ahmido/TenantAtlas
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects 1 Releases Wiki Activity
b0a724acef
TenantAtlas/docs/product/discoveries.md
ahmido b0a724acef feat: harden canonical run viewer and onboarding draft state (#173) 
## Summary
- harden the canonical operation run viewer so mismatched, missing, archived, onboarding, and selector-excluded tenant context no longer invalidates authorized canonical run viewing
- extend canonical route, header-context, deep-link, and presentation coverage for Spec 144 and add the full spec artifact set under `specs/144-canonical-operation-viewer-context-decoupling/`
- harden onboarding draft provider-connection resume logic so stale persisted provider connections fall back to the connect-provider step instead of resuming invalid state
- add architecture-audit follow-up candidate material and prompt assets for the next governance hardening wave

## Testing
- `vendor/bin/sail bin pint --dirty --format agent`
- `vendor/bin/sail artisan test --compact tests/Feature/144/CanonicalOperationViewerContextMismatchTest.php tests/Feature/144/CanonicalOperationViewerDeepLinkTrustTest.php tests/Feature/Operations/TenantlessOperationRunViewerTest.php tests/Feature/OpsUx/OperateHubShellTest.php tests/Feature/Monitoring/OperationsTenantScopeTest.php tests/Feature/RunAuthorizationTenantIsolationTest.php tests/Feature/Filament/OperationRunEnterpriseDetailPageTest.php tests/Feature/Monitoring/HeaderContextBarTest.php tests/Feature/Monitoring/OperationRunResolvedReferencePresentationTest.php tests/Feature/Monitoring/OperationsCanonicalUrlsTest.php`
- `vendor/bin/sail artisan test --compact tests/Feature/ManagedTenantOnboardingWizardTest.php tests/Unit/Onboarding/OnboardingDraftStageResolverTest.php tests/Unit/Onboarding/OnboardingLifecycleServiceTest.php`

## Notes
- branch: `144-canonical-operation-viewer-context-decoupling`
- base: `dev`

Co-authored-by: Ahmed Darrazi <ahmed.darrazi@live.de>
Reviewed-on: #173
2026-03-15 18:32:04 +00:00

5.7 KiB
Raw Blame History

Discoveries

Things found during implementation that don't belong in the current spec. Review weekly. Promote to spec-candidates.md or discard.

Items that are already tracked in spec-candidates.md or roadmap.md should not remain here.

Last reviewed: 2026-03-15

2026-03-15 — Queued execution trust relies too much on dispatch-time authority

  • Source: architecture audit
  • Observation: Queued jobs still rely too heavily on the actor, tenant, and authorization state captured at dispatch time. Execution-time scope continuity and reauthorization are not yet hardened as a canonical backend contract.
  • Category: hardening
  • Priority: high
  • Suggested follow-up: Track in ../audits/2026-03-15-audit-spec-candidates.md as Candidate A: queued execution reauthorization and scope continuity.

2026-03-15 — Tenant-owned query canon remains too ad hoc

  • Source: architecture audit
  • Observation: Tenant isolation is broadly present, but many tenant-owned reads still depend on repeated local tenant_id filtering instead of a reusable canonical query path. This increases drift risk and weakens wrong-tenant regression discipline.
  • Category: hardening
  • Priority: high
  • Suggested follow-up: Track in ../audits/2026-03-15-audit-spec-candidates.md as Candidate B: tenant-owned query canon and wrong-tenant guards.

2026-03-15 — Findings lifecycle truth is stronger in docs than in enforcement

  • Source: architecture audit
  • Observation: Findings workflow semantics are well-defined at spec level, but architectural enforcement still depends too much on service-path discipline. Direct or bypassing status mutations remain too plausible.
  • Category: hardening
  • Priority: high
  • Suggested follow-up: Track in ../audits/2026-03-15-audit-spec-candidates.md as Candidate C: findings workflow enforcement and audit backstop.

2026-03-15 — Livewire trust-boundary hardening is still convention-driven

  • Source: architecture audit
  • Observation: Complex Livewire and Filament flows still expose too much ownership-relevant context in public component state. This is not a proven exploit in the repo today, but the hardening standard is not yet explicit or reusable.
  • Category: hardening
  • Priority: medium
  • Suggested follow-up: Track in ../audits/2026-03-15-audit-spec-candidates.md as Candidate D: Livewire context locking and trusted-state reduction.

2026-03-08 — Alert sla_due event type is dead code

  • Source: Spec 109 (Review Pack Export)
  • Observation: sla_due alert rule event type exists in the schema but no producer dispatches it. Dead code path.
  • Category: cleanup
  • Priority: low
  • Suggested follow-up: Remove or implement. If SLA alerting is a future feature, document the intent; otherwise delete.

2026-03-08 — Alert Deliveries header-action exemption needs permanent documentation

  • Source: Spec 122 (Empty State Consistency)
  • Observation: Alert Deliveries is the first resource with an explicit UX-001 relocation exemption — its CTA exists only in the empty state and does NOT relocate to the header. This needs to remain documented so future developers don't "fix" it.
  • Category: documentation
  • Priority: low
  • Suggested follow-up: Ensure the exemption is captured in the Action Surface Contract guard tests and/or resource-level comments.

2026-03-08 — Historical findings backfill for source field

  • Source: Spec 101 (Golden Master Baseline Governance)
  • Observation: The source field on findings was added but historical findings may not be backfilled. Reporting accuracy depends on this.
  • Category: data integrity
  • Priority: medium
  • Suggested follow-up: One-time migration or backfill job to classify existing findings by source.

2026-03-08 — Baseline profile hard-delete deferred

  • Source: Spec 101 (Golden Master Baseline Governance)
  • Observation: Baseline profiles can only be archived, not hard-deleted, in v1. If archive accumulation becomes a problem, a hard-delete with cascade needs to be built.
  • Category: feature gap
  • Priority: low
  • Suggested follow-up: Monitor archive count. Spec only if it becomes a user-reported issue.

2026-03-08 — Drift engine hard-fail when no Inventory Sync exists

  • Source: Spec 119 (Baseline Drift Engine Cutover)
  • Observation: Currently drift capture does NOT hard-fail when no completed Inventory Sync exists. This was deferred as a "larger product behavior change."
  • Category: hardening
  • Priority: medium
  • Suggested follow-up: Evaluate whether capturing drift without a baseline sync produces misleading results. If so, enforce the prerequisite.

2026-03-08 — Performance indexes for system console windowed queries

  • Source: Spec 114 (System Console Control Tower)
  • Observation: EXPLAIN baselines don't show pressure yet, but windowed queries on operation_runs could become slow at scale. Indexes were explicitly deferred.
  • Category: performance
  • Priority: low
  • Suggested follow-up: Monitor query times. Add indexes proactively if run count exceeds ~100k.

Template

## YYYY-MM-DD — Short title
- **Source**: Spec NNN (Name) | chat | audit | coding
- **Observation**:
- **Category**: feature gap | cleanup | hardening | UX polish | performance | documentation | data integrity
- **Priority**: low | medium | high
- **Suggested follow-up**: