ahmido/TenantAtlas
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects 1 Releases Wiki Activity

feat/040-inventory-core #43

Merged
ahmido merged 2 commits from feat/040-inventory-core into dev 2026-01-07 14:54:24 +00:00
Conversation 0 Commits 2 Files Changed 19 +1447 -37
ahmido commented 2026-01-07 14:54:12 +00:00
Owner
Copy Link

Summary

Implements Inventory Core (Spec 040): a tenant-scoped, mutable “last observed” inventory catalog + sync run logging, with deterministic selection hashing and safe derived “missing” semantics.

This establishes the foundation for Inventory UI (041), Dependencies Graph (042), Compare/Promotion (043), and Drift (044).

What’s included
• DB schema
• inventory_items (unique: tenant_id + policy_type + external_id; indexes; last_seen_at, last_seen_run_id)
• inventory_sync_runs (tenant_id, selection_hash/payload, status, started/finished, counts, error_codes, correlation_id)
• Selection hashing
• Deterministic selection_hash via canonical JSON (sorted keys + sorted arrays) + sha256
• Sync semantics
• Idempotent upsert (no duplicates)
• Updates last_seen_* when observed
• Enforces tenant scoping for all reads/writes
• Guardrail: inventory sync does not create snapshots/backups
• Missing semantics (derived)
• “missing” computed relative to latest completed run for same (tenant_id, selection_hash)
• Low confidence when latest run is partial/failed or had_errors=true
• Selection isolation (runs for other selections don’t affect missing)
• deleted is reserved (not produced here)
• Safety
• meta_jsonb whitelist enforced (unknown keys dropped; never fail sync)
• Safe error persistence (no bearer tokens / secrets)
• Locking to prevent overlapping runs for same tenant+selection
• Concurrency limiter (global + per-tenant) and throttling resilience (429/503 backoff + jitter)

Tests

Added Pest coverage for:
• selection_hash determinism (array order invariant)
• upsert idempotency + last_seen updates
• missing derived semantics + selection isolation
• low confidence missing on partial/had_errors
• meta whitelist drop (no exception)
• lock prevents overlapping runs
• no snapshots/backups side effects
• safe error persistence (no bearer tokens)

Non-goals
• Inventory UI pages/resources (Spec 041)
• Dependency graph hydration (Spec 042)
• Cross-tenant compare/promotion flows (Spec 043)
• Drift analysis dashboards (Spec 044)

Review focus
• Data model correctness + indexes/constraints
• Selection hash canonicalization (determinism)
• Missing semantics (latest completed run + confidence rule)
• Guardrails (no snapshot/backups side effects)
• Safety: error_code taxonomy + safe persistence/logging

Summary Implements Inventory Core (Spec 040): a tenant-scoped, mutable “last observed” inventory catalog + sync run logging, with deterministic selection hashing and safe derived “missing” semantics. This establishes the foundation for Inventory UI (041), Dependencies Graph (042), Compare/Promotion (043), and Drift (044). What’s included • DB schema • inventory_items (unique: tenant_id + policy_type + external_id; indexes; last_seen_at, last_seen_run_id) • inventory_sync_runs (tenant_id, selection_hash/payload, status, started/finished, counts, error_codes, correlation_id) • Selection hashing • Deterministic selection_hash via canonical JSON (sorted keys + sorted arrays) + sha256 • Sync semantics • Idempotent upsert (no duplicates) • Updates last_seen_* when observed • Enforces tenant scoping for all reads/writes • Guardrail: inventory sync does not create snapshots/backups • Missing semantics (derived) • “missing” computed relative to latest completed run for same (tenant_id, selection_hash) • Low confidence when latest run is partial/failed or had_errors=true • Selection isolation (runs for other selections don’t affect missing) • deleted is reserved (not produced here) • Safety • meta_jsonb whitelist enforced (unknown keys dropped; never fail sync) • Safe error persistence (no bearer tokens / secrets) • Locking to prevent overlapping runs for same tenant+selection • Concurrency limiter (global + per-tenant) and throttling resilience (429/503 backoff + jitter) Tests Added Pest coverage for: • selection_hash determinism (array order invariant) • upsert idempotency + last_seen updates • missing derived semantics + selection isolation • low confidence missing on partial/had_errors • meta whitelist drop (no exception) • lock prevents overlapping runs • no snapshots/backups side effects • safe error persistence (no bearer tokens) Non-goals • Inventory UI pages/resources (Spec 041) • Dependency graph hydration (Spec 042) • Cross-tenant compare/promotion flows (Spec 043) • Drift analysis dashboards (Spec 044) Review focus • Data model correctness + indexes/constraints • Selection hash canonicalization (determinism) • Missing semantics (latest completed run + confidence rule) • Guardrails (no snapshot/backups side effects) • Safety: error_code taxonomy + safe persistence/logging
ahmido added 2 commits 2026-01-07 14:54:13 +00:00
ahmido merged commit 8ae7a7234e into dev 2026-01-07 14:54:24 +00:00
Sign in to join this conversation.
Reviewers
No reviewers
Labels
Clear labels
No items
No Label
Milestone
Clear milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
No Assignees
1 Participants
Notifications
Due Date
The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.

No due date set.

Dependencies

No dependencies set.

Reference: ahmido/TenantAtlas#43
No description provided.
Delete Branch "feat/040-inventory-core"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?