ahmido/TenantAtlas
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects 1 Releases Wiki Activity
platform-dev
TenantAtlas/specs/302-tenant-owned-surface-route-audit/tasks.md
ahmido d072b0107b feat(specs/302): tenant owned surface route audit (#357) 
Implements platform feature branch `302-tenant-owned-surface-route-audit`.

Target branch: `platform-dev`.

Follow-up integration path after merge:

`platform-dev` → `dev`.

Co-authored-by: Ahmed Darrazi <ahmed.darrazi@live.de>
Reviewed-on: #357
2026-05-14 21:14:59 +00:00

12 KiB
Raw Permalink Blame History

Tasks: Tenant-Owned Surface Route Audit

Input: Design documents from /specs/302-tenant-owned-surface-route-audit/ Prerequisites: spec.md, plan.md, checklists/requirements.md

Tests: No new runtime tests are planned. This is a docs/spec-artifact audit. Existing focused Pest feature tests are used as evidence and validation.

Test Governance Checklist

  • Lane assignment is named and is the narrowest sufficient proof for the changed behavior.
  • New or changed tests stay N/A because no application behavior changes.
  • Shared helpers, factories, seeds, fixtures, and context defaults stay unchanged.
  • Planned validation commands cover the audit evidence without adding unrelated lane cost.
  • The declared surface test profile is standard-native-filament.
  • Any material budget, baseline, trend, or escalation note is recorded as none or as a follow-up blocker in the audit artifact.

Phase 1: Preparation and Scope Lock

Purpose: Confirm this implementation remains an audit artifact and does not reopen completed specs or runtime work.

  • T001 Review specs/302-tenant-owned-surface-route-audit/spec.md, specs/302-tenant-owned-surface-route-audit/plan.md, and specs/302-tenant-owned-surface-route-audit/checklists/requirements.md before editing any artifact.
  • T002 Review docs/product/spec-candidates.md Admin Workspace Navigation & Tenant-owned Surface Repair candidate group and confirm this implementation is limited to tenant-owned-surface-route-audit.
  • T003 Review specs/301-admin-inventory-navigation-cutover/spec.md, specs/301-admin-inventory-navigation-cutover/plan.md, and specs/301-admin-inventory-navigation-cutover/tasks.md as completed context only; do not modify them.
  • T004 Run git status --short --branch from /Users/ahmeddarrazi/Documents/projects/wt-plattform and stop if unrelated uncommitted changes exist.
  • T005 Create specs/302-tenant-owned-surface-route-audit/surface-route-audit.md with sections for audit scope, matrix, repair order, validation evidence, and unresolved blockers.
  • T006 Record in specs/302-tenant-owned-surface-route-audit/surface-route-audit.md that application runtime code, tests, routes, migrations, assets, policies, jobs, and Filament classes are not to be edited in this spec.

Phase 2: User Story 1 - Inventory the Tenant-Owned Admin Surface Set (Priority: P1)

Goal: Produce the initial repo-derived tenant-owned surface inventory.

Independent Test: The audit matrix contains one row for every first-slice tenant-owned family plus relevant residual or exception surfaces.

  • T007 [P] [US1] Extract first-slice surface families from apps/platform/app/Support/WorkspaceIsolation/TenantOwnedModelFamilies.php into specs/302-tenant-owned-surface-route-audit/surface-route-audit.md.
  • T008 [P] [US1] Extract residual rollout and explicit scope-exception surfaces from apps/platform/app/Support/WorkspaceIsolation/TenantOwnedModelFamilies.php into specs/302-tenant-owned-surface-route-audit/surface-route-audit.md.
  • T009 [P] [US1] Cross-check tenant-owned Filament resources under apps/platform/app/Filament/Resources/ and add any admin-relevant resource/page owner notes to specs/302-tenant-owned-surface-route-audit/surface-route-audit.md.
  • T010 [P] [US1] Cross-check tenant-owned or managed-environment-bound Filament pages under apps/platform/app/Filament/Pages/ and add any non-resource surfaces to specs/302-tenant-owned-surface-route-audit/surface-route-audit.md.
  • T011 [US1] Mark subordinate surfaces such as relation managers or indirect evidence/report sections in specs/302-tenant-owned-surface-route-audit/surface-route-audit.md without inventing standalone routes.

Phase 3: User Story 2 - Classify Route, Navigation, Search, and RBAC Posture (Priority: P2)

Goal: Classify every audited surface against the existing repo contracts.

Independent Test: Each matrix row has route posture, navigation posture, context source, global-search posture, RBAC posture, proof, blocker, migration state, and recommended next action.

  • T012 [P] [US2] Audit route generation and route reachability for each surface using apps/platform/app/Filament/Concerns/WorkspaceScopedTenantRoutes.php, apps/platform/routes/web.php, and resource getPages() declarations; record results in specs/302-tenant-owned-surface-route-audit/surface-route-audit.md.
  • T013 [P] [US2] Audit navigation registration for each surface using apps/platform/app/Support/Navigation/NavigationScope.php, shouldRegisterNavigation() methods, and relevant cluster/page/resource classes; record results in specs/302-tenant-owned-surface-route-audit/surface-route-audit.md.
  • T014 [P] [US2] Audit managed-environment context resolution using apps/platform/app/Support/OperateHub/OperateHubShell.php, apps/platform/app/Filament/Concerns/ResolvesPanelTenantContext.php, and workspace-context helpers; record results in specs/302-tenant-owned-surface-route-audit/surface-route-audit.md.
  • T015 [P] [US2] Audit tenant-scoped global-search posture using apps/platform/app/Filament/Concerns/ScopesGlobalSearchToTenant.php, resource search configuration, and TenantOwnedModelFamilies::searchPostureForModel(); record results in specs/302-tenant-owned-surface-route-audit/surface-route-audit.md.
  • T016 [P] [US2] For any globally searchable resource, verify an Edit or View page exists or global search is disabled, using resource getPages() declarations under apps/platform/app/Filament/Resources/; record the finding in specs/302-tenant-owned-surface-route-audit/surface-route-audit.md.
  • T017 [P] [US2] Audit RBAC and denial semantics from canAccess, canViewAny, policies/capabilities, route middleware, and relevant tests under apps/platform/tests/Feature/Filament/; record non-member 404 and member-missing-capability 403 posture in specs/302-tenant-owned-surface-route-audit/surface-route-audit.md.
  • T018 [US2] Assign each audited row exactly one migration state in specs/302-tenant-owned-surface-route-audit/surface-route-audit.md: migrated, partial cutover, stale panel logic, valid context gate, valid RBAC, ambiguous product IA, or dead-code dependent.
  • T019 [US2] Mark missing proof, stale test contracts, or ambiguous product IA as blockers in specs/302-tenant-owned-surface-route-audit/surface-route-audit.md instead of editing application tests or code.

Phase 4: User Story 3 - Produce a Sequenced Repair Order (Priority: P3)

Goal: Convert the classification into bounded follow-up recommendations.

Independent Test: The audit artifact contains one ordered repair list and each recommendation is scoped as a separate candidate or explicitly deferred.

  • T020 [US3] Add a repair-order section to specs/302-tenant-owned-surface-route-audit/surface-route-audit.md that orders stale panel logic, partial cutover, product IA blockers, and dead-code dependencies.
  • T021 [US3] Keep admin-directory-groups-cutover as a separate recommendation in specs/302-tenant-owned-surface-route-audit/surface-route-audit.md unless the audit proves it should remain deferred.
  • T022 [US3] Keep navigation-contract-split as conditional follow-up in specs/302-tenant-owned-surface-route-audit/surface-route-audit.md, only if shared contract drift remains after bounded repairs.
  • T023 [US3] Keep tenant-panel-dead-code-retirement after route/navigation dependency decisions in specs/302-tenant-owned-surface-route-audit/surface-route-audit.md.
  • T024 [US3] Add any newly discovered surface-specific repair candidates to specs/302-tenant-owned-surface-route-audit/surface-route-audit.md with one-sentence scope, blocker, and why it should not be bundled into this audit.

Phase 5: Validation Evidence

Purpose: Use existing tests and source checks to validate the audit without changing runtime behavior.

  • T025 Run cd apps/platform && ./vendor/bin/sail artisan test --compact tests/Feature/Filament/PanelNavigationSegregationTest.php tests/Feature/Filament/AdminTenantSurfaceParityTest.php tests/Feature/Filament/AdminSharedSurfacePanelParityTest.php tests/Feature/Filament/TenantOwnedResourceScopeParityTest.php tests/Feature/Filament/EntraGroupAdminScopeTest.php tests/Feature/Filament/EntraGroupGlobalSearchScopeTest.php tests/Feature/Filament/PolicyResourceAdminSearchParityTest.php tests/Feature/Filament/PolicyVersionAdminSearchParityTest.php and record pass/fail evidence in specs/302-tenant-owned-surface-route-audit/surface-route-audit.md.
  • T026 Validation command did not fail; no runtime patch was needed in this spec.
  • T027 Run git diff --check from /Users/ahmeddarrazi/Documents/projects/wt-plattform and resolve only whitespace/artifact issues inside specs/302-tenant-owned-surface-route-audit/.
  • T028 Run git status --short from /Users/ahmeddarrazi/Documents/projects/wt-plattform and confirm the changed files are limited to specs/302-tenant-owned-surface-route-audit/.

Phase 6: Filament, RBAC, and Scope Review

Purpose: Close the preparation contract and prevent hidden runtime implementation.

  • T029 Confirm in specs/302-tenant-owned-surface-route-audit/surface-route-audit.md that Filament v5 and Livewire v4 compatibility is preserved because no runtime APIs changed.
  • T030 Confirm in specs/302-tenant-owned-surface-route-audit/surface-route-audit.md that no panel provider registration changed and Laravel provider registration remains in apps/platform/bootstrap/providers.php.
  • T031 Confirm in specs/302-tenant-owned-surface-route-audit/surface-route-audit.md that globally searchable resources have Edit/View pages or are recorded as disabled/not applicable.
  • T032 Confirm in specs/302-tenant-owned-surface-route-audit/surface-route-audit.md that no destructive actions were added or changed, and any destructive-action concerns are listed only as follow-up observations.
  • T033 Confirm in specs/302-tenant-owned-surface-route-audit/surface-route-audit.md that no assets were registered and deployment filament:assets requirements are unchanged.
  • T034 Update specs/302-tenant-owned-surface-route-audit/spec.md, specs/302-tenant-owned-surface-route-audit/plan.md, or specs/302-tenant-owned-surface-route-audit/tasks.md only if the audit discovers a preparation-artifact inconsistency that blocks safe implementation handoff.

Dependencies

  • Phase 1 must complete before the audit matrix is created.
  • Phase 2 inventory must complete before Phase 3 classification.
  • Phase 3 classification must complete before Phase 4 repair ordering.
  • Phase 5 validation can run after enough matrix rows exist to cite evidence.
  • Phase 6 closes the handoff after validation evidence is recorded.

Parallel Execution Examples

  • T007, T008, T009, and T010 can run in parallel because they read different inventory sources and write distinct sections/rows in surface-route-audit.md.
  • T012, T013, T014, T015, T016, and T017 can run in parallel if each worker owns different columns or surface groups in surface-route-audit.md.
  • T021, T022, T023, and T024 can run in parallel after T020 establishes the repair-order section.

Implementation Strategy

  1. Complete the audit matrix before making recommendations.
  2. Prefer evidence-backed classifications over speculative cleanup.
  3. Treat missing proof as a finding, not a reason to broaden this spec.
  4. Stop and create a follow-up candidate if runtime changes appear necessary.

Explicit Non-Goals

  • Do not modify application runtime code.
  • Do not modify application tests.
  • Do not add or change routes.
  • Do not change Filament resources, pages, clusters, widgets, or Livewire components.
  • Do not create migrations, models, services, jobs, policies, commands, views, or assets.
  • Do not re-enable hidden navigation.
  • Do not implement Entra Groups cutover.
  • Do not split the navigation contract.
  • Do not retire tenant-panel dead code.