ahmido/TenantAtlas
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects 1 Releases Wiki Activity
905b595880
TenantAtlas/specs/250-decision-governance-inbox/quickstart.md
ahmido 72bfb37ba7
Some checks failed
Main Confidence / confidence (push) Failing after 57s
Details
feat: add decision-based governance inbox (#291) 
## Summary
- add a read-first governance inbox page at `/admin/governance/inbox`
- aggregate assigned findings, intake, stale operations, alert-delivery failures, and review follow-up into one canonical routing surface
- add focused coverage for inbox authorization, navigation context, page behavior, and section builder logic
- include the Spec Kit artifacts for spec 250

## Notes
- branch is synced with `dev`
- this PR supersedes #290 for the governance inbox work

Co-authored-by: Ahmed Darrazi <ahmed.darrazi@live.de>
Reviewed-on: #291
2026-04-28 10:13:09 +00:00

65 lines
4.4 KiB
Markdown
Raw Blame History

# Quickstart: Decision-Based Governance Inbox v1
**Date**: 2026-04-28
**Feature**: [spec.md](spec.md)
## Purpose
This quickstart captures the smallest intended implementation and validation path for the governance inbox slice. It is preparation-only guidance for later implementation work.
## Planned Implementation Shape
1. Add one native Filament page at `/admin/governance/inbox`.
2. Compose five bounded source families from existing repo truth:
- assigned findings
- findings intake
- stale or terminal-follow-up operations
- alert-delivery failures
- review follow-up
3. Keep the page read-only and route every action into an existing source surface.
4. Keep tenant and family filters query-safe and workspace-safe.
## Planned Validation Commands
Run the minimum proving commands once implementation exists:
```bash
export PATH="/bin:/usr/bin:/usr/local/bin:$PATH" && cd apps/platform && ./vendor/bin/sail artisan test --compact tests/Unit/Support/GovernanceInbox/GovernanceInboxSectionBuilderTest.php
export PATH="/bin:/usr/bin:/usr/local/bin:$PATH" && cd apps/platform && ./vendor/bin/sail artisan test --compact tests/Feature/Governance/GovernanceInboxPageTest.php
export PATH="/bin:/usr/bin:/usr/local/bin:$PATH" && cd apps/platform && ./vendor/bin/sail artisan test --compact tests/Feature/Governance/GovernanceInboxAuthorizationTest.php
export PATH="/bin:/usr/bin:/usr/local/bin:$PATH" && cd apps/platform && ./vendor/bin/sail artisan test --compact tests/Feature/Governance/GovernanceInboxNavigationContextTest.php
export PATH="/bin:/usr/bin:/usr/local/bin:$PATH" && cd apps/platform && ./vendor/bin/sail bin pint --dirty --format agent
```
## Manual Review Checklist For Later Implementation
- Open `/admin/governance/inbox` as a workspace operator with at least two visible signal families.
- Verify the page stays read-only and does not offer claim, snooze, acknowledge, assign, or triage mutation controls.
- Verify a tenant-scoped launch prefilters the page to the current tenant.
- Verify explicit out-of-scope `tenant_id` query input returns `404`.
- Verify each visible section opens an existing source surface and preserves a back-link or source context.
## Guardrails To Preserve
- No new persisted inbox-item table.
- No generic cross-domain task engine.
- No browser-only validation requirement by default.
- No raw-support or debug detail rendered on the inbox page.
## Close-Out Target For Later Implementation
Record the final outcome in `Guardrail / Exception / Smoke Coverage` once implementation happens, including:
- whether a bounded `Support/GovernanceInbox/` seam was actually needed
- whether all source CTAs stayed on existing canonical surfaces
- whether any contained drift resolved as `document-in-feature`
- the final proof outcome from the focused unit and feature validation commands
## Guardrail / Exception / Smoke Coverage
- Guardrail result: PASS. The implemented slice stayed on the existing Filament v5 / Livewire v4 admin plane, kept provider registration untouched in `apps/platform/bootstrap/providers.php`, introduced no destructive inbox action, and added no new registered asset bundle.
- Bounded seam result: `document-in-feature`. The final implementation required `apps/platform/app/Support/GovernanceInbox/GovernanceInboxSectionBuilder.php` as a derived page-scoped assembler because the current source pages did not expose a reusable cross-family API.
- Source-surface result: PASS. All dominant section CTAs and preview-entry links stayed on existing findings, operations, alerts, and review surfaces; no inbox-local mutation lane or detail shell was added.
- Focused proof result: `export PATH="/bin:/usr/bin:/usr/local/bin:$PATH" && cd apps/platform && ./vendor/bin/sail artisan test --compact tests/Unit/Support/GovernanceInbox/GovernanceInboxSectionBuilderTest.php tests/Feature/Governance/GovernanceInboxAuthorizationTest.php tests/Feature/Governance/GovernanceInboxPageTest.php tests/Feature/Governance/GovernanceInboxNavigationContextTest.php` passed with `10 passed (53 assertions)`.
- Formatting result: `export PATH="/bin:/usr/bin:/usr/local/bin:$PATH" && cd apps/platform && ./vendor/bin/sail bin pint --dirty --format agent` passed.
- Smoke result: PASS. Manual integrated-browser smoke confirmed `/admin/governance/inbox` loads in workspace context, the operations CTA navigates to the canonical monitoring route with return context, and the explicit back link returns to the inbox.
Reference in New Issue View Git Blame Copy Permalink