ahmido/TenantAtlas
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects 1 Releases Wiki Activity
bd06b479e1
TenantAtlas/specs/220-governance-run-summaries/data-model.md
ahmido bd06b479e1
Some checks failed
Main Confidence / confidence (push) Failing after 43s
Details
feat: add governance run summaries (#257) 
## Summary
- add the Spec 220 governance run diagnostic summary seam and wire it through the canonical operation run detail presenter
- render summary-first decision guidance for covered governance run families while keeping technical diagnostics secondary
- add focused Pest coverage, spec artifacts, and complete the integrated-browser smoke validation for canonical run detail

## Testing
- cd apps/platform && ./vendor/bin/sail bin pint --dirty --format agent
- cd apps/platform && ./vendor/bin/sail artisan test --compact tests/Feature/Monitoring/GovernanceOperationRunSummariesTest.php tests/Feature/Filament/OperationRunBaselineTruthSurfaceTest.php tests/Feature/Monitoring/ArtifactTruthRunDetailTest.php tests/Feature/Authorization/OperatorExplanationSurfaceAuthorizationTest.php tests/Feature/RunAuthorizationTenantIsolationTest.php tests/Unit/Support/OpsUx/GovernanceRunDiagnosticSummaryBuilderTest.php tests/Unit/Support/OperatorExplanation/OperatorExplanationBuilderTest.php
- integrated browser smoke pass on localhost:8081 covering summary-first hierarchy, zero-output runs, multi-cause runs, cross-family parity, workspace-wide visibility, and deny-as-not-found tenant safety

Co-authored-by: Ahmed Darrazi <ahmed.darrazi@live.de>
Reviewed-on: #257
2026-04-20 20:46:09 +00:00

8.1 KiB
Raw Blame History

Data Model: Humanized Diagnostic Summaries for Governance Operations

Overview

This feature does not add or modify persisted domain entities. It adds a logical derived presentation model for canonical governance operation run detail under /admin/operations/{run}.

The design constraint is strict:

  • OperationRun remains the only persisted source for run lifecycle and execution truth.
  • Related artifacts such as BaselineSnapshot, EvidenceSnapshot, TenantReview, and ReviewPack remain the persisted source for artifact truth where they exist.
  • ArtifactTruthPresenter, OperatorExplanationBuilder, and ReasonPresenter remain the semantic inputs.
  • The new summary remains fully derived and surface-specific.

Existing Persistent Inputs

1. OperationRun

  • Purpose: Canonical operational record for background and governance work.
  • Key persisted fields used by this feature:
    • id
    • workspace_id
    • tenant_id
    • type
    • status
    • outcome
    • context
    • summary_counts
    • failure_summary
    • started_at
    • completed_at
  • Relationships and derived lookups used by this feature:
    • workspace and tenant context
    • related artifact resolution through current operation catalog and presenter logic

2. Related Governance Artifacts

These are not newly modeled by this feature, but they remain relevant when a run produced or references an artifact.

  • BaselineSnapshot
  • EvidenceSnapshot
  • TenantReview
  • ReviewPack

The feature only reads their already-derived truth where available.

Existing Derived Inputs

A. ArtifactTruthEnvelope

ArtifactTruthPresenter already derives ArtifactTruthEnvelope for OperationRun and related artifact records.

Important envelope dimensions already available:

  • artifactExistence
  • contentState
  • freshnessState
  • publicationReadiness
  • supportState
  • actionability
  • primaryLabel
  • primaryExplanation
  • reason
  • diagnosticLabel

This feature must consume that envelope instead of replacing it.

B. OperatorExplanationPattern

OperatorExplanationBuilder already derives an explanation pattern containing:

  • headline
  • evaluationResult
  • executionOutcome
  • trustworthinessLevel
  • reliabilityStatement
  • coverageStatement
  • dominantCauseCode
  • dominantCauseLabel
  • dominantCauseExplanation
  • nextActionCategory
  • nextActionText
  • countDescriptors

This feature reuses that pattern as input to the new run-detail summary.

Derived Presentation Entities

1. GovernanceRunDiagnosticSummary

Primary derived object for canonical run detail.

Field Meaning Source
headline One dominant first-pass statement for the run detail page derived from ArtifactTruthEnvelope + OperatorExplanationPattern
executionOutcomeLabel Technical execution result kept visible as a separate fact OperationRun.outcome via existing badge semantics
artifactImpactLabel What the resulting artifact means for operator action artifact truth + explanation pattern
primaryReason One short reason supporting the headline dominant cause explanation or primary explanation
affectedScaleCue One operator-readable scale cue, such as ambiguous subjects or missing sections summary_counts, run context, or related artifact truth
nextActionText First follow-up step the operator should see existing explanation or next-step logic
secondaryCauses[] Additional contributing causes preserved below the primary cause ranked from reason/context inputs
diagnosticsAvailable Whether deeper technical sections still exist below derived from reason, payload, or technical sections

Validation rules:

  • Exactly one headline is allowed for the default-visible summary.
  • artifactImpactLabel must stay distinct from executionOutcomeLabel.
  • affectedScaleCue is optional, but when present it must be backed by numeric or enumerated persisted evidence, not freeform guesswork.
  • secondaryCauses[] must not repeat the dominant cause.

2. DominantCauseBreakdown

Logical grouping of the main and supporting causes for degraded runs.

Field Meaning
primaryCauseCode Stable internal reason or derived cause key
primaryCauseLabel Operator-facing dominant cause label
primaryCauseExplanation Short explanation shown in the summary area
secondaryCauses[] Additional causes shown in supporting detail only
rankingRule Stable ranking rule used to keep ordering deterministic

Rules:

  • Ranking must be deterministic for equivalent runs.
  • The same cause class must keep the same reading direction across covered governance families.
  • A run with no meaningful secondary cause data may omit the secondary list entirely.

3. AffectedScaleCue

Small derived object explaining what was affected and at what scale.

Field Meaning
label Operator-facing scale label such as Affected subjects, Missing sections, or Incomplete dimensions
value Human-readable count or scale statement
source Where the cue came from: summary_counts, context, or related artifact truth
confidence Whether the cue is exact, bounded, or best available from persisted context

Rules:

  • This object remains optional because not every run family has equally rich scale data.
  • It must never introduce a new persisted count contract.
  • It must not imply precision the persisted data does not support.

4. GovernanceRunSummaryContext

Logical context for the summary builder.

Field Meaning
surface Always canonical_operation_run_detail for this spec
canonicalOperationType Canonical operation type from OperationCatalog
artifactFamily Related artifact family when one exists
tenantVisibility Whether related tenant/artifact context is visible to the current actor

Rules:

  • This context is surface-specific and must not become a cross-product taxonomy.
  • Tenant visibility rules must suppress inaccessible related labels and links.

Covered Run Families

Canonical Type Primary Artifact Family Typical Affected-Scale Source Dominant-Cause Focus
baseline.capture baseline_snapshot summary_counts, context.result, baseline snapshot summary blocked prerequisite, zero in-scope subjects, unusable snapshot result
baseline.compare none direct, but linked baseline/evidence truth may exist summary_counts, context.baseline_compare, evidence-gap payloads suppressed output, ambiguous matches, evidence gaps, strategy failure
tenant.evidence.snapshot.generate evidence_snapshot evidence snapshot summary, completeness state, run counts stale or incomplete evidence basis, blocked snapshot generation
tenant.review.compose tenant_review review summary, missing sections, related evidence truth missing sections, stale evidence, internal-only review outcome
tenant.review_pack.generate review_pack pack summary, linked review state, generation context internal-only or blocked pack outcome, source-review limitations

Derivation Rules

Summary selection order

  1. Resolve canonical operation type.
  2. Resolve related artifact truth if present.
  3. Resolve operator explanation pattern.
  4. Derive dominant cause and supporting causes.
  5. Derive affected-scale cue from existing persisted data.
  6. Build one GovernanceRunDiagnosticSummary.
  7. Render diagnostics below that summary without altering the underlying truth.

Zero-output runs

  • If a run completed technically but produced no decision-grade artifact, the summary must explicitly say so.
  • Zero output must never default to a neutral or green reading.

Multi-cause degraded runs

  • One primary cause is required.
  • Additional causes remain visible as supporting detail only.
  • The ranking rule must be deterministic and shared across all covered run families.

Authorization-sensitive output

  • Related artifact names, tenant names, and links may only appear when entitlement checks already pass.
  • The summary may remain useful without those labels by using generic operator-safe phrasing.