ahmido/TenantAtlas
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects 1 Releases Wiki Activity
platform-dev
TenantAtlas/specs/327-governance-inbox-decision-first-workbench-productization/tasks.md
ahmido 1c38a08919 feat: productize governance inbox decision-first workbench (#388) 
## Summary
- productize the governance inbox decision-first workbench surface and related section-building logic
- update the panel theme asset and governance inbox Blade view for the new page treatment
- add Governance Inbox feature coverage and a Spec 327 browser smoke test
- add Spec 327 planning artifacts under `specs/327-governance-inbox-decision-first-workbench-productization`

## Testing
- not run as part of this handoff

Co-authored-by: Ahmed Darrazi <ahmed.darrazi@live.de>
Reviewed-on: #388
2026-05-18 16:20:17 +00:00

169 lines
15 KiB
Markdown
Raw Permalink Blame History

# Tasks: Spec 327 - Governance Inbox Decision-First Workbench Productization
**Input**: Design documents from `/specs/327-governance-inbox-decision-first-workbench-productization/`
**Prerequisites**: `spec.md`, `plan.md`, `repo-truth-map.md`
**Tests**: Required. This is a runtime UI/operator workbench Filament page productization with browser smoke.
## Test Governance Checklist
- [x] Lane assignment is named and is the narrowest sufficient proof for the changed behavior.
- [x] New or changed tests stay in the smallest honest family, and the browser addition is explicit.
- [x] Shared helpers, factories, seeds, fixtures, and context defaults stay cheap by default.
- [x] Planned validation commands cover the change without pulling in unrelated lane cost.
- [x] The declared surface test profile (`global-context-shell` plus decision-first disclosure) is explicit.
- [x] Any material budget, baseline, trend, or escalation note is recorded in the active spec or PR.
## Phase 1: Preparation And Repo Truth
**Purpose**: Confirm runtime truth and prevent invented claims before page edits.
- [x] T001 Re-read `specs/327-governance-inbox-decision-first-workbench-productization/spec.md`, `plan.md`, `tasks.md`, and `repo-truth-map.md`.
- [x] T002 Re-read related completed context only: Specs 250, 257, and 314-326. Do not modify their artifacts.
- [x] T003 Verify current `GovernanceInbox` route/class/view/builder and existing tests before editing.
- [x] T004 Update `repo-truth-map.md` with any newly discovered source, capability, fallback, or classification before runtime changes.
- [x] T005 Confirm no migration/package/env/queue/storage/deployment asset change is required; if one appears necessary, stop and update spec/plan first.
- [x] T006 Confirm Filament v5 / Livewire v4.0+ compliance and no Livewire v3/Filament legacy API use.
- [x] T007 Confirm panel provider registration remains `apps/platform/bootstrap/providers.php`.
- [x] T008 Confirm related globally searchable resources stay disabled or have safe View/Edit pages; no global search change is expected.
## Phase 2: Feature Tests First
**Purpose**: Lock decision-first layout, scope, RBAC, evidence, accepted-risk, and diagnostics behavior before the UI refactor.
- [x] T009 Add or update a feature test asserting `repo-truth-map.md` exists and lists required data areas.
- [x] T010 Add or update a Feature/Livewire/HTTP test for the decision-first layout text: `Governance Inbox`, `What decision clears the highest-priority item?`, `Reason`, `Impact`, `Evidence`, and `Next action`.
- [x] T011 Add or update a Feature/Livewire/HTTP test asserting a highest-priority or selected item shows owner or owner unavailable, due date or due unavailable, evidence state, accepted-risk/exception state, and primary next action.
- [x] T012 Add or update a Feature/Livewire/HTTP test asserting the right decision detail panel contains `Decision summary`, `Impact`, `Evidence path`, `Accepted risk` or exception state, owner/due state, and primary next action.
- [x] T013 Add or update a test asserting existing Governance Inbox queue/sections remain available as secondary workbench context.
- [x] T014 Add or update a test that raw diagnostics are hidden by default: `raw payload`, `stack trace`, `debug metadata`, `provider secret`, `internal exception`, and raw OperationRun payload text must not appear.
- [x] T015 Add or update accepted-risk/exception state tests for repo-supported states such as no exception, pending exception, accepted risk active, expiring, expired, or follow-up required.
- [x] T016 Add or update evidence state tests proving linked/missing/unavailable evidence appears without raw evidence payload.
- [x] T017 Add or update RBAC tests covering primary action visibility/unavailability for assign owner, create/update exception or accepted risk, open evidence, open operation proof, and open diagnostics where supported.
- [x] T018 Add or update canonical environment filter tests for `?environment_id=`, visible chip, workspace shell only, clear filter, and provable filtered data.
- [x] T019 Add or update legacy alias rejection tests for `tenant`, `tenant_id`, `managed_environment_id`, `environment`, `tenant_scope`, and `tableFilters`.
- [x] T020 Add or update cross-workspace environment filter guard test returning safe 404/no-access.
- [x] T021 Add or update tenant-copy guard asserting platform-context copy such as `current tenant`, `tenant filter`, `entitled tenant`, and `all tenants` is not visible on Governance Inbox.
## Phase 3: Page Skeleton Productization
**Purpose**: Refactor existing page layout without new backend foundation.
- [x] T022 Update `apps/platform/app/Filament/Pages/Governance/GovernanceInbox.php` to expose a repo-truth-bounded payload for header/scope, selected/highest-priority item, summary cards, queue context, detail panel, actions, evidence path, exception state, and diagnostics disclosure.
- [x] T023 Update `apps/platform/resources/views/filament/pages/governance/governance-inbox.blade.php` to render the decision-first workbench before the secondary queue context.
- [x] T024 Ensure the header/scope area shows workspace-wide vs environment-filtered context, visible environment chip when filtered, and concise queue purpose copy.
- [x] T025 Ensure the main decision workbench shows the stable question, status badge, title, reason, impact, owner, due, evidence state, accepted-risk/exception state, and one primary next action.
- [x] T026 Ensure summary cards show only repo-backed posture such as visible decisions, overdue, owner missing, evidence missing, or accepted-risk follow-up; show unavailable or omit unsupported cards.
- [x] T027 Ensure the right-side decision/detail panel shows decision summary, impact, owner/due, evidence path, accepted-risk/exception state, linked review/operation proof where available, primary next action, and diagnostics disclosure.
- [x] T028 Ensure the right-side detail panel is visible on desktop and stacks below on smaller screens.
- [x] T029 Keep the existing queue/table/source-family context as secondary content; it must not be the only default experience.
- [x] T030 Ensure diagnostics/internal details are collapsed, hidden, or capability-gated by default.
## Phase 4: Data Binding And Honest States
**Purpose**: Bind to repo-verified sources and avoid false claims.
- [x] T031 Map selected/highest-priority item state from existing `GovernanceInboxSectionBuilder` entries and source models without creating persisted state.
- [x] T032 Bind owner and due display to `Finding` and `FindingException` fields where present; show `Owner missing`, `Owner unavailable`, or `Due date unavailable` when absent.
- [x] T033 Bind evidence display to existing evidence fields/relations only; show `Evidence missing`, `Unavailable`, or omit unsupported proof paths.
- [x] T034 Bind accepted-risk/exception display to existing `FindingException` and `Finding` truth; do not introduce new status families.
- [x] T035 Bind operation proof links only through existing `OperationRunLinks` or authorized source routes.
- [x] T036 Bind decision/review links only where existing source routes and authorization are repo-real.
- [x] T037 Ensure no generic green success state appears without exact repo-backed proof.
## Phase 5: Actions, RBAC, And Safety
**Purpose**: Show only real, authorized actions and preserve read-first default behavior.
- [x] T038 Keep primary action singular and context-aware for the selected/highest-priority item.
- [x] T039 Show open finding, review accepted risk, open evidence, open operation proof, open review context, or open decision record only when route and authorization are repo-real.
- [x] T040 Ensure unauthorized actions are hidden or unavailable without leaking sensitive details.
- [x] T041 Verify no default action approves, rejects, accepts risk, closes, deletes, restores, remediates, or mutates provider state.
- [x] T042 If any high-impact action is unexpectedly required, update spec/plan first, then implement it with `Action::make(...)->action(...)`, `->requiresConfirmation()`, server-side authorization, audit, notification, and tests.
## Phase 6: Workspace / Environment Scope Contract
**Purpose**: Preserve Specs 314-322.
- [x] T043 Verify clean `/admin/governance/inbox` does not read remembered environment shell state or persisted table filters.
- [x] T044 Verify `/admin/governance/inbox?environment_id={id}` filters only page data, shows visible chip, and keeps Workspace shell ownership.
- [x] T045 Verify clear filter redirects to clean workspace URL and remains safe after reload.
- [x] T046 Verify legacy aliases are removed/neutralized and do not set filter state.
- [x] T047 Verify cross-workspace or unauthorized `environment_id` returns safe no-access/404.
- [x] T048 Verify back/forward/reload behavior does not resurrect cleared environment filter state.
## Phase 7: Browser Smoke And Screenshots
**Purpose**: Prove the user-facing contract in the integrated browser lane.
- [x] T049 Create `apps/platform/tests/Browser/Spec327GovernanceInboxProductizationSmokeTest.php` using existing Pest Browser conventions.
- [x] T050 Browser Flow A: clean workspace entry; assert Workspace shell only, no Environment chip, main decision question, right detail panel, diagnostics collapsed, screenshot.
- [x] T051 Browser Flow B: filtered environment entry; assert Workspace shell only, visible chip, clear filter action, filtered scope copy, screenshot.
- [x] T052 Browser Flow C: clear filter and reload; assert clean URL, chip does not return, no active Environment shell.
- [x] T053 Browser Flow D: selected/highest-priority item detail; assert detail panel and primary action visible and raw diagnostics absent.
- [x] T054 Browser Flow E: table/queue remains visible lower/secondary and no platform-context tenant wording appears.
- [x] T055 Browser Flow F: light mode readability check if supported; capture optional screenshot.
- [x] T056 Save screenshots under `specs/327-governance-inbox-decision-first-workbench-productization/artifacts/screenshots/` when generated and ensure they contain no secrets.
## Phase 8: UI Coverage And Documentation Artifacts
**Purpose**: Satisfy UI-COV without unrelated docs churn.
- [x] T057 Decide after runtime diff whether `docs/ui-ux-enterprise-audit/route-inventory.md` or `design-coverage-matrix.md` needs an update.
- [x] T058 If coverage docs are not changed, add a close-out note explaining why existing UI-004 report plus Spec 325 target artifacts remain sufficient for the unchanged route/archetype.
- [x] T059 Update `repo-truth-map.md` final classifications for implemented/empty/deferred elements.
- [x] T060 Do not create general documentation files outside required Spec Kit/UI coverage artifacts.
## Phase 9: Validation
**Purpose**: Run narrow proof and report honestly.
- [x] T061 Run `cd apps/platform && ./vendor/bin/sail artisan test tests/Feature/Governance tests/Feature/Navigation/WorkspaceHubEnvironmentFilterContractTest.php tests/Feature/Navigation/WorkspaceHubClearFilterContractTest.php --compact`.
- [x] T062 Run `cd apps/platform && ./vendor/bin/sail artisan test tests/Browser/Spec327GovernanceInboxProductizationSmokeTest.php --compact`.
- [x] T063 Run `cd apps/platform && ./vendor/bin/sail artisan test --filter='GovernanceInbox|WorkspaceHub|EnvironmentFilter|ClearFilter|LegacyTenant|Spec322' --compact`.
- [x] T064 Run `cd apps/platform && ./vendor/bin/sail pint --dirty`.
- [x] T065 Run `git diff --check`.
- [x] T066 Report full-suite status honestly if not run.
- [x] T067 Confirm no migrations, seeders, packages, env vars, queues, scheduler, storage, deployment assets, backwards compatibility layer, or legacy tenant alias support were added.
## Non-Goals Checklist
- [x] NT001 Do not rebuild Governance Inbox backend.
- [x] NT002 Do not rebuild Decision Register.
- [x] NT003 Do not build a ticketing/helpdesk/PSA system.
- [x] NT004 Do not add AI prioritization or remediation automation.
- [x] NT005 Do not redesign Customer Review Workspace, Operations Hub, Evidence Overview, Environment Dashboard, Baseline Compare, or Restore Safety Workflow.
- [x] NT006 Do not add migrations unless spec/plan are updated first with proof.
- [x] NT007 Do not rewrite completed Specs 250, 257, or 314-326.
- [x] NT008 Do not add legacy tenant query alias support.
## Implementation Close-Out Notes
- Spec 327 implementation stayed bounded to the existing Governance Inbox page, section builder, Blade view, feature tests, browser smoke, and spec artifacts.
- Follow-up refinement kept the same Spec 327 package and tightened the page hierarchy: the duplicate in-view heading was removed, Filament owns the single page title/subtitle, filter chips are secondary, zero metric cards no longer dominate the empty primary experience, and the decision/evidence workbench is the first dominant surface.
- Browser screenshot artifacts were generated by Pest Browser and copied host-side into `specs/327-governance-inbox-decision-first-workbench-productization/artifacts/screenshots/`. The Sail container sees the repository spec path as read-only, so the browser helper keeps artifact copying best-effort while retaining Pest screenshots under `apps/platform/tests/Browser/Screenshots/`.
- The UI coverage registry and route inventory were not changed because `/admin/governance/inbox` remains the existing UI-028 strategic surface and route/archetype classification did not change; this spec package carries the productization proof, repo truth map, tests, and screenshots.
- No new mutating governance action was added. Primary actions remain repo-real navigation/source handoff links; destructive or provider-changing actions remain out of scope.
- The broad Sail filter was rerun after the final asset fix. Spec327 passed inside that run. The remaining failures were outside Spec327 in `Spec316WorkspaceHubClearFilterSmokeTest`, where the Operations page screenshot already showed clean all-environment state at the click timeout. The same Spec316 browser file passed when rerun by itself, so this is recorded as browser-suite timing/interference residual rather than an in-scope Spec327 regression.
- Requested refinement validation passed on Sail: `tests/Feature/Governance`, `WorkspaceHubEnvironmentFilterContractTest`, `WorkspaceHubClearFilterContractTest`, `Spec327GovernanceInboxProductizationSmokeTest.php`, `pint --dirty`, and `git diff --check`.
- Final non-empty workbench proof uses a repo-backed finding fixture, asserts visible decision title/reason/impact/owner/due/evidence/accepted-risk/primary action fields, verifies the desktop right-side `<aside>` geometry, and writes `artifacts/screenshots/governance-inbox-decision-workbench.png`.
## Required Final Report Content
When implementation later completes, report:
- Changed behavior.
- Decision-first workbench details.
- Evidence / Accepted Risk / Owner / Due coverage.
- Files changed.
- Repo truth map status.
- Tests run and results.
- Browser verification and screenshots path.
- Known gaps.
- Remaining follow-ups.
- Diagnostics default state.
- RBAC-visible/hidden actions.
- Repo-verified vs unavailable states.
- Full suite run/not run.
- Explicit no migrations/seeders/packages/env/queues/scheduler/storage/deployment assets/backcompat/legacy aliases statement.
Reference in New Issue View Git Blame Copy Permalink