TenantAtlas/specs/261-provider-missing-policy-visibility/quickstart.md

# Quickstart: Provider-Missing Policy Visibility & Restore Continuity v1

## Preconditions

1. Start the platform runtime if it is not already running:

```bash
export PATH="/bin:/usr/bin:/usr/local/bin:$PATH"
cd apps/platform && ./vendor/bin/sail up -d
```

2. Keep verification inside the existing policy, backup, and restore seams. No browser smoke or heavy-governance lane is required for this slice.

## Scenario 1: Provider-missing is distinct from local ignore

1. Create or reuse a tenant policy fixture that sync normally into the local `policies` table.
2. Mark a second policy as locally ignored through the existing ignore flow.
3. Run sync with a provider payload that omits the first policy but still returns the second policy.
4. Verify:
   - the omitted policy receives `missing_from_provider_at` and remains visible as provider-missing
   - the locally ignored policy keeps `ignored_at`
   - sync does not clear `ignored_at` for the ignored policy

## Scenario 2: Current backup/export blocks provider-missing policies

1. Reuse a policy marked provider-missing from Scenario 1 and apply the existing local ignore flow so the policy reaches the combined ignored-plus-missing state.
2. Attempt the current backup/export path from the existing policy or backup selection surface.
3. Verify:
   - the combined-state policy remains visible but blocked from fresh capture
   - the combined ignored-plus-missing policy is discoverable from both the `ignored` and `provider_missing` filter views
   - the primary blocked reason is provider-missing
   - local ignore remains visible only as secondary context, not the dominant blocker
   - no new backup/export run is created for a blocked policy

## Scenario 3: Historical restore continuity remains available

1. Create or reuse a `BackupItem` for a policy that is now provider-missing.
2. Open the existing restore-run creation flow for the owning backup set.
3. Verify:
   - the historical item remains selectable when otherwise eligible
   - the selection UI shows a provider-missing continuity note rather than filtering the item out

## Scenario 4: Reappearance clears only provider-missing state

1. Re-run sync with the previously missing policy present again.
2. Verify:
   - `missing_from_provider_at` clears
   - `ignored_at` remains unchanged if the policy is locally ignored
   - an audit event records the reappearance transition

## Focused Validation Commands

```bash
export PATH="/bin:/usr/bin:/usr/local/bin:$PATH" && cd apps/platform && ./vendor/bin/sail artisan test --compact tests/Feature/Jobs/PolicySyncProviderMissingSemanticsTest.php tests/Feature/Jobs/PolicySyncIgnoredRevivalTest.php tests/Feature/Jobs/AppProtectionPolicySyncFilteringTest.php tests/Feature/PolicySyncServiceTest.php tests/Feature/PolicySyncEnrollmentConfigurationTypeCollisionTest.php tests/Feature/PolicySyncStartSurfaceTest.php

export PATH="/bin:/usr/bin:/usr/local/bin:$PATH" && cd apps/platform && ./vendor/bin/sail artisan test --compact tests/Feature/Filament/PolicyProviderMissingUiTest.php tests/Feature/PolicyGeneralViewTest.php tests/Feature/BulkDeletePoliciesTest.php tests/Feature/BulkUnignorePoliciesTest.php tests/Unit/Badges/PolicyBadgesTest.php

export PATH="/bin:/usr/bin:/usr/local/bin:$PATH" && cd apps/platform && ./vendor/bin/sail artisan test --compact tests/Feature/BulkExportToBackupTest.php tests/Feature/Filament/BackupCreationTest.php tests/Feature/Filament/BackupSetPolicyPickerTableTest.php tests/Feature/Filament/RestoreItemSelectionTest.php tests/Feature/RestoreUnknownPolicyTypeSafetyTest.php
```

## Finish

1. Run Pint on touched PHP files:

```bash
export PATH="/bin:/usr/bin:/usr/local/bin:$PATH" && cd apps/platform && ./vendor/bin/sail bin pint --dirty --format agent
```

2. Confirm there are no remaining sync-driven `ignored_at` writes in policy-sync code paths and that the slice did not introduce `SoftDeletes`, a purge path, or a new lifecycle framework before closing the feature.