ahmido/TenantAtlas
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects 1 Releases Wiki Activity
platform-dev
TenantAtlas/specs/293-post-cutover-suite-stabilization/quickstart.md
ahmido 83ab4690d5 fix: stabilize post-cutover suite baseline (#348) 
## Summary
- stabilize the active spec 293 post-cutover suite baseline around the current admin-panel and workspace-first runtime
- align operations, provider, required-permissions, and action-surface expectations to canonical workspace-aware routes
- add the monitoring operations workspace-membership guard and update the spec 293 classification artifacts
- include the browser smoke screenshots captured during verification

## Validation
- `cd apps/platform && ./vendor/bin/sail artisan test --compact tests/Feature/Filament/PanelNavigationSegregationTest.php tests/Feature/ManagedEnvironment/LegacyTenantCoreGuardTest.php`
- `cd apps/platform && ./vendor/bin/sail artisan test --compact tests/Feature/OpsUx/CanonicalViewRunLinksTest.php tests/Feature/OpsUx/OperateHubShellTest.php tests/Feature/OpsUx/FailureSanitizationTest.php tests/Feature/OpsUx/NonLeakageWorkspaceOperationsTest.php`
- `cd apps/platform && ./vendor/bin/sail artisan test --compact tests/Feature/Guards/ActionSurfaceContractTest.php tests/Feature/ProviderConnections/NavigationPlacementTest.php tests/Feature/ProviderConnections/ProviderConnectionListAuthorizationTest.php tests/Feature/Verification/VerificationAuthorizationTest.php`
- `cd apps/platform && ./vendor/bin/sail artisan test --compact tests/Feature/Guards/Spec288NoLegacyRouteAndHelperGuardTest.php tests/Feature/Guards/Spec288ProviderCoreAndRoleAuthorityGuardTest.php tests/Feature/Guards/AdminWorkspaceRoutesGuardTest.php tests/Feature/Guards/ProviderBoundaryPlatformCoreGuardTest.php tests/Feature/ProviderConnections/LegacyRedirectTest.php tests/Feature/ManagedEnvironment/LegacyTenantCoreGuardTest.php tests/Feature/Spec080WorkspaceManagedTenantAdminMigrationTest.php tests/Feature/Rbac/ProviderConnectionWorkspaceFirstPolicyTest.php tests/Feature/Filament/ManagedEnvironmentAccessScopeManagementTest.php tests/Feature/Guards/BrowserLaneIsolationTest.php tests/Feature/Guards/CiLaneFailureClassificationContractTest.php tests/Feature/Guards/CiHeavyBrowserWorkflowContractTest.php tests/Unit/Auth/NoRoleStringChecksTest.php`
- `cd apps/platform && ./vendor/bin/sail artisan test --compact tests/Browser/Spec281ProviderConnectionScopeSmokeTest.php tests/Browser/Spec285WorkspaceRbacEnvironmentAccessSmokeTest.php`
- `cd apps/platform && ./vendor/bin/sail bin pint --dirty --format agent`

## Notes
- remaining provider/verification failures are classified in `specs/293-post-cutover-suite-stabilization/failure-classification.md` as unrelated existing debt and are not folded into this slice

Co-authored-by: Ahmed Darrazi <ahmed.darrazi@live.de>
Reviewed-on: #348
2026-05-11 06:41:47 +00:00

132 lines
6.5 KiB
Markdown
Raw Permalink Blame History

# Quickstart: Post-Cutover Suite Stabilization & Baseline Reconciliation
## Purpose
Use this guide to review or later implement Feature `293` as the bounded stabilization package that follows Specs `287` and `288`.
## Preconditions
- The package stays limited to cutover-driven suite stabilization.
- The pinned failure categories are:
- `cutover-baseline-debt`
- `cutover-runtime-regression`
- `unrelated-existing-debt`
- `flaky-or-environment`
- `resolved-or-not-needed`
- The pinned stabilization seams are:
- `tenant_panel_baseline`
- `legacy_admin_t_routes`
- `workspace_aware_operations_routes`
- `legacy_required_permissions_provider_connections`
- `action_surface_rebaseline`
- `289` remains untouched.
- `292` remains untouched.
- TenantPanel, `/admin/t/...`, tenant-scoped provider fallbacks, and tenant-scoped required-permissions fallbacks remain retired.
- `managed_environment_memberships` remain narrowing-only access scope and must not regain independent role authority.
## Read Order
1. `spec.md`
2. `plan.md`
3. `research.md`
4. `data-model.md`
5. `failure-classification.md`
6. `tasks.md`
7. `checklists/requirements.md`
## Implementation Intent
- classify failures before fixing anything
- stabilize stale TenantPanel and `/admin/t/...` assumptions without restoring compatibility behavior
- make in-scope operations routes workspace-aware through existing canonical helpers or explicit workspace parameters
- remove tenant-scoped required-permissions and provider-connection legacy assumptions from the suite baseline
- keep action-surface rebaseline bounded to cutover drift
- keep the Spec `288` proof pack and browser anchors green
- document remaining unrelated or flaky debt explicitly
## Review Scenarios
### Scenario 1: Initial baseline and classification
- run the initial full suite or fallback lane split
- record the observed groups in `failure-classification.md`
- confirm every relevant group is classified before fixes begin
### Scenario 2: Retired panel and route assumptions are gone
- re-run the targeted panel navigation and legacy tenant-core tests
- confirm they no longer treat TenantPanel or `/admin/t/...` management routes as current runtime truth
### Scenario 3: Operations and legacy provider or permissions routes are canonical
- re-run the targeted OpsUx, ProviderConnections, and Verification proof sets
- confirm those tests use current workspace-aware or tenantless canonical paths instead of retired fallbacks
### Scenario 4: Action-surface rebaseline stays bounded
- re-run the action-surface and adjacent RBAC or Filament tests
- confirm only cutover-stale expectations changed and no new product actions were introduced just to satisfy tests
- confirm managed-environment memberships are still treated as narrowing-only access scope and not as an independent role authority source
### Scenario 5: Enforcement and visible anchors remain green
- re-run the Spec `288` proof pack
- re-run the two browser anchors
- confirm the stabilization work did not regress the enforcement baseline or visible canonical flows
## Planned Validation Commands
```bash
export PATH="/bin:/usr/bin:/usr/local/bin:$PATH" && git status --short --branch
```
```bash
export PATH="/bin:/usr/bin:/usr/local/bin:$PATH" && git diff --stat
```
```bash
export PATH="/bin:/usr/bin:/usr/local/bin:$PATH" && (cd apps/platform && ./vendor/bin/sail artisan test --compact)
```
```bash
export PATH="/bin:/usr/bin:/usr/local/bin:$PATH" && ./scripts/platform-test-lane heavy-governance
```
```bash
export PATH="/bin:/usr/bin:/usr/local/bin:$PATH" && ./scripts/platform-test-lane confidence
```
```bash
export PATH="/bin:/usr/bin:/usr/local/bin:$PATH" && (cd apps/platform && ./vendor/bin/sail artisan test --compact tests/Feature/Filament/PanelNavigationSegregationTest.php tests/Feature/ManagedEnvironment/LegacyTenantCoreGuardTest.php)
```
```bash
export PATH="/bin:/usr/bin:/usr/local/bin:$PATH" && (cd apps/platform && ./vendor/bin/sail artisan test --compact tests/Feature/OpsUx/CanonicalViewRunLinksTest.php tests/Feature/OpsUx/OperateHubShellTest.php tests/Feature/OpsUx/FailureSanitizationTest.php tests/Feature/OpsUx/NonLeakageWorkspaceOperationsTest.php)
```
```bash
export PATH="/bin:/usr/bin:/usr/local/bin:$PATH" && (cd apps/platform && ./vendor/bin/sail artisan test --compact tests/Feature/ProviderConnections tests/Feature/Verification)
```
```bash
export PATH="/bin:/usr/bin:/usr/local/bin:$PATH" && (cd apps/platform && ./vendor/bin/sail artisan test --compact tests/Feature/Guards/ActionSurfaceContractTest.php tests/Feature/Rbac/ProviderConnectionWorkspaceFirstPolicyTest.php tests/Feature/Filament/ManagedEnvironmentAccessScopeManagementTest.php tests/Feature/Rbac/BackupItemsRelationManagerUiEnforcementTest.php)
```
```bash
export PATH="/bin:/usr/bin:/usr/local/bin:$PATH" && REPO_ROOT="$(git rev-parse --show-toplevel)" && (cd "$REPO_ROOT/apps/platform" && ./vendor/bin/sail artisan test --compact tests/Feature/Guards/Spec288NoLegacyRouteAndHelperGuardTest.php tests/Feature/Guards/Spec288ProviderCoreAndRoleAuthorityGuardTest.php tests/Feature/Guards/AdminWorkspaceRoutesGuardTest.php tests/Feature/Guards/ProviderBoundaryPlatformCoreGuardTest.php tests/Feature/ProviderConnections/LegacyRedirectTest.php tests/Feature/ManagedEnvironment/LegacyTenantCoreGuardTest.php tests/Feature/Spec080WorkspaceManagedTenantAdminMigrationTest.php tests/Feature/Rbac/ProviderConnectionWorkspaceFirstPolicyTest.php tests/Feature/Filament/ManagedEnvironmentAccessScopeManagementTest.php tests/Feature/Guards/BrowserLaneIsolationTest.php tests/Feature/Guards/CiLaneFailureClassificationContractTest.php tests/Feature/Guards/CiHeavyBrowserWorkflowContractTest.php tests/Unit/Auth/NoRoleStringChecksTest.php)
```
```bash
export PATH="/bin:/usr/bin:/usr/local/bin:$PATH" && REPO_ROOT="$(git rev-parse --show-toplevel)" && (cd "$REPO_ROOT/apps/platform" && ./vendor/bin/sail artisan test --compact tests/Browser/Spec281ProviderConnectionScopeSmokeTest.php tests/Browser/Spec285WorkspaceRbacEnvironmentAccessSmokeTest.php)
```
```bash
export PATH="/bin:/usr/bin:/usr/local/bin:$PATH" && (cd apps/platform && ./vendor/bin/sail bin pint --dirty --format agent)
```
## Explicit Stop Conditions
- If implementation starts restoring TenantPanel or `/admin/t/...` compatibility behavior, stop.
- If implementation starts absorbing Package Execution, Guided Operations, or new product features, stop.
- If a failing group cannot be tied to one of the pinned failure categories, stop and classify it first.
- If the Spec `288` proof pack or browser anchors regress, stop and restore them before proceeding.
Reference in New Issue View Git Blame Copy Permalink