ahmido/TenantAtlas
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects 1 Releases Wiki Activity
321312d446
TenantAtlas/specs/001-rbac-onboarding/plan.md
ahmido 321312d446 dev-merges/c709b36 (#3) 
## Summary
<!-- Kurz: Was ändert sich und warum? -->

## Spec-Driven Development (SDD)
- [ ] Es gibt eine Spec unter `specs/<NNN>-<feature>/`
- [ ] Enthaltene Dateien: `plan.md`, `tasks.md`, `spec.md`
- [ ] Spec beschreibt Verhalten/Acceptance Criteria (nicht nur Implementation)
- [ ] Wenn sich Anforderungen während der Umsetzung geändert haben: Spec/Plan/Tasks wurden aktualisiert

## Implementation
- [ ] Implementierung entspricht der Spec
- [ ] Edge cases / Fehlerfälle berücksichtigt
- [ ] Keine unbeabsichtigten Änderungen außerhalb des Scopes

## Tests
- [ ] Tests ergänzt/aktualisiert (Pest/PHPUnit)
- [ ] Relevante Tests lokal ausgeführt (`./vendor/bin/sail artisan test` oder `php artisan test`)

## Migration / Config / Ops (falls relevant)
- [ ] Migration(en) enthalten und getestet
- [ ] Rollback bedacht (rückwärts kompatibel, sichere Migration)
- [ ] Neue Env Vars dokumentiert (`.env.example` / Doku)
- [ ] Queue/cron/storage Auswirkungen geprüft

## UI (Filament/Livewire) (falls relevant)
- [ ] UI-Flows geprüft
- [ ] Screenshots/Notizen hinzugefügt

## Notes
<!-- Links, Screenshots, Follow-ups, offene Punkte -->

Co-authored-by: Ahmed Darrazi <ahmeddarrazi@adsmac.local>
Reviewed-on: #3
2025-12-21 23:15:12 +00:00

3.2 KiB
Raw Blame History

Implementation Plan: TenantPilot v1 - RBAC Onboarding

Branch: feat/001-rbac-onboarding | Date: 2025-12-19 | Spec: specs/001-rbac-onboarding/spec.md
Input: Feature specification from specs/001-rbac-onboarding/spec.md

Summary

TenantPilot v1 core flows are already implemented per specs/001-rbac-onboarding/tasks.md. This plan focuses on finishing the remaining open items for this branch: US4 restore rerun (T156), optional RBAC check/report CLI (T167), and Settings Catalog improvements (T179, T185, T186). The RBAC onboarding wizard (US7) is tenant scoped, uses delegated login, and applies idempotent RBAC setup with audit logging. All Graph calls stay behind the Graph abstraction and contract registry.

Technical Context

Language/Version: PHP 8.4.15 (Laravel 12)
Primary Dependencies: Filament v4, Livewire v3, Pest v4, Tailwind CSS v4
Storage: PostgreSQL (JSONB for snapshots/backups/versions)
Testing: Pest (php artisan test or ./vendor/bin/sail artisan test)
Target Platform: Docker/Sail locally; Dokploy containers in staging/production
Project Type: Single Laravel web application (Filament admin UI)
Performance Goals: Needs clarification (focus on safety and admin UX)
Constraints: Tenant isolation, least privilege, explicit confirmations, audit logging, no token persistence, staging gate before production
Scale/Scope: Multi-tenant Intune admin workflows (inventory, backup, versioning, restore, RBAC onboarding)

Constitution Check

/.specify/memory/constitution.md is a placeholder template, so there are no explicit gates defined there. This plan follows the repo rules in AGENTS.md and the spec:

  • Spec first workflow and branch naming conventions
  • Tests required for changes (Pest)
  • Audit logging for sensitive actions
  • Restore safety gates and explicit confirmations
  • No secrets in logs; delegated tokens are not persisted

Project Structure

Documentation (this feature)

specs/001-rbac-onboarding/
├── spec.md
├── plan.md
└── tasks.md

Source Code (repository root)

app/
├── Filament/
├── Livewire/
├── Models/
├── Services/
├── Jobs/
├── Console/
bootstrap/
config/
database/
resources/
routes/
tests/

Structure Decision: Single Laravel application; no separate frontend/backend split.

Execution Plan (aligned to tasks.md)

Phase A - RBAC wizard completion and safety

  • Confirm US7 wizard flow, audit coverage, and health panel status (FR-023 to FR-030).
  • Optional: implement T167 (check/report CLI only; no grant).

Phase B - Restore rerun UX

  • Implement T156: rerun action clones restore run (backup_set_id, items, dry_run) and enforces same safety gates.

Phase C - Settings Catalog restore correctness and readability

  • Implement T179: central hydration of settingsCatalogPolicy snapshots (versions, backups, previews).
  • Implement T185: improve labels/value previews in settings table.
  • Implement T186: ensure settings_apply payload preserves @odata.type and correct body shape.

Testing and Quality Gates

  • Add or extend Pest tests per task requirements (feature + unit); run targeted tests.
  • Run vendor/bin/pint --dirty on touched files.

Complexity Tracking

None.