085-tenant-operate-hub #104

Merged

ahmido merged 8 commits from 085-tenant-operate-hub into dev 2026-02-11 21:01:25 +00:00

Conversation 0 Commits 8 Files Changed 6 +151

ahmido commented 2026-02-11 21:01:16 +00:00

Owner

Copy Link

Summary
Implements Spec 085 “Tenant Operate Hub” semantics so central Monitoring pages are context-aware when entered from a tenant, without changing canonical URLs or implicitly mutating tenant selection. Also fixes a UX leak where tenant-scoped Inventory/Policies/Backups surfaces could appear in Admin navigation / be reachable without a selected tenant.

Why

Reduce “where am I / lost tenant context” confusion when operators jump between tenant work and central Monitoring.
Preserve deny-as-not-found security semantics and avoid tenant identity leaks.
Keep tenant-scoped data surfaces strictly tenant-scoped (not workspace-scoped).
What changed

Context-aware Monitoring:
/admin/operations shows scope label + CTAs (“Back to ”, “Show all tenants”) when tenant context is active and entitled.
/admin/operations/{run} shows deterministic back affordances + optional escape hatch (“Show all operations”) when tenant context is active and entitled.
Canonical Monitoring GET routes do not mutate tenant context.
Stale tenant context (not entitled) falls back to workspace scope without leaking tenant identity.
Tenant navigation IA:
Tenant panel sidebar provides “Monitoring” shortcuts (Runs/Alerts/Audit Log) into the central Monitoring surfaces.
Tenant-scoped Admin surfaces guard:
Inventory/Policies/Policy Versions/Backup Sets no longer show up tenantless; direct access redirects to /admin/choose-tenant when no tenant is selected.
Tests

Added/updated Pest coverage for:
Spec 085 header affordances + stale-context behavior
deny-as-not-found regressions for non-members/non-entitled users
“DB-only render” (no outbound calls) for Monitoring pages
tenant-scoped admin surfaces redirect when no tenant selected
Compatibility / Constraints

Filament v5 + Livewire v4 compliant (no v3 APIs).
Panel providers remain registered via providers.php (Laravel 11+/12).
No new assets; no changes to filament:assets deployment requirements.
No global search changes.
Manual verification

From a tenant, click “Monitoring → Runs” and confirm:
Scope label shows tenant scope
“Show all tenants” clears tenant context and returns to workspace scope
Open a run detail and confirm “Back to ” behavior + “Show all operations”.

Summary Implements Spec 085 “Tenant Operate Hub” semantics so central Monitoring pages are context-aware when entered from a tenant, without changing canonical URLs or implicitly mutating tenant selection. Also fixes a UX leak where tenant-scoped Inventory/Policies/Backups surfaces could appear in Admin navigation / be reachable without a selected tenant. Why Reduce “where am I / lost tenant context” confusion when operators jump between tenant work and central Monitoring. Preserve deny-as-not-found security semantics and avoid tenant identity leaks. Keep tenant-scoped data surfaces strictly tenant-scoped (not workspace-scoped). What changed Context-aware Monitoring: /admin/operations shows scope label + CTAs (“Back to <tenant>”, “Show all tenants”) when tenant context is active and entitled. /admin/operations/{run} shows deterministic back affordances + optional escape hatch (“Show all operations”) when tenant context is active and entitled. Canonical Monitoring GET routes do not mutate tenant context. Stale tenant context (not entitled) falls back to workspace scope without leaking tenant identity. Tenant navigation IA: Tenant panel sidebar provides “Monitoring” shortcuts (Runs/Alerts/Audit Log) into the central Monitoring surfaces. Tenant-scoped Admin surfaces guard: Inventory/Policies/Policy Versions/Backup Sets no longer show up tenantless; direct access redirects to /admin/choose-tenant when no tenant is selected. Tests Added/updated Pest coverage for: Spec 085 header affordances + stale-context behavior deny-as-not-found regressions for non-members/non-entitled users “DB-only render” (no outbound calls) for Monitoring pages tenant-scoped admin surfaces redirect when no tenant selected Compatibility / Constraints Filament v5 + Livewire v4 compliant (no v3 APIs). Panel providers remain registered via providers.php (Laravel 11+/12). No new assets; no changes to filament:assets deployment requirements. No global search changes. Manual verification From a tenant, click “Monitoring → Runs” and confirm: Scope label shows tenant scope “Show all tenants” clears tenant context and returns to workspace scope Open a run detail and confirm “Back to <tenant>” behavior + “Show all operations”.

ahmido added 8 commits 2026-02-11 21:01:17 +00:00

spec(086): retire legacy runs into operation runs 11f7209783

feat(spec-085): tenant operate hub 6dab6297f8

feat(spec-086): retire legacy runs into operation runs b870c0c8d4

Merge branch '086-retire-legacy-runs-into-operation-runs-session-1770683729' into 085-tenant-operate-hub ... c8e5996a1a

# Conflicts:
#	.github/agents/copilot-instructions.md

fix(spec-085-086): stabilize ops UX + provider connection fixtures bd19864a42

merge: agent session work e76ef02fab

Merge branch 'dev' into 085-tenant-operate-hub c1eda3b19f

fix(ui): hide tenant-scoped admin nav without tenant 98c7408c00

ahmido merged commit 57f3e3934c into dev 2026-02-11 21:01:25 +00:00

ahmido referenced this issue from a commit 2026-02-11 21:01:26 +00:00

085-tenant-operate-hub (#104)

Sign in to join this conversation.

Reviewers

No reviewers

Labels

Clear labels

No items

No Label

Milestone

Clear milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

No Assignees

1 Participants

Notifications

Subscribe

Due Date

The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.

No due date set.

Dependencies

No dependencies set.

Reference: ahmido/TenantAtlas#104

No description provided.