68 lines
4.3 KiB
Markdown
68 lines
4.3 KiB
Markdown
# Research: Cutover Prerequisite Completion
|
|
|
|
## Decision 1: Spec `287` now completes prerequisites; Spec `288` owns enforcement
|
|
|
|
- Use this package to finish the remaining runtime and test-harness seams that still block quality-gates / no-legacy enforcement.
|
|
- Do not add a guard suite, a full-suite baseline, or global quality gates here.
|
|
- Keep the follow-up boundary explicit: Spec `288` starts after this runtime baseline exists.
|
|
|
|
## Decision 2: Retire the provider-connection legacy route family instead of guarding it
|
|
|
|
- The provider-connection legacy alias family in `apps/platform/routes/web.php` is a runtime seam, not an enforcement-only concern.
|
|
- Remove it in this slice so later enforcement can guard the completed route truth instead of compensating for it.
|
|
|
|
## Decision 3: Finish provider target-scope core neutralization on shared seams only
|
|
|
|
- Neutralize the shared provider-core contract where repo truth still depends on Microsoft-shaped identity or target-scope fields.
|
|
- Keep Microsoft-specific tenant/profile, consent, and support detail nested under provider-owned seams only.
|
|
- Do not add a new provider profile table, registry, or framework.
|
|
|
|
## Decision 4: Complete workspace-first access persistence instead of layering more RBAC logic
|
|
|
|
- Treat workspace membership as the only role-bearing truth.
|
|
- Finish the cleanup that keeps managed-environment scope narrowing-only.
|
|
- Do not introduce a second role system, a compatibility shim, or a new role family.
|
|
|
|
## Decision 5: Replace tenant-panel-era test helpers with post-cutover admin or workspace helpers
|
|
|
|
- `apps/platform/tests/Pest.php` still carries tenant-panel-era setup such as `setTenantPanelContext()` and related legacy profile alias helpers.
|
|
- Replace the retired panel assumption on the shared helper path and the in-slice direct consumers `tests/Feature/Reviews/CustomerReviewWorkspaceLaunchLinksTest.php` plus `tests/Feature/Rbac/TriageReviewStateAuthorizationTest.php`.
|
|
- Do not turn this into a broad test-suite rewrite; keep it to the helpers and direct consumers needed by this slice.
|
|
|
|
## Decision 6: Validation must stay targeted
|
|
|
|
- Use focused feature tests and targeted browser validation for the changed seams only.
|
|
- Do not add a global guard family, broad source-scan package, or full-suite baseline under this spec.
|
|
|
|
## Rejected Alternatives
|
|
|
|
### Rejected: keep `287` as a blocked no-legacy guard package
|
|
|
|
That would force the later enforcement slice to compete with unfinished runtime work and would keep the package blocked for the wrong reason.
|
|
|
|
### Rejected: solve the route and helper drift with compatibility aliases
|
|
|
|
That would preserve the same ambiguity that Spec `288` is supposed to eliminate.
|
|
|
|
### Rejected: introduce a new provider profile or access-scope framework
|
|
|
|
The existing seams are already sufficient; they need completion, not a second architectural layer.
|
|
|
|
### Rejected: use a full-suite baseline as the proof requirement
|
|
|
|
The slice is bounded and should prove only the changed seams.
|
|
|
|
## Evidence Anchors
|
|
|
|
- `apps/platform/routes/web.php` still contains `/admin/tenants/{tenant:slug}/provider-connections` redirect routes.
|
|
- `apps/platform/app/Support/Providers/TargetScope/ProviderConnectionTargetScopeNormalizer.php` and related provider-core seams still participate in the shared target-scope contract that this slice completes.
|
|
- `apps/platform/app/Services/Auth/TenantMembershipManager.php` still persists managed-environment membership records with copied workspace role values.
|
|
- `apps/platform/tests/Pest.php` still contains `setTenantPanelContext()` and `createUserWithTenantLegacyProfileAliases()`.
|
|
- The in-slice direct consumer tests `tests/Feature/Reviews/CustomerReviewWorkspaceLaunchLinksTest.php` and `tests/Feature/Rbac/TriageReviewStateAuthorizationTest.php` still depend on the retired tenant-panel helper path.
|
|
|
|
## Implementation Boundary Summary
|
|
|
|
- The package is implementation-ready as a bounded prerequisite-completion slice.
|
|
- It is no longer a blocked-by-prerequisites guard package.
|
|
- If implementation starts adding guard suites, full-suite baselines, or adjacent feature work, stop and split that work out of `287`.
|
|
- The canonical executable command set lives only in `spec.md`, `plan.md`, `tasks.md`, and `quickstart.md`; this artifact intentionally references that command authority without restating a second command set. |