239 lines
15 KiB
Markdown
239 lines
15 KiB
Markdown
# Tasks: Exchange Content-Backed Evidence Promotion Slice 1
|
|
|
|
**Input**: Design documents from `specs/436-exchange-content-backed-evidence-promotion-slice-1/`
|
|
**Prerequisites**: [spec.md](./spec.md), [plan.md](./plan.md), [checklists/requirements.md](./checklists/requirements.md)
|
|
|
|
**Tests**: Required. Runtime behavior changes must be covered with Pest 4 Unit and Feature tests. Browser proof is `N/A - no rendered UI surface changed`.
|
|
|
|
## Test Governance Checklist
|
|
|
|
- [x] Lane assignment is named and is the narrowest sufficient proof for the changed behavior.
|
|
- [x] New or changed tests stay in the smallest honest family, and any heavy-governance or browser addition is explicit.
|
|
- [x] Shared helpers, factories, seeds, fixtures, and context defaults stay cheap by default; any widening is isolated or documented.
|
|
- [x] Planned validation commands cover the change without pulling in unrelated lane cost.
|
|
- [x] Browser proof is explicitly `N/A - no rendered UI surface changed`.
|
|
- [x] Human Product Sanity and Product Surface implementation-report close-out are planned as N/A.
|
|
- [x] Any material budget, baseline, trend, or escalation note is recorded in the implementation report.
|
|
|
|
## Phase 0 - Preflight
|
|
|
|
- [x] T001 Capture branch, HEAD, and `git status --short` in `implementation-report.md`.
|
|
- [x] T002 Confirm Spec 435 PASS/merge-ready and record prerequisite proof from `specs/435-exchange-structured-output-target-normalizer-readiness/implementation-report.md`.
|
|
- [x] T003 Confirm Specs 430-434 are completed read-only context and are not edited.
|
|
- [x] T004 Confirm target types are exactly `transportRule`, `remoteDomain`, and `inboundConnector`.
|
|
- [x] T005 Confirm evidence model uses existing `tenant_configuration_resources` and `tenant_configuration_resource_evidence`.
|
|
- [x] T006 Confirm OperationRun owner is `tenant_configuration.capture` and invocation operation remains runner truth only.
|
|
- [x] T007 Confirm no UI/routes/jobs/schedules/listeners/migration/tenant_id/target-expansion scope.
|
|
|
|
## Phase 1 - Tests First: Adapter Wiring
|
|
|
|
- [x] T008 Add or update focused unit tests proving the Exchange adapter creates a Spec 435 `ExchangePowerShellStructuredOutputEnvelope` before evidence append.
|
|
- [x] T009 Add or update unit tests proving `ExchangePowerShellEvidenceNormalizer` dispatches target-specific normalizers for all three targets.
|
|
- [x] T010 Add static/behavioral tests proving `GenericPayloadNormalizer` is not used for Exchange evidence promotion.
|
|
- [x] T011 Add static/behavioral tests proving `ExchangeTeamsComparablePayloadNormalizer` is not used for Exchange evidence promotion.
|
|
- [x] T012 Add tests proving the generic Graph capture path remains intact and is not routed through Exchange-specific promotion.
|
|
|
|
## Phase 2 - Adapter Normalizer Wiring
|
|
|
|
- [x] T013 Update `ExchangePowerShellEvidenceCaptureAdapter` to use Spec 435 structured envelope for accepted runner output.
|
|
- [x] T014 Update the adapter to use `ExchangeTransportRuleEvidenceNormalizer` through `ExchangePowerShellEvidenceNormalizer` for `transportRule`.
|
|
- [x] T015 Update the adapter to use `ExchangeRemoteDomainEvidenceNormalizer` through `ExchangePowerShellEvidenceNormalizer` for `remoteDomain`.
|
|
- [x] T016 Update the adapter to use `ExchangeInboundConnectorEvidenceNormalizer` through `ExchangePowerShellEvidenceNormalizer` for `inboundConnector`.
|
|
- [x] T017 Update the adapter to use `ExchangePowerShellHashInputBuilder` for persisted payload hashes.
|
|
- [x] T018 Remove or bypass the adapter's Exchange write-time dependency on `GenericPayloadNormalizer`.
|
|
- [x] T019 Remove or bypass the adapter's Exchange write-time dependency on `ExchangeTeamsComparablePayloadNormalizer`.
|
|
|
|
## Phase 3 - OperationRun Ownership And Context
|
|
|
|
- [x] T020 Ensure evidence append requires `OperationRunType::TenantConfigurationCapture`.
|
|
- [x] T021 Add tests proving `OperationRunType::TenantConfigurationExchangePowerShellInvocation` cannot own evidence.
|
|
- [x] T022 Confirm no new OperationRun type is added.
|
|
- [x] T023 Keep OperationRun context safe and exclude raw payload, normalized payload, stdout, stderr, transcript, normalizer preview, hash preview, credential material, and provider response body.
|
|
- [x] T024 Use existing allowed `OperationSummaryKeys` only, or stop and amend the spec before adding keys.
|
|
|
|
## Phase 4 - transportRule Evidence Capture
|
|
|
|
- [x] T025 Add focused tests where successful fake `Get-TransportRule` capture creates one resource row and one evidence row.
|
|
- [x] T026 Assert `raw_payload` is persisted only in `tenant_configuration_resource_evidence`.
|
|
- [x] T027 Assert target-specific normalized payload is persisted.
|
|
- [x] T028 Assert deterministic payload hash is persisted.
|
|
- [x] T029 Assert `operation_run_id`, `workspace_id`, `managed_environment_id`, and `provider_connection_id` are linked.
|
|
- [x] T030 Assert coverage remains `content_backed` only, claim state remains internal-only/customer-blocked, and persisted `capture_outcome` uses an existing repo-allowed value.
|
|
|
|
## Phase 5 - remoteDomain Evidence Capture
|
|
|
|
- [x] T031 Add focused tests where successful fake `Get-RemoteDomain` capture creates content-backed evidence with stable source identity.
|
|
- [x] T032 Assert domain-only identity blocks with no writer call and no evidence row.
|
|
- [x] T033 Assert display-only identity blocks with no writer call and no evidence row.
|
|
- [x] T034 Assert duplicate identity blocks with no evidence row.
|
|
- [x] T035 Assert conflicting identity blocks with no evidence row.
|
|
- [x] T036 Assert raw payload, normalized payload, deterministic hash, OperationRun link, repo-allowed persisted `capture_outcome`, and content-backed-only state for successful stable identity.
|
|
|
|
## Phase 6 - inboundConnector Evidence Capture
|
|
|
|
- [x] T037 Add focused tests where successful fake `Get-InboundConnector` capture creates content-backed evidence with stable connector identity.
|
|
- [x] T038 Assert missing connector identity blocks with no evidence row.
|
|
- [x] T039 Assert duplicate identity blocks with no evidence row.
|
|
- [x] T040 Assert protected config sentinels do not enter OperationRun context/logs/summaries.
|
|
- [x] T041 Assert raw payload, normalized payload, deterministic hash, OperationRun link, repo-allowed persisted `capture_outcome`, and content-backed-only state for successful stable identity.
|
|
|
|
## Phase 7 - Append-Only Evidence
|
|
|
|
- [x] T042 Add feature tests proving existing evidence is not overwritten.
|
|
- [x] T043 Add feature tests proving a second successful capture inserts a new evidence row.
|
|
- [x] T044 Assert `latest_evidence_id`, `latest_payload_hash`, and `latest_captured_at` update according to repo pattern.
|
|
- [x] T045 Assert prior payload hash and payload columns are not mutated.
|
|
|
|
## Phase 8 - Hash Determinism
|
|
|
|
- [x] T046 Add unit tests proving the same material normalized payload produces the same hash.
|
|
- [x] T047 Add unit tests proving material changes change the hash.
|
|
- [x] T048 Add unit tests proving volatile changes do not change the hash.
|
|
- [x] T049 Add unit tests proving provider ordering does not change hash when order is not meaningful.
|
|
- [x] T050 Assert target type, source surface, command contract, payload shape version, and normalizer version participate in hash input according to Spec 435.
|
|
|
|
## Phase 9 - Readiness Failure Blocking
|
|
|
|
- [x] T051 Add tests proving missing credential readiness blocks with no evidence.
|
|
- [x] T052 Add tests proving client-secret readiness blocks with no evidence.
|
|
- [x] T053 Add tests proving missing permission readiness blocks with no evidence.
|
|
- [x] T054 Add tests proving stale permission evidence blocks with no evidence.
|
|
- [x] T055 Add tests proving wrong-scope permission evidence blocks with no evidence.
|
|
- [x] T056 Add tests proving runtime readiness failure blocks with no evidence.
|
|
- [x] T057 Add tests proving provider scope failure and unsupported provider capability both block with no evidence.
|
|
|
|
## Phase 10 - Output Failure Blocking
|
|
|
|
- [x] T058 Add tests proving authentication failure blocks with no evidence.
|
|
- [x] T059 Add tests proving authorization/permission failure blocks with no evidence.
|
|
- [x] T060 Add tests proving source unavailable blocks with no evidence.
|
|
- [x] T061 Add tests proving malformed output blocks with no evidence.
|
|
- [x] T062 Add tests proving scalar output blocks with no evidence.
|
|
- [x] T063 Add tests proving warning-prefixed output blocks with no evidence.
|
|
- [x] T064 Add tests proving binary/non-UTF8 output blocks with no evidence.
|
|
- [x] T065 Add tests proving oversized output blocks with no evidence.
|
|
- [x] T066 Add tests proving non-zero exit blocks with no evidence.
|
|
- [x] T067 Add tests proving timeout blocks with no evidence and failure outcomes do not persist adapter-only outcome labels outside existing repo-allowed evidence values.
|
|
|
|
## Phase 11 - Identity Blocking
|
|
|
|
- [x] T068 Add tests proving missing identity blocks.
|
|
- [x] T069 Add tests proving duplicate identity blocks.
|
|
- [x] T070 Add tests proving conflicting identity blocks.
|
|
- [x] T071 Add tests proving display-name-only blocks.
|
|
- [x] T072 Add tests proving derived-only unproven identity blocks.
|
|
- [x] T073 Assert the writer is not called on unsafe identity.
|
|
|
|
## Phase 12 - Empty Collection Policy
|
|
|
|
- [x] T074 Add tests proving empty collection produces zero-item summary.
|
|
- [x] T075 Assert empty collection creates no resource row.
|
|
- [x] T076 Assert empty collection creates no evidence row.
|
|
- [x] T077 Assert permission denied and source unavailable are not treated as empty.
|
|
- [x] T078 Assert malformed output and partial output are not treated as empty or success.
|
|
|
|
## Phase 13 - Redaction
|
|
|
|
- [x] T079 Add tests proving raw payload exists only in evidence storage.
|
|
- [x] T080 Add tests proving OperationRun context is sanitized.
|
|
- [x] T081 Add tests proving no raw stdout/stderr in context.
|
|
- [x] T082 Add tests proving no normalizer/hash preview in context.
|
|
- [x] T083 Add tests proving no credential material in context/logs/results.
|
|
- [x] T084 Add tests proving no provider payload in summaries.
|
|
- [x] T085 Add guard/static tests proving no customer output path is touched.
|
|
|
|
## Phase 14 - Content-Only Guard And No Promotion
|
|
|
|
- [x] T086 Assert coverage max level is `content_backed`.
|
|
- [x] T087 Assert no comparable state.
|
|
- [x] T088 Assert no renderable state.
|
|
- [x] T089 Assert no certified state.
|
|
- [x] T090 Assert no restore-ready state.
|
|
- [x] T091 Assert no customer-ready/customer-claimable state.
|
|
|
|
## Phase 15 - No Product Surface / Trigger
|
|
|
|
- [x] T092 Add or update guard tests proving no route changed or added.
|
|
- [x] T093 Add or update guard tests proving no Filament page/resource/widget changed or added.
|
|
- [x] T094 Add or update guard tests proving no Livewire component changed or added.
|
|
- [x] T095 Add or update guard tests proving no navigation, asset, global search, or provider registration change.
|
|
- [x] T096 Add or update guard tests proving no destructive UI action exists.
|
|
- [x] T097 Add or update guard tests proving no job, schedule, listener, console trigger, report, Review Pack, or PDF output was added.
|
|
- [x] T098 Record browser proof as `N/A - no rendered UI surface changed`.
|
|
|
|
## Phase 16 - No Tenant / Mini-Platform
|
|
|
|
- [x] T099 Assert no `tenant_id` ownership column/path is introduced.
|
|
- [x] T100 Assert no Exchange-specific evidence table exists.
|
|
- [x] T101 Assert no Exchange dashboard, legacy shim, fallback reader, or separate Exchange mini-platform exists.
|
|
- [x] T102 Assert no migration file was added.
|
|
|
|
## Phase 17 - Regression Tests
|
|
|
|
- [x] T103 Run Spec 435 regression tests.
|
|
- [x] T104 Run Spec 434 regression tests.
|
|
- [x] T105 Run Spec 433 regression tests.
|
|
- [x] T106 Run Spec 432 regression tests.
|
|
- [x] T107 Run Spec 431 regression tests.
|
|
- [x] T108 Run Spec 430 regression tests.
|
|
- [x] T109 Run Spec 415 regression tests.
|
|
- [x] T110 Run Spec 417 regression tests.
|
|
- [x] T111 Run Spec 419 regression tests if available.
|
|
- [x] T112 Run Spec 420 regression tests.
|
|
- [x] T113 Run Spec 426 regression tests.
|
|
- [x] T114 Run Spec 427 regression tests.
|
|
- [x] T115 Run `ProviderCapabilityRegistryTest` or repo equivalent.
|
|
|
|
## Phase 18 - Validation
|
|
|
|
- [x] T116 Run `cd apps/platform && ./vendor/bin/sail bin pint --dirty --format agent` or document fallback if Sail fails.
|
|
- [x] T117 Run `cd apps/platform && ./vendor/bin/sail artisan test --filter=Spec436 --compact` or document fallback if Sail fails.
|
|
- [x] T118 Run `cd apps/platform && ./vendor/bin/sail artisan test --filter=Spec435 --compact` or document fallback if Sail fails.
|
|
- [x] T119 Run `cd apps/platform && ./vendor/bin/sail artisan test --filter=Spec434 --compact` or document fallback if Sail fails.
|
|
- [x] T120 Run `cd apps/platform && ./vendor/bin/sail artisan test --filter=Spec433 --compact` or document fallback if Sail fails.
|
|
- [x] T121 Run `cd apps/platform && ./vendor/bin/sail artisan test --filter='Spec432|Spec431|Spec430' --compact` or document fallback if Sail fails.
|
|
- [x] T122 Run `cd apps/platform && ./vendor/bin/sail artisan test --filter='Spec415|Spec417|Spec419|Spec420|Spec426|Spec427' --compact` or document fallback if Sail fails.
|
|
- [x] T123 Run `cd apps/platform && ./vendor/bin/sail artisan test --filter='ProviderCapabilityRegistryTest|ProviderCapabilityEvaluationTest' --compact` or document fallback if Sail fails.
|
|
- [x] T124 Run `git diff --check`.
|
|
- [x] T125 Run `git status --short`.
|
|
|
|
## Phase 19 - Implementation Report
|
|
|
|
- [x] T126 Record candidate gate result.
|
|
- [x] T127 Record branch, HEAD, and dirty state before/after.
|
|
- [x] T128 Record files changed.
|
|
- [x] T129 Record Spec 435 prerequisite proof.
|
|
- [x] T130 Complete target type outcomes matrix.
|
|
- [x] T131 Record OperationRun proof.
|
|
- [x] T132 Record evidence persistence proof, including persisted `capture_outcome` value proof.
|
|
- [x] T133 Record append-only and latest pointer proof.
|
|
- [x] T134 Record raw payload location proof.
|
|
- [x] T135 Record structured envelope proof.
|
|
- [x] T136 Record normalizer integration proof.
|
|
- [x] T137 Record hash proof.
|
|
- [x] T138 Record identity proof.
|
|
- [x] T139 Record credential/permission/runtime readiness proof.
|
|
- [x] T140 Record failure blocking proof.
|
|
- [x] T141 Record redaction proof.
|
|
- [x] T142 Record no `GenericPayloadNormalizer` proof.
|
|
- [x] T143 Record no `ExchangeTeamsComparablePayloadNormalizer` proof.
|
|
- [x] T144 Record no Graph gateway/fake endpoint proof.
|
|
- [x] T145 Record no promotion/restore/customer proof.
|
|
- [x] T146 Record no UI/trigger proof.
|
|
- [x] T147 Record no `tenant_id` and no mini-platform proof.
|
|
- [x] T148 Record tests run and deferred work.
|
|
|
|
## Dependencies And Ordering
|
|
|
|
- T001-T007 must complete before runtime edits.
|
|
- T008-T012 should be written before T013-T019.
|
|
- T020-T024 must pass before evidence persistence tasks are considered complete.
|
|
- Target-specific phases can be worked independently after adapter wiring, but append-only/no-promotion validations must run after all successful-target paths exist.
|
|
- Phase 17-19 are final validation and report tasks.
|
|
|
|
## Parallelization Notes
|
|
|
|
- Unit tests for hash determinism, identity blockers, and target normalizers can run in parallel if they touch separate files.
|
|
- Feature tests for each target can run in parallel after shared fixtures are in place.
|
|
- No UI/browser work is parallelizable because it is out of scope.
|