Summary: Wire Exchange PowerShell evidence capture through Spec 435 structured envelopes, target normalizers, and hash builder for transportRule, remoteDomain, and inboundConnector; preserve append-only internal content-backed evidence with fail-closed readiness, output, identity, and redaction behavior; add Spec 436 artifacts and focused coverage. Validation: php artisan test --filter=Spec436 --compact PASS, 28 tests / 307 assertions; git diff --cached --check PASS before commit. Product/Ops: Livewire v4 unchanged; provider registration unchanged under apps/platform/bootstrap/providers.php; global search unchanged; no destructive/high-impact actions; no assets/browser/UI/deployment impact. Co-authored-by: Ahmed Darrazi <ahmed.darrazi@live.de> Reviewed-on: #503
15 KiB
15 KiB
Tasks: Exchange Content-Backed Evidence Promotion Slice 1
Input: Design documents from specs/436-exchange-content-backed-evidence-promotion-slice-1/
Prerequisites: spec.md, plan.md, checklists/requirements.md
Tests: Required. Runtime behavior changes must be covered with Pest 4 Unit and Feature tests. Browser proof is N/A - no rendered UI surface changed.
Test Governance Checklist
- Lane assignment is named and is the narrowest sufficient proof for the changed behavior.
- New or changed tests stay in the smallest honest family, and any heavy-governance or browser addition is explicit.
- Shared helpers, factories, seeds, fixtures, and context defaults stay cheap by default; any widening is isolated or documented.
- Planned validation commands cover the change without pulling in unrelated lane cost.
- Browser proof is explicitly
N/A - no rendered UI surface changed. - Human Product Sanity and Product Surface implementation-report close-out are planned as N/A.
- Any material budget, baseline, trend, or escalation note is recorded in the implementation report.
Phase 0 - Preflight
- T001 Capture branch, HEAD, and
git status --shortinimplementation-report.md. - T002 Confirm Spec 435 PASS/merge-ready and record prerequisite proof from
specs/435-exchange-structured-output-target-normalizer-readiness/implementation-report.md. - T003 Confirm Specs 430-434 are completed read-only context and are not edited.
- T004 Confirm target types are exactly
transportRule,remoteDomain, andinboundConnector. - T005 Confirm evidence model uses existing
tenant_configuration_resourcesandtenant_configuration_resource_evidence. - T006 Confirm OperationRun owner is
tenant_configuration.captureand invocation operation remains runner truth only. - T007 Confirm no UI/routes/jobs/schedules/listeners/migration/tenant_id/target-expansion scope.
Phase 1 - Tests First: Adapter Wiring
- T008 Add or update focused unit tests proving the Exchange adapter creates a Spec 435
ExchangePowerShellStructuredOutputEnvelopebefore evidence append. - T009 Add or update unit tests proving
ExchangePowerShellEvidenceNormalizerdispatches target-specific normalizers for all three targets. - T010 Add static/behavioral tests proving
GenericPayloadNormalizeris not used for Exchange evidence promotion. - T011 Add static/behavioral tests proving
ExchangeTeamsComparablePayloadNormalizeris not used for Exchange evidence promotion. - T012 Add tests proving the generic Graph capture path remains intact and is not routed through Exchange-specific promotion.
Phase 2 - Adapter Normalizer Wiring
- T013 Update
ExchangePowerShellEvidenceCaptureAdapterto use Spec 435 structured envelope for accepted runner output. - T014 Update the adapter to use
ExchangeTransportRuleEvidenceNormalizerthroughExchangePowerShellEvidenceNormalizerfortransportRule. - T015 Update the adapter to use
ExchangeRemoteDomainEvidenceNormalizerthroughExchangePowerShellEvidenceNormalizerforremoteDomain. - T016 Update the adapter to use
ExchangeInboundConnectorEvidenceNormalizerthroughExchangePowerShellEvidenceNormalizerforinboundConnector. - T017 Update the adapter to use
ExchangePowerShellHashInputBuilderfor persisted payload hashes. - T018 Remove or bypass the adapter's Exchange write-time dependency on
GenericPayloadNormalizer. - T019 Remove or bypass the adapter's Exchange write-time dependency on
ExchangeTeamsComparablePayloadNormalizer.
Phase 3 - OperationRun Ownership And Context
- T020 Ensure evidence append requires
OperationRunType::TenantConfigurationCapture. - T021 Add tests proving
OperationRunType::TenantConfigurationExchangePowerShellInvocationcannot own evidence. - T022 Confirm no new OperationRun type is added.
- T023 Keep OperationRun context safe and exclude raw payload, normalized payload, stdout, stderr, transcript, normalizer preview, hash preview, credential material, and provider response body.
- T024 Use existing allowed
OperationSummaryKeysonly, or stop and amend the spec before adding keys.
Phase 4 - transportRule Evidence Capture
- T025 Add focused tests where successful fake
Get-TransportRulecapture creates one resource row and one evidence row. - T026 Assert
raw_payloadis persisted only intenant_configuration_resource_evidence. - T027 Assert target-specific normalized payload is persisted.
- T028 Assert deterministic payload hash is persisted.
- T029 Assert
operation_run_id,workspace_id,managed_environment_id, andprovider_connection_idare linked. - T030 Assert coverage remains
content_backedonly, claim state remains internal-only/customer-blocked, and persistedcapture_outcomeuses an existing repo-allowed value.
Phase 5 - remoteDomain Evidence Capture
- T031 Add focused tests where successful fake
Get-RemoteDomaincapture creates content-backed evidence with stable source identity. - T032 Assert domain-only identity blocks with no writer call and no evidence row.
- T033 Assert display-only identity blocks with no writer call and no evidence row.
- T034 Assert duplicate identity blocks with no evidence row.
- T035 Assert conflicting identity blocks with no evidence row.
- T036 Assert raw payload, normalized payload, deterministic hash, OperationRun link, repo-allowed persisted
capture_outcome, and content-backed-only state for successful stable identity.
Phase 6 - inboundConnector Evidence Capture
- T037 Add focused tests where successful fake
Get-InboundConnectorcapture creates content-backed evidence with stable connector identity. - T038 Assert missing connector identity blocks with no evidence row.
- T039 Assert duplicate identity blocks with no evidence row.
- T040 Assert protected config sentinels do not enter OperationRun context/logs/summaries.
- T041 Assert raw payload, normalized payload, deterministic hash, OperationRun link, repo-allowed persisted
capture_outcome, and content-backed-only state for successful stable identity.
Phase 7 - Append-Only Evidence
- T042 Add feature tests proving existing evidence is not overwritten.
- T043 Add feature tests proving a second successful capture inserts a new evidence row.
- T044 Assert
latest_evidence_id,latest_payload_hash, andlatest_captured_atupdate according to repo pattern. - T045 Assert prior payload hash and payload columns are not mutated.
Phase 8 - Hash Determinism
- T046 Add unit tests proving the same material normalized payload produces the same hash.
- T047 Add unit tests proving material changes change the hash.
- T048 Add unit tests proving volatile changes do not change the hash.
- T049 Add unit tests proving provider ordering does not change hash when order is not meaningful.
- T050 Assert target type, source surface, command contract, payload shape version, and normalizer version participate in hash input according to Spec 435.
Phase 9 - Readiness Failure Blocking
- T051 Add tests proving missing credential readiness blocks with no evidence.
- T052 Add tests proving client-secret readiness blocks with no evidence.
- T053 Add tests proving missing permission readiness blocks with no evidence.
- T054 Add tests proving stale permission evidence blocks with no evidence.
- T055 Add tests proving wrong-scope permission evidence blocks with no evidence.
- T056 Add tests proving runtime readiness failure blocks with no evidence.
- T057 Add tests proving provider scope failure and unsupported provider capability both block with no evidence.
Phase 10 - Output Failure Blocking
- T058 Add tests proving authentication failure blocks with no evidence.
- T059 Add tests proving authorization/permission failure blocks with no evidence.
- T060 Add tests proving source unavailable blocks with no evidence.
- T061 Add tests proving malformed output blocks with no evidence.
- T062 Add tests proving scalar output blocks with no evidence.
- T063 Add tests proving warning-prefixed output blocks with no evidence.
- T064 Add tests proving binary/non-UTF8 output blocks with no evidence.
- T065 Add tests proving oversized output blocks with no evidence.
- T066 Add tests proving non-zero exit blocks with no evidence.
- T067 Add tests proving timeout blocks with no evidence and failure outcomes do not persist adapter-only outcome labels outside existing repo-allowed evidence values.
Phase 11 - Identity Blocking
- T068 Add tests proving missing identity blocks.
- T069 Add tests proving duplicate identity blocks.
- T070 Add tests proving conflicting identity blocks.
- T071 Add tests proving display-name-only blocks.
- T072 Add tests proving derived-only unproven identity blocks.
- T073 Assert the writer is not called on unsafe identity.
Phase 12 - Empty Collection Policy
- T074 Add tests proving empty collection produces zero-item summary.
- T075 Assert empty collection creates no resource row.
- T076 Assert empty collection creates no evidence row.
- T077 Assert permission denied and source unavailable are not treated as empty.
- T078 Assert malformed output and partial output are not treated as empty or success.
Phase 13 - Redaction
- T079 Add tests proving raw payload exists only in evidence storage.
- T080 Add tests proving OperationRun context is sanitized.
- T081 Add tests proving no raw stdout/stderr in context.
- T082 Add tests proving no normalizer/hash preview in context.
- T083 Add tests proving no credential material in context/logs/results.
- T084 Add tests proving no provider payload in summaries.
- T085 Add guard/static tests proving no customer output path is touched.
Phase 14 - Content-Only Guard And No Promotion
- T086 Assert coverage max level is
content_backed. - T087 Assert no comparable state.
- T088 Assert no renderable state.
- T089 Assert no certified state.
- T090 Assert no restore-ready state.
- T091 Assert no customer-ready/customer-claimable state.
Phase 15 - No Product Surface / Trigger
- T092 Add or update guard tests proving no route changed or added.
- T093 Add or update guard tests proving no Filament page/resource/widget changed or added.
- T094 Add or update guard tests proving no Livewire component changed or added.
- T095 Add or update guard tests proving no navigation, asset, global search, or provider registration change.
- T096 Add or update guard tests proving no destructive UI action exists.
- T097 Add or update guard tests proving no job, schedule, listener, console trigger, report, Review Pack, or PDF output was added.
- T098 Record browser proof as
N/A - no rendered UI surface changed.
Phase 16 - No Tenant / Mini-Platform
- T099 Assert no
tenant_idownership column/path is introduced. - T100 Assert no Exchange-specific evidence table exists.
- T101 Assert no Exchange dashboard, legacy shim, fallback reader, or separate Exchange mini-platform exists.
- T102 Assert no migration file was added.
Phase 17 - Regression Tests
- T103 Run Spec 435 regression tests.
- T104 Run Spec 434 regression tests.
- T105 Run Spec 433 regression tests.
- T106 Run Spec 432 regression tests.
- T107 Run Spec 431 regression tests.
- T108 Run Spec 430 regression tests.
- T109 Run Spec 415 regression tests.
- T110 Run Spec 417 regression tests.
- T111 Run Spec 419 regression tests if available.
- T112 Run Spec 420 regression tests.
- T113 Run Spec 426 regression tests.
- T114 Run Spec 427 regression tests.
- T115 Run
ProviderCapabilityRegistryTestor repo equivalent.
Phase 18 - Validation
- T116 Run
cd apps/platform && ./vendor/bin/sail bin pint --dirty --format agentor document fallback if Sail fails. - T117 Run
cd apps/platform && ./vendor/bin/sail artisan test --filter=Spec436 --compactor document fallback if Sail fails. - T118 Run
cd apps/platform && ./vendor/bin/sail artisan test --filter=Spec435 --compactor document fallback if Sail fails. - T119 Run
cd apps/platform && ./vendor/bin/sail artisan test --filter=Spec434 --compactor document fallback if Sail fails. - T120 Run
cd apps/platform && ./vendor/bin/sail artisan test --filter=Spec433 --compactor document fallback if Sail fails. - T121 Run
cd apps/platform && ./vendor/bin/sail artisan test --filter='Spec432|Spec431|Spec430' --compactor document fallback if Sail fails. - T122 Run
cd apps/platform && ./vendor/bin/sail artisan test --filter='Spec415|Spec417|Spec419|Spec420|Spec426|Spec427' --compactor document fallback if Sail fails. - T123 Run
cd apps/platform && ./vendor/bin/sail artisan test --filter='ProviderCapabilityRegistryTest|ProviderCapabilityEvaluationTest' --compactor document fallback if Sail fails. - T124 Run
git diff --check. - T125 Run
git status --short.
Phase 19 - Implementation Report
- T126 Record candidate gate result.
- T127 Record branch, HEAD, and dirty state before/after.
- T128 Record files changed.
- T129 Record Spec 435 prerequisite proof.
- T130 Complete target type outcomes matrix.
- T131 Record OperationRun proof.
- T132 Record evidence persistence proof, including persisted
capture_outcomevalue proof. - T133 Record append-only and latest pointer proof.
- T134 Record raw payload location proof.
- T135 Record structured envelope proof.
- T136 Record normalizer integration proof.
- T137 Record hash proof.
- T138 Record identity proof.
- T139 Record credential/permission/runtime readiness proof.
- T140 Record failure blocking proof.
- T141 Record redaction proof.
- T142 Record no
GenericPayloadNormalizerproof. - T143 Record no
ExchangeTeamsComparablePayloadNormalizerproof. - T144 Record no Graph gateway/fake endpoint proof.
- T145 Record no promotion/restore/customer proof.
- T146 Record no UI/trigger proof.
- T147 Record no
tenant_idand no mini-platform proof. - T148 Record tests run and deferred work.
Dependencies And Ordering
- T001-T007 must complete before runtime edits.
- T008-T012 should be written before T013-T019.
- T020-T024 must pass before evidence persistence tasks are considered complete.
- Target-specific phases can be worked independently after adapter wiring, but append-only/no-promotion validations must run after all successful-target paths exist.
- Phase 17-19 are final validation and report tasks.
Parallelization Notes
- Unit tests for hash determinism, identity blockers, and target normalizers can run in parallel if they touch separate files.
- Feature tests for each target can run in parallel after shared fixtures are in place.
- No UI/browser work is parallelizable because it is out of scope.