ahmido/TenantAtlas
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects 1 Releases Wiki Activity
platform-dev
TenantAtlas/specs/304-tenant-panel-dead-code-retirement/tasks.md
ahmido 5248654691 feat: retire tenant panel runtime dead code (#359) 
## Summary
- retire remaining legacy tenant-panel runtime assumptions in the Filament admin runtime and route resolution paths
- centralize canonical admin environment context handling for shared surfaces instead of relying on deprecated `tenant` panel behavior
- harden guard coverage so legacy `/admin/t` and `/admin/tenants` route families cannot regress
- update scoped navigation, drillthrough, reference-link, and global-search tests to use the admin panel environment runtime
- add the Spec 304 package under `specs/304-tenant-panel-dead-code-retirement/` and document the rollout in the product ledger

## Test Coverage Updated
- `AdminSharedSurfacePanelParityTest`
- `NoActiveTenantResourceRoutesTest`
- `NoLegacyTenantPanelRuntimeTest`
- `AdminTenantResolverGuardTest`
- `PolicyVersionResolvedReferenceLinksTest`
- `EntraGroupGlobalSearchScopeTest`
- `OperationsDashboardDrillthroughTest`

## Runtime Notes
- remains compliant with Filament v5 on Livewire v4
- no provider registration changes; provider registration location remains `apps/platform/bootstrap/providers.php`
- no new globally searchable resource was introduced; existing scoped search assertions were updated only
- no destructive actions were added or changed
- no asset registration changes; deploy posture for `cd apps/platform && php artisan filament:assets` is unchanged

## Validation
- updated tests and docs/spec artifacts were committed in this branch
- tests were not re-run in this turn

Co-authored-by: Ahmed Darrazi <ahmed.darrazi@live.de>
Reviewed-on: #359
2026-05-14 23:57:36 +00:00

162 lines
17 KiB
Markdown
Raw Permalink Blame History

# Tasks: Tenant Panel Dead-Code Retirement
**Input**: Design documents from `/specs/304-tenant-panel-dead-code-retirement/`
**Prerequisites**: `spec.md`, `plan.md`, `checklists/requirements.md`
**Tests**: Tests are required. This is a runtime cleanup and guardrail change for provider registration, route collection, canonical links, and Filament navigation contracts.
## Test Governance Checklist
- [x] Lane assignment is named and is the narrowest sufficient proof for the changed behavior.
- [x] New or changed tests stay in the smallest honest family, and any browser smoke is explicit and justified.
- [x] Shared helpers, factories, seeds, fixtures, and context defaults stay cheap by default.
- [x] Planned validation commands cover the change without pulling unrelated lane cost.
- [x] The declared surface test profile is `global-context-shell` plus `standard-native-filament`.
- [x] Any material budget, baseline, trend, or escalation note is recorded in the active spec or PR.
## Phase 1: Preparation and Runtime Truth Lock
**Purpose**: Confirm repo truth before deleting or rewriting anything.
- [x] T001 Review `specs/304-tenant-panel-dead-code-retirement/spec.md`, `specs/304-tenant-panel-dead-code-retirement/plan.md`, `specs/304-tenant-panel-dead-code-retirement/tasks.md`, and `specs/304-tenant-panel-dead-code-retirement/checklists/requirements.md`.
- [x] T002 Review completed context in `specs/301-admin-inventory-navigation-cutover/`, `specs/302-tenant-owned-surface-route-audit/`, and `specs/303-admin-directory-groups-cutover/` without modifying those completed specs.
- [x] T003 Inspect `apps/platform/bootstrap/providers.php` and confirm the active providers are admin/system only for Filament runtime.
- [x] T004 Inspect `apps/platform/app/Providers/Filament/TenantPanelProvider.php` and `apps/platform/app/Filament/Providers/TenantPanelProvider.php`; if either active runtime file exists, record references before removal.
- [x] T005 Inspect `apps/platform/routes/web.php` and the runtime route collection for `admin/t`, `admin/tenants`, tenant-panel route names, and compatibility redirects.
- [x] T006 Search `apps/platform/app/`, `apps/platform/bootstrap/`, `apps/platform/routes/`, and `apps/platform/tests/` for `/admin/t`, `/admin/tenants`, `TenantPanelProvider`, `panel: 'tenant'`, `panel: "tenant"`, and `filament.admin.resources.tenants` and classify each hit as historical/removal-test, stale active test, runtime dependency, or link-emission risk.
- [x] T007 Confirm no implementation task introduces migrations, models, provider adapters, assets, new product surfaces, destructive actions, route aliases, redirects, or compatibility shims.
---
## Phase 2: User Story 1 - Retired Tenant Panel runtime cannot boot (Priority: P1)
**Goal**: Tenant Panel provider/runtime registration is absent and guarded.
**Independent Test**: Provider bootstrap and Filament panel resolution assertions fail if the retired tenant panel returns.
- [x] T008 [P] [US1] Update `apps/platform/tests/Feature/Guards/NoLegacyTenantPanelRuntimeTest.php` to assert `apps/platform/bootstrap/providers.php` does not register any Tenant Panel provider class.
- [x] T009 [P] [US1] Update `apps/platform/tests/Feature/Guards/NoLegacyTenantPanelRuntimeTest.php` to assert no active Tenant Panel provider class exists at `app/Providers/Filament/TenantPanelProvider.php` or `app/Filament/Providers/TenantPanelProvider.php`.
- [x] T010 [P] [US1] Update `apps/platform/tests/Feature/Guards/NoLegacyTenantPanelRuntimeTest.php` to assert `Filament::getPanel('tenant')` remains null.
- [x] T011 [US1] If an active Tenant Panel provider class exists and no runtime/test dependency remains, delete `apps/platform/app/Providers/Filament/TenantPanelProvider.php` or `apps/platform/app/Filament/Providers/TenantPanelProvider.php`. Repo truth: no active provider file existed, so no deletion was needed.
- [x] T012 [US1] If a Tenant Panel provider cannot be deleted safely, document the narrow blocker in `specs/304-tenant-panel-dead-code-retirement/plan.md` and keep the class unregistered. Repo truth: no blocker existed because no active provider file remained.
---
## Phase 3: User Story 2 - Legacy route families are unavailable (Priority: P1)
**Goal**: `/admin/t` and legacy `/admin/tenants` route families are not registered, not reachable, and not redirected.
**Independent Test**: Route collection and HTTP request assertions prove retired route families are absent.
- [x] T013 [P] [US2] Update `apps/platform/tests/Feature/Guards/NoLegacyTenantPanelRuntimeTest.php` to assert no route URI begins with `admin/t`.
- [x] T014 [P] [US2] Update `apps/platform/tests/Feature/Guards/NoActiveTenantResourceRoutesTest.php` to assert no active product route URI begins with `admin/tenants`.
- [x] T015 [P] [US2] Update `apps/platform/tests/Feature/Guards/NoActiveTenantResourceRoutesTest.php` to assert route names do not include retired tenant-panel naming conventions such as `filament.tenant.` or `filament.admin.resources.tenants.`.
- [x] T016 [US2] Update `apps/platform/tests/Feature/Guards/NoActiveTenantResourceRoutesTest.php` to assert `/admin/t/{environment}`, `/admin/t/{environment}/inventory-items`, `/admin/tenants`, and `/admin/tenants/{environment}` return not found for an authenticated workspace/environment user.
- [x] T017 [US2] Inspect `apps/platform/tests/Feature/ProviderConnections/LegacyRedirectTest.php`; replace any stale expectation that `/admin/tenants/{environment}/provider-connections` redirects with an assertion matching current route truth, or document why it is current canonical behavior.
- [x] T018 [US2] Inspect `apps/platform/tests/Feature/RequiredPermissions/RequiredPermissionsLegacyRouteTest.php`, `apps/platform/tests/Feature/Operations/LegacyRunRoutesNotFoundTest.php`, and `apps/platform/tests/Feature/078/LegacyRoutesReturnNotFoundTest.php` and keep only removal-focused legacy route assertions.
- [x] T019 [US2] Remove active route definitions or redirects from `apps/platform/routes/web.php` only if T005 finds a confirmed legacy route. Repo truth: no active legacy route or redirect was found, so no route deletion was needed.
---
## Phase 4: User Story 3 - Workspace and environment navigation contracts remain precise (Priority: P2)
**Goal**: Workspace home stays clean while eligible environment-bound surfaces remain visible and reachable.
**Independent Test**: Workspace-home and canonical environment tests prove absence/presence independently.
- [x] T020 [P] [US3] Update `apps/platform/tests/Feature/Filament/PanelNavigationSegregationTest.php` so workspace-home clean navigation and environment-bound visibility are separate assertions, not one blanket admin-hidden rule.
- [x] T021 [P] [US3] Update `apps/platform/tests/Feature/Filament/AdminTenantSurfaceParityTest.php` to stop enforcing stale "admin can never see tenant-owned resources" semantics and instead assert canonical environment context where applicable.
- [x] T022 [P] [US3] Update `apps/platform/tests/Feature/Filament/AdminSharedSurfacePanelParityTest.php` to preserve workspace-owned/admin-shared surfaces without referencing Tenant Panel compatibility.
- [x] T023 [P] [US3] Update `apps/platform/tests/Feature/Filament/TenantOwnedResourceScopeParityTest.php` to preserve server-side environment scoping and cross-environment denial without depending on retired panel routes.
- [x] T024 [P] [US3] Verify `apps/platform/tests/Feature/Filament/InventoryCoverageAdminTenantParityTest.php` still proves Inventory Coverage uses canonical workspace/environment routes and does not emit `/admin/t`.
- [x] T025 [P] [US3] Verify `apps/platform/tests/Feature/Filament/EntraGroupAdminScopeTest.php` still proves Entra Groups are hidden on workspace home, visible in environment context, scoped to the active environment, and do not emit `/admin/t`.
- [x] T026 [P] [US3] Verify `apps/platform/tests/Feature/Filament/PolicyResourceAdminSearchParityTest.php` and `apps/platform/tests/Feature/Filament/PolicyVersionAdminSearchParityTest.php` still prove policy search destinations remain canonical and route-safe.
- [x] T027 [US3] If navigation runtime code must change, keep edits limited to existing shared helpers such as `apps/platform/app/Support/Navigation/NavigationScope.php`, `apps/platform/app/Support/OperateHub/OperateHubShell.php`, or resource `shouldRegisterNavigation()` methods. Runtime edit stayed limited to `InventoryCoverage::resolveAdminUrlTenant()` so it delegates to the existing panel tenant resolver instead of reading raw panel tenant state.
---
## Phase 5: User Story 4 - Links and search never emit retired routes (Priority: P3)
**Goal**: High-signal link builders and global-search destinations never generate `/admin/t` or tenant-panel URLs.
**Independent Test**: Generated URLs from known link builders and search destinations use canonical workspace/environment paths.
- [x] T028 [P] [US4] Add or update assertions in `apps/platform/tests/Feature/Filament/EntraGroupGlobalSearchScopeTest.php` that global-search result URLs do not contain `/admin/t` and resolve to canonical View routes.
- [x] T029 [P] [US4] Add or update assertions in `apps/platform/tests/Feature/Monitoring/OperationsDashboardDrillthroughTest.php` to prove `OperationRunLinks` and `OperationRunUrl` do not emit `/admin/t`.
- [x] T030 [P] [US4] Add or update assertions covering `apps/platform/app/Support/ManagedEnvironmentLinks.php` through an existing workspace/environment routing test such as `apps/platform/tests/Feature/Guards/ManagedEnvironmentCanonicalRouteContractTest.php`. Existing assertions already covered canonical ManagedEnvironment links and were rerun.
- [x] T031 [US4] Inspect `apps/platform/app/Support/OperationRunLinks.php`, `apps/platform/app/Support/OpsUx/OperationRunUrl.php`, and `apps/platform/app/Support/ManagedEnvironmentLinks.php`; fix only confirmed active legacy emissions.
- [x] T032 [US4] Inspect resource URL helpers in `apps/platform/app/Filament/Resources/InventoryItemResource.php`, `apps/platform/app/Filament/Resources/EntraGroupResource.php`, `apps/platform/app/Filament/Resources/PolicyResource.php`, `apps/platform/app/Filament/Resources/PolicyVersionResource.php`, `apps/platform/app/Filament/Resources/BackupSetResource.php`, `apps/platform/app/Filament/Resources/RestoreRunResource.php`, `apps/platform/app/Filament/Resources/FindingResource.php`, `apps/platform/app/Filament/Resources/EvidenceSnapshotResource.php`, `apps/platform/app/Filament/Resources/EnvironmentReviewResource.php`, `apps/platform/app/Filament/Resources/ReviewPackResource.php`, and `apps/platform/app/Filament/Resources/StoredReportResource.php`; fix only confirmed active legacy emissions. Static search and focused URL tests found no active legacy emissions.
- [x] T033 [US4] Keep historical `/admin/t` strings in old specs, docs, and explicit removal tests allowlisted rather than performing a broad docs purge.
---
## Phase 6: Minimal Product Docs
**Purpose**: Update only current product truth if implementation changes it.
- [x] T034 Inspect `docs/product/spec-candidates.md` and `docs/product/implementation-ledger.md` after runtime cleanup.
- [x] T035 If Tenant Panel runtime is fully retired or already proven absent, add a minimal ledger or candidate note stating that active Tenant Panel runtime and `/admin/t` routes are unavailable and guarded.
- [x] T036 Do not rewrite historical specs, historical docs, roadmap sections, or old implementation evidence.
---
## Phase 7: Validation and Close-Out
**Purpose**: Prove the cleanup and record exact findings.
- [x] T037 Run `cd apps/platform && ./vendor/bin/sail artisan test --compact tests/Feature/Guards/NoLegacyTenantPanelRuntimeTest.php tests/Feature/Guards/NoActiveTenantResourceRoutesTest.php tests/Feature/Workspaces/WorkspaceIntendedUrlLegacyRejectionTest.php`.
- [x] T038 Run `cd apps/platform && ./vendor/bin/sail artisan test --compact tests/Feature/Filament/PanelNavigationSegregationTest.php tests/Feature/Filament/AdminTenantSurfaceParityTest.php tests/Feature/Filament/AdminSharedSurfacePanelParityTest.php tests/Feature/Filament/TenantOwnedResourceScopeParityTest.php tests/Feature/Filament/InventoryCoverageAdminTenantParityTest.php tests/Feature/Filament/EntraGroupAdminScopeTest.php tests/Feature/Filament/EntraGroupGlobalSearchScopeTest.php tests/Feature/Filament/PolicyResourceAdminSearchParityTest.php tests/Feature/Filament/PolicyVersionAdminSearchParityTest.php`.
- [x] T039 Run `cd apps/platform && ./vendor/bin/sail artisan test --compact tests/Feature/Monitoring/OperationsDashboardDrillthroughTest.php tests/Feature/Operations/LegacyRunRoutesNotFoundTest.php tests/Feature/ProviderConnections/LegacyRedirectTest.php tests/Feature/RequiredPermissions/RequiredPermissionsLegacyRouteTest.php`.
- [x] T040 Run `git diff --check` from `/Users/ahmeddarrazi/Documents/projects/wt-plattform`.
- [x] T041 Run browser smoke only if rendered navigation or route registration changes; otherwise document the feature-test substitute in close-out.
- [x] T042 Update implementation close-out notes with files changed, provider status, route status, `/admin/tenants` status, route retirement test result, Inventory result, Entra Groups result, global-search/link result, browser smoke result or reason not run, `git diff --check` result, and deferred blockers.
## Implementation Close-Out Notes
- Files changed: `apps/platform/app/Filament/Pages/InventoryCoverage.php`; focused guard, Filament, operations, and reference-link tests; `docs/product/implementation-ledger.md`; `docs/product/spec-candidates.md`; this spec task file.
- Tenant Panel provider status: already absent before implementation. Guard coverage now checks both active app provider paths, provider bootstrap contents, and `Filament::getPanel('tenant')`.
- `/admin/t` route status: already absent before implementation. Guard coverage now checks route collection absence and direct 404s for base and child retired URLs.
- `/admin/tenants/{environment}` route status: no active legacy route or redirect was found. Guard and provider-connection tests assert not found with no `Location` header.
- Route retirement test result: `NoLegacyTenantPanelRuntimeTest`, `NoActiveTenantResourceRoutesTest`, and `WorkspaceIntendedUrlLegacyRejectionTest` passed.
- Inventory contract result: `InventoryCoverageAdminTenantParityTest` and the full focused Filament lane passed after `InventoryCoverage` was changed to use the shared resolver path.
- Entra Groups contract result: `EntraGroupAdminScopeTest` and `EntraGroupGlobalSearchScopeTest` passed; generated global-search URLs use canonical workspace/environment View routes and do not contain `/admin/t` or `/admin/tenants`.
- Global-search/link result: `ManagedEnvironmentCanonicalRouteContractTest`, `OperationsDashboardDrillthroughTest`, and `PolicyVersionResolvedReferenceLinksTest` passed; high-signal link builders do not emit retired routes.
- Browser smoke result: not run. This implementation changed route/provider/link guardrails and one backend URL-context resolver but did not change rendered Filament navigation, forms, actions, assets, or route registration. Feature tests rendered and exercised the relevant workspace/environment navigation and resource pages as the substitute.
- `git diff --check`: passed.
- Deferred blockers: none.
## Dependencies
- Phase 1 must complete before any runtime or test edits.
- Phase 2 and Phase 3 can run in parallel after Phase 1 if different test files are owned.
- Phase 4 depends on classifying stale tests in Phase 1 and should not weaken RBAC/context assertions.
- Phase 5 can run in parallel with Phase 4 when link-builder tests are in separate files.
- Phase 6 only runs after implementation findings are known.
- Phase 7 runs after all in-scope edits are complete.
## Parallel Execution Examples
- T008, T009, T010, T013, T014, and T015 can run in parallel if each worker owns separate assertions or coordinates within guard test files.
- T020, T021, T022, and T023 can run in parallel if each worker owns the named test file.
- T028, T029, and T030 can run in parallel because they target different link/search proof paths.
- T024, T025, and T026 are verification tasks and can run independently after related test updates.
## Implementation Strategy
1. Treat current runtime truth as authoritative.
2. Preserve or strengthen removal-focused guard tests.
3. Replace stale compatibility or blanket-hidden assertions with precise workspace/environment contracts.
4. Fix only active runtime/link emissions found by tests or repo inspection.
5. Keep historical docs and completed specs intact.
6. Validate with focused tests and document browser-smoke decision.
## Explicit Non-Goals
- [x] Do not add `/admin/t` or `/admin/tenants` compatibility aliases.
- [x] Do not add redirects from retired route families to canonical workspace/environment routes.
- [x] Do not introduce a new route-helper architecture.
- [x] Do not migrate schema, models, `tenant_id`, or provider connection ownership.
- [x] Do not add product surfaces, navigation features, destructive actions, Graph behavior, jobs, assets, or migrations.
- [x] Do not purge historical docs or rewrite completed specs.
- [x] Do not weaken RBAC, workspace isolation, environment scoping, or global-search scoping.
Reference in New Issue View Git Blame Copy Permalink