ahmido/TenantAtlas
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects 1 Releases Wiki Activity

feat: harden provider connection authority resolution (339) #410

Merged
ahmido merged 3 commits from 339-provider-connection-scope-hardening into platform-dev 2026-05-31 11:59:42 +00:00
Conversation 0 Commits 3 Files Changed 12 +1115 -39
ahmido commented 2026-05-31 11:58:01 +00:00
Owner
Copy Link

Summary

  • harden Provider Connection authority so workspace scope comes only from explicit workspace context and record ownership
  • require explicit environment_id for Provider Connection create flows and remove remembered-environment or Filament-tenant fallback authority
  • keep legacy query aliases such as tenant, tenant_id, and managed_environment_id inert for Provider Connection access
  • add targeted Spec 339 feature coverage for create authority, workspace authority, and wrong-workspace / legacy-query denial behavior
  • include Spec 339 artifacts (spec.md, plan.md, tasks.md) for the hardening slice

Validation

  • cd apps/platform && ./vendor/bin/sail artisan test --compact tests/Feature/ProviderConnections --filter=ScopeHardening

Notes

  • no new uncommitted workspace changes were present to commit in this turn; the branch already contained the feature commits
  • Livewire v4 compliance unchanged
  • Filament provider registration remains in bootstrap/providers.php
  • no migrations, new assets, or route-family restructures
## Summary - harden Provider Connection authority so workspace scope comes only from explicit workspace context and record ownership - require explicit `environment_id` for Provider Connection create flows and remove remembered-environment or Filament-tenant fallback authority - keep legacy query aliases such as `tenant`, `tenant_id`, and `managed_environment_id` inert for Provider Connection access - add targeted Spec 339 feature coverage for create authority, workspace authority, and wrong-workspace / legacy-query denial behavior - include Spec 339 artifacts (`spec.md`, `plan.md`, `tasks.md`) for the hardening slice ## Validation - `cd apps/platform && ./vendor/bin/sail artisan test --compact tests/Feature/ProviderConnections --filter=ScopeHardening` ## Notes - no new uncommitted workspace changes were present to commit in this turn; the branch already contained the feature commits - Livewire v4 compliance unchanged - Filament provider registration remains in `bootstrap/providers.php` - no migrations, new assets, or route-family restructures
ahmido added 3 commits 2026-05-31 11:58:02 +00:00
merge: agent session work
Some checks failed
PR Fast Feedback / fast-feedback (pull_request) Failing after 1m3s
Details
69769a4072
ahmido merged commit fcb03d2aee into platform-dev 2026-05-31 11:59:42 +00:00
Sign in to join this conversation.
Reviewers
No reviewers
Labels
Clear labels
No items
No Label
Milestone
Clear milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
No Assignees
1 Participants
Notifications
Due Date
The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.

No due date set.

Dependencies

No dependencies set.

Reference: ahmido/TenantAtlas#410
No description provided.
Delete Branch "339-provider-connection-scope-hardening"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?