39fd8ca1ea
- Enrich drift findings evidence_jsonb for diff UX (summary.kind, refs, fidelity, provenance) - Add baseline policy version resolver and contract asserts - Remove legacy drift generator + DriftLanding surfaces - Add one-time cleanup migration for legacy drift findings - Scope baseline capture/landing warnings to latest inventory sync - Canonicalize compliance scheduledActionsForRule drift signal
198 lines
5.6 KiB
YAML
198 lines
5.6 KiB
YAML
openapi: 3.0.3
|
|
info:
|
|
title: TenantPilot Drift (Golden Master) UI endpoints
|
|
version: "1.0"
|
|
description: |
|
|
Minimal contract describing the drift entry point and findings surfaces after Spec 119 cutover.
|
|
|
|
Note: These are Filament (server-rendered / Livewire) endpoints, not a public JSON API.
|
|
servers:
|
|
- url: /
|
|
paths:
|
|
/admin/t/{tenant}/baseline-compare-landing:
|
|
get:
|
|
summary: Drift entry point (Baseline Compare landing)
|
|
description: |
|
|
Tenant-scoped landing page used as the Drift entry point post-cutover.
|
|
parameters:
|
|
- name: tenant
|
|
in: path
|
|
required: true
|
|
schema:
|
|
type: integer
|
|
responses:
|
|
"200":
|
|
description: HTML page
|
|
content:
|
|
text/html:
|
|
schema:
|
|
type: string
|
|
"403":
|
|
description: Tenant member but missing capability
|
|
"404":
|
|
description: Not entitled to tenant/workspace scope (deny-as-not-found)
|
|
"302":
|
|
description: Redirect to login
|
|
|
|
/admin/t/{tenant}/findings:
|
|
get:
|
|
summary: Findings list (tenant-scoped)
|
|
description: |
|
|
Tenant-scoped Findings list. Drift findings post-cutover must have `source = baseline.compare`.
|
|
parameters:
|
|
- name: tenant
|
|
in: path
|
|
required: true
|
|
schema:
|
|
type: integer
|
|
responses:
|
|
"200":
|
|
description: HTML page
|
|
content:
|
|
text/html:
|
|
schema:
|
|
type: string
|
|
"403":
|
|
description: Tenant member but missing capability
|
|
"404":
|
|
description: Not entitled to tenant/workspace scope (deny-as-not-found)
|
|
"302":
|
|
description: Redirect to login
|
|
|
|
/admin/t/{tenant}/findings/{record}:
|
|
get:
|
|
summary: Finding detail view (tenant-scoped)
|
|
description: |
|
|
Tenant-scoped finding detail view. Diff rendering depends on evidence keys:
|
|
- `summary.kind`
|
|
- `baseline.policy_version_id`
|
|
- `current.policy_version_id`
|
|
parameters:
|
|
- name: tenant
|
|
in: path
|
|
required: true
|
|
schema:
|
|
type: integer
|
|
- name: record
|
|
in: path
|
|
required: true
|
|
schema:
|
|
type: integer
|
|
responses:
|
|
"200":
|
|
description: HTML page
|
|
content:
|
|
text/html:
|
|
schema:
|
|
type: string
|
|
"403":
|
|
description: Tenant member but missing capability
|
|
"404":
|
|
description: Not entitled to tenant/workspace scope (deny-as-not-found)
|
|
"302":
|
|
description: Redirect to login
|
|
|
|
/admin/operations/{runId}:
|
|
get:
|
|
summary: Operation run detail (canonical)
|
|
description: Canonical tenantless run viewer (Monitoring → Operations → Run Detail).
|
|
parameters:
|
|
- name: runId
|
|
in: path
|
|
required: true
|
|
schema:
|
|
type: integer
|
|
responses:
|
|
"200":
|
|
description: HTML page
|
|
content:
|
|
text/html:
|
|
schema:
|
|
type: string
|
|
"403":
|
|
description: Workspace member but missing capability
|
|
"404":
|
|
description: Not entitled to workspace scope (deny-as-not-found)
|
|
"302":
|
|
description: Redirect to login
|
|
|
|
components:
|
|
schemas:
|
|
DriftSource:
|
|
type: string
|
|
enum: [baseline.compare]
|
|
|
|
DriftEvidenceSummaryKind:
|
|
type: string
|
|
enum: [policy_snapshot, policy_assignments, policy_scope_tags]
|
|
|
|
DriftEvidenceFidelity:
|
|
type: string
|
|
enum: [content, meta, mixed]
|
|
|
|
DriftFindingEvidence:
|
|
type: object
|
|
description: Evidence payload stored in `findings.evidence_jsonb` for drift findings.
|
|
required: [change_type, policy_type, subject_key, summary, baseline, current, fidelity, provenance]
|
|
properties:
|
|
change_type:
|
|
type: string
|
|
enum: [missing_policy, unexpected_policy, different_version]
|
|
policy_type:
|
|
type: string
|
|
subject_key:
|
|
type: string
|
|
summary:
|
|
type: object
|
|
required: [kind]
|
|
properties:
|
|
kind:
|
|
$ref: "#/components/schemas/DriftEvidenceSummaryKind"
|
|
note:
|
|
type: string
|
|
nullable: true
|
|
fidelity:
|
|
$ref: "#/components/schemas/DriftEvidenceFidelity"
|
|
provenance:
|
|
type: object
|
|
required: [baseline_profile_id, baseline_snapshot_id, compare_operation_run_id]
|
|
properties:
|
|
baseline_profile_id:
|
|
type: integer
|
|
baseline_snapshot_id:
|
|
type: integer
|
|
compare_operation_run_id:
|
|
type: integer
|
|
inventory_sync_run_id:
|
|
type: integer
|
|
nullable: true
|
|
tenant_id:
|
|
type: integer
|
|
nullable: true
|
|
baseline:
|
|
type: object
|
|
required: [policy_version_id]
|
|
properties:
|
|
policy_version_id:
|
|
type: integer
|
|
nullable: true
|
|
hash:
|
|
type: string
|
|
nullable: true
|
|
provenance:
|
|
type: object
|
|
additionalProperties: true
|
|
current:
|
|
type: object
|
|
required: [policy_version_id]
|
|
properties:
|
|
policy_version_id:
|
|
type: integer
|
|
nullable: true
|
|
hash:
|
|
type: string
|
|
nullable: true
|
|
provenance:
|
|
type: object
|
|
additionalProperties: true
|