# Tasks: Tenant-Owned Surface Route Audit **Input**: Design documents from `/specs/302-tenant-owned-surface-route-audit/` **Prerequisites**: `spec.md`, `plan.md`, `checklists/requirements.md` **Tests**: No new runtime tests are planned. This is a docs/spec-artifact audit. Existing focused Pest feature tests are used as evidence and validation. ## Test Governance Checklist - [x] Lane assignment is named and is the narrowest sufficient proof for the changed behavior. - [x] New or changed tests stay N/A because no application behavior changes. - [x] Shared helpers, factories, seeds, fixtures, and context defaults stay unchanged. - [x] Planned validation commands cover the audit evidence without adding unrelated lane cost. - [x] The declared surface test profile is `standard-native-filament`. - [x] Any material budget, baseline, trend, or escalation note is recorded as none or as a follow-up blocker in the audit artifact. ## Phase 1: Preparation and Scope Lock **Purpose**: Confirm this implementation remains an audit artifact and does not reopen completed specs or runtime work. - [x] T001 Review `specs/302-tenant-owned-surface-route-audit/spec.md`, `specs/302-tenant-owned-surface-route-audit/plan.md`, and `specs/302-tenant-owned-surface-route-audit/checklists/requirements.md` before editing any artifact. - [x] T002 Review `docs/product/spec-candidates.md` Admin Workspace Navigation & Tenant-owned Surface Repair candidate group and confirm this implementation is limited to `tenant-owned-surface-route-audit`. - [x] T003 Review `specs/301-admin-inventory-navigation-cutover/spec.md`, `specs/301-admin-inventory-navigation-cutover/plan.md`, and `specs/301-admin-inventory-navigation-cutover/tasks.md` as completed context only; do not modify them. - [x] T004 Run `git status --short --branch` from `/Users/ahmeddarrazi/Documents/projects/wt-plattform` and stop if unrelated uncommitted changes exist. - [x] T005 Create `specs/302-tenant-owned-surface-route-audit/surface-route-audit.md` with sections for audit scope, matrix, repair order, validation evidence, and unresolved blockers. - [x] T006 Record in `specs/302-tenant-owned-surface-route-audit/surface-route-audit.md` that application runtime code, tests, routes, migrations, assets, policies, jobs, and Filament classes are not to be edited in this spec. --- ## Phase 2: User Story 1 - Inventory the Tenant-Owned Admin Surface Set (Priority: P1) **Goal**: Produce the initial repo-derived tenant-owned surface inventory. **Independent Test**: The audit matrix contains one row for every first-slice tenant-owned family plus relevant residual or exception surfaces. - [x] T007 [P] [US1] Extract first-slice surface families from `apps/platform/app/Support/WorkspaceIsolation/TenantOwnedModelFamilies.php` into `specs/302-tenant-owned-surface-route-audit/surface-route-audit.md`. - [x] T008 [P] [US1] Extract residual rollout and explicit scope-exception surfaces from `apps/platform/app/Support/WorkspaceIsolation/TenantOwnedModelFamilies.php` into `specs/302-tenant-owned-surface-route-audit/surface-route-audit.md`. - [x] T009 [P] [US1] Cross-check tenant-owned Filament resources under `apps/platform/app/Filament/Resources/` and add any admin-relevant resource/page owner notes to `specs/302-tenant-owned-surface-route-audit/surface-route-audit.md`. - [x] T010 [P] [US1] Cross-check tenant-owned or managed-environment-bound Filament pages under `apps/platform/app/Filament/Pages/` and add any non-resource surfaces to `specs/302-tenant-owned-surface-route-audit/surface-route-audit.md`. - [x] T011 [US1] Mark subordinate surfaces such as relation managers or indirect evidence/report sections in `specs/302-tenant-owned-surface-route-audit/surface-route-audit.md` without inventing standalone routes. --- ## Phase 3: User Story 2 - Classify Route, Navigation, Search, and RBAC Posture (Priority: P2) **Goal**: Classify every audited surface against the existing repo contracts. **Independent Test**: Each matrix row has route posture, navigation posture, context source, global-search posture, RBAC posture, proof, blocker, migration state, and recommended next action. - [x] T012 [P] [US2] Audit route generation and route reachability for each surface using `apps/platform/app/Filament/Concerns/WorkspaceScopedTenantRoutes.php`, `apps/platform/routes/web.php`, and resource `getPages()` declarations; record results in `specs/302-tenant-owned-surface-route-audit/surface-route-audit.md`. - [x] T013 [P] [US2] Audit navigation registration for each surface using `apps/platform/app/Support/Navigation/NavigationScope.php`, `shouldRegisterNavigation()` methods, and relevant cluster/page/resource classes; record results in `specs/302-tenant-owned-surface-route-audit/surface-route-audit.md`. - [x] T014 [P] [US2] Audit managed-environment context resolution using `apps/platform/app/Support/OperateHub/OperateHubShell.php`, `apps/platform/app/Filament/Concerns/ResolvesPanelTenantContext.php`, and workspace-context helpers; record results in `specs/302-tenant-owned-surface-route-audit/surface-route-audit.md`. - [x] T015 [P] [US2] Audit tenant-scoped global-search posture using `apps/platform/app/Filament/Concerns/ScopesGlobalSearchToTenant.php`, resource search configuration, and `TenantOwnedModelFamilies::searchPostureForModel()`; record results in `specs/302-tenant-owned-surface-route-audit/surface-route-audit.md`. - [x] T016 [P] [US2] For any globally searchable resource, verify an Edit or View page exists or global search is disabled, using resource `getPages()` declarations under `apps/platform/app/Filament/Resources/`; record the finding in `specs/302-tenant-owned-surface-route-audit/surface-route-audit.md`. - [x] T017 [P] [US2] Audit RBAC and denial semantics from `canAccess`, `canViewAny`, policies/capabilities, route middleware, and relevant tests under `apps/platform/tests/Feature/Filament/`; record non-member 404 and member-missing-capability 403 posture in `specs/302-tenant-owned-surface-route-audit/surface-route-audit.md`. - [x] T018 [US2] Assign each audited row exactly one migration state in `specs/302-tenant-owned-surface-route-audit/surface-route-audit.md`: migrated, partial cutover, stale panel logic, valid context gate, valid RBAC, ambiguous product IA, or dead-code dependent. - [x] T019 [US2] Mark missing proof, stale test contracts, or ambiguous product IA as blockers in `specs/302-tenant-owned-surface-route-audit/surface-route-audit.md` instead of editing application tests or code. --- ## Phase 4: User Story 3 - Produce a Sequenced Repair Order (Priority: P3) **Goal**: Convert the classification into bounded follow-up recommendations. **Independent Test**: The audit artifact contains one ordered repair list and each recommendation is scoped as a separate candidate or explicitly deferred. - [x] T020 [US3] Add a repair-order section to `specs/302-tenant-owned-surface-route-audit/surface-route-audit.md` that orders stale panel logic, partial cutover, product IA blockers, and dead-code dependencies. - [x] T021 [US3] Keep `admin-directory-groups-cutover` as a separate recommendation in `specs/302-tenant-owned-surface-route-audit/surface-route-audit.md` unless the audit proves it should remain deferred. - [x] T022 [US3] Keep `navigation-contract-split` as conditional follow-up in `specs/302-tenant-owned-surface-route-audit/surface-route-audit.md`, only if shared contract drift remains after bounded repairs. - [x] T023 [US3] Keep `tenant-panel-dead-code-retirement` after route/navigation dependency decisions in `specs/302-tenant-owned-surface-route-audit/surface-route-audit.md`. - [x] T024 [US3] Add any newly discovered surface-specific repair candidates to `specs/302-tenant-owned-surface-route-audit/surface-route-audit.md` with one-sentence scope, blocker, and why it should not be bundled into this audit. --- ## Phase 5: Validation Evidence **Purpose**: Use existing tests and source checks to validate the audit without changing runtime behavior. - [x] T025 Run `cd apps/platform && ./vendor/bin/sail artisan test --compact tests/Feature/Filament/PanelNavigationSegregationTest.php tests/Feature/Filament/AdminTenantSurfaceParityTest.php tests/Feature/Filament/AdminSharedSurfacePanelParityTest.php tests/Feature/Filament/TenantOwnedResourceScopeParityTest.php tests/Feature/Filament/EntraGroupAdminScopeTest.php tests/Feature/Filament/EntraGroupGlobalSearchScopeTest.php tests/Feature/Filament/PolicyResourceAdminSearchParityTest.php tests/Feature/Filament/PolicyVersionAdminSearchParityTest.php` and record pass/fail evidence in `specs/302-tenant-owned-surface-route-audit/surface-route-audit.md`. - [x] T026 Validation command did not fail; no runtime patch was needed in this spec. - [x] T027 Run `git diff --check` from `/Users/ahmeddarrazi/Documents/projects/wt-plattform` and resolve only whitespace/artifact issues inside `specs/302-tenant-owned-surface-route-audit/`. - [x] T028 Run `git status --short` from `/Users/ahmeddarrazi/Documents/projects/wt-plattform` and confirm the changed files are limited to `specs/302-tenant-owned-surface-route-audit/`. --- ## Phase 6: Filament, RBAC, and Scope Review **Purpose**: Close the preparation contract and prevent hidden runtime implementation. - [x] T029 Confirm in `specs/302-tenant-owned-surface-route-audit/surface-route-audit.md` that Filament v5 and Livewire v4 compatibility is preserved because no runtime APIs changed. - [x] T030 Confirm in `specs/302-tenant-owned-surface-route-audit/surface-route-audit.md` that no panel provider registration changed and Laravel provider registration remains in `apps/platform/bootstrap/providers.php`. - [x] T031 Confirm in `specs/302-tenant-owned-surface-route-audit/surface-route-audit.md` that globally searchable resources have Edit/View pages or are recorded as disabled/not applicable. - [x] T032 Confirm in `specs/302-tenant-owned-surface-route-audit/surface-route-audit.md` that no destructive actions were added or changed, and any destructive-action concerns are listed only as follow-up observations. - [x] T033 Confirm in `specs/302-tenant-owned-surface-route-audit/surface-route-audit.md` that no assets were registered and deployment `filament:assets` requirements are unchanged. - [x] T034 Update `specs/302-tenant-owned-surface-route-audit/spec.md`, `specs/302-tenant-owned-surface-route-audit/plan.md`, or `specs/302-tenant-owned-surface-route-audit/tasks.md` only if the audit discovers a preparation-artifact inconsistency that blocks safe implementation handoff. --- ## Dependencies - Phase 1 must complete before the audit matrix is created. - Phase 2 inventory must complete before Phase 3 classification. - Phase 3 classification must complete before Phase 4 repair ordering. - Phase 5 validation can run after enough matrix rows exist to cite evidence. - Phase 6 closes the handoff after validation evidence is recorded. ## Parallel Execution Examples - T007, T008, T009, and T010 can run in parallel because they read different inventory sources and write distinct sections/rows in `surface-route-audit.md`. - T012, T013, T014, T015, T016, and T017 can run in parallel if each worker owns different columns or surface groups in `surface-route-audit.md`. - T021, T022, T023, and T024 can run in parallel after T020 establishes the repair-order section. ## Implementation Strategy 1. Complete the audit matrix before making recommendations. 2. Prefer evidence-backed classifications over speculative cleanup. 3. Treat missing proof as a finding, not a reason to broaden this spec. 4. Stop and create a follow-up candidate if runtime changes appear necessary. ## Explicit Non-Goals - [x] Do not modify application runtime code. - [x] Do not modify application tests. - [x] Do not add or change routes. - [x] Do not change Filament resources, pages, clusters, widgets, or Livewire components. - [x] Do not create migrations, models, services, jobs, policies, commands, views, or assets. - [x] Do not re-enable hidden navigation. - [x] Do not implement Entra Groups cutover. - [x] Do not split the navigation contract. - [x] Do not retire tenant-panel dead code.