ahmido/TenantAtlas
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects 1 Releases Wiki Activity
d2c7267f3b
TenantAtlas/docs/product/discoveries.md

5.7 KiB
Raw Blame History

Discoveries

Things found during implementation that don't belong in the current spec. Review weekly. Promote to spec-candidates.md or discard.

Items that are already tracked in spec-candidates.md or roadmap.md should not remain here.

Last reviewed: 2026-03-15

2026-03-15 — Queued execution trust relies too much on dispatch-time authority

  • Source: architecture audit
  • Observation: Queued jobs still rely too heavily on the actor, tenant, and authorization state captured at dispatch time. Execution-time scope continuity and reauthorization are not yet hardened as a canonical backend contract.
  • Category: hardening
  • Priority: high
  • Suggested follow-up: Track in ../audits/2026-03-15-audit-spec-candidates.md as Candidate A: queued execution reauthorization and scope continuity.

2026-03-15 — Tenant-owned query canon remains too ad hoc

  • Source: architecture audit
  • Observation: Tenant isolation is broadly present, but many tenant-owned reads still depend on repeated local tenant_id filtering instead of a reusable canonical query path. This increases drift risk and weakens wrong-tenant regression discipline.
  • Category: hardening
  • Priority: high
  • Suggested follow-up: Track in ../audits/2026-03-15-audit-spec-candidates.md as Candidate B: tenant-owned query canon and wrong-tenant guards.

2026-03-15 — Findings lifecycle truth is stronger in docs than in enforcement

  • Source: architecture audit
  • Observation: Findings workflow semantics are well-defined at spec level, but architectural enforcement still depends too much on service-path discipline. Direct or bypassing status mutations remain too plausible.
  • Category: hardening
  • Priority: high
  • Suggested follow-up: Track in ../audits/2026-03-15-audit-spec-candidates.md as Candidate C: findings workflow enforcement and audit backstop.

2026-03-15 — Livewire trust-boundary hardening is still convention-driven

  • Source: architecture audit
  • Observation: Complex Livewire and Filament flows still expose too much ownership-relevant context in public component state. This is not a proven exploit in the repo today, but the hardening standard is not yet explicit or reusable.
  • Category: hardening
  • Priority: medium
  • Suggested follow-up: Track in ../audits/2026-03-15-audit-spec-candidates.md as Candidate D: Livewire context locking and trusted-state reduction.

2026-03-08 — Alert sla_due event type is dead code

  • Source: Spec 109 (Review Pack Export)
  • Observation: sla_due alert rule event type exists in the schema but no producer dispatches it. Dead code path.
  • Category: cleanup
  • Priority: low
  • Suggested follow-up: Remove or implement. If SLA alerting is a future feature, document the intent; otherwise delete.

2026-03-08 — Alert Deliveries header-action exemption needs permanent documentation

  • Source: Spec 122 (Empty State Consistency)
  • Observation: Alert Deliveries is the first resource with an explicit UX-001 relocation exemption — its CTA exists only in the empty state and does NOT relocate to the header. This needs to remain documented so future developers don't "fix" it.
  • Category: documentation
  • Priority: low
  • Suggested follow-up: Ensure the exemption is captured in the Action Surface Contract guard tests and/or resource-level comments.

2026-03-08 — Historical findings backfill for source field

  • Source: Spec 101 (Golden Master Baseline Governance)
  • Observation: The source field on findings was added but historical findings may not be backfilled. Reporting accuracy depends on this.
  • Category: data integrity
  • Priority: medium
  • Suggested follow-up: One-time migration or backfill job to classify existing findings by source.

2026-03-08 — Baseline profile hard-delete deferred

  • Source: Spec 101 (Golden Master Baseline Governance)
  • Observation: Baseline profiles can only be archived, not hard-deleted, in v1. If archive accumulation becomes a problem, a hard-delete with cascade needs to be built.
  • Category: feature gap
  • Priority: low
  • Suggested follow-up: Monitor archive count. Spec only if it becomes a user-reported issue.

2026-03-08 — Drift engine hard-fail when no Inventory Sync exists

  • Source: Spec 119 (Baseline Drift Engine Cutover)
  • Observation: Currently drift capture does NOT hard-fail when no completed Inventory Sync exists. This was deferred as a "larger product behavior change."
  • Category: hardening
  • Priority: medium
  • Suggested follow-up: Evaluate whether capturing drift without a baseline sync produces misleading results. If so, enforce the prerequisite.

2026-03-08 — Performance indexes for system console windowed queries

  • Source: Spec 114 (System Console Control Tower)
  • Observation: EXPLAIN baselines don't show pressure yet, but windowed queries on operation_runs could become slow at scale. Indexes were explicitly deferred.
  • Category: performance
  • Priority: low
  • Suggested follow-up: Monitor query times. Add indexes proactively if run count exceeds ~100k.

Template

## YYYY-MM-DD — Short title
- **Source**: Spec NNN (Name) | chat | audit | coding
- **Observation**:
- **Category**: feature gap | cleanup | hardening | UX polish | performance | documentation | data integrity
- **Priority**: low | medium | high
- **Suggested follow-up**: