ahmido/TenantAtlas
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects 1 Releases Wiki Activity
332f6325cb
TenantAtlas/specs/414-tcm-first-coverage-core-cutover/plan.md
ahmido dfda397eb6 feat: migrate tcm first coverage core cutover (#481) 
Automated PR provided by Codex via Gitea API.

Co-authored-by: Ahmed Darrazi <ahmed.darrazi@live.de>
Reviewed-on: #481
2026-06-25 12:54:56 +00:00

282 lines
18 KiB
Markdown
Raw Blame History

# Implementation Plan: Spec 414 - TCM-First Coverage v2 Kernel
**Branch**: `414-tcm-first-coverage-core-cutover` | **Date**: 2026-06-25 | **Spec**: `specs/414-tcm-first-coverage-core-cutover/spec.md`
**Input**: Patched feature specification from `/specs/414-tcm-first-coverage-core-cutover/spec.md`
## Summary
Introduce the inactive Coverage v2 kernel required for later hard cutover. This slice adds value families, minimal persistence, initial resource type registry, supported-scope contract, source-class model, claim guard, provider provenance rules, and focused tests.
Coverage v2 is not activated as customer-facing or operator-facing truth in this spec. Existing v1 runtime coverage remains active until a later explicit cutover spec. No v1-to-v2 compatibility adapter, dual write, fallback reader, old snapshot promotion, or customer-facing dual truth is allowed.
## Technical Context
**Language/Version**: PHP 8.4.15, Laravel 12.52
**Primary Dependencies**: Filament 5.2.1, Livewire 4.1.4, Pest 4.3.1, PostgreSQL via Laravel Sail/Dokploy
**Storage**: PostgreSQL; JSONB for supported-scope denominator lists and metadata only where the kernel needs structured definitions, plus optional evidence/resource payloads only if those optional tables are introduced
**Testing**: Pest unit/feature tests; PostgreSQL lane when schema constraints or JSONB behavior require it
**Validation Lanes**: fast-feedback, confidence, pgsql when needed
**Target Platform**: Laravel monolith in `apps/platform`
**Project Type**: web application / backend kernel only for this slice
**Performance Goals**: registry/scope/claim guard evaluation is deterministic and local; no remote/provider calls
**Constraints**: inactive kernel only, no rendered UI changes, no `tenant_id`, same-scope `provider_connection_id`, no compatibility shims, no Graph/TCM calls, no OperationRun-producing workflow by default
**Scale/Scope**: initial required resource type entries and supported-scope contract only; catalog expansion and activation deferred
## UI / Surface Guardrail Plan
- **Guardrail scope**: no operator-facing surface change.
- **Affected routes/pages/actions/states/navigation/panel/provider surfaces**: N/A.
- **No-impact class, if applicable**: backend/domain-kernel only.
- **Native vs custom classification summary**: N/A.
- **Shared-family relevance**: future activation will touch status/evidence/report families; this spec does not.
- **State layers in scope**: domain kernel state only.
- **Audience modes in scope**: N/A.
- **Decision/diagnostic/raw hierarchy plan**: N/A for rendered UI.
- **Raw/support gating plan**: N/A.
- **One-primary-action / duplicate-truth control**: no UI action introduced; Coverage v2 must not become parallel product truth.
- **Handling modes by drift class or surface**: hard-stop if runtime UI changes are needed before spec amendment.
- **Repository-signal treatment**: old v1 runtime terms are context only; broad removal is deferred.
- **Special surface test profiles**: `N/A - no rendered UI surface changed`.
- **Required tests or manual smoke**: unit and feature tests for kernel behavior.
- **Exception path and spread control**: none.
- **Active feature PR close-out entry**: Kernel / No UI / No dual truth.
- **UI/Productization coverage decision**: No UI surface impact.
- **Coverage artifacts to update**: none.
- **No-impact rationale**: the spec creates inactive persistence/services only.
- **Navigation / Filament provider-panel handling**: no panel provider or navigation change.
- **Screenshot or page-report need**: no.
## Product Surface Contract Plan
- **Product Surface Contract reference**: `docs/product/standards/product-surface-contract.md`.
- **No-legacy posture**: inactive kernel plus later hard cutover; no compatibility adapter.
- **Page archetype and surface budget plan**: N/A - no rendered product surface changed.
- **Technical Annex and deep-link demotion plan**: N/A.
- **Canonical status vocabulary plan**: N/A for rendered UI.
- **Product Surface exceptions**: none.
- **Browser verification plan**: `N/A - no rendered UI surface changed`.
- **Human Product Sanity plan**: workflow sanity in implementation report; no rendered-page review.
- **Visible complexity outcome target**: neutral; no visible product surface change.
- **Implementation report target**: `specs/414-tcm-first-coverage-core-cutover/implementation-report.md`.
## Filament / Livewire / Deployment Posture
- **Livewire v4 compliance**: Livewire 4.1.4 confirmed. No Livewire UI changes planned.
- **Panel provider registration location**: no panel provider change. Laravel 12 panel providers remain in `apps/platform/bootstrap/providers.php`.
- **Global search posture**: no Filament resource/global search change planned.
- **Destructive/high-impact action posture**: no destructive or high-impact action introduced.
- **Asset strategy**: no new assets; `filament:assets` not required by this spec.
- **Testing plan**: unit tests for fixed value families/registry/scope/claim guard; feature tests for deterministic upsert-safe platform-seeded definitions, persistence seed/defaults, claim guard behavior, same-scope provider connection validation where optional concrete tables store `provider_connection_id`, and no-`tenant_id` schema proof.
- **Deployment impact**: migrations for required kernel tables; no env vars, queue worker requirement, scheduler change, storage volume change, or asset deployment step by default.
## Shared Pattern & System Fit
- **Cross-cutting feature marker**: yes, but kernel-only.
- **Systems touched**: new Coverage v2 domain namespace, migrations/models/factories for required kernel tables, registry/scope/claim services.
- **Shared abstractions reused**: Laravel models/migrations/factories, existing workspace and managed-environment relationships, existing provider connection model, Pest conventions.
- **New abstraction introduced? why?**: ResourceTypeRegistry, SupportedScopeResolver, and ClaimGuard are introduced because supported-scope and claim boundaries must be deterministic before UI/runtime activation.
- **Why the existing abstraction was sufficient or insufficient**: v1 inventory/baseline coverage abstractions remain active but cannot express Coverage v2 source class, beta/fallback inclusion, exact scope claims, or no-`tenant_id` ownership.
- **Bounded deviation / spread control**: v2 kernel must not be consumed by product surfaces until later activation spec.
## OperationRun UX Impact
- **Touches OperationRun start/completion/link UX?**: no.
- **Central contract reused**: N/A.
- **Delegated UX behaviors**: N/A.
- **Surface-owned behavior kept local**: N/A.
- **Queued DB-notification policy**: N/A.
- **Terminal notification path**: N/A.
- **Exception path**: none.
No remote TCM/Graph capture is implemented in Spec 414. No OperationRun-producing workflow is introduced unless a future amendment adds an operational command/job. OperationRun-backed capture/evaluation is deferred to Generic Content-Backed Capture.
## Provider Boundary & Portability Fit
- **Shared provider/platform boundary touched?**: yes.
- **Provider-owned seams**: Microsoft TCM source class, Graph v1 fallback source class, Graph beta experimental source class, provider-native IDs as source metadata.
- **Platform-core seams**: resource type, source class, workload, resource class, support state, coverage level, evidence state, identity state, claim state, supported scope.
- **Neutral platform terms / contracts preserved**: provider, source class, managed environment, supported scope, claim guard.
- **Retained provider-specific semantics and why**: `tcm`, `graph_v1_fallback`, and `graph_beta_experimental` remain because this is a TCM-first kernel.
- **Bounded extraction or follow-up path**: follow-up specs own catalog expansion, identity engine, capture, and activation.
## Constitution Check
*GATE: Must pass before implementation. Re-check after design.*
- Inventory-first / snapshots-second: PASS. This spec creates inactive registry/scope kernel, not active snapshot truth.
- Read/write separation: PASS. No remote write/change action.
- Single Graph contract path: PASS. No Graph calls in this spec.
- Deterministic capabilities: PASS. Claim/scope rules are deterministic and test-backed.
- Proportionality: PASS. The previous full cutover was too broad; this patch narrows to minimum kernel.
- No premature abstraction: PASS with justified exception. Registry/scope/claim guard are required for claim safety before activation.
- Persisted truth: PASS. Required tables represent kernel source-of-truth definitions, not UI convenience.
- Behavioral state: PASS. States affect future claim eligibility and testable guard behavior.
- UI semantics: PASS. No UI framework or rendered UI changes.
- Product Surface Contract: PASS. No runtime UI surface impact; stop-and-amend rule applies.
- Workspace isolation: PASS. Kernel ownership uses `workspace_id` and `managed_environment_id` where environment-owned records exist.
- Tenant isolation: PASS in current terminology; no `tenant_id` ownership column is introduced.
- Provider boundary: PASS. Provider-native tenant/directory/account IDs stay metadata only.
- OperationRun UX: PASS. No OperationRun workflow introduced.
- Test governance: PASS. Unit/feature/pgsql lanes are sufficient for kernel behavior.
- LEAN-001: PASS. No compatibility shim, fallback reader, dual write, or legacy alias.
## Test Governance Check
- **Test purpose / classification by changed surface**: Unit for pure kernel decisions; Feature for persistence/seed/schema/scope behavior; PostgreSQL for JSONB/composite constraint proof when needed.
- **Affected validation lanes**: fast-feedback, confidence, pgsql when schema adds JSONB fields, composite foreign keys, partial unique indexes, same-scope provider constraints, or other PostgreSQL-specific behavior.
- **Why this lane mix is the narrowest sufficient proof**: no rendered UI, browser, OperationRun, or remote provider workflow exists in this slice.
- **Narrowest proving command(s)**:
- `cd apps/platform && ./vendor/bin/sail artisan test --compact tests/Unit/Support/TenantConfiguration`
- `cd apps/platform && ./vendor/bin/sail artisan test --compact tests/Feature/TenantConfiguration`
- `cd apps/platform && ./vendor/bin/sail php vendor/bin/pest -c phpunit.pgsql.xml tests/Feature/TenantConfiguration` if migrations add JSONB fields, composite foreign keys, partial unique indexes, same-scope provider constraints, or other PostgreSQL-specific behavior
- `git diff --check`
- **Fixture / helper / factory / seed / context cost risks**: new Coverage v2 factories must stay opt-in.
- **Expensive defaults or shared helper growth introduced?**: no.
- **Heavy-family additions, promotions, or visibility changes**: none by default.
- **Surface-class relief / special coverage rule**: `N/A - no rendered UI surface changed`.
- **Closing validation and reviewer handoff**: verify no UI wiring, no `tenant_id`, no v1 translator, no compatibility shim, correct source classes, exact scope claim guard, same-scope provider connection validation.
- **Budget / baseline / trend follow-up**: document in implementation report if test runtime materially increases.
- **Review-stop questions**: did kernel stay inactive; did scope creep into UI/capture/legacy removal; did provider-native ID become ownership truth.
- **Escalation path**: document-in-feature.
- **Active feature PR close-out entry**: Kernel / No UI / No dual truth.
- **Why no dedicated follow-up spec is needed**: this spec is the prerequisite kernel. Activation/capture/cutover follow-ups are listed separately.
## Project Structure
### Documentation (this feature)
```text
specs/414-tcm-first-coverage-core-cutover/
├── checklists/requirements.md
├── plan.md
├── spec.md
└── tasks.md
```
### Source Code (repository root)
Likely implementation surfaces:
```text
apps/platform/app/Support/TenantConfiguration/
├── ClaimState.php
├── CoverageLevel.php
├── EvidenceState.php
├── IdentityState.php
├── ResourceClass.php
├── SourceClass.php
├── SupportState.php
└── Workload.php
apps/platform/app/Services/TenantConfiguration/
├── ClaimGuard.php
├── ResourceTypeRegistry.php
└── SupportedScopeResolver.php
apps/platform/app/Models/
├── TenantConfigurationResourceType.php
└── TenantConfigurationSupportedScope.php
apps/platform/database/migrations/
└── *_create_tenant_configuration_kernel_tables.php
apps/platform/database/factories/
└── TenantConfiguration*.php
apps/platform/tests/Unit/Support/TenantConfiguration/
apps/platform/tests/Feature/TenantConfiguration/
```
Optional only if implementation proves they are needed for tests or clean service boundaries:
```text
apps/platform/app/Models/TenantConfigurationResource.php
apps/platform/app/Models/TenantConfigurationResourceEvidence.php
```
**Structure Decision**: Use existing Laravel monolith conventions. No new base folder outside established `app/Support`, `app/Services`, `app/Models`, `database`, and `tests` structure.
## Complexity Tracking
| Violation | Why Needed | Simpler Alternative Rejected Because |
|---|---|---|
| New kernel persistence | Registry/scope definitions must be queryable and testable before activation | Config-only definitions would not prove schema ownership and provider provenance |
| New enum/state families | Claim guard needs explicit behavioral boundaries | Reusing v1 gap terms would preserve wrong semantics |
| New registry/scope/claim services | Exact scope claims must be programmatically blocked or allowed | UI copy rules cannot prevent future overclaims |
## Proportionality Review
- **Current operator problem**: later Coverage v2 activation must not overclaim customer coverage.
- **Existing structure is insufficient because**: v1 coverage does not encode source class, exact supported scope, beta/fallback rules, or claim guard eligibility.
- **Narrowest correct implementation**: inactive value families, required kernel tables, initial registry entries, supported-scope resolver, claim guard, tests.
- **Ownership cost created**: domain namespace, migrations/models, services, factories, tests, implementation report.
- **Alternative intentionally rejected**: full cutover in Spec 414; v1-to-v2 compatibility mapping; label-only UI rewrite.
- **Release truth**: current-release kernel needed before later activation.
## Implementation Phases
### Phase 0 - Preflight
- Capture branch, HEAD, and dirty state.
- Confirm constitution ownership alignment.
- Confirm only active spec artifacts were patched during preparation.
- Confirm no UI/capture/OperationRun/legacy-removal scope remains in Spec 414 implementation tasks.
### Phase 1 - Kernel Value Families
- Add value objects/enums for source class, workload, resource class, support state, coverage level, evidence state, identity state, claim state, and restore tier only if needed for claim guard.
- Keep allowed values fixed to the spec-defined kernel list: source classes `tcm`, `graph_v1_fallback`, `graph_beta_experimental`; workload `intune`; resource class `configuration`; and the explicitly listed support, coverage, evidence, identity, claim, and optional restore-tier values.
- Keep labels internal/domain-level, not product-facing UI vocabulary.
### Phase 2 - Minimal Kernel Persistence
- Add required kernel tables: `tenant_configuration_resource_types` and `tenant_configuration_supported_scopes`.
- Treat required kernel tables as platform-seeded definition tables, not workspace/environment/provider-connection-owned records.
- Enforce deterministic uniqueness: `(canonical_type, source_class)` for resource types and `scope_key` for supported scopes.
- Keep seed/migration behavior upsert-safe so re-running the kernel setup cannot duplicate definitions.
- Add optional resource/evidence tables only if implementation proves they are needed for tests or clean service boundaries.
- Enforce no `tenant_id`.
- Enforce `workspace_id` and `managed_environment_id` where environment-owned rows exist.
- Enforce same-scope `provider_connection_id` where provider provenance is stored in optional concrete resource/evidence rows; required kernel definition tables must not store `provider_connection_id`.
### Phase 3 - Initial Registry And Supported Scope
- Seed required initial resource type entries.
- Classify TCM, Graph v1 fallback, and Graph beta experimental source classes.
- Add supported-scope denominator/minimum-level rules.
- Exclude beta by default and include fallback only when allowed by scope.
### Phase 4 - Claim Guard
- Block unscoped 100% claims.
- Block beta certification by default.
- Block restore claims where resource type is not restorable.
- Block customer-facing claims for incomplete supported scopes.
- Allow only exact scope + level claims.
### Phase 5 - Tests And Validation
- Add focused unit tests.
- Add focused feature tests.
- Add PostgreSQL-specific tests when schema constraints or JSONB require PostgreSQL proof.
- Write implementation report.
- Run Pint, focused tests, optional pgsql lane, and `git diff --check`.
## Rollout And Deployment Considerations
- Staging validation is mandatory before production.
- Migrations introduce inactive kernel tables only.
- No env vars are planned.
- No queue worker, scheduler, storage volume, or asset deployment change is planned.
- No `filament:assets` requirement unless a future amendment adds registered assets.
- Supply-chain remediation, if still open, remains a release/pilot gate outside this spec.
## Risk Controls
- Stop if implementation requires rendered UI changes.
- Stop if implementation requires remote TCM/Graph capture.
- Stop if implementation requires OperationRun-backed evaluation.
- Stop if `tenant_id` appears in Coverage v2 ownership fields.
- Stop if v1-to-v2 compatibility adapter, dual write, or fallback reader appears.
- Stop if old gap taxonomy becomes Coverage v2 runtime truth.
Reference in New Issue View Git Blame Copy Permalink