ahmido/TenantAtlas
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects 1 Releases Wiki Activity
dev
TenantAtlas/specs/144-canonical-operation-viewer-context-decoupling/quickstart.md
ahmido b0a724acef feat: harden canonical run viewer and onboarding draft state (#173) 
## Summary
- harden the canonical operation run viewer so mismatched, missing, archived, onboarding, and selector-excluded tenant context no longer invalidates authorized canonical run viewing
- extend canonical route, header-context, deep-link, and presentation coverage for Spec 144 and add the full spec artifact set under `specs/144-canonical-operation-viewer-context-decoupling/`
- harden onboarding draft provider-connection resume logic so stale persisted provider connections fall back to the connect-provider step instead of resuming invalid state
- add architecture-audit follow-up candidate material and prompt assets for the next governance hardening wave

## Testing
- `vendor/bin/sail bin pint --dirty --format agent`
- `vendor/bin/sail artisan test --compact tests/Feature/144/CanonicalOperationViewerContextMismatchTest.php tests/Feature/144/CanonicalOperationViewerDeepLinkTrustTest.php tests/Feature/Operations/TenantlessOperationRunViewerTest.php tests/Feature/OpsUx/OperateHubShellTest.php tests/Feature/Monitoring/OperationsTenantScopeTest.php tests/Feature/RunAuthorizationTenantIsolationTest.php tests/Feature/Filament/OperationRunEnterpriseDetailPageTest.php tests/Feature/Monitoring/HeaderContextBarTest.php tests/Feature/Monitoring/OperationRunResolvedReferencePresentationTest.php tests/Feature/Monitoring/OperationsCanonicalUrlsTest.php`
- `vendor/bin/sail artisan test --compact tests/Feature/ManagedTenantOnboardingWizardTest.php tests/Unit/Onboarding/OnboardingDraftStageResolverTest.php tests/Unit/Onboarding/OnboardingLifecycleServiceTest.php`

## Notes
- branch: `144-canonical-operation-viewer-context-decoupling`
- base: `dev`

Co-authored-by: Ahmed Darrazi <ahmed.darrazi@live.de>
Reviewed-on: #173
2026-03-15 18:32:04 +00:00

66 lines
2.8 KiB
Markdown
Raw Permalink Blame History

# Quickstart: Canonical Operation Viewer Context Decoupling
## Goal
Verify that canonical operation run viewing is independent of remembered tenant context while preserving tenant entitlement and capability semantics.
## Preconditions
1. Start the local environment:
```bash
vendor/bin/sail up -d
```
2. Ensure test database and app state are ready:
```bash
vendor/bin/sail artisan optimize:clear
```
## Manual Verification Flow
1. Sign in as a user who is a member of one workspace and entitled to at least two tenants in that workspace.
2. Open a canonical run linked to tenant A while tenant B is selected in the header.
3. Confirm the page still renders the run and shows a non-blocking mismatch message.
4. Clear tenant context or open the same run from a fresh session with no selected tenant.
5. Confirm the run still renders.
6. Open a tenantless run.
7. Confirm the page renders with workspace-level framing and no tenant selection requirement.
8. Open the same run from a notification-style or verification-surface `View run` entry point with no selected tenant.
9. Confirm the canonical viewer still resolves the same run.
10. Open a run linked to an onboarding, archived, or other tenant state already excluded from selector rules.
11. Confirm the page remains viewable, lifecycle-aware messaging is shown, and tenant follow-up actions are reduced or absent without blocking the viewer.
12. Open a canonical run for a tenant the current user is not entitled to.
13. Confirm the response is deny-as-not-found.
14. Open a run type that resolves a capability the current user lacks while workspace and tenant scope are otherwise valid.
15. Confirm the response is forbidden.
## Focused Test Command
```bash
vendor/bin/sail artisan test --compact \
tests/Feature/144/CanonicalOperationViewerContextMismatchTest.php \
tests/Feature/144/CanonicalOperationViewerDeepLinkTrustTest.php \
tests/Feature/Operations/TenantlessOperationRunViewerTest.php \
tests/Feature/OpsUx/OperateHubShellTest.php \
tests/Feature/Monitoring/OperationsTenantScopeTest.php \
tests/Feature/RunAuthorizationTenantIsolationTest.php \
tests/Feature/Filament/OperationRunEnterpriseDetailPageTest.php
```
## Formatting
Run the required formatter after implementation changes:
```bash
vendor/bin/sail bin pint --dirty --format agent
```
## Expected Outcome
- Canonical run viewing succeeds for authorized users regardless of remembered tenant context mismatch.
- Tenant-linked runs still enforce direct tenant entitlement.
- Tenantless runs and onboarding, archived, or otherwise selector-excluded tenant-linked runs remain viewable when authorized.
- `View run` deep links remain canonical and trustworthy across tenant, notification, verification, and monitoring surfaces.
- Reduced or unavailable tenant follow-up actions do not invalidate the canonical viewer.
Reference in New Issue View Git Blame Copy Permalink