## Summary - add Spec 288 no-legacy route/helper and provider-core/role-authority guard coverage - extend the pinned Spec 281 and Spec 285 browser smokes plus lane/report classification wording for classification-only fallout handling - add the Spec 288 artifact package and contributor-facing quality-gate guidance while keeping Package Execution deferred to Spec 289 ## Validation - `export PATH="/bin:/usr/bin:/usr/local/bin:$PATH" && REPO_ROOT="$(git rev-parse --show-toplevel)" && (cd "$REPO_ROOT/apps/platform" && ./vendor/bin/sail artisan test --compact tests/Feature/Guards/Spec288NoLegacyRouteAndHelperGuardTest.php tests/Feature/Guards/Spec288ProviderCoreAndRoleAuthorityGuardTest.php tests/Feature/Guards/AdminWorkspaceRoutesGuardTest.php tests/Feature/Guards/ProviderBoundaryPlatformCoreGuardTest.php tests/Feature/ProviderConnections/LegacyRedirectTest.php tests/Feature/ManagedEnvironment/LegacyTenantCoreGuardTest.php tests/Feature/Spec080WorkspaceManagedTenantAdminMigrationTest.php tests/Feature/Rbac/ProviderConnectionWorkspaceFirstPolicyTest.php tests/Feature/Filament/ManagedEnvironmentAccessScopeManagementTest.php tests/Feature/Guards/BrowserLaneIsolationTest.php tests/Feature/Guards/CiLaneFailureClassificationContractTest.php tests/Feature/Guards/CiHeavyBrowserWorkflowContractTest.php tests/Unit/Auth/NoRoleStringChecksTest.php)` - `export PATH="/bin:/usr/bin:/usr/local/bin:$PATH" && REPO_ROOT="$(git rev-parse --show-toplevel)" && (cd "$REPO_ROOT/apps/platform" && ./vendor/bin/sail artisan test --compact tests/Browser/Spec281ProviderConnectionScopeSmokeTest.php tests/Browser/Spec285WorkspaceRbacEnvironmentAccessSmokeTest.php)` - `export PATH="/bin:/usr/bin:/usr/local/bin:$PATH" && REPO_ROOT="$(git rev-parse --show-toplevel)" && (cd "$REPO_ROOT/apps/platform" && ./vendor/bin/sail bin pint --dirty --format agent)` Co-authored-by: Ahmed Darrazi <ahmed.darrazi@live.de> Reviewed-on: #347
51 lines
3.2 KiB
Markdown
51 lines
3.2 KiB
Markdown
# Requirements Checklist: Quality Gates / No-Legacy Enforcement
|
|
|
|
## Scope and problem framing
|
|
|
|
- [x] The package describes the real repo problem as missing enforcement over an already-completed cutover baseline.
|
|
- [x] The package keeps scope limited to guards, targeted browser proof, quality-gate docs, and classification-only baseline handling.
|
|
- [x] The package explicitly excludes runtime cutover work, provider-core rewrites, RBAC rewrites, UI copy cleanup, Review Pack export work, Guided Operations, and full-suite repair.
|
|
- [x] The package explicitly moves Package Execution Contract work to Spec `289`.
|
|
|
|
## Repo-truth anchoring
|
|
|
|
- [x] The package anchors route/path enforcement to exact retired management families instead of broad `/admin/t` bans.
|
|
- [x] The package anchors helper enforcement to retired tenant-panel bootstrapping patterns on owned seams.
|
|
- [x] The package anchors provider-core enforcement to the existing provider-boundary seams and operation-definition guards.
|
|
- [x] The package anchors role-authority enforcement to the existing workspace-first policy and managed-environment scope tests.
|
|
- [x] The package anchors baseline classification to `TestLaneManifest`, `TestLaneReport`, the current classification-contract tests, and `README.md`.
|
|
|
|
## Enforcement inventory and boundedness
|
|
|
|
- [x] The same enforcement categories appear across `spec.md`, `plan.md`, `research.md`, `data-model.md`, `quickstart.md`, the logical contract, and `tasks.md`.
|
|
- [x] Historical and immutable scan exclusions are pinned explicitly.
|
|
- [x] The package keeps provider-owned detail nested and bounded instead of pretending it disappears entirely.
|
|
- [x] The package forbids open-ended route, helper, or source-scan allowlists.
|
|
- [x] The package keeps broader baseline fallout classification-only.
|
|
|
|
## Validation and workflow
|
|
|
|
- [x] Planned proof stays bounded to targeted guard tests, targeted browser validation, and formatting.
|
|
- [x] The same validation commands appear in `spec.md`, `plan.md`, `tasks.md`, and `quickstart.md`.
|
|
- [x] The task package explicitly re-verifies Filament/Livewire/provider-registration invariants and the no-asset-registration boundary.
|
|
- [x] The package keeps review outcome, workflow outcome, and test-governance outcome aligned.
|
|
- [x] The package uses `NoLegacyGuardrail` as the close-out intent.
|
|
|
|
## Adjacent-spec control
|
|
|
|
- [x] Spec `289` is named as the explicit Package Execution Contract follow-up.
|
|
- [x] The package does not silently absorb runtime cutover work from Spec `287`.
|
|
- [x] The package does not silently absorb UI copy cleanup from Spec `286`.
|
|
- [x] The package does not silently absorb broader provider-core or RBAC rewrites.
|
|
|
|
## Notes
|
|
|
|
- Reviewed against `.specify/memory/constitution.md`, the cutover sequence in Specs `279` through `287`, the current guard/browser/lane seams, and the user-corrected `288` scope on 2026-05-10.
|
|
- This artifact package is implementation-ready only when the execution task map exists and the companion artifacts remain aligned.
|
|
|
|
## Outcome
|
|
|
|
- **Review outcome class**: `acceptable-special-case`
|
|
- **Workflow outcome**: `keep`
|
|
- **Test-governance outcome**: `keep`
|
|
- **Readiness note**: implementation is ready as a bounded enforcement slice following Spec `287`; broader baseline repair remains out of scope |