ahmido/TenantAtlas
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects 1 Releases Wiki Activity
f806c6773b
TenantAtlas/specs/377-post-productization-browser-reaudit-closeout-gate/tasks.md
Ahmed Darrazi f806c6773b
Some checks failed
PR Fast Feedback / fast-feedback (pull_request) Failing after 1m12s
Details
docs: add spec 377 post-productization browser reaudit closeout gate 
Added documentation and artifacts for Spec 377 regarding post-productization browser reaudit closeout gate.
2026-06-13 21:48:59 +02:00

160 lines
17 KiB
Markdown
Raw Blame History

# Tasks: Spec 377 - Post-Productization Browser Re-Audit and Closeout Gate v1
**Input**: Design documents from `/specs/377-post-productization-browser-reaudit-closeout-gate/`
**Prerequisites**: `spec.md`, `plan.md`, `checklists/requirements.md`
**Tests**: Browser/heavy-governance audit proof is required. No application runtime tests are required unless the implementation changes runtime code after an explicit spec/plan update.
## Test Governance Checklist
- [x] Lane assignment is named and is the narrowest sufficient proof for the changed behavior.
- [x] New or changed tests stay in the smallest honest family, and any heavy-governance or browser addition is explicit.
- [x] Shared helpers, factories, seeds, fixtures, and context defaults stay cheap by default; any widening is isolated or documented.
- [x] Planned validation commands cover the change without pulling in unrelated lane cost.
- [x] The declared surface test profile or `standard-native-filament` relief is explicit.
- [x] Any material budget, baseline, trend, or escalation note is recorded in the active spec or PR.
## Phase 1: Setup And Repo Safety
**Purpose**: Establish safe audit context and create spec-local artifact structure.
- [x] T001 Record `git status --short --branch`, `git diff --name-only`, `git diff --stat`, and `git rev-parse --short HEAD` in `specs/377-post-productization-browser-reaudit-closeout-gate/artifacts/validation-report.md`.
- [x] T002 Create `specs/377-post-productization-browser-reaudit-closeout-gate/artifacts/` and `specs/377-post-productization-browser-reaudit-closeout-gate/artifacts/screenshots/`.
- [x] T003 Confirm no application/runtime files are intentionally in scope and record the allowed-change boundary in `specs/377-post-productization-browser-reaudit-closeout-gate/artifacts/validation-report.md`.
- [x] T004 Re-read Spec 377 `spec.md`, `plan.md`, and `tasks.md` before browser work and record any implementation assumptions in `specs/377-post-productization-browser-reaudit-closeout-gate/artifacts/validation-report.md`.
---
## Phase 2: Source Program Summary (US1)
**Goal**: Prove closeout readiness from predecessor artifacts before browser scoring.
**Independent Test**: `source-program-summary.md` lists all required predecessor specs and marks unavailable artifacts without inventing proof.
- [x] T005 [P] [US1] Inspect Spec 368 audit inputs and record availability of `audit.md`, `page-scorecard.csv`, `findings.md`, `artifacts/raw/browser-notes.md`, and screenshots in `specs/377-post-productization-browser-reaudit-closeout-gate/artifacts/source-program-summary.md`.
- [x] T006 [P] [US1] Inspect Spec 370 artifacts `surface-contract.md`, `surface-type-matrix.md`, `page-assessment-checklist.md`, and `ui-bloat-patterns.md` and summarize availability in `specs/377-post-productization-browser-reaudit-closeout-gate/artifacts/source-program-summary.md`.
- [x] T007 [P] [US1] Inspect Spec 371 artifacts `browser-verification-report.md`, `before-after-screenshot-index.md`, `page-contracts.md`, and `validation-report.md` and summarize availability in `specs/377-post-productization-browser-reaudit-closeout-gate/artifacts/source-program-summary.md`.
- [x] T008 [P] [US1] Inspect Spec 372 artifacts `browser-verification-report.md`, `before-after-screenshot-index.md`, `customer-surface-contracts.md`, `customer-safety-checklist.md`, and `validation-report.md` and summarize availability in `specs/377-post-productization-browser-reaudit-closeout-gate/artifacts/source-program-summary.md`.
- [x] T009 [P] [US1] Inspect Spec 373 artifacts `browser-verification-report.md`, `diagnostic-surface-contracts.md`, `diagnostic-safety-checklist.md`, and `validation-report.md` and summarize availability in `specs/377-post-productization-browser-reaudit-closeout-gate/artifacts/source-program-summary.md`.
- [x] T010 [P] [US1] Inspect Spec 374 artifacts `diagnostic-entrypoint-matrix.md`, `browser-verification-report.md`, and `validation-report.md` and summarize availability in `specs/377-post-productization-browser-reaudit-closeout-gate/artifacts/source-program-summary.md`.
- [x] T011 [P] [US1] Inspect Spec 375 artifacts `initial-scan-report.md`, `guard-rules.md`, and `validation-report.md` and summarize availability in `specs/377-post-productization-browser-reaudit-closeout-gate/artifacts/source-program-summary.md`.
- [x] T012 [P] [US1] Inspect Spec 376 artifacts `fixture-coverage-matrix.md`, `browser-verification-report.md`, `screenshot-index.md`, and `validation-report.md` and summarize availability in `specs/377-post-productization-browser-reaudit-closeout-gate/artifacts/source-program-summary.md`.
- [x] T013 [US1] Complete the pre-audit gate in `specs/377-post-productization-browser-reaudit-closeout-gate/artifacts/source-program-summary.md`, including materialized specs, missing artifacts, before/after evidence, pages needing browser verification, fixture availability, blocked surfaces, guard availability, and whether closeout can proceed.
---
## Phase 3: Browser Harness And Route Preparation (US2)
**Goal**: Identify exact browser/auth/fixture approach before capturing screenshots.
**Independent Test**: `browser-verification-report.md` starts with app URL, auth/fixture method, viewport, and known limitations.
- [x] T014 [US2] Identify the absolute local app URL using the repo's configured URL helper or Laravel Boost URL tool and record it in `specs/377-post-productization-browser-reaudit-closeout-gate/artifacts/browser-verification-report.md`.
- [x] T015 [US2] Identify existing browser/auth fixture patterns from Specs 371-376 and current tests without creating new fixtures, then record the selected approach in `specs/377-post-productization-browser-reaudit-closeout-gate/artifacts/browser-verification-report.md`.
- [x] T016 [US2] Prepare the required surface list with target path, panel, source fixture, and expected screenshot filename in `specs/377-post-productization-browser-reaudit-closeout-gate/artifacts/screenshot-index.md`.
- [x] T017 [US2] Configure the browser viewport to `1440x1000` before audit captures and record the viewport in `specs/377-post-productization-browser-reaudit-closeout-gate/artifacts/browser-verification-report.md`.
---
## Phase 4: Browser Re-Audit And Screenshots (US2)
**Goal**: Browser-open all required surfaces or document exact blocked reasons.
**Independent Test**: Every required surface has either a screenshot path or blocked reason in `screenshot-index.md` and `browser-verification-report.md`.
- [x] T018 [US2] Browser-audit Environment Dashboard and capture `specs/377-post-productization-browser-reaudit-closeout-gate/artifacts/screenshots/001-environment-dashboard-reaudit.png` or an exact blocked-state entry.
- [x] T019 [US2] Browser-audit Operations Hub and capture `specs/377-post-productization-browser-reaudit-closeout-gate/artifacts/screenshots/002-operations-hub-reaudit.png` or an exact blocked-state entry.
- [x] T020 [US2] Browser-audit OperationRun View and capture `specs/377-post-productization-browser-reaudit-closeout-gate/artifacts/screenshots/003-operation-run-view-reaudit.png` or an exact blocked-state entry.
- [x] T021 [US2] Browser-audit Backup Set View and capture `specs/377-post-productization-browser-reaudit-closeout-gate/artifacts/screenshots/004-backup-set-view-reaudit.png` or an exact blocked-state entry.
- [x] T022 [US2] Browser-audit Restore Run View and capture `specs/377-post-productization-browser-reaudit-closeout-gate/artifacts/screenshots/005-restore-run-view-reaudit.png` or an exact blocked-state entry.
- [x] T023 [US2] Browser-audit Baseline Profile View and capture `specs/377-post-productization-browser-reaudit-closeout-gate/artifacts/screenshots/006-baseline-profile-view-reaudit.png` or an exact blocked-state entry.
- [x] T024 [US2] Browser-audit Customer Review Workspace and capture `specs/377-post-productization-browser-reaudit-closeout-gate/artifacts/screenshots/007-customer-review-workspace-reaudit.png` or an exact blocked-state entry.
- [x] T025 [US2] Browser-audit Environment Review View and capture `specs/377-post-productization-browser-reaudit-closeout-gate/artifacts/screenshots/008-environment-review-view-reaudit.png` or an exact blocked-state entry.
- [x] T026 [US2] Browser-audit Review Pack View and capture `specs/377-post-productization-browser-reaudit-closeout-gate/artifacts/screenshots/009-review-pack-view-reaudit.png` or an exact blocked-state entry.
- [x] T027 [US2] Browser-audit Stored Report View and capture `specs/377-post-productization-browser-reaudit-closeout-gate/artifacts/screenshots/010-stored-report-view-reaudit.png` or an exact blocked-state entry.
- [x] T028 [US2] Browser-audit Evidence Snapshot View and capture `specs/377-post-productization-browser-reaudit-closeout-gate/artifacts/screenshots/011-evidence-snapshot-view-reaudit-or-blocked.png` or an exact blocked-state entry.
- [x] T029 [US2] Browser-audit Provider Connections List and capture `specs/377-post-productization-browser-reaudit-closeout-gate/artifacts/screenshots/012-provider-connections-list-reaudit.png` or an exact blocked-state entry.
- [x] T030 [US2] Browser-audit Provider Connection Detail and capture `specs/377-post-productization-browser-reaudit-closeout-gate/artifacts/screenshots/013-provider-connection-detail-reaudit-or-blocked.png` or an exact blocked-state entry.
- [x] T031 [US2] Browser-audit Environment Diagnostics / Repair Diagnostics and capture `specs/377-post-productization-browser-reaudit-closeout-gate/artifacts/screenshots/014-environment-repair-diagnostics-reaudit.png` or an exact blocked-state entry.
- [x] T032 [US2] Browser-audit Support Diagnostics Modal and capture `specs/377-post-productization-browser-reaudit-closeout-gate/artifacts/screenshots/015-support-diagnostics-modal-reaudit.png` or an exact blocked-state entry.
- [x] T033 [US2] Browser-audit Required Permissions and capture `specs/377-post-productization-browser-reaudit-closeout-gate/artifacts/screenshots/016-required-permissions-reaudit-or-blocked.png` or an exact blocked-state entry.
- [x] T034 [US2] Browser-audit System Dashboard and capture `specs/377-post-productization-browser-reaudit-closeout-gate/artifacts/screenshots/017-system-dashboard-reaudit-or-blocked.png` or an exact blocked-state entry.
- [x] T035 [US2] Browser-audit System Operations and capture `specs/377-post-productization-browser-reaudit-closeout-gate/artifacts/screenshots/018-system-operations-reaudit-or-blocked.png` or an exact blocked-state entry.
- [x] T036 [US2] Complete `specs/377-post-productization-browser-reaudit-closeout-gate/artifacts/browser-verification-report.md` with URLs tested, auth/fixture used, reachable pages, blocked pages, timeouts/errors, screenshots, and browser limitations.
- [x] T037 [US2] Complete `specs/377-post-productization-browser-reaudit-closeout-gate/artifacts/screenshot-index.md` with one row per required surface.
---
## Phase 5: Scorecards, Guard Status, And Fixture Coverage (US3)
**Goal**: Turn browser/source evidence into comparable closeout data.
**Independent Test**: Scorecards and guard/fixture reports are complete and do not score blocked pages as successful.
- [x] T038 [US3] Create `specs/377-post-productization-browser-reaudit-closeout-gate/artifacts/surface-re-audit-scorecard.csv` with all columns required by `spec.md`.
- [x] T039 [US3] Score each reachable surface in `specs/377-post-productization-browser-reaudit-closeout-gate/artifacts/surface-re-audit-scorecard.csv` using Spec 368's 0-5 scoring model and evidence classes.
- [x] T040 [US3] Create `specs/377-post-productization-browser-reaudit-closeout-gate/artifacts/before-after-score-comparison.csv` comparing Spec 368 scores/screenshots to post-productization scores where source evidence exists.
- [x] T041 [US3] Run the Spec 375 UI bloat guard in warn mode, or identify the repo-real equivalent guard/test, and record command/result in `specs/377-post-productization-browser-reaudit-closeout-gate/artifacts/guard-status-report.md`.
- [x] T042 [US3] Summarize Spec 375 initial scan, blocking findings, warnings/manual-review findings, and CI suitability in `specs/377-post-productization-browser-reaudit-closeout-gate/artifacts/guard-status-report.md`.
- [x] T043 [US3] Summarize Spec 376 fixture coverage matrix, current reachability, previously blocked surfaces, remaining blockers, and final audit sufficiency in `specs/377-post-productization-browser-reaudit-closeout-gate/artifacts/fixture-coverage-status.md`.
- [x] T044 [US3] Apply program-level checks for Specs 370-376 and record the result in `specs/377-post-productization-browser-reaudit-closeout-gate/artifacts/source-program-summary.md`.
---
## Phase 6: Findings, Closeout Decision, And Follow-Up Roadmap (US3, US4)
**Goal**: Produce the final closeout decision and bounded next steps.
**Independent Test**: `closeout-decision.md` declares exactly one decision and every remaining finding has a closeout impact.
- [x] T045 [US3] Create `specs/377-post-productization-browser-reaudit-closeout-gate/artifacts/remaining-findings.md` with finding ID, severity, surface, verification level, problem, why it matters, recommended follow-up, and closeout impact.
- [x] T046 [US3] Classify findings as P0/P1/P2/P3 and ensure customer/auditor safety P1 and core reachable P1 findings block `closed` in `specs/377-post-productization-browser-reaudit-closeout-gate/artifacts/closeout-decision.md`.
- [x] T047 [US3] Create `specs/377-post-productization-browser-reaudit-closeout-gate/artifacts/closeout-decision.md` with final decision, rationale, targets met/missed, P0/P1 findings, blocked surfaces, guard status, fixture status, remaining follow-ups, and recommendation.
- [x] T048 [US4] Create `specs/377-post-productization-browser-reaudit-closeout-gate/artifacts/follow-up-roadmap.md` separating `must-fix before close`, `separate roadmap follow-up`, `optional polish`, and `not needed`.
- [x] T049 [US4] Ensure follow-up candidates are narrow and do not hide refactor work inside Spec 377.
---
## Phase 7: Validation And Closeout Report
**Purpose**: Verify no runtime refactor occurred and capture final proof.
- [x] T050 Run `git diff --check` from repo root and record the result in `specs/377-post-productization-browser-reaudit-closeout-gate/artifacts/validation-report.md`.
- [x] T051 Record final `git status --short --branch`, `git diff --name-only`, every changed file, whether each changed file is inside `specs/377-post-productization-browser-reaudit-closeout-gate/`, and runtime files changed yes/no in `specs/377-post-productization-browser-reaudit-closeout-gate/artifacts/validation-report.md`.
- [x] T052 Verify all required artifacts from `spec.md` exist and record the artifact checklist in `specs/377-post-productization-browser-reaudit-closeout-gate/artifacts/validation-report.md`.
- [x] T053 Record Livewire v4 compliance, provider registration location, global-search posture, destructive/high-impact action status, asset strategy, tests/browser verification, and deployment impact in `specs/377-post-productization-browser-reaudit-closeout-gate/artifacts/validation-report.md`.
- [x] T054 Review `specs/377-post-productization-browser-reaudit-closeout-gate/artifacts/screenshots/`, generated Markdown artifacts, and generated CSV artifacts for secrets, tokens, raw credential payloads, access tokens, and sensitive raw provider payloads; record the redaction result in `specs/377-post-productization-browser-reaudit-closeout-gate/artifacts/validation-report.md`.
- [x] T055 Verify generated Markdown and CSV artifacts use the allowed verification classes for factual claims (`repo-verified`, `browser-verified`, `derived from existing implementation`, `foundation-real`, `plausible`, `not verified`, `not available`, or `deferred`) and record the result in `specs/377-post-productization-browser-reaudit-closeout-gate/artifacts/validation-report.md`.
- [x] T056 Confirm no non-spec-local files changed, or that any out-of-package file change is backed by an explicit prior update to `spec.md` and `plan.md`; record the result in `specs/377-post-productization-browser-reaudit-closeout-gate/artifacts/validation-report.md`.
- [x] T057 Prepare the final implementation response summary from `specs/377-post-productization-browser-reaudit-closeout-gate/artifacts/closeout-decision.md` and `specs/377-post-productization-browser-reaudit-closeout-gate/artifacts/validation-report.md`.
## Dependencies & Execution Order
- Phase 1 must complete first.
- Phase 2 source readiness must complete before browser scoring.
- Phase 3 route/harness preparation must complete before Phase 4 screenshots.
- Phase 4 browser audit must complete before Phase 5 scorecards.
- Phase 5 scorecards, guard status, and fixture status must complete before Phase 6 closeout decision.
- Phase 7 validates the final artifact set.
## Parallel Opportunities
- T005-T012 can run in parallel because they inspect independent predecessor specs.
- Browser surface captures T018-T035 can be split by panel/surface group after T014-T017 are complete.
- T041 and T043 can run in parallel with scorecard drafting once source artifacts are available.
## Implementation Strategy
1. Prove source readiness and harness availability.
2. Capture browser evidence without fixing UI.
3. Score and compare only what is available and verifiable.
4. Decide closeout using the written gates.
5. Record follow-ups separately from this audit.
## Non-Goals For Implementers
- Do not edit runtime UI, routes, auth, fixtures, tests, policies, services, models, jobs, migrations, or views.
- Do not rewrite completed specs or remove closeout/validation history.
- Do not score blocked pages as passing.
- Do not broaden this into a full route inventory re-audit.
Reference in New Issue View Git Blame Copy Permalink