ahmido/TenantAtlas
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects 1 Releases Wiki Activity
website-dev
TenantAtlas/specs/238-provider-identity-target-scope/research.md
ahmido be314c577f Spec 400: rebuild Tenantial homepage visuals (#387) 
## Summary
- rebuild the public Tenantial homepage around an evidence-first Microsoft tenant governance narrative
- replace the old hero visual with a new static dashboard preview and add dedicated Trust Bar and Feature Pillars sections
- update the shared public shell, navigation, footer, dark design tokens, assets, and homepage content to match the new brand direction
- align website smoke coverage and Spec 400 artifacts with the rebuilt homepage

## Testing
- not run in this pass
- updated website smoke specs under apps/website/tests/smoke

## Note
- `website-dev` was pushed to `origin` so the requested PR base exists remotely
- the remote `website-dev` branch is an ancestor of `origin/dev`, so this PR may also show upstream `dev` history relative to that base

Co-authored-by: Ahmed Darrazi <ahmed.darrazi@live.de>
Reviewed-on: #387
2026-05-18 14:38:11 +00:00

3.8 KiB
Raw Permalink Blame History

Research: Provider Identity & Target Scope Neutrality

Decision 1: Use one small shared target-scope descriptor instead of a broad provider identity framework

  • Decision: Introduce one small shared descriptor for provider connection target scope and reuse it across the provider connection resource, onboarding, validation, and audit wording.
  • Rationale: The current release needs one neutral shared truth for multiple real surfaces, not a generalized provider marketplace or identity framework. A small descriptor layer is enough to keep shared language neutral while still letting Microsoft-specific detail remain contextual.
  • Alternatives considered:
    • Page-local label cleanup only: rejected because it would leave the shared contract Microsoft-shaped underneath.
    • Broad provider identity abstraction: rejected because there is still only one shipped provider runtime and the current hotspot is narrower than that.

Decision 2: Keep Microsoft tenant and directory details as provider-owned contextual metadata

  • Decision: Retain entra_tenant_id, authority-tenant details, consent wording, and Microsoft verification details only as contextual provider-owned metadata on Microsoft paths.
  • Rationale: Operators still need Microsoft-specific identifiers for consent and troubleshooting, but those identifiers should not define the default meaning of a provider connection on generic shared surfaces.
  • Alternatives considered:
    • Remove Microsoft-specific details from the UI entirely: rejected because the current product still needs them on Microsoft-only workflows.
    • Keep them as the default connection summary: rejected because that preserves the current provider-boundary drift.

Decision 3: Neutralize shared Filament surfaces first, not every provider term in the repo

  • Decision: Limit the first slice to provider connection list, detail, create, edit, onboarding provider setup, and shared audit or validation wording directly tied to those surfaces.
  • Rationale: These are the concrete operator-facing hotspots already named in the spec. A repo-wide terminology sweep would widen scope without improving the core shared contract any faster.
  • Alternatives considered:
    • Rename every provider-related term immediately: rejected because it would turn one bounded hotspot into a broad copy and architecture sweep.
    • Leave onboarding for later: rejected because it would preserve two competing interpretations of the same connection truth.

Decision 4: Anchor neutrality in shared resolution and mutation paths, not only in UI labels

  • Decision: Update the existing provider connection and identity-resolution outputs plus mutation and audit wording so shared surfaces all consume the same neutral target-scope semantics.
  • Rationale: UI-only changes would be fragile because validation, audit prose, and future surfaces would still source their meaning from Microsoft-shaped service outputs.
  • Alternatives considered:
    • Keep service outputs unchanged and translate everything in Filament only: rejected because future surfaces would likely repeat the same drift.
    • Replace the entire provider identity stack: rejected because the current hotspot is limited to shared target-scope meaning.

Decision 5: Enforce the contract with focused guardrails, not browser coverage

  • Decision: Add focused unit and feature guard coverage for neutral target-scope descriptors, shared surface labels, onboarding reuse, and audit wording.
  • Rationale: The risk is semantic drift in shared provider connection truth, not browser-only interaction. Narrow unit and feature coverage are the cheapest proof.
  • Alternatives considered:
    • Browser tests: rejected because they add cost without proving unique behavior for this slice.
    • Manual review only: rejected because the feature exists to stop the same hotspot from reopening quietly.