# Quickstart — Spec 090 (Action Surface Contract Compliance & RBAC Hardening)

## Prereqs
- Run inside Sail.

## Run the guard tests (fast feedback)
- `vendor/bin/sail artisan test --compact tests/Feature/Guards/ActionSurfaceContractTest.php`

## Run targeted RBAC/action tests (after implementation)
Planned additions for Spec 090 will include feature tests for:
- Policy “Capture snapshot” authorization + audit log
- Findings list action ordering + acknowledge gating
- Provider connections action surface + RBAC gating
- Backup schedules action surface + empty-state CTA gating
- Workspace resource access semantics (non-member 404, member missing capability 403)

Run the smallest set first, e.g.:
- `vendor/bin/sail artisan test --compact --filter=ActionSurfaceContract`

## Run only Spec 090 tests
- `vendor/bin/sail artisan test --compact tests/Feature/090/`
- `vendor/bin/sail artisan test --compact --filter=Spec090`

## Formatting
- `vendor/bin/sail bin pint --dirty`

## Manual verification checklist (post-implementation)
- Confirm each in-scope list/table provides an inspection affordance (View action *or* clickable row/primary link), consistent “More” grouping, and ≤2 primary row actions.
- Confirm destructive actions require confirmation.
- Confirm tenant/workspace isolation: non-members get 404 semantics; members without capability get 403 on execution and disabled + tooltip in UI.
- Confirm successful side-effect actions create an `audit_logs` entry with sanitized metadata.