# Requirements Checklist: Admin Directory Groups Cutover **Purpose**: Validate that the Spec 303 preparation package is complete, bounded, and ready for implementation. **Created**: 2026-05-14 **Feature**: [spec.md](../spec.md) ## Applicability And Low-Impact Gate - [x] The package explicitly changes an operator-facing navigation/resource/search surface and does not use a false low-impact `N/A`. - [x] `spec.md`, `plan.md`, and `tasks.md` carry the same native Filament navigation/resource/search classification, shared-family relevance, and no-new-action decision. ## Candidate Selection - [x] The selected candidate exists in `docs/product/spec-candidates.md` as `admin-directory-groups-cutover`. - [x] The candidate was explicitly manually promoted by the user and assigned number `303`. - [x] Spec 301 is treated as completed Inventory context and is not modified. - [x] Spec 302 is treated as completed audit evidence and is not modified. - [x] Close alternatives are deferred: `navigation-contract-split`, `tenant-panel-dead-code-retirement`, and any broader Directory/Admin Roles IA. ## Scope And Requirements - [x] Entra Groups has an explicit admin role as a secondary environment-bound Directory/Identity surface. - [x] Workspace-home sidebar cleanliness remains an explicit negative-control requirement. - [x] Environment-bound Groups visibility is explicit and testable. - [x] List, View, and global-search scoping requirements cover no-context, cross-environment, and cross-workspace cases. - [x] Global-search View destination requirements explicitly reject legacy `/admin/t` routes. - [x] No generic M365 Admin mirror or broad Identity Center is in scope. - [x] No new group mutation/admin action is in scope. - [x] No new persistence, migration, model, service, job, provider contract, route family, asset, or provider registration change is introduced. ## Native, Shared-Family, And State Ownership - [x] The surface remains native Filament resource navigation, table, View page, and global search. - [x] The shared paths to reuse are named as `NavigationScope`, `OperateHubShell`, `ScopesGlobalSearchToTenant`, `ResolvesPanelTenantContext`, and tenant-owned record helpers. - [x] Shell, page, route context, remembered environment context, and record resolution are named without introducing a second state owner. - [x] The likely next operator action is coherent: open or inspect Groups inside the selected environment. ## Shared Pattern Reuse - [x] Navigation and search interaction classes are explicitly marked. - [x] The package extends existing navigation/context/search helpers instead of adding a Directory navigation framework. - [x] No direct-route posture is retained; Entra Groups uses workspace/environment resource routes. ## OperationRun Start UX Contract - [x] The package explicitly says it does not create, queue, deduplicate, resume, block, complete, or deep-link to a new `OperationRun`. - [x] Existing directory group sync behavior remains outside new behavior and must continue using existing shared operation-start helpers if touched. - [x] No queued or terminal notification policy changes are introduced. ## Provider Boundary And Vocabulary - [x] The package explicitly classifies the provider/platform boundary as mixed and bounded. - [x] Microsoft Entra terminology remains provider-owned and does not become platform-core identity truth. - [x] Operator-visible terms prefer Workspace, Managed Environment, Directory Groups, and Directory inventory. ## Signals, Exceptions, And Test Depth - [x] The triggered repository signal is classified as a review-mandatory Groups navigation/search repair. - [x] No broad exception is needed; `WorkspaceScopedTenantRoutes` was adopted and verified. - [x] The required surface profile is `standard-native-filament`. - [x] Planned proof stays focused on Pest feature tests plus one explicit Browser smoke for the rendered sidebar navigation path. - [x] Fixture/helper cost remains low and reuses existing workspace/environment test helpers. ## Audience-Aware Disclosure And Decision Hierarchy - [x] Directory Groups is secondary context, not a primary decision surface. - [x] Workspace home remains workspace-level and avoids environment-owned default-visible content. - [x] Raw/support diagnostics are not promoted by navigation. - [x] Exactly one dominant navigation intent is preserved: open Groups within the active environment. ## Filament v5 Checklist - [x] Filament v5 targets Livewire v4.0+; this repo currently uses Livewire 4.1.4. - [x] No provider registration changes are planned; existing providers remain registered in `apps/platform/bootstrap/providers.php`. - [x] `EntraGroupResource` has a View page, so global search destination eligibility is satisfied. - [x] Global-search result URL customization is explicitly covered by requirements and tasks. - [x] No destructive actions are introduced or changed. - [x] No assets are registered; deploy `filament:assets` posture remains unchanged. - [x] Planned tests target Filament navigation/resource/search behavior using Feature tests. ## Review Outcome - [x] Review outcome class: `acceptable-special-case`. - [x] Workflow outcome: `document-in-feature`. - [x] Final note location: active feature PR close-out entry `Guardrail / Exception / Smoke Coverage`. ## Preparation Result - No application implementation was performed while preparing this package. - Preparation analysis found no critical or high-severity cross-artifact issues. - Spec Readiness Gate passes for preparation: `spec.md`, `plan.md`, `tasks.md`, and this checklist exist, contain no placeholders, and keep implementation scope bounded to Spec 303.