ahmido/TenantAtlas
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects 1 Releases Wiki Activity
31376c422e
TenantAtlas/specs/069-managed-tenant-onboarding-wizard/contracts/onboarding-wizard.md
Ahmed Darrazi 31376c422e wip: save 069 onboarding wizard v1 worktree state
2026-02-01 12:20:09 +01:00

2.5 KiB
Raw Blame History

Contracts — Managed Tenant Onboarding Wizard v1

This feature is primarily a Filament wizard UI, so the “contracts” are internal (Livewire actions + routes), plus the OperationRun types used for enqueue-only verification.

Routes (tenant-plane)

All routes are within the /admin panel and tenant-prefixed (current panel config uses tenantRoutePrefix('t')).

  • GET /admin/t/{tenant:external_id}/onboarding
    • Render wizard and resume active session (no outbound calls; DB-only)
  • POST /admin/t/{tenant:external_id}/onboarding/save
    • Persist current step + payload (DB-only)
  • POST /admin/t/{tenant:external_id}/onboarding/verify
    • Enqueue verification operation(s) as OperationRun records; return immediately

Livewire/Filament component actions

All server-side actions MUST:

  • enforce membership (404 for non-members)
  • enforce capability (403 for members lacking the capability)
  • never make outbound HTTP during render/mount

startOrResume()

  • Input: tenant context (tenant_id inferred from route)
  • Output: session id + current step
  • Behavior:
    • if an active session exists for tenant, load and continue
    • else create new active session

saveStep(string $step, array $state)

  • Input:
    • step: one of welcome|tenant_details|credentials|permissions|verification
    • state: non-secret state only
  • Output: updated session
  • Invariants:
    • state must be validated per-step
    • secrets MUST NOT be persisted

enqueueVerification()

  • Input: none (reads from session + tenant)
  • Output: list of OperationRun ids (or one id)
  • Behavior:
    • Use OperationRunService to create/dedupe an active run identity for this tenant + check type.
    • Dispatch jobs using existing provider operation patterns where applicable.

OperationRun types

Exact type names should follow existing ProviderOperationRegistry conventions.

tenant.rbac.verify (proposed)

  • Scope: tenant
  • Purpose: enqueue-only verification of tenant RBAC prerequisites
  • Identity: stable for (tenant_id, "tenant.rbac.verify") when active
  • Job side effects:
    • update tenants.rbac_last_checked_at
    • write sanitized warning messages to tenants.rbac_last_warnings
    • store per-check result details in tenants.rbac_canary_results

Optional: tenant.credentials.verify (proposed)

  • Scope: tenant
  • Only if credentials step is enabled/required

Legacy entry points

  • GET /admin/new → redirect to “Choose workspace” (as per spec clarifications)
  • Any other legacy onboarding entry points should be redirected or removed.