# Quickstart: Backup Quality Truth Surfaces ## Goal Validate that backup-set, backup-item, policy-version, and restore-selection surfaces now communicate backup quality truth early and explicitly without overstating restore safety, restore readiness, or tenant recoverability. ## Prerequisites 1. Start Sail if it is not already running. 2. Ensure the workspace has representative fixtures for: - a backup set with only full-payload items - a backup set with at least one metadata-only item - a backup set with assignment fetch failure metadata - a backup set with orphaned-assignment metadata - one policy version captured as full payload - one policy version captured as metadata-only - one user with `TENANT_VIEW` but without restore capability - one user with restore capability for the same tenant 3. Ensure the acting users are valid workspace and tenant members. 4. Ensure archived backup-set and policy-version fixtures exist if lifecycle plus quality combinations need validation. ## Focused Automated Verification Run the smallest existing backup, version, and restore-selection pack first: ```bash vendor/bin/sail artisan test --compact tests/Feature/Filament/BackupSetEnterpriseDetailPageTest.php vendor/bin/sail artisan test --compact tests/Feature/Filament/BackupItemsRelationManagerFiltersTest.php vendor/bin/sail artisan test --compact tests/Feature/Filament/BackupSetUiEnforcementTest.php vendor/bin/sail artisan test --compact tests/Feature/Filament/PolicyVersionTest.php vendor/bin/sail artisan test --compact tests/Feature/Filament/PolicyVersionRestoreViaWizardTest.php vendor/bin/sail artisan test --compact tests/Feature/Filament/RestoreItemSelectionTest.php vendor/bin/sail artisan test --compact tests/Feature/Rbac/BackupItemsRelationManagerUiEnforcementTest.php vendor/bin/sail artisan test --compact tests/Feature/Rbac/PolicyVersionsRestoreToIntuneUiEnforcementTest.php vendor/bin/sail artisan test --compact tests/Feature/Rbac/CreateRestoreRunAuthorizationTest.php vendor/bin/sail artisan test --compact tests/Feature/RestoreRiskChecksWizardTest.php vendor/bin/sail artisan test --compact tests/Unit/AssignmentBackupServiceTest.php vendor/bin/sail artisan test --compact tests/Unit/BackupItemTest.php ``` Expected new or expanded spec-scoped tests: ```bash vendor/bin/sail artisan test --compact tests/Feature/Filament/BackupQualityTruthSurfaceTest.php vendor/bin/sail artisan test --compact tests/Feature/Filament/PolicyVersionQualityTruthSurfaceTest.php vendor/bin/sail artisan test --compact tests/Feature/Filament/RestoreSelectionQualityTruthTest.php vendor/bin/sail artisan test --compact tests/Feature/Rbac/BackupQualityVisibilityTest.php vendor/bin/sail artisan test --compact tests/Unit/Support/BackupQuality/ ``` Use `--filter` for a smaller pass while iterating. ## Manual Validation Pass ### 1. Verify backup-set list truth Open `/admin/t/{tenant}/backup-sets` and confirm: - lifecycle status remains visible and separate from backup-quality summary - a full-quality set reads as `no degradations detected` or equivalent without implying safe restore - a degraded set shows metadata-only, assignment issues, orphaned assignments, or degraded-item count within one scan ### 2. Verify backup-set detail summary-first layout Open a degraded backup set and confirm: - the first visible summary answers whether the set is strong or weak as recovery input - metadata-only count, assignment issue count, and orphaned-assignment count appear before raw metadata - one primary next action is visible when degraded truth exists ### 3. Verify backup-items relation truth Within the same backup-set detail page, confirm the relation table shows: - snapshot mode per item - assignment capture issue truth per item - orphaned-assignment truth per item - current inspect model and action placement remain unchanged ### 4. Verify policy-version list and detail truth Open `/admin/t/{tenant}/policy-versions` and confirm: - metadata-only versions are visible at scan speed in the list itself - full-payload and degraded versions are distinguishable without hovering disabled actions Open a degraded policy version and confirm: - an explicit backup-quality section appears on the detail surface - the page explains degraded input quality without claiming safe restore or meaningful rollback certainty ### 5. Verify restore-selection truth before risk checks Open `/admin/t/{tenant}/restore-runs/create` and confirm: - step 1 backup-set choices expose degraded input before the wizard reaches checks or preview - step 2 item descriptions expose metadata-only and assignment-quality truth before risk checks run - the page still treats backup quality as input truth, not restore safety approval ### 6. Verify RBAC-safe truth visibility Repeat the list and detail checks as a user with `TENANT_VIEW` but without restore permission and confirm: - backup-quality truth remains visible - restore entry points remain unavailable or disabled with the current RBAC behavior - non-members still receive deny-as-not-found behavior rather than resource hints ## Non-Regression Checks Confirm the feature did not change: - tenant route identity for backup, version, or restore pages - current archive, restore, force-delete, or remove confirmation behavior - existing restore-safety blocking behavior for metadata-only input - existing assignment capture semantics and orphaned-assignment detection - current global asset registration and deployment requirements ## Formatting And Final Verification Before finalizing implementation work: ```bash vendor/bin/sail bin pint --dirty --format agent ``` Then rerun the smallest affected test set and offer the full suite only after the focused backup-quality pack passes. Close the feature only after manual validation confirms: - an operator can identify degraded versus full-looking backup input within 10 seconds on backup-set list and detail surfaces - the first restore selection step exposes weak inputs before risk-check work begins - reduced-permission users still see truthful quality signals without gaining restore capability