ahmido/TenantAtlas
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects 1 Releases Wiki Activity
platform-dev
TenantAtlas/specs/367-operationrun-actionability-system/tasks.md
ahmido 564da05096 feat: implement operation run actionability system (#439) 
This PR introduces the Operation Run Actionability System.

Co-authored-by: Ahmed Darrazi <ahmed.darrazi@live.de>
Reviewed-on: #439
2026-06-08 13:34:25 +00:00

14 KiB
Raw Permalink Blame History

Tasks: OperationRun Actionability System v1

Input: specs/367-operationrun-actionability-system/spec.md, specs/367-operationrun-actionability-system/plan.md
Prerequisites: Specs 358-365 are context only; do not rewrite completed close-out history.
Tests: Required. Use Pest 4 Unit, Feature, Guard/Architecture, and one bounded Browser smoke only if rendered UI changes.
No implementation in prep: This task list is for the later implementation loop.

Test Governance Checklist

  • Lane assignment is named and is the narrowest sufficient proof for the changed behavior.
  • New or changed tests stay in the smallest honest family, and any browser addition is explicit.
  • Shared helpers, factories, seeds, fixtures, and context defaults stay cheap by default; any widening is isolated or documented.
  • Planned validation commands cover the change without pulling in unrelated lane cost.
  • The declared surface test profiles are monitoring-state-page, dashboard-signal, and shared-detail-family.
  • Any material budget, baseline, trend, or escalation note is recorded in the active spec close-out.

Phase 1: Setup and Repo Truth Inventory

Purpose: Confirm exact operation-type inventory, current consumers, and current-state proof seams before implementation.

  • T001 Confirm current branch is 367-operationrun-actionability-system and working tree intent with git status --short --branch.
  • T002 Read specs/367-operationrun-actionability-system/spec.md, plan.md, tasks.md, and checklists/requirements.md.
  • T003 Read Specs 358-365 as context only; do not modify those packages.
  • T004 Inspect apps/platform/app/Models/OperationRun.php for terminalFollowUp(), dashboardNeedsFollowUp(), problemClass(), requiresOperatorReview(), and requiresDashboardFollowUp().
  • T005 Inspect apps/platform/app/Support/OperationCatalog.php, apps/platform/app/Support/OperationRunType.php, and apps/platform/app/Support/OperationTypeAlias.php for canonical and legacy operation-type values.
  • T006 Inspect apps/platform/app/Services/Providers/ProviderOperationRegistry.php and provider start-gate code for provider operation types.
  • T007 Inspect apps/platform/app/Support/Operations/Reconciliation/OperationRunReconciliationRegistry.php and all reconciliation adapters for supported operation families.
  • T008 Search apps/platform/app, apps/platform/database, and apps/platform/tests for operation type strings; record every OperationCatalog::canonicalInventory() entry, discovered alias, policy group, and missing policy candidate in specs/367-operationrun-actionability-system/repo-truth-map.md.
  • T009 Search for current consumers of terminalFollowUp, dashboardNeedsFollowUp, problemClass, requiresOperatorReview, and requiresDashboardFollowUp; record all consumers in repo-truth-map.md, including Operations workbench stats, Governance Inbox, environment dashboard summary, workspace overview, OperationUxPresenter, and shell active-run paths.
  • T010 Inspect apps/platform/app/Models/ProviderConnection.php and related provider health services to identify safe current-state proof fields for consent_status=granted and verification_status=healthy.
  • T011 Confirm no migration, env var, package, queue, scheduler, storage, Filament asset, panel-provider, or global-search change is required; update spec/plan before coding if false.

Phase 2: Failing Tests First

Purpose: Prove the behavior before changing runtime code.

  • T012 [P] Add apps/platform/tests/Unit/Support/Operations/Spec367OperationRunActionabilityResultTest.php for status/actionable boolean/result metadata semantics.
  • T013 [P] Add apps/platform/tests/Unit/Support/Operations/Spec367ProviderConnectionActionabilityPolicyTest.php for later same-scope success, healthy current state, unresolved blocker, and cross-scope non-resolution.
  • T014 [P] Add apps/platform/tests/Unit/Support/Operations/Spec367RepeatableOperationActionabilityPolicyTest.php for inventory, policy, directory groups, role definitions, compliance, and permission posture alias families.
  • T015 [P] Add apps/platform/tests/Unit/Support/Operations/Spec367BaselineArtifactActionabilityPolicyTest.php for baseline capture/compare and evidence/review/review-pack artifact proof.
  • T016 [P] Add apps/platform/tests/Unit/Support/Operations/Spec367HighRiskActionabilityPolicyTest.php for restore, promotion, purge, and destructive-like default manual-review behavior.
  • T017 [P] Add apps/platform/tests/Unit/Support/Operations/Spec367ActionabilityRegistryCoverageTest.php proving all known canonical OperationCatalog types and discovered aliases are explicitly covered or explicitly classified.
  • T018 [P] Add or extend guard coverage under apps/platform/tests/Feature/Guards/ proving dashboard/current-follow-up UI consumers do not directly use raw terminalFollowUp(), dashboardNeedsFollowUp(), or problemClass() as current actionability truth after migration.
  • T019 Add apps/platform/tests/Feature/Monitoring/Spec367DashboardOperationActionabilityTest.php proving the Provider Connection CTA loop is gone in NeedsAttention.
  • T020 Add apps/platform/tests/Feature/Filament/Spec367BaselineCompareNowActionabilityTest.php proving BaselineCompareNow uses actionability counts for Operations calmness.
  • T021 Add apps/platform/tests/Feature/Monitoring/Spec367OperationsActionabilityFilterTest.php proving current-follow-up filters include actionable/manual-review rows and exclude superseded/resolved rows while history remains visible.
  • T022 Add apps/platform/tests/Feature/Operations/Spec367OperationRunActionEligibilityAlignmentTest.php proving OperationRunActionEligibility does not produce primary CTAs that contradict non-actionable actionability results.
  • T023 Add cross-workspace and cross-environment denial tests proving later success/current state in another scope cannot resolve a run.
  • T024 Add a fail-hard Graph client binding to at least one render/evaluation feature test to prove actionability is DB-only.
  • T025 If rendered UI changes materially, add apps/platform/tests/Browser/Spec367OperationRunActionabilitySmokeTest.php for the Provider Connection loop and Operations history visibility.

Phase 3: Core Actionability Contract

Purpose: Add the derived actionability layer without persistence.

  • T026 Create an actionability status enum/value object, likely apps/platform/app/Support/Operations/Actionability/OperationRunActionabilityStatus.php.
  • T027 Create an actionability result value object, likely apps/platform/app/Support/Operations/Actionability/OperationRunActionabilityResult.php.
  • T028 Create an actionability policy interface or equivalent callable contract under apps/platform/app/Support/Operations/Actionability/.
  • T029 Create OperationRunActionabilityResolver with evaluate(OperationRun $run), evaluateMany(Collection $runs), and actionable/current-follow-up helpers.
  • T030 Create an actionability registry that maps canonical operation families to policies and exposes covered canonical types.
  • T031 Reuse OperationCatalog::canonicalCode() and OperationCatalog::rawValuesForCanonical() for aliases instead of creating another operation-type source.
  • T032 Add batch preloading/grouped lookup support so dashboard, Operations list, governance inbox, environment dashboard, and workspace overview consumers do not run per-row domain queries.
  • T033 Keep evaluation read-only; do not mutate operation_runs.context, status, outcome, related records, or audit logs.

Phase 4: Policy Implementations

Purpose: Implement the minimum explicit policies needed by v1.

  • T034 Implement provider connection check actionability for provider.connection.check.
  • T035 In provider policy, mark old blockers superseded_by_later_success when later same-workspace/same-environment/same-provider-connection success exists.
  • T036 In provider policy, mark old blockers resolved_by_current_state only when current ProviderConnection proof is same-scope and reliably healthy.
  • T037 Implement repeatable sync actionability for inventory, policy, directory groups, role definitions, compliance, and permission posture alias families.
  • T038 Implement baseline capture/compare actionability using later same-scope success or current baseline artifact proof only when repo truth supports it.
  • T039 Implement evidence/review/review-pack artifact actionability using existing EvidenceSnapshot, EnvironmentReview, ReviewPack, and reconciliation proof where available.
  • T040 Implement backup operation actionability for backup_set.update, backup.schedule.execute, backup.schedule.retention, and backup.schedule.purge.
  • T041 Implement restore/promotion/destructive-like actionability as default requires_manual_review for terminal problem outcomes.
  • T042 Classify alert/notification/delivery/informational operation types and every remaining canonical OperationCatalog type discovered in Phase 1 explicitly as actionable, manual-review, superseded-capable, resolved-by-current-state-capable, or informational; do not leave silent defaults.
  • T043 For incomplete correlation proof, return actionable or manual-review rather than superseded/resolved.

Phase 5: Consumer Migration

Purpose: Move current-follow-up UI from historical terminal truth to actionability.

  • T044 Update OperationRun::dashboardNeedsFollowUp() or add a replacement scope/helper so current dashboard follow-up uses actionability-backed query/evaluation semantics.
  • T045 Update OperationRun::problemClass() and related constants only if needed; preserve history and compatibility until consumers are migrated.
  • T046 Update apps/platform/app/Filament/Widgets/Dashboard/NeedsAttention.php to count current actionable/manual-review terminal runs through the resolver.
  • T047 Update apps/platform/app/Filament/Widgets/Dashboard/BaselineCompareNow.php to use actionability-backed Operations follow-up counts and links.
  • T048 Update apps/platform/app/Support/OperationRunLinks.php so current-follow-up links use actionability/problem filters that cannot target resolved/superseded historical rows as current work.
  • T049 Update apps/platform/app/Filament/Pages/Monitoring/Operations.php filters/prefilters/workbench state and apps/platform/app/Filament/Widgets/Operations/OperationsWorkbenchStats.php to support current actionability while keeping historical rows reachable.
  • T050 Update apps/platform/app/Filament/Resources/OperationRunResource.php, apps/platform/app/Filament/Pages/Operations/TenantlessOperationRunViewer.php, and apps/platform/app/Support/OpsUx/OperationUxPresenter.php so list/detail/decision copy shows actionability truth separately from historical status where current follow-up is displayed.
  • T051 Update apps/platform/app/Support/GovernanceInbox/GovernanceInboxSectionBuilder.php, apps/platform/app/Support/EnvironmentDashboard/EnvironmentDashboardSummaryBuilder.php, and apps/platform/app/Support/Workspaces/WorkspaceOverviewBuilder.php so aggregate operation follow-up uses current actionability counts and links, or explicitly documents any remaining historical-only usage.
  • T052 Update apps/platform/app/Support/Operations/OperationRunActionEligibility.php to consume actionability and avoid primary actions for superseded/resolved rows unless the action is pure history/detail navigation.
  • T053 Update apps/platform/app/Livewire/BulkOperationProgress.php and App\Support\OpsUx\ActiveRuns so shell active-run progress remains active-run only; remove current terminal follow-up from active progress or convert it to a distinct actionability-backed non-active signal with test coverage.
  • T054 Update EN/DE localization keys only for new visible actionability labels/reasons; avoid raw reason-code leakage.

Phase 6: UI Coverage and Documentation-In-Feature

Purpose: Keep UI-COV and close-out evidence inside the active spec package.

  • T055 Decide whether implementation materially changes Operations/dashboard/governance-inbox/environment-dashboard/workspace-overview coverage artifacts.
  • T056 If coverage artifacts change, update the relevant docs/ui-ux-enterprise-audit/ route inventory/design matrix/page report entries.
  • T057 If coverage artifacts do not change, record the checked no-update rationale in specs/367-operationrun-actionability-system/implementation-close-out.md or the active PR close-out.
  • T058 If browser smoke is run, store screenshots or notes under specs/367-operationrun-actionability-system/artifacts/.
  • T059 Record implementation close-out including Filament v5/Livewire v4 compliance, provider location, global search status, destructive action status, asset strategy, test commands, and deployment impact.

Phase 7: Validation

Purpose: Prove the feature and guardrails without broad suite drift.

  • T060 Run cd apps/platform && ./vendor/bin/sail php vendor/bin/pest tests/Unit/Support/Operations tests/Feature/Operations tests/Feature/Monitoring tests/Feature/Filament.
  • T061 Run cd apps/platform && ./vendor/bin/sail php vendor/bin/pest tests/Feature/Guards.
  • T062 If browser coverage was added, run cd apps/platform && ./vendor/bin/sail php vendor/bin/pest tests/Browser/Spec367OperationRunActionabilitySmokeTest.php.
  • T063 Run cd apps/platform && ./vendor/bin/sail pint --dirty --test.
  • T064 Run git diff --check.
  • T065 Review rg -n "terminalFollowUp|dashboardNeedsFollowUp|problemClass|requiresDashboardFollowUp|requiresOperatorReview" apps/platform/app and confirm any remaining usages are historical-only, model/internal compatibility, or explicitly documented in repo-truth-map.md / implementation close-out.
  • T066 Review rg -n "GraphClientInterface|graph\\(" in new/changed actionability files and confirm there are no render-time Graph calls.
  • T067 Confirm no migrations, packages, env vars, queues, scheduler changes, storage changes, panel provider changes, global search changes, or Filament asset registrations were introduced.

Explicit Non-Goals

  • T068 Do not add manual acknowledge/resolve UI.
  • T069 Do not create a persisted actionability table or column.
  • T070 Do not rewrite historical OperationRun rows.
  • T071 Do not introduce new destructive actions, retries, restore re-execution, or force-complete actions.
  • T072 Do not enable global search for OperationRunResource.