ahmido/TenantAtlas
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects 1 Releases Wiki Activity
platform-dev
TenantAtlas/specs/329-evidence-audit-log-disclosure-productization/tasks.md
ahmido 7ce066dd00 Spec 329: productize evidence and audit log disclosure (#390) 
## Summary
- productize the Monitoring audit log disclosure flow with richer detail inspection and updated disclosure UI
- expand the evidence overview disclosure experience, including filtering and presentation updates
- wire the monitoring pages into the Filament admin panel and workspace sidebar navigation
- add English and German disclosure copy for the new audit and evidence surfaces
- include Spec 329 implementation artifacts and supporting presenter/route updates

## Tests
- added/updated monitoring acceptance and feature coverage for the disclosure flow
- touched tests include `Spec329EvidenceAuditDisclosureSmokeTest`, `Spec329EvidenceAuditDisclosureProductizationTest`, `AuditLogPageTest`, `AuditLogDetailInspectionTest`, `AuditLogInspectFlowTest`, and related monitoring/navigation coverage
- no additional test run was performed as part of this commit/push/PR workflow

Co-authored-by: Ahmed Darrazi <ahmed.darrazi@live.de>
Reviewed-on: #390
2026-05-19 21:34:23 +00:00

19 KiB
Raw Permalink Blame History

Tasks: Spec 329 - Evidence / Audit Log Disclosure Productization

Input: Design documents from /specs/329-evidence-audit-log-disclosure-productization/ Prerequisites: spec.md, plan.md, repo-truth-map.md

Tests: Required. This is a runtime UI/operator proof-disclosure Filament page productization with browser smoke.

Test Governance Checklist

  • Lane assignment is named and is the narrowest sufficient proof for the changed behavior.
  • New or changed tests stay in the smallest honest family, and the browser addition is explicit.
  • Shared helpers, factories, seeds, fixtures, and context defaults stay cheap by default.
  • Planned validation commands cover the change without pulling in unrelated lane cost.
  • The declared surface test profile (global-context-shell, monitoring-state-page, shared-detail-family) is explicit.
  • Any material budget, baseline, trend, or escalation note is recorded in the active spec or PR.

Phase 1: Preparation And Repo Truth

Purpose: Confirm runtime truth and prevent invented claims before page edits.

  • T001 Re-read specs/329-evidence-audit-log-disclosure-productization/spec.md, plan.md, tasks.md, and repo-truth-map.md.
  • T002 Re-read related completed context only: Specs 314-328. Do not modify their artifacts.
  • T003 Verify current Evidence Overview route/class/view and existing tests before editing: apps/platform/routes/web.php, apps/platform/app/Filament/Pages/Monitoring/EvidenceOverview.php, apps/platform/resources/views/filament/pages/monitoring/evidence-overview.blade.php, and apps/platform/tests/Feature/Evidence/EvidenceOverviewPageTest.php.
  • T004 Verify current Audit Log route/class/view/partial and existing tests before editing: apps/platform/routes/web.php, apps/platform/app/Filament/Pages/Monitoring/AuditLog.php, apps/platform/resources/views/filament/pages/monitoring/audit-log.blade.php, apps/platform/resources/views/filament/pages/monitoring/partials/audit-log-inspect-event.blade.php, and apps/platform/tests/Feature/Filament/AuditLogPageTest.php.
  • T005 Verify source models and authorization paths: EvidenceSnapshot, ReviewPack, StoredReport, OperationRun, AuditLog, EvidenceSnapshotPolicy, ReviewPackPolicy, StoredReportResource, OperationRunLinks, and capability resolvers.
  • T006 Update repo-truth-map.md with any newly discovered source, capability, fallback, or classification before runtime changes.
  • T007 Confirm no migration/package/env/queue/storage/deployment asset change is required; if one appears necessary, stop and update spec/plan first.
  • T008 Confirm Filament v5 / Livewire v4.0+ compliance and no Livewire v3/Filament legacy API use.
  • T009 Confirm panel provider registration remains apps/platform/bootstrap/providers.php.
  • T010 Confirm related globally searchable resources stay disabled or have safe View/Edit pages; no global search change is expected.
  • T011 Verify the duplicated /admin/evidence/overview route and Audit Log environment-context middleware do not create scope/shell drift; document any bounded cleanup in spec artifacts before code changes if needed.

Phase 2: Feature Tests First

Purpose: Lock proof-first layout, event-first-read, RBAC, scope, and diagnostics behavior before UI refactor.

  • T012 Add or update a feature test asserting specs/329-evidence-audit-log-disclosure-productization/repo-truth-map.md exists and lists required Evidence Overview and Audit Log data areas.
  • T013 Add or update a Feature/Livewire/HTTP test for Evidence Overview layout text: Evidence, What proof is available for this scope?, Evidence path, Review pack, Operation proof, and Diagnostics - Collapsed in apps/platform/tests/Feature/Evidence/EvidenceOverviewPageTest.php or a focused Spec 329 monitoring test.
  • T014 Add or update a Feature/Livewire/HTTP test for Audit Log layout text: Audit Log, Which event proves what happened?, Actor, Action, Target, Outcome, Time, and Diagnostics - Collapsed.
  • T015 Add or update a test asserting Evidence Overview shows Evidence snapshot, Review pack, Operation proof, and Stored report / export without default-visible raw metadata.
  • T016 Add or update a test asserting Audit Log shows actor/action/target/outcome/time before raw metadata for a selected event.
  • T017 Add or update a test asserting export/report availability uses only repo-supported states such as Available, Unavailable, Not generated, or Not applicable; no fake download/export action appears.
  • T018 Add or update a test asserting raw diagnostics are hidden by default on both pages: raw payload, provider secret, stack trace, debug metadata, internal exception, provider response, and raw OperationRun context must not appear.
  • T019 Add or update RBAC tests covering evidence snapshot open, review pack open/download, stored report open, audit event detail, operation proof, and raw diagnostics visibility where existing capabilities support coverage.
  • T020 Add or update canonical Evidence Overview environment filter tests for ?environment_id=, visible chip, workspace shell only, filtered proof data, clear filter, and reload safety.
  • T021 Add or update canonical Audit Log environment filter tests for ?environment_id=, visible chip, workspace shell only, filtered audit rows, selected-event normalization, clear filter, and reload safety.
  • T022 Add or update legacy alias rejection tests for Evidence Overview and Audit Log covering tenant, tenant_id, managed_environment_id, environment, tenant_scope, and tableFilters.
  • T023 Add or update cross-workspace environment filter guard tests returning safe 404/no-access for both Evidence Overview and Audit Log.
  • T024 Add or update tenant-copy guard asserting platform-context copy such as current tenant, tenant filter, entitled tenant, all tenants, and production tenant is not visible on either page.

Phase 3: Evidence Overview Productization

Purpose: Refactor Evidence Overview from table-first to proof-first without new backend foundation.

  • T025 Update apps/platform/app/Filament/Pages/Monitoring/EvidenceOverview.php to expose repo-truth-bounded payloads for scope, proof readiness, evidence path, export/report availability, proof links, unavailable states, and diagnostics disclosure.
  • T026 Update apps/platform/resources/views/filament/pages/monitoring/evidence-overview.blade.php to render header/scope, proof readiness workbench, evidence path panel, export/report availability panel, secondary table, and collapsed diagnostics disclosure.
  • T027 Ensure Evidence Overview shows workspace-wide vs environment-filtered context and the shared Environment chip when filtered.
  • T028 Ensure the main proof workbench shows the stable question, evidence availability, freshness, snapshot state, review pack/export state, stored report/export state, operation proof state, and one dominant open-proof action when authorized.
  • T029 Ensure evidence path items show only honest states: available, unavailable, stale, not generated, not applicable, or omitted.
  • T030 Keep the existing Evidence Overview table available as secondary context; do not remove existing search/filter/sort/row navigation functionality.
  • T031 Ensure Evidence Overview diagnostics/raw metadata are collapsed, hidden, or capability-gated by default.

Phase 4: Audit Log Productization

Purpose: Refactor Audit Log from summary/table-first to event-proof-first while preserving event history.

  • T032 Update apps/platform/app/Filament/Pages/Monitoring/AuditLog.php to expose repo-truth-bounded payloads for audit proof workbench, selected/latest event proof, related proof links, unavailable states, disclosure hierarchy, and diagnostics gating.
  • T033 Update apps/platform/resources/views/filament/pages/monitoring/audit-log.blade.php to render header/scope, audit proof workbench, selected/latest event proof panel, secondary table, and collapsed diagnostics disclosure.
  • T034 Update apps/platform/resources/views/filament/pages/monitoring/partials/audit-log-inspect-event.blade.php so actor/action/target/outcome/time/scope and related proof are first-read, while technical metadata is behind collapsed/capability-aware disclosure.
  • T035 Ensure Audit Log shows workspace-wide vs environment-filtered context and the shared Environment chip when filtered.
  • T036 Ensure selected event proof normalizes against active filter/search/authorization and falls back safely when the event is invalid, inaccessible, or outside scope.
  • T037 Keep the existing Audit Log table available as secondary event history; do not remove existing filters/search/sort/inspect behavior.
  • T038 Ensure Audit Log diagnostics/raw metadata are collapsed, hidden, or capability-gated by default.

Phase 5: Data Binding And Honest States

Purpose: Bind proof surfaces to repo-verified sources and avoid false claims.

  • T039 Bind evidence snapshot display to EvidenceSnapshot fields, ArtifactTruthPresenter, and existing snapshot detail links only.
  • T040 Bind review pack state to existing ReviewPack fields/statuses and ReviewPackResource/download links only where authorized.
  • T041 Bind stored report state to existing StoredReport records, report-type capabilities, and StoredReportResource links only where authorized.
  • T042 Bind operation proof state only through existing operationRun() relations, OperationRunLinks, and authorized operation visibility.
  • T043 Bind audit event proof to AuditLog actor snapshot, action/action label, target snapshot, normalized outcome, recorded time, scope, readable context, operation relation, and related navigation resolver.
  • T044 Render unavailable/missing/not generated/not applicable states for unsupported proof paths rather than inventing backend capabilities.
  • T045 Ensure no generic green success state, immutable/certified/compliance-ready copy, or environment/governance health claim appears without exact repo proof.

Phase 6: Actions, RBAC, And Safety

Purpose: Show only real, authorized actions and preserve read-first default behavior.

  • T046 Keep primary actions singular and context-aware on each proof panel.
  • T047 Show open evidence snapshot, open review pack, download/open export artifact, open stored report, open operation proof, open audit event, or open related record only when route and authorization are repo-real.
  • T048 Ensure unauthorized actions are hidden or replaced with safe unavailable state without leaking sensitive details.
  • T049 Ensure raw diagnostics/metadata disclosure is unavailable without support_diagnostics.view or stricter existing raw/support capability.
  • T050 Verify no default action approves, rejects, accepts risk, deletes, restores, remediates, mutates provider state, or changes evidence/audit storage.
  • T051 If any high-impact action is unexpectedly required, update spec/plan first, then implement it with Action::make(...)->action(...), ->requiresConfirmation(), server-side authorization, audit, notification, and tests.

Phase 7: Workspace / Environment Scope Contract

Purpose: Preserve Specs 314-322.

  • T052 Verify clean /admin/evidence/overview and /admin/audit-log do not read remembered environment shell state or persisted table filters.
  • T053 Verify /admin/evidence/overview?environment_id={id} and /admin/audit-log?environment_id={id} filter only page data, show visible chip, and keep Workspace shell ownership.
  • T054 Verify clear filter redirects to clean workspace URL and remains safe after reload.
  • T055 Verify legacy aliases are removed/neutralized and do not set filter state.
  • T056 Verify cross-workspace or unauthorized environment_id returns safe no-access/404.
  • T057 Verify back/forward/reload behavior does not resurrect cleared environment filter state.
  • T058 Verify Audit Log route middleware does not force active Environment shell ownership or remembered fallback; if it does, apply the narrowest route/middleware correction in scope and cover it with tests.

Phase 8: Browser Smoke And Screenshots

Purpose: Prove the user-facing contract in the integrated browser lane.

  • T059 Create apps/platform/tests/Browser/Spec329EvidenceAuditDisclosureSmokeTest.php using existing Pest Browser conventions.
  • T060 Browser Flow A: Evidence Overview clean workspace; assert Workspace shell only, no Environment chip, main proof question, proof workbench, evidence path, diagnostics collapsed, table secondary, screenshot.
  • T061 Browser Flow B: Evidence Overview filtered entry; assert visible Environment chip, filtered proof state, clear action, no active Environment shell, screenshot.
  • T062 Browser Flow C: Evidence clear filter and reload; assert clean URL, chip does not return, no active Environment shell.
  • T063 Browser Flow D: Evidence non-empty and empty proof states; assert available/unavailable/not generated states and no raw metadata.
  • T064 Browser Flow E: Audit Log clean workspace; assert Workspace shell only, no Environment chip, audit proof question, actor/action/target/outcome/time first-read, diagnostics collapsed, table secondary, screenshot.
  • T065 Browser Flow F: Audit Log filtered entry; assert visible Environment chip, filtered event proof, clear action, no active Environment shell, screenshot.
  • T066 Browser Flow G: Audit clear filter and reload; assert clean URL, chip does not return, no active Environment shell.
  • T067 Browser Flow H: Audit non-empty and empty event states; assert selected/latest event proof and no raw metadata.
  • T068 Browser Flow I: no platform-context tenant wording appears on either surface.
  • T069 Save screenshots under specs/329-evidence-audit-log-disclosure-productization/artifacts/screenshots/ when generated and ensure they contain no secrets.

Phase 9: UI Coverage And Documentation Artifacts

Purpose: Satisfy UI-COV without unrelated docs churn.

  • T070 Decide after runtime diff whether docs/ui-ux-enterprise-audit/route-inventory.md, design-coverage-matrix.md, page reports, or unresolved pages need an update.
  • T071 If coverage docs are not changed, add a close-out note explaining why existing UI-025/UI-044 rows plus Spec 325 target artifacts and Spec 329 package artifacts remain sufficient.
  • T072 Update repo-truth-map.md final classifications for implemented/empty/deferred elements.
  • T073 Do not create general documentation files outside required Spec Kit/UI coverage artifacts unless explicitly requested.
  • T081 Add the existing Evidence Overview route to the Workspace Monitoring sidebar through both workspace navigation paths with a concise area label and cover the navigation entry with existing workspace-hub sidebar regression tests.

Phase 10: Validation

Purpose: Run narrow proof and report honestly.

  • T074 Run cd apps/platform && ./vendor/bin/sail artisan test tests/Feature/Monitoring tests/Feature/Evidence tests/Feature/Audit tests/Feature/Navigation/WorkspaceHubEnvironmentFilterContractTest.php tests/Feature/Navigation/WorkspaceHubClearFilterContractTest.php --compact.
  • T075 Run cd apps/platform && ./vendor/bin/sail artisan test tests/Browser/Spec329EvidenceAuditDisclosureSmokeTest.php --compact.
  • T076 Run cd apps/platform && ./vendor/bin/sail artisan test --filter='Evidence|AuditLog|WorkspaceHub|EnvironmentFilter|ClearFilter|LegacyTenant|Spec322' --compact.
  • T077 Run cd apps/platform && ./vendor/bin/sail pint --dirty.
  • T078 Run git diff --check.
  • T079 Report full-suite status honestly if not run.
  • T080 Confirm no migrations, seeders, packages, env vars, queues, scheduler, storage, deployment assets, backwards compatibility layer, or legacy tenant alias support were added.
  • T082 Replace implementation-heavy empty-snapshot copy with product-safe proof copy and assert the old artifact-row wording is not visible.
  • T083 Add empty-primary-snapshot proof hierarchy coverage for Proof incomplete, reason, and impact.
  • T084 Keep dynamic display names containing Tenant allowed while rejecting static Search tenant or next copy.
  • T085 Prevent clipped Evidence Path badge labels in the right panel and cover Empty, Ready, and Available labels in Feature/Browser tests.

Validation Close-Out

  • Focused Spec 329 and impacted Feature tests passed: ./vendor/bin/sail artisan test tests/Feature/Monitoring/Spec329EvidenceAuditDisclosureProductizationTest.php tests/Feature/Filament/AuditLogPageTest.php tests/Feature/Filament/AuditLogDetailInspectionTest.php tests/Feature/Monitoring/AuditLogInspectFlowTest.php tests/Feature/Evidence/EvidenceOverviewPageTest.php --compact.
  • Spec 329 Browser smoke passed: ./vendor/bin/sail artisan test tests/Browser/Spec329EvidenceAuditDisclosureSmokeTest.php --compact.
  • Neighboring navigation/browser contracts passed: Spec 198, Spec 322, Spec 321, WorkspaceHubEnvironmentFilter, and WorkspaceHubClearFilter targeted run.
  • Filter-based validation passed: ./vendor/bin/sail artisan test --filter='Evidence|AuditLog|WorkspaceHub|EnvironmentFilter|ClearFilter|LegacyTenant|Spec322' --compact with 352 passed, 1 skipped, 4,220 assertions.
  • Broad Feature lane was run and had one unrelated pre-existing failure in tests/Feature/Audit/ProviderConnectionIdentityAuditTest.php (getDefaultTestingSchemaName() on null). The same test failed in isolation; no provider-connection audit code was changed for Spec 329.
  • ./vendor/bin/sail pint --dirty passed.
  • git diff --check passed.
  • Screenshots are stored under specs/329-evidence-audit-log-disclosure-productization/artifacts/screenshots/.

Dependencies

  • Phase 1 blocks all runtime implementation.
  • Phase 2 should be written before or alongside implementation to lock behavior.
  • Phase 3 and Phase 4 can be implemented in parallel only if write scopes stay disjoint:
    • Evidence write scope: Evidence page class/view/tests.
    • Audit write scope: Audit page class/view/partial/tests.
  • Phase 5 and Phase 6 depend on Phases 3-4 payload shape.
  • Phase 7 must be validated after both surfaces are changed.
  • Phase 8 depends on user-facing runtime changes.
  • Phase 10 is final validation.

Non-Goals Checklist

  • NT001 Do not build a new evidence backend.
  • NT002 Do not build a new audit ingestion engine.
  • NT003 Do not build immutable/legal/certification/compliance attestation.
  • NT004 Do not build a new export/report generation engine.
  • NT005 Do not add AI summarization.
  • NT006 Do not redesign Customer Review Workspace, Governance Inbox, Operations Hub, Environment Dashboard, Baseline Compare, Restore Safety, or Provider Readiness.
  • NT007 Do not add migrations unless spec/plan are updated first with proof.
  • NT008 Do not rewrite completed Specs 314-328.
  • NT009 Do not add legacy tenant query alias support.
  • NT010 Do not expose raw diagnostics or provider payloads by default.

Required Final Report Content

When implementation later completes, report:

  • Changed behavior.
  • Evidence Overview proof surface.
  • Audit Log event-proof surface.
  • Disclosure / diagnostics default state.
  • RBAC-visible/hidden actions.
  • Repo-verified vs unavailable states.
  • Files changed.
  • Repo truth map status.
  • Tests run and results.
  • Browser verification and screenshots path.
  • Known gaps.
  • Remaining follow-ups.
  • Full suite run/not run.
  • Explicit no migrations/seeders/packages/env/queues/scheduler/storage/deployment assets/backcompat/legacy aliases statement.