Specs: entity-relation-grondslagen (#1435)#1494
Conversation
Adds the spec set for extending EntityRelation with an optional bases JSON column. The anonymise endpoint accepts bases per entity, persists them on the matching relation row, and strips them from the payload before forwarding to OpenAnonymiser. Backwards-compatible — callers that omit bases see identical behaviour. Tightly scoped: this does not retrofit the broader EntityRelation surface (currently uncovered by an OpenSpec capability). Refs: #1435 Pair: ConductionNL/docudesk#135 (anonymisation-grondslagen-summary + anonymisation-grondslagen-and-prohibition-gate hard/soft dep).
Quality Report — ConductionNL/openregister @
|
| Check | PHP | Vue | Security | License | Tests |
|---|---|---|---|---|---|
| lint | ✅ | ||||
| phpcs | ✅ | ||||
| phpmd | ✅ | ||||
| psalm | ✅ | ||||
| phpstan | ✅ | ||||
| phpmetrics | ✅ | ||||
| eslint | ❌ | ||||
| stylelint | ✅ | ||||
| composer | ✅ | ✅ 153/153 | |||
| npm | ✅ | ✅ 598/598 | |||
| PHPUnit | ❌ | ||||
| Newman | ⏭️ | ||||
| Playwright | ⏭️ |
Quality workflow — 2026-05-12 09:20 UTC
Download the full PDF report from the workflow artifacts.
WilcoLouwerse
left a comment
There was a problem hiding this comment.
(inline-only comment review — verdict follows in a separate REQUEST_CHANGES review)
WilcoLouwerse
left a comment
There was a problem hiding this comment.
2 blockers require fixes — no audit-trail requirement for bases writes (the feature exists for Woo compliance; without ADR-022 audit linkage it defeats its own purpose), and no authorization requirement for who may set bases (any authenticated user could fabricate audit-trail entries without an ADR-005/ADR-023 anchor in the spec). Four concerns (spec ↔ tasks.md validation contradiction, retry idempotency scenario lacks a Requirement, no Woo Art. 5 / canonical UUID references, and spec format vs writing-specs.md — repo-wide drift, surfaced for visibility). Two minor polish items. The strip-before-forward contract, backwards-compatibility story, and persistence-before-forward ordering are all well-specified — main gaps are the missing compliance/security requirements that this feature literally exists to provide. CI Vue Quality (eslint) and PHPUnit are failing but unrelated to this spec-only PR.
Blockers: - B1: add audit-trail Requirement (ADR-022 / Woo compliance). Every set/update of bases produces an audit entry with previousBases, newBases, actor UID (per ADR-005, not display name), timestamp, and row identifier. Reads do not produce audit entries. - B2: add authorization-inheritance Requirement (ADR-005 / ADR-023). Bases writes inherit the anonymise endpoint's existing per-object authorization; no extra check is added in this change, and the absence is documented explicitly so reviewers do not mistake it for oversight. Concerns: - C1: add endpoint-shape-validation Requirement that distinguishes endpoint-layer shape check (rejects non-array / non-string elements with 400) from mapper-layer content acceptance (any string array persisted verbatim). Reconciles spec ↔ tasks.md. - C2: add retry-idempotency Requirement. Three caller intents are distinguished: field absent (reuse persisted), present-null (clear, audit-logged), present-empty-array (set to [], audit-logged). - C3: add Notes section with Woo Art. 5 references and the six canonical DocuDesk base seed slugs. Minors: - M1: apply MUST to THEN/AND assertions throughout all Scenarios. Tasks: update 3.1 to clarify two-layer shape vs content split; add 3.5 (audit-trail wiring), 3.6 (retry semantics), 3.7 (auth confirm); add corresponding 4.4–4.7 test tasks. Skipped: C4 (spec-format vs writing-specs.md) and M2 (tasks.md spec_ref / files / acceptance_criteria) — both flag repo-wide format drift that Wilco explicitly says does not block merge and needs maintainer coordination.
|
@WilcoLouwerse — thanks for the thorough review. Addressed in Blockers
Concerns
Minor
Skipped (intentionally)
New test tasks 4.4–4.7 cover the new behaviours (shape validation, audit trail, retry, authorization). Ready for re-review. |
WilcoLouwerse
left a comment
There was a problem hiding this comment.
5 prior findings fully resolved in 61caaf72 — B1 audit trail, B2 authorization, C1 two-layer validation, C2 retry idempotency, C3 Woo Art. 5 notes. C4 and M2 remain deferred (non-blocking per prior review). Newman CI is non-required.
Summary
Adds the OpenSpec change directory for entity-relation-grondslagen — extending
EntityRelationwith an optionalbasesJSON column so the anonymise endpoint can persist legal-basis (Woo Art. 5 grondslag) references per entity. Bases are stripped from the payload before forwarding to OpenAnonymiser, so the upstream service contract is unchanged.Backwards-compatible: callers that omit
basessee identical behaviour.Tightly scoped — this PR is specs only, no implementation. It also does not retrofit the broader
EntityRelationsurface, which is currently uncovered by an OpenSpec capability.Refs: #1435
Pair: ConductionNL/docudesk#135 — DocuDesk's
anonymisation-grondslagen-summary(hard dep) andanonymisation-grondslagen-and-prohibition-gate(soft dep) depend on this.Test plan
openspec/changes/entity-relation-grondslagen/{proposal,design,tasks}.mdand theentity-relation-grondslagen/spec.mddeltaopenspec validate(when the implementation PR lands)