TenantAtlas/specs/282-governance-artifact-retargeting/research.md

Research: Governance Artifact Retargeting to ManagedEnvironment

Decision Summary

Decision 1: Treat 282 as a surface-ownership slice, not a schema slice

• Decision: 282 will retarget existing governance artifact resources and drillthroughs to the workspace-first admin runtime. It will not reopen tenant_id to managed_environment_id persistence work.
• Why: repo truth already shows managed_environment_id plus workspace_id on the relevant models, and the real remaining gap is surface registration, route ownership, and context resolution.
• Evidence:
  • OperationRun, Finding, Policy, BackupSet, RestoreRun, EvidenceSnapshot, ReviewPack, TenantReview, and StoredReport already persist managed_environment_id
  • many models use DerivesWorkspaceIdFromTenant or equivalent workspace derivation seams

Decision 2: Scope the implementation around current resource families

• Decision: the primary implementation unit is the current environment-owned Filament resource families, not a generic artifact abstraction.
• Why: the route and admin-registration drift is expressed in concrete resources such as FindingResource, PolicyResource, BackupSetResource, RestoreRunResource, EvidenceSnapshotResource, ReviewPackResource, and StoredReportResource.
• Evidence:
  • several resources still include admin-hide guards through shouldRegisterNavigation() checks against the admin panel
  • read-only artifact resources still use ManagedEnvironment::current() or mixed fallback chains that imply tenant-panel ownership

Decision 3: Reuse shared context and link seams

• Decision: reuse ResolvesPanelTenantContext, InteractsWithTenantOwnedRecords, RelatedNavigationResolver, CanonicalNavigationContext, and OperationRunLinks instead of creating a new route-helper layer.
• Why: the repo already has one shared environment-resolution seam and one shared navigation contract; the drift is in how existing resources still call them under tenant-panel assumptions.
• Evidence:
  • ResolvesPanelTenantContext already branches for admin versus tenant panels
  • OperationRunLinks already owns canonical operations URLs

Decision 4: Keep artifact lifecycle and stored-report productization deferred

• Decision: defer lifecycle semantics to Spec 267 and broader stored-report surface/productization work to Spec 277.
• Why: both packages already exist and would broaden 282 beyond route ownership and context resolution.
• Evidence:
  • specs/267-artifact-lifecycle-retention/spec.md is already Ready for implementation
  • specs/277-stored-reports-surface/spec.md is already Ready for implementation

Decision 5: Keep provider, RBAC, copy, and no-legacy follow-through deferred

• Decision: defer Specs 283 through 287 unchanged.
• Why: 282 is already broad enough at the resource-surface layer. Capability registries, taxonomies, RBAC redesign, vocabulary cleanup, and global cutover quality gates belong to the later reserved slots.

Decision 6: Keep adjacent pages out of scope for 282

• Decision: pages such as TenantDiagnostics, InventoryCoverage, and BaselineCompareLanding remain out of scope for 282 unless a later implementation produces a concrete, isolated follow-up need.
• Why: repo truth shows these are adjacent seams, not part of the minimum route-ownership contract needed for the current governance artifact resource families.

Touched Resource Inventory

Family	Representative resources	Current repo issue
Governance registers	InventoryItemResource, PolicyResource, PolicyVersionResource, FindingResource, FindingExceptionResource	admin-hidden registration or environment-context drift
Recovery and backup	BackupScheduleResource, BackupSetResource, RestoreRunResource	admin-hidden registration plus many related links and action URLs
Evidence and reporting	EvidenceSnapshotResource, TenantReviewResource, ReviewPackResource, StoredReportResource	environment resolution still assumes tenant-panel truth in fallbacks

Candidate Deviations From Raw Backlog Text

• The raw candidate reads like a model and route retarget combined. Repo truth shows the model retarget already happened in Spec 279.
• The raw candidate mentions renaming review concepts and removing remaining /admin/t links broadly. For 282, this is narrowed to the touched governance artifact surface families only; broader copy cleanup remains Spec 286.
• The raw candidate's operation_runs move is already satisfied at the persistence layer; 282 only retargets artifact-origin links into the workspace-first operations routes reused from Spec 280.
• The raw candidate's backup items note remains nested under backup-set and restore-run surfaces and does not become a separate top-level route family in 282.

Implementation Risks To Hold During Tasks Generation

• Do not widen into lifecycle or reporting semantics just because ReviewPackResource and StoredReportResource are touched.
• Do not create new route helpers or a generic artifact surface layer.
• Do not leave any touched family half-migrated, where list pages move but action URLs or related links still emit tenant-panel destinations.

Files Reviewed

• .specify/memory/constitution.md
• docs/product/spec-candidates.md
• docs/product/roadmap.md
• specs/267-artifact-lifecycle-retention/spec.md
• specs/277-stored-reports-surface/spec.md
• specs/279-workspace-managed-environment-core/spec.md
• specs/280-workspace-tenancy-environment-routing/spec.md
• specs/281-provider-connection-scope/spec.md
• apps/platform/app/Models/OperationRun.php
• apps/platform/app/Filament/Concerns/ResolvesPanelTenantContext.php
• apps/platform/app/Filament/Resources/FindingResource.php
• apps/platform/app/Filament/Resources/EvidenceSnapshotResource.php
• apps/platform/app/Filament/Resources/ReviewPackResource.php
• apps/platform/app/Filament/Resources/StoredReportResource.php
• repo-wide searches for admin-hide guards and environment-context helper usage in Filament resources and pages