feat: harden queued execution legitimacy #179

Merged

ahmido merged 1 commits from 149-queued-execution-reauthorization into dev 2026-03-17 21:52:41 +00:00

Conversation 0 Commits 1 Files Changed 65 +3814 -50

ahmido commented 2026-03-17 21:49:14 +00:00

Owner

Copy Link

Summary

• add a canonical queued execution legitimacy contract for actor-bound and system-authority operation runs
• enforce legitimacy before queued jobs transition runs to running across provider, inventory, restore, bulk, sync, and scheduled backup flows
• surface blocked execution outcomes consistently in Monitoring, notifications, audit data, and the tenantless operation viewer
• add Spec 149 artifacts and focused Pest coverage for legitimacy decisions, middleware ordering, blocked presentation, retry behavior, and cross-family adoption

Testing

• vendor/bin/sail artisan test --compact tests/Unit/Operations/QueuedExecutionLegitimacyGateTest.php
• vendor/bin/sail artisan test --compact tests/Feature/Operations/QueuedExecutionMiddlewareOrderingTest.php
• vendor/bin/sail artisan test --compact tests/Feature/Verification/ProviderExecutionReauthorizationTest.php
• vendor/bin/sail artisan test --compact tests/Feature/Operations/RunInventorySyncExecutionReauthorizationTest.php
• vendor/bin/sail artisan test --compact tests/Feature/Operations/ExecuteRestoreRunExecutionReauthorizationTest.php
• vendor/bin/sail artisan test --compact tests/Feature/Operations/SystemRunBlockedExecutionNotificationTest.php
• vendor/bin/sail artisan test --compact tests/Feature/Operations/BulkOperationExecutionReauthorizationTest.php
• vendor/bin/sail artisan test --compact tests/Feature/Operations/QueuedExecutionRetryReauthorizationTest.php
• vendor/bin/sail artisan test --compact tests/Feature/Operations/QueuedExecutionContractMatrixTest.php
• vendor/bin/sail artisan test --compact tests/Feature/Operations/OperationRunBlockedExecutionPresentationTest.php
• vendor/bin/sail artisan test --compact tests/Feature/Operations/QueuedExecutionAuditTrailTest.php
• vendor/bin/sail artisan test --compact tests/Feature/Operations/TenantlessOperationRunViewerTest.php
• vendor/bin/sail bin pint --dirty --format agent

Manual validation

• validated queued provider execution blocking for tenant operability drift in the integrated browser on /admin/operations and /admin/operations/{run}
• validated 404 vs 403 route behavior for non-membership vs in-scope capability denial
• validated initiator-null blocked system-run behavior without creating a user terminal notification

## Summary - add a canonical queued execution legitimacy contract for actor-bound and system-authority operation runs - enforce legitimacy before queued jobs transition runs to running across provider, inventory, restore, bulk, sync, and scheduled backup flows - surface blocked execution outcomes consistently in Monitoring, notifications, audit data, and the tenantless operation viewer - add Spec 149 artifacts and focused Pest coverage for legitimacy decisions, middleware ordering, blocked presentation, retry behavior, and cross-family adoption ## Testing - vendor/bin/sail artisan test --compact tests/Unit/Operations/QueuedExecutionLegitimacyGateTest.php - vendor/bin/sail artisan test --compact tests/Feature/Operations/QueuedExecutionMiddlewareOrderingTest.php - vendor/bin/sail artisan test --compact tests/Feature/Verification/ProviderExecutionReauthorizationTest.php - vendor/bin/sail artisan test --compact tests/Feature/Operations/RunInventorySyncExecutionReauthorizationTest.php - vendor/bin/sail artisan test --compact tests/Feature/Operations/ExecuteRestoreRunExecutionReauthorizationTest.php - vendor/bin/sail artisan test --compact tests/Feature/Operations/SystemRunBlockedExecutionNotificationTest.php - vendor/bin/sail artisan test --compact tests/Feature/Operations/BulkOperationExecutionReauthorizationTest.php - vendor/bin/sail artisan test --compact tests/Feature/Operations/QueuedExecutionRetryReauthorizationTest.php - vendor/bin/sail artisan test --compact tests/Feature/Operations/QueuedExecutionContractMatrixTest.php - vendor/bin/sail artisan test --compact tests/Feature/Operations/OperationRunBlockedExecutionPresentationTest.php - vendor/bin/sail artisan test --compact tests/Feature/Operations/QueuedExecutionAuditTrailTest.php - vendor/bin/sail artisan test --compact tests/Feature/Operations/TenantlessOperationRunViewerTest.php - vendor/bin/sail bin pint --dirty --format agent ## Manual validation - validated queued provider execution blocking for tenant operability drift in the integrated browser on /admin/operations and /admin/operations/{run} - validated 404 vs 403 route behavior for non-membership vs in-scope capability denial - validated initiator-null blocked system-run behavior without creating a user terminal notification

ahmido added 1 commit 2026-03-17 21:49:15 +00:00

feat: harden queued execution legitimacy 8cfa5ae2bd

ahmido merged commit 5bcb4f6ab8 into dev 2026-03-17 21:52:41 +00:00

ahmido referenced this issue from a commit 2026-03-17 21:52:43 +00:00

feat: harden queued execution legitimacy (#179)

Sign in to join this conversation.

Reviewers

No reviewers

Labels

Clear labels

No items

No Label

Milestone

Clear milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

No Assignees

1 Participants

Notifications

Subscribe

Due Date

The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.

No due date set.

Dependencies

No dependencies set.

Reference: ahmido/TenantAtlas#179

No description provided.