# Tasks: Spec 355 - Platform Sellable Smoke Matrix **Input**: `specs/355-platform-sellable-smoke-matrix/spec.md`, `plan.md`, `repo-truth-map.md`, `artifacts/platform-sellable-smoke-matrix.md`, `artifacts/platform-sellable-readiness-report.md`, and `checklists/requirements.md` **Tests**: Browser verification is required. Targeted Pest unit/feature/browser coverage is required only if a direct in-scope P0/P1 fix is applied. ## Test Governance Checklist - [x] Lane assignment is explicit and narrow: browser-first for the matrix, targeted unit/feature/browser only when a direct fix lands. - [x] New or changed tests stay in the smallest honest family, and any browser addition beyond artifact capture is explicit. - [x] Shared helpers, factories, seeds, and context defaults stay cheap by default. - [x] Planned validation commands cover the slice without pulling unrelated lane cost. - [x] The affected surfaces remain the current strategic/operator owner surfaces, not a new runtime family. - [x] No new persisted product truth, workflow engine, or provider/platform abstraction is planned. ## Phase 1: Preparation And Repo Truth **Purpose**: Keep the verification gate bounded to current repo truth and surface any dependency blockers before browser work starts. - [x] T001 Re-read `spec.md`, `plan.md`, `tasks.md`, `repo-truth-map.md`, and `checklists/requirements.md`. - [x] T002 Re-run `git status --short --branch`, `git diff --stat`, and `git log -1 --oneline`, then update `specs/355-platform-sellable-smoke-matrix/repo-truth-map.md`. - [x] T003 Re-verify the current runtime truth in: - `apps/platform/app/Filament/Pages/EnvironmentDashboard.php` - `apps/platform/app/Filament/Resources/ProviderConnectionResource.php` - `apps/platform/app/Filament/Pages/EnvironmentRequiredPermissions.php` - `apps/platform/app/Filament/Pages/Reviews/CustomerReviewWorkspace.php` - `apps/platform/app/Filament/Resources/EnvironmentReviewResource/Pages/ViewEnvironmentReview.php` - `apps/platform/app/Filament/Pages/Monitoring/FindingExceptionsQueue.php` - `apps/platform/app/Filament/Resources/FindingExceptionResource/Pages/ViewFindingException.php` - `apps/platform/app/Filament/Pages/Governance/GovernanceInbox.php` - `apps/platform/app/Filament/Pages/Monitoring/EvidenceOverview.php` - `apps/platform/app/Filament/Resources/EvidenceSnapshotResource/Pages/ViewEvidenceSnapshot.php` - `apps/platform/app/Filament/Resources/OperationRunResource.php` - [x] T004 Re-verify Specs 351-354 as dependency truth, using commits, checked tasks, browser smoke assets, screenshots, and recorded findings rather than trusting one metadata field alone. - [x] T005 If Spec 354 still has any of the named dependency concerns open (`accepted-risk state priority`, `approval queue scope continuity`, `dominant guidance localization`, or `fake/inert recommended action semantics`), record the blocker explicitly in `repo-truth-map.md` and do not issue a final sellable-readiness verdict. - [x] T006 Confirm no migration, package, env var, queue family, scheduler, storage, panel/provider, asset-registration, or global-search change is required for the baseline verification path. ## Phase 2: Fixture Inventory **Purpose**: Determine which required states can be exercised honestly before the browser matrix is run. - [x] T007 Inventory existing local/testing/browser helpers: - `admin.local.smoke-login` - `tenantpilot:review-output:seed-browser-fixture` - existing browser smoke tests for Specs 346, 351, 352, 353, and 354 - [x] T008 Record available or missing fixture truth for: - provider blocker - review-output blocker - ready draft / publish path - accepted risk expiring - accepted risk expired - accepted risk incomplete - pending renewal non-lapsed and lapsed if repo-backed - governance inbox item - evidence missing or stale - operation follow-up / proof - no urgent action - [x] T009 Update `specs/355-platform-sellable-smoke-matrix/artifacts/blocked-fixtures.md` for any state that cannot be exercised honestly with current repo fixtures. - [x] T010 Keep `repo-truth-map.md` current if runtime inspection proves the smoke matrix must narrow or explicitly block one or more flows. ## Phase 3: Browser Smoke Matrix **Purpose**: Run the required cross-surface flows and capture first-screen proof. - [x] T011 Run Flow 1: Environment Dashboard -> provider blocker, and verify provider readiness outranks review-output guidance when both signals exist. - [x] T012 Save `specs/355-platform-sellable-smoke-matrix/artifacts/screenshots/01-dashboard-provider-blocker.png`. - [x] T013 Save `specs/355-platform-sellable-smoke-matrix/artifacts/screenshots/02-provider-required-permissions-target.png`. - [x] T014 Run Flow 2: Environment Dashboard -> review-output blocker, and verify the primary action lands on the review-output owner surface expected by Spec 351. - [x] T015 Save `specs/355-platform-sellable-smoke-matrix/artifacts/screenshots/03-dashboard-review-output-blocker.png`. - [x] T016 Run Flow 3: Customer Review Workspace -> review-output resolve loop, and verify no fake action or duplicate primary rail appears during the loop. - [x] T017 Save `specs/355-platform-sellable-smoke-matrix/artifacts/screenshots/04-customer-review-workspace-resolve-action.png`. - [x] T018 Run Flow 4: Environment Review detail in `customer_workspace` context, and verify output readiness remains clear without reintroducing a duplicate CTA rail. - [x] T019 Save `specs/355-platform-sellable-smoke-matrix/artifacts/screenshots/05-review-detail-customer-workspace-context.png`. - [x] T020 Run Flow 5: Provider Connections / Required Permissions, and verify missing permissions or verification blockers are explained before raw diagnostic detail. - [x] T021 Save `specs/355-platform-sellable-smoke-matrix/artifacts/screenshots/06-provider-guidance.png`. - [x] T022 Run Flow 6: Finding Exceptions / accepted-risk states, and verify expired/expiring governance outranks weaker pending-renewal or informational states where fixture truth exists. - [x] T023 Save `specs/355-platform-sellable-smoke-matrix/artifacts/screenshots/07-accepted-risk-expiring.png`. - [x] T024 Save `specs/355-platform-sellable-smoke-matrix/artifacts/screenshots/08-accepted-risk-expired.png`. - [x] T025 Run Flow 7: Governance Inbox, and verify it stays the queue-clearing command surface instead of becoming a second dashboard summary. - [x] T026 Save `specs/355-platform-sellable-smoke-matrix/artifacts/screenshots/09-governance-inbox.png`. - [x] T027 Run Flow 8: Evidence Overview / evidence basis, and verify missing or stale evidence is understandable without defaulting to raw-report presentation. - [x] T028 Save `specs/355-platform-sellable-smoke-matrix/artifacts/screenshots/10-evidence-overview.png`. - [x] T029 Run Flow 9: operation proof, and verify the linked run belongs to the expected environment/source context and does not overclaim governance health. - [x] T030 Save `specs/355-platform-sellable-smoke-matrix/artifacts/screenshots/11-operation-proof.png`. - [x] T031 Run Flow 10: no urgent action state, and verify the calm state does not read as empty, broken, or warning-heavy. - [x] T032 Save `specs/355-platform-sellable-smoke-matrix/artifacts/screenshots/12-no-urgent-action.png`. - [x] T033 Record console errors, network/server errors, final URL/scope state, and customer-safe boundary observations for every flow in `artifacts/platform-sellable-smoke-matrix.md`. ## Phase 4: Classification And Readiness Report **Purpose**: Turn browser observations into a conservative sellable-readiness result. - [x] T034 Fill `specs/355-platform-sellable-smoke-matrix/artifacts/platform-sellable-smoke-matrix.md` with expected primary action, actual primary action, scope result, customer-safe result, errors, screenshot path, and classification for every required flow. - [x] T035 Mark missing states/screenshots as `BLOCKED` instead of `PASS`. - [x] T036 Write `specs/355-platform-sellable-smoke-matrix/artifacts/platform-sellable-readiness-report.md` with: - Executive Summary - pass/fail/blocked counts - P0/P1/P2/P3 findings - demo readiness - sellable foundation readiness - customer-safe boundary assessment - operator workflow assessment - recommended close/fix/defer decision - [x] T037 Keep the readiness report conservative when dependency verification or fixture coverage is incomplete. ## Phase 5: Minimal P0/P1 Fixes Only **Purpose**: Allow only direct in-scope runtime correction when the smoke matrix proves a blocking issue. - [x] T038 If a verified P0/P1 issue is directly in scope, add the narrowest failing targeted test before editing runtime code. - [x] T039 Apply only the minimal owner-surface fix required to address the verified P0/P1 issue. Do not add a new product surface, persistence, taxonomy, or framework. - [x] T040 Re-run the affected browser flow after the fix and update the screenshot, matrix row, and readiness report. - [x] T041 If a verified issue is out of scope or fixture-blocked, document it in the readiness report as a deferred blocker and do not broaden Spec 355. Execution note: The only runtime patch in this slice closed a Spec 354 dependency-gate defect in dominant accepted-risk guidance localization. It stayed in scope because Spec 355 explicitly required that gate to be clear before close-out, and the fix was bounded to an existing warning-message resolver plus targeted regression coverage. ## Phase 6: Regression And Final Validation **Purpose**: Prove any direct fix stayed bounded and did not regress the adjacent guidance slices. - [ ] T042 Run `cd apps/platform && ./vendor/bin/sail artisan test --compact --filter=Spec351`. - [ ] T043 Run `cd apps/platform && ./vendor/bin/sail artisan test --compact --filter=Spec352`. - [ ] T044 Run `cd apps/platform && ./vendor/bin/sail artisan test --compact --filter=Spec353`. - [ ] T045 Run `cd apps/platform && ./vendor/bin/sail artisan test --compact --filter=Spec354`. - [ ] T046 Run `cd apps/platform && ./vendor/bin/sail artisan test --compact --filter=CustomerReviewWorkspace`. - [ ] T047 Run `cd apps/platform && ./vendor/bin/sail artisan test --compact --filter=EnvironmentDashboard`. - [ ] T048 Run `cd apps/platform && ./vendor/bin/sail artisan test --compact --filter=ProviderConnection`. - [x] T049 Run `cd apps/platform && ./vendor/bin/sail artisan test --compact --filter=FindingException`. - [x] T050 Run `cd apps/platform && ./vendor/bin/sail artisan test --compact --filter=ResolutionGuidance`. - [x] T051 Run any new direct-fix test file added in Phase 5. - [x] T052 Run `cd apps/platform && ./vendor/bin/sail pint --dirty` if runtime files changed. - [x] T053 Run `git diff --check`. - [x] T054 Record explicitly whether the full suite was or was not run. Execution note: Broad family filters (`Spec351`-`Spec354`) were attempted via direct `pest` equivalents, but the current Sail container repeatedly killed those wide runs with exit `137`. Narrower affected Spec 354 regressions were run instead and are recorded in the readiness report. ## Non-Goals Checklist - [x] NT001 Do not add Customer Portal, PDF/HTML renderer, AI guidance, PSA/ITSM handoff, or a new workflow engine. - [x] NT002 Do not redesign Environment Dashboard, Governance Inbox, Evidence Overview, Customer Review Workspace, or Operations as part of this spec. - [x] NT003 Do not add new provider execution logic, provider framework, or Graph render calls. - [x] NT004 Do not add a new persisted sellable-readiness, smoke-result, or fixture-truth entity. - [x] NT005 Do not treat blocked fixture states as pass or infer customer-safe readiness without browser evidence. - [x] NT006 Do not reopen or normalize historical spec packages 351-354 during this slice. ## Required Final Report Content When implementation later completes, report: - branch - files changed - flows tested - screenshot count - pass/fail/blocked summary - P0/P1/P2/P3 findings - readiness decision - tests run - whether full suite was run - deferred follow-up specs