# Research: Governance Artifact Retargeting to ManagedEnvironment

## Decision Summary

### Decision 1: Treat 282 as a surface-ownership slice, not a schema slice

- **Decision**: `282` will retarget existing governance artifact resources and drillthroughs to the workspace-first admin runtime. It will not reopen `tenant_id` to `managed_environment_id` persistence work.
- **Why**: repo truth already shows `managed_environment_id` plus `workspace_id` on the relevant models, and the real remaining gap is surface registration, route ownership, and context resolution.
- **Evidence**:
  - `OperationRun`, `Finding`, `Policy`, `BackupSet`, `RestoreRun`, `EvidenceSnapshot`, `ReviewPack`, `TenantReview`, and `StoredReport` already persist `managed_environment_id`
  - many models use `DerivesWorkspaceIdFromTenant` or equivalent workspace derivation seams

### Decision 2: Scope the implementation around current resource families

- **Decision**: the primary implementation unit is the current environment-owned Filament resource families, not a generic artifact abstraction.
- **Why**: the route and admin-registration drift is expressed in concrete resources such as `FindingResource`, `PolicyResource`, `BackupSetResource`, `RestoreRunResource`, `EvidenceSnapshotResource`, `ReviewPackResource`, and `StoredReportResource`.
- **Evidence**:
  - several resources still include admin-hide guards through `shouldRegisterNavigation()` checks against the `admin` panel
  - read-only artifact resources still use `ManagedEnvironment::current()` or mixed fallback chains that imply tenant-panel ownership

### Decision 3: Reuse shared context and link seams

- **Decision**: reuse `ResolvesPanelTenantContext`, `InteractsWithTenantOwnedRecords`, `RelatedNavigationResolver`, `CanonicalNavigationContext`, and `OperationRunLinks` instead of creating a new route-helper layer.
- **Why**: the repo already has one shared environment-resolution seam and one shared navigation contract; the drift is in how existing resources still call them under tenant-panel assumptions.
- **Evidence**:
  - `ResolvesPanelTenantContext` already branches for `admin` versus `tenant` panels
  - `OperationRunLinks` already owns canonical operations URLs

### Decision 4: Keep artifact lifecycle and stored-report productization deferred

- **Decision**: defer lifecycle semantics to Spec `267` and broader stored-report surface/productization work to Spec `277`.
- **Why**: both packages already exist and would broaden `282` beyond route ownership and context resolution.
- **Evidence**:
  - `specs/267-artifact-lifecycle-retention/spec.md` is already `Ready for implementation`
  - `specs/277-stored-reports-surface/spec.md` is already `Ready for implementation`

### Decision 5: Keep provider, RBAC, copy, and no-legacy follow-through deferred

- **Decision**: defer Specs `283` through `287` unchanged.
- **Why**: `282` is already broad enough at the resource-surface layer. Capability registries, taxonomies, RBAC redesign, vocabulary cleanup, and global cutover quality gates belong to the later reserved slots.

### Decision 6: Keep adjacent pages out of scope for 282

- **Decision**: pages such as `TenantDiagnostics`, `InventoryCoverage`, and `BaselineCompareLanding` remain out of scope for `282` unless a later implementation produces a concrete, isolated follow-up need.
- **Why**: repo truth shows these are adjacent seams, not part of the minimum route-ownership contract needed for the current governance artifact resource families.

## Touched Resource Inventory

| Family | Representative resources | Current repo issue |
|---|---|---|
| Governance registers | `InventoryItemResource`, `PolicyResource`, `PolicyVersionResource`, `FindingResource`, `FindingExceptionResource` | admin-hidden registration or environment-context drift |
| Recovery and backup | `BackupScheduleResource`, `BackupSetResource`, `RestoreRunResource` | admin-hidden registration plus many related links and action URLs |
| Evidence and reporting | `EvidenceSnapshotResource`, `TenantReviewResource`, `ReviewPackResource`, `StoredReportResource` | environment resolution still assumes tenant-panel truth in fallbacks |

## Candidate Deviations From Raw Backlog Text

- The raw candidate reads like a model and route retarget combined. Repo truth shows the model retarget already happened in Spec `279`.
- The raw candidate mentions renaming review concepts and removing remaining `/admin/t` links broadly. For `282`, this is narrowed to the touched governance artifact surface families only; broader copy cleanup remains Spec `286`.
- The raw candidate's `operation_runs` move is already satisfied at the persistence layer; `282` only retargets artifact-origin links into the workspace-first operations routes reused from Spec `280`.
- The raw candidate's `backup items` note remains nested under backup-set and restore-run surfaces and does not become a separate top-level route family in `282`.

## Implementation Risks To Hold During Tasks Generation

- Do not widen into lifecycle or reporting semantics just because `ReviewPackResource` and `StoredReportResource` are touched.
- Do not create new route helpers or a generic artifact surface layer.
- Do not leave any touched family half-migrated, where list pages move but action URLs or related links still emit tenant-panel destinations.

## Files Reviewed

- `.specify/memory/constitution.md`
- `docs/product/spec-candidates.md`
- `docs/product/roadmap.md`
- `specs/267-artifact-lifecycle-retention/spec.md`
- `specs/277-stored-reports-surface/spec.md`
- `specs/279-workspace-managed-environment-core/spec.md`
- `specs/280-workspace-tenancy-environment-routing/spec.md`
- `specs/281-provider-connection-scope/spec.md`
- `apps/platform/app/Models/OperationRun.php`
- `apps/platform/app/Filament/Concerns/ResolvesPanelTenantContext.php`
- `apps/platform/app/Filament/Resources/FindingResource.php`
- `apps/platform/app/Filament/Resources/EvidenceSnapshotResource.php`
- `apps/platform/app/Filament/Resources/ReviewPackResource.php`
- `apps/platform/app/Filament/Resources/StoredReportResource.php`
- repo-wide searches for admin-hide guards and environment-context helper usage in Filament resources and pages