ahmido/TenantAtlas
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects 1 Releases Wiki Activity
be780a8b48
TenantAtlas/specs/307-decision-register-evidence-operationrun-link-polish/tasks.md
Ahmed Darrazi be780a8b48
Some checks failed
PR Fast Feedback / fast-feedback (pull_request) Failing after 1m36s
Details
chore(decision-register): polish evidence operation run link and tests
2026-05-15 13:41:43 +02:00

114 lines
13 KiB
Markdown
Raw Blame History

# Tasks: Decision Register Evidence / OperationRun Link Polish
**Input**: `/specs/307-decision-register-evidence-operationrun-link-polish/spec.md`, `/specs/307-decision-register-evidence-operationrun-link-polish/plan.md`
**Prerequisites**: Existing Spec 265 and Spec 306 are context only; do not modify completed specs.
**Scope**: Runtime implementation only when explicitly requested after prep. This task list is prepared now.
## Task Format
Each task uses `- [ ] T### [P?] [US?] Description with exact path`.
- `[P]` means the task can run in parallel after prerequisites.
- `[US1]`, `[US2]`, `[US3]` map to the user stories in `spec.md`.
- Tasks that touch the same file are intentionally ordered to avoid conflicts.
## Path Conventions
- Platform app: `/Users/ahmeddarrazi/Documents/projects/wt-plattform/apps/platform`
- Feature spec: `/Users/ahmeddarrazi/Documents/projects/wt-plattform/specs/307-decision-register-evidence-operationrun-link-polish`
## Phase 1: Setup and Repo Verification
- [x] T001 Read `/Users/ahmeddarrazi/Documents/projects/wt-plattform/.specify/memory/constitution.md`, this spec, and this plan before runtime edits.
- [x] T002 Confirm current branch is `307-decision-register-evidence-operationrun-link-polish` and working tree changes are expected.
- [x] T003 Inspect `/Users/ahmeddarrazi/Documents/projects/wt-plattform/apps/platform/app/Support/GovernanceDecisions/GovernanceDecisionRegisterBuilder.php` and record current row shape before editing.
- [x] T004 Inspect `/Users/ahmeddarrazi/Documents/projects/wt-plattform/apps/platform/app/Filament/Pages/Governance/DecisionRegister.php` and current proof/detail handoff behavior before editing.
- [x] T005 Inspect `/Users/ahmeddarrazi/Documents/projects/wt-plattform/apps/platform/app/Models/FindingExceptionEvidenceReference.php` and its migration to confirm source-type/source-id semantics before resolving links.
- [x] T006 Inspect artifact resources for canonical URLs and policies: `EvidenceSnapshotResource.php`, `StoredReportResource.php`, `OperationRunLinks.php`, and `OperationRunUrl.php`.
- [x] T007 Confirm no migration is needed; if one appears necessary, stop and update spec/plan with proportionality proof before continuing.
## Phase 2: Tests First
- [x] T008 [P] [US1] Add builder coverage for proof count and `No linked proof` in `/Users/ahmeddarrazi/Documents/projects/wt-plattform/apps/platform/tests/Unit/Support/GovernanceDecisions/GovernanceDecisionRegisterBuilderTest.php`.
- [x] T009 [P] [US1] Add builder coverage for multiple evidence references falling back to detail proof handoff in `/Users/ahmeddarrazi/Documents/projects/wt-plattform/apps/platform/tests/Unit/Support/GovernanceDecisions/GovernanceDecisionRegisterBuilderTest.php`.
- [x] T010 [P] [US2] Add builder coverage for a single resolvable same-scope `EvidenceSnapshot` proof link when existing route support is available in `/Users/ahmeddarrazi/Documents/projects/wt-plattform/apps/platform/tests/Unit/Support/GovernanceDecisions/GovernanceDecisionRegisterBuilderTest.php`.
- [x] T011 [P] [US2] Add builder coverage for a single resolvable same-scope `StoredReport` proof link, or prove no fake stored-report link is emitted when the repo-real reference is unavailable, in `/Users/ahmeddarrazi/Documents/projects/wt-plattform/apps/platform/tests/Unit/Support/GovernanceDecisions/GovernanceDecisionRegisterBuilderTest.php`.
- [x] T012 [P] [US2] Add builder coverage for real OperationRun link metadata when a repo-real same-scope run reference exists in `/Users/ahmeddarrazi/Documents/projects/wt-plattform/apps/platform/tests/Unit/Support/GovernanceDecisions/GovernanceDecisionRegisterBuilderTest.php`.
- [x] T013 [P] [US2] Add builder coverage for missing OperationRun references producing no fake operation URL in `/Users/ahmeddarrazi/Documents/projects/wt-plattform/apps/platform/tests/Unit/Support/GovernanceDecisions/GovernanceDecisionRegisterBuilderTest.php`.
- [x] T014 [P] [US3] Add page rendering coverage for proof link/missing proof copy and no `/admin/t` links in `/Users/ahmeddarrazi/Documents/projects/wt-plattform/apps/platform/tests/Feature/Governance/DecisionRegisterPageTest.php`.
- [x] T015 [P] [US3] Add authorization coverage for hidden/disabled unavailable proof/run links when the viewer lacks destination access in `/Users/ahmeddarrazi/Documents/projects/wt-plattform/apps/platform/tests/Feature/Governance/DecisionRegisterAuthorizationTest.php`.
- [x] T016 [P] [US3] Add or update boundary coverage for cross-workspace and cross-environment proof/run denial in `/Users/ahmeddarrazi/Documents/projects/wt-plattform/apps/platform/tests/Feature/Findings/FindingExceptionDecisionRegisterBoundariesTest.php`.
- [x] T017 [P] [US3] Add or update navigation coverage proving the existing Decision Register row-to-FindingException detail handoff still works in `/Users/ahmeddarrazi/Documents/projects/wt-plattform/apps/platform/tests/Feature/Findings/FindingExceptionDecisionRegisterNavigationTest.php`.
- [x] T018 [P] [US3] Add or update a feature assertion that approve/reject/renew/revoke/close lifecycle actions are not introduced on the Decision Register in `/Users/ahmeddarrazi/Documents/projects/wt-plattform/apps/platform/tests/Feature/Governance/DecisionRegisterPageTest.php`.
## Phase 3: User Story 1 - Truthful Proof State
**Goal**: Each register row exposes a truthful proof count/state and calm missing copy without fake URLs.
**Independent Test**: Builder and page tests show zero, one, and multiple evidence states correctly.
- [x] T019 [US1] Eager-load scoped `evidenceReferences` where needed in `/Users/ahmeddarrazi/Documents/projects/wt-plattform/apps/platform/app/Support/GovernanceDecisions/GovernanceDecisionRegisterBuilder.php` without broad unscoped queries.
- [x] T020 [US1] Add derived proof metadata fields to register rows in `/Users/ahmeddarrazi/Documents/projects/wt-plattform/apps/platform/app/Support/GovernanceDecisions/GovernanceDecisionRegisterBuilder.php`.
- [x] T021 [US1] Preserve existing `evidence_summary.reference_count` behavior or replace it only with an equivalent scoped count proven by tests in `/Users/ahmeddarrazi/Documents/projects/wt-plattform/apps/platform/app/Support/GovernanceDecisions/GovernanceDecisionRegisterBuilder.php`.
- [x] T022 [US1] Render proof label/state and `No linked proof` copy in `/Users/ahmeddarrazi/Documents/projects/wt-plattform/apps/platform/app/Filament/Pages/Governance/DecisionRegister.php` using native Filament table patterns.
- [x] T023 [US1] Ensure no proof URL is emitted for zero references, unsupported references, or unresolvable loose `source_id` values in `/Users/ahmeddarrazi/Documents/projects/wt-plattform/apps/platform/app/Filament/Pages/Governance/DecisionRegister.php`.
## Phase 4: User Story 2 - Real Evidence, Report, and Operation Links
**Goal**: Direct links appear only for real, same-scope, authorized proof artifacts and operation runs.
**Independent Test**: Single-artifact and OperationRun tests pass; unsupported references remain non-linked.
- [x] T024 [US2] Resolve one same-scope evidence snapshot reference to `EvidenceSnapshotResource::getUrl('view', ...)` in `/Users/ahmeddarrazi/Documents/projects/wt-plattform/apps/platform/app/Support/GovernanceDecisions/GovernanceDecisionRegisterBuilder.php`.
- [x] T025 [US2] Resolve one same-scope stored report reference to `StoredReportResource::getUrl('view', ...)` only when report-family destination access is available in `/Users/ahmeddarrazi/Documents/projects/wt-plattform/apps/platform/app/Support/GovernanceDecisions/GovernanceDecisionRegisterBuilder.php`.
- [x] T026 [US2] Route multiple proof references to the existing FindingException detail proof handoff or show a safe aggregate proof state in `/Users/ahmeddarrazi/Documents/projects/wt-plattform/apps/platform/app/Support/GovernanceDecisions/GovernanceDecisionRegisterBuilder.php`.
- [x] T027 [US2] Resolve OperationRun links only from real same-scope run references and existing `OperationRunLinks` / `OperationRunUrl` helpers in `/Users/ahmeddarrazi/Documents/projects/wt-plattform/apps/platform/app/Support/GovernanceDecisions/GovernanceDecisionRegisterBuilder.php`.
- [x] T028 [US2] Add compact secondary `View proof`, `View evidence`, `View report`, and `View operation` affordances where metadata provides safe URLs in `/Users/ahmeddarrazi/Documents/projects/wt-plattform/apps/platform/app/Filament/Pages/Governance/DecisionRegister.php`.
- [x] T029 [US2] If the existing Blade host is involved, keep changes minimal and native-compatible in `/Users/ahmeddarrazi/Documents/projects/wt-plattform/apps/platform/resources/views/filament/pages/governance/decision-register.blade.php`.
- [x] T030 [US2] If detail evidence labels need minimal support for aggregate handoff, update `/Users/ahmeddarrazi/Documents/projects/wt-plattform/apps/platform/app/Filament/Resources/FindingExceptionResource.php` without adding lifecycle actions.
## Phase 5: User Story 3 - Isolation and Lifecycle Boundaries
**Goal**: Proof/run links preserve workspace/environment/RBAC boundaries and the register remains read-only.
**Independent Test**: Cross-scope denial, no legacy URLs, detail handoff, and lifecycle ownership assertions pass.
- [x] T031 [US3] Ensure all proof artifact lookup queries include current row workspace and managed-environment constraints in `/Users/ahmeddarrazi/Documents/projects/wt-plattform/apps/platform/app/Support/GovernanceDecisions/GovernanceDecisionRegisterBuilder.php`.
- [x] T032 [US3] Ensure operation run lookup/link generation does not emit URLs for runs outside the row workspace/environment in `/Users/ahmeddarrazi/Documents/projects/wt-plattform/apps/platform/app/Support/GovernanceDecisions/GovernanceDecisionRegisterBuilder.php`.
- [x] T033 [US3] Keep destination server-side authorization unchanged in `EvidenceSnapshotResource.php`, `StoredReportResource.php`, `FindingExceptionResource.php`, and operation run policies; do not replace destination authorization with UI visibility.
- [x] T034 [US3] Confirm generated proof/report/run/detail URLs do not contain `/admin/t` in feature tests and implementation assertions where appropriate.
- [x] T035 [US3] Confirm the Decision Register exposes no approve, reject, close, renew, revoke, delete, or restore action in `/Users/ahmeddarrazi/Documents/projects/wt-plattform/apps/platform/app/Filament/Pages/Governance/DecisionRegister.php`.
## Phase 6: Filament, Docs, and Validation
- [x] T036 Run primary Decision Register lane from `plan.md` and fix confirmed in-scope failures.
- [x] T037 Run FindingException lifecycle/audit lane from `plan.md` and fix confirmed in-scope regressions.
- [x] T038 Run evidence/review/artifact lane from `plan.md` and fix confirmed in-scope regressions.
- [x] T039 Run OperationRun/link guard lane from `plan.md` and fix confirmed in-scope regressions.
- [x] T040 Run `git diff --check` from `/Users/ahmeddarrazi/Documents/projects/wt-plattform`.
- [x] T041 Run browser smoke for Governance > Decisions, proof/missing states, proof link, operation link, detail handoff, lifecycle absence, and no `/admin/t` URL.
- [x] T042 Update product docs only if implementation is complete and product truth changes; likely files are `/Users/ahmeddarrazi/Documents/projects/wt-plattform/docs/product/implementation-ledger.md` and `/Users/ahmeddarrazi/Documents/projects/wt-plattform/docs/product/spec-candidates.md`.
- [x] T043 Close out with changed files, migration status, proof/evidence link behavior, stored-report behavior, OperationRun behavior, missing-link behavior, tests, browser smoke, `git diff --check`, docs, and remaining gaps.
## Dependencies
- T001-T007 must complete before runtime edits.
- T008-T018 should be written before implementation tasks where practical.
- T019-T023 are required before UI proof rendering is considered complete.
- T024-T030 depend on repo-real artifact/run references verified in T005-T006.
- T031-T035 must complete before validation.
- T036-T043 are final validation and close-out tasks.
## Parallel Work Examples
- T008-T018 can be split across tests after T001-T007.
- T024-T027 can be split from T028-T030 only after the proof/run metadata contract is stable.
- T036-T039 can be run in parallel only if the local Sail/test environment supports it without DB conflicts.
## Notes
- If `FindingExceptionEvidenceReference.source_id` is loose text rather than a local artifact primary key, do not force direct links. Prefer detail proof handoff or unavailable state.
- If stored-report references are not repo-real, prove that no fake stored-report link renders.
- If OperationRun references are not repo-real for a path, prove that no fake operation link renders.
- No implementation task may add a new decision table, workflow engine, approval action, evidence payload store, OperationRun lifecycle mutation, provider integration, or broad navigation redesign.
Reference in New Issue View Git Blame Copy Permalink