# Data Model: Post-Cutover Suite Stabilization & Baseline Reconciliation

## Overview

`293` introduces no new application entity, table, or persisted runtime artifact. Its only modeled data is spec-local preparation truth for later implementation: one failure-classification artifact, one bounded failure-category inventory, and one bounded stabilization-seam inventory.

## Pinned Failure-Classification Categories

| Category | Meaning | Default Treatment in `293` |
|---|---|---|
| `cutover-baseline-debt` | stale test or baseline expectation caused directly by the `287` and `288` cutover truth | fix in `293` |
| `cutover-runtime-regression` | current workspace-first primary path is actually broken | allow minimal targeted fix in `293` if proven |
| `unrelated-existing-debt` | existing failure outside the cutover stabilization scope | document, do not silently absorb |
| `flaky-or-environment` | nondeterministic or environment-specific failure | isolate, rerun, and document |
| `resolved-or-not-needed` | initially suspected cutover debt that no longer needs work after classification or adjacent repair | record and stop |

## Pinned Stabilization Seams

| Seam Key | Meaning | Primary Targets |
|---|---|---|
| `tenant_panel_baseline` | tests still assuming TenantPanel or `panel: 'tenant'` as current runtime truth | panel navigation and adjacent helper expectations |
| `legacy_admin_t_routes` | tests still expecting `/admin/t/...` management paths to behave as canonical runtime routes | panel navigation, required-permissions, provider routes |
| `workspace_aware_operations_routes` | tests or helpers generating operations routes without `workspace` context | OpsUx helpers, action-surface links, operations route tests |
| `legacy_required_permissions_provider_connections` | tests still expecting tenant-scoped required-permissions or provider-connection URLs to be canonical | provider-connection and verification-adjacent surfaces |
| `action_surface_rebaseline` | stale action expectations caused only by workspace-first, environment-scope, or TenantPanel removal | action-surface, RBAC, and adjacent Filament expectations |

## Spec-Local Artifact: `failure-classification.md`

| Field | Meaning |
|---|---|
| `Group` | failing test, test family, or lane-visible group |
| `Seam` | one or more pinned stabilization seams, or `N/A` when the failure is unrelated |
| `Category` | one pinned failure category |
| `Reason` | short explanation for why the group belongs to that category |
| `Fix In 293?` | `yes`, `no`, or `only-if-proven-runtime-regression` |
| `Follow-up` | next action if the group remains open |
| `Status` | current implementation-tracking note |

## Invariants

- The same five failure-classification categories must appear in `spec.md`, `plan.md`, `tasks.md`, `research.md`, `quickstart.md`, `checklists/requirements.md`, and `failure-classification.md`.
- The same five stabilization seams must appear in `spec.md`, `plan.md`, `tasks.md`, `research.md`, and `failure-classification.md`.
- `293` introduces no new runtime product state and no new runtime persistence.
- `293` must not reactivate TenantPanel, `/admin/t/...`, or tenant-scoped provider fallback routes.
- `293` must keep the Spec `288` proof pack and browser anchors green.

## Out-of-Scope Data Changes

- no database migrations by default
- no new provider registry or provider execution contract
- no new RBAC role family or persisted access overlay
- no new browser fixture family
- no new runtime ledger or stabilization table