ahmido/TenantAtlas
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects 1 Releases Wiki Activity
eb0f3155f0
TenantAtlas/specs/253-remove-findings-backfill-runtime-surfaces/tasks.md
ahmido 2fa8fc0f87
Some checks failed
PR Fast Feedback / fast-feedback (pull_request) Failing after 51s
Details
refactor: remove findings lifecycle backfill runtime surfaces (#294) 
## Summary
- decommission the legacy findings lifecycle backfill substrate across command, job, service, and UI layers
- remove related platform capabilities, operation catalog entries, and action surface exemptions
- add regression and removal verification tests to ensure runtime integrity and surface absence
- include spec, plan, tasks, and data-model artifacts for the removal slice

## Scope
- active spec: specs/253-remove-findings-backfill-runtime-surfaces
- target branch: dev

## Validation
- integrated regression and removal verification tests for console, findings, and system ops surfaces
- audit log and capability trace verification for the removal path

Co-authored-by: Ahmed Darrazi <ahmed.darrazi@live.de>
Reviewed-on: #294
2026-04-28 22:00:51 +00:00

26 KiB
Raw Blame History

Tasks: Remove Findings Lifecycle Backfill Runtime Surfaces

Input: Design documents from /specs/253-remove-findings-backfill-runtime-surfaces/ Prerequisites: plan.md, spec.md, research.md, data-model.md, quickstart.md, contracts/findings-backfill-runtime-surface-removal.contract.yaml

Tests (TEST-GOV-001): REQUIRED (Pest). Keep proof in the targeted fast-feedback and confidence feature + unit lanes already named in specs/253-remove-findings-backfill-runtime-surfaces/plan.md and specs/253-remove-findings-backfill-runtime-surfaces/quickstart.md, plus one retained heavy-governance guard in apps/platform/tests/Feature/OperationalControls/NoAdHocOperationalControlBypassTest.php because the cleanup removes an operational-control key and its owning runbook-service seam. Prefer absence-focused coverage in apps/platform/tests/Feature/System/OpsRunbooks/RemoveFindingsLifecycleBackfillRunbookSurfaceTest.php, apps/platform/tests/Feature/System/OpsControls/RemoveFindingsLifecycleBackfillControlTraceTest.php, apps/platform/tests/Feature/Findings/RemoveFindingsLifecycleBackfillActionTest.php, apps/platform/tests/Feature/Console/RemoveFindingsLifecycleBackfillCommandsTest.php, apps/platform/tests/Unit/Support/OperationCatalog/RemoveFindingsLifecycleBackfillCatalogTraceTest.php, apps/platform/tests/Unit/Support/Auth/RemoveFindingsLifecycleBackfillCapabilityTraceTest.php, and apps/platform/tests/Feature/Findings/FindingWorkflowRegressionTest.php. Keep the cleanup net-negative by deleting backfill-only tests instead of widening the suite. Operations: This slice removes one existing OperationRun start family. Do not add a replacement runbook, alias, no-op command shell, or local start UX. Historical operation_runs and audit_logs rows may remain untouched, but no supported surface may create a new findings.lifecycle.backfill run after cleanup. RBAC: Preserve current /system platform-only access, /admin/t/{tenant} tenant isolation, deny-as-not-found 404 for non-members or out-of-scope users, and 403 for in-scope capability failures on surviving actions. Remove the backfill-specific platform capability constant and seed grant without widening any unrelated authorization behavior. UI / Surface Guardrails: This is a review-mandatory cleanup across native Filament system runbooks, native Filament system operational controls, and the tenant findings list. Keep standard-native-filament relief for surviving surfaces, remove the backfill affordances entirely, and do not introduce replacement helper copy, new panels, or new assets. Filament UI Action Surfaces: No new Filament Resource, Page, RelationManager, panel, or provider work is introduced. apps/platform/app/Filament/System/Pages/Ops/Runbooks.php, apps/platform/resources/views/filament/system/pages/ops/runbooks.blade.php, and apps/platform/app/Filament/Resources/FindingResource/Pages/ListFindings.php must converge on supported runbook and findings workflow actions only. Organization: Tasks are grouped by user story so each slice stays independently verifiable. Recommended delivery order is Phase 1 -> Phase 2 -> US1 and US2 in parallel -> US3 -> final cleanup and validation, because regression proof only matters after all backfill start seams and traces are removed.

Test Governance Checklist

  • Lane assignment stays fast-feedback plus confidence, with one explicit retained heavy-governance guard for operational-control bypass residue, and remains the narrowest sufficient proof for the removed runtime family.
  • New or changed tests stay in focused Feature and Unit files only; no browser or new heavy-governance family is added.
  • Shared helpers, factories, seeds, fixtures, and support defaults remain cheap by default; any backfill-specific setup is deleted instead of generalized.
  • Planned validation commands stay limited to the targeted Sail test commands already captured in specs/253-remove-findings-backfill-runtime-surfaces/plan.md and specs/253-remove-findings-backfill-runtime-surfaces/quickstart.md.
  • The declared surface test profile stays standard-native-filament plus monitoring-state-page where the system runbooks or controls surfaces need explicit absence proof.
  • Any material suite-footprint or follow-up note resolves in this feature as document-in-feature or follow-up-spec, not as an implicit scope expansion.

Phase 1: Setup (Shared Cleanup Anchors)

Purpose: Lock the concrete removal inventory and proving commands before implementation starts.

  • T001 [P] Verify the source-surface inventory across apps/platform/app/Filament/System/Pages/Ops/Runbooks.php, apps/platform/resources/views/filament/system/pages/ops/runbooks.blade.php, apps/platform/app/Filament/Resources/FindingResource/Pages/ListFindings.php, apps/platform/app/Console/Commands/TenantpilotBackfillFindingLifecycle.php, and apps/platform/app/Console/Commands/TenantpilotRunDeployRunbooks.php
  • T002 [P] Verify the runtime-cluster and trace inventory across apps/platform/app/Services/Runbooks/FindingsLifecycleBackfillRunbookService.php, apps/platform/app/Services/Runbooks/FindingsLifecycleBackfillScope.php, apps/platform/app/Jobs/BackfillFindingLifecycleJob.php, apps/platform/app/Jobs/BackfillFindingLifecycleWorkspaceJob.php, apps/platform/app/Jobs/BackfillFindingLifecycleTenantIntoWorkspaceRunJob.php, apps/platform/app/Support/OperationCatalog.php, apps/platform/app/Support/Auth/PlatformCapabilities.php, apps/platform/app/Services/SystemConsole/OperationRunTriageService.php, apps/platform/app/Support/Livewire/TrustedState/TrustedStatePolicy.php, apps/platform/app/Support/Ui/ActionSurface/ActionSurfaceExemptions.php, and apps/platform/database/seeders/PlatformUserSeeder.php
  • T003 [P] Verify the narrow validation-lane commands and manual smoke expectations in specs/253-remove-findings-backfill-runtime-surfaces/plan.md and specs/253-remove-findings-backfill-runtime-surfaces/quickstart.md

Checkpoint: The cleanup boundaries and proving commands are locked before any runtime file is changed.

Phase 2: Foundational (Blocking Proof Surfaces)

Purpose: Make the absence proof, regression anchors, and cleanup inventory explicit before deleting shared runtime seams.

CRITICAL: No user story work should begin until this phase is complete.

  • T004 [P] Lock the surface-removal proof plan across apps/platform/tests/Feature/System/OpsRunbooks/RemoveFindingsLifecycleBackfillRunbookSurfaceTest.php, apps/platform/tests/Feature/System/OpsControls/RemoveFindingsLifecycleBackfillControlTraceTest.php, apps/platform/tests/Feature/Findings/RemoveFindingsLifecycleBackfillActionTest.php, and apps/platform/tests/Feature/Console/RemoveFindingsLifecycleBackfillCommandsTest.php
  • T005 [P] Lock the registry, capability, and retained heavy-governance bypass proof plan across apps/platform/tests/Unit/Support/OperationCatalog/RemoveFindingsLifecycleBackfillCatalogTraceTest.php, apps/platform/tests/Unit/Support/Auth/RemoveFindingsLifecycleBackfillCapabilityTraceTest.php, apps/platform/tests/Feature/System/Spec114/OpsTriageActionsTest.php, and apps/platform/tests/Feature/OperationalControls/NoAdHocOperationalControlBypassTest.php
  • T006 [P] Audit canonical findings workflow and authorization regression anchors across apps/platform/tests/Feature/Findings/FindingWorkflowRegressionTest.php, apps/platform/tests/Feature/System/Spec113/AuthorizationSemanticsTest.php, and apps/platform/tests/Feature/System/Spec113/TenantPlaneCannotAccessSystemTest.php
  • T007 [P] Verify the backfill-only cleanup targets across apps/platform/tests/Feature/System/OpsRunbooks/FindingsLifecycleBackfillPreflightTest.php, apps/platform/tests/Feature/System/OpsRunbooks/FindingsLifecycleBackfillStartTest.php, apps/platform/tests/Feature/System/OpsRunbooks/FindingsLifecycleBackfillIdempotencyTest.php, apps/platform/tests/Feature/System/OpsRunbooks/FindingsLifecycleBackfillBreakGlassTest.php, apps/platform/tests/Feature/System/OpsRunbooks/FindingsLifecycleBackfillAuditFailSafeTest.php, apps/platform/tests/Feature/System/OpsRunbooks/OpsUxStartSurfaceContractTest.php, apps/platform/tests/Feature/Filament/Spec113/AdminFindingsNoMaintenanceActionsTest.php, apps/platform/tests/Feature/Findings/FindingBackfillTest.php, apps/platform/tests/Feature/Findings/OperationalControlFindingsBackfillGateTest.php, apps/platform/tests/Feature/Console/Spec113/DeployRunbooksCommandTest.php, apps/platform/tests/Feature/System/OpsRunbooks/OperationalControlRunbookGateTest.php, and docs/HANDOVER.md

Checkpoint: Absence-proof files, regression anchors, and cleanup-only artifacts are explicit and ready for bounded implementation work.

Phase 3: User Story 1 - Stop Shipping Repair Tooling (Priority: P1) 🎯 MVP

Goal: Remove the visible lifecycle-backfill affordances from system and tenant operator surfaces so the product only presents supported findings and ops actions.

Independent Test: Open /system/ops/runbooks, /system/ops/controls, and /admin/t/{tenant}/findings and verify there is no lifecycle-backfill card, control trace, or header action while the surviving findings workflow actions still render under current authorization rules.

Tests for User Story 1

  • T008 [P] [US1] Add system runbook absence coverage for the removed card, preflight state, modal, and last-run copy in apps/platform/tests/Feature/System/OpsRunbooks/RemoveFindingsLifecycleBackfillRunbookSurfaceTest.php
  • T009 [P] [US1] Add tenant findings absence coverage for the removed header action and backfill-only Open operation messaging in apps/platform/tests/Feature/Findings/RemoveFindingsLifecycleBackfillActionTest.php
  • T010 [P] [US1] Add system operational-control absence coverage for removed findings.lifecycle.backfill surface traces in apps/platform/tests/Feature/System/OpsControls/RemoveFindingsLifecycleBackfillControlTraceTest.php

Implementation for User Story 1

  • T011 [US1] Remove the lifecycle-backfill runbook card, preflight action, run modal, and last-run display from apps/platform/app/Filament/System/Pages/Ops/Runbooks.php and apps/platform/resources/views/filament/system/pages/ops/runbooks.blade.php
  • T012 [US1] Remove the tenant findings lifecycle-backfill header action and its backfill-only queued, paused, and link copy from apps/platform/app/Filament/Resources/FindingResource/Pages/ListFindings.php
  • T013 [US1] Reconcile surface-level authorization continuity for surviving system and tenant actions in apps/platform/tests/Feature/System/OpsRunbooks/RemoveFindingsLifecycleBackfillRunbookSurfaceTest.php, apps/platform/tests/Feature/Findings/RemoveFindingsLifecycleBackfillActionTest.php, apps/platform/tests/Feature/System/Spec113/AuthorizationSemanticsTest.php, and apps/platform/tests/Feature/System/Spec113/TenantPlaneCannotAccessSystemTest.php

Checkpoint: User Story 1 is independently functional and the visible repair tooling is gone from system and tenant operator surfaces.

Phase 4: User Story 2 - Remove Hidden Runtime Entry Points (Priority: P1)

Goal: Remove every supported command, deploy hook, runtime service, job, and shared registry trace that can still start or advertise findings lifecycle backfill.

Independent Test: Review the supported command surface, shared runtime seams, operation catalog, triage helpers, capability registry, and seeder grants and verify that no supported path can queue or describe findings.lifecycle.backfill anymore.

Tests for User Story 2

  • T014 [P] [US2] Add command-removal coverage for the missing lifecycle-backfill CLI and deploy entry points in apps/platform/tests/Feature/Console/RemoveFindingsLifecycleBackfillCommandsTest.php
  • T015 [P] [US2] Add operation-catalog and capability trace removal guards in apps/platform/tests/Unit/Support/OperationCatalog/RemoveFindingsLifecycleBackfillCatalogTraceTest.php and apps/platform/tests/Unit/Support/Auth/RemoveFindingsLifecycleBackfillCapabilityTraceTest.php
  • T016 [P] [US2] Add operational-control, triage, and retained bypass-guard residue coverage for removed backfill traces in apps/platform/tests/Feature/System/Spec114/OpsTriageActionsTest.php, apps/platform/tests/Feature/OperationalControls/NoAdHocOperationalControlBypassTest.php, and apps/platform/tests/Feature/System/OpsControls/RemoveFindingsLifecycleBackfillControlTraceTest.php

Implementation for User Story 2

  • T017 [US2] Delete the supported CLI and deploy/runtime entry points in apps/platform/app/Console/Commands/TenantpilotBackfillFindingLifecycle.php and apps/platform/app/Console/Commands/TenantpilotRunDeployRunbooks.php
  • T018 [US2] Delete the dedicated backfill runtime cluster in apps/platform/app/Services/Runbooks/FindingsLifecycleBackfillRunbookService.php, apps/platform/app/Services/Runbooks/FindingsLifecycleBackfillScope.php, apps/platform/app/Jobs/BackfillFindingLifecycleJob.php, apps/platform/app/Jobs/BackfillFindingLifecycleWorkspaceJob.php, and apps/platform/app/Jobs/BackfillFindingLifecycleTenantIntoWorkspaceRunJob.php
  • T019 [US2] Remove findings.lifecycle.backfill registry, authorization, and trusted-state traces from apps/platform/app/Support/OperationCatalog.php, apps/platform/app/Services/SystemConsole/OperationRunTriageService.php, apps/platform/app/Support/Auth/PlatformCapabilities.php, apps/platform/app/Support/Livewire/TrustedState/TrustedStatePolicy.php, and apps/platform/database/seeders/PlatformUserSeeder.php
  • T020 [US2] Remove or rewrite backfill-only command, control, and action-surface expectations in apps/platform/app/Support/Ui/ActionSurface/ActionSurfaceExemptions.php, apps/platform/tests/Feature/Console/Spec113/DeployRunbooksCommandTest.php, apps/platform/tests/Feature/System/OpsRunbooks/OperationalControlRunbookGateTest.php, apps/platform/tests/Feature/Findings/OperationalControlFindingsBackfillGateTest.php, and apps/platform/tests/Feature/OperationalControls/NoAdHocOperationalControlBypassTest.php

Checkpoint: User Story 2 is independently functional and no supported runtime or registry path can start or advertise lifecycle backfill.

Phase 5: User Story 3 - Keep Canonical Findings Workflow Unchanged (Priority: P2)

Goal: Preserve canonical findings workflow behavior and authorization semantics while the repair path is removed.

Independent Test: Run representative triage, assignment, start progress, resolve, and risk-accept flows after the cleanup and confirm the same tenant isolation plus 404 versus 403 semantics still hold for surviving findings and system surfaces.

Tests for User Story 3

  • T021 [P] [US3] Add representative findings workflow regression coverage for triage, assignment, start progress, resolve, risk acceptance, ownership, SLA, due-date, and reviewable continuity in apps/platform/tests/Feature/Findings/FindingWorkflowRegressionTest.php
  • T022 [P] [US3] Add explicit surviving-surface authorization regression assertions inside apps/platform/tests/Feature/Findings/RemoveFindingsLifecycleBackfillActionTest.php, apps/platform/tests/Feature/System/OpsRunbooks/RemoveFindingsLifecycleBackfillRunbookSurfaceTest.php, apps/platform/tests/Feature/System/Spec113/AuthorizationSemanticsTest.php, and apps/platform/tests/Feature/System/Spec113/TenantPlaneCannotAccessSystemTest.php

Implementation for User Story 3

  • T023 [US3] Reconcile surviving findings workflow fixtures and assertions so they no longer depend on deleted backfill helpers in apps/platform/tests/Feature/Findings/FindingWorkflowRegressionTest.php, apps/platform/tests/Feature/Findings/FindingBackfillTest.php, and apps/platform/tests/Feature/Findings/RemoveFindingsLifecycleBackfillActionTest.php

Checkpoint: User Story 3 is independently functional and the canonical findings workflow remains unchanged after the backfill cleanup.

Phase 6: Polish & Cross-Cutting Concerns

Purpose: Remove backfill-only repository residue, keep docs and lane support honest, and run the narrow validation workflow.

  • T024 [P] Remove or rewrite backfill-only runbook test families in apps/platform/tests/Feature/System/OpsRunbooks/FindingsLifecycleBackfillPreflightTest.php, apps/platform/tests/Feature/System/OpsRunbooks/FindingsLifecycleBackfillStartTest.php, apps/platform/tests/Feature/System/OpsRunbooks/FindingsLifecycleBackfillIdempotencyTest.php, apps/platform/tests/Feature/System/OpsRunbooks/FindingsLifecycleBackfillBreakGlassTest.php, apps/platform/tests/Feature/System/OpsRunbooks/FindingsLifecycleBackfillAuditFailSafeTest.php, and apps/platform/tests/Feature/System/OpsRunbooks/OpsUxStartSurfaceContractTest.php
  • T025 [P] Remove or rewrite backfill-only findings and control test artifacts in apps/platform/tests/Feature/Filament/Spec113/AdminFindingsNoMaintenanceActionsTest.php, apps/platform/tests/Feature/Findings/FindingBackfillTest.php, apps/platform/tests/Feature/Findings/OperationalControlFindingsBackfillGateTest.php, apps/platform/tests/Feature/System/OpsRunbooks/OperationalControlRunbookGateTest.php, apps/platform/tests/Feature/Console/Spec113/DeployRunbooksCommandTest.php, and apps/platform/tests/Feature/System/OpsControls/OperationalControlManagementTest.php
  • T026 [P] Clean remaining handover and lane-support traces in docs/HANDOVER.md, apps/platform/tests/Support/TestLaneManifest.php, scripts/platform-test-lane, and scripts/platform-test-report
  • T027 Run formatting for touched PHP files with export PATH="/bin:/usr/bin:/usr/local/bin:$PATH" && cd apps/platform && ./vendor/bin/sail bin pint --dirty --format agent after the cleanup across apps/platform/app/, apps/platform/tests/, and apps/platform/database/seeders/PlatformUserSeeder.php
  • T028 [P] Run the targeted surface-removal Pest command from specs/253-remove-findings-backfill-runtime-surfaces/quickstart.md against apps/platform/tests/Feature/System/OpsRunbooks/RemoveFindingsLifecycleBackfillRunbookSurfaceTest.php, apps/platform/tests/Feature/System/OpsControls/RemoveFindingsLifecycleBackfillControlTraceTest.php, apps/platform/tests/Feature/Findings/RemoveFindingsLifecycleBackfillActionTest.php, and apps/platform/tests/Feature/Console/RemoveFindingsLifecycleBackfillCommandsTest.php
  • T029 [P] Run the targeted registry and workflow Pest commands from specs/253-remove-findings-backfill-runtime-surfaces/quickstart.md against apps/platform/tests/Unit/Support/OperationCatalog/RemoveFindingsLifecycleBackfillCatalogTraceTest.php, apps/platform/tests/Unit/Support/Auth/RemoveFindingsLifecycleBackfillCapabilityTraceTest.php, and apps/platform/tests/Feature/Findings/FindingWorkflowRegressionTest.php
  • T030 Run final residue searches for findings.lifecycle.backfill, Backfill findings lifecycle, Rebuild Findings Lifecycle, FindingsLifecycleBackfill, and TenantpilotBackfillFindingLifecycle across apps/platform/app/, apps/platform/resources/, apps/platform/tests/, apps/platform/database/, and docs/HANDOVER.md

Dependencies & Execution Order

Phase Dependencies

  • Setup (Phase 1): Starts immediately and locks the concrete inventory plus validation commands.
  • Foundational (Phase 2): Depends on Setup and blocks all story work until proof files, regression anchors, and cleanup-only artifacts are explicit.
  • User Story 1 (Phase 3): Depends on Foundational and is part of the MVP delivery.
  • User Story 2 (Phase 4): Depends on Foundational and can proceed in parallel with User Story 1 because it targets the hidden runtime and registry seams behind the removed surfaces.
  • User Story 3 (Phase 5): Depends on User Story 1 and User Story 2 because workflow regression only proves the right thing once every backfill start surface is gone.
  • Polish (Phase 6): Depends on all desired user stories being complete so backfill-only tests, docs, and residue searches can be cleaned once.

User Story Dependencies

  • US1: No dependencies beyond Foundational.
  • US2: No dependencies beyond Foundational.
  • US3: Depends on US1 and US2.

Within Each User Story

  • Add or update the story tests first and confirm they fail before cleanup edits are considered complete.
  • Remove source traces instead of hiding the backfill path locally on one page.
  • Do not keep compatibility aliases, no-op commands, replacement repair surfaces, or historical row UX promises.
  • Keep acknowledged-status cleanup and creation-time lifecycle invariant hardening out of scope for this feature.

Parallel Opportunities

  • T001, T002, and T003 can run in parallel during Setup.
  • T004, T005, T006, and T007 can run in parallel during Foundational work.
  • T008, T009, and T010 can run in parallel for User Story 1, followed by T011 and T012, before reconciling continuity in T013.
  • T014, T015, and T016 can run in parallel for User Story 2, followed by T017, T018, and T019, before reconciling backfill-only expectations in T020.
  • User Story 1 and User Story 2 can proceed in parallel after Foundational is complete.
  • T024, T025, and T026 can run in parallel during cross-cutting cleanup.
  • T028 and T029 can run in parallel during final validation.

Parallel Example: User Story 1

# User Story 1 tests in parallel
T008 apps/platform/tests/Feature/System/OpsRunbooks/RemoveFindingsLifecycleBackfillRunbookSurfaceTest.php
T009 apps/platform/tests/Feature/Findings/RemoveFindingsLifecycleBackfillActionTest.php
T010 apps/platform/tests/Feature/System/OpsControls/RemoveFindingsLifecycleBackfillControlTraceTest.php

# User Story 1 implementation after the tests are in place
T011 apps/platform/app/Filament/System/Pages/Ops/Runbooks.php + apps/platform/resources/views/filament/system/pages/ops/runbooks.blade.php
T012 apps/platform/app/Filament/Resources/FindingResource/Pages/ListFindings.php

Parallel Example: User Story 2

# User Story 2 tests in parallel
T014 apps/platform/tests/Feature/Console/RemoveFindingsLifecycleBackfillCommandsTest.php
T015 apps/platform/tests/Unit/Support/OperationCatalog/RemoveFindingsLifecycleBackfillCatalogTraceTest.php + apps/platform/tests/Unit/Support/Auth/RemoveFindingsLifecycleBackfillCapabilityTraceTest.php
T016 apps/platform/tests/Feature/System/Spec114/OpsTriageActionsTest.php + apps/platform/tests/Feature/OperationalControls/NoAdHocOperationalControlBypassTest.php + apps/platform/tests/Feature/System/OpsControls/RemoveFindingsLifecycleBackfillControlTraceTest.php

# User Story 2 implementation after the tests are in place
T017 apps/platform/app/Console/Commands/TenantpilotBackfillFindingLifecycle.php + apps/platform/app/Console/Commands/TenantpilotRunDeployRunbooks.php
T018 apps/platform/app/Services/Runbooks/FindingsLifecycleBackfillRunbookService.php + apps/platform/app/Jobs/BackfillFindingLifecycle*.php
T019 apps/platform/app/Support/OperationCatalog.php + apps/platform/app/Services/SystemConsole/OperationRunTriageService.php + apps/platform/app/Support/Auth/PlatformCapabilities.php + apps/platform/database/seeders/PlatformUserSeeder.php

Parallel Example: Cross-Story Delivery After Foundational

# Visible surfaces and hidden runtime traces can be removed in parallel after Phase 2
T011-T013 apps/platform/app/Filament/System/Pages/Ops/Runbooks.php + apps/platform/resources/views/filament/system/pages/ops/runbooks.blade.php + apps/platform/app/Filament/Resources/FindingResource/Pages/ListFindings.php + related surface tests
T017-T020 apps/platform/app/Console/Commands/TenantpilotBackfillFindingLifecycle.php + apps/platform/app/Console/Commands/TenantpilotRunDeployRunbooks.php + apps/platform/app/Services/Runbooks/FindingsLifecycleBackfillRunbookService.php + apps/platform/app/Jobs/BackfillFindingLifecycle*.php + apps/platform/app/Support/OperationCatalog.php + apps/platform/app/Services/SystemConsole/OperationRunTriageService.php + apps/platform/app/Support/Auth/PlatformCapabilities.php + apps/platform/database/seeders/PlatformUserSeeder.php

Implementation Strategy

MVP First (User Stories 1 and 2)

  1. Complete Phase 1: Setup.
  2. Complete Phase 2: Foundational.
  3. Complete Phase 3: User Story 1.
  4. Complete Phase 4: User Story 2.
  5. Run T027, T028, and T030 before widening into workflow-regression cleanup.

Incremental Delivery

  1. Lock the removal inventory and proving commands.
  2. Remove the visible runbook, findings action, and control-surface traces.
  3. Remove the hidden CLI, deploy-hook, service, job, capability, catalog, and triage seams.
  4. Prove the canonical findings workflow and authorization semantics still behave the same.
  5. Clean backfill-only tests and docs, then finish with Pint plus the targeted Pest commands.

Parallel Team Strategy

  1. One contributor can own the visible surface cleanup (US1) while another owns the command, runtime, and registry cleanup (US2) after Phase 2.
  2. Once both P1 stories land, a focused pass can own the workflow-regression slice (US3) without reopening runtime-surface decisions.
  3. A final pass can remove backfill-only test or docs residue and run the narrow validation commands.

Notes

  • Suggested MVP scope: Phase 1 through Phase 4 only. Visible-surface removal without runtime-cluster removal is not sufficient for this feature.
  • Explicit non-goals for implementation remain: legacy acknowledged status cleanup, creation-time lifecycle invariant hardening, a replacement repair surface, historical data migration, and compatibility aliases or no-op command shells.
  • Follow-up candidates remain the same as the prepared spec: Remove Legacy Acknowledged Finding Status Compatibility and Enforce Creation-Time Finding Invariants.
  • All tasks above follow the required checklist format with task ID, optional parallel marker, story label where applicable, and concrete file paths.