# Spec 346 Repo Truth Map Status: implemented Created: 2026-06-02 Purpose: record the repo-backed inputs, scope contracts, and current gaps that shaped the final Governance Inbox operator workflow. ## Runtime Surfaces | Area | Repo source | Current truth | | --- | --- | --- | | Governance Inbox page | `apps/platform/app/Filament/Pages/Governance/GovernanceInbox.php` | Workspace-owned Filament page at `/admin/governance/inbox` with visible optional `environment_id` filter. | | Governance Inbox view | `apps/platform/resources/views/filament/pages/governance/governance-inbox.blade.php` | Operator summary first, lane groups second, source-family context and diagnostics secondary. | | Derived source families | `apps/platform/app/Support/GovernanceInbox/GovernanceInboxSectionBuilder.php` | Existing read-only source families remain: assigned findings, intake findings, finding exceptions, stale operations, alert delivery failures, review follow-up. | | Decision history / proof | `apps/platform/app/Filament/Pages/Governance/DecisionRegister.php`, `apps/platform/app/Support/GovernanceDecisions/GovernanceDecisionRegisterBuilder.php` | Existing read-only decision ledger with `open` and `recently_closed` states. Reused, not rebuilt. | ## Repo-Backed Inputs | Signal | Repo-backed source | Inbox use | | --- | --- | --- | | Assigned findings | `Finding`, `FindingResource`, section builder assigned query | `Requires decision` or `Evidence required` depending on linked evidence state. | | Intake findings | `Finding`, intake query | `Needs triage`. | | Accepted-risk / exception records | `FindingException`, `FindingExceptionDecision`, `FindingExceptionsQueue` | `Risk / exception review`. | | Failed / stale operations | `OperationRun`, `OperationRunLinks` | `Blocked`. | | Failed alert deliveries | `AlertDelivery`, `AlertDeliveryResource` | `Blocked`. | | Review follow-up | `ManagedEnvironmentTriageReview`, `EnvironmentReviewRegisterService`, `CustomerReviewWorkspace` | `Requires decision` with customer-review linkage. | | Recently closed governance decisions | `GovernanceDecisionRegisterBuilder` | Secondary `Recently resolved` disclosure only. | ## Current Item Fields Current source entries already expose the fields needed for a derived operator card without new persistence: - `headline` - `status_label` - `reason_label` - `impact_label` - `tenant_label` - `owner_label` - `due_label` - `evidence_label` - `exception_label` - `primary_action_label` - `primary_action_url` - `destination_url` - `evidence_path_url` - `urgency_rank` Spec 346 keeps these fields derived and page-local. ## Link Targets | Link type | Current truth | | --- | --- | | Finding detail | Existing tenant-owned `FindingResource` view route. | | Finding exceptions queue | Existing workspace hub route with canonical `environment_id` and `exception`. | | Decision Register | Existing workspace hub route with optional `environment_id` and `register_state`. | | Evidence overview | Existing workspace hub route `route('admin.evidence.overview', ['environment_id' => ...])`. | | Customer Review Workspace | Existing workspace hub route `CustomerReviewWorkspace::environmentFilterUrl($environment)`. | | Operation proof | Existing `OperationRunLinks::tenantlessView(...)`. | | Environment detail | Existing `ManagedEnvironmentLinks::viewUrl(...)`. | ## Scope Contract - Governance Inbox remains workspace-owned. - The only visible local environment scope contract is `?environment_id={id}`. - Clean entry must stay tenantless/workspace-wide even when the shell remembers an environment. - No Governance Inbox first-party link may emit retired public query aliases: - `tenant` - `tenant_id` - `managed_environment_id` - `environment` - `tenant_scope` - `tableFilters` ## Gaps And Conservative Decisions | Topic | Repo truth | Spec 346 decision | | --- | --- | --- | | Review-ready lane | No bounded repo-backed governance-inbox-ready state exists on this page today. | Omitted instead of invented. | | Persisted inbox items | No new truth table or workflow engine exists. | Not added. | | New mutating actions | Existing page is read-first and current source surfaces own mutations. | Not added. | | Recently resolved lane | Repo truth exists only in the Decision Register, not in current inbox source-family entries. | Shown as a secondary disclosure backed by the existing register builder. | | Provider-readiness blocker classification | Repo truth exists on adjacent readiness/required-permissions surfaces, but not as a generalized inbox state. | Existing operation / alert / environment links reused; no new readiness engine introduced. | ## Filament / Runtime Guardrails - Livewire v4-only patterns retained. - No panel registration changes; Laravel 12 panel providers remain in `apps/platform/bootstrap/providers.php`. - No global-search posture changed. - No new assets registered. - No migration, queue, scheduler, env-var, or deployment contract change was required.