feat: harden provider boundaries #273

Merged

ahmido merged 2 commits from 237-provider-boundary-hardening-session-1777061713 into dev 2026-04-24 21:05:38 +00:00

Conversation 0 Commits 2 Files Changed 35 +2587 -100

ahmido commented 2026-04-24 20:56:16 +00:00

Owner

Copy Link

Summary

• add the provider boundary catalog, boundary support types, and guardrails for platform-core versus provider-owned seams
• harden provider gateway, identity resolution, operation registry, and start-gate behavior to require explicit provider bindings
• add unit and feature coverage for boundary classification, runtime preservation, unsupported paths, and platform-core leakage guards
• add the full Spec Kit artifact set for spec 237 and update roadmap/spec-candidate tracking

Validation

• cd apps/platform && ./vendor/bin/sail artisan test --compact tests/Unit/Providers/ProviderBoundaryClassificationTest.php tests/Unit/Providers/ProviderBoundaryGuardrailTest.php tests/Feature/Providers/ProviderBoundaryHardeningTest.php tests/Feature/Providers/UnsupportedProviderBoundaryPathTest.php tests/Feature/Guards/ProviderBoundaryPlatformCoreGuardTest.php
• cd apps/platform && ./vendor/bin/sail artisan test --compact tests/Unit/Providers/ProviderGatewayTest.php tests/Unit/Providers/ProviderIdentityResolverTest.php tests/Unit/Providers/ProviderOperationStartGateTest.php
• cd apps/platform && ./vendor/bin/sail bin pint --dirty --format agent
• browser smoke: http://localhost/admin/provider-connections?tenant_id=18000000-0000-4000-8000-000000000180 loaded with the local smoke user, the empty-state CTA reached the canonical create route, and cancel returned to the scoped list

## Summary - add the provider boundary catalog, boundary support types, and guardrails for platform-core versus provider-owned seams - harden provider gateway, identity resolution, operation registry, and start-gate behavior to require explicit provider bindings - add unit and feature coverage for boundary classification, runtime preservation, unsupported paths, and platform-core leakage guards - add the full Spec Kit artifact set for spec 237 and update roadmap/spec-candidate tracking ## Validation - `cd apps/platform && ./vendor/bin/sail artisan test --compact tests/Unit/Providers/ProviderBoundaryClassificationTest.php tests/Unit/Providers/ProviderBoundaryGuardrailTest.php tests/Feature/Providers/ProviderBoundaryHardeningTest.php tests/Feature/Providers/UnsupportedProviderBoundaryPathTest.php tests/Feature/Guards/ProviderBoundaryPlatformCoreGuardTest.php` - `cd apps/platform && ./vendor/bin/sail artisan test --compact tests/Unit/Providers/ProviderGatewayTest.php tests/Unit/Providers/ProviderIdentityResolverTest.php tests/Unit/Providers/ProviderOperationStartGateTest.php` - `cd apps/platform && ./vendor/bin/sail bin pint --dirty --format agent` - browser smoke: `http://localhost/admin/provider-connections?tenant_id=18000000-0000-4000-8000-000000000180` loaded with the local smoke user, the empty-state CTA reached the canonical create route, and cancel returned to the scoped list

ahmido added 1 commit 2026-04-24 20:56:16 +00:00

feat: harden provider boundaries 079a7dcaf3

ahmido added 1 commit 2026-04-24 21:02:06 +00:00

docs: amend constitution to v2.10.0 with OperationRun start UX contract 62cc3a5f1f

ahmido merged commit bd26e209de into dev 2026-04-24 21:05:38 +00:00

ahmido referenced this issue from a commit 2026-04-24 21:05:39 +00:00

feat: harden provider boundaries (#273)

Sign in to join this conversation.

Reviewers

No reviewers

Labels

Clear labels

No items

No Label

Milestone

Clear milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

No Assignees

1 Participants

Notifications

Subscribe

Due Date

The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.

No due date set.

Dependencies

No dependencies set.

Reference: ahmido/TenantAtlas#273

No description provided.