224 lines
28 KiB
Markdown
224 lines
28 KiB
Markdown
---
|
|
description: "Task list for Governance Artifact Lifecycle & Retention v1"
|
|
---
|
|
|
|
# Tasks: Governance Artifact Lifecycle & Retention v1
|
|
|
|
**Input**: Design documents from `specs/267-artifact-lifecycle-retention/`
|
|
**Prerequisites**: `specs/267-artifact-lifecycle-retention/spec.md`, `specs/267-artifact-lifecycle-retention/plan.md`, `specs/267-artifact-lifecycle-retention/research.md`, `specs/267-artifact-lifecycle-retention/data-model.md`, `specs/267-artifact-lifecycle-retention/quickstart.md`, `specs/267-artifact-lifecycle-retention/checklists/requirements.md`
|
|
|
|
**Review Artifact**: `specs/267-artifact-lifecycle-retention/checklists/requirements.md` is the outcome-of-record for the review outcome class, workflow outcome, and test-governance outcome. If mutation persistence widens or a current decision-surface edit becomes necessary, update that artifact before continuing.
|
|
**Tests**: REQUIRED (Pest). Keep proof bounded to one new shared contract unit suite plus focused feature coverage on existing evidence, review-pack, tenant-review, customer-workspace, findings, and stored-report seams. The canonical proving suite is `GovernanceArtifactLifecycleContractTest`, `EvidenceSnapshotResourceTest`, `EvidenceSnapshotAuditLogTest`, `ReviewPackResourceTest`, `ReviewPackDownloadTest`, `ReviewPackEntitlementEnforcementTest`, `TenantReviewLifecycleTest`, `TenantReviewUiContractTest`, `CustomerReviewWorkspacePackAccessTest`, `CustomerReviewWorkspaceLaunchLinksTest`, `FindingExceptionRenewalTest`, `FindingExceptionRevocationTest`, `StoredReportModelTest`, `PruneStoredReportsCommandTest`, and `StoredReportFingerprintTest`. Browser proof is not part of the default lane; one narrow manual smoke is allowed only if native Feature or controller coverage leaves grouped-action or read-only behavior ambiguous.
|
|
**Operations**: No new `OperationRun`, queue family, export-before-delete workflow, or purge executor is allowed. Existing review-pack generation must keep the shared `OperationRun` start and completion UX unchanged, and blocked future starts remain pre-run business-state blocks.
|
|
**RBAC**: Workspace entitlement and tenant entitlement remain mandatory before any artifact truth, lifecycle badge, download affordance, or mutation affordance is revealed. Non-members and wrong-scope actors stay `404`; in-scope members missing the relevant capability stay `403`. Existing capabilities such as `EVIDENCE_VIEW`, `REVIEW_PACK_VIEW`, `REVIEW_PACK_MANAGE`, `TENANT_REVIEW_VIEW`, `TENANT_REVIEW_MANAGE`, and the current `FINDING_EXCEPTION_*` checks remain authoritative. Destructive-like lifecycle actions must stay confirmation-backed on existing detail owners only.
|
|
**Shared Pattern Reuse**: Reuse `ArtifactTruthPresenter`, `BadgeCatalog`, `BadgeRenderer`, `WorkspaceCommercialLifecycleResolver`, existing review-pack download authorization, current tenant-review and evidence lifecycle services, current findings aggregate seams, and existing audit logging. Do not create a generic artifact registry, a second lifecycle presenter family, or a new browsing console.
|
|
**Filament / Panel Guardrails**: Filament stays v5 on Livewire v4. Provider registration remains unchanged in `apps/platform/bootstrap/providers.php`. `EvidenceSnapshotResource`, `TenantReviewResource`, and `ReviewPackResource` remain non-searchable, no new globally searchable resource is introduced, and no asset-registration or panel-path change is allowed.
|
|
**Organization**: Tasks are grouped by user story so the shared contract, suspended-read-only behavior, and audit plus decision-history rules remain independently implementable and testable on existing repo seams only.
|
|
|
|
## Test Governance Checklist
|
|
|
|
- [ ] Lane assignment stays `Unit` plus focused `Feature`, which is the narrowest sufficient proof for this slice.
|
|
- [ ] New or changed tests stay in `apps/platform/tests/Unit/Support/GovernanceArtifactTruth/`, `apps/platform/tests/Feature/Evidence/`, `apps/platform/tests/Feature/ReviewPack/`, `apps/platform/tests/Feature/TenantReview/`, `apps/platform/tests/Feature/Reviews/`, `apps/platform/tests/Feature/Findings/`, `apps/platform/tests/Feature/PermissionPosture/`, and `apps/platform/tests/Feature/EntraAdminRoles/` only.
|
|
- [ ] Shared fixtures remain cheap by default through `apps/platform/tests/Feature/Concerns/BuildsGovernanceArtifactTruthFixtures.php` and the current family factories instead of a new heavy artifact matrix harness.
|
|
- [ ] Planned proof uses the canonical commands from `plan.md` and `quickstart.md` without widening into browser or unrelated suites.
|
|
- [ ] The declared surface profile remains `standard-native-filament` plus `shared-detail-family`; `CustomerReviewWorkspace` stays read-only and scan-first, and accepted-risk decision adoption stays headless in v1.
|
|
- [ ] `specs/267-artifact-lifecycle-retention/checklists/requirements.md` records the current outcome-of-record for the shipped slice. If mutation persistence or current decision-surface edits widen scope, the workflow outcome flips to `split` before implementation continues.
|
|
- [ ] Any drift toward a generic artifact registry, purge engine, closure flow, billing or support-access scope, new browsing console, panel or global-search changes, or browser-heavy default proof resolves as `reject-or-split` or an explicit follow-up spec.
|
|
|
|
## Implementation Status
|
|
|
|
- [x] Delivered the shared read-only lifecycle and retention contract on the existing evidence, tenant-review, and review-pack detail surfaces plus headless stored-report and accepted-risk decision-history seams.
|
|
- [x] Preserved the existing suspended-read-only and signed-download behavior on current services and controller seams without widening into a new console or queue family.
|
|
- [x] Ran the canonical feature and unit proof plus one narrow manual browser smoke in tenant scope.
|
|
- [x] Split hold and deletion-request persistence out of this slice because the bounded current-owner mutation gate did not pass without widening scope.
|
|
- [ ] Deferred mutation persistence, new hold or deletion-request actions, and any broader purge or closure workflow to a follow-up slice.
|
|
|
|
## Phase 1: Setup (Shared Context)
|
|
|
|
**Purpose**: Confirm the bounded slice, current shared seams, and stop conditions before implementation begins.
|
|
|
|
- [ ] T001 Review `specs/267-artifact-lifecycle-retention/spec.md`, `specs/267-artifact-lifecycle-retention/plan.md`, `specs/267-artifact-lifecycle-retention/research.md`, `specs/267-artifact-lifecycle-retention/data-model.md`, `specs/267-artifact-lifecycle-retention/quickstart.md`, and `specs/267-artifact-lifecycle-retention/checklists/requirements.md` together so lifecycle truth, retention truth, proof commands, workflow outcomes, and explicit non-goals stay aligned.
|
|
- [ ] T002 [P] Confirm the current shared lifecycle-truth seams in `apps/platform/app/Support/Ui/GovernanceArtifactTruth/ArtifactTruthPresenter.php`, `apps/platform/app/Support/Badges/BadgeCatalog.php`, and `apps/platform/app/Support/Badges/BadgeRenderer.php` before adding any new lifecycle or retention vocabulary.
|
|
- [ ] T003 [P] Confirm the current artifact owners, review-context surfaces, and lifecycle services in `apps/platform/app/Models/EvidenceSnapshot.php`, `apps/platform/app/Models/TenantReview.php`, `apps/platform/app/Models/ReviewPack.php`, `apps/platform/app/Models/StoredReport.php`, `apps/platform/app/Models/FindingException.php`, `apps/platform/app/Models/FindingExceptionDecision.php`, `apps/platform/app/Services/Evidence/EvidenceSnapshotService.php`, `apps/platform/app/Services/ReviewPackService.php`, `apps/platform/app/Services/TenantReviews/TenantReviewLifecycleService.php`, `apps/platform/app/Services/Findings/FindingExceptionService.php`, and `apps/platform/app/Services/Entitlements/WorkspaceCommercialLifecycleResolver.php`.
|
|
- [ ] T004 [P] Confirm the current consumer surfaces and controller seams in `apps/platform/app/Filament/Resources/EvidenceSnapshotResource.php`, `apps/platform/app/Filament/Resources/EvidenceSnapshotResource/Pages/ViewEvidenceSnapshot.php`, `apps/platform/app/Filament/Resources/TenantReviewResource.php`, `apps/platform/app/Filament/Resources/TenantReviewResource/Pages/ViewTenantReview.php`, `apps/platform/app/Filament/Resources/ReviewPackResource.php`, `apps/platform/app/Filament/Resources/ReviewPackResource/Pages/ViewReviewPack.php`, `apps/platform/app/Filament/Pages/Reviews/CustomerReviewWorkspace.php`, and `apps/platform/app/Http/Controllers/ReviewPackDownloadController.php`.
|
|
|
|
---
|
|
|
|
## Phase 2: Foundational (Blocking Prerequisites)
|
|
|
|
**Purpose**: Establish the shared governance-artifact lifecycle and retention contract before any story-specific surface work begins.
|
|
|
|
**Critical**: No user-story implementation should begin until this phase is complete.
|
|
|
|
- [x] T005 [P] Add failing unit coverage in `apps/platform/tests/Unit/Support/GovernanceArtifactTruth/GovernanceArtifactLifecycleContractTest.php` for immutable artifact reference, lifecycle versus retention separation, hold-over-deletion-request precedence, suspended-read-only not acting as retention truth, and family mapping for evidence snapshots, review packs, stored reports, and accepted-risk decision history.
|
|
- [ ] T006 [P] Extend shared test setup in `apps/platform/tests/Feature/Concerns/BuildsGovernanceArtifactTruthFixtures.php`, `apps/platform/database/factories/TenantReviewFactory.php`, `apps/platform/database/factories/ReviewPackFactory.php`, and `apps/platform/database/factories/StoredReportFactory.php` so existing suites can seed current, historical, superseded, retained, expired-direct-access, and suspended-read-only cases without a new heavy-governance harness.
|
|
- [x] T007 Implement the bounded shared lifecycle and retention contract in `apps/platform/app/Support/Ui/GovernanceArtifactTruth/ArtifactTruthPresenter.php` so the current presenter emits immutable reference, lifecycle state, retention state, and next allowed or blocked action from one path instead of page-local status fragments.
|
|
- [x] T008 [P] Centralize lifecycle and retention badge vocabulary in `apps/platform/app/Support/Badges/BadgeCatalog.php` and `apps/platform/app/Support/Badges/BadgeRenderer.php` so evidence, review, review-pack, customer-workspace, and aggregate-level decision history reuse one meaning for `current`, `historical`, `superseded`, `retained`, `hold`, `deletion requested`, and `expired direct access`.
|
|
|
|
**Checkpoint**: The shared contract, fixtures, and centralized badge language are ready before current surfaces start consuming them.
|
|
|
|
---
|
|
|
|
## Phase 3: User Story 1 - Understand What An Artifact Is Allowed To Do Now (Priority: P1)
|
|
|
|
**Goal**: Give operators one stable artifact reference, one lifecycle role, one retention state, and one honest next action across the existing evidence, review, and review-pack surfaces while keeping stored-report adoption headless.
|
|
|
|
**Independent Test**: Open an evidence snapshot, a tenant review with a current export summary, and a review pack in current, historical, and expired-direct-access states, then verify each surface answers identity, lifecycle, retention, and next action from the first screen without opening raw diagnostics.
|
|
|
|
### Tests for User Story 1
|
|
|
|
- [x] T009 [P] [US1] Add failing feature coverage in `apps/platform/tests/Feature/Evidence/EvidenceSnapshotResourceTest.php` for immutable reference display, lifecycle and retention truth, historical-versus-current evidence semantics, and one dominant next action on the existing evidence resource.
|
|
- [x] T010 [P] [US1] Add failing feature coverage in `apps/platform/tests/Feature/TenantReview/TenantReviewUiContractTest.php` and `apps/platform/tests/Feature/ReviewPack/ReviewPackResourceTest.php` for current export summaries, retained-versus-historical review-pack truth, blocked-versus-allowed next action wording, and the absence of page-local lifecycle drift.
|
|
- [ ] T011 [P] [US1] Add failing headless coverage in `apps/platform/tests/Feature/PermissionPosture/StoredReportModelTest.php` and `apps/platform/tests/Feature/EntraAdminRoles/StoredReportFingerprintTest.php` for stable stored-report reference, latest-versus-historical fingerprint selection, and retention-truth derivation without introducing a dedicated stored-report browsing surface.
|
|
|
|
### Implementation for User Story 1
|
|
|
|
- [x] T012 [US1] Adopt the shared lifecycle contract on `apps/platform/app/Filament/Resources/EvidenceSnapshotResource.php` and `apps/platform/app/Filament/Resources/EvidenceSnapshotResource/Pages/ViewEvidenceSnapshot.php` so evidence summary surfaces show artifact reference, lifecycle state, retention state, and the next allowed or blocked action without new local badge maps.
|
|
- [x] T013 [US1] Adopt the shared lifecycle contract on `apps/platform/app/Filament/Resources/TenantReviewResource.php` and `apps/platform/app/Filament/Resources/TenantReviewResource/Pages/ViewTenantReview.php` so the current export summary states whether the referenced artifact is current, historical, retained, or blocked without widening the review workflow.
|
|
- [x] T014 [US1] Adopt the shared lifecycle contract on `apps/platform/app/Filament/Resources/ReviewPackResource.php` and `apps/platform/app/Filament/Resources/ReviewPackResource/Pages/ViewReviewPack.php` so retained and downloadable packs, historical packs, and expired-direct-access packs all speak one lifecycle and retention language.
|
|
- [ ] T015 [US1] Extend headless stored-report adoption in `apps/platform/app/Models/StoredReport.php` and `apps/platform/app/Console/Commands/PruneStoredReportsCommand.php` so the shared contract can classify current-versus-historical stored reports and retention expectations without creating a stored-report UI or generic purge framework.
|
|
|
|
**Checkpoint**: User Story 1 is independently functional when the current artifact surfaces and headless stored-report seams all consume the same lifecycle and retention contract.
|
|
|
|
---
|
|
|
|
## Phase 4: User Story 2 - Preserve History During Suspended Read-Only Posture (Priority: P1)
|
|
|
|
**Goal**: Preserve authorized read access to retained artifacts and already-generated downloads during suspended-read-only posture while keeping generation and lifecycle mutations blocked on the current surfaces.
|
|
|
|
**Independent Test**: Put a workspace into suspended-read-only posture, then verify that retained review packs and review-linked artifacts remain readable on current surfaces while generation or mutation affordances stay blocked with one calm read-only explanation.
|
|
|
|
### Tests for User Story 2
|
|
|
|
- [ ] T016 [P] [US2] Add failing feature coverage in `apps/platform/tests/Feature/ReviewPack/ReviewPackDownloadTest.php`, `apps/platform/tests/Feature/Reviews/CustomerReviewWorkspacePackAccessTest.php`, and `apps/platform/tests/Feature/Reviews/CustomerReviewWorkspaceLaunchLinksTest.php` for retained-pack access, blocked future generation, read-only explanation fidelity, and keeping `CustomerReviewWorkspace` scan-first instead of turning it into a new download console.
|
|
- [ ] T017 [P] [US2] Add failing feature coverage in `apps/platform/tests/Feature/TenantReview/TenantReviewLifecycleTest.php` for review-derived artifact truth under suspended-read-only posture and for separating blocked successor generation from still-readable retained history.
|
|
|
|
### Implementation for User Story 2
|
|
|
|
- [ ] T018 [US2] Extend `apps/platform/app/Http/Controllers/ReviewPackDownloadController.php` and `apps/platform/app/Services/ReviewPackService.php` so ready retained downloads keep the current entitled-access behavior while blocked new generation continues to reuse `apps/platform/app/Services/Entitlements/WorkspaceCommercialLifecycleResolver.php` without becoming retention truth.
|
|
- [ ] T019 [US2] Adopt suspended-read-only lifecycle messaging in `apps/platform/app/Filament/Pages/Reviews/CustomerReviewWorkspace.php`, `apps/platform/app/Filament/Resources/TenantReviewResource/Pages/ViewTenantReview.php`, and `apps/platform/app/Filament/Resources/ReviewPackResource.php` so retained history stays visible and tenant-plane mutations stay honestly blocked.
|
|
- [ ] T020 [US2] Keep the existing action-surface contract intact in `apps/platform/app/Filament/Pages/Reviews/CustomerReviewWorkspace.php` and `apps/platform/app/Filament/Resources/ReviewPackResource.php` so `Open review` and `Download current pack` remain contextual actions, `CustomerReviewWorkspace` stays read-only, and no new browsing console or mutation surface appears.
|
|
|
|
**Checkpoint**: User Story 2 is independently functional when suspended-read-only posture preserves retained history without implying new generation, hidden deletion, or a broader console rewrite.
|
|
|
|
---
|
|
|
|
## Phase 5: User Story 3 - Audit Every Lifecycle-Sensitive Artifact Action (Priority: P2)
|
|
|
|
**Goal**: Keep lifecycle-sensitive actions auditable and authorized while extending the same lifecycle contract to accepted-risk decision history through current aggregate seams only.
|
|
|
|
**Independent Test**: Download a retained review pack, perform any in-scope lifecycle mutation that passes the bounded current-owner persistence gate, and inspect accepted-risk decision history through the current aggregate seam to confirm audit proof, authorization behavior, append-only history, and no new decision or artifact console.
|
|
|
|
### Tests for User Story 3
|
|
|
|
- [ ] T021 [P] [US3] Add failing feature coverage in `apps/platform/tests/Feature/Evidence/EvidenceSnapshotAuditLogTest.php` and `apps/platform/tests/Feature/ReviewPack/ReviewPackDownloadTest.php` for artifact-reference-based audit events that record actor, workspace, tenant, source surface, and before-or-after lifecycle or retention truth on download and any lifecycle-sensitive action that passes the bounded current-owner persistence gate.
|
|
- [ ] T022 [P] [US3] Add failing feature coverage in `apps/platform/tests/Feature/ReviewPack/ReviewPackEntitlementEnforcementTest.php`, `apps/platform/tests/Feature/Evidence/EvidenceSnapshotResourceTest.php`, and `apps/platform/tests/Feature/TenantReview/TenantReviewLifecycleTest.php` for positive and negative authorization, `404` versus `403` behavior, and destructive-like action gating on current detail owners only.
|
|
- [ ] T023 [P] [US3] Add failing feature coverage in `apps/platform/tests/Feature/Findings/FindingExceptionRenewalTest.php` and `apps/platform/tests/Feature/Findings/FindingExceptionRevocationTest.php` for headless accepted-risk decision-history lifecycle adoption on the current aggregate seam, append-only historical addressability, and the absence of current-slice `DecisionRegister` or `ViewFindingException` changes.
|
|
|
|
### Implementation for User Story 3
|
|
|
|
- [ ] T024 [US3] Extend `apps/platform/app/Services/Evidence/EvidenceSnapshotService.php`, `apps/platform/app/Services/ReviewPackService.php`, and `apps/platform/app/Http/Controllers/ReviewPackDownloadController.php` so lifecycle-sensitive actions reuse stable audit action IDs and artifact-reference-based audit payloads instead of family-local prose drift, while mutation support remains conditional on the bounded current-owner persistence gate.
|
|
- [ ] T025 [US3] Reuse existing capability and policy enforcement in `apps/platform/app/Filament/Resources/EvidenceSnapshotResource.php`, `apps/platform/app/Filament/Resources/EvidenceSnapshotResource/Pages/ViewEvidenceSnapshot.php`, `apps/platform/app/Filament/Resources/ReviewPackResource.php`, `apps/platform/app/Filament/Resources/ReviewPackResource/Pages/ViewReviewPack.php`, `apps/platform/app/Filament/Resources/TenantReviewResource/Pages/ViewTenantReview.php`, and `apps/platform/app/Http/Controllers/ReviewPackDownloadController.php` so detail visibility, linked artifact summaries, direct download, and any bounded mutation paths that remain on evidence or review-pack owners keep correct `404` versus `403` semantics.
|
|
- [ ] T026 [US3] Adopt the shared contract on `apps/platform/app/Models/FindingException.php`, `apps/platform/app/Models/FindingExceptionDecision.php`, and `apps/platform/app/Services/Findings/FindingExceptionService.php` so accepted-risk decision history stays append-only, historically addressable, and headless in this slice.
|
|
- [x] T027 [US3] Before adding any new hold, release-hold, or deletion-request support, confirm it can stay on the current evidence-snapshot or review-pack owners and matching detail surfaces only; if not, split the mutation slice and ship read-only lifecycle truth plus existing download audit without widening into current decision surfaces, a cross-family artifact table, purge executor, closure flow, or support-access scope.
|
|
|
|
**Checkpoint**: User Story 3 is independently functional when lifecycle-sensitive actions are auditable, authorization stays honest, and decision history adopts the contract headlessly without widening past current seams.
|
|
|
|
---
|
|
|
|
## Phase 6: Polish & Cross-Cutting Validation
|
|
|
|
**Purpose**: Run the canonical proving suite, format touched files, and explicitly verify that the slice stayed inside its bounded non-goals.
|
|
|
|
- [x] T028 [P] Run `export PATH="/bin:/usr/bin:/usr/local/bin:$PATH" && cd apps/platform && ./vendor/bin/sail artisan test --compact tests/Unit/Support/GovernanceArtifactTruth/GovernanceArtifactLifecycleContractTest.php`.
|
|
- [x] T029 [P] Run `export PATH="/bin:/usr/bin:/usr/local/bin:$PATH" && cd apps/platform && ./vendor/bin/sail artisan test --compact tests/Feature/Evidence/EvidenceSnapshotResourceTest.php tests/Feature/Evidence/EvidenceSnapshotAuditLogTest.php`.
|
|
- [x] T030 [P] Run `export PATH="/bin:/usr/bin:/usr/local/bin:$PATH" && cd apps/platform && ./vendor/bin/sail artisan test --compact tests/Feature/ReviewPack/ReviewPackResourceTest.php tests/Feature/ReviewPack/ReviewPackDownloadTest.php tests/Feature/ReviewPack/ReviewPackEntitlementEnforcementTest.php`.
|
|
- [x] T031 [P] Run `export PATH="/bin:/usr/bin:/usr/local/bin:$PATH" && cd apps/platform && ./vendor/bin/sail artisan test --compact tests/Feature/TenantReview/TenantReviewLifecycleTest.php tests/Feature/TenantReview/TenantReviewUiContractTest.php tests/Feature/Reviews/CustomerReviewWorkspacePackAccessTest.php tests/Feature/Reviews/CustomerReviewWorkspaceLaunchLinksTest.php`.
|
|
- [x] T032 [P] Run `export PATH="/bin:/usr/bin:/usr/local/bin:$PATH" && cd apps/platform && ./vendor/bin/sail artisan test --compact tests/Feature/Findings/FindingExceptionRenewalTest.php tests/Feature/Findings/FindingExceptionRevocationTest.php`.
|
|
- [x] T033 [P] Run `export PATH="/bin:/usr/bin:/usr/local/bin:$PATH" && cd apps/platform && ./vendor/bin/sail artisan test --compact tests/Feature/PermissionPosture/StoredReportModelTest.php tests/Feature/PermissionPosture/PruneStoredReportsCommandTest.php tests/Feature/EntraAdminRoles/StoredReportFingerprintTest.php`.
|
|
- [x] T034 [P] Run `export PATH="/bin:/usr/bin:/usr/local/bin:$PATH" && cd apps/platform && ./vendor/bin/sail bin pint --dirty --format agent` for the touched platform files.
|
|
- [x] T035 [P] Review the implementation against `specs/267-artifact-lifecycle-retention/spec.md`, `specs/267-artifact-lifecycle-retention/plan.md`, and `specs/267-artifact-lifecycle-retention/checklists/requirements.md` to confirm there is no generic artifact registry, no purge engine, no closure flow, no billing or support-access scope, no new browsing console, no current-slice `DecisionRegister` or `ViewFindingException` change, no new global-search behavior, no panel-provider change outside `apps/platform/bootstrap/providers.php`, and no new asset-registration path.
|
|
- [ ] T036 [P] Only if native Feature and controller proof still leaves grouped-action or read-only behavior ambiguous, perform one narrow manual smoke on `apps/platform/app/Filament/Resources/EvidenceSnapshotResource.php`, `apps/platform/app/Filament/Resources/ReviewPackResource.php`, and `apps/platform/app/Filament/Pages/Reviews/CustomerReviewWorkspace.php` using the scenarios from `specs/267-artifact-lifecycle-retention/quickstart.md`.
|
|
- [x] T036 [P] Only if native Feature and controller proof still leaves grouped-action or read-only behavior ambiguous, perform one narrow manual smoke on `apps/platform/app/Filament/Resources/EvidenceSnapshotResource.php`, `apps/platform/app/Filament/Resources/ReviewPackResource.php`, and `apps/platform/app/Filament/Pages/Reviews/CustomerReviewWorkspace.php` using the scenarios from `specs/267-artifact-lifecycle-retention/quickstart.md`.
|
|
- [x] T037 [P] Re-check `specs/267-artifact-lifecycle-retention/checklists/requirements.md` and keep the recorded outcomes at `acceptable-special-case` / `split` / `keep`; if the bounded current-owner persistence gate fails or a current decision-surface edit becomes necessary, update the workflow outcome to `split` before merge.
|
|
|
|
---
|
|
|
|
## Dependencies & Execution Order
|
|
|
|
### Phase Dependencies
|
|
|
|
- **Phase 1 (Setup)**: no dependencies; start immediately.
|
|
- **Phase 2 (Foundational)**: depends on Phase 1 and blocks all user-story work.
|
|
- **Phase 3 (US1)**: depends on Phase 2 and establishes the visible contract on current artifact surfaces plus headless stored-report adoption.
|
|
- **Phase 4 (US2)**: depends on Phase 3 because suspended-read-only behavior must consume the shared lifecycle truth already visible on review and pack surfaces.
|
|
- **Phase 5 (US3)**: depends on Phase 2 and should land after US1 so audit and decision-history adoption tighten the same shared contract instead of creating a parallel path.
|
|
- **Phase 6 (Polish)**: depends on all desired user stories being complete.
|
|
|
|
### User Story Dependencies
|
|
|
|
- **US1 (P1)**: independently testable after Phase 2 and delivers the core lifecycle and retention truth.
|
|
- **US2 (P1)**: independently testable after US1 and delivers the suspended-read-only trust contract without new console work.
|
|
- **US3 (P2)**: independently testable after Phase 2 and hardens audit, authorization, and headless decision-history adoption on existing seams.
|
|
|
|
### Within Each User Story
|
|
|
|
- Land the listed Pest coverage first and make it fail for the intended gap.
|
|
- Reuse `ArtifactTruthPresenter`, shared badges, existing services, and existing detail owners before considering any new support type.
|
|
- Re-run the narrowest relevant canonical proof command before moving to the next story checkpoint.
|
|
|
|
---
|
|
|
|
## Parallel Work Examples
|
|
|
|
### US1 Parallel Example
|
|
|
|
- T009, T010, and T011 can run in parallel because they touch different test families.
|
|
- After T007 and T008 land, T012, T013, T014, and T015 can split between evidence, tenant-review consumer surfaces, review pack, and stored-report headless adoption.
|
|
|
|
### US2 Parallel Example
|
|
|
|
- T016 and T017 can run in parallel because they cover different read-only seams.
|
|
- After US1 is stable, T018 and T019 can run in parallel if one contributor owns controller/service behavior and another owns Filament page messaging; T020 should merge after both to keep the surface contract coherent.
|
|
|
|
### US3 Parallel Example
|
|
|
|
- T021, T022, and T023 can run in parallel because they cover audit, authorization, and decision-history suites separately.
|
|
- T024 and T026 can proceed in parallel after the shared contract is stable; T025 and T027 should merge after them so policy and mutation boundaries reflect the final behavior.
|
|
|
|
---
|
|
|
|
## Implementation Strategy
|
|
|
|
### Suggested MVP Scope
|
|
|
|
- MVP = **US1** if the team needs the smallest shippable increment for truthful lifecycle and retention language.
|
|
- Release-ready scope should include **US2** before merge whenever suspended-read-only behavior is part of the target acceptance gate for the environment.
|
|
|
|
### Incremental Delivery
|
|
|
|
1. Complete Phase 1 and Phase 2.
|
|
2. Deliver US1 on current artifact surfaces plus headless stored-report adoption.
|
|
3. Add US2 to preserve suspended-read-only retained-history access and block mutation truthfully.
|
|
4. Add US3 for audit, authorization, and decision-history adoption on existing seams.
|
|
5. Finish with the canonical proof commands and bounded smoke only if native proof remains ambiguous.
|
|
|
|
### Team Strategy
|
|
|
|
1. Settle the shared contract and badge vocabulary first.
|
|
2. Parallelize test work by family before runtime edits widen.
|
|
3. Serialize merges around `ArtifactTruthPresenter`, `ReviewPackDownloadController`, `CustomerReviewWorkspace`, and the accepted-risk aggregate seams so cross-surface lifecycle language stays consistent.
|
|
|
|
---
|
|
|
|
## Deferred Follow-Ups / Non-Goals
|
|
|
|
- retention and purge governance, including irreversible deletion executors and schedulers
|
|
- workspace or tenant closure lifecycle work
|
|
- billing, subscription, or commercial-state truth changes beyond current suspended-read-only reuse
|
|
- support-access governance, delegated access, or impersonation scope
|
|
- any generic artifact registry, workflow engine, or broad customer artifact portal
|
|
- a dedicated stored-report browsing surface or any current-slice rewrite of existing Spec 265 decision surfaces
|
|
- export-before-deletion workflow and bundle proof
|
|
- provider-lifecycle expansion beyond current artifact truth
|
|
- panel, global-search, provider-registration, or asset-strategy changes for this slice |