TenantAtlas/specs/389-governance-inbox-resolution-intake-v1/artifacts/current-governance-inbox-inventory.md
ahmido 9912d94563 feat: add governance inbox resolution intake (#460)
Automated PR created by Codex via Gitea API.

Co-authored-by: Ahmed Darrazi <ahmed.darrazi@live.de>
Reviewed-on: #460
2026-06-20 07:46:12 +00:00

280 lines
9.6 KiB
Markdown

# Current Governance Inbox Inventory
**Feature**: 389 - Governance Inbox Resolution Intake v1
**Captured**: 2026-06-19
**Purpose**: Inventory the existing Governance Inbox before implementation.
## Repo Safety Snapshot
- Branch before preparation: `platform-dev`
- Latest baseline commit before preparation: `83c679cf feat: add review publication proof currentness contract (#459)`
- New preparation branch: `389-governance-inbox-resolution-intake-v1`
- Worktree before creating Spec 389 artifacts: clean
- Current dirty scope after preparation: `specs/389-governance-inbox-resolution-intake-v1/` only
- Spec 386 status in repo: present and merged into platform history through `ba7622a1 feat: implement ReviewPublicationResolutionWorkflow (Spec 386) (#457)`
- Spec 387 status in repo: present and merged into platform history through `aca0b106 feat: add review publication resolution ux spec and tests (#458)`
- Spec 388 status in repo: present on current baseline through `83c679cf feat: add review publication proof currentness contract (#459)`
## Existing Route / Page / Resource
The Governance Inbox is an existing Filament Page:
- Page class: `apps/platform/app/Filament/Pages/Governance/GovernanceInbox.php`
- View: `apps/platform/resources/views/filament/pages/governance/governance-inbox.blade.php`
- Slug: `governance/inbox`
- Navigation group: workspace-wide Governance group
- Navigation label: `Governance inbox`
- Navigation sort: `5`
- Action surface declaration: list-only, read-only registry report
Spec 389 must reuse this page. It must not add a new top-level navigation item, CRUD Resource, global-search Resource, or independent Resolution Cases page.
## Existing Builder Pattern
The current page consumes `GovernanceInboxSectionBuilder`:
- Builder class: `apps/platform/app/Support/GovernanceInbox/GovernanceInboxSectionBuilder.php`
- Public entry point: `build(...)`
- Inputs include current user, workspace, authorized environments, visible finding environments, review environments, alert/finding-exception visibility, selected environment, selected family, and canonical navigation context.
- Output includes:
- `sections`
- `available_families`
- `family_counts`
- `total_count`
The builder currently owns source-family sections and returns source entries. The Filament Page normalizes those entries into first-screen operator lanes.
## Existing Source Families
Current `FAMILY_ORDER`:
1. `assigned_findings`
2. `intake_findings`
3. `finding_exceptions`
4. `stale_operations`
5. `alert_delivery_failures`
6. `review_follow_up`
Spec 389 should add only one concrete family:
```text
review_publication_resolution
```
It should be ordered so failed/blocked review publication preparation appears with other high-attention governance work, without changing the meaning of existing families.
## Existing Lane Pattern
The first screen groups normalized entries into lanes in `GovernanceInbox::lanePayload()`:
- `needs_triage`
- `requires_decision`
- `risk_exception_review`
- `evidence_required`
- `blocked`
Entries are converted by `buildOperatorItem()` into a common display shape:
- lane key and label
- title
- status label
- reason heading
- reason label
- impact label
- source label
- environment label
- context label
- owner and due labels
- evidence and exception labels
- primary action
- secondary actions
- linked records
- urgency rank
Spec 389 can map Review Publication Resolution items into existing lanes:
- `failed`, `blocked`, unsafe waiting failures: `blocked`
- `needs_attention`, `needs_recheck`, `ready_to_continue`: `requires_decision` or `evidence_required` when the reason is specifically missing proof/evidence
- `waiting`: `requires_decision` or a low-rank item, unless the existing lane language is adjusted in implementation
Any lane copy changes must stay decision-first and read-only.
## Existing Filters
The page currently exposes:
- environment filter through `environment_id`
- source-family filter through `family`
The source detail section renders family filter links and counts. Empty states adapt to environment/family filters.
Spec 389 should use:
- `family=review_publication_resolution` as the type filter equivalent
- existing `environment_id` filtering
- bounded status filtering for Review Publication Resolution inbox states
- bounded updated-date filtering for Review Publication Resolution items, limited in v1 to `Any time`, `Last 24 hours`, `Last 7 days`, and `Last 30 days`
- no generic resolution-type registry
Status and updated-date filtering must follow existing page patterns or remain tightly bounded to this family.
## Existing Action / Link Pattern
The existing renderer supports:
- one primary action per operator item
- source-family dominant action
- secondary actions
- linked records inside collapsed context
- destination URLs on source entries
Existing source families use links such as:
- Finding view/resource URLs
- Finding exception queue/resource URLs
- OperationRun links through `OperationRunLinks`
- Review context links through `EnvironmentReviewResource`
- Customer Review Workspace links
Spec 389 should use:
- default primary action: Resolution Page
- secondary action: Review detail when authorized
- optional operation action: only after scope/currentness/context/RBAC validation
No action may mutate resolution, review, report, evidence, export, OperationRun, or publish state from the inbox.
## Existing Operation Link Rendering
The current stale operation family renders OperationRun entries as a source family and uses:
- `OperationRunLinks::identifier($run)`
- `OperationRunLinks::tenantlessView($run, $navigationContext)`
- `OperationRunLinks::index(...)`
That pattern is not sufficient by itself for Spec 389 operation disclosure. Review Publication Resolution operation links need extra validation:
- same workspace
- same environment
- same EnvironmentReview where applicable
- same Resolution Case where applicable
- current step or current safe proof summary
- expected operation type
- Spec 388 currentness/visibility/usability
- `OperationRunPolicy::view`
If any check fails, the inbox must not render the OperationRun ID or URL.
## Existing RBAC and Scope Enforcement
The page enforces workspace membership on mount. Source families receive prefiltered environment arrays:
- authorized environments
- visible finding environments
- review environments
`ReviewPublicationResolutionCasePolicy::view` already verifies:
- case tenant exists
- case review exists
- user can access tenant
- case workspace matches tenant workspace
- review workspace and environment match case/tenant
- current user has `ENVIRONMENT_REVIEW_VIEW`
`OperationRunPolicy::view` already verifies:
- workspace membership
- environment entitlement for environment-scoped operations
- operation-specific view capability
Spec 389 must use these policies but operation links require additional source-context checks beyond permission.
## Existing Empty States
The page has:
- summary empty state when no lanes are visible
- lane empty states
- source-family empty states
- environment filter empty states
- family filter empty states
Spec 389 required copy:
- `No review publication work needs attention`
- `No accessible review publication work`
- `No items match this filter`
Implementation should place this copy in the new source family and page-level empty state only where it does not misrepresent other source families.
## Existing Collapsed Details
The first-screen item shows:
- status badge
- environment badge
- title
- context label
- primary action
- reason and impact
Collapsed `More context` shows:
- source
- owner / due
- evidence
- accepted-risk / decision
- linked records
- secondary actions
This matches Spec 389's detail hierarchy. Technical proof/currentness internals should remain absent or collapsed behind already-authorized source surfaces.
## Existing Review Publication Resolution Foundations
Relevant runtime files for later implementation:
- `apps/platform/app/Models/ReviewPublicationResolutionCase.php`
- `apps/platform/app/Models/ReviewPublicationResolutionStep.php`
- `apps/platform/app/Support/ReviewPublicationResolution/ReviewPublicationResolutionCaseStatus.php`
- `apps/platform/app/Support/ReviewPublicationResolution/ReviewPublicationResolutionStepStatus.php`
- `apps/platform/app/Support/ReviewPublicationResolution/ReviewPublicationProofResolver.php`
- `apps/platform/app/Support/ReviewPublicationResolution/ResolutionProofEvaluation.php`
- `apps/platform/app/Policies/ReviewPublicationResolutionCasePolicy.php`
- `apps/platform/app/Policies/OperationRunPolicy.php`
- `apps/platform/app/Filament/Resources/EnvironmentReviewResource/Pages/ResolveReviewPublication.php`
Existing case statuses:
- `open`
- `in_progress`
- `waiting_for_run`
- `blocked`
- `ready_to_continue`
- `completed`
- `cancelled`
- `superseded`
Existing step statuses:
- `pending`
- `actionable`
- `running`
- `failed`
- `completed`
- `superseded`
Spec 389 should consume these states and Spec 388 proof evaluation. It should not add a new data model or persisted status family.
## Implementation Implications
- Best fit is either a concrete `ReviewPublicationResolutionInboxProvider` or a tightly scoped builder method.
- Reuse existing page rendering wherever possible.
- Add the family to `FAMILY_ORDER` and `available_families` only when visible.
- Add classifier support for the new family in `GovernanceInbox::classifyLane()`.
- Add secondary/linked record handling only for Resolution, Review, and validated Operation links.
- Keep technical details collapsed or absent.
- Keep customer-facing surfaces untouched.
- No panel provider registration changes are needed.
- No new Filament assets are expected.