ahmido/TenantAtlas
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects 1 Releases Wiki Activity
platform-dev
TenantAtlas/specs/320-workspace-owned-analysis-surface-registration-shell-cutover/tasks.md
ahmido ec9649897a feat: cut over workspace-owned analysis shell context (#375) 
## Summary
- cut over workspace-owned analysis and library surfaces to workspace shell ownership instead of inheriting remembered environment shell context
- update the affected findings pages, scope resolution, navigation helpers, and related Blade views to keep environment focus explicit instead of implicit
- add and update Spec 320 artifacts plus focused regression coverage for findings navigation context, workspace hub registration, and admin surface scope behavior

## Guardrails
- Filament remains on v5 with Livewire v4 compliance unchanged
- provider registration remains in apps/platform/bootstrap/providers.php
- no new globally searchable resources were introduced or changed
- no new destructive actions were introduced or changed
- no Filament assets were added or changed, so the deploy requirement for filament:assets is unchanged

## Testing
- `cd apps/platform && ./vendor/bin/sail artisan test --compact tests/Feature/Findings/FindingsAssignmentHygieneReportTest.php tests/Feature/Findings/FindingsIntakeQueueNavigationContextTest.php tests/Feature/Findings/FindingsIntakeQueueTest.php tests/Feature/Findings/MyFindingsInboxNavigationContextTest.php tests/Feature/Findings/MyWorkInboxTest.php tests/Feature/Navigation/WorkspaceHubRegistryTest.php tests/Unit/Support/OperateHub/OperateHubShellResolutionTest.php tests/Unit/Tenants/AdminSurfaceScopeTest.php`
- `cd apps/platform && ./vendor/bin/sail bin pint --dirty --format agent`

Co-authored-by: Ahmed Darrazi <ahmed.darrazi@live.de>
Reviewed-on: #375
2026-05-16 23:16:53 +00:00

152 lines
15 KiB
Markdown
Raw Permalink Blame History

# Tasks: Workspace-Owned Analysis Surface Registration & Shell Cutover
**Input**: Design documents from `/specs/320-workspace-owned-analysis-surface-registration-shell-cutover/`
**Prerequisites**: `plan.md`, `spec.md`
**Tests**: Required. This is a runtime route/shell/query/navigation contract change.
## Test Governance Checklist
- [x] Lane assignment is named and is the narrowest sufficient proof for classifier, shell, query, reload/history, and regression behavior.
- [x] New or changed tests stay in the smallest honest family; browser additions are explicit.
- [x] Shared helpers, factories, seeds, fixtures, and context defaults stay cheap by default.
- [x] Planned validation commands cover the change without pulling in unrelated lane cost.
- [x] The declared surface test profile `global-context-shell` is explicit.
- [x] Any material budget, baseline, trend, or escalation note is recorded in the implementation close-out.
## Phase 1: Guardrails and Repo Verification
**Purpose**: Confirm current repo truth before runtime edits.
- [x] T001 Verify implementation starts from branch `320-workspace-owned-analysis-surface-registration-shell-cutover` and record any unrelated uncommitted files.
- [x] T002 Re-read `specs/318-admin-surface-scope-shell-context-audit/audit-report.md`, `surface-inventory.md`, `page-matrix.md`, `mismatch-findings.md`, and `recommended-fixes.md`.
- [x] T003 Re-read `specs/319-environment-owned-surface-routing-shell-context-contract/spec.md`, `plan.md`, and `tasks.md` as dependency context only.
- [x] T004 Confirm Laravel/Filament/Livewire/Pest versions through Laravel Boost `application_info`.
- [x] T005 Confirm no migration, seeder, package, env var, queue, scheduler, storage, or deployment asset change is required.
- [x] T006 Inventory current classifier behavior in `apps/platform/app/Support/Navigation/AdminSurfaceScope.php`.
- [x] T007 Inventory current workspace hub behavior in `apps/platform/app/Support/Navigation/WorkspaceHubRegistry.php` and `WorkspaceSidebarNavigation.php`.
- [x] T008 Inventory shell resolution in `apps/platform/app/Support/OperateHub/OperateHubShell.php`, including remembered Environment and query hint behavior.
- [x] T009 Inventory in-scope baseline routes/pages in `BaselineProfileResource`, `BaselineSnapshotResource`, and `BaselineCompareMatrix`.
- [x] T010 Inventory in-scope workspace analysis routes/pages in `MyFindingsInbox`, `FindingsIntakeQueue`, `FindingsHygieneReport`, and `CrossEnvironmentComparePage`.
- [x] T011 Search routes/navigation for any additional Spec 318 unregistered workspace analysis page still present and decide include/exclude with evidence.
- [x] T012 Identify any existing tests asserting remembered Environment fallback on in-scope pages and mark them for replacement.
## Phase 2: Tests First / Contract Coverage
**Purpose**: Add failing or alongside tests that define the new contract.
- [x] T013 Add/update `apps/platform/tests/Unit/Tenants/AdminSurfaceScopeTest.php` proving Baselines/Baseline Profiles paths are workspace-owned analysis or environmentless shell paths.
- [x] T014 Add/update `apps/platform/tests/Unit/Tenants/AdminSurfaceScopeTest.php` proving Baseline Snapshots paths are workspace-owned analysis or environmentless shell paths.
- [x] T015 Add/update `apps/platform/tests/Unit/Tenants/AdminSurfaceScopeTest.php` proving Baseline Profile detail/edit/compare-matrix paths do not allow remembered Environment restore.
- [x] T016 Add/update `apps/platform/tests/Unit/Tenants/AdminSurfaceScopeTest.php` proving My Findings, Findings Intake, Findings Hygiene, and Cross-environment Compare paths do not allow remembered Environment restore.
- [x] T017 Add/update `apps/platform/tests/Unit/Support/OperateHub/OperateHubShellResolutionTest.php` proving workspace-owned analysis clean URLs show Workspace shell only when a remembered Environment exists.
- [x] T018 Add/update `apps/platform/tests/Feature/Navigation/WorkspaceHubRegistryTest.php` proving in-scope pages are not accidentally treated as full workspace hubs unless implementation intentionally registers them with hub behavior.
- [x] T019 Add/update tests proving clean Baselines and Baseline Snapshots URLs open without active Environment context.
- [x] T020 Add/update tests proving Baseline Profile view/edit/compare-matrix URLs open with Workspace shell only.
- [x] T021 Add/update tests proving My Findings, Findings Intake, Findings Hygiene, and Cross-environment Compare clean URLs open with Workspace shell only.
- [x] T022 Add/update tests proving remembered Environment state alone does not set shell context on in-scope pages.
- [x] T023 Add/update tests proving `tenant`, `tenant_id`, `managed_environment_id`, `tenant_scope`, and `tableFilters` do not create shell or filter state on in-scope pages.
- [x] T024 For pages that support canonical `environment_id`, add/update tests proving shell remains Workspace only and a visible chip/clear affordance exists.
- [x] T025 For pages that do not support canonical `environment_id`, add/update tests proving unsupported `environment_id` is ignored, stripped, or rejected without hidden shell/data mismatch.
- [x] T026 Add/update tests proving Environment Dashboard or Environment-origin links to in-scope workspace-owned analysis pages do not carry active Environment shell ownership.
- [x] T027 Keep/add Baseline Compare regression coverage proving its canonical route remains Environment-owned.
- [x] T028 Keep/add Decision Register regression coverage proving clean and filtered workspace hub behavior remains green.
- [x] T029 Keep/add Specs 314-317 regression coverage for clean workspace hub entry, Environment CTA `environment_id`, clear filter, and no legacy Tenant aliases.
- [x] T030 Add/update existing high-impact baseline action tests only as needed to prove capture/compare actions still keep confirmation, authorization, audit, and OperationRun UX after shell classification changes.
## Phase 3: Classification and Shell Cutover
**Purpose**: Implement the narrowest route/shell classification fix.
- [x] T031 Update `apps/platform/app/Support/Navigation/AdminSurfaceScope.php` to classify in-scope workspace-owned analysis paths explicitly.
- [x] T032 Ensure the chosen classification forces environmentless shell context for clean workspace-owned analysis URLs.
- [x] T033 Ensure the chosen classification does not allow remembered Environment restore.
- [x] T034 Ensure Livewire referer-based classification uses the same in-scope path behavior.
- [x] T035 If adding a new `AdminSurfaceScope` enum case, complete the proportionality note in implementation close-out and avoid using it outside audited routes.
- [x] T036 If registering any in-scope page in `WorkspaceHubRegistry`, verify it truly satisfies workspace hub/filter/clear semantics and add matching registry tests.
- [x] T037 Keep `WorkspaceHubRegistry::forbiddenQueryKeys()` and related query-cleaning behavior aligned with no legacy aliases.
- [x] T038 Do not add Baseline Compare to workspace hub or workspace-owned analysis classification.
- [x] T039 Do not alter Environment-bound route classification for required permissions, inventory, backups, evidence, reviews, stored reports, review packs, or other Spec 319 out-of-scope Environment pages.
## Phase 4: Baseline Surfaces
**Purpose**: Align baseline library/report pages with workspace-owned shell semantics.
- [x] T040 Update `apps/platform/app/Filament/Resources/BaselineProfileResource.php` only if needed so list/view/edit/create URLs and navigation do not rely on active Environment shell.
- [x] T041 Update Baseline Profile breadcrumbs/header/copy if any primary wording implies active Environment ownership.
- [x] T042 Update Baseline Profile related navigation links if they carry hidden Environment shell ownership or legacy query aliases.
- [x] T043 Update `apps/platform/app/Filament/Pages/BaselineCompareMatrix.php` only if needed so the page shell is Workspace only while source Environment drilldowns remain explicit page links.
- [x] T044 Preserve Baseline Compare Matrix filter query keys such as `tenant_sort` only as page matrix state, not shell Environment ownership.
- [x] T045 Update `apps/platform/app/Filament/Resources/BaselineSnapshotResource.php` only if needed so list/view URLs and copy remain workspace snapshot library/report semantics.
- [x] T046 Preserve Baseline Profile and Baseline Snapshot global search disabled status unless implementation deliberately verifies and tests safe View/Edit pages.
- [x] T047 Preserve existing baseline archive/capture/compare action confirmation, authorization, notifications, audit, and OperationRun behavior.
## Phase 5: Findings and Portfolio Analysis Surfaces
**Purpose**: Align unregistered workspace analysis pages found by Spec 318.
- [x] T048 Update `apps/platform/app/Filament/Pages/Findings/MyFindingsInbox.php` only if needed so clean URL shell is Workspace only.
- [x] T049 Update `apps/platform/app/Filament/Pages/Findings/FindingsIntakeQueue.php` only if needed so clean URL shell is Workspace only.
- [x] T050 Update `apps/platform/app/Filament/Pages/Findings/FindingsHygieneReport.php` only if needed so clean URL shell is Workspace only.
- [x] T051 Replace `tenant` query prefilter handling on findings analysis pages with canonical `environment_id` if this is already intended product behavior and can show visible filter/clear affordance.
- [x] T052 If findings analysis pages cannot safely migrate filter behavior in this slice, prevent shell inheritance and document filter-key follow-up rather than adding half-state support.
- [x] T053 Update `apps/platform/app/Filament/Pages/CrossEnvironmentComparePage.php` only if needed so source/target Environment selectors remain page state and shell is Workspace only.
- [x] T054 Ensure Cross-environment Compare direct URL, query-hydrated URL, and reload do not restore remembered Environment shell.
- [x] T055 Preserve existing promotion/preflight authorization, confirmation, audit, OperationRun links, and provider-boundary behavior.
## Phase 6: Navigation, Links, Copy, and Legacy Aliases
**Purpose**: Make visible navigation agree with page ownership.
- [x] T056 Update `WorkspaceSidebarNavigation` or related navigation builders only if in-scope pages are present there and currently emit ambiguous URLs.
- [x] T057 Update `ManagedEnvironmentLinks` only if Environment-origin cards/actions link to workspace-owned analysis pages with hidden shell ownership.
- [x] T058 Ensure sidebar/global/workspace entry to Baselines, Baseline Snapshots, baseline matrix, findings analysis pages, and Cross-environment Compare uses clean workspace URLs unless canonical `environment_id` filter is intentionally supported.
- [x] T059 Ensure Environment Dashboard links to in-scope workspace-owned analysis pages use clean workspace URLs or explicit `environment_id` filter URLs with visible chip/clear behavior.
- [x] T060 Remove or replace user-facing copy that says `this environment`, `current environment`, or similar primary ownership wording on in-scope workspace-owned analysis pages.
- [x] T061 Keep Environment columns, Environment badges, source/target selectors, and Environment filters where they are data/filter state rather than shell ownership.
- [x] T062 Ensure no in-scope page starts accepting `tenant`, `tenant_id`, `managed_environment_id`, `tenant_scope`, or `tableFilters` as public Environment filter aliases.
## Phase 7: Browser Verification
**Purpose**: Prove visible route/shell/copy behavior.
- [x] T063 Start local platform stack using Sail or the repo platform dev command.
- [x] T064 Browser Flow A: Workspace Overview -> Baselines; verify Workspace shell only, no active Environment, workspace/library wording.
- [x] T065 Save Flow A screenshot to `specs/320-workspace-owned-analysis-surface-registration-shell-cutover/artifacts/screenshots/workspace-origin--baselines.png`.
- [x] T066 Browser Flow B: Environment Dashboard -> Baselines through sidebar/global/navigation/card; verify shell cuts to Workspace only.
- [x] T067 Save Flow B screenshot to `artifacts/screenshots/environment-origin--baselines.png`.
- [x] T068 Browser Flow C: reload Baselines and verify active Environment shell does not return.
- [x] T069 Save Flow C screenshot to `artifacts/screenshots/baselines--after-reload.png`.
- [x] T070 Repeat workspace origin, environment origin, and reload flows for Baseline Snapshots.
- [x] T071 Save Baseline Snapshots screenshots using `workspace-origin--baseline-snapshots.png`, `environment-origin--baseline-snapshots.png`, and `baseline-snapshots--after-reload.png`.
- [x] T072 Browser verify Baseline Compare Matrix direct/reload/back-forward behavior if local fixture has a baseline profile.
- [x] T073 Browser verify My Findings, Findings Intake, Findings Hygiene, and Cross-environment Compare clean URLs from remembered Environment context.
- [x] T074 Browser verify Baseline Compare remains Environment-owned.
- [x] T075 Save Baseline Compare regression screenshot to `artifacts/screenshots/baseline-compare--regression-environment-owned.png`.
- [x] T076 Browser verify Decision Register clean and filtered workspace hub regressions.
- [x] T077 Save Decision Register regression screenshot to `artifacts/screenshots/decision-register--regression-workspace-hub.png`.
- [x] T078 If browser setup or fixture data blocks any flow, document the exact blocker and alternate proof in the implementation close-out.
> Browser coverage note: Matrix and Baseline Compare browser flows were partially blocked by local Spec 180 fixture/capability state. The local fixture has no baseline profile for a matrix browser flow, and the environment-owned Baseline Compare browser route is intentionally capability-denied. The environment-owned Baseline Compare contract and matrix route behavior are covered by focused Pest route/RBAC tests. No runtime gap remains in Spec 320 scope.
## Phase 8: Final Validation and Close-Out
**Purpose**: Complete implementation proof without broad rebaseline.
- [x] T079 Run `git diff --check`.
- [x] T080 Run the focused Pest commands listed in `plan.md`.
- [x] T081 Run formatting with the repo-standard Pint command for touched PHP files.
- [x] T082 Review `git diff --stat` and confirm only in-scope runtime/test/spec artifacts changed.
- [x] T083 Confirm no migrations, seeders, package files, env files, queue/scheduler/storage config, or deployment asset files changed.
- [x] T084 Confirm no backwards compatibility layer, redirect shim, dual route model, or legacy query alias support was introduced.
- [x] T085 Prepare final implementation report with changed behavior, workspace-owned analysis surfaces classified, surfaces registered, files changed, tests, browser verification, screenshots path, follow-ups 321/322, and any unrelated residual failures.
- [x] T086 Include the Filament v5 output contract in the final report: Livewire v4.0+ compliance, provider registration location, global search status, destructive/high-impact actions, asset strategy, and testing plan/results.
## Explicit Non-Tasks
- [x] NT001 Do not implement Alerts/Audit Log filter behavior; leave it to Spec 321.
- [x] NT002 Do not build durable browser no-drift infrastructure; leave it to Spec 322.
- [x] NT003 Do not change Baseline Compare except regression coverage needed to prove Spec 319 remains intact.
- [x] NT004 Do not add migrations, seeders, packages, env vars, queues, scheduler, storage, or deployment asset changes.
- [x] NT005 Do not add legacy `tenant`, `tenant_id`, `managed_environment_id`, `tenant_scope`, or `tableFilters` aliases.
- [x] NT006 Do not preserve remembered Environment fallback for workspace-owned analysis clean URLs.
Reference in New Issue View Git Blame Copy Permalink