ahmido/TenantAtlas
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects 1 Releases Wiki Activity
84bb094e5e
TenantAtlas/specs/412-pilot-readiness-remediation-pack/implementation-report.md
Ahmed Darrazi 84bb094e5e
Some checks failed
PR Fast Feedback / fast-feedback (pull_request) Failing after 1m13s
Details
feat: implement pilot readiness remediation pack contract
2026-06-24 22:26:28 +02:00

15 KiB
Raw Blame History

Implementation Report: Spec 412 - Pilot Readiness Remediation Pack

Summary

Spec 412 remediates the four included Spec 407 pilot-readiness findings without adding new routes, persisted entities, status families, navigation, report templates, or provider access models.

Implemented runtime changes:

  • Finding detail demotes raw fingerprints, scope keys, source fingerprints, subject external IDs, detector/control/provider keys, provider object type, and run IDs into a collapsed Technical identifiers section.
  • Sanitized evidence JSON is collapsed by default on finding detail.
  • Provider connection member-missing-capability access now redirects to a clearer provider no-access outcome while preserving deny-as-not-found for non-members and cross-workspace actors.
  • The no-access page now renders provider-specific copy for provider-connection permission denials.
  • report.management.generate is classified in the existing OperationRun actionability registry as an artifact-producing operation.
  • report.management.generate terminal follow-up now resolves against the existing readable ready management PDF truth for StoredReport artifacts in the same workspace/environment and review-pack/review scope.
  • Management PDF StoredReport lookups are now scoped consistently by workspace, managed environment, review pack, and source environment review for ready/active/retry states, and by operation-run workspace/environment/source context for run-bound lookup.

No ReviewPack page, signed download controller, Operations page, or TenantlessOperationRunViewer runtime change was required; focused tests and browser proof show the existing behavior satisfies the included operations finding while the management PDF source truth is now explicitly service-enforced.

Spec 407 Finding Remediation Matrix

Finding Remediation Evidence Result
Ready management PDFs not surfaced coherently Existing ViewReviewPack ready-PDF precedence was verified and ManagementReportPdfService was hardened so only same-scope ready PDFs can drive the Review Pack ready/download state. Ready PDFs render Download management PDF; generate is not primary when a valid same-scope ready PDF exists. Spec379ManagementReportPdfTest, Spec404ManagementReportPdfRuntimeValidationTest, ReviewPackDownloadTest, Spec379ManagementReportPdfSmokeTest Fixed
Operations index/detail browser navigation timeout Operations index/detail render DB-only, preserve canonical links, and focused browser paths complete without JS/console errors. OperationsCanonicalUrlsTest, OperationsDbOnlyRenderTest, OperationsHubProductizationTest, Spec391OperationsHubStabilityTest, TenantlessOperationRunViewerTest, Spec391...SmokeTest, Spec360...SmokeTest Remediated by proof; no runtime operation page change required
Finding detail exposes raw internal hashes by default Raw technical identifiers moved into collapsed technical detail; default body remains human-readable. DriftFindingDetailTest, Spec412PilotReadinessRemediationSmokeTest Fixed
Readonly/provider-connection no-access outcome confusing/login-like Member-missing-PROVIDER_VIEW branch redirects to provider-specific no-access copy; non-members/cross-workspace stay non-leaky. CapabilityForbiddenTest, ProviderConnectionAuthorizationTest, ProviderConnectionsUiEnforcementTest, TenantlessListRouteTest, Spec412PilotReadinessRemediationSmokeTest Fixed

Report/PDF State Matrix

State Behavior Evidence
Ready management PDF Review pack detail shows Download management PDF and does not show Generate management PDF as the primary state when a readable PDF belongs to the same workspace/environment/review scope. Spec379ManagementReportPdfTest, Spec379ManagementReportPdfSmokeTest
Missing/unavailable/blocked PDF Review pack detail shows unavailable/generate-safe state and avoids serving invalid ready output. Spec379ManagementReportPdfTest, Spec404ManagementReportPdfRuntimeValidationTest, Spec379ManagementReportPdfSmokeTest
Authorized signed download Signed management PDF and review pack download routes work for entitled actors. Spec379ManagementReportPdfTest, ReviewPackDownloadTest
Unauthorized/cross-workspace/unsigned download Direct unsigned, expired, invalid, non-member, and cross-workspace report/download routes remain blocked. Spec379ManagementReportPdfTest, Spec404ManagementReportPdfRuntimeValidationTest, ReviewPackDownloadTest

Browser proof validates the rendered PDF action states. Binary stream authorization remains covered by feature tests because the browser harness does not provide reliable assertions for streamed download bodies.

Product Surface Contract

  • No-legacy posture: canonical correction only; no compatibility alias or duplicate UI introduced.
  • Product Surface Impact: existing review/report, operations, finding detail, and provider no-access surfaces only.
  • UI Surface Impact: existing pages changed; no new navigation, major pages, modals, tables, or status families.
  • Page archetypes: review pack report/receipt, operations technical annex/receipt, finding decision/secondary context, provider no-access settings denial outcome.
  • Surface budgets: pass for focused surfaces. Visible complexity decreased on finding/provider surfaces and stayed neutral for operations/report surfaces.
  • Technical Annex / deep-link demotion: fingerprints, scope keys, source identifiers, provider keys, run IDs, and sanitized evidence payloads are collapsed or secondary by default.
  • Canonical status vocabulary: no new vocabulary introduced.
  • Product Surface exceptions: none.
  • Human Product Sanity: pass. The affected surfaces keep a clear primary operator question, avoid contradictory PDF action state, keep operations diagnostic depth off the first decision path, demote finding internals, and avoid login-like provider-denial copy.
  • Completed-spec rewrite assertion: no completed Specs 400-407 were edited.

UI Action Matrix Close-Out

  • Review pack management PDF: no new actions. Existing generate action remains ->action(...), confirmed, authorized, audited, and OperationRun-backed. Ready PDF download remains URL-based signed download.
  • Operations: no new actions. Existing inspect/drilldown paths and OperationRunLinks are preserved.
  • Finding detail: no new actions. Technical identifiers and sanitized evidence are collapsed detail, not first-decision content.
  • Provider connection no-access: no new action. Provider detail/manage/run actions remain capability-gated; non-member/cross-workspace record existence stays hidden.

Filament / Livewire / Assets / Search

  • Livewire v4 compliance: confirmed on Livewire 4.1.4.
  • Provider registration: unchanged; Laravel 12 panel providers remain registered through apps/platform/bootstrap/providers.php.
  • Global search: no resource was made globally searchable. ProviderConnectionResource remains protected static bool $isGloballySearchable = false.
  • Destructive/high-impact actions: no new destructive action. Existing provider and management PDF high-impact actions retain confirmation and authorization.
  • Asset strategy: no assets added or changed; no new filament:assets deployment impact from this spec.

Browser Proof

Focused browser command:

cd apps/platform && ./vendor/bin/sail artisan test tests/Browser/Spec412PilotReadinessRemediationSmokeTest.php tests/Browser/Spec379ManagementReportPdfSmokeTest.php tests/Browser/Spec391OperationsHubStabilitySmokeTest.php tests/Browser/Spec360OperationRunCanonicalCutoverSmokeTest.php

Result: pass, 5 tests, 75 assertions.

Paths/states covered:

  • Review pack ready and unavailable management PDF action states.
  • Operations Hub index load with Livewire/Alpine present and no debug/asset failure signatures.
  • OperationRun detail load for canonical reconciled and stale queued runs.
  • Finding detail default view with raw hash values absent and technical sections collapsed.
  • Authenticated provider no-access copy for provider-connection permission denial.

All focused browser checks asserted no JavaScript errors and no console logs.

Automated Validation

Passing focused suite:

cd apps/platform && ./vendor/bin/sail artisan test --filter='Spec379ManagementReportPdfTest|Spec404ManagementReportPdfRuntimeValidationTest|ReviewPackDownloadTest|DriftFindingDetailTest|OperationsHubProductizationTest|TenantlessOperationRunViewerTest|OperationsCanonicalUrlsTest|OperationsDbOnlyRenderTest|Spec391OperationsHubStabilityTest|ProviderConnectionAuthorizationTest|CapabilityForbiddenTest|ProviderConnectionsUiEnforcementTest|TenantlessListRouteTest|Spec367OperationRunActionabilityRegistryTest|Spec367OperationRunActionabilityResolverTest'

Result: pass, 131 tests, 871 assertions.

Additional pre-merge hardening after final manual review:

cd apps/platform && ./vendor/bin/sail artisan test --filter='Spec367OperationRunActionability'
cd apps/platform && ./vendor/bin/sail artisan test --filter='Spec379ManagementReportPdfTest|Spec404ManagementReportPdfRuntimeValidationTest|ReviewPackDownloadTest|DriftFindingDetailTest|OperationsHubProductizationTest|TenantlessOperationRunViewerTest|OperationsCanonicalUrlsTest|OperationsDbOnlyRenderTest|Spec391OperationsHubStabilityTest|ProviderConnectionAuthorizationTest|CapabilityForbiddenTest|ProviderConnectionsUiEnforcementTest|TenantlessListRouteTest|Spec367OperationRunActionabilityRegistryTest|Spec367OperationRunActionabilityResolverTest'
cd apps/platform && ./vendor/bin/sail artisan test --filter='Spec379ManagementReportPdfTest|Spec404ManagementReportPdfRuntimeValidationTest'

Results: pass, 18 tests / 132 assertions for the Actionability family, pass, 131 tests / 871 assertions for the expanded focused Spec 412 suite, and pass, 26 tests / 193 assertions for the management PDF family.

Other passing checks:

  • cd apps/platform && ./vendor/bin/sail bin pint --dirty --format agent -> pass.
  • git diff --check -> pass.

Broad validation filters were run as requested. They exposed residual failures outside the Spec 412 touched surfaces:

  • --filter=ReviewPack: failed in existing customer-output/rendered-report/review-pack generation expectations; in-scope Spec379/392/404 and download coverage passed.
  • --filter=ManagementReport: Spec379/404 passed; existing Spec366 rendered-report browser path returned 404.
  • --filter=OperationRun: exposed an in-scope actionability registry gap for report.management.generate; fixed and verified. Final manual review also hardened ready management PDF artifact resolution for the same operation family, and repeat review hardened the underlying management PDF service lookups. Other residual failures remain outside the focused remediation.
  • --filter=Operations: focused operations DB-only, canonical URL, Operations Hub, Spec391, and browser proof passed; broader dashboard/lifecycle/provider-operation contracts still fail.
  • --filter=Finding: focused finding detail and Spec412 browser proof passed; broader baseline/governance/dashboard residuals still fail.
  • --filter=ProviderConnection: focused provider no-access, authorization, scope, and UI enforcement passed; older Spec394 provider freshness and Spec281 onboarding smoke residuals still fail.

Full cd apps/platform && ./vendor/bin/sail artisan test was not run because the broader filters already show unrelated residual failures.

Post-Implementation Analysis

Confirmed in-scope findings found during the loop:

  • report.management.generate was present in OperationCatalog and produced by management PDF generation, but was missing from OperationRunActionabilityRegistry.
  • Remediation: classify it under the existing artifact_or_later_success_v1 policy with review-pack/review context keys.
  • Final manual review found that the registry classification needed a concrete StoredReport artifact resolver branch so failed report.management.generate runs can be resolved by same-scope ready management PDFs without waiting for a later successful run.
  • Remediation: add ready management PDF artifact lookup to OperationRunActionabilityResolver through ManagementReportPdfService::findReadyReport() so current-follow-up resolution uses the same readable PDF/file-size/SHA/PDF-byte validation as the review-pack surface and signed download route, with an explicit workspace/environment match on the resolving StoredReport.
  • Repeat final review found that ManagementReportPdfService still allowed cross-scope StoredReport rows sharing the same source_review_pack_id to influence ready, active, retry, or run-bound PDF decisions before downstream signed-download authorization rejected them.
  • Remediation: bind management PDF ready/active/retry lookups to workspace, managed environment, review pack, and source environment review; bind run-bound lookup to the operation run workspace, managed environment, and source context.
  • Verification: Spec367OperationRunActionabilityRegistryTest, Spec367OperationRunActionabilityResolverTest, the Actionability family, the management PDF family, the new Spec412 management PDF scope guards, focused browser proof, and the expanded focused Spec 412 suite passed.

Remaining in-scope findings: none.

Residual risks:

  • Broad validation filters still have unrelated failures from older productization/dashboard/review-output specs. They are not caused by changed files in this implementation and are documented above.
  • Browser proof for streamed management PDF binary body is represented by rendered download action state plus feature-route assertions, not a browser download-body assertion.

Deployment Impact

  • Migrations: none.
  • Env vars: none.
  • Queue/cron topology: none.
  • Storage/volumes: none.
  • Filament assets: none.
  • Staging/Dokploy: no new deployment step. Existing management PDF storage/queue/runtime requirements remain unchanged.

Final Status

Final working tree status recorded after implementation:

## 412-pilot-readiness-remediation-pack
 M apps/platform/app/Filament/Pages/NoAccess.php
 M apps/platform/app/Filament/Resources/FindingResource.php
 M apps/platform/app/Filament/Resources/ProviderConnectionResource.php
 M apps/platform/app/Policies/ProviderConnectionPolicy.php
 M apps/platform/app/Services/ReviewPacks/ManagementReportPdfService.php
 M apps/platform/app/Support/Operations/Actionability/OperationRunActionabilityRegistry.php
 M apps/platform/app/Support/Operations/Actionability/OperationRunActionabilityResolver.php
 M apps/platform/resources/views/filament/pages/no-access.blade.php
 M apps/platform/tests/Feature/Drift/DriftFindingDetailTest.php
 M apps/platform/tests/Feature/Operations/Spec367OperationRunActionabilityResolverTest.php
 M apps/platform/tests/Feature/ProviderConnections/CapabilityForbiddenTest.php
 M apps/platform/tests/Feature/ReviewPack/Spec379ManagementReportPdfTest.php
?? apps/platform/tests/Browser/Spec412PilotReadinessRemediationSmokeTest.php
?? specs/412-pilot-readiness-remediation-pack/

Merge Readiness Gate: passed for the active Spec 412 focused scope, with documented unrelated broad-lane residual failures.