ahmido/TenantAtlas
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects 1 Releases Wiki Activity
1be262a756
TenantAtlas/specs/095-graph-contracts-registry-completeness/research.md
ahmido eec93b510a Spec 095: Graph contracts registry completeness + registry-backed call sites (#114) 
Implements Spec 095.

What changed
- Registers 4 Graph resources in the contract registry (plus required subresource template)
- Refactors in-scope call sites to resolve Graph paths via the registry (no ad-hoc endpoints for these resources)
- Adds/updates regression tests to prevent future drift (missing registry entries and endpoint string reintroduction)
- Includes full SpecKit artifacts under specs/095-graph-contracts-registry-completeness/

Validation
- Focused tests:
  - `vendor/bin/sail artisan test --compact tests/Feature/Graph/GraphContractRegistryCoverageSpec095Test.php tests/Feature/SettingsCatalogDefinitionResolverTest.php`

Notes
- Livewire v4.0+ / Filament v5 compliant (no UI changes).
- No new routes/pages; no RBAC model changes.

Co-authored-by: Ahmed Darrazi <ahmed.darrazi@live.de>
Reviewed-on: #114
2026-02-15 15:02:27 +00:00

1.9 KiB
Raw Blame History

Phase 0 — Research: Graph Contracts Registry Completeness

Decisions

Decision: Scope of enforcement

  • Decision: Enforce “registry-backed paths” only for the four specified Graph resources and the five known call sites.
  • Rationale: Keeps the change bounded and reviewable while addressing the concrete governance gap.
  • Alternatives considered:
    • Enforce across the entire codebase (rejected: scope explosion and higher regression risk).

Decision: Acceptance evidence

  • Decision: Pest tests passing are sufficient acceptance evidence.
  • Rationale: Reproducible in CI/local without requiring a live tenant or delegated auth.
  • Alternatives considered:
    • Require drift-check command output (rejected: can require tenant setup and auth).

Decision: Handling additional discoveries

  • Decision: Do not expand scope beyond the four specified resources.
  • Rationale: Prevents “scope creep by implementation”. Additional gaps can be handled via a follow-up spec.
  • Alternatives considered:
    • Expand to additional resources found during implementation (rejected: unbounded).

Best Practices / Patterns (Repo-specific)

  • Contract registry: Graph endpoint resources are centrally declared in config/graph_contracts.php and should be considered the source of truth.
  • Graph client: All Graph calls route through GraphClientInterface.
  • Governance goal: Feature code should avoid ad-hoc endpoint strings for governed resources.

Testing Strategy

  • Registry completeness test: Assert the four resources are registered and the template subresource is representable.
  • Regression guard: Assert the five in-scope files do not contain hardcoded endpoint substrings for the governed resources.

Notes

  • This feature makes no changes to RBAC, UI, database schema, or operations observability.

Follow-ups (out of scope)

  • None identified yet.