TenantAtlas/specs/393-evidence-anchor-reconciliation-v1/tasks.md
ahmido 77f499b60e feat: add evidence anchor reconciliation contracts and readiness fixes (#464)
Automated PR created by Codex via Gitea API.

Co-authored-by: Ahmed Darrazi <ahmed.darrazi@live.de>
Reviewed-on: #464
2026-06-21 09:39:14 +00:00

183 lines
17 KiB
Markdown

# Tasks: Spec 393 - Evidence Anchor Reconciliation v1
**Input**: `specs/393-evidence-anchor-reconciliation-v1/spec.md` and `plan.md`
**Prerequisites**: Spec artifacts prepared; implementation must start from repo-truth verification and must not modify completed context specs.
**Tests**: Required. This is an evidence trust-boundary change with Unit, Feature/HTTP, Filament/Livewire, and bounded Browser proof.
## Test Governance Checklist
- [x] Lane assignment is named and narrow: Unit for resolver decisions, Feature/HTTP for route/scope/provenance, Filament/Livewire for action labels/state, Browser for final customer/dashboard trust-path proof.
- [x] New or changed tests stay in focused families; Browser coverage is one explicit Spec 393 smoke unless existing focused browser tests are intentionally reused and named.
- [x] Shared helpers, factories, seeds, fixtures, and context defaults stay cheap by default.
- [x] Planned validation commands cover the change without pulling unrelated heavy-governance cost.
- [x] N+1/eager-loading risk is covered by an explicit resolver/query-shape task for affected list/detail surfaces.
- [x] The declared surface profile is customer-safe strategic review surface + evidence/artifact detail + dashboard signal.
- [x] Any unreachable or not-applicable surface is documented in the implementation report instead of faked.
## Phase 1: Repo Truth And Evidence Anchor Inventory
**Purpose**: Map all current local evidence selectors before changing behavior.
- [x] T001 Re-read `specs/393-evidence-anchor-reconciliation-v1/spec.md`, `plan.md`, `tasks.md`, and `checklists/requirements.md`.
- [ ] T002 Re-read completed context specs as read-only inputs only: `specs/361-report-evidence-reconciliation`, `specs/372-customer-auditor-surface-safety-pass`, `specs/385-evidence-review-readiness`, `specs/386-review-publication-resolution-workflow-v1`, `specs/387-review-publication-resolution-decision-ux-v1`, `specs/388-resolution-proof-currentness-contract-v1`, and `specs/392-customer-output-gating-review-pack-navigation`.
- [x] T003 Confirm current branch and dirty state with `git status --short --branch` and `git log -1 --oneline`.
- [x] T004 Inventory every evidence selector/link/action/output in `apps/platform/app`, `apps/platform/resources`, `apps/platform/routes`, `apps/platform/tests`, and localization files using the spec search terms, including shared builders/presenters `ArtifactTruthPresenter`, `OperationRunLinks`, `RelatedNavigationResolver`, and `GovernanceDecisionRegisterBuilder`.
- [ ] T005 Record the inventory in the implementation report: file, current selection logic, target route, visible label, product context, customer/internal/technical classification, and stale/partial/superseded/wrong-scope risk.
- [x] T006 Inspect exact current behavior in `apps/platform/app/Services/Evidence/EvidenceSnapshotResolver.php`, `apps/platform/app/Services/EnvironmentReviews/EnvironmentReviewService.php`, and `apps/platform/app/Models/EvidenceSnapshot.php`.
- [x] T007 Inspect current product surfaces in `apps/platform/app/Filament/Pages/Monitoring/EvidenceOverview.php`, `apps/platform/app/Filament/Pages/Reviews/CustomerReviewWorkspace.php`, `apps/platform/app/Filament/Resources/EnvironmentReviewResource.php`, `apps/platform/app/Filament/Resources/ReviewPackResource.php`, `apps/platform/app/Filament/Resources/StoredReportResource.php`, and `apps/platform/app/Filament/Resources/EvidenceSnapshotResource.php`.
- [x] T008 Inspect current report/review provenance in `apps/platform/app/Support/ReviewPacks/ManagementReportPdfPayloadBuilder.php`, rendered-report controllers/views, and `apps/platform/app/Support/ReviewPublicationResolution/ReviewPublicationProofResolver.php`.
- [x] T009 Confirm no migration, package, env var, queue, scheduler, storage topology, Graph scope, panel-provider, route family, report renderer, customer portal, or broad technical annex change is required; stop and update spec/plan if false.
- [x] T010 Confirm Filament v5 / Livewire v4.0+ compliance and no Filament v3/v4 or Livewire v3 APIs.
- [x] T011 Confirm panel provider registration remains `apps/platform/bootstrap/providers.php`.
- [x] T012 Confirm no global-search participation is added or changed.
## Phase 2: Resolver Contract And Unit Tests
**Purpose**: Prove evidence anchor behavior before replacing product surfaces.
- [x] T013 Add focused Unit tests for the canonical Evidence Anchor Resolver under `apps/platform/tests/Unit/Services/Evidence/Spec393EvidenceAnchorResolverTest.php` or the nearest existing evidence test family.
- [ ] T014 [P] Test newest valid current evidence is selected for a workspace/environment.
- [ ] T015 [P] Test superseded evidence is not selected as current.
- [x] T016 [P] Test partial evidence is not selected as current.
- [ ] T017 [P] Test expired evidence is not selected as current.
- [ ] T018 [P] Test queued, generating, failed, missing, and stale evidence are not selected as current proof.
- [ ] T019 [P] Test wrong-workspace evidence and unauthorized workspace-wide evidence are never selected.
- [x] T020 [P] Test wrong-environment evidence is never selected, including when no explicit environment is provided and the actor lacks entitlement.
- [x] T021 Test no valid evidence is returned when only partial/superseded/expired evidence exists.
- [x] T022 Test released review evidence resolves from the review/review-pack binding independently from current evidence.
- [x] T023 Test released review evidence remains stable after newer current evidence is created.
- [ ] T024 Test draft review evidence is internal/draft and not customer-safe.
- [x] T025 Test customer workspace resolution returns customer-safe summary without raw technical route by default.
- [ ] T026 Test actor without permission receives no technical evidence link.
- [ ] T027 Test internal/operator actor may receive technical detail link where appropriate.
- [ ] T028 Test deterministic tie-breaker when multiple valid snapshots share `generated_at` in a workspace-wide authorized selection set or another repo-possible multi-record set.
- [x] T029 Implement or consolidate `EvidenceAnchorResolver` and result value object/array in `apps/platform/app/Services/Evidence/` or the narrowest repo-consistent namespace, using derived non-persisted anchor type/state vocabulary only.
- [x] T030 Ensure resolver result exposes the spec-required fields and maps internal states to allowed UI vocabulary without adding a persisted enum/status family.
- [x] T031 Ensure resolver performs DB-only scoped queries, no Graph/provider calls, and explicit eager-loading or bounded query shape for relationships needed by affected UI paths.
## Phase 3: Current Evidence Product Surfaces
**Purpose**: Make dashboard/workspace/environment/evidence-overview surfaces use `CURRENT_SCOPE_EVIDENCE`.
- [ ] T032 Add Feature/Filament tests proving dashboard/workspace/environment current evidence link targets the valid current evidence, not older partial/superseded evidence.
- [x] T033 Add Feature/Filament tests proving no current-evidence link appears when only partial/superseded/expired evidence exists.
- [x] T034 Update dashboard/workspace/environment summary builders that produce evidence CTAs to use the resolver.
- [x] T035 Update `apps/platform/app/Filament/Pages/Monitoring/EvidenceOverview.php` to use the resolver for product-facing current evidence row/action targets.
- [x] T036 Remove local fallback queries from affected current-state surfaces that choose arbitrary latest evidence.
- [ ] T037 Ensure non-link states use concise copy: `Evidence not ready`, `Evidence unavailable`, `Evidence needs attention`, or `Evidence expired`.
- [x] T038 Ensure current evidence selection order is explicit and deterministic in code and tests.
## Phase 4: Released Review, Review Pack, And Report Provenance
**Purpose**: Keep released output bound to released evidence instead of current evidence.
- [ ] T039 Add Feature tests proving released review output references evidence snapshot A after newer current evidence B is created.
- [x] T040 Add Feature/Filament tests proving `ReviewPackResource` evidence labels use release-bound/review-pack evidence and do not query arbitrary current evidence.
- [x] T041 Add Feature/Filament tests proving `EnvironmentReviewResource` evidence basis uses the review-bound evidence.
- [ ] T042 Add Feature tests proving rendered report, stored report, and management-report provenance use released review/review-pack evidence where in scope.
- [x] T043 Update `apps/platform/app/Filament/Resources/ReviewPackResource.php` to consume released-review/review-pack anchor results for evidence basis links/labels.
- [x] T044 Update `apps/platform/app/Filament/Resources/EnvironmentReviewResource.php` to consume released-review anchor results for evidence basis links/labels.
- [ ] T045 Update report provenance builders/controllers/views only where they currently infer evidence from latest/current state.
- [x] T046 Ensure missing released evidence produces `Evidence not configured`, `Evidence unavailable`, or `Review evidence needs attention` instead of borrowing current evidence.
## Phase 5: Customer Review Workspace Customer-Safe Evidence
**Purpose**: Remove raw evidence links from default customer-safe review consumption.
- [x] T047 Add Feature/Filament tests proving Customer Review Workspace default view does not render raw EvidenceSnapshot routes, evidence IDs, source keys, detector output, OperationRun proof, fingerprints, or technical dimensions.
- [ ] T048 Add tests proving Customer Review Workspace may show customer-safe summary text such as `Evidence captured for this review` or `Evidence current at publication`.
- [ ] T049 Add tests proving authorized internal users get only a secondary/internal technical action when allowed.
- [x] T050 Update `apps/platform/app/Filament/Pages/Reviews/CustomerReviewWorkspace.php` to consume `CUSTOMER_SAFE_EVIDENCE_SUMMARY` for default evidence state.
- [ ] T051 Update `apps/platform/resources/views/filament/pages/reviews/customer-review-workspace.blade.php` to remove or demote raw evidence links by default.
- [ ] T052 Ensure any internal action uses labels such as `View audit trail` or `View internal evidence details`.
- [x] T053 Ensure customer/read-only mode receives no raw evidence target route.
## Phase 6: Technical Evidence Detail Boundary
**Purpose**: Preserve technical evidence access without making it product proof.
- [ ] T054 Add Feature/HTTP tests proving direct wrong-scope EvidenceSnapshot route remains deny-as-not-found.
- [ ] T055 Add tests proving technical detail requires internal/operator permission where the product surface offers a technical link.
- [ ] T056 Update `apps/platform/app/Filament/Resources/EvidenceSnapshotResource.php` only where labels/context need to clarify technical/audit purpose.
- [x] T057 Ensure product surfaces use secondary/internal labels for technical evidence detail and do not expose raw technical labels in customer-safe defaults.
- [ ] T058 Preserve existing EvidenceSnapshot technical page depth and existing destructive/high-impact action confirmation/authorization/audit behavior.
## Phase 7: Deprecated Selector And Fixture Cleanup
**Purpose**: Remove wrong-anchor assumptions rather than compatibility-shimming them.
- [x] T059 Search for remaining product-facing `latest('generated_at')`, `latest('created_at')`, `orderByRaw('COALESCE(generated_at, created_at) DESC')`, `EvidenceSnapshotResource::getUrl`, direct `evidence_snapshot_id` link composition, and shared link-builder emissions in `ArtifactTruthPresenter`, `OperationRunLinks`, `RelatedNavigationResolver`, and `GovernanceDecisionRegisterBuilder`.
- [x] T060 Replace or remove product-facing local fallback selectors found by T059, or explicitly classify retained shared-builder links as technical/internal-only.
- [x] T061 Update tests/fixtures that expected partial, superseded, stale, or arbitrary latest evidence to appear as current proof.
- [x] T062 Do not add legacy aliases, compatibility redirects, fallback readers, old translation keys, or tests preserving wrong-anchor behavior.
- [ ] T063 Update localization keys only where visible labels change; remove stale keys if they preserve forbidden labels.
## Phase 8: Browser Smoke
**Purpose**: Prove visible trust boundaries and absence of internal evidence leakage.
- [ ] T064 Add or update `apps/platform/tests/Browser/Spec393EvidenceAnchorReconciliationSmokeTest.php` using existing review-output/evidence fixture helpers where practical.
- [x] T065 Browser state: current dashboard/evidence overview link opens current valid evidence, not stale/superseded evidence.
- [ ] T066 Browser state: Customer Review Workspace has no raw evidence snapshot link by default.
- [ ] T067 Browser state: Review Pack evidence label is truthful and release-bound.
- [ ] T068 Browser state: technical evidence link, if present, is secondary/internal.
- [ ] T069 Browser state: no visible `Evidence #<id>` style product link appears on customer-safe surfaces.
- [x] T070 Browser state: no 500/Livewire/Filament/console errors in affected flows.
- [ ] T071 Direct URL proof: wrong/old evidence URL does not become a customer-facing proof path.
## Phase 9: Validation And Close-Out
**Purpose**: Prove the implementation and record deployment impact clearly.
- [x] T072 Run `cd apps/platform && ./vendor/bin/sail artisan test --filter=Spec393`.
- [x] T073 Run targeted existing regressions for Customer Review Workspace, Review Pack, Environment Review, Evidence Overview, Stored Report, and management-report provenance if those surfaces changed.
- [ ] T074 Run `cd apps/platform && ./vendor/bin/sail php vendor/bin/pest tests/Browser/Spec393EvidenceAnchorReconciliationSmokeTest.php`.
- [ ] T075 Run additional affected existing browser tests named in the spec if they still exist and cover changed flows.
- [ ] T076 Update affected `docs/ui-ux-enterprise-audit/page-reports/...` artifacts when visible page behavior materially changed, or document explicit no-route/no-archetype/no-count-impact decisions for each touched surface in the implementation report.
- [x] T077 Run `cd apps/platform && ./vendor/bin/sail bin pint --dirty --format agent`.
- [x] T078 Run `git diff --check`.
- [x] T079 Confirm no migrations, seeders, packages, env vars, queues, scheduler, storage topology, Graph contracts/calls, panel providers, new route family, customer portal, technical annex, or legacy compatibility path were added unless spec/plan were updated first.
- [ ] T080 Confirm final Livewire v4 compliance, provider registration location, global-search posture, destructive/high-impact action status, asset strategy, tests, deployment impact, UI coverage artifact/no-impact decision, current-vs-released evidence separation, Customer Review Workspace no-raw-link behavior, no UI expansion, and no legacy shim in the implementation close-out response.
- [ ] T081 Complete human product sanity check before marking Spec 393 done.
## Dependencies
- Phase 1 must complete before runtime implementation.
- Phase 2 resolver tests should land before or alongside resolver implementation.
- Phase 3 current-surface replacements depend on the resolver contract.
- Phase 4 released-provenance replacements depend on release-bound resolver methods.
- Phase 5 customer workspace changes depend on customer-safe resolver summary behavior.
- Phase 8 runs after targeted tests and UI/route changes.
- Phase 9 closes the feature.
## Parallel Execution Examples
- T006, T007, and T008 can be split by repo surface during inspection.
- T014-T020 can be implemented in parallel as independent resolver test cases.
- T039-T042 can be split by review/report artifact surface after the resolver API is stable.
- T047-T049 can run in parallel with T054-T055 after the result shape is stable.
## Non-Goals / Stop Conditions
- Stop if implementation requires a new persisted evidence-anchor table, review release table, or broad technical annex; update spec/plan first.
- Stop if a page-local selector appears necessary for a product-facing surface; fold it into the resolver instead.
- Stop if the only way to keep an old test green is to preserve partial/superseded/latest fallback behavior.
- Stop if management-report runtime enablement or PDF renderer validation becomes necessary; that belongs to Spec 379 follow-through.
- Do not rewrite, normalize, uncheck, or remove implementation history from completed Specs 361, 372, 385, 386, 387, 388, or 392.
## Required Final Report Content For Later Implementation
When implementation later completes, report:
- Files changed.
- Resolver/API created or consolidated.
- Old local evidence-selection paths removed or replaced.
- Tests added/updated.
- Browser flows run.
- Evidence that current evidence and released review evidence are separated.
- Evidence that Customer Review Workspace no longer exposes raw evidence by default.
- UI coverage artifact update or explicit no-route/no-archetype/no-count-impact decision.
- Confirmation that no legacy fallback/compatibility shim was added.
- Confirmation that visible UI complexity did not increase.
- Remaining known unrelated failures, if any.