# Tasks: Legacy Tenant / Environment Context Cleanup **Input**: [spec.md](/Users/ahmeddarrazi/Documents/projects/wt-plattform/specs/317-legacy-tenant-environment-context-cleanup/spec.md), [plan.md](/Users/ahmeddarrazi/Documents/projects/wt-plattform/specs/317-legacy-tenant-environment-context-cleanup/plan.md) **Prerequisites**: Specs 313, 314, 315, and 316 are completed historical baseline context. Do not rewrite them as preparation artifacts. **Important**: These tasks are for the later implementation loop. No runtime implementation was performed during preparation. ## Test Governance Checklist - [x] Lane assignment is named and is the narrowest sufficient proof for static legacy terms, query aliases, routes, helper/API names, UI copy, and browser-visible links. - [x] New or changed tests stay in the smallest honest family, with browser smoke explicit and limited. - [x] Shared helpers, factories, seeds, fixtures, and context defaults stay cheap by default; any widening is isolated or documented. - [x] Planned validation commands cover the cleanup without pulling in unrelated lane cost. - [x] Provider-boundary Tenant terminology is protected through an allowlist instead of blocked by naive grep. - [x] Any material budget, baseline, trend, browser limitation, or escalation note is recorded in the active spec or implementation close-out. ## Phase 1: Guardrails and Baseline - [x] T001 Verify the implementation starts from branch `317-legacy-tenant-environment-context-cleanup` with `git status --short --branch` and no unrelated user changes. - [x] T002 Re-read `specs/313-workspace-environment-context-browser-verification/spec.md`, `specs/314-workspace-hub-navigation-context-contract/spec.md`, `specs/315-environment-cta-explicit-filter-contract/spec.md`, and `specs/316-workspace-hub-clear-filter-contract/spec.md` as completed historical baseline context only. - [x] T003 Confirm Laravel/Filament/Livewire/Pest versions through Laravel Boost `application_info`. - [x] T004 Confirm `AdminPanelProvider` and `SystemPanelProvider` remain registered through `apps/platform/bootstrap/providers.php` and no `TenantPanelProvider` is active. - [x] T005 Confirm no migration, seeder, package, env var, queue, scheduler, storage, or deployment asset change is planned unless later inventory proves a bounded exception. ## Phase 2: Inventory and Allowlist - [x] T006 Create `specs/317-legacy-tenant-environment-context-cleanup/legacy-inventory.md` with columns for file, symbol/method/route/label, current meaning, correct meaning, classification, action, and risk. - [x] T007 Create `specs/317-legacy-tenant-environment-context-cleanup/tenant-usage-allowlist.md` with allowed provider-boundary examples, disallowed platform-context examples, scan paths, and review rules. - [x] T008 Run the required Tenant/Environment search across `apps/platform/app`, `apps/platform/resources`, `apps/platform/routes`, `apps/platform/tests`, `docs`, and current/recent `specs`. - [x] T009 Classify all high-risk occurrences of `TenantPageCategory`, `WorkspaceScopedTenantRoutes`, `CanonicalAdminTenantFilterState`, `EnsureFilamentTenantSelected`, `TenantPanelProvider`, `tenantPrefilterUrl`, `lastTenantId`, `remembered tenant`, `tenant_scope`, `tenant_id`, `managed_environment_id`, `Filament::getTenant()`, `getTenant()`, `tableFilters`, and `/admin/t`. - [x] T010 Classify provider-boundary occurrences such as `provider_tenant_id`, `external_tenant_id`, `microsoft_tenant_id`, `entra_tenant_id`, Graph `tenantId`, and OAuth tenant authority segments as allowed provider-boundary when correct. - [x] T011 Mark completed historical spec/doc occurrences as `allowed_historical_archived_doc` unless they are current product truth. - [x] T012 Mark ambiguous cases as `needs_product_decision` and do not guess or implement those specific renames without a bounded decision. ## Phase 3: Tests First - Static and Contract Guards - [x] T013 Add `it_platform_context_does_not_use_legacy_tenant_terms` in an appropriate guard test under `apps/platform/tests/Feature/Guards/` with allowlist support from the Spec 317 allowlist artifact. - [x] T014 Add `it_workspace_hubs_do_not_accept_legacy_tenant_query_aliases` covering Operations, Governance Inbox, Decision Register, Finding Exceptions Queue, Provider Connections, Evidence, Review Register, and Customer Review Workspace. - [x] T015 Add assertions that `tenant`, `tenant_id`, `managed_environment_id`, `tenant_scope`, `environment`, and `tableFilters` do not show an Environment chip or filter Workspace hub data without `environment_id`. - [x] T016 Add assertions that valid `environment_id` still applies the Spec 315/316 canonical Environment filter behavior. - [x] T017 Add `it_workspace_hubs_do_not_use_filament_tenant_or_remembered_tenant_as_scope` with static checks for `Filament::getTenant()`, `getTenant()`, `lastTenantId`, and remembered Tenant fallback in Workspace hub classes. - [x] T018 Add `it_admin_has_no_active_legacy_tenant_panel_routes` proving no active `/admin/t` routes and no active `TenantPanelProvider` registration. - [x] T019 Add helper/API rename coverage proving `tenantPrefilterUrl()` is gone and the Environment-named replacement is used. - [x] T020 Add helper/class guard coverage for `TenantPageCategory`, `WorkspaceScopedTenantRoutes`, `CanonicalAdminTenantFilterState`, and `EnsureFilamentTenantSelected` once each is renamed, removed, or quarantined. - [x] T021 Add or update rendered-view/UI copy guard `it_active_workspace_environment_ui_uses_environment_not_tenant` for active Workspace/Environment surfaces, with provider-boundary exceptions. ## Phase 4: Query and URL Cleanup - [x] T022 Update `apps/platform/app/Support/Navigation/WorkspaceHubEnvironmentFilter.php` so only `environment_id` is a valid Environment filter source. - [x] T023 Update `apps/platform/app/Support/Navigation/WorkspaceHubRegistry.php` and related clean URL helpers so generated Workspace hub links never emit legacy Tenant query params. - [x] T024 Update `apps/platform/app/Support/Navigation/WorkspaceHubFilterStateResetter.php` so legacy Tenant-like keys can be cleared/neutralized but never become valid Environment filter sources. - [x] T025 Remove Workspace hub handling for `tenant`, `tenant_id`, `managed_environment_id`, `tenant_scope`, `environment`, and `tableFilters` as Environment filter aliases. - [x] T026 Confirm Environment-owned CTA helpers still generate `environment_id` and do not regress Spec 315 behavior. - [x] T027 Confirm clear-filter links still remove legacy keys and do not regress Spec 316 behavior. ## Phase 5: Helper, Class, and Fallback Cleanup - [x] T028 Rename or remove `tenantPrefilterUrl()` on `apps/platform/app/Filament/Pages/Reviews/CustomerReviewWorkspace.php` with no deprecated alias. - [x] T029 Rename `tenantId`, `tenantLabel`, `tenantFilter`, and `tenantScope` variables/properties when they mean Managed Environment on Workspace hub code paths. - [x] T030 Rename, remove, or explicitly quarantine `apps/platform/app/Support/Tenants/TenantPageCategory.php` based on actual responsibility after cleanup. - [x] T031 Rename, remove, or explicitly quarantine `apps/platform/app/Filament/Concerns/WorkspaceScopedTenantRoutes.php` based on actual route responsibility after cleanup. - [x] T032 Rename, remove, or explicitly quarantine `apps/platform/app/Support/Filament/CanonicalAdminTenantFilterState.php` based on actual table/filter responsibility after cleanup. - [x] T033 Rename, remove, or explicitly quarantine `apps/platform/app/Support/Middleware/EnsureFilamentTenantSelected.php` based on actual Environment context responsibility after cleanup. - [x] T034 Remove Workspace hub use of `Filament::getTenant()` or `getTenant()` as scope, fallback, query source, or shell context. - [x] T035 Remove Workspace hub use of `lastTenantId`, remembered Tenant state, or session Tenant state as data scope or Environment fallback. - [x] T036 Verify any remaining `lastEnvironmentId` behavior is switcher convenience only and cannot affect Workspace hub URLs, filters, queries, authorization, or shell context. ## Phase 6: Route and Provider Boundary Cleanup - [x] T037 Inspect `apps/platform/routes/web.php` and remove or neutralize active `/admin/t` route assumptions where they remain product-facing. - [x] T038 Inspect `apps/platform/app/Providers/Filament/AdminPanelProvider.php` for Tenant page category, context, render hook, or navigation assumptions and rename/remove them. - [x] T039 Inspect `apps/platform/app/Support/ManagedEnvironmentLinks.php` and `apps/platform/app/Support/Operations/OperationRunLinks.php` for generated legacy Tenant query params or route helpers. - [x] T040 Inspect Provider Connections surfaces and preserve only provider-boundary Tenant labels such as Microsoft Tenant, Entra Tenant, and Provider Tenant ID. - [x] T041 Confirm provider external tenant identifiers are never used as Workspace hub `environment_id` substitutes. ## Phase 7: Active UI Copy Cleanup - [x] T042 Update Workspace Overview active copy and links so Tenant wording is not used for Managed Environment context. - [x] T043 Update Environment Dashboard active copy, CTAs, and provider readiness snippets so Environment and Provider Tenant terms are distinct. - [x] T044 Update Operations active copy, chips, filters, and empty states where Tenant wording means Environment. - [x] T045 Update Governance Inbox, Decision Register, and Finding Exceptions Queue active copy where Tenant wording means Environment. - [x] T046 Update Provider Connections active copy so provider-boundary Tenant terminology is explicit and Environment filters use Environment wording. - [x] T047 Update Evidence, Reviews, Customer Reviews, Provider Readiness, and Required Permissions active copy where Tenant wording means Environment. ## Phase 8: Docs and Current Spec Truth Cleanup - [x] T048 Update `docs/product/spec-candidates.md` current queue/follow-up wording so it reflects Workspace-first / Environment-second platform context and the selected Spec 317 numbering. - [x] T049 Update `docs/product/roadmap.md` only where current product truth or numbering notes conflict with Spec 317; leave strategic historical context intact when not current truth. - [x] T050 Update relevant current docs under `docs/product`, `docs/ui`, `docs/architecture-guidelines.md`, `docs/filament-guidelines.md`, and `docs/testing-guidelines.md` only where they describe Tenant as platform context. - [x] T051 Do not rewrite completed Specs 313-316 except for an explicit current-truth note if implementation proves they are used as current docs rather than history. - [x] T052 Document any intentionally quarantined legacy names in `legacy-inventory.md` with reason, risk, and follow-up. ## Phase 9: Regression Safety - [x] T053 Re-run or update Spec 314 regression coverage proving sidebar/global Workspace hub entry remains clean and workspace-wide. - [x] T054 Re-run or update Spec 315 regression coverage proving Environment-owned CTAs use `environment_id`, visible chip renders when filtered, legacy params remain invalid, and cross-workspace IDs are rejected. - [x] T055 Re-run or update Spec 316 regression coverage proving clear removes URL/page/table/session state and does not restore stale Environment filters. - [x] T056 Confirm no globally searchable resource behavior changed; if a Resource is touched, verify it has Edit/View page or global search disabled. - [x] T057 Confirm no destructive action behavior changed; if a touched surface has destructive actions, verify `->action(...)`, `->requiresConfirmation()`, authorization, and audit behavior remain intact. - [x] T058 Confirm no Graph calls, OperationRun lifecycle behavior, queue behavior, scheduler behavior, env var, storage, or asset registration changed. ## Phase 10: Browser Verification - [x] T059 Start the local platform stack using Sail or the repo's platform dev command. - [x] T060 Resolve the absolute local app URL using Laravel Boost `get_absolute_url`. - [x] T061 Browser smoke Workspace Overview, Environment Dashboard, Operations, Governance Inbox, Decision Register, Finding Exceptions Queue, Provider Connections, Evidence, Reviews, Customer Reviews, Provider Readiness, and Required Permissions. - [x] T062 Verify active platform UI does not say Tenant when it means Environment. - [x] T063 Verify provider-specific details may still say Microsoft Tenant, Entra Tenant, or Provider Tenant ID only where provider-owned. - [x] T064 Verify sidebar/global clean entry still works and no old query params appear in generated links. - [x] T065 Verify Environment CTA filtered entry still uses `environment_id`. - [x] T066 Verify clear filter still returns to clean Workspace hub state. - [x] T067 Verify no `/admin/t` route appears in active navigation or generated links. - [x] T068 Save screenshots where useful under `specs/317-legacy-tenant-environment-context-cleanup/artifacts/screenshots/`. ## Phase 11: Final Validation and Report - [x] T069 Run focused Spec 317 Pest guard/contract tests. - [x] T070 Run existing related Spec 314, Spec 315, and Spec 316 regression tests. - [x] T071 Run formatting/static checks expected by touched files, including Pint if PHP files changed. - [x] T072 Run `git diff --check`. - [x] T073 Prepare the final implementation report with changed behavior, legacy cleanup summary, provider-boundary Tenant usages kept, removed/renamed legacy platform usages, files changed, tests, browser verification, known issues, and Spec 318 follow-up. - [x] T074 Confirm the final report lists paths to `legacy-inventory.md` and `tenant-usage-allowlist.md`, renamed classes/helpers, removed query handlers, UI copy changes, docs/spec artifacts updated, and quarantined names with reasons. - [x] T075 Confirm the final report states no backwards compatibility layer was introduced, no legacy query alias support was preserved, and no provider-boundary Tenant concepts were incorrectly removed. ## Explicit Non-Tasks - [x] NT001 Do not implement durable browser no-drift infrastructure; leave to Spec 318. - [x] NT002 Do not add compatibility redirects, dual-param support, alias readers, or adapter layers. - [x] NT003 Do not perform broad cosmetic database renames. - [x] NT004 Do not remove provider-boundary Microsoft/Entra/provider Tenant terminology. - [x] NT005 Do not add Environment CTA support to pages excluded from Specs 315/316. - [x] NT006 Do not rewrite completed historical specs or implementation close-out evidence. - [x] NT007 Do not create migrations, seeders, packages, env vars, queues, scheduler changes, storage changes, or asset registration unless a bounded implementation finding explicitly requires and documents the exception. ## Dependencies - T001-T005 block all runtime work. - T006-T012 block cleanup edits. - T013-T021 should be added before or alongside the corresponding cleanup changes. - T022-T041 can proceed after inventory classifications are complete. - T042-T052 can proceed after UI/docs inventory classification. - T053-T058 run after code/test cleanup. - T059-T068 run after local validation is green enough for browser smoke. - T069-T075 close the implementation. ## Suggested MVP Scope Complete Phases 1-5 plus focused guards first. That proves the core hard-cut cleanup: inventory, allowlist, canonical `environment_id`, no helper aliases, and no Workspace hub Tenant fallback. UI/docs/browser phases then verify and close the visible product-truth layer.