ahmido/TenantAtlas
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects 1 Releases Wiki Activity
platform-dev
TenantAtlas/specs/293-post-cutover-suite-stabilization/failure-classification.md
ahmido 83ab4690d5 fix: stabilize post-cutover suite baseline (#348) 
## Summary
- stabilize the active spec 293 post-cutover suite baseline around the current admin-panel and workspace-first runtime
- align operations, provider, required-permissions, and action-surface expectations to canonical workspace-aware routes
- add the monitoring operations workspace-membership guard and update the spec 293 classification artifacts
- include the browser smoke screenshots captured during verification

## Validation
- `cd apps/platform && ./vendor/bin/sail artisan test --compact tests/Feature/Filament/PanelNavigationSegregationTest.php tests/Feature/ManagedEnvironment/LegacyTenantCoreGuardTest.php`
- `cd apps/platform && ./vendor/bin/sail artisan test --compact tests/Feature/OpsUx/CanonicalViewRunLinksTest.php tests/Feature/OpsUx/OperateHubShellTest.php tests/Feature/OpsUx/FailureSanitizationTest.php tests/Feature/OpsUx/NonLeakageWorkspaceOperationsTest.php`
- `cd apps/platform && ./vendor/bin/sail artisan test --compact tests/Feature/Guards/ActionSurfaceContractTest.php tests/Feature/ProviderConnections/NavigationPlacementTest.php tests/Feature/ProviderConnections/ProviderConnectionListAuthorizationTest.php tests/Feature/Verification/VerificationAuthorizationTest.php`
- `cd apps/platform && ./vendor/bin/sail artisan test --compact tests/Feature/Guards/Spec288NoLegacyRouteAndHelperGuardTest.php tests/Feature/Guards/Spec288ProviderCoreAndRoleAuthorityGuardTest.php tests/Feature/Guards/AdminWorkspaceRoutesGuardTest.php tests/Feature/Guards/ProviderBoundaryPlatformCoreGuardTest.php tests/Feature/ProviderConnections/LegacyRedirectTest.php tests/Feature/ManagedEnvironment/LegacyTenantCoreGuardTest.php tests/Feature/Spec080WorkspaceManagedTenantAdminMigrationTest.php tests/Feature/Rbac/ProviderConnectionWorkspaceFirstPolicyTest.php tests/Feature/Filament/ManagedEnvironmentAccessScopeManagementTest.php tests/Feature/Guards/BrowserLaneIsolationTest.php tests/Feature/Guards/CiLaneFailureClassificationContractTest.php tests/Feature/Guards/CiHeavyBrowserWorkflowContractTest.php tests/Unit/Auth/NoRoleStringChecksTest.php`
- `cd apps/platform && ./vendor/bin/sail artisan test --compact tests/Browser/Spec281ProviderConnectionScopeSmokeTest.php tests/Browser/Spec285WorkspaceRbacEnvironmentAccessSmokeTest.php`
- `cd apps/platform && ./vendor/bin/sail bin pint --dirty --format agent`

## Notes
- remaining provider/verification failures are classified in `specs/293-post-cutover-suite-stabilization/failure-classification.md` as unrelated existing debt and are not folded into this slice

Co-authored-by: Ahmed Darrazi <ahmed.darrazi@live.de>
Reviewed-on: #348
2026-05-11 06:41:47 +00:00

47 lines
7.4 KiB
Markdown
Raw Permalink Blame History

# Failure Classification: Post-Cutover Suite Stabilization & Baseline Reconciliation
## Purpose
Use this artifact during later implementation of `293` to record the initial suite baseline, classify every relevant failure, and keep remaining unrelated debt explicit.
## Pinned Failure-Classification Categories
| Category | Meaning |
|---|---|
| `cutover-baseline-debt` | stale test or baseline expectation caused directly by the `287` and `288` cutover truth |
| `cutover-runtime-regression` | current workspace-first primary path is actually broken |
| `unrelated-existing-debt` | existing failure outside the cutover stabilization scope |
| `flaky-or-environment` | nondeterministic or environment-specific failure |
| `resolved-or-not-needed` | initially suspected cutover debt that no longer needs work after classification or adjacent repair |
## Pinned Stabilization Seams
| Seam | Meaning |
|---|---|
| `tenant_panel_baseline` | stale TenantPanel or `panel: 'tenant'` assumptions |
| `legacy_admin_t_routes` | stale `/admin/t/...` management-route assumptions |
| `workspace_aware_operations_routes` | operations links or helpers missing workspace context |
| `legacy_required_permissions_provider_connections` | tenant-scoped required-permissions or provider-connection legacy expectations |
| `action_surface_rebaseline` | stale action-surface expectations caused by the cutover |
## Initial Baseline Seeds
| Group | Seam | Category | Reason | Fix In 293? | Follow-up | Status |
|---|---|---|---|---|---|---|
| `PanelNavigationSegregationTest` | `tenant_panel_baseline`, `legacy_admin_t_routes` | `cutover-baseline-debt` | confirmed: the file still expects `/admin` to return `200` directly and still treats `/admin/t/...` as a live panel entry point | yes | update the baseline to current admin-panel navigation truth and explicit retired-route assertions | confirmed from targeted panel proof set |
| `ActionSurfaceContractTest` | `workspace_aware_operations_routes`, `legacy_required_permissions_provider_connections`, `action_surface_rebaseline` | `cutover-baseline-debt` | still likely mixes old action expectations and old route generation assumptions | yes | rebaseline only cutover-stale expectations | pending initial baseline run |
| `CanonicalViewRunLinksTest`, `OperateHubShellTest`, `FailureSanitizationTest`, `NonLeakageWorkspaceOperationsTest` | `workspace_aware_operations_routes` | `cutover-baseline-debt` | confirmed: the targeted OpsUx proof set still builds `admin.operations.*` URLs without `workspace`, and `OperateHubShellTest` still expects a retired tenant-panel dashboard URL | yes | rebaseline these tests to the canonical workspace-aware routes and current tenant dashboard URL | confirmed from targeted OpsUx proof set |
| `BackupItemsRelationManagerUiEnforcementTest` | `action_surface_rebaseline` | `cutover-baseline-debt` | treat as cutover debt initially, but reclassify if the mismatch proves unrelated during targeted reruns | yes | reclassify if mismatch is unrelated or proves to be a true runtime regression instead | pending initial baseline run |
| `TenantSyncBulkJobTest` | `N/A` | `unrelated-existing-debt` | current summary-count mismatch is not obviously part of the cutover baseline | no unless reclassification proves otherwise | document and leave out of scope | pending initial baseline run |
| `LegacyTenantCoreGuardTest` | `tenant_panel_baseline`, `legacy_admin_t_routes` | `resolved-or-not-needed` | the targeted panel proof set left the guard file green while `PanelNavigationSegregationTest` failed, so the retirement guard already reflects current truth | no | keep as regression proof while stabilizing the stale navigation test | confirmed from targeted panel proof set |
| `NavigationPlacementTest`, view-route assertions in `VerificationAuthorizationTest` | `workspace_aware_operations_routes` | `cutover-baseline-debt` | confirmed: one provider navigation test still used the retired `/admin/operations` entry point and verification view assertions still built `admin.operations.view` without `workspace` or persisted run workspace context | yes | rebaseline to the canonical `/admin/workspaces/{workspace}/operations` routes and seeded run workspace ids | confirmed green in focused reruns after rebaseline |
| `ActionSurfaceContractTest`, `RequiredPermissionsLegacyRouteTest` | `legacy_required_permissions_provider_connections`, `action_surface_rebaseline`, `workspace_aware_operations_routes` | `cutover-baseline-debt` | confirmed: the guard still expected tenant-plane required-permissions URLs, tenant-panel-era operation links, and several stale surface labels/action inventories | yes | rebaseline to canonical workspace/environment required-permissions routes, workspace-aware operation links, and current action labels/inventory | confirmed green in focused reruns after rebaseline |
| `ProviderConnectionListAuthorizationTest` | `action_surface_rebaseline` | `resolved-or-not-needed` | the mismatch proved to be an empty-list header-surface expectation rather than a cutover runtime bug; the current surface hides the header create CTA on an empty list for non-members | no | keep the rebaselined assertion as the current header-surface regression proof | confirmed green in focused rerun |
| `BackupItemsRelationManagerUiEnforcementTest` | `action_surface_rebaseline` | `unrelated-existing-debt` | targeted rerun showed the mid-session membership-revocation mismatch is not a cutover route/panel issue and no longer matches either the old hidden-state assumption or a simple disabled-state rebaseline | no | leave for a dedicated RBAC/action-state follow-up outside spec 293 | confirmed from targeted rerun |
| `ProviderConnectionNeutralitySpec238Test` | `N/A` | `unrelated-existing-debt` | current provider connection detail copy no longer contains `Provider identity details`; this is a neutral-surface wording drift unrelated to workspace-first cutover seams | no | leave for a provider-surface wording follow-up | confirmed from post-rebaseline provider/verification rerun |
| `ProviderDispatchGateStartSurfaceTest`, `ProviderOperationConcurrencyTest`, `VerificationAuthorizationTest` start assertion, `VerificationStartAfterCompletionTest`, `VerificationStartDedupeTest` | `N/A` | `unrelated-existing-debt` | after the route baseline repairs, these failures remain as provider-operation gate / dedupe behavior mismatches (`blocked` starts, extra runs, missing queued jobs) rather than panel or workspace-route drift; repo note `provider-verification-start-fixture-contract.md` documents the new startable fixture contract behind this seam | no | leave for a dedicated provider-operation / verification follow-up outside spec 293 | confirmed from post-rebaseline provider/verification rerun |
| `ProviderConnectionHealthCheckWritesReportTest` | `N/A` | `unrelated-existing-debt` | verification report summary counts now exceed the prior `<= 7` cap (`8` observed), which is report-schema/content drift unrelated to the cutover baseline | no | leave for a dedicated verification-report follow-up | confirmed from post-rebaseline provider/verification rerun |
## Completion Rule
Before `293` can be considered ready for implementation close-out, every remaining relevant group must appear in the table above or an appended row below with one pinned category and one explicit follow-up. After the final rerun, no cutover-related failure may remain unclassified: each group must be resolved, explicitly left out of scope as `unrelated-existing-debt` or `flaky-or-environment`, or recorded as `resolved-or-not-needed`.
Reference in New Issue View Git Blame Copy Permalink