# Tasks: Spec 330 - Environment Dashboard / Baseline Compare Productization **Input**: Design documents from `/specs/330-environment-dashboard-baseline-compare-productization/` **Prerequisites**: `spec.md`, `plan.md`, `repo-truth-map.md` **Tests**: Required. This is a runtime UI/operator decision-surface productization with environment-owned route and browser smoke coverage. ## Test Governance Checklist - [x] Lane assignment is named and is the narrowest sufficient proof for the changed behavior. - [x] New or changed tests stay in the smallest honest family, and the browser addition is explicit. - [x] Shared helpers, factories, seeds, fixtures, and context defaults stay cheap by default. - [x] Planned validation commands cover the change without pulling in unrelated lane cost. - [x] The declared surface test profile (`global-context-shell`, `monitoring-state-page`, `shared-detail-family`) is explicit. - [x] Any material budget, baseline, trend, or escalation note is recorded in the active spec or PR. ## Phase 1: Preparation And Repo Truth **Purpose**: Confirm runtime truth and prevent invented readiness/drift claims before page edits. - [x] T001 Re-read `specs/330-environment-dashboard-baseline-compare-productization/spec.md`, `plan.md`, `tasks.md`, and `repo-truth-map.md`. - [x] T002 Re-read related completed context only: Specs 314-329. Do not modify their artifacts. - [x] T003 Verify current Environment Dashboard route/class/widgets/views before editing: `apps/platform/app/Filament/Pages/EnvironmentDashboard.php`, `apps/platform/app/Filament/Widgets/Dashboard/EnvironmentDashboardOverview.php`, `apps/platform/resources/views/filament/widgets/dashboard/environment-dashboard-overview.blade.php`, and `apps/platform/resources/views/filament/widgets/dashboard/environment-dashboard-context-chips.blade.php`. - [x] T004 Verify current Environment Dashboard source helper before editing: `apps/platform/app/Support/EnvironmentDashboard/EnvironmentDashboardSummaryBuilder.php` and `apps/platform/app/Support/EnvironmentDashboard/EnvironmentDashboardSummary.php`. - [x] T005 Verify current Baseline Compare route/class/view before editing: `apps/platform/app/Filament/Pages/BaselineCompareLanding.php` and `apps/platform/resources/views/filament/pages/baseline-compare-landing.blade.php`. - [x] T006 Verify current source models/services/helpers: `ManagedEnvironment`, `ProviderConnection`, `ManagedEnvironmentPermission`, `BackupSet`, `RestoreRun`, `BaselineTenantAssignment`, `BaselineProfile`, `BaselineSnapshot`, `Finding`, `FindingException`, `EvidenceSnapshot`, `EnvironmentReview`, `ReviewPack`, `OperationRun`, `BaselineCompareStats`, and `TenantGovernanceAggregateResolver`. - [x] T007 Update `repo-truth-map.md` with any newly discovered source, capability, fallback, or classification before runtime changes. - [x] T008 Confirm no migration/package/env/queue/storage/deployment asset change is required; if one appears necessary, stop and update spec/plan first. - [x] T009 Confirm Filament v5 / Livewire v4.0+ compliance and no Livewire v3/Filament legacy API use. - [x] T010 Confirm panel provider registration remains `apps/platform/bootstrap/providers.php`. - [x] T011 Confirm no globally searchable resource is changed; if a resource is touched, verify View/Edit/global-search safety. - [x] T012 Confirm existing Baseline Compare start action keeps `Action::make(...)->action(...)`, `->requiresConfirmation()`, `UiEnforcement`, `OperationRun`, and notifications. ## Phase 2: Feature Tests First **Purpose**: Lock decision layout, false-green guard, RBAC, scope, and diagnostics behavior before UI refactor. - [x] T013 Add or update a Feature test asserting `specs/330-environment-dashboard-baseline-compare-productization/repo-truth-map.md` exists and lists Environment Dashboard and Baseline Compare sections plus required data areas. - [x] T014 Add or update a Feature/Livewire test for Environment Dashboard layout text: `Environment Dashboard`, `Is this environment ready, blocked, stale, or requiring review?`, `Status`, `Reason`, `Impact`, `Next action`, `Readiness proof`, and `Diagnostics - Collapsed`. - [x] T015 Add or update a Feature/Livewire test asserting Environment Dashboard missing-proof fixture shows `Action needed`, `Evidence missing` or `Backup proof missing`, and does not show false `Healthy`, `Fully ready`, `Customer-safe`, `Protected`, or `Compliant` claims. - [x] T016 Add or update a Feature/Livewire test asserting Environment Dashboard shows one primary action plus a ranked next-action list when gaps exist. - [x] T017 Add or update a Feature/Livewire test for Baseline Compare layout text: `Baseline Compare`, `Which baseline drift requires action?`, `Assigned baseline`, `Compare trust`, `Drift impact`, `Evidence path`, and `Diagnostics - Collapsed`. - [x] T018 Add or update a Feature/Livewire test asserting Baseline Compare no-baseline state shows `Baseline not assigned`, an impact sentence that compare cannot be used for governance decisions, and an authorized assign/open-baseline action or honest unavailable state. - [x] T019 Add or update a Feature/Livewire test asserting Baseline Compare drift/evidence state shows drift/evidence summary without raw diff/payload by default. - [x] T020 Add or update a Feature/Livewire test asserting raw diagnostics are hidden/collapsed by default on both pages: `raw payload`, `raw diff`, `provider secret`, `stack trace`, `debug metadata`, `internal exception`, `provider response`, and raw OperationRun context must not be default-visible. - [x] T021 Add or update RBAC tests covering evidence links, operation proof links, provider/permission links, backup/restore links, baseline profile/matrix/findings links, compare start, and diagnostics visibility where existing capabilities support coverage. - [x] T022 Add or update environment-owned route tests for both pages: explicit environment route required, clean workspace URL does not establish environment ownership, remembered environment is not enough, and cross-workspace environment is rejected. - [x] T023 Add or update legacy alias rejection tests for both pages covering `tenant`, `tenant_id`, `managed_environment_id`, `environment`, `tenant_scope`, and `tableFilters`. - [x] T024 Add or update static tenant-copy guard asserting platform-context copy such as `current tenant`, `tenant filter`, `all tenants`, `choose tenant`, and `tenant scope` is not visible, while dynamic names containing `Tenant` remain allowed. ## Phase 3: Environment Dashboard Productization **Purpose**: Refactor Environment Dashboard from dense dashboard to decision-first readiness workbench without new backend foundation. - [x] T025 Update `apps/platform/app/Support/EnvironmentDashboard/EnvironmentDashboardSummary.php` only if needed to carry repo-truth-bounded decision/proof payloads; do not add persisted state or public framework semantics. - [x] T026 Update `apps/platform/app/Support/EnvironmentDashboard/EnvironmentDashboardSummaryBuilder.php` to expose derived readiness decision data: status, reason, impact, proof path, primary next action, ranked actions, readiness dimensions, and diagnostics disclosure. - [x] T027 Update `apps/platform/resources/views/filament/widgets/dashboard/environment-dashboard-overview.blade.php` to render the main readiness question, decision card, proof/action panel, ranked next actions, readiness dimensions, and collapsed diagnostics before secondary details. - [x] T028 Update `apps/platform/app/Filament/Pages/EnvironmentDashboard.php` only where needed for header/primary action hierarchy, while preserving existing support request and support diagnostics authorization. - [x] T029 Ensure dashboard context shows Workspace, Environment, Provider when repo-supported, and latest activity/proof state when repo-supported. - [x] T030 Ensure readiness dimensions render only repo-backed or honest unavailable states: provider readiness, required permissions, backup posture, recovery proof, baseline assignment, baseline compare/drift, evidence freshness, review freshness, accepted risk, and operations attention. - [x] T031 Ensure one primary next action is visible when authorized and secondary actions are ranked and lower priority. - [x] T032 Keep existing useful secondary cards/details/links and do not remove existing backup, provider, evidence, review, operations, or support access paths. - [x] T033 Ensure Environment Dashboard diagnostics/raw details are collapsed, hidden, or capability-gated by default. ## Phase 4: Baseline Compare Productization **Purpose**: Refactor Baseline Compare from compare/status detail to decision-first drift/action surface while preserving compare behavior. - [x] T034 Update `apps/platform/app/Filament/Pages/BaselineCompareLanding.php` to expose repo-truth-bounded decision/proof payloads for assignment, compare trust, drift impact, reason, evidence path, operation proof, raw disclosure, and primary next action. - [x] T035 Update `apps/platform/resources/views/filament/pages/baseline-compare-landing.blade.php` to render the main drift/action question, decision card, assignment/compare trust/drift summary, evidence/proof panel, findings/evidence-gap summary, and collapsed raw diff/diagnostics before secondary details. - [x] T036 Preserve existing compare start action semantics: confirmation, capability gating, `BaselineCompareService::startCompare()`, OperationRun, queued toast/browser event, and open-operation link. - [x] T037 Render no-baseline, invalid-scope, no-snapshot, stale/missing compare, running compare, failed compare, zero-finding-with-gaps, and drift states as honest decision states. - [x] T038 Ensure no-baseline state is actionable where a repo-real baseline profile route/action exists; otherwise show honest unavailable guidance without inventing assignment workflow. - [x] T038a Add a no-baseline visual Compare readiness stepper/pipeline, compact available-inputs section, and assignment-unlocks copy while keeping duplicated `Assigned baseline`, `Compare trust`, `Drift impact`, and duplicate `Evidence path` summary blocks absent. - [x] T039 Ensure drift findings/evidence gaps render before raw compare details and do not imply `0 findings` equals all-clear when trust/coverage/evidence gaps exist. - [x] T040 Keep existing compare matrix, findings, run, evidence-gap, and summary sections available as secondary context where authorized. - [x] T041 Ensure Baseline Compare raw diff/diagnostics are collapsed, hidden, or capability-gated by default. ## Phase 5: Data Binding And Honest States **Purpose**: Bind both surfaces to repo-verified sources and avoid false claims. - [x] T042 Bind environment readiness to existing `EnvironmentDashboardSummaryBuilder`, backup/recovery helpers, provider permission view model, baseline aggregate, evidence/review/review pack state, exception stats, and OperationRun attention queries only. - [x] T043 Bind baseline assignment to `BaselineTenantAssignment`, `BaselineProfile`, and `BaselineSnapshotTruthResolver` only. - [x] T044 Bind compare trust/drift/evidence state to `BaselineCompareStats`, `TenantGovernanceAggregate`, operator explanation, findings, evidence gap summary, and existing OperationRun proof only. - [x] T045 Bind proof links only through existing resource URLs, `ManagedEnvironmentLinks`, `OperationRunLinks`, and policy/capability checks. - [x] T046 Render unavailable/missing/not generated/not applicable/deferred states for unsupported proof paths instead of inventing backend capabilities. - [x] T047 Ensure no generic green success state, health/compliance/protected/customer-safe copy, restore confidence claim, or compare all-clear claim appears without exact repo proof. ## Phase 6: Actions, RBAC, And Safety **Purpose**: Show only real, authorized actions and preserve read-first default behavior. - [x] T048 Keep primary actions singular and context-aware on each page. - [x] T049 Show open required permissions, open backup posture, open operations, open evidence, open reviews/review pack, open baseline compare, open baseline profiles/matrix/findings, run compare, and open operation proof only when route and authorization are repo-real. - [x] T050 Ensure unauthorized actions are hidden, disabled with existing convention, or represented as safe unavailable state without leaking sensitive details. - [x] T051 Ensure raw diagnostics/metadata disclosure is unavailable without `support_diagnostics.view` or stricter existing raw/support capability. - [x] T052 Verify no default action approves, rejects, accepts risk, deletes, restores, remediates, mutates provider state, or changes evidence/audit/storage. - [x] T053 If any high-impact action is unexpectedly required, update spec/plan first, then implement it with `Action::make(...)->action(...)`, `->requiresConfirmation()`, server-side authorization, audit, notification, and tests. ## Phase 7: Environment-Owned Route Contract **Purpose**: Preserve Specs 314-322 and Spec 319. - [x] T054 Verify Environment Dashboard explicit route opens with active Environment context. - [x] T055 Verify Baseline Compare explicit route opens with active Environment context. - [x] T056 Verify clean workspace-only URLs do not establish environment ownership for either surface. - [x] T057 Verify remembered Environment / Filament tenant fallback is not enough to authorize either surface. - [x] T058 Verify workspace route and environment route disagreement returns not found for both surfaces. - [x] T059 Verify legacy aliases are removed/neutralized and do not set ownership or filter state. - [x] T060 Verify no `/admin/t` route, redirect, or compatibility assumption is reintroduced. ## Phase 8: Browser Smoke And Screenshots **Purpose**: Prove the user-facing contract in the integrated browser lane. - [x] T061 Create `apps/platform/tests/Browser/Spec330EnvironmentDashboardBaselineCompareSmokeTest.php` using existing Pest Browser conventions. - [x] T062 Browser Flow A: Environment Dashboard explicit route non-empty state; assert Environment shell, readiness question, decision card, proof panel, ranked actions, diagnostics collapsed, and screenshot `environment-dashboard-readiness-workbench.png`. - [x] T063 Browser Flow B: Environment Dashboard action-needed/missing-proof state; assert honest action-needed/missing-proof copy, no false green copy, diagnostics collapsed, and screenshot `environment-dashboard-action-needed.png`. - [x] T064 Browser Flow C: Baseline Compare explicit route no-baseline state; assert drift question, baseline not assigned, impact, action/unavailable state, diagnostics collapsed, and screenshot `baseline-compare-no-baseline.png`. - [x] T065 Browser Flow D: Baseline Compare compare/drift state if fixture-supported; assert assigned baseline, compare trust, drift/evidence summary, proof panel, raw details hidden, and screenshot `baseline-compare-decision-workbench.png`. - [x] T066 Browser Flow E: cross-workspace or invalid environment safe denial for both surfaces. - [x] T067 Browser Flow F: dynamic display name containing `Tenant` is allowed, static tenant platform-copy is absent. - [x] T068 Browser Flow G: raw diff/provider payload/debug/stack trace text is absent by default on both surfaces. - [x] T069 Save screenshots under `specs/330-environment-dashboard-baseline-compare-productization/artifacts/screenshots/` when generated and ensure they contain no secrets. ## Phase 9: UI Coverage And Documentation Artifacts **Purpose**: Satisfy UI-COV without unrelated docs churn. - [x] T070 Decide after runtime diff whether `docs/ui-ux-enterprise-audit/route-inventory.md`, `design-coverage-matrix.md`, page reports, or unresolved pages need an update. - [x] T071 If coverage docs are not changed, add a close-out note explaining why existing UI-002/UI-061 rows plus Spec 325 target artifacts and Spec 330 package artifacts remain sufficient. - [x] T072 Update `repo-truth-map.md` final classifications for implemented/empty/deferred elements. - [x] T073 Do not create general documentation files outside required Spec Kit/UI coverage artifacts unless explicitly requested. ## Phase 10: Validation **Purpose**: Run narrow proof and report honestly. - [x] T074 Run `cd apps/platform && ./vendor/bin/sail artisan test tests/Feature/Filament tests/Feature/Rbac tests/Feature/Navigation --filter='EnvironmentDashboard|TenantDashboard|BaselineCompare|EnvironmentOwned|LegacyTenant|Spec322' --compact`. - [x] T075 Run `cd apps/platform && ./vendor/bin/sail artisan test tests/Browser/Spec330EnvironmentDashboardBaselineCompareSmokeTest.php --compact`. - [x] T076 Run `cd apps/platform && ./vendor/bin/sail artisan test --filter='EnvironmentDashboard|BaselineCompare|AdminSurfaceScope|EnvironmentOwned|LegacyTenant|Spec322' --compact`. - [x] T077 Run `cd apps/platform && ./vendor/bin/sail pint --dirty`. - [x] T078 Run `git diff --check`. - [x] T079 Report full-suite status honestly if not run. - [x] T080 Confirm no migrations, seeders, packages, env vars, queues, scheduler, storage, deployment assets, backwards compatibility layer, or legacy tenant alias support were added. ## Dependencies - Phase 1 blocks all runtime implementation. - Phase 2 should be written before or alongside implementation to lock behavior. - Phase 3 and Phase 4 can be implemented in parallel only if write scopes stay disjoint: - Environment Dashboard write scope: dashboard page/widget/view/summary helper/tests. - Baseline Compare write scope: compare page/view/tests. - Phase 5 and Phase 6 depend on Phases 3-4 payload shape. - Phase 7 must be validated after both surfaces are changed. - Phase 8 depends on user-facing runtime changes. - Phase 10 is final validation. ## Non-Goals Checklist - [x] NT001 Do not build a new environment readiness backend. - [x] NT002 Do not build a new baseline/drift engine. - [x] NT003 Do not build a new evidence generator. - [x] NT004 Do not build a new backup/restore proof engine. - [x] NT005 Do not add AI summarization. - [x] NT006 Do not redesign Operations Hub, Governance Inbox, Customer Review Workspace, Evidence/Audit, Restore Safety, or Provider Readiness. - [x] NT007 Do not add migrations unless spec/plan are updated first with proof. - [x] NT008 Do not rewrite completed Specs 314-329. - [x] NT009 Do not add legacy tenant query alias support. - [x] NT010 Do not expose raw diagnostics, raw diff, raw OperationRun context, or provider payloads by default. ## Required Final Report Content When implementation later completes, report: - Changed behavior. - Environment Dashboard readiness surface. - Baseline Compare drift/action surface. - Routing / scope. - Disclosure / diagnostics default state. - RBAC-visible/hidden actions. - Repo-verified vs unavailable states. - Files changed. - Repo truth map status. - Tests run and results. - Browser verification and screenshots path. - Known gaps. - Remaining follow-ups. - Full suite run/not run. - Explicit no migrations/seeders/packages/env/queues/scheduler/storage/deployment assets/backcompat/legacy aliases statement.