TenantAtlas/specs/321-alerts-audit-log-environment-filter-contract-decision/tasks.md

Tasks: Alerts / Audit Log Environment Filter Contract Decision

Input: Spec artifacts from specs/321-alerts-audit-log-environment-filter-contract-decision/ Prerequisites: spec.md, plan.md, decision.md Runtime posture: Hard cutover. No legacy alias support.

Phase 1: Discovery Confirmation

• T001 Re-read specs/321-alerts-audit-log-environment-filter-contract-decision/spec.md, plan.md, and decision.md before runtime implementation starts.
• T002 Re-read Spec 318 artifacts: audit-report.md, surface-inventory.md, page-matrix.md, mismatch-findings.md, and recommended-fixes.md.
• T003 Confirm related completed specs 314 through 320 are context only and do not need edits for Spec 321.
• T004 Confirm alert_deliveries.managed_environment_id and audit_logs.managed_environment_id are still present and indexed before implementing filter queries.
• T005 Inspect current route names for Alerts, Alert Deliveries, Alert Rules, Alert Destinations, and Audit Log.

Phase 2: Tests First

• T006 Add a static/spec guard test named it('documents_alerts_and_audit_log_filter_contract_decisions').
• T007 Add Alerts overview contract test it('alerts_support_environment_id_filter_with_visible_chip_and_clear').
• T008 Add Alert Deliveries contract test it('alert_deliveries_support_environment_id_filter_with_visible_chip_and_clear').
• T009 Add Audit Log contract test it('audit_log_supports_environment_id_filter_with_visible_chip_and_clear').
• T010 Add legacy alias guard test it('alerts_and_audit_log_do_not_accept_legacy_environment_query_aliases').
• T011 Add cross-workspace guard test it('alerts_and_audit_log_reject_cross_workspace_environment_filters').
• T012 Add sidebar/global navigation regression test it('alerts_and_audit_log_sidebar_entry_is_workspace_wide').
• T013 Add Environment CTA contract test it('environment_ctas_to_alerts_and_audit_log_use_environment_id').
• T014 Add configuration-surface guard test it('alert_configuration_surfaces_do_not_emit_environment_filters').
• T015 Ensure tests prove data scope, not only URL or visible chip state.

Phase 3: Shared Contract Wiring

• T016 Inspect apps/platform/app/Support/Navigation/WorkspaceHubRegistry.php and confirm Alerts, Alert Deliveries, and Audit Log remain registered as workspace hubs.
• T017 Confirm WorkspaceHubRegistry::cleanUrl() continues to strip Environment query params from sidebar/global entries.
• T018 Inspect apps/platform/app/Support/Navigation/WorkspaceHubEnvironmentFilter.php and reuse it for canonical environment_id resolution.
• T019 Reuse apps/platform/app/Support/Navigation/WorkspaceHubFilterStateResetter.php for clear behavior.
• T020 Reuse apps/platform/app/Filament/Concerns/ClearsWorkspaceHubEnvironmentFilterState.php where page/resource architecture supports it.
• T021 Reuse apps/platform/resources/views/filament/partials/workspace-hub-environment-filter-chip.blade.php for visible filter state.
• T022 Do not add a page-local Environment resolver unless existing architecture requires a minimal adapter.

Phase 4: Alerts Overview

• T023 Update apps/platform/app/Filament/Pages/Monitoring/Alerts.php to resolve canonical environment_id for the current Workspace.
• T024 Keep Alerts overview shell Workspace-only in all filtered and unfiltered states.
• T025 Render the shared Environment filter chip in apps/platform/resources/views/filament/pages/monitoring/alerts.blade.php when the filter is active.
• T026 Ensure the clear action on Alerts overview uses shared reset behavior and returns to clean /admin/alerts.
• T027 Update apps/platform/app/Filament/Widgets/AlertsKpiHeader.php so Environment-attributable delivery signal counts respect the active filter.
• T028 Ensure workspace-level configuration counts on Alerts overview are not mislabeled as Environment-filtered counts.
• T029 Ensure Alerts overview links to Alert Deliveries preserve canonical environment_id when filtered.
• T030 Ensure Alerts overview links to Alert Rules and Alert Destinations do not include Environment filter params.

Phase 5: Alert Deliveries

• T031 Update apps/platform/app/Filament/Resources/AlertDeliveryResource.php query/table behavior to apply canonical environment_id through shared resolution.
• T032 Filter Alert Deliveries rows by reliable managed_environment_id.
• T033 Keep Alert Deliveries shell Workspace-only in all filtered and unfiltered states.
• T034 Render the shared Environment filter chip on the Alert Deliveries list page when filtered.
• T035 Ensure clear removes environment_id, tableFilters, tableDeferredFilters, persisted Filament/session filter state, and visible chip.
• T036 Ensure legacy URL aliases do not prefill the table filter.
• T037 Ensure clean Alert Deliveries entry is workspace-wide and reload-safe.

Phase 6: Alert Rules and Alert Destinations

• T038 Confirm apps/platform/app/Filament/Resources/AlertRuleResource.php remains a workspace configuration surface.
• T039 Confirm apps/platform/app/Filament/Resources/AlertDestinationResource.php remains a workspace configuration surface.
• T040 Ensure Alert Rules do not render an Environment filter chip from environment_id.
• T041 Ensure Alert Destinations do not render an Environment filter chip from environment_id.
• T042 Ensure Environment Dashboard or Alert overview CTAs to Alert Rules use clean workspace links.
• T043 Ensure Environment Dashboard or Alert overview CTAs to Alert Destinations use clean workspace links.

Phase 7: Audit Log

• T044 Update apps/platform/app/Filament/Pages/Monitoring/AuditLog.php to resolve canonical environment_id for the current Workspace.
• T045 Filter Audit Log rows by reliable audit_logs.managed_environment_id when the filter is active.
• T046 Keep Audit Log shell Workspace-only in all filtered and unfiltered states.
• T047 Render the shared Environment filter chip in apps/platform/resources/views/filament/pages/monitoring/audit-log.blade.php when filtered.
• T048 Ensure Audit Log clear removes environment_id, table filters, deferred filters, persisted session state, and visible chip.
• T049 Ensure Audit Log clean entry does not inherit remembered Environment state.
• T050 Ensure selected audit event/detail state cannot show an event outside the active Environment filter.
• T051 Ensure audit events with null managed_environment_id remain visible workspace-wide and are excluded when filtered.

Phase 8: Navigation, Links, and CTAs

• T052 Inspect apps/platform/app/Support/Navigation/WorkspaceSidebarNavigation.php and confirm sidebar entries for Alerts and Audit Log remain clean.
• T053 Inspect Environment Dashboard CTAs and widgets for Alerts or Audit Log links.
• T054 Update Environment-origin CTAs to Alerts, Alert Deliveries, and Audit Log to use canonical environment_id only when preserving Environment focus.
• T055 Remove environment_id from Environment-origin CTAs to Alert Rules and Alert Destinations.
• T056 Inspect apps/platform/app/Support/ManagedEnvironmentLinks.php for any Alerts/Audit helpers or related links that need canonicalization.
• T057 Inspect apps/platform/app/Support/Operations/OperationRunLinks.php for Alerts/Audit links that need canonicalization.
• T058 Inspect notification, alert, and audit link helpers for legacy tenant, tenant_id, managed_environment_id, environment, tenant_scope, or tableFilters query output.

Phase 9: Regression and Safety

• T059 Run targeted Alerts/Audit contract tests.
• T060 Run Spec 315 environment filter contract regression tests.
• T061 Run Spec 316 clear filter contract regression tests.
• T062 Run Spec 317 legacy tenant cleanup regression tests.
• T063 Run Spec 314 workspace hub navigation regression tests.
• T064 Run Spec 319 Baseline Compare Environment-owned regression tests.
• T065 Run Spec 320 workspace-owned analysis shell regression tests.
• T066 Run formatting for touched PHP files.
• T067 Run git diff --check.

Phase 10: Browser Verification

2026-05-17 note: attempted integrated browser verification, but the Playwright MCP browser profile was locked by another running browser process (mcp-chrome-6176c52). Existing Pest browser smoke tests/Browser/Spec193MonitoringSurfaceHierarchySmokeTest.php passed and covers /admin/alerts, but the requested screenshot set remains pending.

• T068 Start the local Sail/browser-ready environment.
• T069 Open Alerts clean URL and capture artifacts/screenshots/alerts--clean.png.
• T070 Open Alerts filtered URL and capture artifacts/screenshots/alerts--filtered.png.
• T071 Clear Alerts filter, reload, and capture artifacts/screenshots/alerts--after-clear.png and alerts--after-reload.png.
• T072 Open Alert Deliveries filtered URL and capture artifacts/screenshots/alert-deliveries--filtered.png.
• T073 Open Audit Log clean URL and capture artifacts/screenshots/audit-log--clean.png.
• T074 Open Audit Log filtered URL and capture artifacts/screenshots/audit-log--filtered.png.
• T075 Clear Audit Log filter, reload, and capture artifacts/screenshots/audit-log--after-clear.png and audit-log--after-reload.png.
• T076 Verify Environment Dashboard CTAs to Alerts/Audit Log and capture useful CTA screenshots.
• T077 Verify browser back/forward after filter and clear does not create URL/chip/data mismatch.

Phase 11: Final Report

• T078 Report chosen contracts for Alerts, Alert Deliveries, Alert Rules, Alert Destinations, and Audit Log.
• T079 Report changed behavior and files changed.
• T080 Report test commands and results, including any unrelated residual failures.
• T081 Report browser verification and screenshot paths.
• T082 Report that no migrations, seeders, packages, env vars, queues, scheduler, storage, or deployment asset changes were made unless the spec was explicitly updated.
• T083 Report that no backwards compatibility layer or legacy query alias support was introduced.