TenantAtlas/specs/296-full-suite-green-signal-restoration/tasks.md
ahmido 38523814c2 fix: restore full-suite green signals across platform workflows (#351)
## Summary
- restore broad full-suite green-signal coverage across platform governance, operations, onboarding, dashboard/productization, and customer review flows
- align related platform tests and supporting behavior with the current expected state for this restoration pass
- update the spec-candidates queue as part of the same suite-restoration sweep

## Validation
- `cd apps/platform && ./vendor/bin/sail artisan test --compact tests/Browser/Dashboard/TenantDashboardProductizationSmokeTest.php tests/Browser/Reviews/CustomerReviewWorkspaceSmokeTest.php tests/Browser/Spec194GovernanceFrictionSmokeTest.php tests/Browser/Spec265DecisionRegisterSmokeTest.php`

Co-authored-by: Ahmed Darrazi <ahmed.darrazi@live.de>
Reviewed-on: #351
2026-05-12 18:50:40 +00:00

278 lines
23 KiB
Markdown

# Tasks: Full Suite Green Signal Restoration
**Input**: Design documents from `/Users/ahmeddarrazi/Documents/projects/wt-plattform/specs/296-full-suite-green-signal-restoration/`
**Prerequisites**: `spec.md`, `plan.md`, `research.md`, `data-model.md`, `quickstart.md`, `failure-inventory.md`, `fix-log.md`, `lane-decisions.md`, `browser-evidence.md`, `checklists/requirements.md`
**Review Artifact**: `/Users/ahmeddarrazi/Documents/projects/wt-plattform/specs/296-full-suite-green-signal-restoration/checklists/requirements.md`
**Failure Inventory**: `/Users/ahmeddarrazi/Documents/projects/wt-plattform/specs/296-full-suite-green-signal-restoration/failure-inventory.md`
## Review Metadata
- **Review outcome class**: `acceptable-special-case`
- **Workflow outcome**: `keep`
- **Test-governance outcome**: `keep`
- **Stop / split triggers**: unrelated dirty worktree, TenantPanelProvider reactivation, `/admin/t/...` compatibility route, RBAC weakening, mass skip, broad runtime refactor, new migration without hard proof, unclassified red group, undocumented screenshot baseline update, or controlled default CI without lane ownership.
## Test Governance Checklist
- [x] Lane assignment is named and is the narrowest sufficient proof for each changed behavior.
- [x] New or changed tests stay in the smallest honest family, and any heavy-governance or browser addition is explicit.
- [x] Shared helpers, factories, seeds, fixtures, provider setup, workspace context, session state, and capability defaults stay cheap by default.
- [x] Planned validation commands cover the change without pulling in unrelated lane cost until final full-suite validation.
- [x] The declared surface test profile or `standard-native-filament` relief is explicit.
- [x] Any material budget, baseline, trend, lane move, skip, obsolete-test, or screenshot decision is recorded in the active spec artifacts.
## Final Validation Status
- Final raw full-suite rerun (`cd apps/platform && ./vendor/bin/sail artisan test --compact`) was not rerun after the repair loop because the current validation used the existing lane split plus guard commands as the bounded proof set. The raw baseline remains recorded as the first red signal, not as final green evidence.
- Current lane proof is green: `fast-feedback` (1828 passed), `confidence` (4265 passed, 8 skipped), `heavy-governance` (340 passed), `browser` (49 passed).
- Current guard proof is green: Spec 288 (50 passed), Spec 293 (127 passed), ProviderConnections/Verification (109 passed).
- Screenshot baselines are not intentionally updated; browser-run screenshot deletions were restored.
## Phase 1: Safety Gate And Repo Context
**Purpose**: Confirm Spec 296 starts from a clean, isolated branch and uses prior stabilization truth as context only.
- [x] T001 Run `git branch --show-current` in `/Users/ahmeddarrazi/Documents/projects/wt-plattform` and confirm the branch is `296-full-suite-green-signal-restoration`.
- [x] T002 Run `git status --short` in `/Users/ahmeddarrazi/Documents/projects/wt-plattform` and stop if unrelated uncommitted changes are present.
- [x] T003 Run `git diff --stat` in `/Users/ahmeddarrazi/Documents/projects/wt-plattform` and record any pre-existing spec-local changes in `/Users/ahmeddarrazi/Documents/projects/wt-plattform/specs/296-full-suite-green-signal-restoration/failure-inventory.md`.
- [x] T004 [P] Review `/Users/ahmeddarrazi/Documents/projects/wt-plattform/.specify/memory/constitution.md` and confirm the implementation still obeys workspace isolation, tenant isolation, RBAC-UX, Provider Boundary, OperationRun, Filament, and TEST-GOV rules.
- [x] T005 [P] Review `/Users/ahmeddarrazi/Documents/projects/wt-plattform/specs/293-post-cutover-suite-stabilization/failure-classification.md`, `/Users/ahmeddarrazi/Documents/projects/wt-plattform/specs/294-provider-verification-runtime-semantics/failure-classification.md`, `/Users/ahmeddarrazi/Documents/projects/wt-plattform/specs/295-full-suite-ci-baseline/failure-classification.md`, and `/Users/ahmeddarrazi/Documents/projects/wt-plattform/specs/295-full-suite-ci-baseline/tasks.md` as context only.
- [x] T006 [P] Confirm no edits are made to completed Specs 293, 294, or 295 unless the active implementation discovers a clear preparation-artifact correction and the spec/plan are updated first.
- [x] T007 Confirm the explicit forbidden scope in `/Users/ahmeddarrazi/Documents/projects/wt-plattform/specs/296-full-suite-green-signal-restoration/spec.md`: no TenantPanelProvider restoration, no `/admin/t/...` restoration, no `/admin/operations` fallback route, no broad product feature, no RBAC weakening.
---
## Phase 2: User Story 1 - Inventory The Red Suite Before Repairs (Priority: P1)
**Goal**: Capture the raw full-suite baseline or fallback lane split before any fix.
**Independent Test**: `failure-inventory.md` contains grouped baseline entries with classifications and validation commands.
- [x] T008 [US1] Run `cd /Users/ahmeddarrazi/Documents/projects/wt-plattform/apps/platform && ./vendor/bin/sail artisan test --compact`; record pass/fail/skipped counts, duration, and truncation notes in `/Users/ahmeddarrazi/Documents/projects/wt-plattform/specs/296-full-suite-green-signal-restoration/failure-inventory.md`.
- [x] T009 [US1] If T008 output is too broad or truncated, run `./scripts/platform-test-lane fast-feedback` from `/Users/ahmeddarrazi/Documents/projects/wt-plattform` and record all failure groups in `failure-inventory.md`.
- [x] T010 [US1] If T008 output is too broad or truncated, run `./scripts/platform-test-lane confidence` from `/Users/ahmeddarrazi/Documents/projects/wt-plattform` and record all failure groups in `failure-inventory.md`.
- [x] T011 [US1] If T008 output is too broad or truncated, run `./scripts/platform-test-lane heavy-governance` from `/Users/ahmeddarrazi/Documents/projects/wt-plattform` and record all failure groups in `failure-inventory.md`.
- [x] T012 [US1] If T008 output is too broad or truncated, run `./scripts/platform-test-lane browser` from `/Users/ahmeddarrazi/Documents/projects/wt-plattform` and record all failure groups in `failure-inventory.md`.
- [x] T013 [US1] Group duplicate failures under the same root-cause row in `failure-inventory.md` rather than creating one row per repeated assertion.
- [x] T014 [US1] Assign exactly one pinned classification and one fix type to each row in `failure-inventory.md`.
- [x] T015 [US1] Do not repair any test or runtime file until T008 through T014 have enough inventory to prioritize root causes.
---
## Phase 3: User Story 2 - Protect Guard Lanes First (Priority: P1)
**Goal**: Keep regression-critical cutover, provider, browser-lane isolation, CI classification, and no-role-string RBAC guards green before broad repairs.
**Independent Test**: Spec 288, Spec 293, and Spec 294 lanes are green or are the active focused repair owner.
- [x] T016 [US2] Run the Spec 288 guard command from `/Users/ahmeddarrazi/Documents/projects/wt-plattform/specs/296-full-suite-green-signal-restoration/spec.md` inside `/Users/ahmeddarrazi/Documents/projects/wt-plattform/apps/platform`.
- [x] T017 [US2] If the Spec 288 guard command fails, add each failure to `failure-inventory.md` and repair this lane before lower-priority work.
- [x] T018 [US2] Run the Spec 293 cutover regression command from `/Users/ahmeddarrazi/Documents/projects/wt-plattform/specs/296-full-suite-green-signal-restoration/spec.md` inside `/Users/ahmeddarrazi/Documents/projects/wt-plattform/apps/platform`.
- [x] T019 [US2] If the Spec 293 command fails, add each failure to `failure-inventory.md` and repair this lane before lower-priority work.
- [x] T020 [US2] Run `cd /Users/ahmeddarrazi/Documents/projects/wt-plattform/apps/platform && ./vendor/bin/sail artisan test --compact tests/Feature/ProviderConnections tests/Feature/Verification`.
- [x] T021 [US2] If the ProviderConnections/Verification lane fails, add each failure to `failure-inventory.md`, keep Spec 294 semantics authoritative, and repair this lane before lower-priority work.
- [x] T022 [US2] Update `/Users/ahmeddarrazi/Documents/projects/wt-plattform/specs/296-full-suite-green-signal-restoration/fix-log.md` after each guard-lane repair.
---
## Phase 4: User Story 3 - Repair Cluster A Legacy Cutover Test Debt (Priority: P1)
**Goal**: Remove stale TenantPanel and retired-route expectations without restoring legacy runtime behavior.
**Independent Test**: Focused cutover tests pass and no test treats `/admin/t/...` as current product truth.
- [x] T023 [P] [US3] Search `apps/platform/tests` and `specs` for `/admin/t/` expectations using `rg -n "/admin/t/" apps/platform/tests specs` from `/Users/ahmeddarrazi/Documents/projects/wt-plattform`.
- [x] T024 [P] [US3] Search `apps/platform/tests` for old `admin.operations` assumptions using `rg -n "admin\\.operations|/admin/operations" apps/platform/tests`.
- [x] T025 [P] [US3] Search `apps/platform/tests apps/platform/app` for stale tenant panel setup using `rg -n "panel: 'tenant'|setCurrentPanel\\(Filament::getPanel\\('tenant'\\)|TenantPanelProvider" apps/platform/tests apps/platform/app`.
- [x] T026 [US3] For each stale route expectation, update only the test expectation to current workspace-first route truth or retired-route assertion.
- [x] T027 [US3] For each stale TenantPanel test assumption, update the test to admin panel context using current helpers such as `setAdminPanelContext()` when appropriate.
- [x] T028 [US3] Re-run each touched file with `cd /Users/ahmeddarrazi/Documents/projects/wt-plattform/apps/platform && ./vendor/bin/sail artisan test --compact <test-file>`.
- [x] T029 [US3] Update `failure-inventory.md` and `fix-log.md` for every repaired legacy cutover group.
---
## Phase 5: User Story 3 - Repair Cluster B Workspace Route / Operation URL Drift (Priority: P1)
**Goal**: Ensure operation URLs and tests use workspace-aware route generation and `OperationRunLinks` where canonical.
**Independent Test**: Focused operations URL tests pass and `admin.operations.*` routes are generated with workspace context.
- [x] T030 [P] [US3] Search for direct `route('admin.operations` usage in `/Users/ahmeddarrazi/Documents/projects/wt-plattform/apps/platform/tests`.
- [x] T031 [P] [US3] Search for `OperationRunLinks` assertions in `/Users/ahmeddarrazi/Documents/projects/wt-plattform/apps/platform/tests/Feature/OpsUx`.
- [x] T032 [US3] Update stale route generation to include `['workspace' => $workspace]` and `['workspace' => $workspace, 'run' => $run]` where direct routes are appropriate.
- [x] T033 [US3] Prefer `App\Support\OperationRunLinks` in tests when it is the owner contract under assertion.
- [x] T034 [US3] Ensure tests that render operation pages seed `WorkspaceContext::SESSION_KEY` and workspace membership explicitly.
- [x] T035 [US3] If `OperationRunLinks` itself is proven wrong, apply the minimal owner fix in `/Users/ahmeddarrazi/Documents/projects/wt-plattform/apps/platform/app/Support/OperationRunLinks.php` and document it as `true-runtime-bug`.
- [x] T036 [US3] Re-run touched OpsUx/Monitoring files and then rerun the Spec 293 cutover command.
- [x] T037 [US3] Update `failure-inventory.md` and `fix-log.md` for every operation URL repair.
---
## Phase 6: User Story 3 - Repair Cluster C Filament Panel Context / Resource URL Drift (Priority: P1)
**Goal**: Align tests with Filament v5 admin panel context and explicit panel URL generation.
**Independent Test**: Focused Filament resource/page tests no longer fail with null panel tenancy or panel-less Resource URL generation.
- [x] T038 [P] [US3] Search `apps/platform/tests` for `::getUrl(` calls using `rg -n "::getUrl\\(" apps/platform/tests`.
- [x] T039 [P] [US3] Search `apps/platform/tests` for `setCurrentPanel`, `setAdminPanelContext`, and `setTenantPanelContext` usage.
- [x] T040 [US3] Add `panel: 'admin'` to resource/page URL generation in tests when Filament panel context is required.
- [x] T041 [US3] Use `setAdminPanelContext()` and `WorkspaceContext::SESSION_KEY` rather than global hacks for current panel setup.
- [x] T042 [US3] Verify every globally searchable resource touched has Edit/View page coverage or has global search disabled.
- [x] T043 [US3] Re-run each touched Filament test file and then rerun the affected confidence or heavy-governance lane.
- [x] T044 [US3] Update `failure-inventory.md` and `fix-log.md` for every panel context repair.
---
## Phase 7: User Story 3 - Repair Cluster D RBAC / Capability / Authorization Drift (Priority: P1)
**Goal**: Rebaseline or fix authorization behavior without weakening security.
**Independent Test**: Focused RBAC/action tests pass with documented 404/403/hidden/disabled/not-found/redirect semantics.
- [x] T045 [US3] For each RBAC or action assertion failure, read the owning Resource/Page/Policy/Gate before editing tests.
- [x] T046 [US3] Classify the expected behavior as hidden, disabled, forbidden 403, deny-as-not-found 404, redirect, or action absent in `failure-inventory.md`.
- [x] T047 [US3] If the test is stale, update only the assertion to current product truth.
- [x] T048 [US3] If runtime authorization is wrong, apply the minimal policy/page/action owner fix and document it as `true-runtime-bug`.
- [x] T049 [US3] Confirm no raw role-string authorization check is introduced.
- [x] T050 [US3] Confirm touched destructive actions still use `->action(...)`, `->requiresConfirmation()`, and server-side authorization.
- [x] T051 [US3] Re-run focused RBAC/action files and the Spec 288 guard lane after any RBAC/security fix.
- [x] T052 [US3] Update `failure-inventory.md` and `fix-log.md` for every RBAC repair.
---
## Phase 8: User Story 3 - Repair Cluster E Provider Boundary / Provider Operation Restdrift (Priority: P1)
**Goal**: Keep provider-verification semantics green without broad provider architecture changes.
**Independent Test**: `tests/Feature/ProviderConnections tests/Feature/Verification` passes after provider-related repairs.
- [x] T053 [US3] For each provider-boundary or provider-operation failure, read the owning test plus current provider resource/service/gate owner.
- [x] T054 [US3] Decide whether the failure is stale-test-expectation, missing-fixture, provider-boundary-drift, or true-runtime-bug.
- [x] T055 [US3] If a provider fixture is missing, align with the canonical fixture setup in `/Users/ahmeddarrazi/Documents/projects/wt-plattform/apps/platform/tests/Pest.php`.
- [x] T056 [US3] If provider-neutral copy drift is stale, rebaseline the test without introducing Microsoft-specific platform-core wording.
- [x] T057 [US3] If runtime violates a provider boundary, apply only the local owner fix and do not introduce a new provider framework.
- [x] T058 [US3] Run `cd /Users/ahmeddarrazi/Documents/projects/wt-plattform/apps/platform && ./vendor/bin/sail artisan test --compact tests/Feature/ProviderConnections tests/Feature/Verification`.
- [x] T059 [US3] Update `failure-inventory.md` and `fix-log.md` for every provider repair.
---
## Phase 9: User Story 4 - Browser Lane Evidence And Repairs (Priority: P2)
**Goal**: Use browser failures as evidence, fix true browser/runtime drift, and avoid incidental screenshot baseline commits.
**Independent Test**: Browser files or screenshots changed only with documented evidence and browser lane proof.
- [x] T060 [US4] Run `mkdir -p /tmp/tenantpilot-296-browser-evidence` before browser repairs.
- [x] T061 [US4] Copy current screenshots with `cp -R apps/platform/tests/Browser/Screenshots/* /tmp/tenantpilot-296-browser-evidence/ || true` from `/Users/ahmeddarrazi/Documents/projects/wt-plattform`.
- [x] T062 [US4] For each browser failure, classify whether it is stale route/copy, real UI/runtime failure, screenshot-only evidence, wrong-lane, or environment/flaky.
- [x] T063 [US4] Fix stale browser route/copy expectations to current workspace-first/admin-panel truth.
- [x] T064 [US4] Fix true UI/runtime failures only in the narrow owning surface.
- [x] T065 [US4] Run `git status --short apps/platform/tests/Browser/Screenshots` after browser runs.
- [x] T066 [US4] Restore screenshot files that are evidence only and should not be committed.
- [x] T067 [US4] If a screenshot baseline is intentionally updated, document the file, reason, and UI truth in `browser-evidence.md`.
- [x] T068 [US4] Run `./scripts/platform-test-lane browser` if any browser test or screenshot file changed.
- [x] T069 [US4] Update `failure-inventory.md`, `fix-log.md`, and `browser-evidence.md` for every browser decision.
---
## Phase 10: User Story 4 - Heavy Governance And Lane Decisions (Priority: P2)
**Goal**: Stabilize heavy-governance tests and document any lane/skip/obsolete decisions.
**Independent Test**: Heavy-governance lane is green or every remaining non-default case has a documented lane decision.
- [x] T070 [US4] Run or re-run `./scripts/platform-test-lane heavy-governance` from `/Users/ahmeddarrazi/Documents/projects/wt-plattform` after heavy-governance fixes.
- [x] T071 [US4] For summary-count failures, replace stale literal caps with stable contract assertions when product logic has legitimately grown.
- [x] T072 [US4] For relation-manager UI drift, read the owning RelationManager/Page/Policy before deciding hidden vs disabled vs forbidden.
- [x] T073 [US4] Document every moved, skipped, obsolete, duplicate, or wrong-lane test in `/Users/ahmeddarrazi/Documents/projects/wt-plattform/specs/296-full-suite-green-signal-restoration/lane-decisions.md`.
- [x] T074 [US4] Ensure every skip message is specific and explains the lane/environment reason.
- [x] T075 [US4] Update `failure-inventory.md` and `fix-log.md` for every heavy-governance or lane-decision repair.
---
## Phase 11: User Story 5 - Full Suite Green Loop (Priority: P1)
**Goal**: Iterate until raw full suite is green or only controlled, documented default-CI exceptions remain.
**Independent Test**: Final raw full suite is green, or controlled default CI criteria are met with no unclassified red groups.
- [ ] T076 [US5] Run `cd /Users/ahmeddarrazi/Documents/projects/wt-plattform/apps/platform && ./vendor/bin/sail artisan test --compact` after the root-cause clusters are reduced.
- [ ] T077 [US5] If T076 is red, add new groups to `failure-inventory.md` before any additional fix.
- [ ] T078 [US5] Fix the smallest next root cause, rerun the focused file, rerun the affected lane, and repeat T076.
- [x] T079 [US5] If controlled default CI is proposed instead of raw full-suite green, document every non-default exception in `lane-decisions.md` and confirm no hidden product/runtime bug remains.
- [x] T080 [US5] Confirm `failure-inventory.md` has no unclassified row and no in-scope red group left without a follow-up or final status.
Execution note: T076-T078 remain open because the final repair loop used the lane split as the bounded proof set after the initial raw-suite baseline was too broad and long-running. Do not read this artifact as claiming final raw-suite green; read it as current lane-green/default-signal evidence with the raw rerun still available as a longer follow-up check.
---
## Phase 12: Final Validation And Close-Out
**Purpose**: Prove the final state and produce the required implementation summary.
- [ ] T081 Run `cd /Users/ahmeddarrazi/Documents/projects/wt-plattform/apps/platform && ./vendor/bin/sail artisan test --compact`.
- [x] T082 Run `cd /Users/ahmeddarrazi/Documents/projects/wt-plattform/apps/platform && ./vendor/bin/sail artisan test --compact tests/Feature/ProviderConnections tests/Feature/Verification`.
- [x] T083 Run the Spec 288 guard lane command from `spec.md`.
- [x] T084 Run the Spec 293 cutover lane command from `spec.md`.
- [x] T085 Run `cd /Users/ahmeddarrazi/Documents/projects/wt-plattform/apps/platform && ./vendor/bin/sail bin pint --dirty --format agent`.
- [x] T086 Run `git diff --check` from `/Users/ahmeddarrazi/Documents/projects/wt-plattform`.
- [x] T087 If browser files changed, run `./scripts/platform-test-lane browser` from `/Users/ahmeddarrazi/Documents/projects/wt-plattform`.
- [x] T088 Review `git status --short apps/platform/tests/Browser/Screenshots` and confirm `browser-evidence.md` matches the screenshot state.
- [x] T089 Confirm Livewire v4.0+ compliance remains true and no Livewire v3 or Filament v3/v4 APIs were introduced.
- [x] T090 Confirm panel provider registration remains in `/Users/ahmeddarrazi/Documents/projects/wt-plattform/apps/platform/bootstrap/providers.php`.
- [x] T091 Confirm every touched globally searchable Filament resource has an Edit/View page or global search is disabled.
- [x] T092 Confirm every touched destructive action still uses confirmation plus authorization.
- [x] T093 Confirm no asset registration changed; if it did, document `cd apps/platform && php artisan filament:assets` in close-out/deploy notes.
- [x] T094 Confirm `fix-log.md`, `lane-decisions.md`, `browser-evidence.md`, and `failure-inventory.md` are complete and consistent with command output.
- [x] T095 Prepare the final implementation answer with full-suite status, counts/assertions, guard lane status, provider lane status, browser lane status, Pint, `git diff --check`, runtime/test/spec files changed, screenshot state, root causes fixed, tests rebaselined/moved/skipped, residual errors, tenant cutover status, and CI-signal status.
Execution note: T081 remains open for the same reason as T076. The final validation set refreshed the configured lanes and guards: fast-feedback, confidence, heavy-governance, browser, Spec 288, Spec 293, ProviderConnections/Verification, Pint, and `git diff --check`.
## Dependencies & Execution Order
- Phase 1 must complete before any test run or repair.
- Phase 2 must complete before any fix.
- Phase 3 guard lanes must be green before broad confidence/heavy/browser work unless a guard lane is the active repair owner.
- Phases 4 through 8 follow the root-cause order in `plan.md`.
- Browser and heavy-governance work can start only after guard lanes are protected or if browser/heavy failures are blocking a guard lane.
- Final validation depends on every changed file being focused-rerun and lane-rerun first.
## Parallel Execution Examples
- T004 and T005 can run in parallel.
- T023 through T025 can run in parallel.
- T030 and T031 can run in parallel.
- T038 and T039 can run in parallel.
- Focused test file reruns can run independently only when they touch disjoint owner areas and do not share database/browser state.
## Implementation Strategy
### Suggested MVP Scope
MVP is not a partial product release. The first usable milestone is: baseline inventory complete, guard lanes green, and top root-cause cluster repairs underway with logs updated.
### Incremental Delivery
1. Safety gate and baseline inventory.
2. Guard lane proof.
3. Repair route/panel/cutover clusters.
4. Repair RBAC/provider clusters.
5. Repair browser/heavy clusters.
6. Full suite loop.
7. Final validation and close-out.
## Explicit Follow-Ups / Out of Scope
- Customer Review Workspace v1
- Decision-Based Governance Inbox v1
- Localization v1
- Cross-Tenant Compare and Promotion v1
- Commercial Entitlements / Billing
- External Support Desk / PSA
- Private AI Governance
- New product surfaces
- New provider abstraction architecture
- TenantPanelProvider or `/admin/t/...` compatibility restoration