ahmido/TenantAtlas
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects 1 Releases Wiki Activity
platform-dev
TenantAtlas/specs/355-platform-sellable-smoke-matrix/tasks.md
ahmido f35782a163 feat: platform sellable smoke matrix (spec 355) (#426) 
Added artifacts, screenshots, and documentation for the platform sellable smoke matrix. Fixed a bug in FindingRiskGovernanceResolver and updated related tests.

Co-authored-by: Ahmed Darrazi <ahmed.darrazi@live.de>
Reviewed-on: #426
2026-06-05 10:42:31 +00:00

12 KiB
Raw Permalink Blame History

Tasks: Spec 355 - Platform Sellable Smoke Matrix

Input: specs/355-platform-sellable-smoke-matrix/spec.md, plan.md, repo-truth-map.md, artifacts/platform-sellable-smoke-matrix.md, artifacts/platform-sellable-readiness-report.md, and checklists/requirements.md

Tests: Browser verification is required. Targeted Pest unit/feature/browser coverage is required only if a direct in-scope P0/P1 fix is applied.

Test Governance Checklist

  • Lane assignment is explicit and narrow: browser-first for the matrix, targeted unit/feature/browser only when a direct fix lands.
  • New or changed tests stay in the smallest honest family, and any browser addition beyond artifact capture is explicit.
  • Shared helpers, factories, seeds, and context defaults stay cheap by default.
  • Planned validation commands cover the slice without pulling unrelated lane cost.
  • The affected surfaces remain the current strategic/operator owner surfaces, not a new runtime family.
  • No new persisted product truth, workflow engine, or provider/platform abstraction is planned.

Phase 1: Preparation And Repo Truth

Purpose: Keep the verification gate bounded to current repo truth and surface any dependency blockers before browser work starts.

  • T001 Re-read spec.md, plan.md, tasks.md, repo-truth-map.md, and checklists/requirements.md.
  • T002 Re-run git status --short --branch, git diff --stat, and git log -1 --oneline, then update specs/355-platform-sellable-smoke-matrix/repo-truth-map.md.
  • T003 Re-verify the current runtime truth in:
    • apps/platform/app/Filament/Pages/EnvironmentDashboard.php
    • apps/platform/app/Filament/Resources/ProviderConnectionResource.php
    • apps/platform/app/Filament/Pages/EnvironmentRequiredPermissions.php
    • apps/platform/app/Filament/Pages/Reviews/CustomerReviewWorkspace.php
    • apps/platform/app/Filament/Resources/EnvironmentReviewResource/Pages/ViewEnvironmentReview.php
    • apps/platform/app/Filament/Pages/Monitoring/FindingExceptionsQueue.php
    • apps/platform/app/Filament/Resources/FindingExceptionResource/Pages/ViewFindingException.php
    • apps/platform/app/Filament/Pages/Governance/GovernanceInbox.php
    • apps/platform/app/Filament/Pages/Monitoring/EvidenceOverview.php
    • apps/platform/app/Filament/Resources/EvidenceSnapshotResource/Pages/ViewEvidenceSnapshot.php
    • apps/platform/app/Filament/Resources/OperationRunResource.php
  • T004 Re-verify Specs 351-354 as dependency truth, using commits, checked tasks, browser smoke assets, screenshots, and recorded findings rather than trusting one metadata field alone.
  • T005 If Spec 354 still has any of the named dependency concerns open (accepted-risk state priority, approval queue scope continuity, dominant guidance localization, or fake/inert recommended action semantics), record the blocker explicitly in repo-truth-map.md and do not issue a final sellable-readiness verdict.
  • T006 Confirm no migration, package, env var, queue family, scheduler, storage, panel/provider, asset-registration, or global-search change is required for the baseline verification path.

Phase 2: Fixture Inventory

Purpose: Determine which required states can be exercised honestly before the browser matrix is run.

  • T007 Inventory existing local/testing/browser helpers:
    • admin.local.smoke-login
    • tenantpilot:review-output:seed-browser-fixture
    • existing browser smoke tests for Specs 346, 351, 352, 353, and 354
  • T008 Record available or missing fixture truth for:
    • provider blocker
    • review-output blocker
    • ready draft / publish path
    • accepted risk expiring
    • accepted risk expired
    • accepted risk incomplete
    • pending renewal non-lapsed and lapsed if repo-backed
    • governance inbox item
    • evidence missing or stale
    • operation follow-up / proof
    • no urgent action
  • T009 Update specs/355-platform-sellable-smoke-matrix/artifacts/blocked-fixtures.md for any state that cannot be exercised honestly with current repo fixtures.
  • T010 Keep repo-truth-map.md current if runtime inspection proves the smoke matrix must narrow or explicitly block one or more flows.

Phase 3: Browser Smoke Matrix

Purpose: Run the required cross-surface flows and capture first-screen proof.

  • T011 Run Flow 1: Environment Dashboard -> provider blocker, and verify provider readiness outranks review-output guidance when both signals exist.
  • T012 Save specs/355-platform-sellable-smoke-matrix/artifacts/screenshots/01-dashboard-provider-blocker.png.
  • T013 Save specs/355-platform-sellable-smoke-matrix/artifacts/screenshots/02-provider-required-permissions-target.png.
  • T014 Run Flow 2: Environment Dashboard -> review-output blocker, and verify the primary action lands on the review-output owner surface expected by Spec 351.
  • T015 Save specs/355-platform-sellable-smoke-matrix/artifacts/screenshots/03-dashboard-review-output-blocker.png.
  • T016 Run Flow 3: Customer Review Workspace -> review-output resolve loop, and verify no fake action or duplicate primary rail appears during the loop.
  • T017 Save specs/355-platform-sellable-smoke-matrix/artifacts/screenshots/04-customer-review-workspace-resolve-action.png.
  • T018 Run Flow 4: Environment Review detail in customer_workspace context, and verify output readiness remains clear without reintroducing a duplicate CTA rail.
  • T019 Save specs/355-platform-sellable-smoke-matrix/artifacts/screenshots/05-review-detail-customer-workspace-context.png.
  • T020 Run Flow 5: Provider Connections / Required Permissions, and verify missing permissions or verification blockers are explained before raw diagnostic detail.
  • T021 Save specs/355-platform-sellable-smoke-matrix/artifacts/screenshots/06-provider-guidance.png.
  • T022 Run Flow 6: Finding Exceptions / accepted-risk states, and verify expired/expiring governance outranks weaker pending-renewal or informational states where fixture truth exists.
  • T023 Save specs/355-platform-sellable-smoke-matrix/artifacts/screenshots/07-accepted-risk-expiring.png.
  • T024 Save specs/355-platform-sellable-smoke-matrix/artifacts/screenshots/08-accepted-risk-expired.png.
  • T025 Run Flow 7: Governance Inbox, and verify it stays the queue-clearing command surface instead of becoming a second dashboard summary.
  • T026 Save specs/355-platform-sellable-smoke-matrix/artifacts/screenshots/09-governance-inbox.png.
  • T027 Run Flow 8: Evidence Overview / evidence basis, and verify missing or stale evidence is understandable without defaulting to raw-report presentation.
  • T028 Save specs/355-platform-sellable-smoke-matrix/artifacts/screenshots/10-evidence-overview.png.
  • T029 Run Flow 9: operation proof, and verify the linked run belongs to the expected environment/source context and does not overclaim governance health.
  • T030 Save specs/355-platform-sellable-smoke-matrix/artifacts/screenshots/11-operation-proof.png.
  • T031 Run Flow 10: no urgent action state, and verify the calm state does not read as empty, broken, or warning-heavy.
  • T032 Save specs/355-platform-sellable-smoke-matrix/artifacts/screenshots/12-no-urgent-action.png.
  • T033 Record console errors, network/server errors, final URL/scope state, and customer-safe boundary observations for every flow in artifacts/platform-sellable-smoke-matrix.md.

Phase 4: Classification And Readiness Report

Purpose: Turn browser observations into a conservative sellable-readiness result.

  • T034 Fill specs/355-platform-sellable-smoke-matrix/artifacts/platform-sellable-smoke-matrix.md with expected primary action, actual primary action, scope result, customer-safe result, errors, screenshot path, and classification for every required flow.
  • T035 Mark missing states/screenshots as BLOCKED instead of PASS.
  • T036 Write specs/355-platform-sellable-smoke-matrix/artifacts/platform-sellable-readiness-report.md with:
    • Executive Summary
    • pass/fail/blocked counts
    • P0/P1/P2/P3 findings
    • demo readiness
    • sellable foundation readiness
    • customer-safe boundary assessment
    • operator workflow assessment
    • recommended close/fix/defer decision
  • T037 Keep the readiness report conservative when dependency verification or fixture coverage is incomplete.

Phase 5: Minimal P0/P1 Fixes Only

Purpose: Allow only direct in-scope runtime correction when the smoke matrix proves a blocking issue.

  • T038 If a verified P0/P1 issue is directly in scope, add the narrowest failing targeted test before editing runtime code.
  • T039 Apply only the minimal owner-surface fix required to address the verified P0/P1 issue. Do not add a new product surface, persistence, taxonomy, or framework.
  • T040 Re-run the affected browser flow after the fix and update the screenshot, matrix row, and readiness report.
  • T041 If a verified issue is out of scope or fixture-blocked, document it in the readiness report as a deferred blocker and do not broaden Spec 355.

Execution note: The only runtime patch in this slice closed a Spec 354 dependency-gate defect in dominant accepted-risk guidance localization. It stayed in scope because Spec 355 explicitly required that gate to be clear before close-out, and the fix was bounded to an existing warning-message resolver plus targeted regression coverage.

Phase 6: Regression And Final Validation

Purpose: Prove any direct fix stayed bounded and did not regress the adjacent guidance slices.

  • T042 Run cd apps/platform && ./vendor/bin/sail artisan test --compact --filter=Spec351.
  • T043 Run cd apps/platform && ./vendor/bin/sail artisan test --compact --filter=Spec352.
  • T044 Run cd apps/platform && ./vendor/bin/sail artisan test --compact --filter=Spec353.
  • T045 Run cd apps/platform && ./vendor/bin/sail artisan test --compact --filter=Spec354.
  • T046 Run cd apps/platform && ./vendor/bin/sail artisan test --compact --filter=CustomerReviewWorkspace.
  • T047 Run cd apps/platform && ./vendor/bin/sail artisan test --compact --filter=EnvironmentDashboard.
  • T048 Run cd apps/platform && ./vendor/bin/sail artisan test --compact --filter=ProviderConnection.
  • T049 Run cd apps/platform && ./vendor/bin/sail artisan test --compact --filter=FindingException.
  • T050 Run cd apps/platform && ./vendor/bin/sail artisan test --compact --filter=ResolutionGuidance.
  • T051 Run any new direct-fix test file added in Phase 5.
  • T052 Run cd apps/platform && ./vendor/bin/sail pint --dirty if runtime files changed.
  • T053 Run git diff --check.
  • T054 Record explicitly whether the full suite was or was not run.

Execution note: Broad family filters (Spec351-Spec354) were attempted via direct pest equivalents, but the current Sail container repeatedly killed those wide runs with exit 137. Narrower affected Spec 354 regressions were run instead and are recorded in the readiness report.

Non-Goals Checklist

  • NT001 Do not add Customer Portal, PDF/HTML renderer, AI guidance, PSA/ITSM handoff, or a new workflow engine.
  • NT002 Do not redesign Environment Dashboard, Governance Inbox, Evidence Overview, Customer Review Workspace, or Operations as part of this spec.
  • NT003 Do not add new provider execution logic, provider framework, or Graph render calls.
  • NT004 Do not add a new persisted sellable-readiness, smoke-result, or fixture-truth entity.
  • NT005 Do not treat blocked fixture states as pass or infer customer-safe readiness without browser evidence.
  • NT006 Do not reopen or normalize historical spec packages 351-354 during this slice.

Required Final Report Content

When implementation later completes, report:

  • branch
  • files changed
  • flows tested
  • screenshot count
  • pass/fail/blocked summary
  • P0/P1/P2/P3 findings
  • readiness decision
  • tests run
  • whether full suite was run
  • deferred follow-up specs