# Quickstart: Workspace Model, Memberships & Managed Tenants (v2)

**Date**: 2026-01-31  
**Feature**: [spec.md](spec.md)

## Prereqs

- Start Sail: `./vendor/bin/sail up -d`

## Local setup (after implementation)

- Run migrations: `./vendor/bin/sail artisan migrate`

## Manual verification checklist

1) **Workspace selection**
- Create two workspaces.
- Add the current user to both.
- Verify `/admin/choose-workspace` lists only those workspaces.
- Select one and confirm subsequent navigation stays scoped.

2) **Zero memberships**
- Use a user with no workspace memberships.
- Enter admin panel entry point.
- Verify redirect to `/admin/no-access`.
- Verify the user can create a workspace and becomes an Owner.

3) **Isolation semantics**
- Create Workspace A and Workspace B.
- Ensure user is member only of Workspace A.
- Attempt to open any Workspace B URL.
- Verify deny-as-not-found behavior.

4) **Managed tenant scoping**
- Add a managed tenant inside Workspace A.
- Verify it does not show up in Workspace B.

5) **Membership management + last owner**
- In a workspace with exactly one owner, attempt to remove/demote that owner.
- Verify the action is blocked and audited.

## Test execution (after implementation)

- Run targeted tests: `./vendor/bin/sail artisan test --compact --filter=Workspace`
- Run formatter: `./vendor/bin/sail bin pint --dirty`