# Spec 365 Regression Gate Matrix This matrix is the final Operations UI/operator action gate for the OperationRun/Reconciliation program. It links representative states from Specs 358-364 to the Spec 365 UI/action expectations and test families. ## Matrix | Family | State | Required visible decision truth | Required absent/default-hidden truth | Primary action expectation | Test family | |---|---|---|---|---|---| | Queue | fresh queued | Queued/running lifecycle is still fresh; status/outcome/freshness/scope visible | Retry, Reconcile, raw JSON, worker blame when not stale | View details or no mutation action | Unit, Browser | | Queue | stale queued | Longer-than-expected attention state; reason and scope visible | "Waiting for worker" as certain claim, raw queue payload | Reconcile only if adapter/proof exists, else View details | Unit, Feature, Browser | | Queue | stale running | Stale running attention state; lifecycle reconciliation guidance | stale plus fresh contradictory copy | Reconcile only if adapter/proof exists, else View details | Unit, Feature | | Reconciliation | review already available | Review already available; reconciled from adapter; related review proof | SQLSTATE, duplicate key, raw fingerprint/constraint | View review | Unit, Feature, Browser | | Reconciliation | report/review-pack already available | Report/review-pack artifact available; related artifact proof | raw report payload, signed URL in context | View report | Unit, Feature, Browser | | Reconciliation | evidence snapshot already available | Evidence snapshot available; related evidence proof | raw Graph payload, signed URL in context | View evidence | Unit, Feature, Browser | | Sync | partial | Completed with partial results; affected families or blocked family count | provider trace, raw job payload | View affected families/details | Unit, Feature, Browser | | Sync | blocked | Blocked reason and missing permission/precondition summary | access token, client secret, full provider trace | View missing permissions/details | Unit, Feature | | Backup | partial | Backup completed with partial results; safe scope | raw backup payload by default | View backup details | Unit, Feature | | Backup | blocked | Backup blocked; missing permission/precondition summary | raw provider exception by default | View missing permissions/details | Unit, Feature, Browser | | Restore | verification required | Restore verification required; provider accepted but target not verified | Retry restore, Re-execute restore, Force complete, Mark succeeded | View restore details | Unit, Feature, Browser | | Restore | partial | Restore partial; verified/unverified step summary | Force success copy, raw provider payload default | View restore details | Unit, Feature | | Restore | blocked | Restore blocked; approval/provider/access reason | Retry restore, force-success, stack trace | View restore details | Unit, Feature, Browser | | Restore | failed | Restore failed with high-risk guard | Retry restore, Re-execute restore, Force complete, Mark succeeded | View restore details | Unit, Feature, Browser | | RBAC | action denied | Action unavailable or disabled reason for missing capability | Direct action success, hidden capability names as primary copy | No action execution | Feature, Browser | | Scope | cross-workspace denied | No cross-scope hint for inaccessible run/action | Related cross-workspace object link | No action execution | Feature | | Raw leakage | customer-readable default surface | Calm summary, safe reason, diagnostics secondary | SQLSTATE, Guzzle, stack trace, access token, client secret, serialized job, internal constraint names | N/A | Browser | ## Implemented Test Files Direct Spec 365 tests: ```text apps/platform/tests/Unit/Support/Operations/Spec365OperationRunActionEligibilityTest.php apps/platform/tests/Unit/Support/Operations/Spec365OperationRunPrimaryActionTest.php apps/platform/tests/Feature/Operations/Spec365OperationRunOperatorActionsTest.php apps/platform/tests/Browser/Spec365OperationsUiOperatorActionsSmokeTest.php ``` High-risk guard, RBAC, audit, related-link, retry-unavailable, idempotency, and raw-leakage assertions are consolidated into the files above plus existing OperationRun presentation regressions listed below. Existing regression files exercised during implementation: ```text apps/platform/tests/Feature/Operations/Spec359OperationRunAdapterReconciliationTest.php apps/platform/tests/Feature/EnvironmentReview/Spec359ReviewComposeReconciliationTest.php apps/platform/tests/Feature/Operations/Spec364RestoreExecuteReconciliationTest.php apps/platform/tests/Feature/Operations/TenantlessOperationRunViewerTest.php apps/platform/tests/Feature/Guards/OperationRunLinkContractGuardTest.php apps/platform/tests/Feature/Monitoring/MonitoringOperationsTest.php apps/platform/tests/Feature/Monitoring/OperationRunResolvedReferencePresentationTest.php apps/platform/tests/Feature/Monitoring/OperationLifecycleFreshnessPresentationTest.php apps/platform/tests/Feature/Filament/OperationRunEnterpriseDetailPageTest.php apps/platform/tests/Feature/Filament/OperationRunListFiltersTest.php apps/platform/tests/Feature/Filament/OperationRunBaselineTruthSurfaceTest.php apps/platform/tests/Browser/Spec360OperationRunCanonicalCutoverSmokeTest.php ``` ## Regression Commands Direct Spec 365: ```bash cd apps/platform && ./vendor/bin/sail artisan test --compact --filter=Spec365 ``` OperationRun program regressions: ```bash cd apps/platform && ./vendor/bin/sail artisan test --compact --filter=Spec358 cd apps/platform && ./vendor/bin/sail artisan test --compact --filter=Spec359 cd apps/platform && ./vendor/bin/sail artisan test --compact --filter=Spec360 cd apps/platform && ./vendor/bin/sail artisan test --compact --filter=Spec361 cd apps/platform && ./vendor/bin/sail artisan test --compact --filter=Spec362 cd apps/platform && ./vendor/bin/sail artisan test --compact --filter=Spec363 cd apps/platform && ./vendor/bin/sail artisan test --compact --filter=Spec364 ``` Review/report/customer regressions: ```bash cd apps/platform && ./vendor/bin/sail artisan test --compact tests/Browser/CustomerReviewWorkspaceSmokeTest.php cd apps/platform && ./vendor/bin/sail artisan test --compact tests/Browser/Spec357ReportProfilesSmokeTest.php cd apps/platform && ./vendor/bin/sail artisan test --compact tests/Feature/ReviewPack/Spec357RenderedReportProfileTest.php cd apps/platform && ./vendor/bin/sail artisan test --compact tests/Feature/ReviewPack/ReviewPackDownloadTest.php cd apps/platform && ./vendor/bin/sail artisan test --compact tests/Feature/ReviewPack/EnvironmentReviewDerivedReviewPackTest.php cd apps/platform && ./vendor/bin/sail artisan test --compact tests/Feature/ReviewPack/EnvironmentReviewExecutivePackTest.php ``` Operations/provider regressions: ```bash cd apps/platform && ./vendor/bin/sail artisan test --compact tests/Feature/Operations cd apps/platform && ./vendor/bin/sail artisan test --compact tests/Feature/ProviderConnections ``` Known external failures to check separately, not silently bundle: ```bash cd apps/platform && ./vendor/bin/sail artisan test --compact tests/Browser/Spec347ReviewPackOutputReadinessSmokeTest.php cd apps/platform && ./vendor/bin/sail artisan test --compact tests/Feature/EnvironmentReviewHeaderDisciplineTest.php ``` Quality: ```bash cd apps/platform && ./vendor/bin/pint --dirty git diff --check ``` Optional direct browser gate: ```bash cd apps/platform && ./vendor/bin/sail artisan test --compact tests/Browser/Spec365OperationsUiOperatorActionsSmokeTest.php ``` ## Close-Out Template Implementation must update this matrix or `tasks.md` with: - Spec365 direct test result: 20 PHP tests / 118 assertions and 3 browser tests / 42 assertions passed locally after implementation. - Spec358-364 regression result: targeted Spec359, Spec360 browser, Spec364, OperationRun viewer/link, monitoring, and resource presentation regressions passed locally; final filter sweep is recorded in `tasks.md`. - Browser smoke result: `php artisan test --compact tests/Browser/Spec365OperationsUiOperatorActionsSmokeTest.php` passed. - Known external failures and whether they predate Spec365: none observed in the executed targeted lanes. - Implemented/deferred retry families: retry deferred for all families; Reconcile implemented only through adapter proof and existing OperationRun service writes. - Acknowledge implemented/deferred decision: deferred because no clean OperationRun acknowledge seam exists. - Raw leakage guard result: browser smoke asserts absence of `SQLSTATE`, `Guzzle`, `stack trace`, `access token`, `client secret`, `serialized job`, and the review fingerprint unique-index name on default surfaces.