ahmido/TenantAtlas
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects 1 Releases Wiki Activity
website-dev
TenantAtlas/apps/platform/tests/Unit/Providers/ProviderBoundaryGuardrailTest.php
ahmido be314c577f Spec 400: rebuild Tenantial homepage visuals (#387) 
## Summary
- rebuild the public Tenantial homepage around an evidence-first Microsoft tenant governance narrative
- replace the old hero visual with a new static dashboard preview and add dedicated Trust Bar and Feature Pillars sections
- update the shared public shell, navigation, footer, dark design tokens, assets, and homepage content to match the new brand direction
- align website smoke coverage and Spec 400 artifacts with the rebuilt homepage

## Testing
- not run in this pass
- updated website smoke specs under apps/website/tests/smoke

## Note
- `website-dev` was pushed to `origin` so the requested PR base exists remotely
- the remote `website-dev` branch is an ancestor of `origin/dev`, so this PR may also show upstream `dev` history relative to that base

Co-authored-by: Ahmed Darrazi <ahmed.darrazi@live.de>
Reviewed-on: #387
2026-05-18 14:38:11 +00:00

76 lines
3.3 KiB
PHP
Raw Permalink Blame History

<?php
use App\Services\Providers\ProviderOperationRegistry;
use App\Support\Providers\Boundary\ProviderBoundaryCatalog;
use App\Support\Providers\Boundary\ProviderBoundaryOwner;
it('blocks undocumented provider terms in platform-core seams', function (): void {
$result = app(ProviderBoundaryCatalog::class)->evaluateChange(
seamKey: 'provider.identity_resolution',
filePath: 'app/Services/Providers/ProviderIdentityResolution.php',
proposedOwner: ProviderBoundaryOwner::PlatformCore,
providerSpecificTerms: ['client_request_id'],
);
expect($result['status'])->toBe(ProviderBoundaryCatalog::STATUS_BLOCKED)
->and($result['violation_code'])->toBe(ProviderBoundaryCatalog::VIOLATION_PLATFORM_CORE_PROVIDER_LEAK)
->and($result['suggested_follow_up'])->toBe('follow-up-spec');
});
it('requires review for documented current-release exceptions on platform-core seams', function (): void {
$result = app(ProviderBoundaryCatalog::class)->evaluateChange(
seamKey: 'provider.identity_resolution',
filePath: 'app/Services/Providers/ProviderIdentityResolver.php',
proposedOwner: 'platform_core',
providerSpecificTerms: ['entra_tenant_id'],
);
expect($result['status'])->toBe(ProviderBoundaryCatalog::STATUS_REVIEW_REQUIRED)
->and($result['violation_code'])->toBe(ProviderBoundaryCatalog::VIOLATION_NONE)
->and($result['suggested_follow_up'])->toBe('follow-up-spec');
});
it('allows provider-specific terms inside provider-owned seams', function (): void {
$result = app(ProviderBoundaryCatalog::class)->evaluateChange(
seamKey: 'provider.gateway_runtime',
filePath: 'app/Services/Providers/ProviderGateway.php',
proposedOwner: ProviderBoundaryOwner::ProviderOwned,
providerSpecificTerms: ['client_request_id', 'client_secret'],
);
expect($result['status'])->toBe(ProviderBoundaryCatalog::STATUS_ALLOWED)
->and($result['violation_code'])->toBe(ProviderBoundaryCatalog::VIOLATION_NONE);
});
it('keeps operation definitions separate from provider bindings', function (): void {
$registry = app(ProviderOperationRegistry::class);
$definition = $registry->get('provider.connection.check');
$binding = $registry->bindingFor('provider.connection.check', 'microsoft');
expect($definition)->toMatchArray([
'operation_type' => 'provider.connection.check',
'module' => 'health_check',
'label' => 'Provider connection check',
'required_capability' => \App\Support\Auth\Capabilities::PROVIDER_RUN,
]);
expect($binding)->toMatchArray([
'provider' => 'microsoft',
'binding_status' => ProviderOperationRegistry::BINDING_ACTIVE,
]);
});
it('blocks provider binding metadata when it is proposed as platform-core truth', function (): void {
$result = app(ProviderBoundaryCatalog::class)->evaluateChange(
seamKey: 'provider.operation_registry',
filePath: 'app/Services/Providers/ProviderOperationRegistry.php',
proposedOwner: ProviderBoundaryOwner::PlatformCore,
providerSpecificTerms: ['microsoft'],
introducesNewBinding: true,
);
expect($result['status'])->toBe(ProviderBoundaryCatalog::STATUS_BLOCKED)
->and($result['violation_code'])->toBe(ProviderBoundaryCatalog::VIOLATION_PROVIDER_BINDING_AS_PRIMARY_TRUTH);
});
Reference in New Issue View Git Blame Copy Permalink