ahmido/TenantAtlas
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects 1 Releases Wiki Activity
84bb094e5e
TenantAtlas/specs/412-pilot-readiness-remediation-pack/tasks.md
Ahmed Darrazi 84bb094e5e
Some checks failed
PR Fast Feedback / fast-feedback (pull_request) Failing after 1m13s
Details
feat: implement pilot readiness remediation pack contract
2026-06-24 22:26:28 +02:00

166 lines
16 KiB
Markdown
Raw Blame History

# Tasks: Spec 412 - Pilot Readiness Remediation Pack
**Input**: `specs/412-pilot-readiness-remediation-pack/spec.md`, `plan.md`, `checklists/requirements.md`, user-provided Spec 408 draft, Spec 407 findings, Product Surface Contract, roadmap/spec-candidate truth, and repo inventory.
**Prerequisites**: Review `AGENTS.md`, `.specify/memory/constitution.md`, `docs/ai-coding-rules.md`, `docs/product/standards/product-surface-contract.md`, `docs/filament-guidelines.md`, `docs/security-guidelines.md`, `docs/testing-guidelines.md`, and this spec package before runtime edits.
**Tests**: Required. Runtime behavior changes need focused Pest feature/Filament/Livewire tests plus focused browser proof. No full browser audit claim.
## Test Governance Checklist
- [x] Lane assignment is named and is the narrowest sufficient proof for each changed behavior.
- [x] New or changed tests stay in the smallest honest family, and browser proof is explicit and focused.
- [x] Shared helpers, factories, seeds, fixtures, and context defaults stay cheap by default.
- [x] Planned validation commands cover the four included findings without pulling in unrelated lane cost.
- [x] The declared surface test profiles are explicit: shared-detail-family, monitoring-state-page, exception-coded-surface.
- [x] Browser proof is completed for rendered UI changes.
- [x] Human Product Sanity and Product Surface implementation-report close-out are completed.
- [x] Any material budget, baseline, trend, or escalation note is recorded in the implementation report.
## Phase 1: Safety, Inventory, And Reproduction
**Purpose**: Confirm repo state, locate exact runtime ownership, and reproduce/validate each Spec 407 finding before fixing.
- [x] T001 Record `git status --short --branch`, `git diff --name-only`, and `git diff --check` before implementation.
- [x] T002 Read `specs/412-pilot-readiness-remediation-pack/spec.md`, `plan.md`, `tasks.md`, and `checklists/requirements.md`.
- [x] T003 Confirm no completed Specs 400-407 are edited or normalized.
- [x] T004 Inventory review/report/PDF routes, resources, controllers, services, and tests related to ReviewPack, StoredReport, ManagementReportPdf, signed downloads, and customer reports.
- [x] T005 Inventory operations index/detail routes, `Operations` page, `TenantlessOperationRunViewer`, views, OperationRun link helpers, polling/readiness behavior, and existing tests.
- [x] T006 Inventory finding detail rendering, fingerprint/source hash fields, technical detail sections, customer-safe report/finding surfaces, and existing finding tests.
- [x] T007 Inventory provider-connection route, resource, middleware/policy, readonly/no-access behavior, and existing ProviderConnections tests.
- [x] T008 Reproduce or validate the ready-management-PDF-not-surfaced finding with existing or minimally created local fixtures.
- [x] T009 Reproduce or validate operations route browser timeout/no-current-500 behavior with focused browser navigation.
- [x] T010 Reproduce or validate finding fingerprint/scope hash default-body exposure.
- [x] T011 Reproduce or validate readonly provider-connection no-access copy/redirect behavior.
- [x] T012 Document any non-reproducible finding and the proof that makes it non-reproducible without marking it fixed prematurely.
## Phase 2: Review Pack / Management PDF Surfacing (P1)
**Goal**: Ready stored management PDFs surface as ready/downloadable, not primarily as generate.
**Independent Test**: A ready ReviewPack with a ready management-report StoredReport renders a ready/download action for authorized users and keeps unauthorized/cross-workspace direct download blocked.
### Tests First
- [x] T013 Add or update a ReviewPack/Filament test proving a ready management PDF renders ready/download/open state on review pack detail.
- [x] T014 Add or update a test proving `Generate management PDF` is not the primary action when a valid ready management PDF exists.
- [x] T015 Add or update tests for missing, failed, unavailable, expired, or inconsistent PDF/file states so they are not shown or served as ready.
- [x] T016 Add or update signed download authorization tests proving authorized download works and unauthorized/cross-workspace direct download remains blocked.
- [x] T017 Add or update signed vs unsigned report route tests proving customer report behavior does not regress.
### Implementation
- [x] T018 Verify and harden `ManagementReportPdfService::findReadyReport()` and related decision methods so they use the correct same-scope ReviewPack/StoredReport source truth.
- [x] T019 Update `apps/platform/app/Filament/Resources/ReviewPackResource/Pages/ViewReviewPack.php` only as needed so ready PDF state wins over generate as the primary state. Existing implementation already satisfied this and was verified by Spec379 tests/browser proof.
- [x] T020 Update `ManagementReportPdfService` only if tests prove the UI is reading an incomplete or inconsistent state source. Repeat final review proved incomplete service-level scope checks, so ready/active/retry/run-bound management PDF lookups were hardened.
- [x] T021 Preserve existing management PDF generation confirmation, authorization, audit/OperationRun behavior, `OperationUxPresenter` use, and signed download behavior.
- [x] T022 Ensure failed/missing/inconsistent PDF states use safe product copy and canonical status vocabulary without adding a new status family.
- [x] T023 Confirm customer-safe report boundaries remain intact: no raw OperationRun internals, raw provider payloads, file paths, or stack traces.
## Phase 3: OperationRun Route Load Completion (P2)
**Goal**: Operations index/detail complete browser navigation without current 500s, fatal Livewire/Filament errors, or indefinite readiness blockers.
**Independent Test**: Operations index and detail render DB-only for an entitled workspace actor, hide unauthorized/cross-workspace runs, and complete focused browser navigation.
### Tests First
- [x] T024 Add or update operations HTTP/Filament tests proving `/admin/workspaces/{workspace}/operations` renders for an entitled actor.
- [x] T025 Add or update operations detail tests proving `/admin/workspaces/{workspace}/operations/{run}` renders for an entitled actor.
- [x] T026 Add or update DB-only/no-outbound-HTTP assertions for operations index/detail render paths.
- [x] T027 Add or update authorization/isolation tests for workspace, managed environment, tenantless, and cross-workspace OperationRun access.
- [x] T028 Add or update tests for bounded query/loading behavior if reproduction points to heavy payloads or unbounded relationships.
### Implementation
- [x] T029 Inspect operations page polling, Livewire hydration, table filters/search/pagination, eager loading, and view payloads for browser-readiness blockers.
- [x] T030 Fix only the smallest operations page/view/query/readiness issue proven by reproduction. No operations page fix was required; focused proof passed.
- [x] T031 Ensure operations pages keep raw payloads, stack traces, debug metadata, and technical internals out of default content.
- [x] T032 Ensure any intentional polling or pending request does not prevent browser readiness detection in focused proof.
- [x] T033 Preserve canonical `OperationRunLinks` and tenant/workspace-safe URL resolution.
- [x] T034 Preserve OperationRun lifecycle truth and avoid direct status/outcome transitions outside `OperationRunService`.
## Phase 4: Finding Detail Internal Hash Demotion (P2)
**Goal**: Finding detail default body presents human-readable triage context and demotes raw hashes to technical/support detail if retained.
**Independent Test**: A finding with fingerprint/source hash values renders default detail without prominent raw hash labels/values while authorized technical detail can still expose needed diagnostics.
### Tests First
- [x] T035 Add or update a finding detail render test proving `Fingerprint`, `scope hash`, `source_fingerprint`, and equivalent hash values are not prominent default body content.
- [x] T036 Add or update customer/read-only/default-output tests proving raw hashes do not leak into customer-safe/default finding content.
- [x] T037 Add or update a support/operator technical detail test only if the implementation retains hashes behind a collapsed or gated section.
### Implementation
- [x] T038 Update `apps/platform/app/Filament/Resources/FindingResource.php` only as needed to move `fingerprint` and related hash fields out of the default detail body.
- [x] T039 Preserve human-readable finding title, severity, affected scope, evidence/proof link where authorized, recommendation, owner/status, and next action.
- [x] T040 If hashes remain accessible, place them in collapsed/support/operator technical detail and gate or demote them according to existing patterns.
- [x] T041 Do not remove support diagnostics entirely if an existing workflow depends on them.
- [x] T042 Do not create a new finding taxonomy, status family, or diagnostic framework.
## Phase 5: Readonly Provider-Connection No-Access Clarity (P3)
**Goal**: Authenticated readonly/limited actors remain blocked from unauthorized provider-connection routes but receive a clearer no-access outcome.
**Independent Test**: Readonly access remains denied, non-member/cross-workspace access remains non-leaky, and the result no longer misleadingly implies unauthenticated login when the actor is authenticated.
### Tests First
- [x] T043 Add or update ProviderConnections tests for readonly provider-connection route no-access behavior.
- [x] T044 Add or update tests proving non-member/cross-workspace direct provider-connection access does not leak record existence.
- [x] T045 Add or update tests proving member-but-missing-capability receives a 403 or safe denied outcome according to existing policy semantics.
- [x] T046 Add or update tests proving no redirect loop and no provider detail leak.
- [x] T047 Add or update tests proving an authenticated unauthorized provider actor is not redirected to a login prompt unless actually unauthenticated.
### Implementation
- [x] T048 Identify whether the confusing outcome is owned by provider resource authorization, workspace/environment middleware, panel authentication, or copy/flash handling.
- [x] T049 Improve only the owning route/resource/middleware/copy path needed for authenticated readonly clarity.
- [x] T050 Preserve provider view/manage capability checks and workspace/environment membership rules.
- [x] T051 Preserve deny-as-not-found semantics for non-members and cross-workspace actors.
- [x] T052 Do not expand provider access, provider onboarding, or provider readiness productization.
## Phase 6: Product Surface, Browser Proof, And Close-Out
**Goal**: Prove the four remediations without claiming a new full browser audit.
- [x] T053 Run focused browser proof for a ready management PDF review pack detail state.
- [x] T054 Run focused browser proof for missing/failed/unavailable PDF state where fixture support exists.
- [x] T055 Run focused browser proof for authorized management PDF download/open. Browser proof verifies the rendered download action; feature tests verify the signed binary route.
- [x] T056 Run focused browser proof for unauthorized or unsigned report/PDF path blocked. Server-side signed/unsigned and cross-workspace route blocking is covered by focused feature tests; browser proof covers rendered action state.
- [x] T057 Run focused browser proof for operations index navigation completion.
- [x] T058 Run focused browser proof for operations detail navigation completion.
- [x] T059 Run focused browser proof for finding detail default view without prominent raw hashes.
- [x] T060 Run focused browser proof for readonly provider-connection no-access behavior. Browser proof covers the rendered provider no-access outcome; feature tests cover the member-missing-capability redirect branch.
- [x] T061 Capture browser console, Livewire/Filament errors, network failures, 500s, and redirect-loop evidence for every focused proof path.
- [x] T062 Complete Human Product Sanity for affected review/report, operations, finding, and provider no-access surfaces.
- [x] T063 Create `specs/412-pilot-readiness-remediation-pack/implementation-report.md` with the exact report sections required by the source draft.
- [x] T064 Complete the Spec 407 Finding Remediation Matrix in the implementation report.
- [x] T065 Complete the Report/PDF State Matrix in the implementation report.
- [x] T066 Record Product Surface exceptions as `none` or document a bounded exception with follow-up before merge.
- [x] T067 Record UI Action Matrix confirmation, Livewire v4 compliance, provider registration location, global search posture, destructive/high-impact action posture, asset strategy, tests/browser result, deployment impact, visible complexity outcome, and no completed-spec rewrite assertion.
## Phase 7: Validation
- [x] T068 Run `cd apps/platform && ./vendor/bin/sail artisan test --filter=ReviewPack`. Ran; broad lane has unrelated residual failures recorded in the implementation report while in-scope ReviewPack/PDF tests passed.
- [x] T069 Run `cd apps/platform && ./vendor/bin/sail artisan test --filter=ManagementReport`. Ran; Spec379/404 management PDF tests passed, older Spec366 rendered-report browser test failed and is recorded in the implementation report.
- [x] T070 Run `cd apps/platform && ./vendor/bin/sail artisan test --filter=OperationRun`. Ran; an in-scope `report.management.generate` actionability registry gap was fixed, final manual review added ready management PDF artifact-resolution proof, repeat final review hardened the underlying management PDF service lookups, and focused operation tests passed; remaining broad residuals are recorded in the implementation report.
- [x] T071 Run `cd apps/platform && ./vendor/bin/sail artisan test --filter=Operations`. Ran; focused operations route/readiness tests passed and broad residual failures are recorded in the implementation report.
- [x] T072 Run `cd apps/platform && ./vendor/bin/sail artisan test --filter=Finding`. Ran; focused finding demotion tests passed and broad residual failures are recorded in the implementation report.
- [x] T073 Run `cd apps/platform && ./vendor/bin/sail artisan test --filter=ProviderConnection`. Ran; focused provider no-access tests passed and broad residual failures are recorded in the implementation report.
- [x] T074 Run the smallest broader relevant suite after targeted tests pass, normally `cd apps/platform && ./vendor/bin/sail artisan test`. Full suite not run because the broader validation filters already expose unrelated residual failures; final expanded focused suite passed with 131 tests and 871 assertions.
- [x] T075 Run `git diff --check`.
- [x] T076 Record final `git status --short --branch` in the implementation report.
## Non-Goals / Stop Conditions
- [x] NT001 Do not create new report templates, PDF renderer architecture, report workflow architecture, review-pack product concepts, or customer review surfaces.
- [x] NT002 Do not create a new operations dashboard, OperationRun state model, finding taxonomy, provider onboarding flow, or provider access model.
- [x] NT003 Do not implement legal hold, purge, export-before-delete governance, staging/Dokploy validation, JSONB migration, commercial lifecycle, support desk integration, or full browser audit.
- [x] NT004 Do not add top-level navigation or major pages.
- [x] NT005 Do not introduce new persisted entities, status families, enums, source-of-truth objects, provider registries, or cross-domain UI frameworks.
- [x] NT006 Do not rewrite completed Specs 400-407 or remove validation, task, smoke, browser, screenshot, close-out, or review history from completed specs.
- [x] NT007 Stop and update spec/plan before continuing if a fix requires broader architecture or product decisions beyond the four included findings.
Reference in New Issue View Git Blame Copy Permalink