ahmido/TenantAtlas
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects 1 Releases Wiki Activity
50cc0af961
TenantAtlas/specs/073-unified-managed-tenant-onboarding-wizard/plan.md
ahmido 8e34b6084f 073-unified-managed-tenant-onboarding-wizard (#90) 
Kontext / Ziel
Diese PR liefert den einzigen kanonischen Onboarding-Entry unter /admin/onboarding (workspace-first, tenantless bis zur Aktivierung) und ergänzt einen tenantless OperationRun-Viewer unter /admin/operations/{run} mit membership→404 Semantik.

Was ist enthalten?
Single entry point: /admin/onboarding ist der einzige Einstieg; Legacy Entry Points liefern echte 404 (keine Redirects).
Wizard v1 (Enterprise): idempotentes Identifizieren eines Managed Tenants (per Entra Tenant ID), resumable Session-Flow.
Provider Connection Step: Auswahl oder Erstellung, Secrets werden nie erneut gerendert / nicht in Session-State persistiert.
Verification als OperationRun: async/queued, DB-only Rendering im Wizard (keine Graph-Calls beim Rendern).
Tenantless Run Viewing: /admin/operations/{run} funktioniert ohne ausgewählten Workspace/Tenant, aber bleibt über Workspace-Mitgliedschaft autorisiert (non-member → 404).
RBAC-UX Semantik: non-member → 404, member ohne Capability → UI disabled + tooltip, server-side Action → 403.
Auditability: Aktivierung/Overrides sind auditierbar, stable action IDs, keine Secrets.
Tech / Version-Safety
Filament v5 / Livewire v4.0+ kompatibel.
Laravel 11+: Panel Provider Registrierung in providers.php (unverändert).
Tests / Format
vendor/bin/sail bin pint --dirty
Full suite: vendor/bin/sail artisan test --no-ansi → 984 passed, 5 skipped (exit 0)
Ops / Deployment Notes
Keine zusätzlichen Services vorausgesetzt.
Falls Assets registriert wurden: Deployment weiterhin mit php artisan filament:assets (wie üblich im Projekt).

Co-authored-by: Ahmed Darrazi <ahmeddarrazi@adsmac.fritz.box>
Co-authored-by: Ahmed Darrazi <ahmeddarrazi@MacBookPro.fritz.box>
Reviewed-on: #90
2026-02-04 23:30:55 +00:00

5.3 KiB
Raw Blame History

Implementation Plan: Managed Tenant Onboarding Wizard V1 (Enterprise)

Branch: 073-unified-managed-tenant-onboarding-wizard | Date: 2026-02-04 | Spec: specs/073-unified-managed-tenant-onboarding-wizard/spec.md Input: Feature specification from specs/073-unified-managed-tenant-onboarding-wizard/spec.md

Summary

Deliver a single onboarding entry point at /admin/onboarding that is workspace-first and tenantless until activation. Verification and optional bootstrap actions run asynchronously as OperationRuns and are viewable via a tenantless URL /admin/operations/{run} with workspace-membership based 404 semantics.

This requires:

  • Updating onboarding routing and removing legacy entry points.
  • Making the operations run viewer safe and usable without a selected workspace and without tenant routing.
  • Ensuring RBAC-UX semantics (non-member → 404, member missing capability → 403) while keeping UI discoverability (disabled+tooltip).

Technical Context

Language/Version: PHP 8.4 (Laravel 12) Primary Dependencies: Filament v5, Livewire v4 Storage: PostgreSQL (Sail) Testing: Pest v4 Target Platform: macOS dev + Sail containers; deployed in containers (Dokploy) Project Type: Web application Performance Goals: Wizard + Monitoring pages render DB-only (no external calls); queued work for Graph Constraints:

  • Canonical entry /admin/onboarding only
  • Tenantless operations viewer /admin/operations/{run} must not require selected workspace and must not auto-switch workspaces
  • Secrets never rendered after capture; no secrets in operation run failures/audits Scale/Scope: Multi-workspace admin app; onboarding must be safe, resumable, and regression-tested

Constitution Check

GATE: Must pass before Phase 0 research. Re-check after Phase 1 design.

  • Inventory-first: Not directly impacted.
  • Read/write separation: activation + overrides are write paths → audit + tests.
  • Graph contract path: verification/bootstrap Graph calls only via GraphClientInterface and config/graph_contracts.php (including connectivity probes like organization and service-principal permission lookups).
  • Deterministic capabilities: wizard uses canonical capability registry; no role-string checks.
  • RBAC-UX: enforce 404/403 semantics; server-side authorizes all actions; UI disabled state is informational only.
  • Authorization planes: tenant plane (Entra users) only; no platform plane (/system) routes or cross-plane behavior.
  • Run observability: verification/bootstrap runs use OperationRun; render remains DB-only.
  • Data minimization: never persist secrets in session/state/report/audit.
  • Badge semantics: status chips use centralized badge mapping.

Project Structure

Documentation (this feature)

specs/073-unified-managed-tenant-onboarding-wizard/
├── plan.md
├── research.md
├── data-model.md
├── quickstart.md
├── contracts/
│   ├── http.openapi.yaml
│   └── onboarding-actions.md
└── tasks.md

Source Code (repository root)

app/
├── Filament/Pages/
├── Filament/Resources/
├── Http/Middleware/
├── Models/
├── Policies/
├── Services/
└── Support/

database/migrations/
tests/Feature/

Structure Decision: Implement onboarding as a Filament Page under app/Filament/Pages and keep operations viewing on OperationRunResource, but change authorization/middleware to support tenantless viewing.

Phase 0 — Research

See: specs/073-unified-managed-tenant-onboarding-wizard/research.md

Phase 1 — Design & Contracts

See:

  • specs/073-unified-managed-tenant-onboarding-wizard/data-model.md
  • specs/073-unified-managed-tenant-onboarding-wizard/contracts/http.openapi.yaml
  • specs/073-unified-managed-tenant-onboarding-wizard/contracts/onboarding-actions.md
  • specs/073-unified-managed-tenant-onboarding-wizard/quickstart.md

Phase 2 — Planning (implementation outline)

  1. Routing
  • Add /admin/onboarding (canonical, sole entry point).
  • Remove legacy entry points (404; no redirects): /admin/new, /admin/managed-tenants/onboarding, and any tenant-scoped onboarding/create entry points.
  1. Tenantless operations run viewer
  • Exempt /admin/operations/{run} from forced workspace selection (EnsureWorkspaceSelected) and from tenant auto-selection side effects when needed.
  • Authorize OperationRun viewing by workspace membership derived from the run (non-member → 404).
  1. OperationRun model + schema alignment
  • Add operation_runs.workspace_id and support tenantless runs (tenant_id nullable) if onboarding verification/bootstraps start before activation.
  • Preserve DB-level active-run dedupe with partial unique indexes for both tenant-bound and tenantless runs.
  1. Wizard authorization model
  • Gate wizard actions per canonical capabilities; keep controls visible-but-disabled with tooltip; server-side returns 403 for execution.
  • Activation is owner-only; blocked override requires reason + audit.
  1. Tests
  • Add/extend Pest feature tests for:
    • canonical /admin/onboarding routing
    • legacy entry points 404
    • /admin/operations/{run} membership→404 behavior without selected workspace
    • 403 for member action attempts without capability
    • owner-only activation + override audit reason

Complexity Tracking

No constitution violations expected; changes are localized and gated by tests.