TenantAtlas/specs/369-baseline-profile-decision-view/plan.md

Implementation Plan: Spec 369 - Baseline Profile Decision View

Branch: 369-baseline-profile-decision-view | Date: 2026-06-09 | Spec: specs/369-baseline-profile-decision-view/spec.md Input: Feature specification from specs/369-baseline-profile-decision-view/spec.md

Summary

Productize the existing Baseline Profile detail page into a decision-first governance surface. The implementation should keep the existing route, resource, actions, policies, OperationRun start UX, and baseline domain truth intact while changing first-read hierarchy: readiness, reason, impact, snapshot basis, assignment/usefulness, and one safe next action must appear before governed-subject normalization lineage and metadata.

Technical Context

Language/Version: PHP 8.4.15 Primary Dependencies: Laravel 12.52, Filament 5.2.1, Livewire 4.1.4, Pest 4.3.1, PostgreSQL via Sail Storage: PostgreSQL, no schema changes expected Testing: Pest Feature/Livewire tests plus bounded Pest Browser smoke if implementation changes rendered layout Target Platform: Laravel Sail local development, Dokploy container deployment later Project Type: Laravel monolith, Filament admin panel Performance Constraints: No new Graph calls or expensive queries during render; reuse existing eager loading and helper methods where possible Constraints: Page-local UI/productization only; no baseline engine, OperationRun lifecycle, provider, shell, route, or migration changes Scale/Scope: Existing Baseline Profile detail route and regression coverage only

Candidate Selection Gate

• Selected candidate exists in source material: yes, Spec 368 finding UI-AUDIT-368-F03 and Candidate B.
• Not already covered by active/completed spec: yes. Existing specs cover baseline engine/truth/compare (116, 159, 336) but not the Spec 368 browser-verified Baseline Profile detail signal-to-noise finding.
• Completed-spec guardrail: Related completed specs are context only and must not be edited.
• Roadmap/product alignment: yes. This supports the current platform productization direction and closes a high-value governance operator surface gap.
• Small, reviewable slice: yes. One existing detail page plus focused tests/smoke.
• Deferred adjacent concerns: Backup Set, OperationRun View, Provider Connections, Diagnostics, and global UI rule pack remain follow-ups.
• Result: PASS.

Constitution Check

• Inventory-first, snapshots-second: PASS - the page continues to display existing Baseline Profile/Snapshot truth and does not fetch Graph data.
• Read/write separation by default: PASS - no new mutation is introduced; existing capture/compare high-impact actions retain confirmation and authorization.
• Single Contract Path to Graph: PASS - no Graph calls are introduced.
• Deterministic Capabilities: PASS - existing WorkspaceUiEnforcement, capability resolvers, and policies remain the action truth.
• Proportionality / Anti-bloat: PASS - no new persistence, status family, or cross-domain UI framework is planned.
• Workspace isolation: PASS - Baseline Profile remains workspace-owned and workspace-scoped.
• Tenant isolation: PASS - tenant/environment data appears only through existing assignments, snapshot links, and action targets.
• RBAC-UX: PASS - UI state remains non-authoritative; server-side action authorization remains required.
• UI-COV-001: PASS with required page-report/coverage update or explicit no-route-change rationale.
• TEST-GOV-001: PASS with focused Feature/Browser lane classification.

Existing Repository Surfaces

• apps/platform/app/Filament/Resources/BaselineProfileResource.php
  • Current infolist sections: Profile, Scope, Baseline truth, Related context, Metadata.
  • Existing helper methods already expose scope summary, support readiness, current snapshot, latest attempt, compare readiness, and next step.
  • protected static bool $isGloballySearchable = false; keep unchanged.
• apps/platform/app/Filament/Resources/BaselineProfileResource/Pages/ViewBaselineProfile.php
  • Header actions: capture, compare now, More group with compare assigned environments and edit.
  • Capture/compare use ->requiresConfirmation(), shared OperationRun feedback, and workspace capability enforcement.
• Existing tests:
  • apps/platform/tests/Feature/Filament/BaselineProfileCaptureStartSurfaceTest.php
  • apps/platform/tests/Feature/Filament/BaselineProfileCompareStartSurfaceTest.php
  • apps/platform/tests/Feature/Baselines/BaselineProfileAuthorizationTest.php
  • apps/platform/tests/Browser/Spec192RecordPageHeaderDisciplineSmokeTest.php
  • apps/platform/tests/Browser/Spec202GovernanceSubjectTaxonomySmokeTest.php
• UI audit sources:
  • specs/368-platform-ui-signal-to-noise-browser-audit/*
  • docs/ui-ux-enterprise-audit/page-reports/ui-010-baseline-profiles.md
  • docs/ui-ux-enterprise-audit/route-inventory.md
  • docs/ui-ux-enterprise-audit/design-coverage-matrix.md

Technical Approach

1. Verify the current Baseline Profile detail states that need to drive the decision summary:
   • active with consumable snapshot
   • active without consumable snapshot
   • draft/inactive/archived
   • invalid/unsupported/mixed governed-subject scope
   • assigned and unassigned environments
   • authorized and readonly actor states
2. Introduce the smallest derived decision summary shape:
   • Prefer existing methods in BaselineProfileResource.
   • Add a page-local helper only if repeated inline TextEntry closures become hard to review.
   • Keep it derived-only and request-scoped.
3. Recompose the infolist:
   • Add a decision-first section above Profile/Scope.
   • Move normalization lineage and technical metadata below the decision and proof sections.
   • Keep current snapshot/latest attempt/compare readiness and related context accessible.
4. Preserve action safety:
   • Do not change capture/compare modal behavior except copy/hierarchy if required.
   • Keep confirmation, capability checks, notifications, OperationRun links, and browser events.
5. Update focused tests and browser smoke:
   • Assert decision content is visible and technical content is secondary.
   • Assert readonly/owner action behavior remains stable.
   • Capture a bounded browser smoke screenshot for the improved detail page.
6. Update UI audit coverage artifacts:
   • Update page report/coverage note for UI-057 detail work.
   • If route inventory counts are unchanged, document no route change rather than touching route count tables unnecessarily.

Domain / Model Implications

• No model, migration, table, enum, persisted status, or source-of-truth change.
• Baseline readiness remains derived from existing Baseline Profile/Snapshot/Assignment/Compare truth.
• No data backfill or compatibility behavior is needed.

UI / Filament Implications

• Filament v5 / Livewire v4.1.4 compliance is required.
• Panel providers remain in apps/platform/bootstrap/providers.php; no provider registration change.
• BaselineProfileResource global search stays disabled. It already has a View page and $recordTitleAttribute, but global search is intentionally off for this workspace-owned governance surface.
• Detail page should use native Filament sections/infolist entries where possible.
• Header action discipline remains: one state-sensitive primary action where possible, secondary actions in More or related context, dangerous/destructive actions confirmed.
• No asset registration is expected; filament:assets is not newly required by this spec.

RBAC / Policy Implications

• Workspace member access and baseline capabilities remain source of truth.
• Non-member/wrong-workspace access stays deny-as-not-found.
• Readonly members may view but not mutate according to existing tests.
• High-impact actions must continue to enforce authorization server-side, not only through disabled UI state.

OperationRun / Observability Implications

• Existing capture/compare actions continue to create/reuse OperationRun values through existing services.
• Existing OperationUxPresenter, OperationRunLinks, and OpsUxBrowserEvents continue to own queued/already-queued feedback.
• No new OperationRun type, lifecycle state, queued notification policy, or reconciliation behavior is introduced.

Audit / Evidence Implications

• No new audit action is expected for pure page render changes.
• Existing capture/compare/archive audit behavior must remain intact.
• Current snapshot and compare matrix links remain evidence/proof navigation, not duplicated truth.

Test Strategy

• Add or update Feature/Livewire tests for:
  • ready profile decision summary
  • blocked/no snapshot decision summary
  • invalid/unsupported scope decision summary
  • readonly/member action state
  • no raw scope JSON or normalization lineage in the primary decision summary
• Preserve existing tests for:
  • capture start authorization and OperationRun feedback
  • compare start authorization and OperationRun feedback
  • Baseline Profile RBAC 404/403 behavior
  • record-page header discipline
• Add bounded browser smoke if rendered hierarchy changes:
  • login/fixture using existing helpers
  • visit Baseline Profile detail
  • assert decision summary appears before technical lineage/metadata in visible page order
  • assert no JavaScript errors
  • save screenshot in specs/369-baseline-profile-decision-view/artifacts/screenshots/

Rollout / Deployment Considerations

• Migrations: none expected.
• Env vars: none expected.
• Queues: no new queues or workers; existing capture/compare queue behavior unchanged.
• Scheduler: none.
• Storage/volumes: none.
• Assets: no new Filament assets expected; no deploy-specific filament:assets change.
• Staging/Production: Validate on staging with focused Baseline Profile view smoke before production promotion once production exists.

UI Audit Close-Out

• Route/design coverage counts: no count change. Spec 369 recomposes the existing Baseline Profile detail view under the existing Filament resource route; it does not add, remove, or reclassify a route.
• Design coverage matrix: no count change. UI-010 Baseline Profiles remains a Strategic Surface, with the detail-page hierarchy updated inside the existing coverage row.
• Page report: docs/ui-ux-enterprise-audit/page-reports/ui-010-baseline-profiles.md records the decision-first detail update.
• Screenshot evidence: specs/369-baseline-profile-decision-view/artifacts/screenshots/decision-first-detail.png.

Risk Controls

• Stop implementation if improving the page requires new persistence, a new readiness enum, a generic UI framework, or broad baseline engine changes.
• Preserve action names and tests unless a naming change is explicitly required by user-facing copy.
• Keep browser fixture cost bounded; do not create a platform-wide fixture suite inside this spec.
• Do not rewrite completed specs or Spec 368 audit history.

Implementation Phases

Phase 1 - Repo Truth And Test Baseline

Confirm existing Baseline Profile detail states, helpers, action safety, and current browser evidence. Add failing tests for the desired decision-first first viewport.

Phase 2 - Decision Summary Composition

Recompose the infolist to lead with readiness, reason, impact, snapshot basis, assignment signal, and next action. Demote technical scope/metadata.

Phase 3 - Action Safety And Coverage

Verify capture/compare/archive confirmations, authorization, OperationRun feedback, and global-search posture remain unchanged.

Phase 4 - Browser Smoke And UI Audit Close-Out

Capture before/after proof, update UI audit coverage notes, and record guardrail/smoke outcome.

Spec Readiness Gate

• spec.md: present and scoped.
• plan.md: present and repo-aware.
• tasks.md: generated for later implementation.
• RBAC, workspace isolation, OperationRun semantics, evidence truth, UI coverage, destructive/high-impact action handling, and test lanes are addressed.
• No open question blocks safe implementation.
• Scope is small enough for a bounded implementation loop.
• Result: PASS after tasks/checklist generation and preparation analysis.