ahmido/TenantAtlas
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects 1 Releases Wiki Activity
platform-dev
TenantAtlas/specs/287-cutover-prerequisite-completion/contracts/cutover-prerequisite-completion.logical.openapi.yaml
ahmido eceeee9c5c Complete Spec 287 prerequisite cutover (#346) 
## Summary
- retire the remaining tenant-scoped provider-connection legacy routes and update canonical verification and link behavior
- complete the provider target-scope fallback cleanup so neutral shared scope data falls back to the managed environment when the raw connection tenant identifier is blank
- stop mirroring workspace roles into managed-environment scope persistence and cut the targeted admin-panel test helpers over to the post-cutover context path
- add and update the Spec 287 artifact package and targeted regression coverage for route retirement, provider-core neutralization, workspace-first RBAC, and helper cutover

## Validation
- `cd apps/platform && ./vendor/bin/sail artisan test --compact tests/Feature/ProviderConnections/LegacyRedirectTest.php tests/Feature/ProviderConnections/TenantlessListRouteTest.php tests/Feature/ProviderConnections/TenantlessListScopingTest.php tests/Feature/Auth/WorkspaceFirstManagedEnvironmentAccessTest.php tests/Feature/Rbac/ProviderConnectionWorkspaceFirstPolicyTest.php tests/Feature/Reviews/CustomerReviewWorkspaceLaunchLinksTest.php tests/Feature/Rbac/TriageReviewStateAuthorizationTest.php`
- `cd apps/platform && ./vendor/bin/sail artisan test --compact tests/Browser/Spec281ProviderConnectionScopeSmokeTest.php tests/Browser/Spec285WorkspaceRbacEnvironmentAccessSmokeTest.php`
- `cd apps/platform && ./vendor/bin/sail bin pint --dirty --format agent`

## Notes
- Filament remains on Livewire v4 and provider registration stays unchanged in `apps/platform/bootstrap/providers.php`.
- No new asset registration or deployment-step changes are included in this slice.

Co-authored-by: Ahmed Darrazi <ahmed.darrazi@live.de>
Reviewed-on: #346
2026-05-10 18:22:34 +00:00

209 lines
8.1 KiB
YAML
Raw Permalink Blame History

openapi: 3.1.0
info:
title: Cutover Prerequisite Completion Logical Contract
version: 0.1.0
summary: Logical completion contract for the remaining runtime and test-harness seams that unblock Spec 288.
x-canonical-command-authority:
- specs/287-cutover-prerequisite-completion/spec.md
- specs/287-cutover-prerequisite-completion/plan.md
- specs/287-cutover-prerequisite-completion/tasks.md
- specs/287-cutover-prerequisite-completion/quickstart.md
paths:
/__logical/prerequisites/provider-connection-routes:
get:
summary: Provider-connection route retirement contract
operationId: getProviderConnectionRouteCompletionContract
responses:
'200':
description: Legacy provider-connection aliases to retire and canonical replacements
content:
application/json:
schema:
$ref: '#/components/schemas/ProviderConnectionRouteContract'
/__logical/prerequisites/provider-target-scope:
get:
summary: Provider target-scope core neutralization contract
operationId: getProviderTargetScopeCompletionContract
responses:
'200':
description: Shared provider target-scope fields and provider-owned nested detail rules
content:
application/json:
schema:
$ref: '#/components/schemas/ProviderTargetScopeContract'
/__logical/prerequisites/environment-scope-persistence:
get:
summary: Workspace-first role authority and environment-scope persistence contract
operationId: getEnvironmentScopePersistenceCompletionContract
responses:
'200':
description: Role-bearing truth and narrowing-only environment scope rules
content:
application/json:
schema:
$ref: '#/components/schemas/EnvironmentScopePersistenceContract'
/__logical/prerequisites/test-helper-cutover:
get:
summary: Tenant-panel test-helper cutover contract
operationId: getTestHelperCutoverCompletionContract
responses:
'200':
description: Shared test helper replacement and named direct-consumer inventory
content:
application/json:
schema:
$ref: '#/components/schemas/TestHelperCutoverContract'
/__logical/prerequisites/targeted-validation:
get:
summary: Targeted validation contract
operationId: getTargetedValidationCompletionContract
responses:
'200':
description: Exact targeted validation commands and bounded proof rules
content:
application/json:
schema:
$ref: '#/components/schemas/TargetedValidationContract'
components:
schemas:
ProviderConnectionRouteContract:
type: object
required:
- retiredRouteFamilies
- canonicalRouteFamilies
- launchPointFilesInScope
- behaviorAfterCompletion
properties:
retiredRouteFamilies:
type: array
items:
type: string
default:
- /admin/tenants/{tenant:slug}/provider-connections
canonicalRouteFamilies:
type: array
items:
type: string
default:
- /admin/provider-connections
- /admin/provider-connections/{record}
launchPointFilesInScope:
type: array
items:
type: string
default:
- apps/platform/app/Providers/Filament/AdminPanelProvider.php
- apps/platform/app/Filament/Resources/TenantResource.php
- apps/platform/app/Filament/Pages/TenantRequiredPermissions.php
- apps/platform/app/Support/OperationRunLinks.php
- apps/platform/app/Support/Providers/ProviderReasonTranslator.php
- apps/platform/app/Support/Verification/VerificationLinkBehavior.php
behaviorAfterCompletion:
type: string
const: Canonical provider-connection routes are the only accepted runtime path.
ProviderTargetScopeContract:
type: object
required:
- forbiddenSharedPrimaryKeys
- requiredNeutralSharedFields
- allowedProviderOwnedNestedFields
properties:
forbiddenSharedPrimaryKeys:
type: array
items:
type: string
default:
- entra_tenant_id
- tenantContext
- target_scope.entra_tenant_id
requiredNeutralSharedFields:
type: array
items:
type: string
default:
- scope_kind
- scope_identifier
- scope_display_name
allowedProviderOwnedNestedFields:
type: array
items:
type: string
default:
- provider_profile.microsoft.tenant_id
- provider_profile.microsoft.authority_tenant
- provider_profile.microsoft.consent_url
EnvironmentScopePersistenceContract:
type: object
required:
- roleAuthoritySource
- narrowingOnlyScopeStore
- forbiddenPersistenceBehavior
properties:
roleAuthoritySource:
type: string
const: workspace_memberships
narrowingOnlyScopeStore:
type: string
const: managed_environment_memberships or its in-place successor
forbiddenPersistenceBehavior:
type: array
items:
type: string
default:
- mirrored workspace role values as environment role truth
- second independent role matrix at environment scope
TestHelperCutoverContract:
type: object
required:
- retiredHelpers
- canonicalHelpers
- directConsumersInScope
properties:
retiredHelpers:
type: array
items:
type: string
default:
- setTenantPanelContext
canonicalHelpers:
type: array
items:
type: string
default:
- setAdminPanelContext
- post-cutover admin/workspace context helper
directConsumersInScope:
type: array
items:
type: string
default:
- tests/Feature/Reviews/CustomerReviewWorkspaceLaunchLinksTest.php
- tests/Feature/Rbac/TriageReviewStateAuthorizationTest.php
TargetedValidationContract:
type: object
required:
- featureCommand
- browserCommand
- formattingCommand
- outOfScopeProof
properties:
featureCommand:
type: string
const: export PATH="/bin:/usr/bin:/usr/local/bin:$PATH" && REPO_ROOT="$(git rev-parse --show-toplevel)" && (cd "$REPO_ROOT/apps/platform" && ./vendor/bin/sail artisan test --compact tests/Feature/ProviderConnections/LegacyRedirectTest.php tests/Feature/ProviderConnections/TenantlessListRouteTest.php tests/Feature/ProviderConnections/TenantlessListScopingTest.php tests/Feature/Auth/WorkspaceFirstManagedEnvironmentAccessTest.php tests/Feature/Rbac/ProviderConnectionWorkspaceFirstPolicyTest.php tests/Feature/Reviews/CustomerReviewWorkspaceLaunchLinksTest.php tests/Feature/Rbac/TriageReviewStateAuthorizationTest.php)
browserCommand:
type: string
const: export PATH="/bin:/usr/bin:/usr/local/bin:$PATH" && REPO_ROOT="$(git rev-parse --show-toplevel)" && (cd "$REPO_ROOT/apps/platform" && ./vendor/bin/sail artisan test --compact tests/Browser/Spec281ProviderConnectionScopeSmokeTest.php tests/Browser/Spec285WorkspaceRbacEnvironmentAccessSmokeTest.php)
formattingCommand:
type: string
const: export PATH="/bin:/usr/bin:/usr/local/bin:$PATH" && REPO_ROOT="$(git rev-parse --show-toplevel)" && (cd "$REPO_ROOT/apps/platform" && ./vendor/bin/sail bin pint --dirty --format agent)
outOfScopeProof:
type: array
items:
type: string
default:
- no global no-legacy guard suite
- no full-suite baseline
- no package execution
- no guided operations
- no UI copy cleanup
- no provider capability expansion
Reference in New Issue View Git Blame Copy Permalink