ahmido/TenantAtlas
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects 1 Releases Wiki Activity
f1eadadf78
TenantAtlas/specs/377-post-productization-browser-reaudit-closeout-gate/tasks.md
ahmido f1eadadf78 docs: add spec 377 post-productization browser reaudit closeout gate (#448) 
Added documentation and artifacts for Spec 377 regarding post-productization browser reaudit closeout gate.

Co-authored-by: Ahmed Darrazi <ahmed.darrazi@live.de>
Reviewed-on: #448
2026-06-13 19:52:49 +00:00

17 KiB
Raw Blame History

Tasks: Spec 377 - Post-Productization Browser Re-Audit and Closeout Gate v1

Input: Design documents from /specs/377-post-productization-browser-reaudit-closeout-gate/ Prerequisites: spec.md, plan.md, checklists/requirements.md

Tests: Browser/heavy-governance audit proof is required. No application runtime tests are required unless the implementation changes runtime code after an explicit spec/plan update.

Test Governance Checklist

  • Lane assignment is named and is the narrowest sufficient proof for the changed behavior.
  • New or changed tests stay in the smallest honest family, and any heavy-governance or browser addition is explicit.
  • Shared helpers, factories, seeds, fixtures, and context defaults stay cheap by default; any widening is isolated or documented.
  • Planned validation commands cover the change without pulling in unrelated lane cost.
  • The declared surface test profile or standard-native-filament relief is explicit.
  • Any material budget, baseline, trend, or escalation note is recorded in the active spec or PR.

Phase 1: Setup And Repo Safety

Purpose: Establish safe audit context and create spec-local artifact structure.

  • T001 Record git status --short --branch, git diff --name-only, git diff --stat, and git rev-parse --short HEAD in specs/377-post-productization-browser-reaudit-closeout-gate/artifacts/validation-report.md.
  • T002 Create specs/377-post-productization-browser-reaudit-closeout-gate/artifacts/ and specs/377-post-productization-browser-reaudit-closeout-gate/artifacts/screenshots/.
  • T003 Confirm no application/runtime files are intentionally in scope and record the allowed-change boundary in specs/377-post-productization-browser-reaudit-closeout-gate/artifacts/validation-report.md.
  • T004 Re-read Spec 377 spec.md, plan.md, and tasks.md before browser work and record any implementation assumptions in specs/377-post-productization-browser-reaudit-closeout-gate/artifacts/validation-report.md.

Phase 2: Source Program Summary (US1)

Goal: Prove closeout readiness from predecessor artifacts before browser scoring.

Independent Test: source-program-summary.md lists all required predecessor specs and marks unavailable artifacts without inventing proof.

  • T005 [P] [US1] Inspect Spec 368 audit inputs and record availability of audit.md, page-scorecard.csv, findings.md, artifacts/raw/browser-notes.md, and screenshots in specs/377-post-productization-browser-reaudit-closeout-gate/artifacts/source-program-summary.md.
  • T006 [P] [US1] Inspect Spec 370 artifacts surface-contract.md, surface-type-matrix.md, page-assessment-checklist.md, and ui-bloat-patterns.md and summarize availability in specs/377-post-productization-browser-reaudit-closeout-gate/artifacts/source-program-summary.md.
  • T007 [P] [US1] Inspect Spec 371 artifacts browser-verification-report.md, before-after-screenshot-index.md, page-contracts.md, and validation-report.md and summarize availability in specs/377-post-productization-browser-reaudit-closeout-gate/artifacts/source-program-summary.md.
  • T008 [P] [US1] Inspect Spec 372 artifacts browser-verification-report.md, before-after-screenshot-index.md, customer-surface-contracts.md, customer-safety-checklist.md, and validation-report.md and summarize availability in specs/377-post-productization-browser-reaudit-closeout-gate/artifacts/source-program-summary.md.
  • T009 [P] [US1] Inspect Spec 373 artifacts browser-verification-report.md, diagnostic-surface-contracts.md, diagnostic-safety-checklist.md, and validation-report.md and summarize availability in specs/377-post-productization-browser-reaudit-closeout-gate/artifacts/source-program-summary.md.
  • T010 [P] [US1] Inspect Spec 374 artifacts diagnostic-entrypoint-matrix.md, browser-verification-report.md, and validation-report.md and summarize availability in specs/377-post-productization-browser-reaudit-closeout-gate/artifacts/source-program-summary.md.
  • T011 [P] [US1] Inspect Spec 375 artifacts initial-scan-report.md, guard-rules.md, and validation-report.md and summarize availability in specs/377-post-productization-browser-reaudit-closeout-gate/artifacts/source-program-summary.md.
  • T012 [P] [US1] Inspect Spec 376 artifacts fixture-coverage-matrix.md, browser-verification-report.md, screenshot-index.md, and validation-report.md and summarize availability in specs/377-post-productization-browser-reaudit-closeout-gate/artifacts/source-program-summary.md.
  • T013 [US1] Complete the pre-audit gate in specs/377-post-productization-browser-reaudit-closeout-gate/artifacts/source-program-summary.md, including materialized specs, missing artifacts, before/after evidence, pages needing browser verification, fixture availability, blocked surfaces, guard availability, and whether closeout can proceed.

Phase 3: Browser Harness And Route Preparation (US2)

Goal: Identify exact browser/auth/fixture approach before capturing screenshots.

Independent Test: browser-verification-report.md starts with app URL, auth/fixture method, viewport, and known limitations.

  • T014 [US2] Identify the absolute local app URL using the repo's configured URL helper or Laravel Boost URL tool and record it in specs/377-post-productization-browser-reaudit-closeout-gate/artifacts/browser-verification-report.md.
  • T015 [US2] Identify existing browser/auth fixture patterns from Specs 371-376 and current tests without creating new fixtures, then record the selected approach in specs/377-post-productization-browser-reaudit-closeout-gate/artifacts/browser-verification-report.md.
  • T016 [US2] Prepare the required surface list with target path, panel, source fixture, and expected screenshot filename in specs/377-post-productization-browser-reaudit-closeout-gate/artifacts/screenshot-index.md.
  • T017 [US2] Configure the browser viewport to 1440x1000 before audit captures and record the viewport in specs/377-post-productization-browser-reaudit-closeout-gate/artifacts/browser-verification-report.md.

Phase 4: Browser Re-Audit And Screenshots (US2)

Goal: Browser-open all required surfaces or document exact blocked reasons.

Independent Test: Every required surface has either a screenshot path or blocked reason in screenshot-index.md and browser-verification-report.md.

  • T018 [US2] Browser-audit Environment Dashboard and capture specs/377-post-productization-browser-reaudit-closeout-gate/artifacts/screenshots/001-environment-dashboard-reaudit.png or an exact blocked-state entry.
  • T019 [US2] Browser-audit Operations Hub and capture specs/377-post-productization-browser-reaudit-closeout-gate/artifacts/screenshots/002-operations-hub-reaudit.png or an exact blocked-state entry.
  • T020 [US2] Browser-audit OperationRun View and capture specs/377-post-productization-browser-reaudit-closeout-gate/artifacts/screenshots/003-operation-run-view-reaudit.png or an exact blocked-state entry.
  • T021 [US2] Browser-audit Backup Set View and capture specs/377-post-productization-browser-reaudit-closeout-gate/artifacts/screenshots/004-backup-set-view-reaudit.png or an exact blocked-state entry.
  • T022 [US2] Browser-audit Restore Run View and capture specs/377-post-productization-browser-reaudit-closeout-gate/artifacts/screenshots/005-restore-run-view-reaudit.png or an exact blocked-state entry.
  • T023 [US2] Browser-audit Baseline Profile View and capture specs/377-post-productization-browser-reaudit-closeout-gate/artifacts/screenshots/006-baseline-profile-view-reaudit.png or an exact blocked-state entry.
  • T024 [US2] Browser-audit Customer Review Workspace and capture specs/377-post-productization-browser-reaudit-closeout-gate/artifacts/screenshots/007-customer-review-workspace-reaudit.png or an exact blocked-state entry.
  • T025 [US2] Browser-audit Environment Review View and capture specs/377-post-productization-browser-reaudit-closeout-gate/artifacts/screenshots/008-environment-review-view-reaudit.png or an exact blocked-state entry.
  • T026 [US2] Browser-audit Review Pack View and capture specs/377-post-productization-browser-reaudit-closeout-gate/artifacts/screenshots/009-review-pack-view-reaudit.png or an exact blocked-state entry.
  • T027 [US2] Browser-audit Stored Report View and capture specs/377-post-productization-browser-reaudit-closeout-gate/artifacts/screenshots/010-stored-report-view-reaudit.png or an exact blocked-state entry.
  • T028 [US2] Browser-audit Evidence Snapshot View and capture specs/377-post-productization-browser-reaudit-closeout-gate/artifacts/screenshots/011-evidence-snapshot-view-reaudit-or-blocked.png or an exact blocked-state entry.
  • T029 [US2] Browser-audit Provider Connections List and capture specs/377-post-productization-browser-reaudit-closeout-gate/artifacts/screenshots/012-provider-connections-list-reaudit.png or an exact blocked-state entry.
  • T030 [US2] Browser-audit Provider Connection Detail and capture specs/377-post-productization-browser-reaudit-closeout-gate/artifacts/screenshots/013-provider-connection-detail-reaudit-or-blocked.png or an exact blocked-state entry.
  • T031 [US2] Browser-audit Environment Diagnostics / Repair Diagnostics and capture specs/377-post-productization-browser-reaudit-closeout-gate/artifacts/screenshots/014-environment-repair-diagnostics-reaudit.png or an exact blocked-state entry.
  • T032 [US2] Browser-audit Support Diagnostics Modal and capture specs/377-post-productization-browser-reaudit-closeout-gate/artifacts/screenshots/015-support-diagnostics-modal-reaudit.png or an exact blocked-state entry.
  • T033 [US2] Browser-audit Required Permissions and capture specs/377-post-productization-browser-reaudit-closeout-gate/artifacts/screenshots/016-required-permissions-reaudit-or-blocked.png or an exact blocked-state entry.
  • T034 [US2] Browser-audit System Dashboard and capture specs/377-post-productization-browser-reaudit-closeout-gate/artifacts/screenshots/017-system-dashboard-reaudit-or-blocked.png or an exact blocked-state entry.
  • T035 [US2] Browser-audit System Operations and capture specs/377-post-productization-browser-reaudit-closeout-gate/artifacts/screenshots/018-system-operations-reaudit-or-blocked.png or an exact blocked-state entry.
  • T036 [US2] Complete specs/377-post-productization-browser-reaudit-closeout-gate/artifacts/browser-verification-report.md with URLs tested, auth/fixture used, reachable pages, blocked pages, timeouts/errors, screenshots, and browser limitations.
  • T037 [US2] Complete specs/377-post-productization-browser-reaudit-closeout-gate/artifacts/screenshot-index.md with one row per required surface.

Phase 5: Scorecards, Guard Status, And Fixture Coverage (US3)

Goal: Turn browser/source evidence into comparable closeout data.

Independent Test: Scorecards and guard/fixture reports are complete and do not score blocked pages as successful.

  • T038 [US3] Create specs/377-post-productization-browser-reaudit-closeout-gate/artifacts/surface-re-audit-scorecard.csv with all columns required by spec.md.
  • T039 [US3] Score each reachable surface in specs/377-post-productization-browser-reaudit-closeout-gate/artifacts/surface-re-audit-scorecard.csv using Spec 368's 0-5 scoring model and evidence classes.
  • T040 [US3] Create specs/377-post-productization-browser-reaudit-closeout-gate/artifacts/before-after-score-comparison.csv comparing Spec 368 scores/screenshots to post-productization scores where source evidence exists.
  • T041 [US3] Run the Spec 375 UI bloat guard in warn mode, or identify the repo-real equivalent guard/test, and record command/result in specs/377-post-productization-browser-reaudit-closeout-gate/artifacts/guard-status-report.md.
  • T042 [US3] Summarize Spec 375 initial scan, blocking findings, warnings/manual-review findings, and CI suitability in specs/377-post-productization-browser-reaudit-closeout-gate/artifacts/guard-status-report.md.
  • T043 [US3] Summarize Spec 376 fixture coverage matrix, current reachability, previously blocked surfaces, remaining blockers, and final audit sufficiency in specs/377-post-productization-browser-reaudit-closeout-gate/artifacts/fixture-coverage-status.md.
  • T044 [US3] Apply program-level checks for Specs 370-376 and record the result in specs/377-post-productization-browser-reaudit-closeout-gate/artifacts/source-program-summary.md.

Phase 6: Findings, Closeout Decision, And Follow-Up Roadmap (US3, US4)

Goal: Produce the final closeout decision and bounded next steps.

Independent Test: closeout-decision.md declares exactly one decision and every remaining finding has a closeout impact.

  • T045 [US3] Create specs/377-post-productization-browser-reaudit-closeout-gate/artifacts/remaining-findings.md with finding ID, severity, surface, verification level, problem, why it matters, recommended follow-up, and closeout impact.
  • T046 [US3] Classify findings as P0/P1/P2/P3 and ensure customer/auditor safety P1 and core reachable P1 findings block closed in specs/377-post-productization-browser-reaudit-closeout-gate/artifacts/closeout-decision.md.
  • T047 [US3] Create specs/377-post-productization-browser-reaudit-closeout-gate/artifacts/closeout-decision.md with final decision, rationale, targets met/missed, P0/P1 findings, blocked surfaces, guard status, fixture status, remaining follow-ups, and recommendation.
  • T048 [US4] Create specs/377-post-productization-browser-reaudit-closeout-gate/artifacts/follow-up-roadmap.md separating must-fix before close, separate roadmap follow-up, optional polish, and not needed.
  • T049 [US4] Ensure follow-up candidates are narrow and do not hide refactor work inside Spec 377.

Phase 7: Validation And Closeout Report

Purpose: Verify no runtime refactor occurred and capture final proof.

  • T050 Run git diff --check from repo root and record the result in specs/377-post-productization-browser-reaudit-closeout-gate/artifacts/validation-report.md.
  • T051 Record final git status --short --branch, git diff --name-only, every changed file, whether each changed file is inside specs/377-post-productization-browser-reaudit-closeout-gate/, and runtime files changed yes/no in specs/377-post-productization-browser-reaudit-closeout-gate/artifacts/validation-report.md.
  • T052 Verify all required artifacts from spec.md exist and record the artifact checklist in specs/377-post-productization-browser-reaudit-closeout-gate/artifacts/validation-report.md.
  • T053 Record Livewire v4 compliance, provider registration location, global-search posture, destructive/high-impact action status, asset strategy, tests/browser verification, and deployment impact in specs/377-post-productization-browser-reaudit-closeout-gate/artifacts/validation-report.md.
  • T054 Review specs/377-post-productization-browser-reaudit-closeout-gate/artifacts/screenshots/, generated Markdown artifacts, and generated CSV artifacts for secrets, tokens, raw credential payloads, access tokens, and sensitive raw provider payloads; record the redaction result in specs/377-post-productization-browser-reaudit-closeout-gate/artifacts/validation-report.md.
  • T055 Verify generated Markdown and CSV artifacts use the allowed verification classes for factual claims (repo-verified, browser-verified, derived from existing implementation, foundation-real, plausible, not verified, not available, or deferred) and record the result in specs/377-post-productization-browser-reaudit-closeout-gate/artifacts/validation-report.md.
  • T056 Confirm no non-spec-local files changed, or that any out-of-package file change is backed by an explicit prior update to spec.md and plan.md; record the result in specs/377-post-productization-browser-reaudit-closeout-gate/artifacts/validation-report.md.
  • T057 Prepare the final implementation response summary from specs/377-post-productization-browser-reaudit-closeout-gate/artifacts/closeout-decision.md and specs/377-post-productization-browser-reaudit-closeout-gate/artifacts/validation-report.md.

Dependencies & Execution Order

  • Phase 1 must complete first.
  • Phase 2 source readiness must complete before browser scoring.
  • Phase 3 route/harness preparation must complete before Phase 4 screenshots.
  • Phase 4 browser audit must complete before Phase 5 scorecards.
  • Phase 5 scorecards, guard status, and fixture status must complete before Phase 6 closeout decision.
  • Phase 7 validates the final artifact set.

Parallel Opportunities

  • T005-T012 can run in parallel because they inspect independent predecessor specs.
  • Browser surface captures T018-T035 can be split by panel/surface group after T014-T017 are complete.
  • T041 and T043 can run in parallel with scorecard drafting once source artifacts are available.

Implementation Strategy

  1. Prove source readiness and harness availability.
  2. Capture browser evidence without fixing UI.
  3. Score and compare only what is available and verifiable.
  4. Decide closeout using the written gates.
  5. Record follow-ups separately from this audit.

Non-Goals For Implementers

  • Do not edit runtime UI, routes, auth, fixtures, tests, policies, services, models, jobs, migrations, or views.
  • Do not rewrite completed specs or remove closeout/validation history.
  • Do not score blocked pages as passing.
  • Do not broaden this into a full route inventory re-audit.