6.0 KiB
6.0 KiB
Quickstart: Backup Quality Truth Surfaces
Goal
Validate that backup-set, backup-item, policy-version, and restore-selection surfaces now communicate backup quality truth early and explicitly without overstating restore safety, restore readiness, or tenant recoverability.
Prerequisites
- Start Sail if it is not already running.
- Ensure the workspace has representative fixtures for:
- a backup set with only full-payload items
- a backup set with at least one metadata-only item
- a backup set with assignment fetch failure metadata
- a backup set with orphaned-assignment metadata
- one policy version captured as full payload
- one policy version captured as metadata-only
- one user with
TENANT_VIEWbut without restore capability - one user with restore capability for the same tenant
- Ensure the acting users are valid workspace and tenant members.
- Ensure archived backup-set and policy-version fixtures exist if lifecycle plus quality combinations need validation.
Focused Automated Verification
Run the smallest existing backup, version, and restore-selection pack first:
vendor/bin/sail artisan test --compact tests/Feature/Filament/BackupSetEnterpriseDetailPageTest.php
vendor/bin/sail artisan test --compact tests/Feature/Filament/BackupItemsRelationManagerFiltersTest.php
vendor/bin/sail artisan test --compact tests/Feature/Filament/BackupSetUiEnforcementTest.php
vendor/bin/sail artisan test --compact tests/Feature/Filament/PolicyVersionTest.php
vendor/bin/sail artisan test --compact tests/Feature/Filament/PolicyVersionRestoreViaWizardTest.php
vendor/bin/sail artisan test --compact tests/Feature/Filament/RestoreItemSelectionTest.php
vendor/bin/sail artisan test --compact tests/Feature/Rbac/BackupItemsRelationManagerUiEnforcementTest.php
vendor/bin/sail artisan test --compact tests/Feature/Rbac/PolicyVersionsRestoreToIntuneUiEnforcementTest.php
vendor/bin/sail artisan test --compact tests/Feature/Rbac/CreateRestoreRunAuthorizationTest.php
vendor/bin/sail artisan test --compact tests/Feature/RestoreRiskChecksWizardTest.php
vendor/bin/sail artisan test --compact tests/Unit/AssignmentBackupServiceTest.php
vendor/bin/sail artisan test --compact tests/Unit/BackupItemTest.php
Expected new or expanded spec-scoped tests:
vendor/bin/sail artisan test --compact tests/Feature/Filament/BackupQualityTruthSurfaceTest.php
vendor/bin/sail artisan test --compact tests/Feature/Filament/PolicyVersionQualityTruthSurfaceTest.php
vendor/bin/sail artisan test --compact tests/Feature/Filament/RestoreSelectionQualityTruthTest.php
vendor/bin/sail artisan test --compact tests/Feature/Rbac/BackupQualityVisibilityTest.php
vendor/bin/sail artisan test --compact tests/Unit/Support/BackupQuality/
Use --filter for a smaller pass while iterating.
Manual Validation Pass
1. Verify backup-set list truth
Open /admin/t/{tenant}/backup-sets and confirm:
- lifecycle status remains visible and separate from backup-quality summary
- a full-quality set reads as
no degradations detectedor equivalent without implying safe restore - a degraded set shows metadata-only, assignment issues, orphaned assignments, or degraded-item count within one scan
2. Verify backup-set detail summary-first layout
Open a degraded backup set and confirm:
- the first visible summary answers whether the set is strong or weak as recovery input
- metadata-only count, assignment issue count, and orphaned-assignment count appear before raw metadata
- one primary next action is visible when degraded truth exists
3. Verify backup-items relation truth
Within the same backup-set detail page, confirm the relation table shows:
- snapshot mode per item
- assignment capture issue truth per item
- orphaned-assignment truth per item
- current inspect model and action placement remain unchanged
4. Verify policy-version list and detail truth
Open /admin/t/{tenant}/policy-versions and confirm:
- metadata-only versions are visible at scan speed in the list itself
- full-payload and degraded versions are distinguishable without hovering disabled actions
Open a degraded policy version and confirm:
- an explicit backup-quality section appears on the detail surface
- the page explains degraded input quality without claiming safe restore or meaningful rollback certainty
5. Verify restore-selection truth before risk checks
Open /admin/t/{tenant}/restore-runs/create and confirm:
- step 1 backup-set choices expose degraded input before the wizard reaches checks or preview
- step 2 item descriptions expose metadata-only and assignment-quality truth before risk checks run
- the page still treats backup quality as input truth, not restore safety approval
6. Verify RBAC-safe truth visibility
Repeat the list and detail checks as a user with TENANT_VIEW but without restore permission and confirm:
- backup-quality truth remains visible
- restore entry points remain unavailable or disabled with the current RBAC behavior
- non-members still receive deny-as-not-found behavior rather than resource hints
Non-Regression Checks
Confirm the feature did not change:
- tenant route identity for backup, version, or restore pages
- current archive, restore, force-delete, or remove confirmation behavior
- existing restore-safety blocking behavior for metadata-only input
- existing assignment capture semantics and orphaned-assignment detection
- current global asset registration and deployment requirements
Formatting And Final Verification
Before finalizing implementation work:
vendor/bin/sail bin pint --dirty --format agent
Then rerun the smallest affected test set and offer the full suite only after the focused backup-quality pack passes.
Close the feature only after manual validation confirms:
- an operator can identify degraded versus full-looking backup input within 10 seconds on backup-set list and detail surfaces
- the first restore selection step exposes weak inputs before risk-check work begins
- reduced-permission users still see truthful quality signals without gaining restore capability