ahmido/TenantAtlas
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects 1 Releases Wiki Activity
dev
TenantAtlas/specs/116-baseline-drift-engine/contracts/openapi.yaml
ahmido 7620144ab6 Spec 116: Baseline drift engine v1 (meta fidelity + coverage guard) (#141) 
Implements Spec 116 baseline drift engine v1 (meta fidelity) with coverage guard, stable finding identity, and Filament UI surfaces.

Highlights
- Baseline capture/compare jobs and supporting services (meta contract hashing via InventoryMetaContract + DriftHasher)
- Coverage proof parsing + compare partial outcome behavior
- Filament pages/resources/widgets for baseline compare + drift landing improvements
- Pest tests for capture/compare/coverage guard and UI start surfaces
- Research report: docs/research/golden-master-baseline-drift-deep-analysis.md

Validation
- `vendor/bin/sail bin pint --dirty`
- `vendor/bin/sail artisan test --compact --filter="Baseline"`

Notes
- No destructive user actions added; compare/capture remain queued jobs.
- Provider registration unchanged (Laravel 11+/12 uses bootstrap/providers.php for panel providers; not touched here).

Co-authored-by: Ahmed Darrazi <ahmed.darrazi@live.de>
Reviewed-on: #141
2026-03-02 22:02:58 +00:00

158 lines
4.0 KiB
YAML
Raw Permalink Blame History

openapi: 3.0.3
info:
title: Spec 116 - Baseline Drift Engine
version: 0.1.0
description: |
Minimal contracts for Baseline capture/compare operations and finding summaries.
This repo is primarily Filament-driven; these endpoints represent conceptual contracts
or internal routes/services rather than guaranteed public APIs.
servers:
- url: /
paths:
/internal/baselines/{baselineProfileId}/snapshots:
post:
summary: Capture a baseline snapshot
parameters:
- in: path
name: baselineProfileId
required: true
schema:
type: integer
requestBody:
required: false
responses:
'202':
description: Snapshot capture queued
content:
application/json:
schema:
$ref: '#/components/schemas/OperationQueued'
/internal/baselines/{baselineProfileId}/compare:
post:
summary: Compare baseline snapshot to tenant inventory
parameters:
- in: path
name: baselineProfileId
required: true
schema:
type: integer
requestBody:
required: true
content:
application/json:
schema:
$ref: '#/components/schemas/BaselineCompareRequest'
responses:
'202':
description: Compare queued
content:
application/json:
schema:
$ref: '#/components/schemas/OperationQueued'
/internal/tenants/{tenantId}/findings:
get:
summary: List findings for a tenant (filtered)
parameters:
- in: path
name: tenantId
required: true
schema:
type: integer
- in: query
name: scope_key
required: false
schema:
type: string
- in: query
name: status
required: false
schema:
type: string
enum: [open, resolved]
responses:
'200':
description: Findings list
content:
application/json:
schema:
type: object
properties:
data:
type: array
items:
$ref: '#/components/schemas/Finding'
components:
schemas:
BaselineCompareRequest:
type: object
required: [tenant_id]
properties:
tenant_id:
type: integer
baseline_snapshot_id:
type: integer
nullable: true
description: Optional explicit snapshot selection. If omitted, latest successful snapshot is used.
OperationQueued:
type: object
required: [operation_run_id]
properties:
operation_run_id:
type: integer
Finding:
type: object
required: [id, tenant_id, fingerprint, scope_key, created_at]
properties:
id:
type: integer
tenant_id:
type: integer
fingerprint:
type: string
description: Stable identifier; for baseline drift equals recurrence_key.
recurrence_key:
type: string
nullable: true
scope_key:
type: string
change_type:
type: string
nullable: true
policy_type:
type: string
nullable: true
subject_external_id:
type: string
nullable: true
evidence:
type: object
additionalProperties: true
first_seen_at:
type: string
format: date-time
nullable: true
last_seen_at:
type: string
format: date-time
nullable: true
times_seen:
type: integer
nullable: true
resolved_at:
type: string
format: date-time
nullable: true
created_at:
type: string
format: date-time
updated_at:
type: string
format: date-time
Reference in New Issue View Git Blame Copy Permalink