TenantAtlas/specs/088-remove-tenant-graphoptions-legacy/data-model.md

Data Model — Remove Legacy Tenant Graph Options

Summary

This feature is a behavioral refactor only. It changes how Graph credentials/options are sourced (provider connection only) and adds a CI guardrail. No schema changes are included.

Entities (existing)

Tenant (app/Models/Tenant.php)

• Relevant fields (legacy): app_client_id, app_client_secret, tenant_id, external_id
• Relevant method (deprecated): graphOptions(): array
• Planned behavior: graphOptions() remains but throws (kill-switch) to prevent legacy use.

ProviderConnection (app/Models/ProviderConnection.php)

• Used by: ProviderConnectionResolver::resolveDefault($tenant, 'microsoft')
• Key fields: tenant_id, provider, is_default, status, entra_tenant_id

ProviderCredential (app/Models/ProviderCredential.php)

• Used by: CredentialManager::getClientCredentials($connection) via ProviderGateway::graphOptions()
• Expected payload: ['client_id' => string, 'client_secret' => string]

Relationships (existing)

• Tenant::providerConnections() → hasMany ProviderConnection
• ProviderConnection::credential() → hasOne/hasMany ProviderCredential (via relationship method in model)

Validation / Constraints

• Provider connection resolution must fail deterministically when:
  • No default connection exists for tenant/provider
  • Multiple defaults exist
  • Connection is disabled / needs consent
  • Missing entra_tenant_id
  • Missing/invalid credential payload

(These rules are currently enforced by ProviderConnectionResolver.)

State Transitions

• None added by this feature.

Out of Scope

• Dropping / migrating tenant credential columns.
• Changing provider resolution semantics.