ahmido/TenantAtlas
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects 1 Releases Wiki Activity
platform-dev
TenantAtlas/specs/340-post-scope-contract-browser-verification-gate/plan.md
ahmido a3b21c48d8 test: add post-scope contract browser verification gate (340) (#411) 
## Summary
- add the Spec 340 browser verification gate package for the post-338/339 workspace and environment scope contract
- add a bounded Pest browser smoke that verifies clean workspace origin, environment origin, explicit `environment_id` hub filtering, remembered-environment non-authority, and Provider Connections create/view/edit authority signals
- record the verification inventory, matrix, findings, checklist, and audit report under `specs/340-post-scope-contract-browser-verification-gate/`
- document a `GO` recommendation with no confirmed P1/P2 drift and one backlog wording follow-up
- keep the change verification-only with no runtime behavior, schema, or route-family changes

## Validation
- `cd apps/platform && ./vendor/bin/sail artisan test --compact tests/Browser/Spec340PostScopeContractVerificationSmokeTest.php`
- `cd apps/platform && ./vendor/bin/sail artisan test --compact tests/Feature/ProviderConnections --filter=ScopeHardening`
- `cd apps/platform && ./vendor/bin/sail bin pint --dirty --format agent`
- `git diff --check --no-index /dev/null apps/platform/tests/Browser/Spec340PostScopeContractVerificationSmokeTest.php`
- `git diff --check`

## Notes
- Livewire v4 compliance unchanged
- Filament provider registration remains in `apps/platform/bootstrap/providers.php`
- no globally searchable resource behavior changed
- no destructive action behavior changed or executed in this verification gate
- no new Filament assets; deploy `filament:assets` posture is unchanged

Co-authored-by: Ahmed Darrazi <ahmed.darrazi@live.de>
Reviewed-on: #411
2026-05-31 14:37:30 +00:00

221 lines
12 KiB
Markdown
Raw Permalink Blame History

# Implementation Plan: Spec 340 - Post-Scope Contract Browser Verification Gate
- Branch: `340-post-scope-contract-browser-verification-gate`
- Date: 2026-05-31
- Spec: `specs/340-post-scope-contract-browser-verification-gate/spec.md`
- Input: User-provided Spec 340 draft and repo inspection after Specs 338 and 339.
## Summary
Prepare and later execute a browser-level scope/IA verification gate after Specs 338 and 339. The implementation work is verification-first: create Spec 340 audit artifacts, run browser checks against in-scope surfaces, classify findings, and return a go/no-go recommendation before new feature work resumes.
The planned implementation must not start with runtime fixes. Runtime code changes are allowed only after browser/test evidence proves a narrow P1/P2 contract break and the active Spec 340 artifacts are updated or a follow-up spec is split.
## Technical Context
- **Language/Version**: PHP 8.4.15, Laravel 12.52.x.
- **Primary Dependencies**: Filament 5.2.x, Livewire 4.1.x, Pest 4.x browser testing, PostgreSQL through Sail.
- **Storage**: no runtime storage change; Spec-local Markdown artifacts only.
- **Testing**: browser verification, optional focused Pest Browser test, optional targeted Feature tests for Provider Connections or route/query classification.
- **Validation Lanes**: browser, optional fast-feedback. No PostgreSQL lane unless a later bounded runtime fix touches DB behavior.
- **Target Platform**: local Sail for verification; Dokploy/runtime deployment posture unchanged.
- **Project Type**: Laravel monolith under `apps/platform`.
- **Performance Goals**: verification should avoid broad suite expansion and keep any new browser test bounded to representative surfaces.
- **Constraints**: no migrations, env vars, queues, scheduler, storage, provider/OAuth changes, new packages, new persisted truth, or broad UI redesign in this gate.
- **Scale/Scope**: in-scope representative surfaces are the post-338/339 workspace/environment scope contract surfaces, not the full application.
## UI / Surface Guardrail Plan
- **Guardrail scope**: verification-only, no planned operator-facing surface change.
- **Affected routes/pages/actions/states/navigation/panel/provider surfaces**: browser-inspected Workspace Sidebar, Environment Sidebar, Topbar, Workspace Hubs, Provider Connections, Baselines, Evidence, Operations, Alerts, Audit Log, Reviews, Governance Inbox, Decision Register, and related environment-to-hub links.
- **No-impact class**: QA/spec-artifact-only unless browser evidence proves a narrow runtime contract break.
- **Native vs custom classification summary**: current native/custom surfaces are inspected, not changed.
- **Shared-family relevance**: navigation entry points, scope presentation, action links, local filters, Provider Connection authority.
- **State layers in scope**: shell, sidebar, topbar, page header, URL query, local filter state, reload/back-forward state.
- **Audience modes in scope**: operator/MSP admin; customer-safe review surfaces are inspected only for scope/truth signals where reachable.
- **Dangerous action posture**: no destructive action execution is planned. Credential-adjacent Provider Connection actions are inspected for confirmation/authorization affordance and record-derived scope only.
- **Coverage artifact posture**: no UI coverage registry update is expected unless implementation makes a runtime UI change. The go/no-go report records checked no-impact if verification-only.
## Current Repo Surfaces To Inspect
Implementation should inspect these surfaces and helpers before browser execution:
- `apps/platform/routes/web.php`
- `apps/platform/app/Providers/Filament/AdminPanelProvider.php`
- `apps/platform/app/Support/Navigation/AdminSurfaceScope.php`
- `apps/platform/app/Support/Navigation/WorkspaceHubRegistry.php`
- `apps/platform/app/Support/Navigation/WorkspaceHubEnvironmentFilter.php`
- `apps/platform/app/Support/Navigation/WorkspaceSidebarNavigation.php`
- `apps/platform/app/Support/ManagedEnvironmentLinks.php`
- `apps/platform/app/Support/OperationRunLinks.php`
- `apps/platform/app/Support/Workspaces/WorkspaceContext.php`
- `apps/platform/app/Filament/Pages/EnvironmentDashboard.php`
- `apps/platform/app/Filament/Pages/Monitoring/Operations.php`
- `apps/platform/app/Filament/Pages/Monitoring/EvidenceOverview.php`
- `apps/platform/app/Filament/Resources/ProviderConnectionResource.php`
- `apps/platform/app/Policies/ProviderConnectionPolicy.php`
- existing browser tests under `apps/platform/tests/Browser/Spec314*`, `Spec316*`, `Spec322*`, `Spec338*`, and Provider Connection browser tests.
## Shared Pattern & System Fit
- **Shared patterns reused**: existing workspace/environment scope contract, `environment_id` local filter semantics, deny-as-not-found authorization posture, existing browser smoke patterns, and Spec 322 browser harness patterns where applicable.
- **New abstraction introduced?**: none.
- **New persisted truth introduced?**: none.
- **Provider boundary**: verify platform-core authority (`workspace`, `environment_id`, record ownership) stays separate from provider-owned Microsoft tenant identity.
- **OperationRun**: verify Operations hub/link scope only; no OperationRun lifecycle or notification changes.
- **Audit/observability**: the go/no-go report is the evidence artifact for this gate; no runtime `AuditLog` writes are introduced.
## Implementation Approach
### Phase 1 — Preflight and completed-spec guardrail
- Confirm current branch, clean working tree, baseline commit, and that related completed specs are read-only context.
- Confirm no existing `specs/340-*` package or `340-*` branch existed before this preparation.
- Re-read `spec.md`, `plan.md`, `tasks.md`, constitution, and relevant guidelines.
### Phase 2 — Repo discovery and verification matrix setup
- Create Spec 340 artifacts:
- `surface-inventory.md`
- `scope-verification-matrix.md`
- `findings.md`
- `audit-report.md`
- `artifacts/screenshots/` if screenshots are captured.
- Populate first-pass route/surface inventory from repo files and existing route list.
- Classify each surface into Workspace-owned source of truth, Workspace Hub with local environment filter, Environment-owned detail surface, or credential-adjacent provider surface.
### Phase 3 — Browser verification
- Resolve the local app URL through Laravel Boost `get_absolute_url` or documented local/Sail configuration.
- Use existing smoke-login or seeded fixture conventions without modifying seeders.
- Verify:
- clean Workspace origin,
- Environment Dashboard origin,
- environment-to-hub filtered entry,
- clean hub entry with remembered environment,
- reload and browser back/forward,
- Topbar workspace/environment selector semantics,
- Provider Connections create/list/view/edit/action affordances.
### Phase 4 — Finding classification
- Classify each matrix row as pass, P1, P2, P3, backlog, blocked, or not applicable.
- P1 means a critical scope/authority error or credential-adjacent ambiguity blocks feature work.
- P2 means contract drift should be fixed soon but does not expose immediate credential/security risk.
- P3 means polish/cleanup.
- Backlog means non-blocking improvement or broader productization.
- Blocked means missing route/data/tooling prevented proof and requires explicit next action.
### Phase 5 — Optional focused regression coverage
Add focused Pest Browser coverage only if automation is stable and valuable:
- Prefer one bounded `Spec340PostScopeContractVerificationSmokeTest.php`.
- Reuse existing browser setup/harness patterns.
- Do not add broad fixture defaults or seeders without updating the spec first.
- Keep exhaustive route/query permutations in Feature tests, not browser tests.
### Phase 6 — Go/no-go close-out
- Update `audit-report.md` with final commands, browser tooling, screenshots, blocked checks, and go/no-go status.
- If no P1/P2 drift is found, recommend moving to the next roadmap candidate.
- If P1/P2 drift is found, recommend the smallest safe follow-up or bounded fix and stop unrelated feature work.
## Constitution Check
- **Inventory-first / snapshots-second**: N/A, no inventory/snapshot behavior changed.
- **Read/write separation**: pass; this is read-only verification unless a later bounded fix is explicitly authorized by updated artifacts.
- **Single Graph contract path**: pass; no Graph calls are added.
- **Deterministic capabilities / RBAC**: pass; existing capabilities are verified, not changed.
- **Workspace and environment isolation**: primary verification focus.
- **Provider boundary**: pass; verify provider credential-adjacent scope without adding provider abstractions.
- **No new persisted truth**: pass.
- **No new state/status family**: pass; P1/P2/P3/backlog is report-only taxonomy.
- **UI/Productization coverage**: pass; no planned UI surface impact. Any runtime UI fix must update this decision.
- **Test governance**: pass; browser lane is explicit and central to the gate.
- **Proportionality**: pass; the gate is narrower than a new feature or broad cleanup chain.
## Project Structure
Expected Spec 340 artifact layout:
```text
specs/340-post-scope-contract-browser-verification-gate/
├── spec.md
├── plan.md
├── tasks.md
├── checklists/
│ └── requirements.md
├── surface-inventory.md
├── scope-verification-matrix.md
├── findings.md
├── audit-report.md
└── artifacts/
└── screenshots/
```
Optional implementation test:
```text
apps/platform/tests/Browser/Spec340PostScopeContractVerificationSmokeTest.php
```
## Data Model
No runtime data model change.
Spec-local artifact concepts:
- **Surface inventory row**: surface name, route/entry point, expected taxonomy, origin, filter support, related helper/code owner, verification status.
- **Matrix row**: surface, browser origin, URL/query, shell, sidebar, breadcrumb/header, visible filter evidence, reload/back-forward result, screenshot path, status, finding ID.
- **Finding**: ID, severity, expected behavior, actual behavior, evidence, likely owner, smallest next action, go/no-go impact.
## Testing Strategy
- Use Pest 4 browser testing if automation is added.
- Browser tests must include `assertNoJavaScriptErrors()` where stable.
- Prefer targeted browser coverage over full-app smoke.
- Use specific HTTP assertions in any Feature probes (`assertNotFound()`, `assertForbidden()`, `assertSuccessful()`).
- Do not delete or relax existing Spec 322/338/339 tests.
Target commands for later implementation:
```bash
cd apps/platform && ./vendor/bin/sail artisan test --compact tests/Browser --filter=Spec340
cd apps/platform && ./vendor/bin/sail artisan test --compact tests/Feature/ProviderConnections --filter=ScopeHardening
git diff --check
```
If no automated browser test is added, the implementation close-out must say browser verification was manual/in-app and list exact routes checked, screenshots captured, and tooling limitations.
## Filament / Livewire Contract
- Filament v5 remains on Livewire v4.0+.
- No panel provider registration change is planned; Laravel 12 providers remain in `apps/platform/bootstrap/providers.php`.
- Global search behavior is not changed. If a runtime fix later touches a globally searchable resource, the implementer must verify View/Edit page availability or disabled global search.
- Destructive/high-impact actions are not executed in this gate. Provider Connection actions are inspected for existing confirmation, authorization, and audit posture only.
- No registered Filament assets are added; `filament:assets` deployment posture is unchanged.
## Deployment / Ops Impact
- Migrations: none.
- Env vars: none.
- Queues/scheduler: none.
- Storage/volumes: none, except local screenshot artifacts under the spec package if captured.
- Dokploy/Staging/Production: no runtime deployment impact unless a later bounded fix changes code.
## Risk Controls
- Do not treat blocked checks as pass.
- Do not create follow-up specs automatically unless P1/P2 evidence proves a concrete gap.
- Do not rewrite completed specs.
- Do not broaden into customer review, localization, governance inbox, or commercial lifecycle productization.
- Do not add seeders or global browser fixtures unless the active spec is updated with the fixture-cost decision.
## Phase Completion Criteria
- `spec.md`, `plan.md`, `tasks.md`, and `checklists/requirements.md` exist and are internally aligned.
- The implementation task list is ordered, small, and verification-first.
- No application implementation is included in preparation.
- The package is ready for a separate implementation loop.
Reference in New Issue View Git Blame Copy Permalink