ahmido/TenantAtlas
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects 1 Releases Wiki Activity
9e435ea91f
TenantAtlas/specs/288-quality-gates-no-legacy-enforcement/checklists/requirements.md
ahmido 0a1377c5f5 feat(spec-288): add no-legacy quality gates (#347) 
## Summary
- add Spec 288 no-legacy route/helper and provider-core/role-authority guard coverage
- extend the pinned Spec 281 and Spec 285 browser smokes plus lane/report classification wording for classification-only fallout handling
- add the Spec 288 artifact package and contributor-facing quality-gate guidance while keeping Package Execution deferred to Spec 289

## Validation
- `export PATH="/bin:/usr/bin:/usr/local/bin:$PATH" && REPO_ROOT="$(git rev-parse --show-toplevel)" && (cd "$REPO_ROOT/apps/platform" && ./vendor/bin/sail artisan test --compact tests/Feature/Guards/Spec288NoLegacyRouteAndHelperGuardTest.php tests/Feature/Guards/Spec288ProviderCoreAndRoleAuthorityGuardTest.php tests/Feature/Guards/AdminWorkspaceRoutesGuardTest.php tests/Feature/Guards/ProviderBoundaryPlatformCoreGuardTest.php tests/Feature/ProviderConnections/LegacyRedirectTest.php tests/Feature/ManagedEnvironment/LegacyTenantCoreGuardTest.php tests/Feature/Spec080WorkspaceManagedTenantAdminMigrationTest.php tests/Feature/Rbac/ProviderConnectionWorkspaceFirstPolicyTest.php tests/Feature/Filament/ManagedEnvironmentAccessScopeManagementTest.php tests/Feature/Guards/BrowserLaneIsolationTest.php tests/Feature/Guards/CiLaneFailureClassificationContractTest.php tests/Feature/Guards/CiHeavyBrowserWorkflowContractTest.php tests/Unit/Auth/NoRoleStringChecksTest.php)`
- `export PATH="/bin:/usr/bin:/usr/local/bin:$PATH" && REPO_ROOT="$(git rev-parse --show-toplevel)" && (cd "$REPO_ROOT/apps/platform" && ./vendor/bin/sail artisan test --compact tests/Browser/Spec281ProviderConnectionScopeSmokeTest.php tests/Browser/Spec285WorkspaceRbacEnvironmentAccessSmokeTest.php)`
- `export PATH="/bin:/usr/bin:/usr/local/bin:$PATH" && REPO_ROOT="$(git rev-parse --show-toplevel)" && (cd "$REPO_ROOT/apps/platform" && ./vendor/bin/sail bin pint --dirty --format agent)`

Co-authored-by: Ahmed Darrazi <ahmed.darrazi@live.de>
Reviewed-on: #347
2026-05-10 21:24:14 +00:00

3.2 KiB
Raw Blame History

Requirements Checklist: Quality Gates / No-Legacy Enforcement

Scope and problem framing

  • The package describes the real repo problem as missing enforcement over an already-completed cutover baseline.
  • The package keeps scope limited to guards, targeted browser proof, quality-gate docs, and classification-only baseline handling.
  • The package explicitly excludes runtime cutover work, provider-core rewrites, RBAC rewrites, UI copy cleanup, Review Pack export work, Guided Operations, and full-suite repair.
  • The package explicitly moves Package Execution Contract work to Spec 289.

Repo-truth anchoring

  • The package anchors route/path enforcement to exact retired management families instead of broad /admin/t bans.
  • The package anchors helper enforcement to retired tenant-panel bootstrapping patterns on owned seams.
  • The package anchors provider-core enforcement to the existing provider-boundary seams and operation-definition guards.
  • The package anchors role-authority enforcement to the existing workspace-first policy and managed-environment scope tests.
  • The package anchors baseline classification to TestLaneManifest, TestLaneReport, the current classification-contract tests, and README.md.

Enforcement inventory and boundedness

  • The same enforcement categories appear across spec.md, plan.md, research.md, data-model.md, quickstart.md, the logical contract, and tasks.md.
  • Historical and immutable scan exclusions are pinned explicitly.
  • The package keeps provider-owned detail nested and bounded instead of pretending it disappears entirely.
  • The package forbids open-ended route, helper, or source-scan allowlists.
  • The package keeps broader baseline fallout classification-only.

Validation and workflow

  • Planned proof stays bounded to targeted guard tests, targeted browser validation, and formatting.
  • The same validation commands appear in spec.md, plan.md, tasks.md, and quickstart.md.
  • The task package explicitly re-verifies Filament/Livewire/provider-registration invariants and the no-asset-registration boundary.
  • The package keeps review outcome, workflow outcome, and test-governance outcome aligned.
  • The package uses NoLegacyGuardrail as the close-out intent.

Adjacent-spec control

  • Spec 289 is named as the explicit Package Execution Contract follow-up.
  • The package does not silently absorb runtime cutover work from Spec 287.
  • The package does not silently absorb UI copy cleanup from Spec 286.
  • The package does not silently absorb broader provider-core or RBAC rewrites.

Notes

  • Reviewed against .specify/memory/constitution.md, the cutover sequence in Specs 279 through 287, the current guard/browser/lane seams, and the user-corrected 288 scope on 2026-05-10.
  • This artifact package is implementation-ready only when the execution task map exists and the companion artifacts remain aligned.

Outcome

  • Review outcome class: acceptable-special-case
  • Workflow outcome: keep
  • Test-governance outcome: keep
  • Readiness note: implementation is ready as a bounded enforcement slice following Spec 287; broader baseline repair remains out of scope