||||
|
||||
**Goal**: Let the operator ask whether the chosen target is ready for a later promotion workflow without performing any write.
|
||||
|
||||
**Independent Test**: From an authorized compare preview, trigger the preflight action and verify that the page shows ready, blocked, and manual-mapping-required groups without mutating target data.
|
||||
|
||||
### Tests for User Story 2
|
||||
|
||||
- [ ] T015 [P] [US2] Add unit coverage for preflight classification across ready, blocked, manual-mapping, stale-evidence, and missing-identifier cases in `apps/platform/tests/Unit/Support/PortfolioCompare/CrossTenantPromotionPreflightTest.php`.
|
||||
- [ ] T016 [P] [US2] Add feature coverage for the compare page's `Generate promotion preflight` action, visible-disabled manage-denial UX, one dominant next action, visible readiness summary, and no default-visible raw/support evidence in `apps/platform/tests/Feature/PortfolioCompare/CrossTenantComparePageTest.php`.
|
||||
- [ ] T017 [P] [US2] Add feature coverage for preflight audit metadata and explicit no-write semantics in `apps/platform/tests/Feature/PortfolioCompare/CrossTenantPromotionPreflightAuditTest.php`.
|
||||
|
||||
### Implementation for User Story 2
|
||||
|
||||
- [ ] T018 [US2] Add the read-only `Generate promotion preflight` action to the canonical compare page, keeping it distinct from any future execution action and free of queue/runtime side effects.
|
||||
- [ ] T019 [US2] Render a promotion-preflight summary that groups governed subjects into ready, blocked, and manual-mapping-required buckets with explicit operator-readable reasons.
|
||||
- [ ] T020 [US2] Route preflight entry-point audit through the existing workspace audit pipeline with source tenant, target tenant, subject counts, and blocked-reason metadata only.
|
||||
|
||||
**Checkpoint**: User Story 2 is independently functional when the operator can generate an audited, read-only readiness decision from the compare page.
|
||||
|
||||
---
|
||||
|
||||
## Phase 5: User Story 3 - Launch Compare from Portfolio Context Without Losing State (Priority: P2)
|
||||
|
||||
**Goal**: Make compare part of the portfolio workflow by preserving the launch tenant and return state from the tenant registry / portfolio-triage path.
|
||||
|
||||
**Independent Test**: Launch compare from the tenant registry with active triage filters, verify the launched tenant is prefilled, and verify the return path restores the prior registry state.
|
||||
|
||||
### Tests for User Story 3
|
||||
|
||||
- [ ] T021 [P] [US3] Add feature coverage for compare launch and return continuity from the tenant registry / portfolio-triage path in `apps/platform/tests/Feature/PortfolioCompare/CrossTenantCompareLaunchContextTest.php`.
|
||||
- [ ] T022 [P] [US3] Extend authorization coverage so launch actions only appear or resolve when the current actor is entitled to the launched tenant and the compare surface in `apps/platform/tests/Feature/PortfolioCompare/CrossTenantCompareAuthorizationTest.php`.
|
||||
|
||||
### Implementation for User Story 3
|
||||
|
||||
- [ ] T023 [US3] Add a bounded launch action from `apps/platform/app/Filament/Resources/TenantResource.php` or `apps/platform/app/Filament/Resources/TenantResource/Pages/ListTenants.php` that opens the canonical compare page with the current tenant prefilled as the `target tenant`.
|
||||
- [ ] T024 [US3] Preserve and restore portfolio-triage return state using the existing navigation-context pattern rather than a page-local custom token format.
|
||||
|
||||
**Checkpoint**: User Story 3 is independently functional when compare can be launched from portfolio context and the operator can return without losing triage filters.
|
||||
|
||||
---
|
||||
|
||||
## Phase 6: Polish & Cross-Cutting Concerns
|
||||
|
||||
**Purpose**: Finish narrow validation and reviewer close-out without widening scope.
|
||||
|
||||
- [ ] T025 [P] Run the focused unit validation commands for `apps/platform/tests/Unit/Support/PortfolioCompare/CrossTenantComparePreviewBuilderTest.php` and `apps/platform/tests/Unit/Support/PortfolioCompare/CrossTenantPromotionPreflightTest.php`.
|
||||
- [ ] T026 [P] Run the focused feature validation commands for `apps/platform/tests/Feature/PortfolioCompare/CrossTenantComparePageTest.php`, `apps/platform/tests/Feature/PortfolioCompare/CrossTenantCompareAuthorizationTest.php`, `apps/platform/tests/Feature/PortfolioCompare/CrossTenantPromotionPreflightAuditTest.php`, and `apps/platform/tests/Feature/PortfolioCompare/CrossTenantCompareLaunchContextTest.php`.
|
||||
- [ ] T027 Run dirty-only formatting for touched platform files with `export PATH="/bin:/usr/bin:/usr/local/bin:$PATH" && cd apps/platform && ./vendor/bin/sail bin pint --dirty --format agent`.
|
||||
- [ ] T028 [P] Add or update the checklist/reviewer guard confirming that this slice introduces no new asset registration and no globally searchable resource.
|
||||
- [ ] T029 Record TEST-GOV-001 close-out and any `document-in-feature` or `follow-up-spec` deferrals for actual execution, mapping automation, or multi-provider compare in the active feature PR or implementation notes.
|
||||
|
||||
---
|
||||
|
||||
## Dependencies & Execution Order
|
||||
|
||||
### Phase Dependencies
|
||||
|
||||
- **Phase 1 (Setup)**: no dependencies; start immediately.
|
||||
- **Phase 2 (Foundational)**: depends on Phase 1 and blocks all user stories.
|
||||
- **Phase 3 (US1)**: depends on Phase 2 and establishes the canonical compare truth.
|
||||
- **Phase 4 (US2)**: depends on Phase 2 and should ship with US1 because compare without readiness reasoning leaves promotion language vague.
|
||||
- **Phase 5 (US3)**: depends on Phase 2 and is safest after US1 because the canonical compare page must exist before launch continuity can target it.
|
||||
- **Phase 6 (Polish)**: depends on all desired user stories being complete.
|
||||
|
||||
### User Story Dependencies
|
||||
|
||||
- **US1 (P1)**: independently testable after Phase 2 and forms the MVP decision surface.
|
||||
- **US2 (P1)**: independently testable after Phase 2 and should ship with US1 for a complete P1 slice.
|
||||
- **US3 (P2)**: independently testable after Phase 2 and improves portfolio workflow continuity once the canonical page exists.
|
||||
|
||||
### Within Each User Story
|
||||
|
||||
- Write the listed Pest coverage first and make it fail for the intended behavior gap.
|
||||
- Settle the shared preview/preflight service contract before adding or widening page wiring.
|
||||
- Re-run the narrowest affected validation command after each story checkpoint before moving to the next story.
|
||||
|
||||
---
|
||||
|
||||
## Parallel Execution Examples
|
||||
|
||||
### User Story 1
|
||||
|
||||
- T009, T010, and T011 can run in parallel before runtime edits begin.
|
||||
- After the preview contract settles, T012 and T013 can proceed in parallel because page wiring and compare-service reuse touch different seams; T014 should follow both.
|
||||
|
||||
### User Story 2
|
||||
|
||||
- T015, T016, and T017 can run in parallel because they cover separate unit, page, and audit concerns.
|
||||
- After T018 settles the action shape, T019 and T020 can proceed in parallel because UI rendering and audit metadata touch different seams.
|
||||
|
||||
### User Story 3
|
||||
|
||||
- T021 and T022 can run in parallel before implementation starts.
|
||||
- T023 should land before T024 so return-state handling can target the final launch route.
|
||||
|
||||
---
|
||||
|
||||
## Implementation Strategy
|
||||
|
||||
### Suggested MVP Scope
|
||||
|
||||
- MVP = **US1 + US2 together**. The feature is only product-complete when the operator can compare two tenants and immediately ask whether that comparison is promotion-ready.
|
||||
|
||||
### Incremental Delivery
|
||||
|
||||
1. Complete Phase 1 and Phase 2.
|
||||
2. Deliver US1 and US2 together.
|
||||
3. Add US3 launch and return continuity.
|
||||
4. Finish with narrow validation and formatting in Phase 6.
|
||||
|
||||
### Team Strategy
|
||||
|
||||
1. Finish the preview/preflight contracts together before splitting page work.
|
||||
2. Parallelize unit and feature test authoring inside each story first.
|
||||
3. Serialize merges around the canonical compare page and shared `PortfolioCompare` service namespace so the workflow language stays coherent.
|
||||
|
||||
59
specs/246-support-request-context/checklists/requirements.md
Normal file
59
specs/246-support-request-context/checklists/requirements.md
Normal file
@ -0,0 +1,59 @@
|
||||
# Specification Quality Checklist: In-App Support Request with Context
|
||||
|
||||
**Purpose**: Validate specification completeness and implementation readiness before the feature moves into the implementation loop
|
||||
**Created**: 2026-04-27
|
||||
**Feature**: [spec.md](../spec.md)
|
||||
|
||||
## Content Quality
|
||||
|
||||
- [x] Business value and operator outcomes stay explicit
|
||||
- [x] The first slice is bounded to two existing support-aware entry surfaces plus one internal support reference only
|
||||
- [x] Runtime-governance sections are present for an implementation-ready package
|
||||
- [x] All mandatory sections are completed
|
||||
|
||||
## Requirement Completeness
|
||||
|
||||
- [x] No `[NEEDS CLARIFICATION]` markers remain
|
||||
- [x] Requirements are testable and unambiguous
|
||||
- [x] Acceptance scenarios are defined for the primary user journeys
|
||||
- [x] Edge cases are identified, including reduced-attachment mode and missing related records
|
||||
- [x] Scope is clearly bounded away from external ticketing, support inboxes, request lifecycle workflow, and customer-facing portals
|
||||
- [x] Dependencies and assumptions are identified
|
||||
|
||||
## Feature Readiness
|
||||
|
||||
- [x] The first slice is small enough for a bounded implementation loop
|
||||
- [x] The plan identifies concrete repo surfaces likely to change
|
||||
- [x] The tasks are ordered, testable, and grouped by user story
|
||||
- [x] Foundational work includes the persisted truth, capability gate, audit path, and shared context builder before surface wiring
|
||||
- [x] No unresolved product question blocks safe implementation of the first slice
|
||||
|
||||
## Governance Readiness
|
||||
|
||||
- [x] New persisted support-request truth is explicitly justified and bounded
|
||||
- [x] `SupportRequest` ownership is explicit as tenant-owned, with required not-null `workspace_id` and `tenant_id`
|
||||
- [x] Support-request context remains provider-neutral and redaction-aware
|
||||
- [x] Existing `/admin` authorization and tenant-safe 404 versus 403 boundaries remain authoritative
|
||||
- [x] Operator-facing surface changes include the required UI contract sections and action matrix
|
||||
- [x] External ticketing, status workflow, and support inbox surfaces are explicitly deferred
|
||||
- [x] Livewire v4 compliance, unchanged provider registration location, no global-search changes, no destructive-action additions, and no asset-strategy changes are explicit in the package
|
||||
|
||||
## Test Governance Review
|
||||
|
||||
- [x] Lane fit stays in focused unit plus feature validation only and matches the plan
|
||||
- [x] Fixture and helper growth stays local to the `SupportRequests` test namespace
|
||||
- [x] No browser or heavy-governance family is introduced implicitly
|
||||
- [x] Minimal validation commands are explicit in both the plan and the task list
|
||||
- [x] The active feature PR close-out entry remains `Guardrail`
|
||||
|
||||
## Review Outcome
|
||||
|
||||
- [x] Review outcome class: `documentation-required-exception`
|
||||
- [x] Workflow outcome: `document-in-feature`
|
||||
- [x] Final note location: active feature PR close-out entry `Guardrail`
|
||||
|
||||
## Notes
|
||||
|
||||
- This checklist completes the implementation-ready package alongside `spec.md`, `plan.md`, and `tasks.md`.
|
||||
- The active slice stops at structured request creation and internal reference generation. Any later ticket-provider adapter or lifecycle management remains a separate feature.
|
||||
- Guardrail close-out: focused unit and feature validation passed, live browser smoke passed on both approved entry points, the tenant dashboard exemption remained bounded to two support-aware actions, and no provider-registration, global-search, destructive-action, or asset-strategy changes were introduced.
|
||||
226
specs/246-support-request-context/plan.md
Normal file
226
specs/246-support-request-context/plan.md
Normal file
@ -0,0 +1,226 @@
|
||||
# Implementation Plan: In-App Support Request with Context
|
||||
|
||||
**Branch**: `246-support-request-context` | **Date**: 2026-04-27 | **Spec**: `/Users/ahmeddarrazi/Documents/projects/wt-plattform/specs/246-support-request-context/spec.md`
|
||||
**Input**: Feature specification from `/Users/ahmeddarrazi/Documents/projects/wt-plattform/specs/246-support-request-context/spec.md`
|
||||
|
||||
## Summary
|
||||
|
||||
- Add one bounded `SupportRequest` product truth that captures structured support intake from two existing support-aware surfaces: the tenant dashboard and the canonical operation detail viewer.
|
||||
- Reuse the existing support-diagnostics bundle to attach a redacted, machine-readable context envelope when the creator is allowed to view diagnostics, and fall back to a safe canonical reference set when they are not.
|
||||
- Keep the slice synchronous, Livewire v4-compatible, Filament v5-native, and free of external ticket adapters, `OperationRun` side effects, global-search changes, destructive actions, or asset changes.
|
||||
|
||||
## Technical Context
|
||||
|
||||
**Language/Version**: PHP 8.4 (Laravel 12)
|
||||
**Primary Dependencies**: Laravel 12 + Filament v5 + Livewire v4 + Pest; existing `SupportDiagnosticBundleBuilder`, `WorkspaceAuditLogger`, `UiEnforcement`, `CapabilityResolver`, and canonical tenant/run support surfaces
|
||||
**Storage**: PostgreSQL tenant-owned `support_requests` table with required not-null `workspace_id` and `tenant_id`, plus immutable redacted context JSON
|
||||
**Testing**: Pest unit + feature tests
|
||||
**Validation Lanes**: fast-feedback, confidence
|
||||
**Target Platform**: Sail-backed Laravel admin panel under `/admin`
|
||||
**Project Type**: web
|
||||
**Performance Goals**: create the support request synchronously inside ordinary admin-request latency with no outbound HTTP and no background jobs
|
||||
**Constraints**: no external ticketing provider, no support inbox or resource, no new system panel, no raw payload persistence, no `OperationRun`, and no asset changes
|
||||
**Scale/Scope**: one migration, one model and factory, one bounded support-request context builder or submission service, one generated reference path, two header actions, and focused unit plus feature proof only
|
||||
|
||||
## First-Slice Request Contract
|
||||
|
||||
The first slice is locked to the following request shape:
|
||||
|
||||
1. **Primary contexts**: `tenant` and `operation_run` only
|
||||
2. **Required submitted fields**: severity, summary, creator identity, workspace, tenant, primary context
|
||||
3. **Severity values**:
|
||||
- `low` = Low
|
||||
- `normal` = Normal (default)
|
||||
- `high` = High
|
||||
- `blocking` = Blocking
|
||||
4. **Optional submitted fields**: reproduction notes, contact name, contact email, attached diagnostic snapshot when allowed
|
||||
5. **Attachment modes**:
|
||||
- `diagnostic_snapshot_attached` when the creator also passes `support_diagnostics.view`
|
||||
- `canonical_context_only` when the creator can create the request but cannot attach support diagnostics
|
||||
6. **Duplicate submissions**: repeated submits are intentionally allowed in v1 and must always create a fresh support request row plus a fresh internal support reference with no hidden merge or dedupe behavior
|
||||
7. **Returned reference**: one immutable internal support reference shown back immediately in success feedback, formatted as `SR-<ULID>`
|
||||
|
||||
Any support inbox, lifecycle state machine, external ticket reference, file upload, or customer-facing support portal is deferred by design.
|
||||
|
||||
## UI / Surface Guardrail Plan
|
||||
|
||||
- **Guardrail scope**: changed surfaces
|
||||
- **Native vs custom classification summary**: native Filament + shared support primitives
|
||||
- **Shared-family relevance**: header actions, support capture, support diagnostics, audit feedback
|
||||
- **State layers in scope**: page, detail, action form
|
||||
- **Audience modes in scope**: operator-MSP, support-platform
|
||||
- **Decision/diagnostic/raw hierarchy plan**: decision-first form, diagnostics-second, support-raw omitted from persistence
|
||||
- **Raw/support gating plan**: capability-gated attachment, raw payloads never persisted
|
||||
- **One-primary-action / duplicate-truth control**: the request form keeps one dominant action, `Submit support request`, and reuses the support-diagnostics bundle summary instead of introducing local case language. On the operation detail page, both support actions (`Open support diagnostics`, `Request support`) stay grouped in secondary placement under `More`.
|
||||
- **Handling modes by drift class or surface**: review-mandatory
|
||||
- **Repository-signal treatment**: review-mandatory
|
||||
- **Special surface test profiles**: standard-native-filament, monitoring-state-page
|
||||
- **Required tests or manual smoke**: functional-core, state-contract
|
||||
- **Exception path and spread control**: existing tenant dashboard action-surface exemption remains bounded to the two support-aware actions only
|
||||
- **Active feature PR close-out entry**: Guardrail
|
||||
|
||||
## Shared Pattern & System Fit
|
||||
|
||||
- **Cross-cutting feature marker**: yes
|
||||
- **Systems touched**: `App\Filament\Pages\TenantDashboard`, `App\Filament\Pages\Operations\TenantlessOperationRunViewer`, `App\Support\SupportDiagnostics\SupportDiagnosticBundleBuilder`, `App\Support\Auth\Capabilities`, `App\Services\Auth\RoleCapabilityMap`, and `App\Services\Audit\WorkspaceAuditLogger`
|
||||
- **Shared abstractions reused**: support-diagnostics bundle composition, existing capability gating through `UiEnforcement`, existing audit-log writing, and the current support-aware tenant and run action surfaces
|
||||
- **New abstraction introduced? why?**: one bounded `SupportRequestContextBuilder` or `SupportRequestSubmissionService` is justified because the slice needs one canonical place to shape immutable request context and reference generation without duplicating tenant/run logic
|
||||
- **Why the existing abstraction was sufficient or insufficient**: the existing abstractions are sufficient for safe context and audit patterns, but insufficient for persisted support-request truth and immutable reference generation
|
||||
- **Bounded deviation / spread control**: no ticket-provider adapter, no support queue, no page-local context builders, and no second support-summary vocabulary
|
||||
|
||||
## OperationRun UX Impact
|
||||
|
||||
- **Touches OperationRun start/completion/link UX?**: no
|
||||
- **Central contract reused**: N/A
|
||||
- **Delegated UX behaviors**: N/A
|
||||
- **Surface-owned behavior kept local**: the run-context action reads the current run only as request context
|
||||
- **Queued DB-notification policy**: N/A
|
||||
- **Terminal notification path**: N/A
|
||||
- **Exception path**: none
|
||||
|
||||
## Provider Boundary & Portability Fit
|
||||
|
||||
- **Shared provider/platform boundary touched?**: yes
|
||||
- **Provider-owned seams**: translated provider reasons and provider-connection state already carried by the support-diagnostics bundle
|
||||
- **Platform-core seams**: support request record, support reference, severity, primary context labels, attachment mode
|
||||
- **Neutral platform terms / contracts preserved**: support request, support reference, attached context, redacted diagnostic snapshot, canonical reference set
|
||||
- **Retained provider-specific semantics and why**: provider-specific reasons remain inside the redacted support-diagnostics bundle because they are already modeled as provider-owned evidence
|
||||
- **Bounded extraction or follow-up path**: external ticketing remains a follow-up spec and must consume the neutral support-request truth instead of reshaping provider-specific evidence inline
|
||||
|
||||
## Constitution Check
|
||||
|
||||
*GATE: Must pass before implementation begins. Re-check after design changes.*
|
||||
|
||||
- Inventory-first / snapshots-second: PASS - the request stores immutable submitted context and does not replace canonical diagnostic truth
|
||||
- Read/write separation: PASS - the action form is the pre-submit preview surface, creation is explicit, and the write is audited and tested
|
||||
- Graph contract path: PASS - no new Graph calls are introduced
|
||||
- Deterministic capabilities: PASS - capability derivation stays in the canonical registry and role map
|
||||
- RBAC-UX / workspace isolation / tenant isolation: PASS - the feature remains on `/admin`, keeps non-member and non-entitled access as 404, and uses tenant-safe action surfaces only
|
||||
- Global search rule: PASS - no resource or global-search change is introduced
|
||||
- Run observability / Ops UX: PASS - request creation is DB-only and intentionally creates no `OperationRun`
|
||||
- Proportionality / `PROP-001`, `ABSTR-001`, `PERSIST-001`, `STATE-001`, `BLOAT-001`: PASS - one persisted request truth and one small severity family are justified by structured support intake and no narrower path preserves immutable request context
|
||||
- Shared pattern reuse / `XCUT-001`: PASS - support-diagnostics and audit seams are reused explicitly
|
||||
- Provider boundary / `PROV-001`: PASS - provider-specific semantics stay inside the existing redacted bundle only
|
||||
- Filament-native UI / `UI-FIL-001`: PASS - the slice uses native Filament action forms only
|
||||
- Livewire v4 / Filament v5 compliance: PASS - the plan stays entirely within the current Filament v5 + Livewire v4 stack
|
||||
- Provider registration location: PASS - no provider registration changes are introduced; Laravel 11+ provider registration remains in `bootstrap/providers.php`
|
||||
- Destructive actions: PASS - none added, so no `->requiresConfirmation()` path is introduced here
|
||||
- Asset strategy: PASS - no new assets are required, so deployment behavior for `cd apps/platform && php artisan filament:assets` remains unchanged
|
||||
- Test governance / `TEST-GOV-001`: PASS - proof remains in narrow unit plus feature lanes only
|
||||
|
||||
## Test Governance Check
|
||||
|
||||
- **Test purpose / classification by changed surface**: Unit for context-shape and internal-reference rules; Feature for tenant and run action behavior, authorization, and audit
|
||||
- **Affected validation lanes**: fast-feedback, confidence
|
||||
- **Why this lane mix is the narrowest sufficient proof**: the feature is server-driven, synchronous, and action-form based; browser automation would only duplicate behavior already provable through unit and Filament feature tests
|
||||
- **Narrowest proving command(s)**:
|
||||
- `export PATH="/bin:/usr/bin:/usr/local/bin:$PATH" && cd apps/platform && ./vendor/bin/sail artisan test --compact tests/Unit/Support/SupportRequests/SupportRequestContextBuilderTest.php tests/Unit/Support/SupportRequests/SupportRequestReferenceTest.php`
|
||||
- `export PATH="/bin:/usr/bin:/usr/local/bin:$PATH" && cd apps/platform && ./vendor/bin/sail artisan test --compact tests/Feature/SupportRequests/TenantSupportRequestActionTest.php tests/Feature/SupportRequests/OperationRunSupportRequestActionTest.php tests/Feature/SupportRequests/SupportRequestAuthorizationTest.php tests/Feature/SupportRequests/SupportRequestAuditTest.php`
|
||||
- **Fixture / helper / factory / seed / context cost risks**: add one `SupportRequest` factory; reuse existing workspace, tenant, run, provider, finding, report, review, and audit fixtures; keep support-request helpers local to the feature namespace
|
||||
- **Expensive defaults or shared helper growth introduced?**: no
|
||||
- **Heavy-family additions, promotions, or visibility changes**: none
|
||||
- **Surface-class relief / special coverage rule**: standard-native-filament relief applies to the tenant action; the operation detail action keeps the monitoring-state-page contract already established on the viewer
|
||||
- **Closing validation and reviewer handoff**: reviewers should re-run the listed unit and feature commands, verify immutable context persistence, verify 404 versus 403 boundaries, and verify that no outbound HTTP or `OperationRun` side effect occurs
|
||||
- **Budget / baseline / trend follow-up**: none expected beyond ordinary feature-local upkeep
|
||||
- **Review-stop questions**: did implementation add an outbound adapter, a request status workflow, a support inbox, or raw diagnostic persistence; did it broaden entry points beyond the two approved surfaces?
|
||||
- **Escalation path**: `reject-or-split` if the slice expands into external sync, a support queue, or lifecycle management
|
||||
- **Active feature PR close-out entry**: Guardrail
|
||||
- **Why no dedicated follow-up spec is needed**: the planned cost stays local to support-request creation; only external ticketing or request-lifecycle expansion would justify a follow-up spec
|
||||
|
||||
## Project Structure
|
||||
|
||||
### Documentation (this feature)
|
||||
|
||||
```text
|
||||
specs/246-support-request-context/
|
||||
├── checklists/
|
||||
│ └── requirements.md
|
||||
├── spec.md
|
||||
├── plan.md
|
||||
└── tasks.md
|
||||
```
|
||||
|
||||
### Source Code (repository root)
|
||||
|
||||
```text
|
||||
apps/platform/
|
||||
├── app/
|
||||
│ ├── Filament/
|
||||
│ │ └── Pages/
|
||||
│ │ ├── Operations/
|
||||
│ │ │ └── TenantlessOperationRunViewer.php
|
||||
│ │ └── TenantDashboard.php
|
||||
│ ├── Models/
|
||||
│ │ └── SupportRequest.php
|
||||
│ ├── Services/
|
||||
│ │ ├── Audit/WorkspaceAuditLogger.php
|
||||
│ │ └── Auth/RoleCapabilityMap.php
|
||||
│ └── Support/
|
||||
│ ├── Audit/AuditActionId.php
|
||||
│ ├── Auth/Capabilities.php
|
||||
│ ├── SupportDiagnostics/SupportDiagnosticBundleBuilder.php
|
||||
│ └── SupportRequests/
|
||||
│ ├── SupportRequestContextBuilder.php
|
||||
│ └── SupportRequestReferenceGenerator.php
|
||||
├── database/
|
||||
│ ├── factories/SupportRequestFactory.php
|
||||
│ └── migrations/
|
||||
└── tests/
|
||||
├── Feature/SupportRequests/
|
||||
│ ├── OperationRunSupportRequestActionTest.php
|
||||
│ ├── SupportRequestAuditTest.php
|
||||
│ ├── SupportRequestAuthorizationTest.php
|
||||
│ └── TenantSupportRequestActionTest.php
|
||||
└── Unit/Support/SupportRequests/
|
||||
├── SupportRequestContextBuilderTest.php
|
||||
└── SupportRequestReferenceTest.php
|
||||
```
|
||||
|
||||
**Structure Decision**: Single Laravel application. The implementation adds one bounded support-request model plus one small support namespace and reuses existing tenant and run surfaces.
|
||||
|
||||
## Complexity Tracking
|
||||
|
||||
No additional constitution violations are required. The new persisted support-request truth and small severity family are already justified in the proportionality review and remain bounded to the first slice.
|
||||
|
||||
## Proportionality Review
|
||||
|
||||
- **Current operator problem**: support intake still starts outside structured product context even though the product can already explain the current tenant or run problem safely
|
||||
- **Existing structure is insufficient because**: support diagnostics is read-only and cannot provide an immutable, auditable support request or internal support reference
|
||||
- **Narrowest correct implementation**: one immutable `SupportRequest` record plus one bounded context builder that reuses existing support diagnostics when allowed
|
||||
- **Ownership cost**: migration, model, factory, capability, audit action, bounded support-request support namespace, and focused tests
|
||||
- **Alternative intentionally rejected**: outbound-only ticket adapters, a multi-provider helpdesk registry, and a request status workflow were rejected because no concrete second use case or provider foundation exists yet
|
||||
- **Why this is current-release truth**: the support-request record is directly useful now even without external sync because it preserves structured intake, returns a support reference, and captures immutable context
|
||||
|
||||
## Rollout & Risk Controls
|
||||
|
||||
- Start on exactly two existing surfaces only: the tenant dashboard and the canonical operation detail viewer
|
||||
- Keep request truth immutable after creation; lifecycle management is explicitly out of scope
|
||||
- Persist only redacted context JSON; raw payloads, secrets, and unrestricted provider bodies remain excluded
|
||||
- Keep the reference internal-only in v1; external ticket references are deferred until a later ticketing spec exists
|
||||
- Reuse the existing support-diagnostics capability when attaching diagnostics so the feature can safely support reduced attachment mode without creating a second diagnostic access path
|
||||
|
||||
## Implementation Outline
|
||||
|
||||
- Add the `SupportRequest` model, migration, and factory as the new persisted support-intake truth
|
||||
- Add `support_requests.create` to the canonical capability registry and role map
|
||||
- Add a bounded support-request context builder plus internal reference generator that can build tenant-context and run-context envelopes from the existing support-diagnostics bundle and canonical references
|
||||
- Add an audit action identifier and `WorkspaceAuditLogger` path for support-request creation
|
||||
- Add `Request support` action forms to `TenantDashboard` and `TenantlessOperationRunViewer`
|
||||
- Return the generated support reference in success feedback and keep the action synchronous and DB-only
|
||||
|
||||
## Implementation Phases
|
||||
|
||||
1. **Foundation**: migration, model, factory, capability, audit action, internal reference generation, and shared context builder
|
||||
2. **Tenant entry point**: tenant dashboard action, reduced-attachment logic, tenant-context feature proof
|
||||
3. **Run entry point**: canonical operation detail action, entitled-tenant resolution, run-context feature proof
|
||||
4. **Safety hardening**: immutable context persistence, authorization edge cases, audit proof, and no-side-effect verification
|
||||
|
||||
## Guardrail Close-Out
|
||||
|
||||
- Livewire v4 compliance remained unchanged and the feature shipped through native Filament v5 action forms only.
|
||||
- Provider registration location stayed unchanged; Laravel 11+ provider registration remains in `bootstrap/providers.php`.
|
||||
- No global-search behavior changed because no resource or global-search surface was introduced.
|
||||
- No destructive action was added, so no new confirmation flow was required.
|
||||
- No asset strategy changed; deployment remains unchanged, including `cd apps/platform && php artisan filament:assets` when registered Filament assets are present elsewhere.
|
||||
- Browser smoke confirmed both approved entry points on the live app: the tenant dashboard visible `Request support` action and the tenantless operation viewer grouped `More` > `Request support` action both submitted successfully and returned `Support request submitted` with `Reference SR-...`.
|
||||
- The tenant dashboard action-surface exception stayed bounded to the existing support-aware pair (`Request support`, `Open support diagnostics`), while the operation viewer kept both support actions grouped under `More` to avoid competing with its primary navigation and utility actions.
|
||||
281
specs/246-support-request-context/spec.md
Normal file
281
specs/246-support-request-context/spec.md
Normal file
@ -0,0 +1,281 @@
|
||||
# Feature Specification: In-App Support Request with Context
|
||||
|
||||
**Feature Branch**: `246-support-request-context`
|
||||
**Created**: 2026-04-27
|
||||
**Status**: Ready for implementation
|
||||
**Input**: User description: "Promote the roadmap-fit candidate In-App Support Request with Context as a narrow, implementation-ready slice that adds structured support-request creation from existing support-aware product surfaces. The slice should reuse Support Diagnostic Pack, product knowledge, existing tenant and operation context resolution, and audit patterns to capture one support request with redacted diagnostic references and operator-entered severity/message fields, without building a full helpdesk, ticket sync engine, or CRM workflow."
|
||||
|
||||
## Spec Candidate Check *(mandatory - SPEC-GATE-001)*
|
||||
|
||||
- **Problem**: Generic support email or an external ticket link discards the most important product context at the moment help is requested: workspace, tenant, current run, related findings, recent reports, review artifacts, and the current diagnostic state.
|
||||
- **Today's failure**: Operators must manually copy context from several product surfaces into an ad hoc support note, which creates avoidable back-and-forth, invites oversharing of raw diagnostics, and leaves no reliable internal support reference inside TenantPilot.
|
||||
- **User-visible improvement**: A tenant-scoped or run-scoped operator can submit one structured support request from the current product surface, capture severity plus summary and note fields, attach safe context automatically, and immediately receive an internal support reference.
|
||||
- **Smallest enterprise-capable version**: Add one immutable internal `SupportRequest` record with a generated reference, two first-slice entry actions on existing tenant and run surfaces, automatic canonical context attachment, optional redacted support-diagnostic snapshot attachment when the creator is allowed to view it, and audit logging for request creation.
|
||||
- **Explicit non-goals**: No full helpdesk product, no support inbox or triage board, no two-way ticket sync, no SLA engine, no file-upload pipeline, no customer-facing portal, no AI support bot, no background notification workflow, and no external ticket provider coupling in v1.
|
||||
- **Permanent complexity imported**: One new persisted `SupportRequest` truth, one small support-request severity family, one bounded context-builder path, one generated internal reference format, one new tenant capability, two read-only context-aware create actions, and focused unit plus feature coverage.
|
||||
- **Why now**: The repo already has the support-diagnostics bundle, contextual help, tenant and run context resolution, and audit seams. This is the narrowest next slice that turns those support foundations into structured intake instead of leaving support creation as manual copy-paste.
|
||||
- **Why not local**: A page-local note field, mailto link, or generic modal would still duplicate context assembly, drift redaction behavior, and lose canonical references. The support request needs one reusable capture contract because both tenant and run surfaces already depend on the same support truth.
|
||||
- **Approval class**: Workflow Compression
|
||||
- **Red flags triggered**: New persistence, new severity semantics, and multi-surface workflow touchpoint. Defense: the slice stores one immutable request record only, avoids status workflow or external sync, and is limited to two already support-aware surfaces that can reuse the existing diagnostic bundle.
|
||||
- **Score**: Nutzen: 2 | Dringlichkeit: 2 | Scope: 1 | Komplexitaet: 1 | Produktnaehe: 2 | Wiederverwendung: 2 | **Gesamt: 10/12**
|
||||
- **Decision**: approve
|
||||
|
||||
## Spec Scope Fields *(mandatory)*
|
||||
|
||||
- **Scope**: workspace, tenant
|
||||
- **Primary Routes**:
|
||||
- `/admin/t/{tenant}` existing tenant dashboard as the first tenant-context support-request entry point
|
||||
- `/admin/operations/{run}` existing canonical operation detail surface as the first run-context support-request entry point
|
||||
- **Data Ownership**: `support_requests` becomes new tenant-owned product truth with required `workspace_id` and `tenant_id`, both stored as not-null fields. `workspace_id` is still derived from the tenant relationship for correctness, but it remains persisted because tenant-owned truth in this repo carries both anchors. Canonical source truth for attached references remains on existing `Tenant`, `OperationRun`, `ProviderConnection`, `Finding`, `StoredReport`, `TenantReview`, `ReviewPack`, and `AuditLog` records. Any attached support-diagnostic snapshot is a redacted immutable capture owned by the support request, not a replacement for those source records.
|
||||
- **RBAC**: Workspace membership and tenant entitlement remain mandatory. A new tenant-role capability `support_requests.create` gates request creation. When a request includes the redacted support-diagnostic snapshot, the creator must also pass the existing `support_diagnostics.view` check; otherwise the request stores only the safe canonical context reference set and an explicit note that diagnostic evidence was omitted.
|
||||
|
||||
For canonical-view specs, the spec MUST define:
|
||||
|
||||
- **Default filter behavior when tenant-context is active**: N/A - the first slice adds contextual create actions only and does not introduce a support-request registry page.
|
||||
- **Explicit entitlement checks preventing cross-tenant leakage**: Non-members and non-entitled users receive 404 semantics before any tenant-owned context is assembled. The operation entry point is in scope only when the run resolves to an entitled tenant.
|
||||
|
||||
## Cross-Cutting / Shared Pattern Reuse *(mandatory when the feature touches notifications, status messaging, action links, header actions, dashboard signals/cards, alerts, navigation entry points, evidence/report viewers, or any other existing shared operator interaction family; otherwise write `N/A - no shared interaction family touched`)*
|
||||
|
||||
- **Cross-cutting feature?**: yes
|
||||
- **Interaction class(es)**: header actions, contextual support capture, success notifications, support-safe context summaries, audit events
|
||||
- **Systems touched**: existing tenant dashboard and canonical operation detail action surfaces, the support-diagnostics bundle builder, contextual-help content, tenant capability mapping, and workspace audit logging
|
||||
- **Existing pattern(s) to extend**: existing support-diagnostics entry points, existing Filament header action patterns, existing support-diagnostics redaction rules, and existing audit logging conventions
|
||||
- **Shared contract / presenter / builder / renderer to reuse**: `SupportDiagnosticBundleBuilder`, `WorkspaceAuditLogger`, existing contextual-help resolver or catalog patterns where copy is needed, and existing support-safe route and label vocabulary already used on tenant and run surfaces
|
||||
- **Why the existing shared path is sufficient or insufficient**: The current shared support paths already produce deterministic, redacted context and the right canonical references. They are insufficient because the product still lacks a persisted support-request truth and a structured create flow that can capture that context safely.
|
||||
- **Allowed deviation and why**: One bounded `SupportRequests` support namespace is allowed to assemble immutable request context and generate an internal support reference. No generic ticket adapter, no local page-only context mappers, and no second support-summary dialect are allowed.
|
||||
- **Consistency impact**: `Request support`, `Support reference`, redaction wording, severity labels, and attached-context copy must remain consistent across tenant and run entry points so the same support concept is visible regardless of where the request originates.
|
||||
- **Review focus**: Reviewers must verify that context capture reuses the shared support-diagnostics bundle rather than rebuilding record selection locally, and that no raw provider payloads or unrestricted diagnostics are persisted in the request.
|
||||
|
||||
## OperationRun UX Impact *(mandatory when the feature creates, queues, deduplicates, resumes, blocks, completes, or deep-links to an `OperationRun`; otherwise write `N/A - no OperationRun start or link semantics touched`)*
|
||||
|
||||
- **Touches OperationRun start/completion/link UX?**: no
|
||||
- **Shared OperationRun UX contract/layer reused**: N/A
|
||||
- **Delegated start/completion UX behaviors**: N/A
|
||||
- **Local surface-owned behavior that remains**: The run-context request action reads the current run as context only; it does not queue, resume, or complete any `OperationRun`.
|
||||
- **Queued DB-notification policy**: N/A
|
||||
- **Terminal notification path**: N/A
|
||||
- **Exception required?**: none
|
||||
|
||||
## Provider Boundary / Platform Core Check *(mandatory when the feature changes shared provider/platform seams, identity scope, governed-subject taxonomy, compare strategy selection, provider connection descriptors, or operator vocabulary that may leak provider-specific semantics into platform-core truth; otherwise write `N/A - no shared provider/platform boundary touched`)*
|
||||
|
||||
- **Shared provider/platform boundary touched?**: yes
|
||||
- **Boundary classification**: mixed
|
||||
- **Seams affected**: provider-connection health excerpts that may appear inside an attached redacted support-diagnostic snapshot, provider-owned reason translation, and support-request context labels
|
||||
- **Neutral platform terms preserved or introduced**: support request, support reference, primary context, attached context, redacted diagnostic snapshot, canonical reference set
|
||||
- **Provider-specific semantics retained and why**: Microsoft-specific provider errors or consent states remain provider-owned diagnostic inputs and may only appear through the already redacted support-diagnostics bundle.
|
||||
- **Why this does not deepen provider coupling accidentally**: The new request record stores provider-neutral context metadata plus canonical references. Provider-specific semantics enter only through the existing support-diagnostics bundle, which is already bounded and redacted.
|
||||
- **Follow-up path**: Later PSA or ticketing integration remains a separate follow-up spec and must consume the neutral support-request truth instead of reshaping it.
|
||||
|
||||
## UI / Surface Guardrail Impact *(mandatory when operator-facing surfaces are changed; otherwise write `N/A`)*
|
||||
|
||||
| Surface / Change | Operator-facing surface change? | Native vs Custom | Shared-Family Relevance | State Layers Touched | Exception Needed? | Low-Impact / `N/A` Note |
|
||||
|---|---|---|---|---|---|---|
|
||||
| Tenant dashboard request support action | yes | Native Filament + shared support primitives | header actions, support capture, support diagnostics | page, action, form | yes | Existing tenant dashboard action-surface exemption remains; this slice adds one bounded create action beside the current support-diagnostics action |
|
||||
| Canonical operation detail request support action | yes | Native Filament + shared support primitives | header actions, monitoring-state diagnostics, support capture | detail, action, form | no | Extends an already support-aware operation surface instead of creating a new support page |
|
||||
|
||||
## Decision-First Surface Role *(mandatory when operator-facing surfaces are changed)*
|
||||
|
||||
| Surface | Decision Role | Human-in-the-loop Moment | Immediately Visible for First Decision | On-Demand Detail / Evidence | Why This Is Primary or Why Not | Workflow Alignment | Attention-load Reduction |
|
||||
|---|---|---|---|---|---|---|---|
|
||||
| Tenant dashboard request support action | Secondary Context Surface | The operator decides the current tenant issue needs escalation or structured support intake | Tenant identity, context summary, severity selection, message fields, and whether redacted diagnostics will be attached | Redacted support diagnostics and canonical related records remain secondary evidence | Not primary because support creation follows tenant troubleshooting rather than replacing it | Follows tenant troubleshooting and escalation | Eliminates manual copy-paste from provider, run, findings, and audit surfaces |
|
||||
| Canonical operation detail request support action | Secondary Context Surface | The operator is already inspecting one run and decides support intake should begin from that run context | Run identity, context summary, severity selection, message fields, and whether redacted diagnostics will be attached | Redacted support diagnostics and canonical related records remain secondary evidence | Not primary because the main work is still understanding and acting on the run | Follows monitoring drill-in workflow | Removes ad hoc support notes that would otherwise rebuild run context manually |
|
||||
|
||||
## Audience-Aware Disclosure *(mandatory when operator-facing surfaces are changed)*
|
||||
|
||||
| Surface | Audience Modes In Scope | Decision-First Default-Visible Content | Operator Diagnostics | Support / Raw Evidence | One Dominant Next Action | Hidden / Gated By Default | Duplicate-Truth Prevention |
|
||||
|---|---|---|---|---|---|---|---|
|
||||
| Tenant dashboard request support action | operator-MSP, support-platform | Scope summary, severity, message fields, contact defaults, attachment note, redaction note | Existing support-diagnostics bundle and canonical links | Raw payloads and unrestricted provider diagnostics are never stored here | `Submit support request` | Diagnostic snapshot attachment is omitted unless `support_diagnostics.view` is allowed | The action reuses the shared support-diagnostics bundle summary instead of restating provider or run truth locally |
|
||||
| Canonical operation detail request support action | operator-MSP, support-platform | Run identity, severity, message fields, contact defaults, attachment note, redaction note | Existing run-context support diagnostics and canonical links | Raw payloads and unrestricted provider diagnostics are never stored here | `Submit support request` | Diagnostic snapshot attachment is omitted unless `support_diagnostics.view` is allowed | The action reuses the shared run-context support summary instead of inventing a second run explanation path |
|
||||
|
||||
## UI/UX Surface Classification *(mandatory when operator-facing surfaces are changed)*
|
||||
|
||||
| Surface | Action Surface Class | Surface Type | Likely Next Operator Action | Primary Inspect/Open Model | Row Click | Secondary Actions Placement | Destructive Actions Placement | Canonical Collection Route | Canonical Detail Route | Scope Signals | Canonical Noun | Critical Truth Visible by Default | Exception Type / Justification |
|
||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||
| Tenant dashboard request support action | Dashboard / Overview / Actions | Tenant support escalation entry point | Submit a structured support request | Explicit header action opens a slide-over or modal form | forbidden | Existing support diagnostics remains a neighboring secondary action | none | `/admin/t/{tenant}` | `/admin/t/{tenant}` | Active workspace, active tenant, and attached-context note | Support request / Support reference | Primary context, required message fields, severity, and redaction note | dashboard_exception - existing tenant dashboard action-surface exemption remains bounded and read-only apart from the create mutation |
|
||||
| Canonical operation detail request support action | Record / Detail / Actions | Run-centered support escalation entry point | Submit a structured support request from the current run | Existing detail page plus grouped secondary support actions | forbidden | `Open support diagnostics` and `Request support` are grouped together under the detail action group | none | `/admin/operations` | `/admin/operations/{run}` | Workspace context, entitled tenant context, and operation identifier | Support request / Support reference | Primary run context, required summary fields, severity, and redaction note | none |
|
||||
|
||||
## Operator Surface Contract *(mandatory when operator-facing surfaces are changed)*
|
||||
|
||||
| Surface | Primary Persona | Decision / Operator Action Supported | Surface Type | Primary Operator Question | Default-visible Information | Diagnostics-only Information | Status Dimensions Used | Mutation Scope | Primary Actions | Dangerous Actions |
|
||||
|---|---|---|---|---|---|---|---|---|---|---|
|
||||
| Tenant dashboard request support action | Workspace manager or support-capable tenant operator | Submit one tenant-scoped support request with safe context | Dashboard action + contextual form | How do I ask for help on this tenant without manually rebuilding the case? | Tenant label, severity, summary, reproduction-notes field, contact defaults, context-attachment note, redaction note | Full support diagnostics stay on the neighboring support-diagnostics action and canonical linked pages | support-request severity, attachment completeness | TenantPilot only | Submit support request | none |
|
||||
| Canonical operation detail request support action | Workspace manager or support-capable operator | Submit one run-scoped support request with safe context | Detail action + contextual form | How do I escalate this run with the right context and without copying raw diagnostics? | Operation identifier, severity, summary, reproduction-notes field, contact defaults, context-attachment note, redaction note | Full support diagnostics stay on the neighboring support-diagnostics action and canonical linked pages | support-request severity, attachment completeness | TenantPilot only | Submit support request | none |
|
||||
|
||||
## Proportionality Review *(mandatory when structural complexity is introduced)*
|
||||
|
||||
- **New source of truth?**: yes
|
||||
- **New persisted entity/table/artifact?**: yes
|
||||
- **New abstraction?**: yes
|
||||
- **New enum/state/reason family?**: yes - one bounded support-request severity family
|
||||
- **New cross-domain UI framework/taxonomy?**: no
|
||||
- **Current operator problem**: The product can already explain support context, but it still cannot capture a structured support request at the moment the operator needs help.
|
||||
- **Existing structure is insufficient because**: Support diagnostics is read-only and generic support channels lose context. Without a persisted request record, there is no internal support reference or safe immutable request payload.
|
||||
- **Narrowest correct implementation**: Add one immutable `SupportRequest` truth with a small severity family and one bounded context-builder path that reuses the existing support-diagnostics bundle when allowed.
|
||||
- **Ownership cost**: One migration, one model and factory, one support-request context builder or submission service, one capability, one audit action, and focused unit plus feature coverage.
|
||||
- **Alternative intentionally rejected**: Outbound-only ticket adapters and a broader helpdesk workflow were rejected because the repo has no concrete ticket-provider foundation yet and the first release does not need a support queue, lifecycle engine, or external sync.
|
||||
- **Release truth**: current-release truth
|
||||
|
||||
### Compatibility posture
|
||||
|
||||
This feature assumes a pre-production environment.
|
||||
|
||||
Backward compatibility, legacy aliases, migration shims, historical fixtures, and compatibility-specific tests are out of scope unless explicitly required by this spec.
|
||||
|
||||
Canonical replacement is preferred over preservation.
|
||||
|
||||
## Testing / Lane / Runtime Impact *(mandatory for runtime behavior changes)*
|
||||
|
||||
- **Test purpose / classification**: Unit, Feature
|
||||
- **Validation lane(s)**: fast-feedback, confidence
|
||||
- **Why this classification and these lanes are sufficient**: Unit tests can prove internal reference generation, immutable context-shape rules, and redaction-aware attachment behavior. Feature tests can prove tenant and run entry actions, 404 versus 403 boundaries, persisted request creation, and audit logging without browser automation.
|
||||
- **New or expanded test families**: One focused `SupportRequests` unit family and a small set of tenant plus run feature tests
|
||||
- **Fixture / helper cost impact**: Moderate. Reuse existing workspace, tenant, run, provider, finding, stored-report, review, audit, and support-diagnostics fixtures. Add one `SupportRequest` factory and keep helpers local to the support-request test namespace.
|
||||
- **Heavy-family visibility / justification**: none
|
||||
- **Special surface test profile**: standard-native-filament, monitoring-state-page
|
||||
- **Standard-native relief or required special coverage**: Ordinary Filament feature coverage is sufficient for the tenant dashboard action. The run-context action must also preserve the canonical monitoring-state-page constraints already used on the existing operation viewer.
|
||||
- **Reviewer handoff**: Reviewers must confirm that request creation persists only redacted context, never triggers outbound HTTP or a new `OperationRun`, returns the internal support reference in success feedback, and keeps non-member access as 404.
|
||||
- **Budget / baseline / trend impact**: Low-to-moderate increase in narrow unit plus feature coverage only
|
||||
- **Escalation needed**: none
|
||||
- **Active feature PR close-out entry**: Guardrail
|
||||
- **Planned validation commands**:
|
||||
- `export PATH="/bin:/usr/bin:/usr/local/bin:$PATH" && cd apps/platform && ./vendor/bin/sail artisan test --compact tests/Unit/Support/SupportRequests/SupportRequestContextBuilderTest.php tests/Unit/Support/SupportRequests/SupportRequestReferenceTest.php`
|
||||
- `export PATH="/bin:/usr/bin:/usr/local/bin:$PATH" && cd apps/platform && ./vendor/bin/sail artisan test --compact tests/Feature/SupportRequests/TenantSupportRequestActionTest.php tests/Feature/SupportRequests/OperationRunSupportRequestActionTest.php tests/Feature/SupportRequests/SupportRequestAuthorizationTest.php tests/Feature/SupportRequests/SupportRequestAuditTest.php`
|
||||
|
||||
## Support-Request Severity Contract
|
||||
|
||||
The first slice uses one fixed severity family and does not infer or automate downstream workflow from it.
|
||||
|
||||
| Stored Value | UI Label | Meaning In V1 |
|
||||
|---|---|---|
|
||||
| `low` | Low | Question or minor issue; work can continue and no current blocker exists |
|
||||
| `normal` | Normal | Ordinary support needed; work can continue with friction |
|
||||
| `high` | High | Time-sensitive issue or material degradation that needs prompt attention |
|
||||
| `blocking` | Blocking | Current work cannot proceed or access is effectively blocked |
|
||||
|
||||
Validation rules for v1:
|
||||
|
||||
- Exactly one severity value is required on every support request.
|
||||
- The action form defaults to `normal` unless the operator selects a different value.
|
||||
- Severity affects persisted request truth and UI labels only in v1; it does not start a queue, SLA, or notification workflow.
|
||||
|
||||
## Internal Support Reference Contract
|
||||
|
||||
- Every created support request receives a reference formatted as `SR-<ULID>`.
|
||||
- The `SR-` prefix is fixed and uppercase in v1.
|
||||
- The ULID portion is uppercase, generated once at creation time, and remains immutable afterward.
|
||||
- Success feedback and audit context must show the exact stored value rather than reformatting it locally.
|
||||
|
||||
## User Scenarios & Testing *(mandatory)*
|
||||
|
||||
### User Story 1 - Submit a tenant-scoped support request with safe context (Priority: P1)
|
||||
|
||||
As a workspace manager or support-capable tenant operator, I want to request support from the current tenant surface so I do not have to manually rebuild the case.
|
||||
|
||||
**Why this priority**: Tenant-context support intake is the broadest first-response path and benefits immediately from the existing support-diagnostics foundation.
|
||||
|
||||
**Independent Test**: Seed a tenant with provider, run, finding, review, report, and audit truth, submit a support request from the tenant dashboard, and verify that the request is persisted with an internal reference and only safe attached context.
|
||||
|
||||
**Acceptance Scenarios**:
|
||||
|
||||
1. **Given** an entitled operator opens the tenant dashboard for a tenant with current support context, **When** they submit a support request with severity and summary, **Then** the system creates one immutable support request with a generated internal reference, tenant and workspace context, and canonical references to the current case.
|
||||
2. **Given** the creator also has `support_diagnostics.view`, **When** they submit the tenant-scoped request, **Then** the request stores the redacted support-diagnostics snapshot or reference set instead of requiring manual copy-paste.
|
||||
3. **Given** the creator lacks `support_diagnostics.view` but still has `support_requests.create`, **When** they submit the request, **Then** the request stores the safe canonical context set only and records that diagnostic evidence was omitted.
|
||||
|
||||
---
|
||||
|
||||
### User Story 2 - Submit a run-scoped support request from monitoring (Priority: P1)
|
||||
|
||||
As an operator already inspecting one run, I want to request support from the canonical run detail surface so the support request starts from the exact failing or degraded run.
|
||||
|
||||
**Why this priority**: A large share of support work starts from one run, and the operation viewer already has the right support-aware context and authorization boundaries.
|
||||
|
||||
**Independent Test**: Seed a failed or degraded run with related canonical truth, submit a support request from the operation viewer, and verify that the saved request is run-scoped, tenant-safe, and auditable.
|
||||
|
||||
**Acceptance Scenarios**:
|
||||
|
||||
1. **Given** an entitled operator is viewing a run that resolves to an entitled tenant, **When** they submit a support request from that run surface, **Then** the system persists one immutable support request whose primary context is that run and whose canonical references stay tenant-safe.
|
||||
2. **Given** the run does not resolve to an entitled tenant for the current user, **When** they try to create a run-scoped support request, **Then** the system responds as not found and does not reveal whether additional support context exists.
|
||||
|
||||
---
|
||||
|
||||
### User Story 3 - Keep support intake redacted, auditable, and bounded (Priority: P2)
|
||||
|
||||
As the product owner, I want the first support-request slice to stay immutable and provider-neutral so it can be trusted and extended later without accidentally becoming a helpdesk framework.
|
||||
|
||||
**Why this priority**: Structured intake adds value only if it stays safe, deterministic, and free of premature helpdesk complexity.
|
||||
|
||||
**Independent Test**: Verify that repeated request creation uses the same reference format and context-shape rules, that audit entries are written, and that no outbound helpdesk work or `OperationRun` side effects occur.
|
||||
|
||||
**Acceptance Scenarios**:
|
||||
|
||||
1. **Given** the same authorized tenant or run input and the same creator capability set, **When** a support request is generated, **Then** the attached context shape follows the same deterministic rules every time.
|
||||
2. **Given** support request creation succeeds, **When** the request is persisted, **Then** an audit entry records the actor, primary context, internal reference, and redaction mode without storing raw provider payloads.
|
||||
3. **Given** an operator submits the same issue twice, **When** both requests are accepted, **Then** each submission receives its own immutable internal reference because v1 intentionally does not deduplicate or merge requests.
|
||||
|
||||
### Edge Cases
|
||||
|
||||
- A tenant may have no provider connection, no recent run, or no active findings. The support request must still persist with explicit `missing` or `not observed` context markers rather than failing or inventing placeholder truth.
|
||||
- A run may reference related records that have since been deleted or are no longer accessible. The saved request must keep safe missing or inaccessible markers without leaking details from those records.
|
||||
- A creator may have `support_requests.create` without `support_diagnostics.view`. The request must still be creatable with the reduced safe context set and explicit omission semantics.
|
||||
- Context may change after request creation. The request must preserve the immutable submitted context snapshot or reference envelope and must not silently mutate with later diagnostic state.
|
||||
|
||||
## Requirements *(mandatory)*
|
||||
|
||||
**Constitution alignment (required):** This feature introduces a DB-only write and no new Microsoft Graph calls, no scheduled work, and no queued workflow. Because the request is security-relevant and intentionally skips `OperationRun`, successful request creation MUST write an `AuditLog` entry with redacted metadata.
|
||||
|
||||
**Constitution alignment (PROP-001 / ABSTR-001 / PERSIST-001 / STATE-001 / BLOAT-001):** This feature introduces one new persisted support-request truth, one bounded support-request context builder or submission service, and one small support-request severity family because existing support diagnostics is read-only and generic ticket links lose context. A narrower solution is insufficient because it would still fail to preserve immutable submitted context or return a trustworthy in-product support reference.
|
||||
|
||||
**Constitution alignment (XCUT-001):** Support-request capture MUST extend the existing support-diagnostics bundle and audit paths rather than duplicating page-local context assembly or provider wording.
|
||||
|
||||
**Constitution alignment (PROV-001):** The support-request model and labels remain provider-neutral. Provider-specific semantics may appear only inside the already redacted support-diagnostic snapshot when that attachment is allowed.
|
||||
|
||||
**Constitution alignment (TEST-GOV-001):** Proof stays in focused unit plus feature lanes only. Browser and heavy-governance lanes are out of scope for the first slice.
|
||||
|
||||
**Constitution alignment (OPS-UX / OPS-UX-START-001):** No new `OperationRun` is created, resumed, or linked as a started workflow. Request creation is a synchronous DB-only support action.
|
||||
|
||||
**Constitution alignment (RBAC-UX):** The affected authorization plane is the tenant-admin `/admin` plane. Non-members and non-entitled users receive 404. Entitled members lacking `support_requests.create` receive 403. The run-context action must only render after the viewer resolves an entitled tenant scope.
|
||||
|
||||
**Constitution alignment (UI-FIL-001):** The feature must use native Filament actions and action forms. No custom standalone support page or ad hoc support form shell is allowed in v1.
|
||||
|
||||
**Constitution alignment (UI-NAMING-001):** Primary operator labels remain `Request support` and `Support reference`. Implementation-first terms such as payload snapshot, JSON blob, or ticket adapter must not appear in the primary UI.
|
||||
|
||||
**Constitution alignment (DECIDE-001 / OPSURF-001):** The affected surfaces remain secondary context surfaces. Support creation must not compete with the primary tenant or operation investigation workflow and must not expose raw diagnostics by default.
|
||||
|
||||
### Functional Requirements
|
||||
|
||||
- **FR-246-001 Entry points**: The system MUST allow support-request creation from exactly two first-slice contexts: the existing tenant dashboard and the existing canonical operation detail surface.
|
||||
- **FR-246-002 Immutable internal reference**: Every created support request MUST receive a generated internal support reference that is unique, stable, and shown back to the creator immediately after submission.
|
||||
- **FR-246-003 Captured fields**: A support request MUST capture workspace, tenant, initiating user, primary context type, optional run reference when applicable, severity chosen from `low`, `normal`, `high`, or `blocking`, a required summary field, optional reproduction notes, and optional contact name and contact email defaults derived from the creator.
|
||||
- **FR-246-004 Canonical context attachment**: The request MUST automatically attach the safe canonical context set for the current tenant or run instead of requiring manual copy-paste of record identifiers.
|
||||
- **FR-246-005 Diagnostic snapshot attachment**: When the creator can view support diagnostics for the current scope, the request MUST attach a redacted support-diagnostic snapshot or structured reference envelope derived from the existing bundle contract.
|
||||
- **FR-246-006 Reduced attachment mode**: When the creator cannot view support diagnostics but can create a support request, the request MUST omit the diagnostic snapshot and persist only the safe canonical context set together with an explicit omission marker.
|
||||
- **FR-246-007 Authorization boundaries**: Non-members and non-entitled users MUST receive 404 semantics. Entitled users lacking `support_requests.create` MUST receive 403. Cross-tenant or unrelated run context MUST never attach accidentally.
|
||||
- **FR-246-008 No external dependency**: The first slice MUST NOT require an external ticket provider, outbound HTTP call, or external ticket reference to create a support request.
|
||||
- **FR-246-009 Auditability**: Support-request creation MUST write an audit event that records the actor, support reference, primary context, attachment mode, and redaction mode without storing excluded raw payload content.
|
||||
- **FR-246-010 Provider-safe persistence**: Persisted support-request context MUST NOT include raw provider payloads, secrets, tokens, or unrestricted diagnostic bodies.
|
||||
- **FR-246-011 Immutability**: The first slice MUST treat the support request as immutable after creation. No edit, status workflow, reopen, or merge behavior may be introduced in v1.
|
||||
- **FR-246-012 Duplicate submissions**: The first slice MUST allow repeated submissions and create a new internal support reference each time rather than attempting hidden deduplication or merge logic.
|
||||
- **FR-246-013 Machine-readable context**: The attached context envelope MUST remain machine-readable and deterministic so later ticketing or AI-assisted follow-up can reuse it without redefining support-request truth.
|
||||
|
||||
## UI Action Matrix *(mandatory when Filament is changed)*
|
||||
|
||||
| Surface | Location | Header Actions | Inspect Affordance (List/Table) | Row Actions (max 2 visible) | Bulk Actions (grouped) | Empty-State CTA(s) | View Header Actions | Create/Edit Save+Cancel | Audit log? | Notes / Exemptions |
|
||||
|---|---|---|---|---|---|---|---|---|---|---|
|
||||
| Tenant dashboard support actions | `App\Filament\Pages\TenantDashboard` | Existing `Open support diagnostics` plus new `Request support` | n/a | none | none | none added | `Request support` on the tenant dashboard action surface only | action-form submit plus cancel | yes | Existing tenant dashboard exemption remains bounded to two support-aware actions only |
|
||||
| Canonical operation detail support actions | `App\Filament\Pages\Operations\TenantlessOperationRunViewer` | `Open support diagnostics` and `Request support` are grouped under `More` | Existing operation detail page remains the primary inspect model | none | none | n/a | Both support actions are grouped under the run detail action group instead of competing with the page's primary navigation and utility actions | action-form submit plus cancel | yes | Keeps support tooling secondary on the detail page while preserving structured escalation and diagnostics access |
|
||||
|
||||
### Key Entities *(include if feature involves data)*
|
||||
|
||||
- **SupportRequest**: The new immutable product truth that records one submitted support intake event together with its generated internal reference and safe attached context.
|
||||
- **SupportRequest Context Envelope**: The redacted, machine-readable set of canonical references and optional diagnostic snapshot attached to a support request.
|
||||
- **Support Reference**: The generated internal identifier shown back to the creator immediately after submission.
|
||||
- **Attachment Mode**: The persisted marker that distinguishes between `diagnostic_snapshot_attached` and `canonical_context_only` based on creator capability and safe context rules.
|
||||
|
||||
## Success Criteria *(mandatory)*
|
||||
|
||||
### Measurable Outcomes
|
||||
|
||||
- **SC-246-001**: A support request created from either approved surface is persisted with a unique internal support reference and the expected primary context every time in focused feature coverage.
|
||||
- **SC-246-002**: Focused authorization tests prove that unrelated tenant or run context cannot be attached accidentally and that 404 versus 403 boundaries remain correct.
|
||||
- **SC-246-003**: Focused audit tests prove that support-request creation writes one redacted audit event and performs no outbound HTTP or `OperationRun` side effect.
|
||||
- **SC-246-004**: Focused unit coverage proves that the attached context envelope remains deterministic and excludes raw provider payload content.
|
||||
185
specs/246-support-request-context/tasks.md
Normal file
185
specs/246-support-request-context/tasks.md
Normal file
@ -0,0 +1,185 @@
|
||||
---
|
||||
|
||||
description: "Task list for In-App Support Request with Context"
|
||||
|
||||
---
|
||||
|
||||
# Tasks: In-App Support Request with Context
|
||||
|
||||
**Input**: Design documents from `/Users/ahmeddarrazi/Documents/projects/wt-plattform/specs/246-support-request-context/`
|
||||
**Prerequisites**: `/Users/ahmeddarrazi/Documents/projects/wt-plattform/specs/246-support-request-context/plan.md` (required), `/Users/ahmeddarrazi/Documents/projects/wt-plattform/specs/246-support-request-context/spec.md` (required), `/Users/ahmeddarrazi/Documents/projects/wt-plattform/specs/246-support-request-context/checklists/requirements.md` (required)
|
||||
|
||||
**Tests (TEST-GOV-001)**: REQUIRED (Pest) for all runtime behavior changes in this slice. Keep proof in focused unit plus feature lanes only.
|
||||
**Operations**: This slice must not create, queue, resume, or complete an `OperationRun`. Support-request creation stays DB-only and audited.
|
||||
**RBAC**: Workspace membership, tenant entitlement, and `support_requests.create` remain authoritative. `support_diagnostics.view` controls only whether the redacted diagnostic snapshot can be attached.
|
||||
**Organization**: Tasks are grouped by user story so tenant-context creation, run-context creation, and safety hardening remain independently verifiable once the shared foundation exists.
|
||||
|
||||
## Phase 1: Setup (Shared Infrastructure)
|
||||
|
||||
**Purpose**: Lock the first-slice scope and verify the existing support-aware seams before runtime edits begin.
|
||||
|
||||
- [x] T001 Review the first-slice scope, attachment modes, and validation commands in `/Users/ahmeddarrazi/Documents/projects/wt-plattform/specs/246-support-request-context/spec.md`, `/Users/ahmeddarrazi/Documents/projects/wt-plattform/specs/246-support-request-context/plan.md`, and `/Users/ahmeddarrazi/Documents/projects/wt-plattform/specs/246-support-request-context/checklists/requirements.md`
|
||||
- [x] T002 [P] Verify the current tenant dashboard, canonical operation detail viewer, support-diagnostics bundle builder, tenant capability map, and workspace audit logger seams that this slice must reuse in `apps/platform/app/Filament/Pages/TenantDashboard.php`, `apps/platform/app/Filament/Pages/Operations/TenantlessOperationRunViewer.php`, `apps/platform/app/Support/SupportDiagnostics/SupportDiagnosticBundleBuilder.php`, `apps/platform/app/Support/Auth/Capabilities.php`, `apps/platform/app/Services/Auth/RoleCapabilityMap.php`, and `apps/platform/app/Services/Audit/WorkspaceAuditLogger.php`
|
||||
|
||||
---
|
||||
|
||||
## Phase 2: Foundational (Blocking Prerequisites)
|
||||
|
||||
**Purpose**: Add the persisted support-request truth and shared capture path required by both entry contexts before surface wiring begins.
|
||||
|
||||
**Critical**: No user story work should start until this phase is complete.
|
||||
|
||||
- [x] T003 Create the tenant-owned `support_requests` migration, model, and factory with required not-null `workspace_id` and `tenant_id`, immutable internal reference, primary context type, severity constrained to `low`, `normal`, `high`, or `blocking`, required summary, optional reproduction notes, optional contact name and contact email, creator metadata, and redacted context JSON in `apps/platform/database/migrations/`, `apps/platform/app/Models/SupportRequest.php`, and `apps/platform/database/factories/SupportRequestFactory.php`
|
||||
- [x] T004 [P] Register `support_requests.create` in the canonical tenant capability registry and tenant role map without widening system-plane access in `apps/platform/app/Support/Auth/Capabilities.php` and `apps/platform/app/Services/Auth/RoleCapabilityMap.php`
|
||||
- [x] T005 [P] Add the bounded support-request context builder and internal reference generator in `apps/platform/app/Support/SupportRequests/SupportRequestContextBuilder.php` and `apps/platform/app/Support/SupportRequests/SupportRequestReferenceGenerator.php`, reusing `SupportDiagnosticBundleBuilder` for attachment-mode decisions and machine-readable context shaping while emitting `SR-<ULID>` references only
|
||||
- [x] T006 [P] Add the support-request audit action identifier and workspace audit logger path for redacted request-creation metadata in `apps/platform/app/Support/Audit/AuditActionId.php` and `apps/platform/app/Services/Audit/WorkspaceAuditLogger.php`
|
||||
|
||||
**Checkpoint**: Foundation ready - both entry contexts can create the same immutable support-request truth through one shared capture path.
|
||||
|
||||
---
|
||||
|
||||
## Phase 3: User Story 1 - Submit A Tenant-Scoped Support Request (Priority: P1) 🎯 MVP
|
||||
|
||||
**Goal**: An entitled operator can request support from the tenant dashboard without manually rebuilding the current case.
|
||||
|
||||
**Independent Test**: Seed a tenant with provider, run, finding, review, report, and audit truth, submit a request from the tenant dashboard, and verify persisted request context plus returned internal reference.
|
||||
|
||||
### Tests for User Story 1
|
||||
|
||||
- [x] T007 [P] [US1] Add tenant-context feature coverage for created support reference, persisted tenant primary context, persisted severity and optional reproduction/contact fields, reduced-attachment mode, and `404` versus `403` semantics in `apps/platform/tests/Feature/SupportRequests/TenantSupportRequestActionTest.php`
|
||||
|
||||
### Implementation for User Story 1
|
||||
|
||||
- [x] T008 [US1] Add the native Filament `Request support` action form to `apps/platform/app/Filament/Pages/TenantDashboard.php` with required severity and summary fields, optional reproduction notes, contact name and contact email defaults, attachment summary, and success notification carrying the internal support reference
|
||||
- [x] T009 [US1] Implement tenant-context request capture in `apps/platform/app/Support/SupportRequests/SupportRequestContextBuilder.php` so the request stores canonical tenant references and attaches the redacted support-diagnostics snapshot only when allowed
|
||||
- [x] T010 [US1] Ensure tenant-context submission persists the explicit `canonical_context_only` attachment mode instead of blocking the request when diagnostic attachment is unavailable
|
||||
|
||||
**Checkpoint**: User Story 1 is independently functional when a tenant-context request can be submitted safely and the creator receives a stable internal support reference.
|
||||
|
||||
---
|
||||
|
||||
## Phase 4: User Story 2 - Submit A Run-Scoped Support Request (Priority: P1)
|
||||
|
||||
**Goal**: An entitled operator already inspecting one run can request support directly from the canonical operation detail surface.
|
||||
|
||||
**Independent Test**: Seed a failed or degraded run with related context, submit a support request from the operation viewer, and verify the saved request uses the run as primary context without breaking the viewer contract.
|
||||
|
||||
### Tests for User Story 2
|
||||
|
||||
- [x] T011 [P] [US2] Add run-context feature coverage for entitled-tenant resolution, persisted run primary context, persisted severity and optional reproduction/contact fields, reduced-attachment mode, and canonical viewer authorization boundaries in `apps/platform/tests/Feature/SupportRequests/OperationRunSupportRequestActionTest.php`
|
||||
|
||||
### Implementation for User Story 2
|
||||
|
||||
- [x] T012 [US2] Add the native Filament operation-viewer support actions in grouped secondary header placement on `apps/platform/app/Filament/Pages/Operations/TenantlessOperationRunViewer.php`, keeping both `Open support diagnostics` and `Request support` under `More` so they stay secondary to the viewer's primary navigation and utility actions
|
||||
- [x] T013 [US2] Implement run-context request capture through the shared support-request context builder so the request uses the current run plus entitled tenant context only after authorization has resolved safely
|
||||
- [x] T014 [US2] Keep run-context request copy and attachment wording aligned with the existing operation viewer and support-diagnostics vocabulary rather than introducing a second run-summary dialect
|
||||
|
||||
**Checkpoint**: User Story 2 is independently functional when the operation viewer can create the same support-request truth with run-centered context and correct tenant-safe boundaries.
|
||||
|
||||
---
|
||||
|
||||
## Phase 5: User Story 3 - Keep Support Intake Redacted, Auditable, And Bounded (Priority: P2)
|
||||
|
||||
**Goal**: The same authorized input always produces the same safe context shape and the feature stays free of ticket-provider, lifecycle, and `OperationRun` sprawl.
|
||||
|
||||
**Independent Test**: Verify deterministic context-envelope generation, correct attachment modes, correct audit logging, and absence of outbound HTTP or `OperationRun` side effects.
|
||||
|
||||
### Tests for User Story 3
|
||||
|
||||
- [x] T015 [P] [US3] Add unit coverage for deterministic context-envelope generation, explicit `missing` and inaccessible markers, internal support-reference formatting, and the absence of raw provider payload content in persisted context envelopes in `apps/platform/tests/Unit/Support/SupportRequests/SupportRequestContextBuilderTest.php` and `apps/platform/tests/Unit/Support/SupportRequests/SupportRequestReferenceTest.php`
|
||||
- [x] T016 [P] [US3] Add shared feature coverage for authorization boundaries and attachment-mode behavior in `apps/platform/tests/Feature/SupportRequests/SupportRequestAuthorizationTest.php`
|
||||
- [x] T017 [P] [US3] Add feature coverage for support-request audit entries, duplicate submissions creating two distinct records and support references, and the absence of outbound HTTP or `OperationRun` side effects in `apps/platform/tests/Feature/SupportRequests/SupportRequestAuditTest.php`
|
||||
|
||||
### Implementation for User Story 3
|
||||
|
||||
- [x] T018 [US3] Finalize immutable persistence rules, explicit omission markers, explicit `missing` and inaccessible related-record markers, explicit exclusion of raw provider payload content from persisted context, and redacted audit payload shape in `apps/platform/app/Models/SupportRequest.php`, `apps/platform/app/Support/SupportRequests/SupportRequestContextBuilder.php`, `apps/platform/app/Support/SupportRequests/SupportRequestReferenceGenerator.php`, `apps/platform/app/Support/Audit/AuditActionId.php`, and `apps/platform/app/Services/Audit/WorkspaceAuditLogger.php`
|
||||
- [x] T019 [US3] Ensure the first slice introduces no edit flow, status workflow, external ticket reference, or support inbox surface while completing the create path on the two approved surfaces only
|
||||
|
||||
**Checkpoint**: User Story 3 is independently functional when support-request creation is deterministic, redacted, audited, and still bounded to the v1 create-only contract.
|
||||
|
||||
---
|
||||
|
||||
## Phase 6: Polish & Cross-Cutting Concerns
|
||||
|
||||
**Purpose**: Align wording, formatting, and the final validation suite before implementation close-out.
|
||||
|
||||
- [x] T020 [P] Confirm that `Request support`, `Support reference`, attachment-mode copy, omission markers, and redaction notes stay aligned across `apps/platform/app/Support/SupportRequests/`, `apps/platform/app/Filament/Pages/TenantDashboard.php`, and `apps/platform/app/Filament/Pages/Operations/TenantlessOperationRunViewer.php`
|
||||
- [x] T021 Run formatting on touched platform files with `export PATH="/bin:/usr/bin:/usr/local/bin:$PATH" && cd apps/platform && ./vendor/bin/sail bin pint --dirty --format agent`
|
||||
- [x] T022 Run the focused unit validation suite with `export PATH="/bin:/usr/bin:/usr/local/bin:$PATH" && cd apps/platform && ./vendor/bin/sail artisan test --compact tests/Unit/Support/SupportRequests/SupportRequestContextBuilderTest.php tests/Unit/Support/SupportRequests/SupportRequestReferenceTest.php`
|
||||
- [x] T023 Run the focused feature validation suite with `export PATH="/bin:/usr/bin:/usr/local/bin:$PATH" && cd apps/platform && ./vendor/bin/sail artisan test --compact tests/Feature/SupportRequests/TenantSupportRequestActionTest.php tests/Feature/SupportRequests/OperationRunSupportRequestActionTest.php tests/Feature/SupportRequests/SupportRequestAuthorizationTest.php tests/Feature/SupportRequests/SupportRequestAuditTest.php`
|
||||
- [x] T024 Record the final guardrail close-out and any bounded `document-in-feature` note for attachment-mode wording or tenant-dashboard exemption handling in `/Users/ahmeddarrazi/Documents/projects/wt-plattform/specs/246-support-request-context/plan.md` and `/Users/ahmeddarrazi/Documents/projects/wt-plattform/specs/246-support-request-context/checklists/requirements.md`
|
||||
|
||||
---
|
||||
|
||||
## Dependencies & Execution Order
|
||||
|
||||
### Phase Dependencies
|
||||
|
||||
- Phase 1 starts immediately.
|
||||
- Phase 2 depends on Phase 1 and blocks all user stories.
|
||||
- Phase 3 depends on Phase 2 and establishes the MVP tenant-context request flow.
|
||||
- Phase 4 depends on Phase 2 and is safest after Phase 3 because both stories extend the same shared support-request capture path.
|
||||
- Phase 5 depends on Phase 3 and Phase 4 because deterministic attachment, authorization, and audit behavior must cover both approved contexts.
|
||||
- Phase 6 depends on every implemented story.
|
||||
|
||||
### User Story Dependencies
|
||||
|
||||
- US1 is the MVP and first independently shippable increment.
|
||||
- US2 is independently testable but shares the same support-request capture path, so merge order should favor US1 first.
|
||||
- US3 depends on both P1 stories because deterministic context and audit proof must cover the shared request contract across both contexts.
|
||||
|
||||
### Within Each User Story
|
||||
|
||||
- Write the listed Pest coverage first and ensure it fails before implementation.
|
||||
- Complete shared capture-path changes before the final surface wiring pass when both are required.
|
||||
- Re-run the narrowest affected unit or feature suite after each story checkpoint before moving to the next story.
|
||||
|
||||
---
|
||||
|
||||
## Parallel Opportunities
|
||||
|
||||
### Phase 1
|
||||
|
||||
- T001 and T002 can run in parallel if one person confirms the feature package while another confirms the existing support-aware code seams.
|
||||
|
||||
### Phase 2
|
||||
|
||||
- T004 and T006 can run in parallel after T003 and T005 define the persisted support-request truth and shared capture shape.
|
||||
|
||||
### User Story 1
|
||||
|
||||
- T007 can start before runtime edits.
|
||||
- T008 and T009 can overlap once the shared capture path exists.
|
||||
|
||||
### User Story 2
|
||||
|
||||
- T011 can start before runtime edits.
|
||||
- T012 and T013 can overlap once the shared capture path exists.
|
||||
|
||||
### User Story 3
|
||||
|
||||
- T015, T016, and T017 can run in parallel.
|
||||
- T018 and T019 should stay sequential because both finalize the shared persistence and guardrail boundaries.
|
||||
|
||||
---
|
||||
|
||||
## Implementation Strategy
|
||||
|
||||
### MVP First
|
||||
|
||||
1. Complete Phase 1.
|
||||
2. Complete Phase 2.
|
||||
3. Complete Phase 3 (US1).
|
||||
4. Re-run the tenant-context suite and stop for review.
|
||||
|
||||
### Incremental Delivery
|
||||
|
||||
1. Deliver US1 to compress tenant-context support intake first.
|
||||
2. Add US2 so the same request truth can start from the canonical run detail surface.
|
||||
3. Add US3 to harden deterministic context, authorization, and audit behavior while keeping the slice bounded.
|
||||
|
||||
### Team Strategy
|
||||
|
||||
1. Finish Phase 2 together before splitting work.
|
||||
2. Parallelize test authoring inside each story.
|
||||
3. Sequence merges carefully around `apps/platform/app/Support/SupportRequests/SupportRequestContextBuilder.php`, because every story extends the same shared capture path.
|
||||
@ -0,0 +1,61 @@
|
||||
# Specification Quality Checklist: Plans, Entitlements & Billing Readiness
|
||||
|
||||
**Purpose**: Validate full preparation-package completeness and implementation readiness after planning and task generation
|
||||
**Created**: 2026-04-27
|
||||
**Feature**: [spec.md](../spec.md)
|
||||
|
||||
## Content Quality
|
||||
|
||||
- [x] Business value and operator outcomes stay explicit
|
||||
- [x] The first slice is bounded to one workspace plan profile, two entitlement keys, two first enforcement points, and one read-only system summary
|
||||
- [x] Runtime-governance sections are present for a future runtime feature, not treated as docs-only
|
||||
- [x] All mandatory sections are completed
|
||||
|
||||
## Requirement Completeness
|
||||
|
||||
- [x] No `[NEEDS CLARIFICATION]` markers remain
|
||||
- [x] Requirements are testable and unambiguous
|
||||
- [x] Acceptance scenarios are defined for the primary user journeys
|
||||
- [x] Edge cases are identified, including over-limit workspaces, existing artifacts, and unchanged queued runs
|
||||
- [x] Scope is clearly bounded away from checkout, invoices, payment providers, proration, trials, grace periods, and a customer-account domain
|
||||
- [x] Dependencies, assumptions, risks, and follow-up candidates are identified
|
||||
|
||||
## Feature Readiness
|
||||
|
||||
- [x] The first slice is small enough for bounded later planning
|
||||
- [x] Concrete repo surfaces are named for settings, onboarding, review-pack generation, and system visibility
|
||||
- [x] Follow-up commercial work is separated from the current slice instead of hidden inside it
|
||||
- [x] No unresolved product question blocks `/speckit.implement` once artifact analysis passes
|
||||
- [x] The selected candidate remains recognizable while the implementation slice stays narrow
|
||||
|
||||
## Governance Readiness
|
||||
|
||||
- [x] Workspace-owned settings are explicitly chosen over a new billing/account persistence model
|
||||
- [x] Capability-first RBAC and 404 versus 403 semantics remain explicit
|
||||
- [x] Entitlement denials are separated from RBAC denials and described as truthful product-state blocks
|
||||
- [x] System-plane visibility is read-only and auditable in the first slice
|
||||
- [x] Operator-facing surfaces include the required UI contract sections and action matrix
|
||||
- [x] Livewire v4 compliance, unchanged provider registration location, no global-search changes, confirmation expectations for destructive actions, and no asset-strategy changes are explicit in the package
|
||||
|
||||
## Test Governance Review
|
||||
|
||||
- [x] Lane fit stays in focused unit plus feature validation only
|
||||
- [x] Fixture and helper growth stays local to workspace, tenant, review-pack, and platform-directory contexts
|
||||
- [x] No browser or heavy-governance family is introduced implicitly
|
||||
- [x] Minimal validation commands are explicit in the spec
|
||||
- [x] Runtime impact is treated as a real future feature, not as a documentation-only update
|
||||
|
||||
## Review Outcome
|
||||
|
||||
- [x] Review outcome class: `keep`
|
||||
- [x] Workflow outcome: `keep`
|
||||
- [x] Next command readiness: `/speckit.implement` after analyze issues are cleared
|
||||
|
||||
## Notes
|
||||
|
||||
- This checklist now validates the full preparation package: spec, plan, supporting design artifacts, and tasks. It does not imply that application code already exists.
|
||||
- The first slice intentionally stops before trial or grace lifecycle state, payment integration, broader plan matrices, or any customer-account domain.
|
||||
- System-plane mutation is deferred on purpose; the first slice keeps system visibility read-only to avoid creating a second commercial source of truth.
|
||||
- Implementation close-out note (2026-04-27): the bounded slice has now been implemented and the focused validation lanes completed. The final post-format review-pack and system-directory lane passed at `31 passed (133 assertions)`.
|
||||
- Browser smoke close-out note (2026-04-27): an integrated-browser smoke attempt was made because the slice changed user-facing Filament surfaces, but the environment could not provide a reliable authenticated tenant/system panel context. The smoke result is therefore classified as environment-blocked rather than pass/fail.
|
||||
- Shared-surface note (2026-04-27): the final proof for blocked review-pack actions relies on the shared operator-facing tooltip helper text plus disabled action state. Direct tooltip-object inspection on the wrapped recordless Filament header action was not stable enough to serve as the final regression check.
|
||||
@ -0,0 +1,456 @@
|
||||
openapi: 3.0.3
|
||||
info:
|
||||
title: TenantPilot Admin/System — Workspace Entitlements Foundation (Conceptual)
|
||||
version: 0.1.0
|
||||
description: |
|
||||
Conceptual contract for the workspace-first entitlement foundation.
|
||||
|
||||
NOTE: These routes are implemented as existing Filament pages, widgets,
|
||||
resources, and Livewire-backed actions. The exact Livewire payload shape is
|
||||
not part of this contract. This file captures the user-visible routes,
|
||||
logical action boundaries, and the required 404 / 403 / business-state
|
||||
blocking semantics for the first slice.
|
||||
servers:
|
||||
- url: /admin
|
||||
- url: /system
|
||||
paths:
|
||||
/settings/workspace:
|
||||
get:
|
||||
summary: View workspace entitlement settings
|
||||
description: |
|
||||
Renders the existing workspace settings singleton page with one new
|
||||
entitlement section.
|
||||
|
||||
Behavior:
|
||||
- No workspace selected: redirect to `/admin/choose-workspace`
|
||||
- Non-member or wrong workspace: 404
|
||||
- Workspace member without `workspace_settings.view`: 403
|
||||
- Authorized member: render plan profile, effective entitlements,
|
||||
source labels, rationale, and current usage summary
|
||||
responses:
|
||||
'200':
|
||||
description: Workspace settings page rendered
|
||||
content:
|
||||
text/html:
|
||||
schema:
|
||||
type: string
|
||||
x-logical-view-model:
|
||||
$ref: '#/components/schemas/WorkspaceEntitlementSettingsView'
|
||||
'302':
|
||||
description: Redirect to choose-workspace when no workspace is active
|
||||
'403':
|
||||
$ref: '#/components/responses/Forbidden'
|
||||
'404':
|
||||
$ref: '#/components/responses/NotFound'
|
||||
/settings/workspace/actions/save-entitlements:
|
||||
post:
|
||||
summary: Save plan profile and explicit entitlement overrides
|
||||
description: |
|
||||
Conceptual contract for the existing singleton settings save action.
|
||||
The save reuses existing workspace-setting persistence and audit logging.
|
||||
requestBody:
|
||||
required: true
|
||||
content:
|
||||
application/json:
|
||||
schema:
|
||||
$ref: '#/components/schemas/WorkspaceEntitlementSettingsCommand'
|
||||
responses:
|
||||
'204':
|
||||
description: Settings saved successfully
|
||||
'403':
|
||||
$ref: '#/components/responses/Forbidden'
|
||||
'404':
|
||||
$ref: '#/components/responses/NotFound'
|
||||
'422':
|
||||
$ref: '#/components/responses/ValidationError'
|
||||
/settings/workspace/actions/reset-entitlement-override/{entitlementKey}:
|
||||
post:
|
||||
summary: Reset one explicit entitlement override and rationale
|
||||
description: |
|
||||
Conceptual contract for a confirmation-protected override reset action.
|
||||
Resetting returns effective truth to the selected plan profile or the
|
||||
code-owned default profile.
|
||||
parameters:
|
||||
- $ref: '#/components/parameters/EntitlementKey'
|
||||
responses:
|
||||
'204':
|
||||
description: Override reset successfully
|
||||
'403':
|
||||
$ref: '#/components/responses/Forbidden'
|
||||
'404':
|
||||
$ref: '#/components/responses/NotFound'
|
||||
/onboarding/{onboardingDraft}:
|
||||
get:
|
||||
summary: View onboarding workflow with entitlement-aware completion state
|
||||
description: |
|
||||
Renders the existing managed-tenant onboarding wizard. The completion
|
||||
step must include managed-tenant activation entitlement truth.
|
||||
parameters:
|
||||
- $ref: '#/components/parameters/OnboardingDraftId'
|
||||
responses:
|
||||
'200':
|
||||
description: Onboarding wizard rendered
|
||||
content:
|
||||
text/html:
|
||||
schema:
|
||||
type: string
|
||||
x-logical-view-model:
|
||||
$ref: '#/components/schemas/OnboardingEntitlementView'
|
||||
'403':
|
||||
$ref: '#/components/responses/Forbidden'
|
||||
'404':
|
||||
$ref: '#/components/responses/NotFound'
|
||||
/onboarding/{onboardingDraft}/actions/complete:
|
||||
post:
|
||||
summary: Complete onboarding when entitlement and existing readiness allow
|
||||
description: |
|
||||
Conceptual contract for the existing confirmation-protected completion
|
||||
action. The entitlement gate must run before any tenant activation
|
||||
mutation occurs.
|
||||
parameters:
|
||||
- $ref: '#/components/parameters/OnboardingDraftId'
|
||||
responses:
|
||||
'204':
|
||||
description: Onboarding completed
|
||||
'403':
|
||||
$ref: '#/components/responses/Forbidden'
|
||||
'404':
|
||||
$ref: '#/components/responses/NotFound'
|
||||
'409':
|
||||
$ref: '#/components/responses/BusinessStateBlocked'
|
||||
/review-packs/actions/generate:
|
||||
post:
|
||||
summary: Generate a review pack from the current tenant context
|
||||
description: |
|
||||
Conceptual contract for the tenant dashboard widget and review-pack list
|
||||
generate action family. Existing dedupe and queued-start behavior remain
|
||||
unchanged when entitlement allows execution.
|
||||
requestBody:
|
||||
required: false
|
||||
content:
|
||||
application/json:
|
||||
schema:
|
||||
$ref: '#/components/schemas/ReviewPackGenerationCommand'
|
||||
responses:
|
||||
'202':
|
||||
description: Generation accepted or deduped through the existing flow
|
||||
'403':
|
||||
$ref: '#/components/responses/Forbidden'
|
||||
'404':
|
||||
$ref: '#/components/responses/NotFound'
|
||||
'409':
|
||||
$ref: '#/components/responses/BusinessStateBlocked'
|
||||
/tenant-reviews/{tenantReview}/actions/export-executive-pack:
|
||||
post:
|
||||
summary: Export an executive pack from an existing tenant review
|
||||
description: |
|
||||
Conceptual contract for the review register and tenant review detail
|
||||
export action family. The entitlement gate must run before any new
|
||||
`ReviewPack` or `OperationRun` is created.
|
||||
parameters:
|
||||
- $ref: '#/components/parameters/TenantReviewId'
|
||||
responses:
|
||||
'202':
|
||||
description: Export accepted or deduped through the existing flow
|
||||
'403':
|
||||
$ref: '#/components/responses/Forbidden'
|
||||
'404':
|
||||
$ref: '#/components/responses/NotFound'
|
||||
'409':
|
||||
$ref: '#/components/responses/BusinessStateBlocked'
|
||||
/review-packs/{reviewPack}/actions/regenerate:
|
||||
post:
|
||||
summary: Regenerate an existing review pack
|
||||
description: |
|
||||
Conceptual contract for the existing review-pack detail regenerate
|
||||
action. Existing confirmation and reuse behavior remain in place.
|
||||
parameters:
|
||||
- $ref: '#/components/parameters/ReviewPackId'
|
||||
requestBody:
|
||||
required: false
|
||||
content:
|
||||
application/json:
|
||||
schema:
|
||||
$ref: '#/components/schemas/ReviewPackGenerationCommand'
|
||||
responses:
|
||||
'202':
|
||||
description: Regeneration accepted or deduped through the existing flow
|
||||
'403':
|
||||
$ref: '#/components/responses/Forbidden'
|
||||
'404':
|
||||
$ref: '#/components/responses/NotFound'
|
||||
'409':
|
||||
$ref: '#/components/responses/BusinessStateBlocked'
|
||||
/directory/workspaces/{workspace}:
|
||||
get:
|
||||
summary: View read-only workspace entitlement summary in the system plane
|
||||
description: |
|
||||
Renders the existing system directory workspace detail page with a
|
||||
read-only entitlement summary.
|
||||
|
||||
Behavior:
|
||||
- Platform user with `platform.directory.view`: 200
|
||||
- Platform user without that capability: 403
|
||||
- Wrong-plane or non-platform actor: 404 semantics at the panel boundary
|
||||
parameters:
|
||||
- $ref: '#/components/parameters/WorkspaceId'
|
||||
responses:
|
||||
'200':
|
||||
description: System workspace detail rendered
|
||||
content:
|
||||
text/html:
|
||||
schema:
|
||||
type: string
|
||||
x-logical-view-model:
|
||||
$ref: '#/components/schemas/SystemWorkspaceEntitlementView'
|
||||
'403':
|
||||
$ref: '#/components/responses/Forbidden'
|
||||
'404':
|
||||
$ref: '#/components/responses/NotFound'
|
||||
components:
|
||||
parameters:
|
||||
WorkspaceId:
|
||||
name: workspace
|
||||
in: path
|
||||
required: true
|
||||
schema:
|
||||
type: integer
|
||||
OnboardingDraftId:
|
||||
name: onboardingDraft
|
||||
in: path
|
||||
required: true
|
||||
schema:
|
||||
type: integer
|
||||
TenantReviewId:
|
||||
name: tenantReview
|
||||
in: path
|
||||
required: true
|
||||
schema:
|
||||
type: integer
|
||||
ReviewPackId:
|
||||
name: reviewPack
|
||||
in: path
|
||||
required: true
|
||||
schema:
|
||||
type: integer
|
||||
EntitlementKey:
|
||||
name: entitlementKey
|
||||
in: path
|
||||
required: true
|
||||
schema:
|
||||
type: string
|
||||
enum:
|
||||
- managed_tenant_activation_limit
|
||||
- review_pack_generation_enabled
|
||||
responses:
|
||||
Forbidden:
|
||||
description: Member or platform user lacks the required capability in an already established scope
|
||||
NotFound:
|
||||
description: Wrong plane, non-member scope, or inaccessible record
|
||||
BusinessStateBlocked:
|
||||
description: Actor is otherwise authorized, but the workspace is not entitled for the requested action
|
||||
content:
|
||||
application/json:
|
||||
schema:
|
||||
$ref: '#/components/schemas/EntitlementBlockResponse'
|
||||
ValidationError:
|
||||
description: Submitted entitlement settings failed validation
|
||||
schemas:
|
||||
WorkspaceEntitlementSettingsCommand:
|
||||
type: object
|
||||
required:
|
||||
- plan_profile
|
||||
- entitlements
|
||||
properties:
|
||||
plan_profile:
|
||||
type: string
|
||||
nullable: true
|
||||
description: Null means use the code-owned default profile
|
||||
entitlements:
|
||||
type: array
|
||||
items:
|
||||
$ref: '#/components/schemas/EntitlementOverrideInput'
|
||||
EntitlementOverrideInput:
|
||||
type: object
|
||||
required:
|
||||
- key
|
||||
properties:
|
||||
key:
|
||||
type: string
|
||||
enum:
|
||||
- managed_tenant_activation_limit
|
||||
- review_pack_generation_enabled
|
||||
override_value:
|
||||
oneOf:
|
||||
- type: integer
|
||||
- type: boolean
|
||||
nullable: true
|
||||
rationale:
|
||||
type: string
|
||||
nullable: true
|
||||
ReviewPackGenerationCommand:
|
||||
type: object
|
||||
properties:
|
||||
include_pii:
|
||||
type: boolean
|
||||
include_operations:
|
||||
type: boolean
|
||||
WorkspaceEntitlementSettingsView:
|
||||
type: object
|
||||
required:
|
||||
- workspace_id
|
||||
- effective_plan_profile
|
||||
- entitlements
|
||||
- primary_action
|
||||
properties:
|
||||
workspace_id:
|
||||
type: integer
|
||||
effective_plan_profile:
|
||||
$ref: '#/components/schemas/PlanProfileSummary'
|
||||
entitlements:
|
||||
type: array
|
||||
items:
|
||||
$ref: '#/components/schemas/WorkspaceEntitlementDecision'
|
||||
last_changed:
|
||||
$ref: '#/components/schemas/LastChangedAttribution'
|
||||
nullable: true
|
||||
primary_action:
|
||||
$ref: '#/components/schemas/NextAction'
|
||||
OnboardingEntitlementView:
|
||||
type: object
|
||||
required:
|
||||
- draft_id
|
||||
- completion_decision
|
||||
properties:
|
||||
draft_id:
|
||||
type: integer
|
||||
completion_decision:
|
||||
$ref: '#/components/schemas/WorkspaceEntitlementDecision'
|
||||
primary_action:
|
||||
$ref: '#/components/schemas/NextAction'
|
||||
blocked_reason:
|
||||
type: string
|
||||
nullable: true
|
||||
SystemWorkspaceEntitlementView:
|
||||
type: object
|
||||
required:
|
||||
- workspace_id
|
||||
- effective_plan_profile
|
||||
- entitlements
|
||||
properties:
|
||||
workspace_id:
|
||||
type: integer
|
||||
effective_plan_profile:
|
||||
$ref: '#/components/schemas/PlanProfileSummary'
|
||||
entitlements:
|
||||
type: array
|
||||
items:
|
||||
$ref: '#/components/schemas/WorkspaceEntitlementDecision'
|
||||
last_changed:
|
||||
$ref: '#/components/schemas/LastChangedAttribution'
|
||||
nullable: true
|
||||
PlanProfileSummary:
|
||||
type: object
|
||||
required:
|
||||
- id
|
||||
- label
|
||||
properties:
|
||||
id:
|
||||
type: string
|
||||
label:
|
||||
type: string
|
||||
description:
|
||||
type: string
|
||||
nullable: true
|
||||
source:
|
||||
type: string
|
||||
enum: [workspace_selection, code_default]
|
||||
WorkspaceEntitlementDecision:
|
||||
type: object
|
||||
required:
|
||||
- key
|
||||
- effective_value
|
||||
- source
|
||||
- is_blocked
|
||||
properties:
|
||||
key:
|
||||
type: string
|
||||
enum:
|
||||
- managed_tenant_activation_limit
|
||||
- review_pack_generation_enabled
|
||||
effective_value:
|
||||
oneOf:
|
||||
- type: integer
|
||||
- type: boolean
|
||||
source:
|
||||
type: string
|
||||
enum: [plan_profile_default, workspace_override]
|
||||
rationale:
|
||||
type: string
|
||||
nullable: true
|
||||
current_usage:
|
||||
type: integer
|
||||
nullable: true
|
||||
remaining_capacity:
|
||||
type: integer
|
||||
nullable: true
|
||||
is_blocked:
|
||||
type: boolean
|
||||
block_reason:
|
||||
type: string
|
||||
nullable: true
|
||||
LastChangedAttribution:
|
||||
type: object
|
||||
required:
|
||||
- at
|
||||
- by
|
||||
properties:
|
||||
at:
|
||||
type: string
|
||||
format: date-time
|
||||
by:
|
||||
type: string
|
||||
EntitlementBlockResponse:
|
||||
type: object
|
||||
required:
|
||||
- key
|
||||
- reason
|
||||
properties:
|
||||
key:
|
||||
type: string
|
||||
reason:
|
||||
type: string
|
||||
source:
|
||||
type: string
|
||||
enum: [plan_profile_default, workspace_override]
|
||||
current_usage:
|
||||
type: integer
|
||||
nullable: true
|
||||
effective_value:
|
||||
oneOf:
|
||||
- type: integer
|
||||
- type: boolean
|
||||
NextAction:
|
||||
type: object
|
||||
required:
|
||||
- label
|
||||
- kind
|
||||
properties:
|
||||
label:
|
||||
type: string
|
||||
kind:
|
||||
type: string
|
||||
enum:
|
||||
- save_entitlements
|
||||
- reset_override
|
||||
- complete_onboarding
|
||||
- generate_pack
|
||||
- export_executive_pack
|
||||
- regenerate_pack
|
||||
- open_admin_workspace
|
||||
action_name:
|
||||
type: string
|
||||
nullable: true
|
||||
url:
|
||||
type: string
|
||||
nullable: true
|
||||
Some files were not shown because too many files have changed in this diff Show More
Loading…
Reference in New Issue
Block a user