# Tasks: Alerts / Audit Log Environment Filter Contract Decision **Input**: Spec artifacts from `specs/321-alerts-audit-log-environment-filter-contract-decision/` **Prerequisites**: `spec.md`, `plan.md`, `decision.md` **Runtime posture**: Hard cutover. No legacy alias support. ## Phase 1: Discovery Confirmation - [x] T001 Re-read `specs/321-alerts-audit-log-environment-filter-contract-decision/spec.md`, `plan.md`, and `decision.md` before runtime implementation starts. - [x] T002 Re-read Spec 318 artifacts: `audit-report.md`, `surface-inventory.md`, `page-matrix.md`, `mismatch-findings.md`, and `recommended-fixes.md`. - [x] T003 Confirm related completed specs 314 through 320 are context only and do not need edits for Spec 321. - [x] T004 Confirm `alert_deliveries.managed_environment_id` and `audit_logs.managed_environment_id` are still present and indexed before implementing filter queries. - [x] T005 Inspect current route names for Alerts, Alert Deliveries, Alert Rules, Alert Destinations, and Audit Log. ## Phase 2: Tests First - [x] T006 Add a static/spec guard test named `it('documents_alerts_and_audit_log_filter_contract_decisions')`. - [x] T007 Add Alerts overview contract test `it('alerts_support_environment_id_filter_with_visible_chip_and_clear')`. - [x] T008 Add Alert Deliveries contract test `it('alert_deliveries_support_environment_id_filter_with_visible_chip_and_clear')`. - [x] T009 Add Audit Log contract test `it('audit_log_supports_environment_id_filter_with_visible_chip_and_clear')`. - [x] T010 Add legacy alias guard test `it('alerts_and_audit_log_do_not_accept_legacy_environment_query_aliases')`. - [x] T011 Add cross-workspace guard test `it('alerts_and_audit_log_reject_cross_workspace_environment_filters')`. - [x] T012 Add sidebar/global navigation regression test `it('alerts_and_audit_log_sidebar_entry_is_workspace_wide')`. - [x] T013 Add Environment CTA contract test `it('environment_ctas_to_alerts_and_audit_log_use_environment_id')`. - [x] T014 Add configuration-surface guard test `it('alert_configuration_surfaces_do_not_emit_environment_filters')`. - [x] T015 Ensure tests prove data scope, not only URL or visible chip state. ## Phase 3: Shared Contract Wiring - [x] T016 Inspect `apps/platform/app/Support/Navigation/WorkspaceHubRegistry.php` and confirm Alerts, Alert Deliveries, and Audit Log remain registered as workspace hubs. - [x] T017 Confirm `WorkspaceHubRegistry::cleanUrl()` continues to strip Environment query params from sidebar/global entries. - [x] T018 Inspect `apps/platform/app/Support/Navigation/WorkspaceHubEnvironmentFilter.php` and reuse it for canonical `environment_id` resolution. - [x] T019 Reuse `apps/platform/app/Support/Navigation/WorkspaceHubFilterStateResetter.php` for clear behavior. - [x] T020 Reuse `apps/platform/app/Filament/Concerns/ClearsWorkspaceHubEnvironmentFilterState.php` where page/resource architecture supports it. - [x] T021 Reuse `apps/platform/resources/views/filament/partials/workspace-hub-environment-filter-chip.blade.php` for visible filter state. - [x] T022 Do not add a page-local Environment resolver unless existing architecture requires a minimal adapter. ## Phase 4: Alerts Overview - [x] T023 Update `apps/platform/app/Filament/Pages/Monitoring/Alerts.php` to resolve canonical `environment_id` for the current Workspace. - [x] T024 Keep Alerts overview shell Workspace-only in all filtered and unfiltered states. - [x] T025 Render the shared Environment filter chip in `apps/platform/resources/views/filament/pages/monitoring/alerts.blade.php` when the filter is active. - [x] T026 Ensure the clear action on Alerts overview uses shared reset behavior and returns to clean `/admin/alerts`. - [x] T027 Update `apps/platform/app/Filament/Widgets/AlertsKpiHeader.php` so Environment-attributable delivery signal counts respect the active filter. - [x] T028 Ensure workspace-level configuration counts on Alerts overview are not mislabeled as Environment-filtered counts. - [x] T029 Ensure Alerts overview links to Alert Deliveries preserve canonical `environment_id` when filtered. - [x] T030 Ensure Alerts overview links to Alert Rules and Alert Destinations do not include Environment filter params. ## Phase 5: Alert Deliveries - [x] T031 Update `apps/platform/app/Filament/Resources/AlertDeliveryResource.php` query/table behavior to apply canonical `environment_id` through shared resolution. - [x] T032 Filter Alert Deliveries rows by reliable `managed_environment_id`. - [x] T033 Keep Alert Deliveries shell Workspace-only in all filtered and unfiltered states. - [x] T034 Render the shared Environment filter chip on the Alert Deliveries list page when filtered. - [x] T035 Ensure clear removes `environment_id`, `tableFilters`, `tableDeferredFilters`, persisted Filament/session filter state, and visible chip. - [x] T036 Ensure legacy URL aliases do not prefill the table filter. - [x] T037 Ensure clean Alert Deliveries entry is workspace-wide and reload-safe. ## Phase 6: Alert Rules and Alert Destinations - [x] T038 Confirm `apps/platform/app/Filament/Resources/AlertRuleResource.php` remains a workspace configuration surface. - [x] T039 Confirm `apps/platform/app/Filament/Resources/AlertDestinationResource.php` remains a workspace configuration surface. - [x] T040 Ensure Alert Rules do not render an Environment filter chip from `environment_id`. - [x] T041 Ensure Alert Destinations do not render an Environment filter chip from `environment_id`. - [x] T042 Ensure Environment Dashboard or Alert overview CTAs to Alert Rules use clean workspace links. - [x] T043 Ensure Environment Dashboard or Alert overview CTAs to Alert Destinations use clean workspace links. ## Phase 7: Audit Log - [x] T044 Update `apps/platform/app/Filament/Pages/Monitoring/AuditLog.php` to resolve canonical `environment_id` for the current Workspace. - [x] T045 Filter Audit Log rows by reliable `audit_logs.managed_environment_id` when the filter is active. - [x] T046 Keep Audit Log shell Workspace-only in all filtered and unfiltered states. - [x] T047 Render the shared Environment filter chip in `apps/platform/resources/views/filament/pages/monitoring/audit-log.blade.php` when filtered. - [x] T048 Ensure Audit Log clear removes `environment_id`, table filters, deferred filters, persisted session state, and visible chip. - [x] T049 Ensure Audit Log clean entry does not inherit remembered Environment state. - [x] T050 Ensure selected audit event/detail state cannot show an event outside the active Environment filter. - [x] T051 Ensure audit events with null `managed_environment_id` remain visible workspace-wide and are excluded when filtered. ## Phase 8: Navigation, Links, and CTAs - [x] T052 Inspect `apps/platform/app/Support/Navigation/WorkspaceSidebarNavigation.php` and confirm sidebar entries for Alerts and Audit Log remain clean. - [x] T053 Inspect Environment Dashboard CTAs and widgets for Alerts or Audit Log links. - [x] T054 Update Environment-origin CTAs to Alerts, Alert Deliveries, and Audit Log to use canonical `environment_id` only when preserving Environment focus. - [x] T055 Remove `environment_id` from Environment-origin CTAs to Alert Rules and Alert Destinations. - [x] T056 Inspect `apps/platform/app/Support/ManagedEnvironmentLinks.php` for any Alerts/Audit helpers or related links that need canonicalization. - [x] T057 Inspect `apps/platform/app/Support/Operations/OperationRunLinks.php` for Alerts/Audit links that need canonicalization. - [x] T058 Inspect notification, alert, and audit link helpers for legacy `tenant`, `tenant_id`, `managed_environment_id`, `environment`, `tenant_scope`, or `tableFilters` query output. ## Phase 9: Regression and Safety - [x] T059 Run targeted Alerts/Audit contract tests. - [x] T060 Run Spec 315 environment filter contract regression tests. - [x] T061 Run Spec 316 clear filter contract regression tests. - [x] T062 Run Spec 317 legacy tenant cleanup regression tests. - [x] T063 Run Spec 314 workspace hub navigation regression tests. - [x] T064 Run Spec 319 Baseline Compare Environment-owned regression tests. - [x] T065 Run Spec 320 workspace-owned analysis shell regression tests. - [x] T066 Run formatting for touched PHP files. - [x] T067 Run `git diff --check`. ## Phase 10: Browser Verification > 2026-05-17 note: attempted integrated browser verification, but the Playwright MCP browser profile was locked by another running browser process (`mcp-chrome-6176c52`). Existing Pest browser smoke `tests/Browser/Spec193MonitoringSurfaceHierarchySmokeTest.php` passed and covers `/admin/alerts`, but the requested screenshot set remains pending. - [ ] T068 Start the local Sail/browser-ready environment. - [ ] T069 Open Alerts clean URL and capture `artifacts/screenshots/alerts--clean.png`. - [ ] T070 Open Alerts filtered URL and capture `artifacts/screenshots/alerts--filtered.png`. - [ ] T071 Clear Alerts filter, reload, and capture `artifacts/screenshots/alerts--after-clear.png` and `alerts--after-reload.png`. - [ ] T072 Open Alert Deliveries filtered URL and capture `artifacts/screenshots/alert-deliveries--filtered.png`. - [ ] T073 Open Audit Log clean URL and capture `artifacts/screenshots/audit-log--clean.png`. - [ ] T074 Open Audit Log filtered URL and capture `artifacts/screenshots/audit-log--filtered.png`. - [ ] T075 Clear Audit Log filter, reload, and capture `artifacts/screenshots/audit-log--after-clear.png` and `audit-log--after-reload.png`. - [ ] T076 Verify Environment Dashboard CTAs to Alerts/Audit Log and capture useful CTA screenshots. - [ ] T077 Verify browser back/forward after filter and clear does not create URL/chip/data mismatch. ## Phase 11: Final Report - [ ] T078 Report chosen contracts for Alerts, Alert Deliveries, Alert Rules, Alert Destinations, and Audit Log. - [ ] T079 Report changed behavior and files changed. - [ ] T080 Report test commands and results, including any unrelated residual failures. - [ ] T081 Report browser verification and screenshot paths. - [ ] T082 Report that no migrations, seeders, packages, env vars, queues, scheduler, storage, or deployment asset changes were made unless the spec was explicitly updated. - [ ] T083 Report that no backwards compatibility layer or legacy query alias support was introduced.