- Add LEAN-001 to constitution after BIAS-001: forbids legacy aliases, migration shims, dual-write logic, and compatibility fixtures in a pre-production codebase - Add compatibility posture default block to spec template - Add pre-production compatibility check to agent instructions - Unify backup_set operation type to canonical backup_set.update - Remove all legacy backup_set.add_policies/remove_policies references - Add finding ownership semantics (responsibility/accountability labels) - Clean up roadmap.md and spec-candidates.md
3.5 KiB
3.5 KiB
Quickstart: Finding Ownership Semantics Clarification
Goal: Implement the clarified finding owner versus assignee contract on existing findings surfaces without introducing new persistence, capabilities, or workflow services.
1. Prepare the workspace
cd apps/platform
./vendor/bin/sail up -d
2. Update responsibility semantics on the existing findings resource
Primary file:
app/Filament/Resources/FindingResource.php
Expected implementation steps:
- Keep owner and assignee as separate roles on list and detail surfaces.
- Add a derived responsibility-state label, badge, or equivalent summary based on current owner/assignee presence.
- Adjust filters or personal-work shortcuts so assignee-driven work and owner-driven accountability are not collapsed into one ambiguous view.
- Keep
Exception ownerexplicitly distinct anywhere exception context is rendered from a finding. - Add help text to assignment and exception-request forms so operators understand the semantic difference between the two owner concepts.
3. Keep responsibility truth local and derived
Supporting files:
app/Models/Finding.phpapp/Services/Findings/FindingWorkflowService.phpapp/Services/Findings/FindingExceptionService.phpapp/Services/Findings/FindingRiskGovernanceResolver.php
Guidance:
- Prefer a small local derived helper on
Findingif it simplifies repeated responsibility-state checks. - Do not add a new enum, table, or presenter for responsibility state.
- Keep
FindingWorkflowService::assign()as the canonical mutation boundary. - If feedback or audit wording changes, distinguish owner-only, assignee-only, clear-owner, clear-assignee, and combined changes explicitly.
- If next-action copy is updated, treat missing owner as the visible state
orphaned accountabilityeven when an assignee exists.
4. Add focused regression tests
Primary test targets:
tests/Feature/Filament/Resources/FindingResourceOwnershipSemanticsTest.phptests/Feature/Findings/FindingAssignmentAuditSemanticsTest.php
Potential supporting edits:
tests/Feature/Findings/FindingWorkflowRowActionsTest.phptests/Feature/Findings/FindingWorkflowServiceTest.php
Coverage checklist:
- Owner-only finding renders as owned but unassigned.
- Owner-plus-assignee finding renders both roles distinctly.
- Assignee-only and both-null findings render as
orphaned accountability. - Exception owner remains separately labeled from finding owner.
- Responsibility updates preserve tenant-member validation and clearly report owner-only, assignee-only, clear-owner, clear-assignee, and combined changes.
- Tenant-route authorization assertions use explicit panel selection when needed.
5. Verify the feature
Run the narrowest proof set first:
cd apps/platform && ./vendor/bin/sail artisan test --compact tests/Feature/Filament/Resources/FindingResourceOwnershipSemanticsTest.php
cd apps/platform && ./vendor/bin/sail artisan test --compact tests/Feature/Findings/FindingAssignmentAuditSemanticsTest.php
cd apps/platform && ./vendor/bin/sail bin pint --dirty --format agent
6. Review expectations
Before moving to tasks or implementation review, confirm:
- Owner, assignee, and exception owner mean one stable thing each across list, detail, and action flows.
- Responsibility state is derived from existing fields only.
- No new persistence, capability split, or presenter/framework layer was introduced.
- Tenant-safe Filament behavior remains intact on both admin canonical and tenant-panel test paths.