ahmido/TenantAtlas
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects 1 Releases Wiki Activity
ed66591f2e
TenantAtlas/specs/398-decision-page-contract-migration/tasks.md
ahmido 6da925bd52 feat: migrate decision page contracts to productized flow (#469) 
Automated PR provided by Codex via Gitea API.

Co-authored-by: Ahmed Darrazi <ahmed.darrazi@live.de>
Reviewed-on: #469
2026-06-22 18:16:05 +00:00

15 KiB
Raw Blame History

Tasks: Spec 398 - Decision Page Contract Migration v1

Input: specs/398-decision-page-contract-migration/spec.md, specs/398-decision-page-contract-migration/plan.md Prerequisites: Existing /admin decision-family surfaces, Product Surface Contract, Filament v5 / Livewire v4 Tests: Required. This spec changes rendered UI defaults and must include Feature/Filament proof plus focused browser smoke. Implementation status: Keep all tasks unchecked until implementation work is actually completed.

Test Governance Checklist

  • Lane assignment is named and is the narrowest sufficient proof for the changed behavior.
  • New or changed tests stay in the smallest honest family; Browser coverage is one explicit focused decision-page proof path.
  • Shared helpers, factories, seeds, fixtures, and context defaults stay cheap by default; any widening is isolated or documented.
  • Planned validation commands cover the changed decision surfaces without pulling in unrelated lane cost.
  • The declared surface test profile is explicit: Product Surface Decision Page migration.
  • Browser proof is required because rendered UI changes are expected.
  • Human Product Sanity and Product Surface implementation-report close-out are planned and completed before implementation close-out.
  • Any material budget, baseline, trend, or escalation note is recorded in the active spec or implementation report.

Phase 1: Discovery And Guardrails

Purpose: Confirm current render paths, overloaded default content, and existing tests before runtime edits.

  • T001 Re-read specs/398-decision-page-contract-migration/spec.md, specs/398-decision-page-contract-migration/plan.md, and docs/product/standards/product-surface-contract.md; record selected implementation slice in specs/398-decision-page-contract-migration/implementation-report.md.
  • T002 Inspect Baseline Compare default-visible decision, proof, readiness, diagnostics, matrix, evidence-gap, and action sections in apps/platform/app/Filament/Pages/BaselineCompareLanding.php and apps/platform/resources/views/filament/pages/baseline-compare-landing.blade.php.
  • T003 Inspect Baseline Compare tests that may assert old proof/diagnostics visibility in apps/platform/tests/Feature/Filament/Spec336BaselineCompareProductProcessFlowAlignmentTest.php, apps/platform/tests/Feature/Filament/BaselineCompareLandingStartSurfaceTest.php, and related Baseline Compare feature files.
  • T004 Inspect Restore Preview / Readiness decision sections, summary cards, preview tables, diagnostics, proof links, and safety controls in apps/platform/app/Filament/Resources/RestoreRunResource.php, apps/platform/app/Filament/Resources/RestoreRunResource/Pages/CreateRestoreRun.php, and apps/platform/app/Filament/Resources/RestoreRunResource/Presenters/RestoreRunCreatePresenter.php.
  • T005 Inspect Restore Preview tests that may assert old broad preview/readiness content in apps/platform/tests/Feature/Filament/RestorePreviewTest.php, apps/platform/tests/Feature/Filament/RestoreRunPreviewProductizationTest.php, apps/platform/tests/Feature/Filament/Spec333RestoreCreateUxFinalProductizationTest.php, and apps/platform/tests/Feature/Filament/Spec390RestoreReadinessGuidanceTest.php.
  • T006 Decide whether optional Risk Exception Detail is narrow enough to include by inspecting apps/platform/app/Filament/Resources/FindingExceptionResource.php, apps/platform/app/Filament/Resources/FindingExceptionResource/Pages/ViewFindingException.php, and existing Spec 354 tests.
  • T007 Confirm global search posture remains unchanged for RestoreRunResource and optional FindingExceptionResource; record in implementation report.
  • T008 Confirm destructive/high-impact actions that may be touched and their confirmation/authorization/audit coverage: Baseline Compare Compare now, Restore execution/confirmation, and optional Risk Exception renew_exception / revoke_exception.
  • T009 Decide whether existing browser tests can carry Spec 398 proof or whether a new apps/platform/tests/Browser/Spec398DecisionPageContractMigrationSmokeTest.php file is required; record the decision.

Phase 2: Foundational Test Harness

Purpose: Add failing or adjusted tests before/alongside implementation so the decision-page contract is explicit.

  • T010 [P] Add or update Baseline Compare Feature/Filament assertions for one primary decision question, one primary action, top material drift/blocker visibility, no default OperationRun proof, no raw evidence links/source keys/detector output, and capped default rows.
  • T011 [P] Add or update Restore Preview / Readiness Feature/Filament assertions for one restore safety decision, one next action, top blockers/warnings, no default raw payload/OperationRun proof/provider responses, no all-expanded changed/unchanged/reviewed tables, and preserved safety controls.
  • T012 [P] If Risk Exception Detail is included, add or update assertions for hidden Source ID, Fingerprint, JSON summary payload, and raw evidence references by default while renew/revoke remain confirmed and authorized. N/A - Risk Exception deferred.
  • T013 Add or update authorized detail/audit path assertions for Baseline Compare and Restore Preview; include optional Risk Exception technical detail only if touched.
  • T014 Add or update focused browser proof in apps/platform/tests/Browser/Spec398DecisionPageContractMigrationSmokeTest.php unless T009 proves existing browser files cover every required surface. Existing browser files carry proof.

Phase 3: User Story 1 - Baseline Compare Decision Migration

Goal: Baseline Compare answers which baseline drift requires action and what the operator should do next.

Independent Test: Baseline Compare Feature/Filament and browser tests pass with decision-first default content and demoted technical proof.

  • T015 [US1] Update Baseline Compare decision card/status mapping in apps/platform/app/Filament/Pages/BaselineCompareLanding.php to use Product Surface status vocabulary.
  • T016 [US1] Ensure apps/platform/resources/views/filament/pages/baseline-compare-landing.blade.php shows one primary decision question, recommendation, impact, top material drift/blockers, and one primary action above technical/proof detail.
  • T017 [US1] Demote OperationRun proof from default product content in BaselineCompareLanding.php and the Blade view; keep authorized technical/audit access where repo-supported.
  • T018 [US1] Move or collapse full diagnostics, evidence-gap internals, source keys, detector output, raw payloads, RBAC diagnostic grids, and full compare/matrix launch details behind secondary/detail/audit paths.
  • T019 [US1] Cap default Baseline Compare material drift/detail rows to at most eight visible rows, preferring top three material items for summary.
  • T020 [US1] Preserve Compare now confirmation, capability gating, OperationRun creation/link behavior, queued toast, and browser event behavior.
  • T021 [US1] Run the focused Baseline Compare tests selected in T010 and document results in implementation-report.md.

Phase 4: User Story 2 - Restore Preview / Readiness Decision Migration

Goal: Restore Preview / Readiness answers whether restore is safe to continue and what must be resolved before execution.

Independent Test: Restore Feature/Filament and browser tests pass with a compact decision sub-surface and preserved restore safety controls.

  • T022 [US2] Update RestoreRunCreatePresenter output to prefer one restore decision status, source/target, top blockers/warnings, impact summary, and one next action.
  • T023 [US2] Reduce duplicate readiness/proof summaries and broad default summary card count in RestoreRunResource / RestoreRunCreatePresenter without removing safety blockers.
  • T024 [US2] Move or collapse raw restore payloads, OperationRun proof, internal job IDs, raw provider responses, low-level validation logs, raw backup metadata, and full diagnostics behind deliberate detail/audit paths.
  • T025 [US2] Cap default changed/unchanged/all-reviewed or equivalent restore preview tables to at most eight visible rows, or move full tables behind details.
  • T026 [US2] Preserve dry-run default behavior where applicable, acknowledgement, typed environment confirmation, confirmation protection, capability checks, and final execution gates.
  • T027 [US2] Preserve existing restore preparation and execution authorization tests, adding assertions only where the Product Surface migration changes visible affordances.
  • T028 [US2] Run the focused Restore tests selected in T011 and document results in implementation-report.md.

Phase 5: User Story 3 - Optional Risk Exception Detail Cleanup

Goal: Include Risk Exception Detail only if the implementation remains narrow and does not reopen Spec 354.

Independent Test: If included, Finding Exception tests prove raw evidence fields are not default-visible and renew/revoke safety remains intact.

  • T029 [US3] Record the include/defer decision for Risk Exception Detail in implementation-report.md.
  • T030 [US3] If included, demote Source ID, Fingerprint, JSON summary payload, raw evidence references, detector output, and source keys from the default FindingExceptionResource detail view. N/A - Risk Exception deferred.
  • T031 [US3] If included, keep accepted-risk guidance as the top product decision using existing Spec 354 paths; do not create a new accepted-risk workflow layer. N/A - Risk Exception deferred.
  • T032 [US3] If included, ensure renew_exception and revoke_exception remain confirmation-protected, authorized, service-backed, notification-backed, and visually separated. N/A - Risk Exception deferred.
  • T033 [US3] If included, run focused Finding Exception tests selected in T012 and document results in implementation-report.md. N/A - Risk Exception deferred.

Phase 6: User Story 4 - Technical Detail And Authorization Proof

Goal: Product simplification does not remove authorized diagnostics, auditability, or tenant/workspace isolation.

Independent Test: Authorized detail/audit paths remain reachable and unauthorized users do not see technical internals.

  • T034 [US4] Verify Baseline Compare authorized detail/audit paths remain reachable where supported and unauthorized users cannot access out-of-scope operation/evidence/baseline records.
  • T035 [US4] Verify Restore detail/audit/diagnostic paths remain reachable where supported and unauthorized users cannot access out-of-scope restore, backup, operation, or provider detail.
  • T036 [US4] If Risk Exception is included, verify evidence/detail access remains authorized and no raw fields appear by default. N/A - Risk Exception deferred.
  • T037 [US4] Run focused authorization/detail tests selected in T013 and document results in implementation-report.md.

Phase 7: UI Coverage, Browser Proof, Product Sanity, And Validation

Purpose: Prove rendered UI reduction and close the Product Surface Contract gate.

  • T038 Update docs/ui-ux-enterprise-audit/route-inventory.md for every changed target surface; if a planned surface is skipped, record no-update rationale in implementation-report.md.
  • T039 Update docs/ui-ux-enterprise-audit/design-coverage-matrix.md for every changed target surface; if a planned surface is skipped, record no-update rationale in implementation-report.md.
  • T040 Run focused Spec 398 browser smoke for Baseline Compare and Restore Preview / Readiness, and Risk Exception Detail only if included.
  • T041 Capture browser proof as screenshots under specs/398-decision-page-contract-migration/artifacts/screenshots/ or record equivalent textual proof in implementation-report.md.
  • T042 Complete Human Product Sanity review and record the result in implementation-report.md.
  • T043 Record Product Surface exceptions as none or document approved exceptions in implementation-report.md; unapproved exceptions block completion.
  • T044 Record Livewire v4 compliance, provider registration location, global search posture, destructive/high-impact actions, asset strategy, tests/browser result, visible complexity outcome, and deployment impact in implementation-report.md.
  • T045 Run focused Feature/Filament tests selected in T010-T013 and T034-T037; document exact commands and results.
  • T046 Run affected existing browser tests if shared flows changed; document exact commands and results.
  • T047 Run cd apps/platform && ./vendor/bin/sail bin pint --dirty --format agent.
  • T048 Run git diff --check.
  • T049 Confirm no application code introduced migrations, new persisted truth, new broad decision framework, Graph render calls, compatibility toggles, new assets, new routes, or panel/provider changes; record the result.

Dependencies

  • Phase 1 must complete before runtime edits.
  • Phase 2 tests should be added before or alongside each corresponding implementation phase.
  • Baseline Compare and Restore Preview work can proceed in parallel after discovery because they touch different primary files.
  • Optional Risk Exception work depends on T006/T029 include decision.
  • Browser proof and Human Product Sanity depend on all touched rendered surfaces.

Requirement Coverage Map

Requirement Primary task coverage
FR-398-001 Baseline Compare decision layout T010, T015-T016, T040-T044
FR-398-002 Baseline Compare technical demotion T010, T017-T018, T034
FR-398-003 Baseline Compare table caps T010, T019
FR-398-004 Restore decision sub-surface T011, T022-T023, T040-T044
FR-398-005 Restore technical demotion T011, T024-T025, T035
FR-398-006 Restore safety preserved T011, T026-T027
FR-398-007 Risk Exception optional demotion T012, T029-T033, T036
FR-398-008 One primary action T010-T012, T016, T022, T031
FR-398-009 Authorized detail/audit paths T013, T034-T037
FR-398-010 Canonical status vocabulary T015, T022, T044
FR-398-011 High-impact action safety T008, T020, T026, T032, T044
FR-398-012 No new framework/persistence T001, T049
FR-398-013 Tests updated from old behavior T003, T005, T010-T013, T045
FR-398-014 Focused browser proof T014, T040-T041
NFR-398-001 Visible complexity decreases T040-T044
NFR-398-002 No Graph calls during render T049
NFR-398-003 Safety blockers visible T016, T022-T026
NFR-398-004 Focused browser scope T009, T014, T040-T041
NFR-398-005 Fixture/helper cost bounded T014, T040-T046

Parallel Execution Examples

After Phase 1:
- Agent A: T010, T015-T021 for Baseline Compare.
- Agent B: T011, T022-T028 for Restore Preview / Readiness.
- Agent C: T012, T029-T033 only if Risk Exception is included.
- Agent D: T034-T039 coverage and authorization proof once implementation surfaces stabilize.

Explicit Non-Goals For Implementation

  • Do not create a new Decision Page engine, Technical Annex framework, persisted decision state, enum/status family, registry, resolver, provider abstraction, restore behavior, baseline compare engine behavior, evidence generation flow, navigation architecture, or compatibility toggle.
  • Do not rewrite completed specs or remove their validation, browser, screenshot, task, or close-out history.
  • Do not reopen Review Publication Resolution, Decision Register, Governance Inbox, Customer Review Workspace, receipt pages, dashboard/inbox link budgets, or system panel surfaces inside this spec.