ahmido/TenantAtlas
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects 1 Releases Wiki Activity
40a33cdc15
TenantAtlas/specs/280-workspace-tenancy-environment-routing/tasks.md
Ahmed Darrazi 40a33cdc15
Some checks failed
PR Fast Feedback / fast-feedback (pull_request) Failing after 1m35s
Details
spec: prepare workspace tenancy environment routing cutover
2026-05-07 12:12:39 +02:00

26 KiB
Raw Blame History

description
Task list for Filament Workspace Tenancy & Environment Routing Cutover

Tasks: Filament Workspace Tenancy & Environment Routing Cutover

Input: Design documents from specs/280-workspace-tenancy-environment-routing/
Prerequisites: specs/280-workspace-tenancy-environment-routing/spec.md, specs/280-workspace-tenancy-environment-routing/plan.md, specs/280-workspace-tenancy-environment-routing/checklists/requirements.md, specs/280-workspace-tenancy-environment-routing/research.md, specs/280-workspace-tenancy-environment-routing/data-model.md, specs/280-workspace-tenancy-environment-routing/quickstart.md, specs/280-workspace-tenancy-environment-routing/contracts/workspace-tenancy-environment-routing.logical.openapi.yaml

Tests: REQUIRED (Pest). Keep proof bounded to apps/platform/tests/Feature/Workspace/WorkspaceFilamentTenancyCutoverTest.php, apps/platform/tests/Feature/ManagedEnvironment/WorkspaceFirstEnvironmentRoutingTest.php, apps/platform/tests/Feature/Monitoring/WorkspaceOperationsEnvironmentContextTest.php, apps/platform/tests/Feature/Navigation/WorkspaceEnvironmentBreadcrumbsTest.php, apps/platform/tests/Feature/Guards/LegacyAdminTenantRouteRemovalGuardTest.php, and apps/platform/tests/Browser/Spec280WorkspaceTenancyEnvironmentRoutingSmokeTest.php.
Operations: No new OperationRun family. Reuse apps/platform/app/Support/OperationRunLinks.php, apps/platform/app/Support/Navigation/RelatedNavigationResolver.php, and apps/platform/app/Filament/Pages/Monitoring/Operations.php for workspace-first operations route ownership.
RBAC: Workspace membership remains the first 404 boundary, managed-environment access remains the second 404 boundary, and in-scope capability denials stay 403.
Shared Pattern Reuse: Reuse WorkspaceOverviewBuilder, TenantDashboardSummaryBuilder, ManagedTenantsLanding, ChooseTenant, WorkspaceRedirectResolver, OperationRunLinks, and RelatedNavigationResolver. Do not add compatibility routes, dual-panel fallbacks, or replacement dashboards.
Filament / Panel Guardrails: Filament remains v5 on Livewire v4. Provider registration remains in apps/platform/bootstrap/providers.php. Workspace becomes the only Filament tenant for operator routing. Any touched searchable resource must keep a valid view/edit destination or disable global search in the same slice. Any touched destructive action must preserve ->requiresConfirmation() plus current server authorization. Asset strategy stays unchanged.
Compatibility Posture: Reject /admin/t compatibility routes, /admin/tenants/{environment} aliases, redirect shims, dual-panel ownership, and hidden route fallbacks. Keep Specs 281 through 287 deferred.
Organization: Tasks are grouped by user story so panel tenancy, workspace-first environment routing, workspace-first operations routing, dashboard/context rebinding, and search/legacy guardrails remain independently testable.
Review Outcome: implementation-ready
Workflow Outcome: keep
Test-governance Outcome: keep

Test Governance Checklist

  • Lane assignment stays fast-feedback, confidence, and one narrow browser lane.
  • New or changed tests stay in the smallest honest families under apps/platform/tests/Feature/ plus one browser smoke file only.
  • Workspace and managed-environment fixtures remain explicit; no compatibility fixtures, dual-panel defaults, or hidden route fallbacks become shared setup.
  • Planned validation commands match spec.md, plan.md, and quickstart.md exactly.
  • standard-native-filament, global-context-shell, and monitoring-state-page expectations stay explicit for touched surfaces.
  • Any attempt to absorb Specs 281 through 287 resolves as split or reject-or-split, not hidden scope.

Phase 1: Setup (Shared Context)

Purpose: Confirm the bounded cutover inventory, the proving files, and the explicit no-compatibility posture before runtime edits begin.

  • T001 Review specs/280-workspace-tenancy-environment-routing/spec.md, plan.md, checklists/requirements.md, research.md, data-model.md, quickstart.md, and contracts/workspace-tenancy-environment-routing.logical.openapi.yaml together so implementation stays on Spec 280 only.
  • T002 [P] Confirm the current panel-provider and registration seams in apps/platform/app/Providers/Filament/AdminPanelProvider.php, apps/platform/app/Providers/Filament/TenantPanelProvider.php, and apps/platform/bootstrap/providers.php before changing operator tenancy.
  • T003 [P] Confirm the current entry, chooser, and route-language seams in apps/platform/routes/web.php, apps/platform/app/Filament/Pages/ChooseWorkspace.php, apps/platform/app/Filament/Pages/ChooseTenant.php, apps/platform/app/Filament/Pages/Workspaces/ManagedTenantsLanding.php, and apps/platform/app/Support/Workspaces/WorkspaceRedirectResolver.php.
  • T004 [P] Confirm the current context-classification seams in apps/platform/app/Http/Middleware/EnsureWorkspaceSelected.php, apps/platform/app/Support/Middleware/EnsureFilamentTenantSelected.php, apps/platform/app/Filament/Concerns/ResolvesPanelTenantContext.php, and apps/platform/app/Support/Tenants/TenantPageCategory.php.
  • T005 [P] Confirm the current dashboard and operations link owners in apps/platform/app/Filament/Pages/WorkspaceOverview.php, apps/platform/app/Filament/Pages/TenantDashboard.php, apps/platform/app/Filament/Pages/TenantRequiredPermissions.php, apps/platform/app/Filament/Pages/Monitoring/Operations.php, apps/platform/app/Support/OperationRunLinks.php, and apps/platform/app/Support/Navigation/RelatedNavigationResolver.php.
  • T006 [P] Confirm the touched global-search and deferred-scope surfaces in apps/platform/app/Filament/Resources/Workspaces/WorkspaceResource.php, apps/platform/app/Filament/Resources/TenantResource.php, and specs/280-workspace-tenancy-environment-routing/checklists/requirements.md so Specs 281 through 287 remain explicitly out of scope.

Phase 2: Foundational (Blocking Prerequisites)

Purpose: Establish the proving suite and the shared workspace-first route skeleton that all stories depend on.

Critical: No user-story work should begin until this phase is complete.

  • T007 [P] Add failing coverage in apps/platform/tests/Feature/Workspace/WorkspaceFilamentTenancyCutoverTest.php for Workspace as the only Filament tenant, /admin entry ownership, TenantPanelProvider retirement from public operator routing, and provider registration expectations in apps/platform/bootstrap/providers.php.
  • T008 [P] Add failing coverage in apps/platform/tests/Feature/ManagedEnvironment/WorkspaceFirstEnvironmentRoutingTest.php for /admin/workspaces/{workspace}/environments, /admin/workspaces/{workspace}/environments/{environment}, stale cross-workspace environment clearing, archived-environment exclusion, and wrong-workspace 404 behavior.
  • T009 [P] Add failing coverage in apps/platform/tests/Feature/Monitoring/WorkspaceOperationsEnvironmentContextTest.php for /admin/workspaces/{workspace}/operations, managed_environment_id filtering, Show all environments widening, workspace-safe run detail routes, and hostile filter 404 behavior.
  • T010 [P] Add failing coverage in apps/platform/tests/Feature/Navigation/WorkspaceEnvironmentBreadcrumbsTest.php for workspace-dashboard versus environment-dashboard signal ownership and Workspace -> Managed Environment -> page breadcrumb/context ordering.
  • T011 [P] Add failing guard coverage in apps/platform/tests/Feature/Guards/LegacyAdminTenantRouteRemovalGuardTest.php for /admin/t, /admin/tenants/{environment}/required-permissions, /admin/w/{workspace}/managed-tenants, /admin/operations, /admin/operations/{run}, panel: 'tenant', TenantPanelProvider::class registration in apps/platform/bootstrap/providers.php, compatibility redirects, aliases, dual-panel fallbacks, and the searchable-destination rule for touched resources.
  • T012 [P] Add the narrow browser smoke in apps/platform/tests/Browser/Spec280WorkspaceTenancyEnvironmentRoutingSmokeTest.php for workspace selection, workspace-scoped environment choice, managed-environment dashboard entry, and workspace-operations drillthrough on the surviving admin panel.
  • T013 Establish the one-panel workspace-first route skeleton in apps/platform/app/Providers/Filament/AdminPanelProvider.php, apps/platform/app/Providers/Filament/TenantPanelProvider.php, apps/platform/bootstrap/providers.php, and apps/platform/routes/web.php with no compatibility aliases, redirect shims, or dual-panel fallback.
  • T014 Update apps/platform/app/Filament/Pages/ChooseWorkspace.php and apps/platform/app/Support/Workspaces/WorkspaceRedirectResolver.php so /admin resolves only to workspace selection or /admin/workspaces/{workspace} before story-specific environment routing work begins.

Checkpoint: The proving files exist, /admin entry ownership is workspace-first, and the implementation has a single admin-panel route skeleton to extend.

Phase 3: User Story 1 - Enter an environment without leaving the workspace admin panel (Priority: P1)

Goal: Operators choose a workspace, then open one managed environment through the surviving admin panel and land on the canonical workspace-first environment dashboard.

Independent Test: Select a workspace, open /admin/workspaces/{workspace}/environments, choose one managed environment, and confirm the destination is /admin/workspaces/{workspace}/environments/{environment} while /admin/t/{environment} stays not found.

Tests for User Story 1

  • T015 [P] [US1] Extend apps/platform/tests/Feature/Workspace/WorkspaceFilamentTenancyCutoverTest.php after T013-T014 to prove the public chooser and environment entry stay on the admin panel and direct /admin/t/{environment} requests return 404.
  • T016 [P] [US1] Extend apps/platform/tests/Feature/ManagedEnvironment/WorkspaceFirstEnvironmentRoutingTest.php after T013-T014 to prove chooser submission, managed-environment dashboard resolution, and wrong-workspace route binding remain 404.

Implementation for User Story 1

  • T017 [US1] Rework apps/platform/app/Filament/Pages/ChooseTenant.php and apps/platform/app/Filament/Pages/Workspaces/ManagedTenantsLanding.php so /admin/workspaces/{workspace}/environments is the only public environment chooser and stale cross-workspace remembered environment context is cleared before resolution.
  • T018 [US1] Move managed-environment dashboard and required-permissions route ownership in apps/platform/app/Filament/Pages/TenantDashboard.php, apps/platform/app/Filament/Pages/TenantRequiredPermissions.php, and apps/platform/routes/web.php to /admin/workspaces/{workspace}/environments/{environment} with no /admin/tenants/{environment} compatibility reader.
  • T019 [US1] Update workspace-to-environment URL generation in apps/platform/app/Filament/Pages/ChooseTenant.php, apps/platform/app/Support/Workspaces/WorkspaceRedirectResolver.php, apps/platform/app/Filament/Pages/TenantDashboard.php, and any touched environment page classes under apps/platform/app/Filament/Pages/ so no entry flow emits panel: 'tenant' or /admin/t destinations.

Checkpoint: Workspace selection, environment chooser entry, and managed-environment dashboard routing all stay inside one workspace-first admin panel.

Phase 4: User Story 2 - Move from environment work into workspace operations with explicit scope (Priority: P1)

Goal: Environment dashboards and environment pages open the workspace operations hub through canonical workspace routes while preserving explicit environment context.

Independent Test: From a managed-environment dashboard or touched environment page, open operations and confirm the destination is /admin/workspaces/{workspace}/operations with the correct managed_environment_id filter and workspace-safe back-navigation.

Tests for User Story 2

  • T020 [P] [US2] Extend apps/platform/tests/Feature/Monitoring/WorkspaceOperationsEnvironmentContextTest.php to prove environment dashboards and touched environment pages open /admin/workspaces/{workspace}/operations with explicit managed_environment_id, preserve run-detail ownership under /admin/workspaces/{workspace}/operations/{run}, widen scope only through explicit user action, and keep /admin/operations plus /admin/operations/{run} unavailable.

Implementation for User Story 2

  • T021 [US2] Retarget apps/platform/app/Support/OperationRunLinks.php and apps/platform/app/Support/Navigation/RelatedNavigationResolver.php so operations collection/detail links emit only workspace-first routes with explicit environment filter and return-context data.
  • T022 [US2] Update apps/platform/app/Filament/Pages/Monitoring/Operations.php so workspace collection/detail ownership, managed_environment_id hydration, Show all environments behavior, and hostile filter handling match the new workspace-first route contract.
  • T023 [US2] Update operations entry actions in apps/platform/app/Filament/Pages/TenantDashboard.php, apps/platform/app/Filament/Pages/TenantRequiredPermissions.php, and any touched environment-scoped page classes under apps/platform/app/Filament/Pages/ so they delegate through the shared workspace operations builders instead of local tenant-panel URLs.

Checkpoint: Operations links, run-detail links, and return context are all workspace-canonical while preserving explicit environment scope.

Phase 5: User Story 3 - Read workspace-wide and environment-scoped signals on the correct surfaces (Priority: P2)

Goal: Workspace-wide signals stay on the workspace dashboard, environment-scoped signals stay on the managed-environment dashboard, and breadcrumbs/context bars reflect the new route ownership.

Independent Test: Open /admin/workspaces/{workspace} and /admin/workspaces/{workspace}/environments/{environment} for the same workspace and verify the workspace dashboard shows workspace-wide signals while the environment dashboard stays scoped to one environment with Workspace -> Managed Environment -> page context.

Tests for User Story 3

  • T024 [P] [US3] Extend apps/platform/tests/Feature/Navigation/WorkspaceEnvironmentBreadcrumbsTest.php to prove workspace-wide dashboard signals remain on WorkspaceOverview, environment-scoped signals remain on TenantDashboard, and breadcrumb/context ordering becomes Workspace -> Managed Environment -> page.

Implementation for User Story 3

  • T025 [US3] Rebind apps/platform/app/Filament/Pages/WorkspaceOverview.php and apps/platform/app/Filament/Pages/TenantDashboard.php to the canonical /admin/workspaces/{workspace} and /admin/workspaces/{workspace}/environments/{environment} routes while preserving WorkspaceOverviewBuilder and TenantDashboardSummaryBuilder ownership.
  • T026 [US3] Update apps/platform/app/Http/Middleware/EnsureWorkspaceSelected.php, apps/platform/app/Support/Middleware/EnsureFilamentTenantSelected.php, apps/platform/app/Filament/Concerns/ResolvesPanelTenantContext.php, and apps/platform/app/Support/Tenants/TenantPageCategory.php so workspace-first environment routes are the only active environment-bound language and remembered cross-workspace environment context cannot leak.
  • T027 [US3] Update context bars, breadcrumbs, and chooser/dashboard CTA links in apps/platform/app/Filament/Pages/ChooseTenant.php, apps/platform/app/Filament/Pages/Workspaces/ManagedTenantsLanding.php, apps/platform/app/Filament/Pages/WorkspaceOverview.php, and apps/platform/app/Filament/Pages/TenantDashboard.php so the new route ownership reads Workspace -> Managed Environment -> domain page everywhere this slice touches.

Checkpoint: Workspace dashboard, managed-environment dashboard, and current-context shells all present the correct scope and breadcrumb truth.

Phase 6: User Story 4 - Keep search and authorization truthful after the route cutover (Priority: P3)

Goal: Searchable resources, direct URLs, and legacy-route guards stay truthful after the cutover, with no broken search results and no hidden compatibility routes.

Independent Test: Open touched global-search results and direct workspace/environment URLs, confirm authorized destinations resolve under the workspace-first routes, and confirm /admin/t/{environment} plus /admin/tenants/{environment}/required-permissions remain 404.

Tests for User Story 4

  • T028 [P] [US4] Extend apps/platform/tests/Feature/Guards/LegacyAdminTenantRouteRemovalGuardTest.php to prove no compatibility routes, aliases, redirects, or dual-panel fallbacks survive for /admin/t, /admin/tenants/{environment}/required-permissions, /admin/w/{workspace}/managed-tenants, or /admin/operations plus /admin/operations/{run}.
  • T029 [P] [US4] Extend apps/platform/tests/Feature/Workspace/WorkspaceFilamentTenancyCutoverTest.php and apps/platform/tests/Feature/ManagedEnvironment/WorkspaceFirstEnvironmentRoutingTest.php to cover WorkspaceResource and TenantResource global-search destinations plus 404 versus 403 behavior for direct workspace/environment URLs.

Implementation for User Story 4

  • T030 [US4] Update apps/platform/app/Filament/Resources/Workspaces/WorkspaceResource.php and apps/platform/app/Filament/Resources/TenantResource.php so each touched resource keeps a valid view/edit destination under workspace-first routing or disables global search in the same slice.
  • T031 [US4] Remove remaining legacy-route ownership and panel-language fallbacks from apps/platform/app/Providers/Filament/AdminPanelProvider.php, apps/platform/app/Providers/Filament/TenantPanelProvider.php, apps/platform/bootstrap/providers.php, apps/platform/routes/web.php, apps/platform/app/Support/Workspaces/WorkspaceRedirectResolver.php, apps/platform/app/Support/OperationRunLinks.php, and any touched helpers under apps/platform/tests/ so Specs 281 through 287 remain deferred instead of absorbed.

Checkpoint: Search, direct URLs, and no-legacy route guards all reflect the final workspace-first contract with no hidden fallback path.

Phase 7: Polish & Cross-Cutting Validation

Purpose: Run the exact bounded proof set, perform the final Filament review, and close the cutover without reopening deferred specs.

  • T032 [P] Run export PATH="/bin:/usr/bin:/usr/local/bin:$PATH" && REPO_ROOT="$(git rev-parse --show-toplevel)" && (cd "$REPO_ROOT/apps/platform" && ./vendor/bin/sail artisan test --compact tests/Feature/Workspace/WorkspaceFilamentTenancyCutoverTest.php tests/Feature/ManagedEnvironment/WorkspaceFirstEnvironmentRoutingTest.php tests/Feature/Monitoring/WorkspaceOperationsEnvironmentContextTest.php tests/Feature/Navigation/WorkspaceEnvironmentBreadcrumbsTest.php tests/Feature/Guards/LegacyAdminTenantRouteRemovalGuardTest.php).
  • T033 [P] Run export PATH="/bin:/usr/bin:/usr/local/bin:$PATH" && REPO_ROOT="$(git rev-parse --show-toplevel)" && (cd "$REPO_ROOT/apps/platform" && ./vendor/bin/sail artisan test --compact tests/Browser/Spec280WorkspaceTenancyEnvironmentRoutingSmokeTest.php).
  • T034 [P] Run export PATH="/bin:/usr/bin:/usr/local/bin:$PATH" && REPO_ROOT="$(git rev-parse --show-toplevel)" && (cd "$REPO_ROOT/apps/platform" && ./vendor/bin/sail bin pint --dirty --format agent).
  • T035 [P] Run export PATH="/bin:/usr/bin:/usr/local/bin:$PATH" && REPO_ROOT="$(git rev-parse --show-toplevel)" && rg -n --fixed-strings '/admin/t/' "$REPO_ROOT/apps/platform/app" "$REPO_ROOT/apps/platform/tests" "$REPO_ROOT/apps/platform/routes" "$REPO_ROOT/apps/platform/bootstrap", export PATH="/bin:/usr/bin:/usr/local/bin:$PATH" && REPO_ROOT="$(git rev-parse --show-toplevel)" && rg -n --fixed-strings '/admin/tenants/' "$REPO_ROOT/apps/platform/app" "$REPO_ROOT/apps/platform/tests" "$REPO_ROOT/apps/platform/routes" "$REPO_ROOT/apps/platform/bootstrap", export PATH="/bin:/usr/bin:/usr/local/bin:$PATH" && REPO_ROOT="$(git rev-parse --show-toplevel)" && rg -n --fixed-strings '/admin/w/' "$REPO_ROOT/apps/platform/app" "$REPO_ROOT/apps/platform/tests" "$REPO_ROOT/apps/platform/routes" "$REPO_ROOT/apps/platform/bootstrap", and export PATH="/bin:/usr/bin:/usr/local/bin:$PATH" && REPO_ROOT="$(git rev-parse --show-toplevel)" && rg -n --fixed-strings '/admin/operations' "$REPO_ROOT/apps/platform/app" "$REPO_ROOT/apps/platform/tests" "$REPO_ROOT/apps/platform/routes" "$REPO_ROOT/apps/platform/bootstrap" and confirm only intentional removal-guard output remains.
  • T036 [P] Run export PATH="/bin:/usr/bin:/usr/local/bin:$PATH" && REPO_ROOT="$(git rev-parse --show-toplevel)" && rg -n --fixed-strings "panel: 'tenant'" "$REPO_ROOT/apps/platform/app" "$REPO_ROOT/apps/platform/tests" "$REPO_ROOT/apps/platform/routes" "$REPO_ROOT/apps/platform/bootstrap" and export PATH="/bin:/usr/bin:/usr/local/bin:$PATH" && REPO_ROOT="$(git rev-parse --show-toplevel)" && rg -n --fixed-strings 'TenantPanelProvider::class' "$REPO_ROOT/apps/platform/bootstrap/providers.php" and confirm only intentional removal-guard output remains.
  • T037 [P] Review apps/platform/app/Providers/Filament/AdminPanelProvider.php, apps/platform/app/Providers/Filament/TenantPanelProvider.php, apps/platform/bootstrap/providers.php, apps/platform/app/Filament/Resources/Workspaces/WorkspaceResource.php, apps/platform/app/Filament/Resources/TenantResource.php, and touched Filament pages/actions to confirm Filament v5 / Livewire v4 compliance, provider registration stays in apps/platform/bootstrap/providers.php, the global-search destination rule is satisfied, touched destructive actions still preserve ->requiresConfirmation() plus authorization, and no asset strategy or deploy-step change was introduced.
  • T038 [P] Record the implementation close-out in specs/280-workspace-tenancy-environment-routing/checklists/requirements.md or the active PR notes confirming no compatibility routes, aliases, redirects, or dual-panel fallback shipped and Specs 281 through 287 remain explicitly deferred.

Dependencies & Execution Order

Phase Dependencies

  • Phase 1 (Setup): no dependencies; start immediately.
  • Phase 2 (Foundational): depends on Phase 1 and blocks all story work.
  • Phase 3 (US1): depends on Phase 2 and establishes the canonical environment-entry contract.
  • Phase 4 (US2): depends on Phase 2 and should follow US1 route ownership so operations links target the finished workspace-first environment family.
  • Phase 5 (US3): depends on US1 and should land with or immediately after US2 so dashboards, breadcrumbs, and middleware all reflect the same route contract.
  • Phase 6 (US4): depends on US1 through US3 so search, authorization, and no-legacy guards prove the final route language rather than an intermediate state.
  • Phase 7 (Polish): depends on all desired user stories being complete.

User Story Dependencies

  • US1 (P1): independently testable after Phase 2 and is the first required implementation increment.
  • US2 (P1): independently testable after Phase 2, but should ship after or with US1 because operations links rely on the canonical workspace-first environment family.
  • US3 (P2): independently testable after US1 and should land before US4 so breadcrumb and context truth are final.
  • US4 (P3): independently testable after US1 through US3 and closes search, authorization, and legacy-route honesty.

Within Each User Story

  • Write or extend the listed Pest coverage first and make it fail for the intended gap.
  • Apply the smallest shared-seam changes needed to satisfy the story without reopening Specs 281 through 287.
  • Re-run the narrowest relevant validation command for that story before moving to the next story.

Parallel Execution Examples

  • Setup: T002 through T006 can run in parallel once T001 sets the bounded scope.
  • Foundational: T007 through T012 can run in parallel before T013 and T014 converge the route skeleton.
  • US1: T015 and T016 can run in parallel; T017 through T019 should merge serially around chooser and route-owner files.
  • US2: T020 can run alongside T021, then T022 and T023 should follow once shared operations builders are updated.
  • US3: T024 can run in parallel with T025, then T026 and T027 should merge serially around the shared middleware and page-context seams.
  • US4: T028 and T029 can run in parallel; T030 and T031 should follow once the final route contract is stable.
  • Polish: T032 through T037 can run in parallel after implementation is complete; T038 should close out last.

Implementation Strategy

Suggested MVP Scope

  • MVP = US1. Land the single surviving admin panel plus workspace-first environment entry before widening into operations, dashboard-context hardening, and search/no-legacy enforcement.

Incremental Delivery

  1. Complete Phase 1 and Phase 2.
  2. Deliver US1 so environment entry no longer depends on /admin/t.
  3. Deliver US2 so operations links become workspace-canonical with explicit environment scope.
  4. Deliver US3 so dashboard ownership, breadcrumbs, and middleware all converge on the same workspace-first context.
  5. Deliver US4 to lock search, authorization, and legacy-route honesty.
  6. Finish with the exact validation commands and the final Filament review in Phase 7.

Team Strategy

  1. Parallelize the failing test work first.
  2. Serialize merges around apps/platform/app/Providers/Filament/, apps/platform/routes/web.php, and the middleware/context helpers to avoid conflicting route-language edits.
  3. Reject any implementation branch that introduces compatibility routes, dual-panel ownership, or hidden follow-up work from Specs 281 through 287.

Deferred Follow-Ups / Non-Goals

  • Spec 281 provider connection, provider scope, and Microsoft profile extraction
  • Spec 282 governance artifact retargeting to ManagedEnvironment
  • Spec 283 provider capability registry work
  • Spec 284 provider-neutral artifact source taxonomy work
  • Spec 285 workspace-first RBAC and environment access redesign
  • Spec 286 UI copy, IA, and localization neutralization beyond route/context truth
  • Spec 287 cutover quality gates and broader no-legacy enforcement beyond this feature-local proof