ahmido/TenantAtlas
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects 1 Releases Wiki Activity
31376c422e
TenantAtlas/specs/069-managed-tenant-onboarding-wizard/contracts/onboarding-wizard.md
Ahmed Darrazi 31376c422e wip: save 069 onboarding wizard v1 worktree state
2026-02-01 12:20:09 +01:00

68 lines
2.5 KiB
Markdown
Raw Blame History

# Contracts — Managed Tenant Onboarding Wizard v1
This feature is primarily a Filament wizard UI, so the “contracts” are internal (Livewire actions + routes), plus the `OperationRun` types used for enqueue-only verification.
## Routes (tenant-plane)
All routes are within the `/admin` panel and tenant-prefixed (current panel config uses `tenantRoutePrefix('t')`).
- `GET /admin/t/{tenant:external_id}/onboarding`
- Render wizard and resume active session (no outbound calls; DB-only)
- `POST /admin/t/{tenant:external_id}/onboarding/save`
- Persist current step + payload (DB-only)
- `POST /admin/t/{tenant:external_id}/onboarding/verify`
- Enqueue verification operation(s) as `OperationRun` records; return immediately
## Livewire/Filament component actions
All server-side actions MUST:
- enforce membership (404 for non-members)
- enforce capability (403 for members lacking the capability)
- never make outbound HTTP during render/mount
### `startOrResume()`
- Input: tenant context (`tenant_id` inferred from route)
- Output: session id + current step
- Behavior:
- if an `active` session exists for tenant, load and continue
- else create new `active` session
### `saveStep(string $step, array $state)`
- Input:
- `step`: one of `welcome|tenant_details|credentials|permissions|verification`
- `state`: non-secret state only
- Output: updated session
- Invariants:
- state must be validated per-step
- secrets MUST NOT be persisted
### `enqueueVerification()`
- Input: none (reads from session + tenant)
- Output: list of `OperationRun` ids (or one id)
- Behavior:
- Use `OperationRunService` to create/dedupe an active run identity for this tenant + check type.
- Dispatch jobs using existing provider operation patterns where applicable.
## OperationRun types
Exact type names should follow existing `ProviderOperationRegistry` conventions.
### `tenant.rbac.verify` (proposed)
- Scope: tenant
- Purpose: enqueue-only verification of tenant RBAC prerequisites
- Identity: stable for `(tenant_id, "tenant.rbac.verify")` when active
- Job side effects:
- update `tenants.rbac_last_checked_at`
- write sanitized warning messages to `tenants.rbac_last_warnings`
- store per-check result details in `tenants.rbac_canary_results`
### Optional: `tenant.credentials.verify` (proposed)
- Scope: tenant
- Only if credentials step is enabled/required
## Legacy entry points
- `GET /admin/new` → redirect to “Choose workspace” (as per spec clarifications)
- Any other legacy onboarding entry points should be redirected or removed.
Reference in New Issue View Git Blame Copy Permalink