ahmido/TenantAtlas
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects 1 Releases Wiki Activity
codex/322-post-319-validation-note
TenantAtlas/specs/294-provider-verification-runtime-semantics/tasks.md
ahmido d3158f5103 test: stabilize provider verification runtime semantics (#349) 
## Summary
- align verification-start tests with the canonical credential-enabled provider fixture
- seed required tenant-permission evidence for provider operation start tests so inventory/compliance assertions exercise the real queued and `scopeBusy` contracts
- refresh stale provider-connection and verification-report test baselines to current shared output
- add the complete Spec 294 artifacts for the bounded provider/verification stabilization follow-up

## Scope
- bounded to `apps/platform/tests`, shared Pest test helpers, and `specs/294-provider-verification-runtime-semantics`
- no runtime application code changes under `apps/platform/app`
- no schema, route-cutover, framework, or asset changes

## Validation
- `cd apps/platform && ./vendor/bin/sail artisan test --compact tests/Feature/Verification/VerificationAuthorizationTest.php tests/Feature/Verification/VerificationStartAfterCompletionTest.php tests/Feature/Verification/VerificationStartDedupeTest.php`
- `cd apps/platform && ./vendor/bin/sail artisan test --compact tests/Feature/ProviderConnections/ProviderDispatchGateStartSurfaceTest.php tests/Feature/ProviderConnections/ProviderOperationConcurrencyTest.php`
- `cd apps/platform && ./vendor/bin/sail artisan test --compact tests/Feature/ProviderConnections/ProviderConnectionNeutralitySpec238Test.php tests/Feature/Verification/ProviderConnectionHealthCheckWritesReportTest.php`
- `cd apps/platform && ./vendor/bin/sail artisan test --compact tests/Feature/ProviderConnections tests/Feature/Verification`
- `cd apps/platform && ./vendor/bin/sail bin pint --dirty --format agent`

## Notes
- browser smoke was not run because the final diff contains no runtime app or UI changes; only tests, shared test helpers, and spec artifacts changed
- provider registration remains unchanged in `apps/platform/bootstrap/providers.php`
- no new globally searchable resource or destructive action behavior was introduced

Co-authored-by: Ahmed Darrazi <ahmed.darrazi@live.de>
Reviewed-on: #349
2026-05-11 08:26:17 +00:00

7.6 KiB
Raw Permalink Blame History

Tasks: Provider Verification Runtime Semantics Stabilization

Input: Design documents from specs/294-provider-verification-runtime-semantics/
Prerequisites: spec.md, plan.md, research.md, data-model.md, quickstart.md, failure-classification.md, checklists/requirements.md

Review Artifact: specs/294-provider-verification-runtime-semantics/checklists/requirements.md
Failure Inventory: specs/294-provider-verification-runtime-semantics/failure-classification.md

Review Metadata

  • Review outcome class: acceptable-special-case
  • Workflow outcome: keep
  • Test-governance outcome: keep
  • Stop / split triggers: route-cutover repair, full-suite repair outside the target lane, new tables, persisted provider profiles, new run status values, new provider abstractions, new verification schema version, or historical-spec rewrites

Pinned Failure-Classification Categories

  • surface-or-report-baseline-drift
  • fixture-contract-drift
  • provider-verification-runtime-regression
  • dedupe-concurrency-contract-drift
  • out-of-scope-existing-debt
  • resolved-or-not-needed

Pinned Stabilization Seams

  • provider-neutrality-surface
  • shared-startable-fixtures
  • verification-start-contract
  • provider-dispatch-concurrency
  • verification-report-summary

Grouping Unit

In 294, one failure group equals one failing test file or one failing scenario cluster that shares one seam and one category. The authoritative grouped baseline lives in failure-classification.md.

Test Governance Checklist

  • The primary proof command is the bounded ProviderConnections/Verification feature lane.
  • Focused reruns are defined for verification start, provider dispatch/concurrency, and surface/report baseline clusters.
  • The existing provider-connection scope browser smoke is conditional and reused only if visible provider-connection disclosure changes.
  • No new browser family or heavy-governance lane is required.
  • Formatting is closed with ./vendor/bin/sail bin pint --dirty --format agent.

Phase 1: Setup and Classification

  • T001 Review spec.md, plan.md, research.md, data-model.md, quickstart.md, failure-classification.md, and checklists/requirements.md before touching runtime or tests; confirm Spec 293 remains context only.
  • T002 [P] Re-run export PATH="/bin:/usr/bin:/usr/local/bin:$PATH" && cd apps/platform && ./vendor/bin/sail artisan test --compact tests/Feature/ProviderConnections tests/Feature/Verification; the grouped prep-time baseline remained unchanged before implementation, and the final in-scope rerun closed green at 109 passed.
  • T003 [P] Confirm each failing group still maps to exactly one pinned seam and one pinned category before the first code change.

Phase 2: User Story 1 - Verification start contract (Priority: P1)

Goal: canonical startable verification fixtures and runtime owners agree on started, deduped, fresh post-completion reruns, and real blocked semantics.

Independent Proof:

export PATH="/bin:/usr/bin:/usr/local/bin:$PATH" && cd apps/platform && ./vendor/bin/sail artisan test --compact tests/Feature/Verification/VerificationAuthorizationTest.php tests/Feature/Verification/VerificationStartAfterCompletionTest.php tests/Feature/Verification/VerificationStartDedupeTest.php
  • T004 [P] Update apps/platform/tests/Feature/Verification/VerificationAuthorizationTest.php so the started path uses a canonical startable fixture and any intentionally blocked case stays explicit.
  • T005 [P] Update apps/platform/tests/Feature/Verification/VerificationStartAfterCompletionTest.php and apps/platform/tests/Feature/Verification/VerificationStartDedupeTest.php to pin fresh-run-after-completion and same-run dedupe semantics against canonical fixture data.
  • T006 Verify apps/platform/tests/Pest.php remains the canonical source of startable verification truth and update the touched verification fixture call sites to use createUserWithTenant(..., fixtureProfile: 'credential-enabled').
  • T007 Focused reruns proved the canonical verification runtime owner already matched repo truth, so no StartVerification runtime change was needed.

Phase 3: User Story 2 - Provider-operation concurrency (Priority: P1)

Goal: same-operation reruns dedupe, different active operations on the same provider connection return scopeBusy, and queue/run counts stay gate-owned.

Independent Proof:

export PATH="/bin:/usr/bin:/usr/local/bin:$PATH" && cd apps/platform && ./vendor/bin/sail artisan test --compact tests/Feature/ProviderConnections/ProviderDispatchGateStartSurfaceTest.php tests/Feature/ProviderConnections/ProviderOperationConcurrencyTest.php
  • T008 [P] Update apps/platform/tests/Feature/ProviderConnections/ProviderDispatchGateStartSurfaceTest.php to pin the current cross-operation scopeBusy follow-through and queue-count contract.
  • T009 [P] Update apps/platform/tests/Feature/ProviderConnections/ProviderOperationConcurrencyTest.php to pin same-operation dedupe, cross-operation scopeBusy, and run-identity expectations after fixture alignment.
  • T010 Align the provider-operation fixture prerequisites instead of widening runtime code; focused reruns proved ProviderOperationStartGate and OperationRunService did not need changes once capability evidence existed.

Phase 4: User Story 3 - Surface and report baselines (Priority: P2)

Goal: provider connection disclosure and verification report summaries match the current shared owner truth.

Independent Proof:

export PATH="/bin:/usr/bin:/usr/local/bin:$PATH" && cd apps/platform && ./vendor/bin/sail artisan test --compact tests/Feature/ProviderConnections/ProviderConnectionNeutralitySpec238Test.php tests/Feature/Verification/ProviderConnectionHealthCheckWritesReportTest.php
  • T011 [P] Update apps/platform/tests/Feature/ProviderConnections/ProviderConnectionNeutralitySpec238Test.php so the assertions pin the current neutral target-scope disclosure and nested provider identity detail baseline without reintroducing Entra-only wording.
  • T012 [P] Update apps/platform/tests/Feature/Verification/ProviderConnectionHealthCheckWritesReportTest.php so summary.counts.total follows the current emitted check inventory instead of a stale literal ceiling.
  • T013 Focused reruns proved the current surface/report producers were already correct, so no runtime change was needed in the provider target-scope or verification report seams.

Phase 5: Cross-Cutting Validation and Close-Out

  • T014 Run the focused verification-start proof command from Phase 2 until it passes.
  • T015 Run the focused provider-dispatch proof command from Phase 3 until it passes.
  • T016 Run the focused surface/report proof command from Phase 4 until it passes.
  • T017 Run export PATH="/bin:/usr/bin:/usr/local/bin:$PATH" && cd apps/platform && ./vendor/bin/sail artisan test --compact tests/Feature/ProviderConnections tests/Feature/Verification and confirm the full in-scope lane is green.
  • T018 [P] Runtime provider-connection disclosure did not change in application code, so the existing browser smoke was not required for this implementation.
  • T019 Run export PATH="/bin:/usr/bin:/usr/local/bin:$PATH" && cd apps/platform && ./vendor/bin/sail bin pint --dirty --format agent.
  • T020 Review failure-classification.md and checklists/requirements.md one last time to confirm no route-cutover, full-suite, table/profile/run-status, provider-framework, verification-schema-version, or historical-spec-rewrite work slipped into 294, and classify any residual mismatch instead of widening scope silently.