# Quickstart: Enterprise Evidence Gap Details for Baseline Compare ## Prerequisites 1. Start the local stack. ```bash vendor/bin/sail up -d ``` 2. Ensure the app is clean enough to run focused tests. ## Focused Verification Run the minimum regression pack for the feature: ```bash vendor/bin/sail artisan test --compact tests/Feature/Baselines/BaselineCompareAmbiguousMatchGapTest.php tests/Feature/Baselines/BaselineCompareResumeTokenTest.php tests/Feature/Filament/OperationRunEnterpriseDetailPageTest.php ``` Format touched files before shipping implementation updates: ```bash vendor/bin/sail bin pint --dirty --format agent ``` ## Manual Verification Flow 1. Trigger or locate a completed `baseline_compare` run with evidence gaps. 2. Open the canonical run detail page at `/admin/operations/{run}`. 3. Confirm the page shows outcome/trust guidance before diagnostics. 4. Confirm the `Evidence gap details` section is visible when subject-level details exist. 5. Use `Search gap details` to filter by: - reason text such as `ambiguous` - policy type such as `deviceConfiguration` - subject key fragment such as part of a display name or GUID 6. Confirm raw JSON evidence remains available in the separate `Baseline compare evidence` section. ## Legacy-Run Verification 1. Open an older baseline compare run that contains `evidence_gaps.count` but no `evidence_gaps.subjects`. 2. Confirm the UI distinguishes missing recorded detail from the absence of gaps. 3. Confirm the page still renders successfully and does not imply a healthy compare result. ## Tenant-Safety Verification 1. Verify an entitled user can inspect the same run through canonical monitoring. 2. Verify a non-member cannot discover tenant-owned detail through canonical or tenant-scoped surfaces. 3. Verify member-but-underprivileged behavior remains enforced by existing authorization rules. ## Render-Safety Verification 1. Bind the fail-hard graph client in the affected UI tests. 2. Verify the canonical run detail renders evidence-gap detail without invoking `GraphClientInterface`. 3. Verify the tenant landing evidence-gap state renders without invoking `GraphClientInterface`. ## Deployment Notes - No new database migration is required. - No new Filament assets are registered, so this feature does not add a new `filament:assets` deployment requirement. - Filament remains on Livewire v4-compatible patterns and requires no panel provider changes.