TenantAtlas/specs/412-pilot-readiness-remediation-pack/tasks.md

Tasks: Spec 412 - Pilot Readiness Remediation Pack

Input: specs/412-pilot-readiness-remediation-pack/spec.md, plan.md, checklists/requirements.md, user-provided Spec 408 draft, Spec 407 findings, Product Surface Contract, roadmap/spec-candidate truth, and repo inventory.

Prerequisites: Review AGENTS.md, .specify/memory/constitution.md, docs/ai-coding-rules.md, docs/product/standards/product-surface-contract.md, docs/filament-guidelines.md, docs/security-guidelines.md, docs/testing-guidelines.md, and this spec package before runtime edits.

Tests: Required. Runtime behavior changes need focused Pest feature/Filament/Livewire tests plus focused browser proof. No full browser audit claim.

Test Governance Checklist

• Lane assignment is named and is the narrowest sufficient proof for each changed behavior.
• New or changed tests stay in the smallest honest family, and browser proof is explicit and focused.
• Shared helpers, factories, seeds, fixtures, and context defaults stay cheap by default.
• Planned validation commands cover the four included findings without pulling in unrelated lane cost.
• The declared surface test profiles are explicit: shared-detail-family, monitoring-state-page, exception-coded-surface.
• Browser proof is completed for rendered UI changes.
• Human Product Sanity and Product Surface implementation-report close-out are completed.
• Any material budget, baseline, trend, or escalation note is recorded in the implementation report.

Phase 1: Safety, Inventory, And Reproduction

Purpose: Confirm repo state, locate exact runtime ownership, and reproduce/validate each Spec 407 finding before fixing.

• T001 Record git status --short --branch, git diff --name-only, and git diff --check before implementation.
• T002 Read specs/412-pilot-readiness-remediation-pack/spec.md, plan.md, tasks.md, and checklists/requirements.md.
• T003 Confirm no completed Specs 400-407 are edited or normalized.
• T004 Inventory review/report/PDF routes, resources, controllers, services, and tests related to ReviewPack, StoredReport, ManagementReportPdf, signed downloads, and customer reports.
• T005 Inventory operations index/detail routes, Operations page, TenantlessOperationRunViewer, views, OperationRun link helpers, polling/readiness behavior, and existing tests.
• T006 Inventory finding detail rendering, fingerprint/source hash fields, technical detail sections, customer-safe report/finding surfaces, and existing finding tests.
• T007 Inventory provider-connection route, resource, middleware/policy, readonly/no-access behavior, and existing ProviderConnections tests.
• T008 Reproduce or validate the ready-management-PDF-not-surfaced finding with existing or minimally created local fixtures.
• T009 Reproduce or validate operations route browser timeout/no-current-500 behavior with focused browser navigation.
• T010 Reproduce or validate finding fingerprint/scope hash default-body exposure.
• T011 Reproduce or validate readonly provider-connection no-access copy/redirect behavior.
• T012 Document any non-reproducible finding and the proof that makes it non-reproducible without marking it fixed prematurely.

Phase 2: Review Pack / Management PDF Surfacing (P1)

Goal: Ready stored management PDFs surface as ready/downloadable, not primarily as generate.

Independent Test: A ready ReviewPack with a ready management-report StoredReport renders a ready/download action for authorized users and keeps unauthorized/cross-workspace direct download blocked.

Tests First

• T013 Add or update a ReviewPack/Filament test proving a ready management PDF renders ready/download/open state on review pack detail.
• T014 Add or update a test proving Generate management PDF is not the primary action when a valid ready management PDF exists.
• T015 Add or update tests for missing, failed, unavailable, expired, or inconsistent PDF/file states so they are not shown or served as ready.
• T016 Add or update signed download authorization tests proving authorized download works and unauthorized/cross-workspace direct download remains blocked.
• T017 Add or update signed vs unsigned report route tests proving customer report behavior does not regress.

Implementation

• T018 Verify and harden ManagementReportPdfService::findReadyReport() and related decision methods so they use the correct same-scope ReviewPack/StoredReport source truth.
• T019 Update apps/platform/app/Filament/Resources/ReviewPackResource/Pages/ViewReviewPack.php only as needed so ready PDF state wins over generate as the primary state. Existing implementation already satisfied this and was verified by Spec379 tests/browser proof.
• T020 Update ManagementReportPdfService only if tests prove the UI is reading an incomplete or inconsistent state source. Repeat final review proved incomplete service-level scope checks, so ready/active/retry/run-bound management PDF lookups were hardened.
• T021 Preserve existing management PDF generation confirmation, authorization, audit/OperationRun behavior, OperationUxPresenter use, and signed download behavior.
• T022 Ensure failed/missing/inconsistent PDF states use safe product copy and canonical status vocabulary without adding a new status family.
• T023 Confirm customer-safe report boundaries remain intact: no raw OperationRun internals, raw provider payloads, file paths, or stack traces.

Phase 3: OperationRun Route Load Completion (P2)

Goal: Operations index/detail complete browser navigation without current 500s, fatal Livewire/Filament errors, or indefinite readiness blockers.

Independent Test: Operations index and detail render DB-only for an entitled workspace actor, hide unauthorized/cross-workspace runs, and complete focused browser navigation.

Tests First

• T024 Add or update operations HTTP/Filament tests proving /admin/workspaces/{workspace}/operations renders for an entitled actor.
• T025 Add or update operations detail tests proving /admin/workspaces/{workspace}/operations/{run} renders for an entitled actor.
• T026 Add or update DB-only/no-outbound-HTTP assertions for operations index/detail render paths.
• T027 Add or update authorization/isolation tests for workspace, managed environment, tenantless, and cross-workspace OperationRun access.
• T028 Add or update tests for bounded query/loading behavior if reproduction points to heavy payloads or unbounded relationships.

Implementation

• T029 Inspect operations page polling, Livewire hydration, table filters/search/pagination, eager loading, and view payloads for browser-readiness blockers.
• T030 Fix only the smallest operations page/view/query/readiness issue proven by reproduction. No operations page fix was required; focused proof passed.
• T031 Ensure operations pages keep raw payloads, stack traces, debug metadata, and technical internals out of default content.
• T032 Ensure any intentional polling or pending request does not prevent browser readiness detection in focused proof.
• T033 Preserve canonical OperationRunLinks and tenant/workspace-safe URL resolution.
• T034 Preserve OperationRun lifecycle truth and avoid direct status/outcome transitions outside OperationRunService.

Phase 4: Finding Detail Internal Hash Demotion (P2)

Goal: Finding detail default body presents human-readable triage context and demotes raw hashes to technical/support detail if retained.

Independent Test: A finding with fingerprint/source hash values renders default detail without prominent raw hash labels/values while authorized technical detail can still expose needed diagnostics.

Tests First

• T035 Add or update a finding detail render test proving Fingerprint, scope hash, source_fingerprint, and equivalent hash values are not prominent default body content.
• T036 Add or update customer/read-only/default-output tests proving raw hashes do not leak into customer-safe/default finding content.
• T037 Add or update a support/operator technical detail test only if the implementation retains hashes behind a collapsed or gated section.

Implementation

• T038 Update apps/platform/app/Filament/Resources/FindingResource.php only as needed to move fingerprint and related hash fields out of the default detail body.
• T039 Preserve human-readable finding title, severity, affected scope, evidence/proof link where authorized, recommendation, owner/status, and next action.
• T040 If hashes remain accessible, place them in collapsed/support/operator technical detail and gate or demote them according to existing patterns.
• T041 Do not remove support diagnostics entirely if an existing workflow depends on them.
• T042 Do not create a new finding taxonomy, status family, or diagnostic framework.

Phase 5: Readonly Provider-Connection No-Access Clarity (P3)

Goal: Authenticated readonly/limited actors remain blocked from unauthorized provider-connection routes but receive a clearer no-access outcome.

Independent Test: Readonly access remains denied, non-member/cross-workspace access remains non-leaky, and the result no longer misleadingly implies unauthenticated login when the actor is authenticated.

Tests First

• T043 Add or update ProviderConnections tests for readonly provider-connection route no-access behavior.
• T044 Add or update tests proving non-member/cross-workspace direct provider-connection access does not leak record existence.
• T045 Add or update tests proving member-but-missing-capability receives a 403 or safe denied outcome according to existing policy semantics.
• T046 Add or update tests proving no redirect loop and no provider detail leak.
• T047 Add or update tests proving an authenticated unauthorized provider actor is not redirected to a login prompt unless actually unauthenticated.

Implementation

• T048 Identify whether the confusing outcome is owned by provider resource authorization, workspace/environment middleware, panel authentication, or copy/flash handling.
• T049 Improve only the owning route/resource/middleware/copy path needed for authenticated readonly clarity.
• T050 Preserve provider view/manage capability checks and workspace/environment membership rules.
• T051 Preserve deny-as-not-found semantics for non-members and cross-workspace actors.
• T052 Do not expand provider access, provider onboarding, or provider readiness productization.

Phase 6: Product Surface, Browser Proof, And Close-Out

Goal: Prove the four remediations without claiming a new full browser audit.

• T053 Run focused browser proof for a ready management PDF review pack detail state.
• T054 Run focused browser proof for missing/failed/unavailable PDF state where fixture support exists.
• T055 Run focused browser proof for authorized management PDF download/open. Browser proof verifies the rendered download action; feature tests verify the signed binary route.
• T056 Run focused browser proof for unauthorized or unsigned report/PDF path blocked. Server-side signed/unsigned and cross-workspace route blocking is covered by focused feature tests; browser proof covers rendered action state.
• T057 Run focused browser proof for operations index navigation completion.
• T058 Run focused browser proof for operations detail navigation completion.
• T059 Run focused browser proof for finding detail default view without prominent raw hashes.
• T060 Run focused browser proof for readonly provider-connection no-access behavior. Browser proof covers the rendered provider no-access outcome; feature tests cover the member-missing-capability redirect branch.
• T061 Capture browser console, Livewire/Filament errors, network failures, 500s, and redirect-loop evidence for every focused proof path.
• T062 Complete Human Product Sanity for affected review/report, operations, finding, and provider no-access surfaces.
• T063 Create specs/412-pilot-readiness-remediation-pack/implementation-report.md with the exact report sections required by the source draft.
• T064 Complete the Spec 407 Finding Remediation Matrix in the implementation report.
• T065 Complete the Report/PDF State Matrix in the implementation report.
• T066 Record Product Surface exceptions as none or document a bounded exception with follow-up before merge.
• T067 Record UI Action Matrix confirmation, Livewire v4 compliance, provider registration location, global search posture, destructive/high-impact action posture, asset strategy, tests/browser result, deployment impact, visible complexity outcome, and no completed-spec rewrite assertion.

Phase 7: Validation

• T068 Run cd apps/platform && ./vendor/bin/sail artisan test --filter=ReviewPack. Ran; broad lane has unrelated residual failures recorded in the implementation report while in-scope ReviewPack/PDF tests passed.
• T069 Run cd apps/platform && ./vendor/bin/sail artisan test --filter=ManagementReport. Ran; Spec379/404 management PDF tests passed, older Spec366 rendered-report browser test failed and is recorded in the implementation report.
• T070 Run cd apps/platform && ./vendor/bin/sail artisan test --filter=OperationRun. Ran; an in-scope report.management.generate actionability registry gap was fixed, final manual review added ready management PDF artifact-resolution proof, repeat final review hardened the underlying management PDF service lookups, and focused operation tests passed; remaining broad residuals are recorded in the implementation report.
• T071 Run cd apps/platform && ./vendor/bin/sail artisan test --filter=Operations. Ran; focused operations route/readiness tests passed and broad residual failures are recorded in the implementation report.
• T072 Run cd apps/platform && ./vendor/bin/sail artisan test --filter=Finding. Ran; focused finding demotion tests passed and broad residual failures are recorded in the implementation report.
• T073 Run cd apps/platform && ./vendor/bin/sail artisan test --filter=ProviderConnection. Ran; focused provider no-access tests passed and broad residual failures are recorded in the implementation report.
• T074 Run the smallest broader relevant suite after targeted tests pass, normally cd apps/platform && ./vendor/bin/sail artisan test. Full suite not run because the broader validation filters already expose unrelated residual failures; final expanded focused suite passed with 131 tests and 871 assertions.
• T075 Run git diff --check.
• T076 Record final git status --short --branch in the implementation report.

Non-Goals / Stop Conditions

• NT001 Do not create new report templates, PDF renderer architecture, report workflow architecture, review-pack product concepts, or customer review surfaces.
• NT002 Do not create a new operations dashboard, OperationRun state model, finding taxonomy, provider onboarding flow, or provider access model.
• NT003 Do not implement legal hold, purge, export-before-delete governance, staging/Dokploy validation, JSONB migration, commercial lifecycle, support desk integration, or full browser audit.
• NT004 Do not add top-level navigation or major pages.
• NT005 Do not introduce new persisted entities, status families, enums, source-of-truth objects, provider registries, or cross-domain UI frameworks.
• NT006 Do not rewrite completed Specs 400-407 or remove validation, task, smoke, browser, screenshot, close-out, or review history from completed specs.
• NT007 Stop and update spec/plan before continuing if a fix requires broader architecture or product decisions beyond the four included findings.