ahmido
110245a9ec
Some checks are pending
Main Confidence / confidence (push) Waiting to run
## Summary - add a shared provider target-scope descriptor, normalizer, identity-context metadata, and surface-summary layer - update provider connection list, detail, create, edit, and onboarding surfaces to use neutral target-scope vocabulary while keeping Microsoft identity contextual - align provider connection audit and resolver output with the neutral target-scope contract and add focused guard/unit/feature coverage for regressions ## Validation - browser smoke: opened the tenant-scoped provider connection list, drilled into detail, and verified the edit/create surfaces in local admin context ## Notes - this PR comes from the session branch created for the active feature work - no additional runtime or persistence layer was introduced in this slice Co-authored-by: Ahmed Darrazi <ahmed.darrazi@live.de> Reviewed-on: #274
362 lines
11 KiB
YAML
362 lines
11 KiB
YAML
openapi: 3.1.0
|
|
info:
|
|
title: Provider Identity & Target Scope Neutrality Logical Contract
|
|
version: 0.1.0
|
|
description: |
|
|
Logical internal contract for the provider connection target-scope neutrality
|
|
slice. It describes the normalized shared target-scope descriptor, the
|
|
operator-facing surface summary, and the bounded neutrality guard result.
|
|
It is not a commitment to expose public HTTP routes.
|
|
Review stop: shared provider connection surfaces must use neutral target
|
|
scope truth by default, carry provider-owned Microsoft identity only as
|
|
contextual metadata, and resolve remaining provider-boundary drift through
|
|
document-in-feature or follow-up-spec disposition instead of silent shared
|
|
platform truth.
|
|
paths:
|
|
/logical/provider-connections/{connectionId}/target-scope:
|
|
get:
|
|
summary: Read the normalized target-scope descriptor for an existing provider connection
|
|
operationId: getProviderConnectionTargetScope
|
|
parameters:
|
|
- name: connectionId
|
|
in: path
|
|
required: true
|
|
schema:
|
|
type: integer
|
|
responses:
|
|
'200':
|
|
description: Normalized target-scope descriptor
|
|
content:
|
|
application/json:
|
|
schema:
|
|
$ref: '#/components/schemas/ProviderConnectionTargetScopeDescriptor'
|
|
/logical/provider-connections/target-scope/normalize:
|
|
post:
|
|
summary: Normalize create or edit input into shared target-scope truth plus contextual provider metadata
|
|
operationId: normalizeProviderConnectionTargetScope
|
|
requestBody:
|
|
required: true
|
|
content:
|
|
application/json:
|
|
schema:
|
|
$ref: '#/components/schemas/ProviderConnectionTargetScopeInput'
|
|
responses:
|
|
'200':
|
|
description: Normalized descriptor and optional shared-surface preview
|
|
content:
|
|
application/json:
|
|
schema:
|
|
$ref: '#/components/schemas/ProviderConnectionTargetScopeNormalizationSuccess'
|
|
'422':
|
|
description: Unsupported provider-scope combination or missing provider context
|
|
content:
|
|
application/json:
|
|
schema:
|
|
$ref: '#/components/schemas/ProviderConnectionTargetScopeNormalizationFailure'
|
|
/logical/provider-connections/{connectionId}/surface-summary:
|
|
get:
|
|
summary: Read the default-visible operator-facing summary for a shared provider connection surface
|
|
operationId: getProviderConnectionSurfaceSummary
|
|
parameters:
|
|
- name: connectionId
|
|
in: path
|
|
required: true
|
|
schema:
|
|
type: integer
|
|
responses:
|
|
'200':
|
|
description: Shared-surface summary
|
|
content:
|
|
application/json:
|
|
schema:
|
|
$ref: '#/components/schemas/ProviderConnectionSurfaceSummary'
|
|
/logical/provider-connections/neutrality/evaluate:
|
|
post:
|
|
summary: Evaluate whether a touched shared provider-connection path preserves neutral target-scope truth
|
|
operationId: evaluateProviderConnectionNeutrality
|
|
requestBody:
|
|
required: true
|
|
content:
|
|
application/json:
|
|
schema:
|
|
$ref: '#/components/schemas/ProviderConnectionNeutralityEvaluationRequest'
|
|
responses:
|
|
'200':
|
|
description: Neutrality evaluation result
|
|
content:
|
|
application/json:
|
|
schema:
|
|
$ref: '#/components/schemas/ProviderConnectionNeutralityCheckResult'
|
|
components:
|
|
schemas:
|
|
ProviderConnectionSupportedScopeKind:
|
|
type: string
|
|
enum:
|
|
- tenant
|
|
ProviderIdentityContextVisibility:
|
|
type: string
|
|
enum:
|
|
- contextual_only
|
|
- audit_only
|
|
- troubleshooting_only
|
|
ProviderIdentityContextMetadata:
|
|
type: object
|
|
properties:
|
|
provider:
|
|
type: string
|
|
detail_key:
|
|
type: string
|
|
detail_label:
|
|
type: string
|
|
detail_value:
|
|
type: string
|
|
visibility:
|
|
$ref: '#/components/schemas/ProviderIdentityContextVisibility'
|
|
required:
|
|
- provider
|
|
- detail_key
|
|
- detail_label
|
|
- detail_value
|
|
- visibility
|
|
ProviderConnectionTargetScopeDescriptor:
|
|
type: object
|
|
properties:
|
|
provider:
|
|
type: string
|
|
scope_kind:
|
|
$ref: '#/components/schemas/ProviderConnectionSupportedScopeKind'
|
|
scope_identifier:
|
|
type: string
|
|
scope_display_name:
|
|
type: string
|
|
shared_label:
|
|
type: string
|
|
shared_help_text:
|
|
type: string
|
|
required:
|
|
- provider
|
|
- scope_kind
|
|
- scope_identifier
|
|
- scope_display_name
|
|
- shared_label
|
|
- shared_help_text
|
|
ProviderConnectionTargetScopeInput:
|
|
type: object
|
|
properties:
|
|
provider:
|
|
type: string
|
|
scope_kind:
|
|
$ref: '#/components/schemas/ProviderConnectionSupportedScopeKind'
|
|
scope_identifier:
|
|
type: string
|
|
scope_display_name:
|
|
type: string
|
|
provider_specific_identity:
|
|
type: object
|
|
additionalProperties:
|
|
type: string
|
|
required:
|
|
- provider
|
|
- scope_kind
|
|
- scope_identifier
|
|
- scope_display_name
|
|
ProviderConnectionTargetScopeNormalizationSuccess:
|
|
type: object
|
|
properties:
|
|
status:
|
|
type: string
|
|
enum:
|
|
- normalized
|
|
provider:
|
|
type: string
|
|
scope_kind:
|
|
$ref: '#/components/schemas/ProviderConnectionSupportedScopeKind'
|
|
target_scope:
|
|
$ref: '#/components/schemas/ProviderConnectionTargetScopeDescriptor'
|
|
contextual_identity_details:
|
|
type: array
|
|
items:
|
|
$ref: '#/components/schemas/ProviderIdentityContextMetadata'
|
|
failure_code:
|
|
type: string
|
|
enum:
|
|
- none
|
|
message:
|
|
type: string
|
|
preview_summary:
|
|
oneOf:
|
|
- $ref: '#/components/schemas/ProviderConnectionSurfaceSummary'
|
|
- type: 'null'
|
|
required:
|
|
- status
|
|
- provider
|
|
- scope_kind
|
|
- target_scope
|
|
- contextual_identity_details
|
|
- failure_code
|
|
- message
|
|
- preview_summary
|
|
ProviderConnectionTargetScopeNormalizationFailure:
|
|
type: object
|
|
properties:
|
|
status:
|
|
type: string
|
|
enum:
|
|
- blocked
|
|
provider:
|
|
type: string
|
|
scope_kind:
|
|
$ref: '#/components/schemas/ProviderConnectionSupportedScopeKind'
|
|
failure_code:
|
|
type: string
|
|
enum:
|
|
- unsupported_provider_scope_combination
|
|
- missing_provider_context
|
|
message:
|
|
type: string
|
|
required:
|
|
- status
|
|
- provider
|
|
- scope_kind
|
|
- failure_code
|
|
- message
|
|
ProviderConnectionSurfaceSummary:
|
|
type: object
|
|
properties:
|
|
provider:
|
|
type: string
|
|
target_scope:
|
|
$ref: '#/components/schemas/ProviderConnectionTargetScopeDescriptor'
|
|
consent_state:
|
|
type: string
|
|
verification_state:
|
|
type: string
|
|
readiness_summary:
|
|
type: string
|
|
contextual_identity_details:
|
|
type: array
|
|
items:
|
|
$ref: '#/components/schemas/ProviderIdentityContextMetadata'
|
|
required:
|
|
- provider
|
|
- target_scope
|
|
- consent_state
|
|
- verification_state
|
|
- readiness_summary
|
|
- contextual_identity_details
|
|
ProviderConnectionNeutralityEvaluationRequest:
|
|
type: object
|
|
properties:
|
|
surface_key:
|
|
type: string
|
|
path:
|
|
type: string
|
|
surface_ownership:
|
|
type: string
|
|
enum:
|
|
- platform_core
|
|
- provider_owned
|
|
default_labels:
|
|
type: array
|
|
items:
|
|
type: string
|
|
required_fields:
|
|
type: array
|
|
items:
|
|
type: string
|
|
filter_labels:
|
|
type: array
|
|
items:
|
|
type: string
|
|
validation_messages:
|
|
type: array
|
|
items:
|
|
type: string
|
|
helper_copy:
|
|
type: array
|
|
items:
|
|
type: string
|
|
audit_prose:
|
|
type: array
|
|
items:
|
|
type: string
|
|
allowed_exception_classes:
|
|
type: array
|
|
items:
|
|
type: string
|
|
provider:
|
|
type: string
|
|
provider_owned_context:
|
|
type: array
|
|
items:
|
|
type: string
|
|
required:
|
|
- surface_key
|
|
- path
|
|
- surface_ownership
|
|
- default_labels
|
|
- required_fields
|
|
- filter_labels
|
|
- validation_messages
|
|
- helper_copy
|
|
- audit_prose
|
|
- allowed_exception_classes
|
|
- provider
|
|
- provider_owned_context
|
|
ProviderConnectionNeutralityCheckResult:
|
|
type: object
|
|
description: |
|
|
Guard result for touched shared provider connection surfaces. A blocked
|
|
or review_required result must name whether the issue is a default
|
|
label, filter, required field, validation message, helper copy, audit
|
|
prose, or missing target-scope descriptor, and must route the close-out
|
|
through document-in-feature or follow-up-spec.
|
|
properties:
|
|
status:
|
|
type: string
|
|
enum:
|
|
- allowed
|
|
- review_required
|
|
- blocked
|
|
surface_key:
|
|
type: string
|
|
path:
|
|
type: string
|
|
surface_ownership:
|
|
type: string
|
|
enum:
|
|
- platform_core
|
|
- provider_owned
|
|
allowed_exception_classes:
|
|
type: array
|
|
items:
|
|
type: string
|
|
violation_code:
|
|
type: string
|
|
enum:
|
|
- none
|
|
- provider_specific_default_label
|
|
- provider_specific_default_filter
|
|
- provider_specific_required_field
|
|
- provider_specific_validation_message
|
|
- provider_specific_default_helper_copy
|
|
- provider_specific_default_audit_prose
|
|
- missing_target_scope_descriptor
|
|
message:
|
|
type: string
|
|
suggested_follow_up:
|
|
type: string
|
|
enum:
|
|
- none
|
|
- document-in-feature
|
|
- follow-up-spec
|
|
required:
|
|
- status
|
|
- surface_key
|
|
- path
|
|
- surface_ownership
|
|
- allowed_exception_classes
|
|
- violation_code
|
|
- message
|
|
- suggested_follow_up
|