ahmido/TenantAtlas
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects 1 Releases Wiki Activity
bd06b479e1
TenantAtlas/specs/219-finding-ownership-semantics/quickstart.md
ahmido c86b399b43
Some checks failed
Main Confidence / confidence (push) Failing after 53s
Details
feat(219): Finding ownership semantics + LEAN-001 constitution + backup_set unification (#256) 
## Summary

This PR delivers three related improvements:

### 1. Finding Ownership Semantics (Spec 219)
- Add responsibility/accountability labels to findings and finding exceptions
- `owner_user_id` = accountable party (governance owner)
- `assignee_user_id` = responsible party (technical implementer)
- Expose Assign/Reassign actions in FindingResource with audit logging
- Add ownership columns and filters to finding list
- Propagate owner from finding to exception on creation
- Tests: ownership semantics, assignment audit, workflow actions

### 2. Constitution v2.7.0 — LEAN-001 Pre-Production Lean Doctrine
- New principle forbidding legacy aliases, migration shims, dual-write logic, and compatibility fixtures in a pre-production codebase
- AI-agent 4-question verification gate before adding any compatibility path
- Review rule: compatibility shims without answering the gate questions = merge blocker
- Exit condition: LEAN-001 expires at first production deployment
- Spec template: added default "Compatibility posture" block
- Agent instructions: added "Pre-production compatibility check" section

### 3. Backup Set Operation Type Unification
- Unified `backup_set.add_policies` and `backup_set.remove_policies` into single canonical `backup_set.update`
- Removed all legacy aliases, constants, and test fixtures
- Added lifecycle coverage for `backup_set.update` in config
- Updated all 14+ test files referencing legacy types

### Spec Artifacts
- `specs/219-finding-ownership-semantics/` — full spec, plan, tasks, research, data model, contracts, checklist

### Tests
- All affected tests pass (OperationCatalog, backup set, finding workflow, ownership semantics)

Co-authored-by: Ahmed Darrazi <ahmed.darrazi@live.de>
Reviewed-on: #256
2026-04-20 17:54:33 +00:00

3.5 KiB
Raw Blame History

Quickstart: Finding Ownership Semantics Clarification

Goal: Implement the clarified finding owner versus assignee contract on existing findings surfaces without introducing new persistence, capabilities, or workflow services.

1. Prepare the workspace

cd apps/platform
./vendor/bin/sail up -d

2. Update responsibility semantics on the existing findings resource

Primary file:

  • app/Filament/Resources/FindingResource.php

Expected implementation steps:

  1. Keep owner and assignee as separate roles on list and detail surfaces.
  2. Add a derived responsibility-state label, badge, or equivalent summary based on current owner/assignee presence.
  3. Adjust filters or personal-work shortcuts so assignee-driven work and owner-driven accountability are not collapsed into one ambiguous view.
  4. Keep Exception owner explicitly distinct anywhere exception context is rendered from a finding.
  5. Add help text to assignment and exception-request forms so operators understand the semantic difference between the two owner concepts.

3. Keep responsibility truth local and derived

Supporting files:

  • app/Models/Finding.php
  • app/Services/Findings/FindingWorkflowService.php
  • app/Services/Findings/FindingExceptionService.php
  • app/Services/Findings/FindingRiskGovernanceResolver.php

Guidance:

  1. Prefer a small local derived helper on Finding if it simplifies repeated responsibility-state checks.
  2. Do not add a new enum, table, or presenter for responsibility state.
  3. Keep FindingWorkflowService::assign() as the canonical mutation boundary.
  4. If feedback or audit wording changes, distinguish owner-only, assignee-only, clear-owner, clear-assignee, and combined changes explicitly.
  5. If next-action copy is updated, treat missing owner as the visible state orphaned accountability even when an assignee exists.

4. Add focused regression tests

Primary test targets:

  • tests/Feature/Filament/Resources/FindingResourceOwnershipSemanticsTest.php
  • tests/Feature/Findings/FindingAssignmentAuditSemanticsTest.php

Potential supporting edits:

  • tests/Feature/Findings/FindingWorkflowRowActionsTest.php
  • tests/Feature/Findings/FindingWorkflowServiceTest.php

Coverage checklist:

  1. Owner-only finding renders as owned but unassigned.
  2. Owner-plus-assignee finding renders both roles distinctly.
  3. Assignee-only and both-null findings render as orphaned accountability.
  4. Exception owner remains separately labeled from finding owner.
  5. Responsibility updates preserve tenant-member validation and clearly report owner-only, assignee-only, clear-owner, clear-assignee, and combined changes.
  6. Tenant-route authorization assertions use explicit panel selection when needed.

5. Verify the feature

Run the narrowest proof set first:

cd apps/platform && ./vendor/bin/sail artisan test --compact tests/Feature/Filament/Resources/FindingResourceOwnershipSemanticsTest.php
cd apps/platform && ./vendor/bin/sail artisan test --compact tests/Feature/Findings/FindingAssignmentAuditSemanticsTest.php
cd apps/platform && ./vendor/bin/sail bin pint --dirty --format agent

6. Review expectations

Before moving to tasks or implementation review, confirm:

  1. Owner, assignee, and exception owner mean one stable thing each across list, detail, and action flows.
  2. Responsibility state is derived from existing fields only.
  3. No new persistence, capability split, or presenter/framework layer was introduced.
  4. Tenant-safe Filament behavior remains intact on both admin canonical and tenant-panel test paths.