# Quickstart: Canonical Operation Viewer Context Decoupling ## Goal Verify that canonical operation run viewing is independent of remembered tenant context while preserving tenant entitlement and capability semantics. ## Preconditions 1. Start the local environment: ```bash vendor/bin/sail up -d ``` 2. Ensure test database and app state are ready: ```bash vendor/bin/sail artisan optimize:clear ``` ## Manual Verification Flow 1. Sign in as a user who is a member of one workspace and entitled to at least two tenants in that workspace. 2. Open a canonical run linked to tenant A while tenant B is selected in the header. 3. Confirm the page still renders the run and shows a non-blocking mismatch message. 4. Clear tenant context or open the same run from a fresh session with no selected tenant. 5. Confirm the run still renders. 6. Open a tenantless run. 7. Confirm the page renders with workspace-level framing and no tenant selection requirement. 8. Open the same run from a notification-style or verification-surface `View run` entry point with no selected tenant. 9. Confirm the canonical viewer still resolves the same run. 10. Open a run linked to an onboarding, archived, or other tenant state already excluded from selector rules. 11. Confirm the page remains viewable, lifecycle-aware messaging is shown, and tenant follow-up actions are reduced or absent without blocking the viewer. 12. Open a canonical run for a tenant the current user is not entitled to. 13. Confirm the response is deny-as-not-found. 14. Open a run type that resolves a capability the current user lacks while workspace and tenant scope are otherwise valid. 15. Confirm the response is forbidden. ## Focused Test Command ```bash vendor/bin/sail artisan test --compact \ tests/Feature/144/CanonicalOperationViewerContextMismatchTest.php \ tests/Feature/144/CanonicalOperationViewerDeepLinkTrustTest.php \ tests/Feature/Operations/TenantlessOperationRunViewerTest.php \ tests/Feature/OpsUx/OperateHubShellTest.php \ tests/Feature/Monitoring/OperationsTenantScopeTest.php \ tests/Feature/RunAuthorizationTenantIsolationTest.php \ tests/Feature/Filament/OperationRunEnterpriseDetailPageTest.php ``` ## Formatting Run the required formatter after implementation changes: ```bash vendor/bin/sail bin pint --dirty --format agent ``` ## Expected Outcome - Canonical run viewing succeeds for authorized users regardless of remembered tenant context mismatch. - Tenant-linked runs still enforce direct tenant entitlement. - Tenantless runs and onboarding, archived, or otherwise selector-excluded tenant-linked runs remain viewable when authorized. - `View run` deep links remain canonical and trustworthy across tenant, notification, verification, and monitoring surfaces. - Reduced or unavailable tenant follow-up actions do not invalidate the canonical viewer.