ahmido/TenantAtlas
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects 1 Releases Wiki Activity
platform-dev
TenantAtlas/specs/288-quality-gates-no-legacy-enforcement/quickstart.md
ahmido 0a1377c5f5 feat(spec-288): add no-legacy quality gates (#347) 
## Summary
- add Spec 288 no-legacy route/helper and provider-core/role-authority guard coverage
- extend the pinned Spec 281 and Spec 285 browser smokes plus lane/report classification wording for classification-only fallout handling
- add the Spec 288 artifact package and contributor-facing quality-gate guidance while keeping Package Execution deferred to Spec 289

## Validation
- `export PATH="/bin:/usr/bin:/usr/local/bin:$PATH" && REPO_ROOT="$(git rev-parse --show-toplevel)" && (cd "$REPO_ROOT/apps/platform" && ./vendor/bin/sail artisan test --compact tests/Feature/Guards/Spec288NoLegacyRouteAndHelperGuardTest.php tests/Feature/Guards/Spec288ProviderCoreAndRoleAuthorityGuardTest.php tests/Feature/Guards/AdminWorkspaceRoutesGuardTest.php tests/Feature/Guards/ProviderBoundaryPlatformCoreGuardTest.php tests/Feature/ProviderConnections/LegacyRedirectTest.php tests/Feature/ManagedEnvironment/LegacyTenantCoreGuardTest.php tests/Feature/Spec080WorkspaceManagedTenantAdminMigrationTest.php tests/Feature/Rbac/ProviderConnectionWorkspaceFirstPolicyTest.php tests/Feature/Filament/ManagedEnvironmentAccessScopeManagementTest.php tests/Feature/Guards/BrowserLaneIsolationTest.php tests/Feature/Guards/CiLaneFailureClassificationContractTest.php tests/Feature/Guards/CiHeavyBrowserWorkflowContractTest.php tests/Unit/Auth/NoRoleStringChecksTest.php)`
- `export PATH="/bin:/usr/bin:/usr/local/bin:$PATH" && REPO_ROOT="$(git rev-parse --show-toplevel)" && (cd "$REPO_ROOT/apps/platform" && ./vendor/bin/sail artisan test --compact tests/Browser/Spec281ProviderConnectionScopeSmokeTest.php tests/Browser/Spec285WorkspaceRbacEnvironmentAccessSmokeTest.php)`
- `export PATH="/bin:/usr/bin:/usr/local/bin:$PATH" && REPO_ROOT="$(git rev-parse --show-toplevel)" && (cd "$REPO_ROOT/apps/platform" && ./vendor/bin/sail bin pint --dirty --format agent)`

Co-authored-by: Ahmed Darrazi <ahmed.darrazi@live.de>
Reviewed-on: #347
2026-05-10 21:24:14 +00:00

84 lines
4.7 KiB
Markdown
Raw Permalink Blame History

# Quickstart: Quality Gates / No-Legacy Enforcement
## Purpose
Use this guide to review or implement Feature `288` as the bounded enforcement layer that follows Spec `287`.
## Preconditions
- The package stays limited to:
- no-legacy guard tests
- route emission guards
- forbidden legacy route/path checks
- forbidden tenant-panel helper checks
- provider-core forbidden seam checks
- environment-scope role-authority guard checks
- quality-gate documentation
- targeted browser smoke gates
- full-suite baseline classification only, not full-suite repair
- Package Execution Contract remains deferred to Spec `289`.
- The implementation does not reopen runtime cutover, provider-core rewrites, RBAC rewrites, Guided Operations, UI copy cleanup, Review Pack export work, or a full-suite repair program.
- Filament remains v5 on Livewire v4 and provider registration remains in `apps/platform/bootstrap/providers.php`.
## Read Order
1. `spec.md`
2. `plan.md`
3. `research.md`
4. `data-model.md`
5. `contracts/quality-gates-no-legacy-enforcement.logical.openapi.yaml`
6. `tasks.md`
7. `checklists/requirements.md`
## Implementation Intent
- add bounded no-legacy and route-emission guards instead of reopening route migration work
- add bounded provider-core and role-authority guards instead of rewriting provider-core or RBAC
- keep browser proof on the existing Spec `281` and Spec `285` smoke anchors
- document the quality-gate contract and the rule that broader baseline fallout is classified only under this spec
- keep Spec `289` as the explicit follow-up for Package Execution Contract work
## Review Scenarios
### Scenario 1: Retired management routes and helper patterns fail fast
- introduce or simulate a retired route/path or helper token on an owned seam
- run the targeted guard suite
- confirm the failure message names the offending path or helper pattern explicitly
### Scenario 2: Provider-core seams stay provider-neutral and role authority stays workspace-owned
- run the targeted provider-boundary and role-authority proof set
- confirm platform-core seams do not reintroduce provider-specific request shaping or binding truth
- confirm wrong-scope `404`, in-scope `403`, and direct role-edit rejection semantics remain intact
### Scenario 3: Browser proof still reflects canonical visible continuity
- run the two targeted browser smoke tests
- confirm the provider-connection and workspace/environment drill-down flows render their canonical route continuity
- confirm the browser suite reports no JavaScript or console errors
### Scenario 4: Broader baseline fallout stays classification-only
- review the contributor-facing quality-gate docs and any changed report/manifest wording
- confirm the package classifies wider baseline fallout without taking ownership of unrelated repair work
## Planned Validation Commands
```bash
export PATH="/bin:/usr/bin:/usr/local/bin:$PATH" && REPO_ROOT="$(git rev-parse --show-toplevel)" && (cd "$REPO_ROOT/apps/platform" && ./vendor/bin/sail artisan test --compact tests/Feature/Guards/Spec288NoLegacyRouteAndHelperGuardTest.php tests/Feature/Guards/Spec288ProviderCoreAndRoleAuthorityGuardTest.php tests/Feature/Guards/AdminWorkspaceRoutesGuardTest.php tests/Feature/Guards/ProviderBoundaryPlatformCoreGuardTest.php tests/Feature/ProviderConnections/LegacyRedirectTest.php tests/Feature/ManagedEnvironment/LegacyTenantCoreGuardTest.php tests/Feature/Spec080WorkspaceManagedTenantAdminMigrationTest.php tests/Feature/Rbac/ProviderConnectionWorkspaceFirstPolicyTest.php tests/Feature/Filament/ManagedEnvironmentAccessScopeManagementTest.php tests/Feature/Guards/BrowserLaneIsolationTest.php tests/Feature/Guards/CiLaneFailureClassificationContractTest.php tests/Feature/Guards/CiHeavyBrowserWorkflowContractTest.php tests/Unit/Auth/NoRoleStringChecksTest.php)
```
```bash
export PATH="/bin:/usr/bin:/usr/local/bin:$PATH" && REPO_ROOT="$(git rev-parse --show-toplevel)" && (cd "$REPO_ROOT/apps/platform" && ./vendor/bin/sail artisan test --compact tests/Browser/Spec281ProviderConnectionScopeSmokeTest.php tests/Browser/Spec285WorkspaceRbacEnvironmentAccessSmokeTest.php)
```
```bash
export PATH="/bin:/usr/bin:/usr/local/bin:$PATH" && REPO_ROOT="$(git rev-parse --show-toplevel)" && (cd "$REPO_ROOT/apps/platform" && ./vendor/bin/sail bin pint --dirty --format agent)
```
## Explicit Stop Conditions
- If implementation starts repairing unrelated full-suite failures, stop and split that work out of `288`.
- If implementation starts reopening runtime cutover, provider-core rewrite, RBAC rewrite, or product-surface cleanup, stop and split the extra work out of `288`.
- If implementation starts absorbing Package Execution Contract work, stop and move that work to Spec `289`.
Reference in New Issue View Git Blame Copy Permalink