ahmido 8ee1174c8d feat: add resolved reference presentation layer (#161 )

## Summary
- add the shared resolved-reference foundation with registry, resolvers, presenters, and badge semantics
- refactor related context, assignment evidence, and policy-version assignment rendering toward label-first reference presentation
- add Spec 132 artifacts and focused Pest coverage for reference resolution, degraded states, canonical linking, and tenant-context carryover

## Verification
- `vendor/bin/sail bin pint --dirty --format agent`
- focused Pest verification was marked complete in the task artifact

## Notes
- this PR is opened from the current session branch
- `specs/132-guid-context-resolver/tasks.md` reflects in-progress completion state for the implemented tasks

Co-authored-by: Ahmed Darrazi <ahmed.darrazi@live.de>
Reviewed-on: #161

2026-03-10 18:52:52 +00:00

7.7 KiB

Raw Blame History

Data Model: GUID Context Resolver & Human-Readable Reference Presentation

Overview

This feature adds no new database tables. It introduces an application-layer reference model that normalizes how user-visible references are described, resolved, and rendered across Filament resources and related-context sections.

Entities

1. ReferenceDescriptor

Represents the structured input passed into the shared resolver layer.

Field	Type	Required	Notes
`referenceClass`	string	Yes	Explicit class such as `policy`, `policy_version`, `baseline_snapshot`, `operation_run`, `group`, `role_definition`, or `unsupported`.
`rawIdentifier`	string	Yes	Canonical raw ID, GUID, key, or source token preserved as evidence.
`workspaceId`	int\|null	No	Required when the target is workspace-owned or when workspace-scoped authorization is needed.
`tenantId`	int\|null	No	Required when the target is tenant-owned or provider-backed in tenant scope.
`sourceType`	string\|null	No	Calling surface or domain source, such as `finding`, `baseline_snapshot`, or `assignment_target`.
`sourceSurface`	string\|null	No	Rendering context such as `detail_section`, `detail_header`, or `list_row`.
`fallbackLabel`	string\|null	No	Safe operator-facing label derived from source payload when authoritative lookup is unavailable.
`linkedModelId`	int\|null	No	Optional internal record ID when the caller already knows the local model.
`linkedModelType`	string\|null	No	Optional model class or logical model name paired with `linkedModelId`.
`context`	array<string, mixed>	No	Safe source metadata used for best-effort enrichment and target construction.

Validation rules:

referenceClass must be from the supported registry or explicitly marked unsupported.
rawIdentifier must be non-empty even when linkedModelId is present so technical detail is preserved.
context must contain only safe, serializable values; no secrets or raw provider payload dumps.

2. ResolvedReference

Represents the normalized output from a resolver.

Field	Type	Required	Notes
`referenceClass`	string	Yes	Echoes the resolved class.
`rawIdentifier`	string	Yes	Original raw identifier preserved for technical detail.
`primaryLabel`	string	Yes	Human-readable display name or best-known fallback label.
`secondaryLabel`	string\|null	No	Type or context hint such as `Policy version`, `Group`, or `Workspace baseline`.
`state`	string	Yes	One of `resolved`, `partially_resolved`, `unresolved`, `deleted_or_missing`, `inaccessible`, or `external_limited_context`.
`stateLabel`	string\|null	No	Shared operator-facing vocabulary for the current state.
`linkTarget`	ReferenceLinkTarget\|null	No	Present only when the target is meaningful and access is allowed.
`technicalDetail`	ReferenceTechnicalDetail	Yes	Structured secondary detail for advanced operators.
`meta`	array<string, mixed>	No	Extra safe metadata such as badge hints or source provenance.

Rules:

primaryLabel must never default to the raw ID when a better fallback label exists.
linkTarget must be absent when the reference is inaccessible, unsupported, or not meaningful to navigate.
state must be explicit; null-based implicit semantics are not allowed.

3. ReferenceLinkTarget

Represents an optional canonical destination.

Field	Type	Required	Notes
`targetKind`	string	Yes	Logical target such as `policy`, `policy_version`, `baseline_snapshot`, or `operation_run`.
`url`	string	Yes	Canonical resolved URL when the target is actionable.
`contextBadge`	string\|null	No	Optional context hint such as `Tenant context`.
`actionLabel`	string	Yes	Operator-facing action label such as `View policy` or `View run`.

Rules:

url must come from canonical helpers such as resource getUrl() or OperationRunLinks, not hand-built route strings.
actionLabel must follow shared UI naming vocabulary.

4. ReferenceTechnicalDetail

Represents controlled technical detail.

Field	Type	Required	Notes
`displayId`	string\|null	No	Shortened or copyable technical identifier for UI display.
`fullId`	string	Yes	Raw identifier preserved in full form.
`sourceHint`	string\|null	No	Optional text like `Captured from snapshot evidence`.
`copyable`	bool	Yes	Whether UI may expose copy-to-clipboard affordance.
`defaultCollapsed`	bool	Yes	Whether technical detail should remain visually secondary by default.

5. ReferencePresentationVariant

Represents the intended rendering density.

Field	Type	Required	Notes
`variant`	string	Yes	`compact` or `detail`.
`showStateBadge`	bool	Yes	Indicates whether state badge is rendered inline.
`showTechnicalDetail`	bool	Yes	Whether the variant exposes secondary technical text inline or in disclosure form.

Relationships

ReferenceDescriptor is passed to ReferenceResolverRegistry.
ReferenceResolverRegistry selects one resolver based on referenceClass.
The chosen resolver returns a ResolvedReference.
ResolvedReference may contain a ReferenceLinkTarget and ReferenceTechnicalDetail.
Shared Filament renderers consume ResolvedReference plus ReferencePresentationVariant.
Existing RelatedNavigationResolver and current related-context sections are expected to adapt from RelatedContextEntry arrays to the richer ResolvedReference contract.

Reference State Semantics

State	Meaning	UI Expectation
`resolved`	Authoritative label and optional canonical target are known.	Label-first; actionable only when permitted.
`partially_resolved`	Useful label or type is known, but some context or navigation is missing.	Label-first with explicit partial context; technical ID secondary.
`unresolved`	Only raw identifier and perhaps source hints are known.	Visible degraded state; no false confidence.
`deleted_or_missing`	Reference once mapped to a record that no longer exists locally.	Distinct missing/deleted message; raw ID preserved secondarily.
`inaccessible`	Resolver knows a target exists but current policy does not allow navigation or safe disclosure.	Non-clickable; disclosure limited by policy.
`external_limited_context`	Reference belongs to an external/provider object with only limited local enrichment.	Best-effort label/type plus raw ID as secondary evidence.

Current Domain Sources Expected to Feed the Model

Source Model / Surface	Likely Reference Classes Produced
`Finding`	`baseline_snapshot`, `operation_run`, `policy_version`, `policy`, `baseline_profile`, assignment or principal targets from evidence
`PolicyVersion`	`policy`, `baseline_snapshot`, `baseline_profile`, `operation_run`
`BaselineSnapshot`	`baseline_profile`, `policy_version`, `operation_run`, role or assignment evidence references
`BackupSet`	`operation_run`, `policy`, `policy_version`, assignment-related target references
`OperationRun`	`backup_set`, `restore_run`, `baseline_profile`, `baseline_snapshot`, `policy`, target tenant or provider-linked context
Assignment-like views	`group`, `user`, `service_principal`, `role_definition`, `policy`, `policy_version`

Migration Impact

No database migration required.
Existing related-context or label helpers may be refactored to produce structured reference outputs instead of final UI strings.

7.7 KiB Raw Blame History