ahmido
c86b399b43
Some checks failed
Main Confidence / confidence (push) Failing after 53s
## Summary This PR delivers three related improvements: ### 1. Finding Ownership Semantics (Spec 219) - Add responsibility/accountability labels to findings and finding exceptions - `owner_user_id` = accountable party (governance owner) - `assignee_user_id` = responsible party (technical implementer) - Expose Assign/Reassign actions in FindingResource with audit logging - Add ownership columns and filters to finding list - Propagate owner from finding to exception on creation - Tests: ownership semantics, assignment audit, workflow actions ### 2. Constitution v2.7.0 — LEAN-001 Pre-Production Lean Doctrine - New principle forbidding legacy aliases, migration shims, dual-write logic, and compatibility fixtures in a pre-production codebase - AI-agent 4-question verification gate before adding any compatibility path - Review rule: compatibility shims without answering the gate questions = merge blocker - Exit condition: LEAN-001 expires at first production deployment - Spec template: added default "Compatibility posture" block - Agent instructions: added "Pre-production compatibility check" section ### 3. Backup Set Operation Type Unification - Unified `backup_set.add_policies` and `backup_set.remove_policies` into single canonical `backup_set.update` - Removed all legacy aliases, constants, and test fixtures - Added lifecycle coverage for `backup_set.update` in config - Updated all 14+ test files referencing legacy types ### Spec Artifacts - `specs/219-finding-ownership-semantics/` — full spec, plan, tasks, research, data model, contracts, checklist ### Tests - All affected tests pass (OperationCatalog, backup set, finding workflow, ownership semantics) Co-authored-by: Ahmed Darrazi <ahmed.darrazi@live.de> Reviewed-on: #256
81 lines
3.5 KiB
Markdown
81 lines
3.5 KiB
Markdown
# Quickstart: Finding Ownership Semantics Clarification
|
|
|
|
**Goal**: Implement the clarified finding owner versus assignee contract on existing findings surfaces without introducing new persistence, capabilities, or workflow services.
|
|
|
|
## 1. Prepare the workspace
|
|
|
|
```bash
|
|
cd apps/platform
|
|
./vendor/bin/sail up -d
|
|
```
|
|
|
|
## 2. Update responsibility semantics on the existing findings resource
|
|
|
|
Primary file:
|
|
|
|
- `app/Filament/Resources/FindingResource.php`
|
|
|
|
Expected implementation steps:
|
|
|
|
1. Keep owner and assignee as separate roles on list and detail surfaces.
|
|
2. Add a derived responsibility-state label, badge, or equivalent summary based on current owner/assignee presence.
|
|
3. Adjust filters or personal-work shortcuts so assignee-driven work and owner-driven accountability are not collapsed into one ambiguous view.
|
|
4. Keep `Exception owner` explicitly distinct anywhere exception context is rendered from a finding.
|
|
5. Add help text to assignment and exception-request forms so operators understand the semantic difference between the two owner concepts.
|
|
|
|
## 3. Keep responsibility truth local and derived
|
|
|
|
Supporting files:
|
|
|
|
- `app/Models/Finding.php`
|
|
- `app/Services/Findings/FindingWorkflowService.php`
|
|
- `app/Services/Findings/FindingExceptionService.php`
|
|
- `app/Services/Findings/FindingRiskGovernanceResolver.php`
|
|
|
|
Guidance:
|
|
|
|
1. Prefer a small local derived helper on `Finding` if it simplifies repeated responsibility-state checks.
|
|
2. Do not add a new enum, table, or presenter for responsibility state.
|
|
3. Keep `FindingWorkflowService::assign()` as the canonical mutation boundary.
|
|
4. If feedback or audit wording changes, distinguish owner-only, assignee-only, clear-owner, clear-assignee, and combined changes explicitly.
|
|
5. If next-action copy is updated, treat missing owner as the visible state `orphaned accountability` even when an assignee exists.
|
|
|
|
## 4. Add focused regression tests
|
|
|
|
Primary test targets:
|
|
|
|
- `tests/Feature/Filament/Resources/FindingResourceOwnershipSemanticsTest.php`
|
|
- `tests/Feature/Findings/FindingAssignmentAuditSemanticsTest.php`
|
|
|
|
Potential supporting edits:
|
|
|
|
- `tests/Feature/Findings/FindingWorkflowRowActionsTest.php`
|
|
- `tests/Feature/Findings/FindingWorkflowServiceTest.php`
|
|
|
|
Coverage checklist:
|
|
|
|
1. Owner-only finding renders as owned but unassigned.
|
|
2. Owner-plus-assignee finding renders both roles distinctly.
|
|
3. Assignee-only and both-null findings render as `orphaned accountability`.
|
|
4. Exception owner remains separately labeled from finding owner.
|
|
5. Responsibility updates preserve tenant-member validation and clearly report owner-only, assignee-only, clear-owner, clear-assignee, and combined changes.
|
|
6. Tenant-route authorization assertions use explicit panel selection when needed.
|
|
|
|
## 5. Verify the feature
|
|
|
|
Run the narrowest proof set first:
|
|
|
|
```bash
|
|
cd apps/platform && ./vendor/bin/sail artisan test --compact tests/Feature/Filament/Resources/FindingResourceOwnershipSemanticsTest.php
|
|
cd apps/platform && ./vendor/bin/sail artisan test --compact tests/Feature/Findings/FindingAssignmentAuditSemanticsTest.php
|
|
cd apps/platform && ./vendor/bin/sail bin pint --dirty --format agent
|
|
```
|
|
|
|
## 6. Review expectations
|
|
|
|
Before moving to tasks or implementation review, confirm:
|
|
|
|
1. Owner, assignee, and exception owner mean one stable thing each across list, detail, and action flows.
|
|
2. Responsibility state is derived from existing fields only.
|
|
3. No new persistence, capability split, or presenter/framework layer was introduced.
|
|
4. Tenant-safe Filament behavior remains intact on both admin canonical and tenant-panel test paths. |