ahmido/TenantAtlas
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects 1 Releases Wiki Activity
a107e7e41b
TenantAtlas/specs/181-restore-safety-integrity/quickstart.md
ahmido a107e7e41b feat: restore safety integrity and queue slide-over (#210) 
## Summary
- add the Spec 181 restore-safety layer with scope fingerprinting, preview/check integrity states, execution safety snapshots, result attention, and operator-facing copy across the wizard, restore detail, and canonical operation detail
- add focused unit and feature coverage for restore-safety assessment, result attention, and restore-linked operation detail
- switch the finding exceptions queue `Inspect exception` action to a native Filament slide-over while preserving query-param-backed inline summary behavior

## Testing
- `vendor/bin/sail artisan test --compact tests/Feature/Monitoring/FindingExceptionsQueueTest.php tests/Feature/Filament/RestoreSafetyIntegrityWizardTest.php tests/Feature/Filament/RestoreResultAttentionSurfaceTest.php tests/Feature/Operations/RestoreLinkedOperationDetailTest.php tests/Unit/Support/RestoreSafety`

## Notes
- Spec 181 checklist is complete (`specs/181-restore-safety-integrity/checklists/requirements.md`)
- the branch still has unchecked follow-up tasks in `specs/181-restore-safety-integrity/tasks.md`: `T012`, `T018`, `T019`, `T023`, `T025`, `T029`, `T032`, `T033`, `T041`, `T042`, `T043`, `T044`
- Filament v5 / Livewire v4 compliance is preserved, no panel provider registration changes were made, no global-search behavior was added, destructive actions remain confirmation-gated, and no new Filament assets were introduced

Co-authored-by: Ahmed Darrazi <ahmed.darrazi@live.de>
Reviewed-on: #210
2026-04-06 23:37:14 +00:00

152 lines
6.0 KiB
Markdown
Raw Blame History

# Quickstart: Restore Safety Integrity
## Goal
Validate that restore wizard, restore detail, and canonical operation detail now communicate restore safety truth without overstating calmness, scope validity, or recovery completion.
This slice uses freshness policy `invalidate_after_mutation` for preview and checks. Inside one active wizard draft, there is no separate age-based timeout; `stale` is reserved for legacy or incomplete persisted evidence, while `invalidated` is used for explicit scope drift after a covered mutation.
## Prerequisites
1. Start Sail if it is not already running.
2. Ensure the workspace has representative restore fixtures for:
- a scope with current checks and preview
- a scope where preview or checks become invalid after a scope change
- a scope with warnings but no blockers
- a real restore run that ends `completed`
- a real restore run that ends `partial` or `completed_with_follow_up`
- a restore-linked `OperationRun`
3. Ensure the acting user is a valid workspace member and tenant member.
4. Ensure at least one lower-privilege user exists to verify 404 versus 403 and safe degradation.
## Focused Automated Verification
Run the smallest restore-related suite first:
```bash
vendor/bin/sail artisan test --compact tests/Feature/RestoreRunWizardExecuteTest.php
vendor/bin/sail artisan test --compact tests/Feature/RestoreRiskChecksWizardTest.php
vendor/bin/sail artisan test --compact tests/Feature/Filament/RestorePreviewTest.php
vendor/bin/sail artisan test --compact tests/Feature/Filament/RestoreRunUiEnforcementTest.php
vendor/bin/sail artisan test --compact tests/Feature/OpsUx/RestoreExecutionOperationRunSyncTest.php
vendor/bin/sail artisan test --compact tests/Feature/RestoreAuditLoggingTest.php
vendor/bin/sail artisan test --compact tests/Feature/ExecuteRestoreRunJobTest.php
vendor/bin/sail artisan test --compact tests/Feature/RestorePreviewDiffWizardTest.php
vendor/bin/sail artisan test --compact tests/Feature/OpsUx/Constitution/DirectStatusTransitionGuardTest.php
vendor/bin/sail artisan test --compact tests/Feature/OpsUx/Constitution/JobDbNotificationGuardTest.php
vendor/bin/sail artisan test --compact tests/Feature/OpsUx/Constitution/LegacyNotificationGuardTest.php
vendor/bin/sail artisan test --compact tests/Feature/OpsUx/OperationRunSummaryCountsIncrementTest.php
vendor/bin/sail artisan test --compact tests/Feature/OpsUx/Regression/RestoreRunTerminalNotificationTest.php
vendor/bin/sail artisan test --compact tests/Feature/OpsUx/NotificationViewRunLinkTest.php
vendor/bin/sail artisan test --compact tests/Feature/OpsUx/QueuedToastCopyTest.php
```
Expected new or expanded spec-scoped tests:
```bash
vendor/bin/sail artisan test --compact tests/Feature/Filament/RestoreSafetyIntegrityWizardTest.php
vendor/bin/sail artisan test --compact tests/Feature/Filament/RestoreResultAttentionSurfaceTest.php
vendor/bin/sail artisan test --compact tests/Feature/Operations/RestoreLinkedOperationDetailTest.php
vendor/bin/sail artisan test --compact tests/Unit/Support/RestoreSafety/
```
Use `--filter` for a smaller pass while iterating.
## Manual Validation Pass
### 1. Establish current preview and checks
Open `/admin/t/{tenant}/restore-runs/create` and:
- choose a backup set
- choose `selected` scope or keep `all`
- run checks
- generate preview
Confirm the page shows:
- what scope is currently selected
- when preview and checks were generated
- whether each basis is current
- the difference between execution readiness and safety readiness
### 2. Trigger explicit invalidation
After preview and checks exist, change one scope-defining input:
- selected items
- scope mode
- group mapping
- backup set
Confirm the page no longer behaves like preview and checks were never run.
It must clearly show:
- previous preview or checks were invalidated by the change
- rerun is required
- calm execution language is suppressed
### 3. Verify warning suppression
Use a scope with warnings but no blockers and confirm:
- the restore may still be technically executable
- the page does not say `safe`, `ready`, or `looks good` in a calm way
- the operator sees one primary cautionary next step
### 4. Verify real execution confirmation
On the final wizard step, confirm that real execution requires:
- current checks
- current preview
- matching scope fingerprint
- hard-confirm inputs
- passing execution readiness
If any of those conditions fail, confirm the page prefers corrective guidance over calm execute messaging.
### 5. Verify result truth after execution
Open the restore-run detail page and confirm the first visible area answers:
- what completed
- what only partially completed
- whether follow-up is still required
- what the primary next action is
- that `completed` does not imply `tenant recovered`
### 6. Verify canonical operation continuity
Open the linked canonical operation detail and confirm:
- restore-specific follow-up truth is visible or reachable in one click
- the page does not reduce restore meaning to generic operation telemetry alone
- unauthorized deeper links are suppressed or explained safely
## Non-Regression Checks
Confirm the feature did not change:
- tenant route and canonical route identity
- 404 versus 403 semantics for restore surfaces and linked operation surfaces
- existing write-gate and execution authorization behavior
- `OperationRun` lifecycle ownership and sync behavior
- existing archive, restore, rerun, and force-delete confirmation behavior
- render-time prohibition on new external calls for detail surfaces
## Formatting And Final Verification
Before finalizing implementation work:
```bash
vendor/bin/sail bin pint --dirty --format agent
```
Then rerun the smallest affected test set and offer the full suite only after the focused restore safety pack passes.
Close the feature only after the manual validation confirms:
- operators can identify the next safe action within 15 seconds on the wizard and result surfaces
- restore-specific follow-up truth is visible or reachable from canonical operation detail within one click
Reference in New Issue View Git Blame Copy Permalink