ahmido/TenantAtlas
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects 1 Releases Wiki Activity
platform-dev
TenantAtlas/specs/346-governance-inbox-final-operator-workflow/repo-truth-map.md
ahmido 8cffdbdb2c feat: governance inbox final operator workflow (spec 346) (#418) 
Implemented the final operator workflow for the Governance Inbox. This includes refactoring the inbox page, updating finding resources, adding UI enforcement policies, updating related blade views, and adding comprehensive tests for operator workflow and scope contracts.

Co-authored-by: Ahmed Darrazi <ahmed.darrazi@live.de>
Reviewed-on: #418
2026-06-02 14:58:39 +00:00

4.9 KiB
Raw Permalink Blame History

Spec 346 Repo Truth Map

Status: implemented
Created: 2026-06-02
Purpose: record the repo-backed inputs, scope contracts, and current gaps that shaped the final Governance Inbox operator workflow.

Runtime Surfaces

Area Repo source Current truth
Governance Inbox page apps/platform/app/Filament/Pages/Governance/GovernanceInbox.php Workspace-owned Filament page at /admin/governance/inbox with visible optional environment_id filter.
Governance Inbox view apps/platform/resources/views/filament/pages/governance/governance-inbox.blade.php Operator summary first, lane groups second, source-family context and diagnostics secondary.
Derived source families apps/platform/app/Support/GovernanceInbox/GovernanceInboxSectionBuilder.php Existing read-only source families remain: assigned findings, intake findings, finding exceptions, stale operations, alert delivery failures, review follow-up.
Decision history / proof apps/platform/app/Filament/Pages/Governance/DecisionRegister.php, apps/platform/app/Support/GovernanceDecisions/GovernanceDecisionRegisterBuilder.php Existing read-only decision ledger with open and recently_closed states. Reused, not rebuilt.

Repo-Backed Inputs

Signal Repo-backed source Inbox use
Assigned findings Finding, FindingResource, section builder assigned query Requires decision or Evidence required depending on linked evidence state.
Intake findings Finding, intake query Needs triage.
Accepted-risk / exception records FindingException, FindingExceptionDecision, FindingExceptionsQueue Risk / exception review.
Failed / stale operations OperationRun, OperationRunLinks Blocked.
Failed alert deliveries AlertDelivery, AlertDeliveryResource Blocked.
Review follow-up ManagedEnvironmentTriageReview, EnvironmentReviewRegisterService, CustomerReviewWorkspace Requires decision with customer-review linkage.
Recently closed governance decisions GovernanceDecisionRegisterBuilder Secondary Recently resolved disclosure only.

Current Item Fields

Current source entries already expose the fields needed for a derived operator card without new persistence:

  • headline
  • status_label
  • reason_label
  • impact_label
  • tenant_label
  • owner_label
  • due_label
  • evidence_label
  • exception_label
  • primary_action_label
  • primary_action_url
  • destination_url
  • evidence_path_url
  • urgency_rank

Spec 346 keeps these fields derived and page-local.

Link Targets

Link type Current truth
Finding detail Existing tenant-owned FindingResource view route.
Finding exceptions queue Existing workspace hub route with canonical environment_id and exception.
Decision Register Existing workspace hub route with optional environment_id and register_state.
Evidence overview Existing workspace hub route route('admin.evidence.overview', ['environment_id' => ...]).
Customer Review Workspace Existing workspace hub route CustomerReviewWorkspace::environmentFilterUrl($environment).
Operation proof Existing OperationRunLinks::tenantlessView(...).
Environment detail Existing ManagedEnvironmentLinks::viewUrl(...).

Scope Contract

  • Governance Inbox remains workspace-owned.
  • The only visible local environment scope contract is ?environment_id={id}.
  • Clean entry must stay tenantless/workspace-wide even when the shell remembers an environment.
  • No Governance Inbox first-party link may emit retired public query aliases:
    • tenant
    • tenant_id
    • managed_environment_id
    • environment
    • tenant_scope
    • tableFilters

Gaps And Conservative Decisions

Topic Repo truth Spec 346 decision
Review-ready lane No bounded repo-backed governance-inbox-ready state exists on this page today. Omitted instead of invented.
Persisted inbox items No new truth table or workflow engine exists. Not added.
New mutating actions Existing page is read-first and current source surfaces own mutations. Not added.
Recently resolved lane Repo truth exists only in the Decision Register, not in current inbox source-family entries. Shown as a secondary disclosure backed by the existing register builder.
Provider-readiness blocker classification Repo truth exists on adjacent readiness/required-permissions surfaces, but not as a generalized inbox state. Existing operation / alert / environment links reused; no new readiness engine introduced.

Filament / Runtime Guardrails

  • Livewire v4-only patterns retained.
  • No panel registration changes; Laravel 12 panel providers remain in apps/platform/bootstrap/providers.php.
  • No global-search posture changed.
  • No new assets registered.
  • No migration, queue, scheduler, env-var, or deployment contract change was required.