ahmido/TenantAtlas
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects 1 Releases Wiki Activity
be780a8b48
TenantAtlas/specs/307-decision-register-evidence-operationrun-link-polish/tasks.md
Ahmed Darrazi be780a8b48
Some checks failed
PR Fast Feedback / fast-feedback (pull_request) Failing after 1m36s
Details
chore(decision-register): polish evidence operation run link and tests
2026-05-15 13:41:43 +02:00

13 KiB
Raw Blame History

Tasks: Decision Register Evidence / OperationRun Link Polish

Input: /specs/307-decision-register-evidence-operationrun-link-polish/spec.md, /specs/307-decision-register-evidence-operationrun-link-polish/plan.md
Prerequisites: Existing Spec 265 and Spec 306 are context only; do not modify completed specs.
Scope: Runtime implementation only when explicitly requested after prep. This task list is prepared now.

Task Format

Each task uses - [ ] T### [P?] [US?] Description with exact path.

  • [P] means the task can run in parallel after prerequisites.
  • [US1], [US2], [US3] map to the user stories in spec.md.
  • Tasks that touch the same file are intentionally ordered to avoid conflicts.

Path Conventions

  • Platform app: /Users/ahmeddarrazi/Documents/projects/wt-plattform/apps/platform
  • Feature spec: /Users/ahmeddarrazi/Documents/projects/wt-plattform/specs/307-decision-register-evidence-operationrun-link-polish

Phase 1: Setup and Repo Verification

  • T001 Read /Users/ahmeddarrazi/Documents/projects/wt-plattform/.specify/memory/constitution.md, this spec, and this plan before runtime edits.
  • T002 Confirm current branch is 307-decision-register-evidence-operationrun-link-polish and working tree changes are expected.
  • T003 Inspect /Users/ahmeddarrazi/Documents/projects/wt-plattform/apps/platform/app/Support/GovernanceDecisions/GovernanceDecisionRegisterBuilder.php and record current row shape before editing.
  • T004 Inspect /Users/ahmeddarrazi/Documents/projects/wt-plattform/apps/platform/app/Filament/Pages/Governance/DecisionRegister.php and current proof/detail handoff behavior before editing.
  • T005 Inspect /Users/ahmeddarrazi/Documents/projects/wt-plattform/apps/platform/app/Models/FindingExceptionEvidenceReference.php and its migration to confirm source-type/source-id semantics before resolving links.
  • T006 Inspect artifact resources for canonical URLs and policies: EvidenceSnapshotResource.php, StoredReportResource.php, OperationRunLinks.php, and OperationRunUrl.php.
  • T007 Confirm no migration is needed; if one appears necessary, stop and update spec/plan with proportionality proof before continuing.

Phase 2: Tests First

  • T008 [P] [US1] Add builder coverage for proof count and No linked proof in /Users/ahmeddarrazi/Documents/projects/wt-plattform/apps/platform/tests/Unit/Support/GovernanceDecisions/GovernanceDecisionRegisterBuilderTest.php.
  • T009 [P] [US1] Add builder coverage for multiple evidence references falling back to detail proof handoff in /Users/ahmeddarrazi/Documents/projects/wt-plattform/apps/platform/tests/Unit/Support/GovernanceDecisions/GovernanceDecisionRegisterBuilderTest.php.
  • T010 [P] [US2] Add builder coverage for a single resolvable same-scope EvidenceSnapshot proof link when existing route support is available in /Users/ahmeddarrazi/Documents/projects/wt-plattform/apps/platform/tests/Unit/Support/GovernanceDecisions/GovernanceDecisionRegisterBuilderTest.php.
  • T011 [P] [US2] Add builder coverage for a single resolvable same-scope StoredReport proof link, or prove no fake stored-report link is emitted when the repo-real reference is unavailable, in /Users/ahmeddarrazi/Documents/projects/wt-plattform/apps/platform/tests/Unit/Support/GovernanceDecisions/GovernanceDecisionRegisterBuilderTest.php.
  • T012 [P] [US2] Add builder coverage for real OperationRun link metadata when a repo-real same-scope run reference exists in /Users/ahmeddarrazi/Documents/projects/wt-plattform/apps/platform/tests/Unit/Support/GovernanceDecisions/GovernanceDecisionRegisterBuilderTest.php.
  • T013 [P] [US2] Add builder coverage for missing OperationRun references producing no fake operation URL in /Users/ahmeddarrazi/Documents/projects/wt-plattform/apps/platform/tests/Unit/Support/GovernanceDecisions/GovernanceDecisionRegisterBuilderTest.php.
  • T014 [P] [US3] Add page rendering coverage for proof link/missing proof copy and no /admin/t links in /Users/ahmeddarrazi/Documents/projects/wt-plattform/apps/platform/tests/Feature/Governance/DecisionRegisterPageTest.php.
  • T015 [P] [US3] Add authorization coverage for hidden/disabled unavailable proof/run links when the viewer lacks destination access in /Users/ahmeddarrazi/Documents/projects/wt-plattform/apps/platform/tests/Feature/Governance/DecisionRegisterAuthorizationTest.php.
  • T016 [P] [US3] Add or update boundary coverage for cross-workspace and cross-environment proof/run denial in /Users/ahmeddarrazi/Documents/projects/wt-plattform/apps/platform/tests/Feature/Findings/FindingExceptionDecisionRegisterBoundariesTest.php.
  • T017 [P] [US3] Add or update navigation coverage proving the existing Decision Register row-to-FindingException detail handoff still works in /Users/ahmeddarrazi/Documents/projects/wt-plattform/apps/platform/tests/Feature/Findings/FindingExceptionDecisionRegisterNavigationTest.php.
  • T018 [P] [US3] Add or update a feature assertion that approve/reject/renew/revoke/close lifecycle actions are not introduced on the Decision Register in /Users/ahmeddarrazi/Documents/projects/wt-plattform/apps/platform/tests/Feature/Governance/DecisionRegisterPageTest.php.

Phase 3: User Story 1 - Truthful Proof State

Goal: Each register row exposes a truthful proof count/state and calm missing copy without fake URLs.

Independent Test: Builder and page tests show zero, one, and multiple evidence states correctly.

  • T019 [US1] Eager-load scoped evidenceReferences where needed in /Users/ahmeddarrazi/Documents/projects/wt-plattform/apps/platform/app/Support/GovernanceDecisions/GovernanceDecisionRegisterBuilder.php without broad unscoped queries.
  • T020 [US1] Add derived proof metadata fields to register rows in /Users/ahmeddarrazi/Documents/projects/wt-plattform/apps/platform/app/Support/GovernanceDecisions/GovernanceDecisionRegisterBuilder.php.
  • T021 [US1] Preserve existing evidence_summary.reference_count behavior or replace it only with an equivalent scoped count proven by tests in /Users/ahmeddarrazi/Documents/projects/wt-plattform/apps/platform/app/Support/GovernanceDecisions/GovernanceDecisionRegisterBuilder.php.
  • T022 [US1] Render proof label/state and No linked proof copy in /Users/ahmeddarrazi/Documents/projects/wt-plattform/apps/platform/app/Filament/Pages/Governance/DecisionRegister.php using native Filament table patterns.
  • T023 [US1] Ensure no proof URL is emitted for zero references, unsupported references, or unresolvable loose source_id values in /Users/ahmeddarrazi/Documents/projects/wt-plattform/apps/platform/app/Filament/Pages/Governance/DecisionRegister.php.

Phase 4: User Story 2 - Real Evidence, Report, and Operation Links

Goal: Direct links appear only for real, same-scope, authorized proof artifacts and operation runs.

Independent Test: Single-artifact and OperationRun tests pass; unsupported references remain non-linked.

  • T024 [US2] Resolve one same-scope evidence snapshot reference to EvidenceSnapshotResource::getUrl('view', ...) in /Users/ahmeddarrazi/Documents/projects/wt-plattform/apps/platform/app/Support/GovernanceDecisions/GovernanceDecisionRegisterBuilder.php.
  • T025 [US2] Resolve one same-scope stored report reference to StoredReportResource::getUrl('view', ...) only when report-family destination access is available in /Users/ahmeddarrazi/Documents/projects/wt-plattform/apps/platform/app/Support/GovernanceDecisions/GovernanceDecisionRegisterBuilder.php.
  • T026 [US2] Route multiple proof references to the existing FindingException detail proof handoff or show a safe aggregate proof state in /Users/ahmeddarrazi/Documents/projects/wt-plattform/apps/platform/app/Support/GovernanceDecisions/GovernanceDecisionRegisterBuilder.php.
  • T027 [US2] Resolve OperationRun links only from real same-scope run references and existing OperationRunLinks / OperationRunUrl helpers in /Users/ahmeddarrazi/Documents/projects/wt-plattform/apps/platform/app/Support/GovernanceDecisions/GovernanceDecisionRegisterBuilder.php.
  • T028 [US2] Add compact secondary View proof, View evidence, View report, and View operation affordances where metadata provides safe URLs in /Users/ahmeddarrazi/Documents/projects/wt-plattform/apps/platform/app/Filament/Pages/Governance/DecisionRegister.php.
  • T029 [US2] If the existing Blade host is involved, keep changes minimal and native-compatible in /Users/ahmeddarrazi/Documents/projects/wt-plattform/apps/platform/resources/views/filament/pages/governance/decision-register.blade.php.
  • T030 [US2] If detail evidence labels need minimal support for aggregate handoff, update /Users/ahmeddarrazi/Documents/projects/wt-plattform/apps/platform/app/Filament/Resources/FindingExceptionResource.php without adding lifecycle actions.

Phase 5: User Story 3 - Isolation and Lifecycle Boundaries

Goal: Proof/run links preserve workspace/environment/RBAC boundaries and the register remains read-only.

Independent Test: Cross-scope denial, no legacy URLs, detail handoff, and lifecycle ownership assertions pass.

  • T031 [US3] Ensure all proof artifact lookup queries include current row workspace and managed-environment constraints in /Users/ahmeddarrazi/Documents/projects/wt-plattform/apps/platform/app/Support/GovernanceDecisions/GovernanceDecisionRegisterBuilder.php.
  • T032 [US3] Ensure operation run lookup/link generation does not emit URLs for runs outside the row workspace/environment in /Users/ahmeddarrazi/Documents/projects/wt-plattform/apps/platform/app/Support/GovernanceDecisions/GovernanceDecisionRegisterBuilder.php.
  • T033 [US3] Keep destination server-side authorization unchanged in EvidenceSnapshotResource.php, StoredReportResource.php, FindingExceptionResource.php, and operation run policies; do not replace destination authorization with UI visibility.
  • T034 [US3] Confirm generated proof/report/run/detail URLs do not contain /admin/t in feature tests and implementation assertions where appropriate.
  • T035 [US3] Confirm the Decision Register exposes no approve, reject, close, renew, revoke, delete, or restore action in /Users/ahmeddarrazi/Documents/projects/wt-plattform/apps/platform/app/Filament/Pages/Governance/DecisionRegister.php.

Phase 6: Filament, Docs, and Validation

  • T036 Run primary Decision Register lane from plan.md and fix confirmed in-scope failures.
  • T037 Run FindingException lifecycle/audit lane from plan.md and fix confirmed in-scope regressions.
  • T038 Run evidence/review/artifact lane from plan.md and fix confirmed in-scope regressions.
  • T039 Run OperationRun/link guard lane from plan.md and fix confirmed in-scope regressions.
  • T040 Run git diff --check from /Users/ahmeddarrazi/Documents/projects/wt-plattform.
  • T041 Run browser smoke for Governance > Decisions, proof/missing states, proof link, operation link, detail handoff, lifecycle absence, and no /admin/t URL.
  • T042 Update product docs only if implementation is complete and product truth changes; likely files are /Users/ahmeddarrazi/Documents/projects/wt-plattform/docs/product/implementation-ledger.md and /Users/ahmeddarrazi/Documents/projects/wt-plattform/docs/product/spec-candidates.md.
  • T043 Close out with changed files, migration status, proof/evidence link behavior, stored-report behavior, OperationRun behavior, missing-link behavior, tests, browser smoke, git diff --check, docs, and remaining gaps.

Dependencies

  • T001-T007 must complete before runtime edits.
  • T008-T018 should be written before implementation tasks where practical.
  • T019-T023 are required before UI proof rendering is considered complete.
  • T024-T030 depend on repo-real artifact/run references verified in T005-T006.
  • T031-T035 must complete before validation.
  • T036-T043 are final validation and close-out tasks.

Parallel Work Examples

  • T008-T018 can be split across tests after T001-T007.
  • T024-T027 can be split from T028-T030 only after the proof/run metadata contract is stable.
  • T036-T039 can be run in parallel only if the local Sail/test environment supports it without DB conflicts.

Notes

  • If FindingExceptionEvidenceReference.source_id is loose text rather than a local artifact primary key, do not force direct links. Prefer detail proof handoff or unavailable state.
  • If stored-report references are not repo-real, prove that no fake stored-report link renders.
  • If OperationRun references are not repo-real for a path, prove that no fake operation link renders.
  • No implementation task may add a new decision table, workflow engine, approval action, evidence payload store, OperationRun lifecycle mutation, provider integration, or broad navigation redesign.