ahmido/TenantAtlas
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects 1 Releases Wiki Activity
611b19910e
TenantAtlas/specs/414-tcm-first-coverage-core-cutover/plan.md
Ahmed Darrazi 611b19910e
Some checks failed
PR Fast Feedback / fast-feedback (pull_request) Failing after 4m27s
Details
feat: migrate tcm first coverage core cutover
2026-06-25 14:54:31 +02:00

18 KiB
Raw Blame History

Implementation Plan: Spec 414 - TCM-First Coverage v2 Kernel

Branch: 414-tcm-first-coverage-core-cutover | Date: 2026-06-25 | Spec: specs/414-tcm-first-coverage-core-cutover/spec.md Input: Patched feature specification from /specs/414-tcm-first-coverage-core-cutover/spec.md

Summary

Introduce the inactive Coverage v2 kernel required for later hard cutover. This slice adds value families, minimal persistence, initial resource type registry, supported-scope contract, source-class model, claim guard, provider provenance rules, and focused tests.

Coverage v2 is not activated as customer-facing or operator-facing truth in this spec. Existing v1 runtime coverage remains active until a later explicit cutover spec. No v1-to-v2 compatibility adapter, dual write, fallback reader, old snapshot promotion, or customer-facing dual truth is allowed.

Technical Context

Language/Version: PHP 8.4.15, Laravel 12.52 Primary Dependencies: Filament 5.2.1, Livewire 4.1.4, Pest 4.3.1, PostgreSQL via Laravel Sail/Dokploy Storage: PostgreSQL; JSONB for supported-scope denominator lists and metadata only where the kernel needs structured definitions, plus optional evidence/resource payloads only if those optional tables are introduced Testing: Pest unit/feature tests; PostgreSQL lane when schema constraints or JSONB behavior require it Validation Lanes: fast-feedback, confidence, pgsql when needed Target Platform: Laravel monolith in apps/platform Project Type: web application / backend kernel only for this slice Performance Goals: registry/scope/claim guard evaluation is deterministic and local; no remote/provider calls Constraints: inactive kernel only, no rendered UI changes, no tenant_id, same-scope provider_connection_id, no compatibility shims, no Graph/TCM calls, no OperationRun-producing workflow by default Scale/Scope: initial required resource type entries and supported-scope contract only; catalog expansion and activation deferred

UI / Surface Guardrail Plan

  • Guardrail scope: no operator-facing surface change.
  • Affected routes/pages/actions/states/navigation/panel/provider surfaces: N/A.
  • No-impact class, if applicable: backend/domain-kernel only.
  • Native vs custom classification summary: N/A.
  • Shared-family relevance: future activation will touch status/evidence/report families; this spec does not.
  • State layers in scope: domain kernel state only.
  • Audience modes in scope: N/A.
  • Decision/diagnostic/raw hierarchy plan: N/A for rendered UI.
  • Raw/support gating plan: N/A.
  • One-primary-action / duplicate-truth control: no UI action introduced; Coverage v2 must not become parallel product truth.
  • Handling modes by drift class or surface: hard-stop if runtime UI changes are needed before spec amendment.
  • Repository-signal treatment: old v1 runtime terms are context only; broad removal is deferred.
  • Special surface test profiles: N/A - no rendered UI surface changed.
  • Required tests or manual smoke: unit and feature tests for kernel behavior.
  • Exception path and spread control: none.
  • Active feature PR close-out entry: Kernel / No UI / No dual truth.
  • UI/Productization coverage decision: No UI surface impact.
  • Coverage artifacts to update: none.
  • No-impact rationale: the spec creates inactive persistence/services only.
  • Navigation / Filament provider-panel handling: no panel provider or navigation change.
  • Screenshot or page-report need: no.

Product Surface Contract Plan

  • Product Surface Contract reference: docs/product/standards/product-surface-contract.md.
  • No-legacy posture: inactive kernel plus later hard cutover; no compatibility adapter.
  • Page archetype and surface budget plan: N/A - no rendered product surface changed.
  • Technical Annex and deep-link demotion plan: N/A.
  • Canonical status vocabulary plan: N/A for rendered UI.
  • Product Surface exceptions: none.
  • Browser verification plan: N/A - no rendered UI surface changed.
  • Human Product Sanity plan: workflow sanity in implementation report; no rendered-page review.
  • Visible complexity outcome target: neutral; no visible product surface change.
  • Implementation report target: specs/414-tcm-first-coverage-core-cutover/implementation-report.md.

Filament / Livewire / Deployment Posture

  • Livewire v4 compliance: Livewire 4.1.4 confirmed. No Livewire UI changes planned.
  • Panel provider registration location: no panel provider change. Laravel 12 panel providers remain in apps/platform/bootstrap/providers.php.
  • Global search posture: no Filament resource/global search change planned.
  • Destructive/high-impact action posture: no destructive or high-impact action introduced.
  • Asset strategy: no new assets; filament:assets not required by this spec.
  • Testing plan: unit tests for fixed value families/registry/scope/claim guard; feature tests for deterministic upsert-safe platform-seeded definitions, persistence seed/defaults, claim guard behavior, same-scope provider connection validation where optional concrete tables store provider_connection_id, and no-tenant_id schema proof.
  • Deployment impact: migrations for required kernel tables; no env vars, queue worker requirement, scheduler change, storage volume change, or asset deployment step by default.

Shared Pattern & System Fit

  • Cross-cutting feature marker: yes, but kernel-only.
  • Systems touched: new Coverage v2 domain namespace, migrations/models/factories for required kernel tables, registry/scope/claim services.
  • Shared abstractions reused: Laravel models/migrations/factories, existing workspace and managed-environment relationships, existing provider connection model, Pest conventions.
  • New abstraction introduced? why?: ResourceTypeRegistry, SupportedScopeResolver, and ClaimGuard are introduced because supported-scope and claim boundaries must be deterministic before UI/runtime activation.
  • Why the existing abstraction was sufficient or insufficient: v1 inventory/baseline coverage abstractions remain active but cannot express Coverage v2 source class, beta/fallback inclusion, exact scope claims, or no-tenant_id ownership.
  • Bounded deviation / spread control: v2 kernel must not be consumed by product surfaces until later activation spec.

OperationRun UX Impact

  • Touches OperationRun start/completion/link UX?: no.
  • Central contract reused: N/A.
  • Delegated UX behaviors: N/A.
  • Surface-owned behavior kept local: N/A.
  • Queued DB-notification policy: N/A.
  • Terminal notification path: N/A.
  • Exception path: none.

No remote TCM/Graph capture is implemented in Spec 414. No OperationRun-producing workflow is introduced unless a future amendment adds an operational command/job. OperationRun-backed capture/evaluation is deferred to Generic Content-Backed Capture.

Provider Boundary & Portability Fit

  • Shared provider/platform boundary touched?: yes.
  • Provider-owned seams: Microsoft TCM source class, Graph v1 fallback source class, Graph beta experimental source class, provider-native IDs as source metadata.
  • Platform-core seams: resource type, source class, workload, resource class, support state, coverage level, evidence state, identity state, claim state, supported scope.
  • Neutral platform terms / contracts preserved: provider, source class, managed environment, supported scope, claim guard.
  • Retained provider-specific semantics and why: tcm, graph_v1_fallback, and graph_beta_experimental remain because this is a TCM-first kernel.
  • Bounded extraction or follow-up path: follow-up specs own catalog expansion, identity engine, capture, and activation.

Constitution Check

GATE: Must pass before implementation. Re-check after design.

  • Inventory-first / snapshots-second: PASS. This spec creates inactive registry/scope kernel, not active snapshot truth.
  • Read/write separation: PASS. No remote write/change action.
  • Single Graph contract path: PASS. No Graph calls in this spec.
  • Deterministic capabilities: PASS. Claim/scope rules are deterministic and test-backed.
  • Proportionality: PASS. The previous full cutover was too broad; this patch narrows to minimum kernel.
  • No premature abstraction: PASS with justified exception. Registry/scope/claim guard are required for claim safety before activation.
  • Persisted truth: PASS. Required tables represent kernel source-of-truth definitions, not UI convenience.
  • Behavioral state: PASS. States affect future claim eligibility and testable guard behavior.
  • UI semantics: PASS. No UI framework or rendered UI changes.
  • Product Surface Contract: PASS. No runtime UI surface impact; stop-and-amend rule applies.
  • Workspace isolation: PASS. Kernel ownership uses workspace_id and managed_environment_id where environment-owned records exist.
  • Tenant isolation: PASS in current terminology; no tenant_id ownership column is introduced.
  • Provider boundary: PASS. Provider-native tenant/directory/account IDs stay metadata only.
  • OperationRun UX: PASS. No OperationRun workflow introduced.
  • Test governance: PASS. Unit/feature/pgsql lanes are sufficient for kernel behavior.
  • LEAN-001: PASS. No compatibility shim, fallback reader, dual write, or legacy alias.

Test Governance Check

  • Test purpose / classification by changed surface: Unit for pure kernel decisions; Feature for persistence/seed/schema/scope behavior; PostgreSQL for JSONB/composite constraint proof when needed.
  • Affected validation lanes: fast-feedback, confidence, pgsql when schema adds JSONB fields, composite foreign keys, partial unique indexes, same-scope provider constraints, or other PostgreSQL-specific behavior.
  • Why this lane mix is the narrowest sufficient proof: no rendered UI, browser, OperationRun, or remote provider workflow exists in this slice.
  • Narrowest proving command(s):
    • cd apps/platform && ./vendor/bin/sail artisan test --compact tests/Unit/Support/TenantConfiguration
    • cd apps/platform && ./vendor/bin/sail artisan test --compact tests/Feature/TenantConfiguration
    • cd apps/platform && ./vendor/bin/sail php vendor/bin/pest -c phpunit.pgsql.xml tests/Feature/TenantConfiguration if migrations add JSONB fields, composite foreign keys, partial unique indexes, same-scope provider constraints, or other PostgreSQL-specific behavior
    • git diff --check
  • Fixture / helper / factory / seed / context cost risks: new Coverage v2 factories must stay opt-in.
  • Expensive defaults or shared helper growth introduced?: no.
  • Heavy-family additions, promotions, or visibility changes: none by default.
  • Surface-class relief / special coverage rule: N/A - no rendered UI surface changed.
  • Closing validation and reviewer handoff: verify no UI wiring, no tenant_id, no v1 translator, no compatibility shim, correct source classes, exact scope claim guard, same-scope provider connection validation.
  • Budget / baseline / trend follow-up: document in implementation report if test runtime materially increases.
  • Review-stop questions: did kernel stay inactive; did scope creep into UI/capture/legacy removal; did provider-native ID become ownership truth.
  • Escalation path: document-in-feature.
  • Active feature PR close-out entry: Kernel / No UI / No dual truth.
  • Why no dedicated follow-up spec is needed: this spec is the prerequisite kernel. Activation/capture/cutover follow-ups are listed separately.

Project Structure

Documentation (this feature)

specs/414-tcm-first-coverage-core-cutover/
├── checklists/requirements.md
├── plan.md
├── spec.md
└── tasks.md

Source Code (repository root)

Likely implementation surfaces:

apps/platform/app/Support/TenantConfiguration/
├── ClaimState.php
├── CoverageLevel.php
├── EvidenceState.php
├── IdentityState.php
├── ResourceClass.php
├── SourceClass.php
├── SupportState.php
└── Workload.php

apps/platform/app/Services/TenantConfiguration/
├── ClaimGuard.php
├── ResourceTypeRegistry.php
└── SupportedScopeResolver.php

apps/platform/app/Models/
├── TenantConfigurationResourceType.php
└── TenantConfigurationSupportedScope.php

apps/platform/database/migrations/
└── *_create_tenant_configuration_kernel_tables.php

apps/platform/database/factories/
└── TenantConfiguration*.php

apps/platform/tests/Unit/Support/TenantConfiguration/
apps/platform/tests/Feature/TenantConfiguration/

Optional only if implementation proves they are needed for tests or clean service boundaries:

apps/platform/app/Models/TenantConfigurationResource.php
apps/platform/app/Models/TenantConfigurationResourceEvidence.php

Structure Decision: Use existing Laravel monolith conventions. No new base folder outside established app/Support, app/Services, app/Models, database, and tests structure.

Complexity Tracking

Violation Why Needed Simpler Alternative Rejected Because
New kernel persistence Registry/scope definitions must be queryable and testable before activation Config-only definitions would not prove schema ownership and provider provenance
New enum/state families Claim guard needs explicit behavioral boundaries Reusing v1 gap terms would preserve wrong semantics
New registry/scope/claim services Exact scope claims must be programmatically blocked or allowed UI copy rules cannot prevent future overclaims

Proportionality Review

  • Current operator problem: later Coverage v2 activation must not overclaim customer coverage.
  • Existing structure is insufficient because: v1 coverage does not encode source class, exact supported scope, beta/fallback rules, or claim guard eligibility.
  • Narrowest correct implementation: inactive value families, required kernel tables, initial registry entries, supported-scope resolver, claim guard, tests.
  • Ownership cost created: domain namespace, migrations/models, services, factories, tests, implementation report.
  • Alternative intentionally rejected: full cutover in Spec 414; v1-to-v2 compatibility mapping; label-only UI rewrite.
  • Release truth: current-release kernel needed before later activation.

Implementation Phases

Phase 0 - Preflight

  • Capture branch, HEAD, and dirty state.
  • Confirm constitution ownership alignment.
  • Confirm only active spec artifacts were patched during preparation.
  • Confirm no UI/capture/OperationRun/legacy-removal scope remains in Spec 414 implementation tasks.

Phase 1 - Kernel Value Families

  • Add value objects/enums for source class, workload, resource class, support state, coverage level, evidence state, identity state, claim state, and restore tier only if needed for claim guard.
  • Keep allowed values fixed to the spec-defined kernel list: source classes tcm, graph_v1_fallback, graph_beta_experimental; workload intune; resource class configuration; and the explicitly listed support, coverage, evidence, identity, claim, and optional restore-tier values.
  • Keep labels internal/domain-level, not product-facing UI vocabulary.

Phase 2 - Minimal Kernel Persistence

  • Add required kernel tables: tenant_configuration_resource_types and tenant_configuration_supported_scopes.
  • Treat required kernel tables as platform-seeded definition tables, not workspace/environment/provider-connection-owned records.
  • Enforce deterministic uniqueness: (canonical_type, source_class) for resource types and scope_key for supported scopes.
  • Keep seed/migration behavior upsert-safe so re-running the kernel setup cannot duplicate definitions.
  • Add optional resource/evidence tables only if implementation proves they are needed for tests or clean service boundaries.
  • Enforce no tenant_id.
  • Enforce workspace_id and managed_environment_id where environment-owned rows exist.
  • Enforce same-scope provider_connection_id where provider provenance is stored in optional concrete resource/evidence rows; required kernel definition tables must not store provider_connection_id.

Phase 3 - Initial Registry And Supported Scope

  • Seed required initial resource type entries.
  • Classify TCM, Graph v1 fallback, and Graph beta experimental source classes.
  • Add supported-scope denominator/minimum-level rules.
  • Exclude beta by default and include fallback only when allowed by scope.

Phase 4 - Claim Guard

  • Block unscoped 100% claims.
  • Block beta certification by default.
  • Block restore claims where resource type is not restorable.
  • Block customer-facing claims for incomplete supported scopes.
  • Allow only exact scope + level claims.

Phase 5 - Tests And Validation

  • Add focused unit tests.
  • Add focused feature tests.
  • Add PostgreSQL-specific tests when schema constraints or JSONB require PostgreSQL proof.
  • Write implementation report.
  • Run Pint, focused tests, optional pgsql lane, and git diff --check.

Rollout And Deployment Considerations

  • Staging validation is mandatory before production.
  • Migrations introduce inactive kernel tables only.
  • No env vars are planned.
  • No queue worker, scheduler, storage volume, or asset deployment change is planned.
  • No filament:assets requirement unless a future amendment adds registered assets.
  • Supply-chain remediation, if still open, remains a release/pilot gate outside this spec.

Risk Controls

  • Stop if implementation requires rendered UI changes.
  • Stop if implementation requires remote TCM/Graph capture.
  • Stop if implementation requires OperationRun-backed evaluation.
  • Stop if tenant_id appears in Coverage v2 ownership fields.
  • Stop if v1-to-v2 compatibility adapter, dual write, or fallback reader appears.
  • Stop if old gap taxonomy becomes Coverage v2 runtime truth.