ahmido/TenantAtlas
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects 1 Releases Wiki Activity
website-dev
TenantAtlas/specs/236-canonical-control-catalog-foundation/quickstart.md
ahmido be314c577f Spec 400: rebuild Tenantial homepage visuals (#387) 
## Summary
- rebuild the public Tenantial homepage around an evidence-first Microsoft tenant governance narrative
- replace the old hero visual with a new static dashboard preview and add dedicated Trust Bar and Feature Pillars sections
- update the shared public shell, navigation, footer, dark design tokens, assets, and homepage content to match the new brand direction
- align website smoke coverage and Spec 400 artifacts with the rebuilt homepage

## Testing
- not run in this pass
- updated website smoke specs under apps/website/tests/smoke

## Note
- `website-dev` was pushed to `origin` so the requested PR base exists remotely
- the remote `website-dev` branch is an ancestor of `origin/dev`, so this PR may also show upstream `dev` history relative to that base

Co-authored-by: Ahmed Darrazi <ahmed.darrazi@live.de>
Reviewed-on: #387
2026-05-18 14:38:11 +00:00

69 lines
3.0 KiB
Markdown
Raw Permalink Blame History

# Quickstart: Canonical Control Catalog Foundation
## Goal
Implement the first canonical control core without introducing framework overlays, operator CRUD, or new provider runtime machinery.
## Implementation Sequence
1. Add the product-seeded canonical control registry and the supporting value objects.
2. Add provider-owned Microsoft subject and signal bindings.
3. Implement the shared resolution contract with explicit `resolved`, `unresolved`, and `ambiguous` outcomes.
4. Wire a bounded first-slice set of governance consumers to the shared contract.
5. Add focused unit and feature coverage proving convergence and ambiguity handling.
## Suggested Code Areas
```text
apps/platform/app/Support/Governance/Controls/
apps/platform/config/
apps/platform/app/Services/Evidence/
apps/platform/app/Services/TenantReviews/
apps/platform/tests/Unit/Governance/
apps/platform/tests/Feature/Governance/
apps/platform/tests/Feature/Evidence/
apps/platform/tests/Feature/TenantReview/
```
## Verification Commands
Run the narrowest proving lane first:
```bash
cd apps/platform && ./vendor/bin/sail artisan test --compact tests/Unit/Governance/CanonicalControlCatalogTest.php tests/Unit/Governance/CanonicalControlResolverTest.php
```
Then run the bounded integration proof:
```bash
cd apps/platform && ./vendor/bin/sail artisan test --compact tests/Feature/Governance/CanonicalControlResolutionIntegrationTest.php tests/Feature/Evidence/EvidenceSnapshotCanonicalControlReferenceTest.php tests/Feature/TenantReview/TenantReviewCanonicalControlReferenceTest.php
```
If PHP files were added or changed, finish with formatting:
```bash
cd apps/platform && ./vendor/bin/sail bin pint --dirty --format agent
```
## Review Focus
- Confirm the control catalog remains provider-neutral at its core.
- Confirm Microsoft bindings are secondary metadata only.
- Confirm first-slice evidence and tenant review consumers do not invent feature-local control-family wording.
- Confirm ambiguity is explicit and never guessed.
- Confirm no Graph path or provider sync job slipped into the slice.
- Confirm no broad persistence or authoring UI slipped into the first slice.
## Guardrail Close-Out
- Validation completed:
- `cd apps/platform && ./vendor/bin/sail artisan test --compact tests/Unit/Governance/CanonicalControlCatalogTest.php tests/Unit/Governance/CanonicalControlResolverTest.php`
- `cd apps/platform && ./vendor/bin/sail artisan test --compact tests/Feature/Governance/CanonicalControlResolutionIntegrationTest.php tests/Feature/Evidence/EvidenceSnapshotCanonicalControlReferenceTest.php tests/Feature/TenantReview/TenantReviewCanonicalControlReferenceTest.php`
- `cd apps/platform && ./vendor/bin/sail bin pint --dirty --format agent`
- Guardrails checked:
- No Graph client change.
- No `config/graph_contracts.php` change.
- No provider sync job.
- No feature-local control-family fallback or workload-first primary control vocabulary in the touched evidence and tenant review adoption paths.
- Bounded follow-up: none for this slice.
Reference in New Issue View Git Blame Copy Permalink