ahmido/TenantAtlas
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects 1 Releases Wiki Activity
platform-dev
TenantAtlas/specs/330-environment-dashboard-baseline-compare-productization/tasks.md
ahmido 0c7adefe5b Spec 330: environment dashboard baseline compare productization (#392) 
## Summary
- add the baseline compare landing experience for the environment dashboard productization flow
- expand the environment dashboard overview and summary-building logic to support richer baseline comparison states and assessments
- update the supporting Blade templates for the new compare and overview presentation
- add English and German translations for the baseline compare surface
- include the Spec 330 planning and task artifacts alongside the implementation

## Tests
- touched browser, feature, and unit coverage for the new baseline compare flow
- updated test files include `Spec330EnvironmentDashboardBaselineCompareSmokeTest`, `BaselineCompareLandingWhyNoFindingsTest`, `Spec330EnvironmentDashboardBaselineCompareProductizationTest`, `HeaderContextBarTest`, and `ManagedEnvironmentModelTest`
- no additional test run was performed as part of this commit/push/PR workflow

Co-authored-by: Ahmed Darrazi <ahmed.darrazi@live.de>
Reviewed-on: #392
2026-05-20 20:32:39 +00:00

19 KiB
Raw Permalink Blame History

Tasks: Spec 330 - Environment Dashboard / Baseline Compare Productization

Input: Design documents from /specs/330-environment-dashboard-baseline-compare-productization/ Prerequisites: spec.md, plan.md, repo-truth-map.md

Tests: Required. This is a runtime UI/operator decision-surface productization with environment-owned route and browser smoke coverage.

Test Governance Checklist

  • Lane assignment is named and is the narrowest sufficient proof for the changed behavior.
  • New or changed tests stay in the smallest honest family, and the browser addition is explicit.
  • Shared helpers, factories, seeds, fixtures, and context defaults stay cheap by default.
  • Planned validation commands cover the change without pulling in unrelated lane cost.
  • The declared surface test profile (global-context-shell, monitoring-state-page, shared-detail-family) is explicit.
  • Any material budget, baseline, trend, or escalation note is recorded in the active spec or PR.

Phase 1: Preparation And Repo Truth

Purpose: Confirm runtime truth and prevent invented readiness/drift claims before page edits.

  • T001 Re-read specs/330-environment-dashboard-baseline-compare-productization/spec.md, plan.md, tasks.md, and repo-truth-map.md.
  • T002 Re-read related completed context only: Specs 314-329. Do not modify their artifacts.
  • T003 Verify current Environment Dashboard route/class/widgets/views before editing: apps/platform/app/Filament/Pages/EnvironmentDashboard.php, apps/platform/app/Filament/Widgets/Dashboard/EnvironmentDashboardOverview.php, apps/platform/resources/views/filament/widgets/dashboard/environment-dashboard-overview.blade.php, and apps/platform/resources/views/filament/widgets/dashboard/environment-dashboard-context-chips.blade.php.
  • T004 Verify current Environment Dashboard source helper before editing: apps/platform/app/Support/EnvironmentDashboard/EnvironmentDashboardSummaryBuilder.php and apps/platform/app/Support/EnvironmentDashboard/EnvironmentDashboardSummary.php.
  • T005 Verify current Baseline Compare route/class/view before editing: apps/platform/app/Filament/Pages/BaselineCompareLanding.php and apps/platform/resources/views/filament/pages/baseline-compare-landing.blade.php.
  • T006 Verify current source models/services/helpers: ManagedEnvironment, ProviderConnection, ManagedEnvironmentPermission, BackupSet, RestoreRun, BaselineTenantAssignment, BaselineProfile, BaselineSnapshot, Finding, FindingException, EvidenceSnapshot, EnvironmentReview, ReviewPack, OperationRun, BaselineCompareStats, and TenantGovernanceAggregateResolver.
  • T007 Update repo-truth-map.md with any newly discovered source, capability, fallback, or classification before runtime changes.
  • T008 Confirm no migration/package/env/queue/storage/deployment asset change is required; if one appears necessary, stop and update spec/plan first.
  • T009 Confirm Filament v5 / Livewire v4.0+ compliance and no Livewire v3/Filament legacy API use.
  • T010 Confirm panel provider registration remains apps/platform/bootstrap/providers.php.
  • T011 Confirm no globally searchable resource is changed; if a resource is touched, verify View/Edit/global-search safety.
  • T012 Confirm existing Baseline Compare start action keeps Action::make(...)->action(...), ->requiresConfirmation(), UiEnforcement, OperationRun, and notifications.

Phase 2: Feature Tests First

Purpose: Lock decision layout, false-green guard, RBAC, scope, and diagnostics behavior before UI refactor.

  • T013 Add or update a Feature test asserting specs/330-environment-dashboard-baseline-compare-productization/repo-truth-map.md exists and lists Environment Dashboard and Baseline Compare sections plus required data areas.
  • T014 Add or update a Feature/Livewire test for Environment Dashboard layout text: Environment Dashboard, Is this environment ready, blocked, stale, or requiring review?, Status, Reason, Impact, Next action, Readiness proof, and Diagnostics - Collapsed.
  • T015 Add or update a Feature/Livewire test asserting Environment Dashboard missing-proof fixture shows Action needed, Evidence missing or Backup proof missing, and does not show false Healthy, Fully ready, Customer-safe, Protected, or Compliant claims.
  • T016 Add or update a Feature/Livewire test asserting Environment Dashboard shows one primary action plus a ranked next-action list when gaps exist.
  • T017 Add or update a Feature/Livewire test for Baseline Compare layout text: Baseline Compare, Which baseline drift requires action?, Assigned baseline, Compare trust, Drift impact, Evidence path, and Diagnostics - Collapsed.
  • T018 Add or update a Feature/Livewire test asserting Baseline Compare no-baseline state shows Baseline not assigned, an impact sentence that compare cannot be used for governance decisions, and an authorized assign/open-baseline action or honest unavailable state.
  • T019 Add or update a Feature/Livewire test asserting Baseline Compare drift/evidence state shows drift/evidence summary without raw diff/payload by default.
  • T020 Add or update a Feature/Livewire test asserting raw diagnostics are hidden/collapsed by default on both pages: raw payload, raw diff, provider secret, stack trace, debug metadata, internal exception, provider response, and raw OperationRun context must not be default-visible.
  • T021 Add or update RBAC tests covering evidence links, operation proof links, provider/permission links, backup/restore links, baseline profile/matrix/findings links, compare start, and diagnostics visibility where existing capabilities support coverage.
  • T022 Add or update environment-owned route tests for both pages: explicit environment route required, clean workspace URL does not establish environment ownership, remembered environment is not enough, and cross-workspace environment is rejected.
  • T023 Add or update legacy alias rejection tests for both pages covering tenant, tenant_id, managed_environment_id, environment, tenant_scope, and tableFilters.
  • T024 Add or update static tenant-copy guard asserting platform-context copy such as current tenant, tenant filter, all tenants, choose tenant, and tenant scope is not visible, while dynamic names containing Tenant remain allowed.

Phase 3: Environment Dashboard Productization

Purpose: Refactor Environment Dashboard from dense dashboard to decision-first readiness workbench without new backend foundation.

  • T025 Update apps/platform/app/Support/EnvironmentDashboard/EnvironmentDashboardSummary.php only if needed to carry repo-truth-bounded decision/proof payloads; do not add persisted state or public framework semantics.
  • T026 Update apps/platform/app/Support/EnvironmentDashboard/EnvironmentDashboardSummaryBuilder.php to expose derived readiness decision data: status, reason, impact, proof path, primary next action, ranked actions, readiness dimensions, and diagnostics disclosure.
  • T027 Update apps/platform/resources/views/filament/widgets/dashboard/environment-dashboard-overview.blade.php to render the main readiness question, decision card, proof/action panel, ranked next actions, readiness dimensions, and collapsed diagnostics before secondary details.
  • T028 Update apps/platform/app/Filament/Pages/EnvironmentDashboard.php only where needed for header/primary action hierarchy, while preserving existing support request and support diagnostics authorization.
  • T029 Ensure dashboard context shows Workspace, Environment, Provider when repo-supported, and latest activity/proof state when repo-supported.
  • T030 Ensure readiness dimensions render only repo-backed or honest unavailable states: provider readiness, required permissions, backup posture, recovery proof, baseline assignment, baseline compare/drift, evidence freshness, review freshness, accepted risk, and operations attention.
  • T031 Ensure one primary next action is visible when authorized and secondary actions are ranked and lower priority.
  • T032 Keep existing useful secondary cards/details/links and do not remove existing backup, provider, evidence, review, operations, or support access paths.
  • T033 Ensure Environment Dashboard diagnostics/raw details are collapsed, hidden, or capability-gated by default.

Phase 4: Baseline Compare Productization

Purpose: Refactor Baseline Compare from compare/status detail to decision-first drift/action surface while preserving compare behavior.

  • T034 Update apps/platform/app/Filament/Pages/BaselineCompareLanding.php to expose repo-truth-bounded decision/proof payloads for assignment, compare trust, drift impact, reason, evidence path, operation proof, raw disclosure, and primary next action.
  • T035 Update apps/platform/resources/views/filament/pages/baseline-compare-landing.blade.php to render the main drift/action question, decision card, assignment/compare trust/drift summary, evidence/proof panel, findings/evidence-gap summary, and collapsed raw diff/diagnostics before secondary details.
  • T036 Preserve existing compare start action semantics: confirmation, capability gating, BaselineCompareService::startCompare(), OperationRun, queued toast/browser event, and open-operation link.
  • T037 Render no-baseline, invalid-scope, no-snapshot, stale/missing compare, running compare, failed compare, zero-finding-with-gaps, and drift states as honest decision states.
  • T038 Ensure no-baseline state is actionable where a repo-real baseline profile route/action exists; otherwise show honest unavailable guidance without inventing assignment workflow.
  • T038a Add a no-baseline visual Compare readiness stepper/pipeline, compact available-inputs section, and assignment-unlocks copy while keeping duplicated Assigned baseline, Compare trust, Drift impact, and duplicate Evidence path summary blocks absent.
  • T039 Ensure drift findings/evidence gaps render before raw compare details and do not imply 0 findings equals all-clear when trust/coverage/evidence gaps exist.
  • T040 Keep existing compare matrix, findings, run, evidence-gap, and summary sections available as secondary context where authorized.
  • T041 Ensure Baseline Compare raw diff/diagnostics are collapsed, hidden, or capability-gated by default.

Phase 5: Data Binding And Honest States

Purpose: Bind both surfaces to repo-verified sources and avoid false claims.

  • T042 Bind environment readiness to existing EnvironmentDashboardSummaryBuilder, backup/recovery helpers, provider permission view model, baseline aggregate, evidence/review/review pack state, exception stats, and OperationRun attention queries only.
  • T043 Bind baseline assignment to BaselineTenantAssignment, BaselineProfile, and BaselineSnapshotTruthResolver only.
  • T044 Bind compare trust/drift/evidence state to BaselineCompareStats, TenantGovernanceAggregate, operator explanation, findings, evidence gap summary, and existing OperationRun proof only.
  • T045 Bind proof links only through existing resource URLs, ManagedEnvironmentLinks, OperationRunLinks, and policy/capability checks.
  • T046 Render unavailable/missing/not generated/not applicable/deferred states for unsupported proof paths instead of inventing backend capabilities.
  • T047 Ensure no generic green success state, health/compliance/protected/customer-safe copy, restore confidence claim, or compare all-clear claim appears without exact repo proof.

Phase 6: Actions, RBAC, And Safety

Purpose: Show only real, authorized actions and preserve read-first default behavior.

  • T048 Keep primary actions singular and context-aware on each page.
  • T049 Show open required permissions, open backup posture, open operations, open evidence, open reviews/review pack, open baseline compare, open baseline profiles/matrix/findings, run compare, and open operation proof only when route and authorization are repo-real.
  • T050 Ensure unauthorized actions are hidden, disabled with existing convention, or represented as safe unavailable state without leaking sensitive details.
  • T051 Ensure raw diagnostics/metadata disclosure is unavailable without support_diagnostics.view or stricter existing raw/support capability.
  • T052 Verify no default action approves, rejects, accepts risk, deletes, restores, remediates, mutates provider state, or changes evidence/audit/storage.
  • T053 If any high-impact action is unexpectedly required, update spec/plan first, then implement it with Action::make(...)->action(...), ->requiresConfirmation(), server-side authorization, audit, notification, and tests.

Phase 7: Environment-Owned Route Contract

Purpose: Preserve Specs 314-322 and Spec 319.

  • T054 Verify Environment Dashboard explicit route opens with active Environment context.
  • T055 Verify Baseline Compare explicit route opens with active Environment context.
  • T056 Verify clean workspace-only URLs do not establish environment ownership for either surface.
  • T057 Verify remembered Environment / Filament tenant fallback is not enough to authorize either surface.
  • T058 Verify workspace route and environment route disagreement returns not found for both surfaces.
  • T059 Verify legacy aliases are removed/neutralized and do not set ownership or filter state.
  • T060 Verify no /admin/t route, redirect, or compatibility assumption is reintroduced.

Phase 8: Browser Smoke And Screenshots

Purpose: Prove the user-facing contract in the integrated browser lane.

  • T061 Create apps/platform/tests/Browser/Spec330EnvironmentDashboardBaselineCompareSmokeTest.php using existing Pest Browser conventions.
  • T062 Browser Flow A: Environment Dashboard explicit route non-empty state; assert Environment shell, readiness question, decision card, proof panel, ranked actions, diagnostics collapsed, and screenshot environment-dashboard-readiness-workbench.png.
  • T063 Browser Flow B: Environment Dashboard action-needed/missing-proof state; assert honest action-needed/missing-proof copy, no false green copy, diagnostics collapsed, and screenshot environment-dashboard-action-needed.png.
  • T064 Browser Flow C: Baseline Compare explicit route no-baseline state; assert drift question, baseline not assigned, impact, action/unavailable state, diagnostics collapsed, and screenshot baseline-compare-no-baseline.png.
  • T065 Browser Flow D: Baseline Compare compare/drift state if fixture-supported; assert assigned baseline, compare trust, drift/evidence summary, proof panel, raw details hidden, and screenshot baseline-compare-decision-workbench.png.
  • T066 Browser Flow E: cross-workspace or invalid environment safe denial for both surfaces.
  • T067 Browser Flow F: dynamic display name containing Tenant is allowed, static tenant platform-copy is absent.
  • T068 Browser Flow G: raw diff/provider payload/debug/stack trace text is absent by default on both surfaces.
  • T069 Save screenshots under specs/330-environment-dashboard-baseline-compare-productization/artifacts/screenshots/ when generated and ensure they contain no secrets.

Phase 9: UI Coverage And Documentation Artifacts

Purpose: Satisfy UI-COV without unrelated docs churn.

  • T070 Decide after runtime diff whether docs/ui-ux-enterprise-audit/route-inventory.md, design-coverage-matrix.md, page reports, or unresolved pages need an update.
  • T071 If coverage docs are not changed, add a close-out note explaining why existing UI-002/UI-061 rows plus Spec 325 target artifacts and Spec 330 package artifacts remain sufficient.
  • T072 Update repo-truth-map.md final classifications for implemented/empty/deferred elements.
  • T073 Do not create general documentation files outside required Spec Kit/UI coverage artifacts unless explicitly requested.

Phase 10: Validation

Purpose: Run narrow proof and report honestly.

  • T074 Run cd apps/platform && ./vendor/bin/sail artisan test tests/Feature/Filament tests/Feature/Rbac tests/Feature/Navigation --filter='EnvironmentDashboard|TenantDashboard|BaselineCompare|EnvironmentOwned|LegacyTenant|Spec322' --compact.
  • T075 Run cd apps/platform && ./vendor/bin/sail artisan test tests/Browser/Spec330EnvironmentDashboardBaselineCompareSmokeTest.php --compact.
  • T076 Run cd apps/platform && ./vendor/bin/sail artisan test --filter='EnvironmentDashboard|BaselineCompare|AdminSurfaceScope|EnvironmentOwned|LegacyTenant|Spec322' --compact.
  • T077 Run cd apps/platform && ./vendor/bin/sail pint --dirty.
  • T078 Run git diff --check.
  • T079 Report full-suite status honestly if not run.
  • T080 Confirm no migrations, seeders, packages, env vars, queues, scheduler, storage, deployment assets, backwards compatibility layer, or legacy tenant alias support were added.

Dependencies

  • Phase 1 blocks all runtime implementation.
  • Phase 2 should be written before or alongside implementation to lock behavior.
  • Phase 3 and Phase 4 can be implemented in parallel only if write scopes stay disjoint:
    • Environment Dashboard write scope: dashboard page/widget/view/summary helper/tests.
    • Baseline Compare write scope: compare page/view/tests.
  • Phase 5 and Phase 6 depend on Phases 3-4 payload shape.
  • Phase 7 must be validated after both surfaces are changed.
  • Phase 8 depends on user-facing runtime changes.
  • Phase 10 is final validation.

Non-Goals Checklist

  • NT001 Do not build a new environment readiness backend.
  • NT002 Do not build a new baseline/drift engine.
  • NT003 Do not build a new evidence generator.
  • NT004 Do not build a new backup/restore proof engine.
  • NT005 Do not add AI summarization.
  • NT006 Do not redesign Operations Hub, Governance Inbox, Customer Review Workspace, Evidence/Audit, Restore Safety, or Provider Readiness.
  • NT007 Do not add migrations unless spec/plan are updated first with proof.
  • NT008 Do not rewrite completed Specs 314-329.
  • NT009 Do not add legacy tenant query alias support.
  • NT010 Do not expose raw diagnostics, raw diff, raw OperationRun context, or provider payloads by default.

Required Final Report Content

When implementation later completes, report:

  • Changed behavior.
  • Environment Dashboard readiness surface.
  • Baseline Compare drift/action surface.
  • Routing / scope.
  • Disclosure / diagnostics default state.
  • RBAC-visible/hidden actions.
  • Repo-verified vs unavailable states.
  • Files changed.
  • Repo truth map status.
  • Tests run and results.
  • Browser verification and screenshots path.
  • Known gaps.
  • Remaining follow-ups.
  • Full suite run/not run.
  • Explicit no migrations/seeders/packages/env/queues/scheduler/storage/deployment assets/backcompat/legacy aliases statement.