ahmido/TenantAtlas
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects 1 Releases Wiki Activity
97e06587bf
TenantAtlas/specs/074-verification-checklist/plan.md
Ahmed Darrazi 97e06587bf feat: verification report framework
2026-02-04 00:57:26 +01:00

128 lines
6.9 KiB
Markdown
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

# Implementation Plan: Verification Checklist Framework (Enterprise-Ready)
**Branch**: `074-verification-checklist` | **Date**: 2026-02-03 | **Spec**: [spec.md](./spec.md)
**Input**: Feature specification from `/specs/074-verification-checklist/spec.md`
**Note**: This file is generated from the plan template and then filled in by `/speckit.plan` workflow steps.
## Summary
- Introduce a versioned “verification report” contract that can be attached to an existing `OperationRun` and rendered consistently across multiple flows.
- Provide a reusable, DB-only report viewer (no outbound calls during render/hydration/poll) that presents summary + per-check statuses + safe evidence pointers + navigation-only next steps.
- Enforce enterprise semantics: stable reason codes, strict evidence redaction, deterministic active-run dedupe, and capability-first authorization aligned with RBAC-UX (non-members 404; members missing start capability 403).
- Emit audit events for verification start + completion using stable action identifiers with redacted metadata.
## Technical Context
**Language/Version**: PHP 8.4 (Laravel 12)
**Primary Dependencies**: Laravel 12 + Filament v5 + Livewire v4
**Storage**: PostgreSQL (Sail) with JSONB (`operation_runs.context`)
**Testing**: Pest (PHPUnit)
**Target Platform**: Web application (Sail/Docker locally; container deploy via Dokploy)
**Project Type**: web
**Performance Goals**: Verification viewer renders fast from DB-only JSON (typical report ≤ 50 checks)
**Constraints**: Viewer is read-only and must not trigger any outbound HTTP or job dispatch; evidence must not contain secrets/tokens/payloads; new status-like badges must use centralized BADGE-001 mapping.
**Scale/Scope**: Multiple tenants/workspaces; many runs over time; verification used in onboarding + provider ops + future readiness flows
## Constitution Check
*GATE: Must pass before Phase 0 research. Re-check after Phase 1 design.*
- Inventory-first, snapshots-second: PASS (this feature is run/report UX; no inventory semantics changed).
- Read/write separation: PASS (viewer is read-only; start surfaces enqueue-only and already follow `OperationRun` patterns).
- Graph contract path: PASS (viewer performs no Graph calls; verification execution remains in queued jobs that already follow provider gateway patterns).
- Deterministic capabilities: PASS (start/view gates reference the existing capability registry; no role-string checks).
- RBAC-UX: PASS (non-member tenant access is 404; member-but-missing-capability is 403; server-side gates enforce mutations/starts).
- Run observability: PASS (verification is represented as `OperationRun`; active-run dedupe enforced by the existing partial unique index on `(tenant_id, run_identity_hash)` for active statuses).
- Data minimization: PASS (report evidence constrained to safe pointers; audit metadata redacted; no secrets in stored report).
- Badge semantics (BADGE-001): PASS (plan includes adding a centralized badge domain for check statuses/severity; no ad-hoc UI mappings).
## Project Structure
### Documentation (this feature)
```text
specs/074-verification-checklist/
├── plan.md # This file
├── research.md # Phase 0 output
├── data-model.md # Phase 1 output
├── quickstart.md # Phase 1 output
├── contracts/ # Phase 1 output
└── tasks.md # Phase 2 output (/speckit.tasks)
```
### Source Code (repository root)
```text
app/
├── Filament/
├── Jobs/
├── Models/
├── Policies/
├── Services/
└── Support/
config/
database/
resources/
routes/
tests/
```
**Structure Decision**: Single Laravel web application with Filament admin panel. The framework is implemented as:
- contract + helpers under `app/Support/**`
- report writer invoked from queued jobs under `app/Jobs/**` / `app/Services/**`
- viewer UI as Filament schema components and Blade views under `app/Filament/**` and `resources/views/filament/**`
- authorization via existing capabilities/gates/policies
## Complexity Tracking
No constitution violations required for this feature.
## Phase 0 — Research (output: `research.md`)
See: [research.md](./research.md)
Goals:
- Confirm the canonical storage location for the report (DB-only render) using existing `operation_runs.context` JSONB.
- Confirm active-run dedupe behavior and ensure it matches the specs “dedupe while active only” requirement.
- Confirm the correct approach for status-like UI badges in Filament (BADGE-001), so the viewer doesnt introduce ad-hoc mappings.
- Confirm the existing audit logger + redaction utilities and define stable action IDs for verification completion.
## Phase 1 — Design & Contracts (outputs: `data-model.md`, `contracts/`, `quickstart.md`)
See:
- [data-model.md](./data-model.md)
- [contracts/](./contracts/)
- [quickstart.md](./quickstart.md)
Design focus:
- Report schema: versioned JSON document (checks + counts + timestamps + next steps) stored in `operation_runs.context.verification_report`.
- Reason codes: baseline set + reserved `ext.*` namespace.
- Evidence redaction: strict sanitizer so reports never store or render secrets/tokens/payloads.
- Viewer: reusable Filament view entry / component that renders summary + per-check details without any outbound calls.
- Authorization: view allowed for tenant-scoped members; start requires capability; non-member access is deny-as-not-found.
- Auditing: start + completion events logged with minimal redacted metadata.
## Phase 2 — Implementation Outline (tasks created in `/speckit.tasks`)
- Contract: create a canonical report schema (JSON Schema + example) and a small baseline reason-code list.
- Writer: add a `VerificationReportWriter` (or equivalent) that normalizes check results, enforces redaction rules, and writes the report into `OperationRun->context`.
- Viewer: add a reusable Filament UI renderer (Blade view + helper) that displays summary, counts, statuses, and next steps (links-only).
- Integration points:
- Show the verification report section in Monitoring → Operations run detail when present.
- Embed the same viewer in onboarding and provider connection verification flows.
- RBAC & UX:
- Enforce “view vs start” split (view allowed for tenant members; start capability required).
- Preserve RBAC-UX semantics (non-members 404; members missing capability 403).
- Audit:
- Keep existing start audit event; add a completion audit event emitted when the verification run finalizes.
- Tests (Pest):
- Viewer is DB-only (Http::fake + render assertion).
- Evidence redaction rules (report contains no forbidden keys/values).
- Dedupe semantics reuse active run (leveraging the existing partial unique index behavior).
## Constitution Check (Post-Design)
Re-check result: PASS. Design artifacts keep verification viewing DB-only, align with run observability + dedupe, enforce RBAC-UX semantics, and centralize status badge mappings.
Reference in New Issue View Git Blame Copy Permalink