ahmido/TenantAtlas
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects 1 Releases Wiki Activity
9e435ea91f
TenantAtlas/specs/304-tenant-panel-dead-code-retirement/tasks.md
ahmido 5248654691 feat: retire tenant panel runtime dead code (#359) 
## Summary
- retire remaining legacy tenant-panel runtime assumptions in the Filament admin runtime and route resolution paths
- centralize canonical admin environment context handling for shared surfaces instead of relying on deprecated `tenant` panel behavior
- harden guard coverage so legacy `/admin/t` and `/admin/tenants` route families cannot regress
- update scoped navigation, drillthrough, reference-link, and global-search tests to use the admin panel environment runtime
- add the Spec 304 package under `specs/304-tenant-panel-dead-code-retirement/` and document the rollout in the product ledger

## Test Coverage Updated
- `AdminSharedSurfacePanelParityTest`
- `NoActiveTenantResourceRoutesTest`
- `NoLegacyTenantPanelRuntimeTest`
- `AdminTenantResolverGuardTest`
- `PolicyVersionResolvedReferenceLinksTest`
- `EntraGroupGlobalSearchScopeTest`
- `OperationsDashboardDrillthroughTest`

## Runtime Notes
- remains compliant with Filament v5 on Livewire v4
- no provider registration changes; provider registration location remains `apps/platform/bootstrap/providers.php`
- no new globally searchable resource was introduced; existing scoped search assertions were updated only
- no destructive actions were added or changed
- no asset registration changes; deploy posture for `cd apps/platform && php artisan filament:assets` is unchanged

## Validation
- updated tests and docs/spec artifacts were committed in this branch
- tests were not re-run in this turn

Co-authored-by: Ahmed Darrazi <ahmed.darrazi@live.de>
Reviewed-on: #359
2026-05-14 23:57:36 +00:00

17 KiB
Raw Blame History

Tasks: Tenant Panel Dead-Code Retirement

Input: Design documents from /specs/304-tenant-panel-dead-code-retirement/ Prerequisites: spec.md, plan.md, checklists/requirements.md

Tests: Tests are required. This is a runtime cleanup and guardrail change for provider registration, route collection, canonical links, and Filament navigation contracts.

Test Governance Checklist

  • Lane assignment is named and is the narrowest sufficient proof for the changed behavior.
  • New or changed tests stay in the smallest honest family, and any browser smoke is explicit and justified.
  • Shared helpers, factories, seeds, fixtures, and context defaults stay cheap by default.
  • Planned validation commands cover the change without pulling unrelated lane cost.
  • The declared surface test profile is global-context-shell plus standard-native-filament.
  • Any material budget, baseline, trend, or escalation note is recorded in the active spec or PR.

Phase 1: Preparation and Runtime Truth Lock

Purpose: Confirm repo truth before deleting or rewriting anything.

  • T001 Review specs/304-tenant-panel-dead-code-retirement/spec.md, specs/304-tenant-panel-dead-code-retirement/plan.md, specs/304-tenant-panel-dead-code-retirement/tasks.md, and specs/304-tenant-panel-dead-code-retirement/checklists/requirements.md.
  • T002 Review completed context in specs/301-admin-inventory-navigation-cutover/, specs/302-tenant-owned-surface-route-audit/, and specs/303-admin-directory-groups-cutover/ without modifying those completed specs.
  • T003 Inspect apps/platform/bootstrap/providers.php and confirm the active providers are admin/system only for Filament runtime.
  • T004 Inspect apps/platform/app/Providers/Filament/TenantPanelProvider.php and apps/platform/app/Filament/Providers/TenantPanelProvider.php; if either active runtime file exists, record references before removal.
  • T005 Inspect apps/platform/routes/web.php and the runtime route collection for admin/t, admin/tenants, tenant-panel route names, and compatibility redirects.
  • T006 Search apps/platform/app/, apps/platform/bootstrap/, apps/platform/routes/, and apps/platform/tests/ for /admin/t, /admin/tenants, TenantPanelProvider, panel: 'tenant', panel: "tenant", and filament.admin.resources.tenants and classify each hit as historical/removal-test, stale active test, runtime dependency, or link-emission risk.
  • T007 Confirm no implementation task introduces migrations, models, provider adapters, assets, new product surfaces, destructive actions, route aliases, redirects, or compatibility shims.

Phase 2: User Story 1 - Retired Tenant Panel runtime cannot boot (Priority: P1)

Goal: Tenant Panel provider/runtime registration is absent and guarded.

Independent Test: Provider bootstrap and Filament panel resolution assertions fail if the retired tenant panel returns.

  • T008 [P] [US1] Update apps/platform/tests/Feature/Guards/NoLegacyTenantPanelRuntimeTest.php to assert apps/platform/bootstrap/providers.php does not register any Tenant Panel provider class.
  • T009 [P] [US1] Update apps/platform/tests/Feature/Guards/NoLegacyTenantPanelRuntimeTest.php to assert no active Tenant Panel provider class exists at app/Providers/Filament/TenantPanelProvider.php or app/Filament/Providers/TenantPanelProvider.php.
  • T010 [P] [US1] Update apps/platform/tests/Feature/Guards/NoLegacyTenantPanelRuntimeTest.php to assert Filament::getPanel('tenant') remains null.
  • T011 [US1] If an active Tenant Panel provider class exists and no runtime/test dependency remains, delete apps/platform/app/Providers/Filament/TenantPanelProvider.php or apps/platform/app/Filament/Providers/TenantPanelProvider.php. Repo truth: no active provider file existed, so no deletion was needed.
  • T012 [US1] If a Tenant Panel provider cannot be deleted safely, document the narrow blocker in specs/304-tenant-panel-dead-code-retirement/plan.md and keep the class unregistered. Repo truth: no blocker existed because no active provider file remained.

Phase 3: User Story 2 - Legacy route families are unavailable (Priority: P1)

Goal: /admin/t and legacy /admin/tenants route families are not registered, not reachable, and not redirected.

Independent Test: Route collection and HTTP request assertions prove retired route families are absent.

  • T013 [P] [US2] Update apps/platform/tests/Feature/Guards/NoLegacyTenantPanelRuntimeTest.php to assert no route URI begins with admin/t.
  • T014 [P] [US2] Update apps/platform/tests/Feature/Guards/NoActiveTenantResourceRoutesTest.php to assert no active product route URI begins with admin/tenants.
  • T015 [P] [US2] Update apps/platform/tests/Feature/Guards/NoActiveTenantResourceRoutesTest.php to assert route names do not include retired tenant-panel naming conventions such as filament.tenant. or filament.admin.resources.tenants..
  • T016 [US2] Update apps/platform/tests/Feature/Guards/NoActiveTenantResourceRoutesTest.php to assert /admin/t/{environment}, /admin/t/{environment}/inventory-items, /admin/tenants, and /admin/tenants/{environment} return not found for an authenticated workspace/environment user.
  • T017 [US2] Inspect apps/platform/tests/Feature/ProviderConnections/LegacyRedirectTest.php; replace any stale expectation that /admin/tenants/{environment}/provider-connections redirects with an assertion matching current route truth, or document why it is current canonical behavior.
  • T018 [US2] Inspect apps/platform/tests/Feature/RequiredPermissions/RequiredPermissionsLegacyRouteTest.php, apps/platform/tests/Feature/Operations/LegacyRunRoutesNotFoundTest.php, and apps/platform/tests/Feature/078/LegacyRoutesReturnNotFoundTest.php and keep only removal-focused legacy route assertions.
  • T019 [US2] Remove active route definitions or redirects from apps/platform/routes/web.php only if T005 finds a confirmed legacy route. Repo truth: no active legacy route or redirect was found, so no route deletion was needed.

Phase 4: User Story 3 - Workspace and environment navigation contracts remain precise (Priority: P2)

Goal: Workspace home stays clean while eligible environment-bound surfaces remain visible and reachable.

Independent Test: Workspace-home and canonical environment tests prove absence/presence independently.

  • T020 [P] [US3] Update apps/platform/tests/Feature/Filament/PanelNavigationSegregationTest.php so workspace-home clean navigation and environment-bound visibility are separate assertions, not one blanket admin-hidden rule.
  • T021 [P] [US3] Update apps/platform/tests/Feature/Filament/AdminTenantSurfaceParityTest.php to stop enforcing stale "admin can never see tenant-owned resources" semantics and instead assert canonical environment context where applicable.
  • T022 [P] [US3] Update apps/platform/tests/Feature/Filament/AdminSharedSurfacePanelParityTest.php to preserve workspace-owned/admin-shared surfaces without referencing Tenant Panel compatibility.
  • T023 [P] [US3] Update apps/platform/tests/Feature/Filament/TenantOwnedResourceScopeParityTest.php to preserve server-side environment scoping and cross-environment denial without depending on retired panel routes.
  • T024 [P] [US3] Verify apps/platform/tests/Feature/Filament/InventoryCoverageAdminTenantParityTest.php still proves Inventory Coverage uses canonical workspace/environment routes and does not emit /admin/t.
  • T025 [P] [US3] Verify apps/platform/tests/Feature/Filament/EntraGroupAdminScopeTest.php still proves Entra Groups are hidden on workspace home, visible in environment context, scoped to the active environment, and do not emit /admin/t.
  • T026 [P] [US3] Verify apps/platform/tests/Feature/Filament/PolicyResourceAdminSearchParityTest.php and apps/platform/tests/Feature/Filament/PolicyVersionAdminSearchParityTest.php still prove policy search destinations remain canonical and route-safe.
  • T027 [US3] If navigation runtime code must change, keep edits limited to existing shared helpers such as apps/platform/app/Support/Navigation/NavigationScope.php, apps/platform/app/Support/OperateHub/OperateHubShell.php, or resource shouldRegisterNavigation() methods. Runtime edit stayed limited to InventoryCoverage::resolveAdminUrlTenant() so it delegates to the existing panel tenant resolver instead of reading raw panel tenant state.

Phase 5: User Story 4 - Links and search never emit retired routes (Priority: P3)

Goal: High-signal link builders and global-search destinations never generate /admin/t or tenant-panel URLs.

Independent Test: Generated URLs from known link builders and search destinations use canonical workspace/environment paths.

  • T028 [P] [US4] Add or update assertions in apps/platform/tests/Feature/Filament/EntraGroupGlobalSearchScopeTest.php that global-search result URLs do not contain /admin/t and resolve to canonical View routes.
  • T029 [P] [US4] Add or update assertions in apps/platform/tests/Feature/Monitoring/OperationsDashboardDrillthroughTest.php to prove OperationRunLinks and OperationRunUrl do not emit /admin/t.
  • T030 [P] [US4] Add or update assertions covering apps/platform/app/Support/ManagedEnvironmentLinks.php through an existing workspace/environment routing test such as apps/platform/tests/Feature/Guards/ManagedEnvironmentCanonicalRouteContractTest.php. Existing assertions already covered canonical ManagedEnvironment links and were rerun.
  • T031 [US4] Inspect apps/platform/app/Support/OperationRunLinks.php, apps/platform/app/Support/OpsUx/OperationRunUrl.php, and apps/platform/app/Support/ManagedEnvironmentLinks.php; fix only confirmed active legacy emissions.
  • T032 [US4] Inspect resource URL helpers in apps/platform/app/Filament/Resources/InventoryItemResource.php, apps/platform/app/Filament/Resources/EntraGroupResource.php, apps/platform/app/Filament/Resources/PolicyResource.php, apps/platform/app/Filament/Resources/PolicyVersionResource.php, apps/platform/app/Filament/Resources/BackupSetResource.php, apps/platform/app/Filament/Resources/RestoreRunResource.php, apps/platform/app/Filament/Resources/FindingResource.php, apps/platform/app/Filament/Resources/EvidenceSnapshotResource.php, apps/platform/app/Filament/Resources/EnvironmentReviewResource.php, apps/platform/app/Filament/Resources/ReviewPackResource.php, and apps/platform/app/Filament/Resources/StoredReportResource.php; fix only confirmed active legacy emissions. Static search and focused URL tests found no active legacy emissions.
  • T033 [US4] Keep historical /admin/t strings in old specs, docs, and explicit removal tests allowlisted rather than performing a broad docs purge.

Phase 6: Minimal Product Docs

Purpose: Update only current product truth if implementation changes it.

  • T034 Inspect docs/product/spec-candidates.md and docs/product/implementation-ledger.md after runtime cleanup.
  • T035 If Tenant Panel runtime is fully retired or already proven absent, add a minimal ledger or candidate note stating that active Tenant Panel runtime and /admin/t routes are unavailable and guarded.
  • T036 Do not rewrite historical specs, historical docs, roadmap sections, or old implementation evidence.

Phase 7: Validation and Close-Out

Purpose: Prove the cleanup and record exact findings.

  • T037 Run cd apps/platform && ./vendor/bin/sail artisan test --compact tests/Feature/Guards/NoLegacyTenantPanelRuntimeTest.php tests/Feature/Guards/NoActiveTenantResourceRoutesTest.php tests/Feature/Workspaces/WorkspaceIntendedUrlLegacyRejectionTest.php.
  • T038 Run cd apps/platform && ./vendor/bin/sail artisan test --compact tests/Feature/Filament/PanelNavigationSegregationTest.php tests/Feature/Filament/AdminTenantSurfaceParityTest.php tests/Feature/Filament/AdminSharedSurfacePanelParityTest.php tests/Feature/Filament/TenantOwnedResourceScopeParityTest.php tests/Feature/Filament/InventoryCoverageAdminTenantParityTest.php tests/Feature/Filament/EntraGroupAdminScopeTest.php tests/Feature/Filament/EntraGroupGlobalSearchScopeTest.php tests/Feature/Filament/PolicyResourceAdminSearchParityTest.php tests/Feature/Filament/PolicyVersionAdminSearchParityTest.php.
  • T039 Run cd apps/platform && ./vendor/bin/sail artisan test --compact tests/Feature/Monitoring/OperationsDashboardDrillthroughTest.php tests/Feature/Operations/LegacyRunRoutesNotFoundTest.php tests/Feature/ProviderConnections/LegacyRedirectTest.php tests/Feature/RequiredPermissions/RequiredPermissionsLegacyRouteTest.php.
  • T040 Run git diff --check from /Users/ahmeddarrazi/Documents/projects/wt-plattform.
  • T041 Run browser smoke only if rendered navigation or route registration changes; otherwise document the feature-test substitute in close-out.
  • T042 Update implementation close-out notes with files changed, provider status, route status, /admin/tenants status, route retirement test result, Inventory result, Entra Groups result, global-search/link result, browser smoke result or reason not run, git diff --check result, and deferred blockers.

Implementation Close-Out Notes

  • Files changed: apps/platform/app/Filament/Pages/InventoryCoverage.php; focused guard, Filament, operations, and reference-link tests; docs/product/implementation-ledger.md; docs/product/spec-candidates.md; this spec task file.
  • Tenant Panel provider status: already absent before implementation. Guard coverage now checks both active app provider paths, provider bootstrap contents, and Filament::getPanel('tenant').
  • /admin/t route status: already absent before implementation. Guard coverage now checks route collection absence and direct 404s for base and child retired URLs.
  • /admin/tenants/{environment} route status: no active legacy route or redirect was found. Guard and provider-connection tests assert not found with no Location header.
  • Route retirement test result: NoLegacyTenantPanelRuntimeTest, NoActiveTenantResourceRoutesTest, and WorkspaceIntendedUrlLegacyRejectionTest passed.
  • Inventory contract result: InventoryCoverageAdminTenantParityTest and the full focused Filament lane passed after InventoryCoverage was changed to use the shared resolver path.
  • Entra Groups contract result: EntraGroupAdminScopeTest and EntraGroupGlobalSearchScopeTest passed; generated global-search URLs use canonical workspace/environment View routes and do not contain /admin/t or /admin/tenants.
  • Global-search/link result: ManagedEnvironmentCanonicalRouteContractTest, OperationsDashboardDrillthroughTest, and PolicyVersionResolvedReferenceLinksTest passed; high-signal link builders do not emit retired routes.
  • Browser smoke result: not run. This implementation changed route/provider/link guardrails and one backend URL-context resolver but did not change rendered Filament navigation, forms, actions, assets, or route registration. Feature tests rendered and exercised the relevant workspace/environment navigation and resource pages as the substitute.
  • git diff --check: passed.
  • Deferred blockers: none.

Dependencies

  • Phase 1 must complete before any runtime or test edits.
  • Phase 2 and Phase 3 can run in parallel after Phase 1 if different test files are owned.
  • Phase 4 depends on classifying stale tests in Phase 1 and should not weaken RBAC/context assertions.
  • Phase 5 can run in parallel with Phase 4 when link-builder tests are in separate files.
  • Phase 6 only runs after implementation findings are known.
  • Phase 7 runs after all in-scope edits are complete.

Parallel Execution Examples

  • T008, T009, T010, T013, T014, and T015 can run in parallel if each worker owns separate assertions or coordinates within guard test files.
  • T020, T021, T022, and T023 can run in parallel if each worker owns the named test file.
  • T028, T029, and T030 can run in parallel because they target different link/search proof paths.
  • T024, T025, and T026 are verification tasks and can run independently after related test updates.

Implementation Strategy

  1. Treat current runtime truth as authoritative.
  2. Preserve or strengthen removal-focused guard tests.
  3. Replace stale compatibility or blanket-hidden assertions with precise workspace/environment contracts.
  4. Fix only active runtime/link emissions found by tests or repo inspection.
  5. Keep historical docs and completed specs intact.
  6. Validate with focused tests and document browser-smoke decision.

Explicit Non-Goals

  • Do not add /admin/t or /admin/tenants compatibility aliases.
  • Do not add redirects from retired route families to canonical workspace/environment routes.
  • Do not introduce a new route-helper architecture.
  • Do not migrate schema, models, tenant_id, or provider connection ownership.
  • Do not add product surfaces, navigation features, destructive actions, Graph behavior, jobs, assets, or migrations.
  • Do not purge historical docs or rewrite completed specs.
  • Do not weaken RBAC, workspace isolation, environment scoping, or global-search scoping.