ahmido/TenantAtlas
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects 1 Releases Wiki Activity
platform-dev
TenantAtlas/specs/293-post-cutover-suite-stabilization/research.md
ahmido 83ab4690d5 fix: stabilize post-cutover suite baseline (#348) 
## Summary
- stabilize the active spec 293 post-cutover suite baseline around the current admin-panel and workspace-first runtime
- align operations, provider, required-permissions, and action-surface expectations to canonical workspace-aware routes
- add the monitoring operations workspace-membership guard and update the spec 293 classification artifacts
- include the browser smoke screenshots captured during verification

## Validation
- `cd apps/platform && ./vendor/bin/sail artisan test --compact tests/Feature/Filament/PanelNavigationSegregationTest.php tests/Feature/ManagedEnvironment/LegacyTenantCoreGuardTest.php`
- `cd apps/platform && ./vendor/bin/sail artisan test --compact tests/Feature/OpsUx/CanonicalViewRunLinksTest.php tests/Feature/OpsUx/OperateHubShellTest.php tests/Feature/OpsUx/FailureSanitizationTest.php tests/Feature/OpsUx/NonLeakageWorkspaceOperationsTest.php`
- `cd apps/platform && ./vendor/bin/sail artisan test --compact tests/Feature/Guards/ActionSurfaceContractTest.php tests/Feature/ProviderConnections/NavigationPlacementTest.php tests/Feature/ProviderConnections/ProviderConnectionListAuthorizationTest.php tests/Feature/Verification/VerificationAuthorizationTest.php`
- `cd apps/platform && ./vendor/bin/sail artisan test --compact tests/Feature/Guards/Spec288NoLegacyRouteAndHelperGuardTest.php tests/Feature/Guards/Spec288ProviderCoreAndRoleAuthorityGuardTest.php tests/Feature/Guards/AdminWorkspaceRoutesGuardTest.php tests/Feature/Guards/ProviderBoundaryPlatformCoreGuardTest.php tests/Feature/ProviderConnections/LegacyRedirectTest.php tests/Feature/ManagedEnvironment/LegacyTenantCoreGuardTest.php tests/Feature/Spec080WorkspaceManagedTenantAdminMigrationTest.php tests/Feature/Rbac/ProviderConnectionWorkspaceFirstPolicyTest.php tests/Feature/Filament/ManagedEnvironmentAccessScopeManagementTest.php tests/Feature/Guards/BrowserLaneIsolationTest.php tests/Feature/Guards/CiLaneFailureClassificationContractTest.php tests/Feature/Guards/CiHeavyBrowserWorkflowContractTest.php tests/Unit/Auth/NoRoleStringChecksTest.php`
- `cd apps/platform && ./vendor/bin/sail artisan test --compact tests/Browser/Spec281ProviderConnectionScopeSmokeTest.php tests/Browser/Spec285WorkspaceRbacEnvironmentAccessSmokeTest.php`
- `cd apps/platform && ./vendor/bin/sail bin pint --dirty --format agent`

## Notes
- remaining provider/verification failures are classified in `specs/293-post-cutover-suite-stabilization/failure-classification.md` as unrelated existing debt and are not folded into this slice

Co-authored-by: Ahmed Darrazi <ahmed.darrazi@live.de>
Reviewed-on: #348
2026-05-11 06:41:47 +00:00

116 lines
6.2 KiB
Markdown
Raw Permalink Blame History

# Research: Post-Cutover Suite Stabilization & Baseline Reconciliation
## Pinned Failure-Classification Categories
`293` uses exactly these spec-local categories:
- `cutover-baseline-debt`
- `cutover-runtime-regression`
- `unrelated-existing-debt`
- `flaky-or-environment`
- `resolved-or-not-needed`
These categories are implementation-tracking vocabulary only. They do not become runtime product state.
## Pinned Stabilization Seams
`293` stabilizes exactly these seam families:
- `tenant_panel_baseline`
- `legacy_admin_t_routes`
- `workspace_aware_operations_routes`
- `legacy_required_permissions_provider_connections`
- `action_surface_rebaseline`
## Decision 1: Baseline and classification come before any fixes
- The package must start by running the initial full suite or the fallback lane split and recording the resulting groups in `failure-classification.md`.
- No test or runtime changes should land before those groups are classified.
- This keeps `293` bounded to cutover-driven debt instead of silently becoming a general suite cleanup.
## Decision 2: Retired TenantPanel and `/admin/t/...` assumptions are baseline debt, not compatibility gaps
- Treat lingering `panel: 'tenant'`, TenantPanel bootstrapping, and `/admin/t/...` management-path expectations as stale suite assumptions.
- The fix path is to align tests to current admin-panel and workspace-aware runtime truth or explicitly assert retirement.
- Do not restore TenantPanel or `/admin/t/...` compatibility behavior.
## Decision 3: Workspace-aware operations links should reuse current canonical helpers
- The expected post-cutover baseline for operations routes is workspace-aware link generation.
- Prefer `OperationRunLinks` and current shell helpers over raw route strings whenever repo truth already provides them.
- If a current primary-path helper is actually broken, classify the issue as `cutover-runtime-regression` before considering any minimal runtime fix during later implementation.
## Decision 4: Tenant-scoped required-permissions and provider-connection fallback URLs stay retired
- Tests must not treat tenant-scoped required-permissions URLs or tenant-scoped provider-connection URLs as current canonical runtime paths.
- The remediation path is to move expectations to the current canonical admin or workspace-aware route helpers.
- Reintroducing those fallbacks is forbidden.
## Decision 5: Action-surface rebaseline stays bounded to cutover drift
- `ActionSurfaceContractTest` and adjacent RBAC or Filament tests may be updated only where the expectation is stale because of workspace-first routing, managed-environment scope semantics, or TenantPanel removal.
- `293` must not add new actions, widen UX, or redesign surfaces merely to satisfy old tests.
- When a mismatch is not actually caused by the cutover, reclassify it as `unrelated-existing-debt` instead of absorbing it.
## Decision 6: Spec `288` proof pack and browser anchors remain non-negotiable regression guards
- The Spec `288` proof pack stays the enforcement baseline that `293` must keep green.
- The browser anchors `Spec281ProviderConnectionScopeSmokeTest` and `Spec285WorkspaceRbacEnvironmentAccessSmokeTest` remain the visible continuity proof.
- `293` can extend adjacent tests for stabilization, but it must not weaken or replace those proof surfaces.
## Decision 7: Remaining debt must stay explicit
- `failure-classification.md` is the single implementation artifact for recording what remains after cutover stabilization work.
- Each remaining group must stay categorized as `unrelated-existing-debt`, `flaky-or-environment`, or `resolved-or-not-needed` when it is not owned by the stabilization slice.
- Do not leave residual failures unclassified.
## Rejected Alternatives
### Rejected: split every failing group into separate micro-specs
That would scatter one cutover-stabilization thread across multiple tiny packages and keep the ownership boundary ambiguous.
### Rejected: restore compatibility behavior to make tests green faster
That would directly violate the cutover direction established by Specs `287` and `288`.
### Rejected: absorb all remaining full-suite failures into `293`
The package is meant to stabilize cutover-driven debt, not to become a permanent fix-all suite lane.
### Rejected: redesign action surfaces while rebaselining tests
That would widen `293` from stabilization into product work.
## Evidence Anchors
- `apps/platform/tests/Feature/Filament/PanelNavigationSegregationTest.php`
- `apps/platform/tests/Feature/Guards/ActionSurfaceContractTest.php`
- `apps/platform/tests/Feature/OpsUx/CanonicalViewRunLinksTest.php`
- `apps/platform/tests/Feature/OpsUx/OperateHubShellTest.php`
- `apps/platform/tests/Feature/OpsUx/FailureSanitizationTest.php`
- `apps/platform/tests/Feature/OpsUx/NonLeakageWorkspaceOperationsTest.php`
- `apps/platform/tests/Feature/OpsUx/TenantSyncBulkJobTest.php`
- `apps/platform/tests/Feature/ProviderConnections/TenantlessListRouteTest.php`
- `apps/platform/tests/Feature/ProviderConnections/TenantlessListScopingTest.php`
- `apps/platform/tests/Feature/Verification/*`
- `apps/platform/tests/Feature/Rbac/BackupItemsRelationManagerUiEnforcementTest.php`
- `apps/platform/tests/Feature/Rbac/ProviderConnectionWorkspaceFirstPolicyTest.php`
- `apps/platform/tests/Feature/Filament/ManagedEnvironmentAccessScopeManagementTest.php`
- `apps/platform/tests/Feature/ManagedEnvironment/LegacyTenantCoreGuardTest.php`
- `apps/platform/tests/Browser/Spec281ProviderConnectionScopeSmokeTest.php`
- `apps/platform/tests/Browser/Spec285WorkspaceRbacEnvironmentAccessSmokeTest.php`
- `apps/platform/app/Support/OperationRunLinks.php`
- `apps/platform/app/Support/OperateHub/OperateHubShell.php`
- `apps/platform/app/Filament/Concerns/WorkspaceScopedTenantRoutes.php`
- `apps/platform/app/Providers/Filament/AdminPanelProvider.php`
- `apps/platform/app/Filament/Pages/TenantDashboard.php`
- `apps/platform/app/Filament/Pages/TenantRequiredPermissions.php`
- `apps/platform/app/Filament/Resources/TenantResource.php`
## Boundary Summary
- `293` is a shared stabilization package, not a Package Execution or Guided Operations package.
- `289` remains untouched.
- `292` remains untouched.
- The package keeps existing canonical runtime truth and only allows minimal runtime fixes later if a current primary path is proven broken.
Reference in New Issue View Git Blame Copy Permalink