TenantAtlas

Author	SHA1	Message	Date
ahmido	1c098441aa	feat(spec-091): BackupSchedule lifecycle + create-CTA placement rule (#109 ) Implements Spec 091 “BackupSchedule Retention & Lifecycle (Archive/Restore/Force Delete)”. - BackupSchedule lifecycle: - Archive (soft delete) with confirmation; restores via Restore action; Force delete with confirmation and strict gating. - Force delete blocked when historical runs exist. - Archived schedules never dispatch/execute (dispatcher + job guard). - Audit events emitted for archive/restore/force delete. - RBAC UX semantics preserved (non-member hidden/404; member w/o capability disabled + server-side 403). - Filament UX contract update: - Create CTA placement rule across create-enabled list pages: - Empty list: only large centered empty-state Create CTA. - Non-empty list: only header Create action. - Tests added/updated to enforce the rule. Verification: - `vendor/bin/sail bin pint --dirty` - Focused tests: BackupScheduling + RBAC enforcement + EmptyState CTAs + Create CTA placement Notes: - Filament v5 / Livewire v4 compliant. - Manual quickstart verification in `specs/091-backupschedule-retention-lifecycle/quickstart.md` remains to be checked (T031). Co-authored-by: Ahmed Darrazi <ahmed.darrazi@live.de> Reviewed-on: #109	2026-02-14 13:46:06 +00:00
ahmido	2bf5de4663	085-tenant-operate-hub (#103 ) Summary Consolidates the “Tenant Operate Hub” work (Spec 085) and the follow-up adjustments from the 086 session merge into a single branch ready to merge into dev. Primary focus: stabilize Ops/Operate Hub UX flows, tighten/align authorization semantics, and make the full Sail test suite green. Key Changes Ops UX / Verification Readonly members can view verification operation runs (reports) while starting verification remains restricted. Normalized failure reason-code handling and aligned UX expectations with the provider reason-code taxonomy. Onboarding wizard UX “Start verification” CTA is hidden while a verification run is active; “Refresh” is shown during in-progress runs. Treats provider_permission_denied as a blocking reason (while keeping legacy compatibility). Test + fixture hardening Standardized use of default provider connection fixtures in tests where sync/restore flows require it. Fixed multiple Filament URL/tenant-context test cases to avoid 404s and reduce tenancy routing brittleness. Policy sync / restore safety Enrollment configuration type collision classification tests now exercise the real sync path (with required provider connection present). Restore edge-case safety tests updated to reflect current provider-connection requirements. Testing vendor/bin/sail artisan test --compact (green) vendor/bin/sail bin pint --dirty (green) Notes Includes merged 086 session work already (no separate PR needed). Co-authored-by: Ahmed Darrazi <ahmeddarrazi@ebc83aaa-d947-4a08-b88e-bd72ac9645f7.fritz.box> Co-authored-by: Ahmed Darrazi <ahmeddarrazi@MacBookPro.fritz.box> Co-authored-by: Ahmed Darrazi <ahmeddarrazi@adsmac.fritz.box> Reviewed-on: #103	2026-02-11 13:02:03 +00:00
ahmido	da18d3cb14	feat/042-inventory-dependencies-graph (#50 ) Dieses PR liefert den Inventory Dependencies Graph end-to-end: Abhängigkeiten (Edges) werden aus Inventory-Sync-Daten extrahiert, tenant-sicher gespeichert und in der Inventory Item Detailansicht angezeigt. Ziel: Admins können Prerequisites + Blast Radius (direct) schnell erkennen, ohne Snapshot/Restore anzufassen. ⸻ Was ist drin? Dependency Graph (Edges) • inventory_links Schema + Indizes + idempotentes Upsert (Unique Key) • Relationship Types (u.a.): • assigned_to_include, assigned_to_exclude • uses_assignment_filter • scoped_by_scope_tag • UI: Inventory Item → Dependencies Section • Direction Filter: All / Inbound / Outbound • Relationship Filter: All + spezifische Relationship Types • Missing-Badge + sicheres Tooltip (safe subset) Safety / Observability • Unknown/unsupported Shapes erzeugen keine Edges, sondern: • Warning in InventorySyncRun.error_context.warnings[] • optional info-log (ohne Secrets) • Limit-only Semantik (MVP): bis zu 50 Edges pro Richtung (max 100 bei “All”) • Blast Radius in MVP = direct only (kein depth>1 traversal) Name Resolution (lokal, ohne Entra Calls) • Resolver/DTO Layer für deterministische Labels (kein “Unknown” mehr) • Auflösung aus lokaler DB nur für Foundations, wenn vorhanden: • scope_tag → roleScopeTag • assignment_filter → assignmentFilter • aad_group bleibt bewusst external ref: “Group (external): …” (keine Graph/Entra Lookups im UI) • Zentraler FoundationTypeMap als Source-of-Truth (keine Hardcodings) ⸻ Out of Scope / Follow-up • Entra Group Name Resolution (braucht eigenes “Group Inventory” Modul + Permissions) • Foundations als Inventory Items / Coverage Tab (Scope Tags / Assignment Filters sichtbar & syncbar) → folgt als separater PR (Inventory Core/UI), damit 042 sauber “Edges-only” bleibt. ⸻ Tests / Verifikation • Targeted Pest Tests (Unit + Feature + UI smoke) für: • deterministische Edge-Erzeugung + idempotent upsert • tenant isolation (UI/Query) • warnings auf Run Record • resolver/name rendering + links (wo möglich) • pint --dirty ausgeführt ⸻ Manual QA (UI) 1. Inventory Sync Run mit include_dependencies=true starten 2. Inventory Item öffnen → Dependencies prüfen: • include/exclude + filter + scoped_by sichtbar (wenn vorhanden) • Relationship/Direction Filter funktionieren • keine “Unknown” Labels mehr, sondern deterministische Labels Co-authored-by: Ahmed Darrazi <ahmeddarrazi@adsmac.local> Reviewed-on: #50	2026-01-10 12:50:08 +00:00
ahmido	361e301f67	feat/042-inventory-dependencies-graph (#49 ) Ordering + limit-only Test für created_at DESC in DependencyExtractionFeatureTest.php UI Test für masked Identifier (ID: 123456…) + Guest-Access blocked in InventoryItemDependenciesTest.php Quickstart ergänzt um manuellen <2s Check in quickstart.md pr-gate Checkbox-Format normalisiert (kein leading space) in pr-gate.md Co-authored-by: Ahmed Darrazi <ahmeddarrazi@adsmac.local> Reviewed-on: #49	2026-01-10 00:20:14 +00:00

4 Commits