ahmido/TenantAtlas
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects 1 Releases Wiki Activity
6063f866a9
TenantAtlas/specs/144-canonical-operation-viewer-context-decoupling/quickstart.md
ahmido b0a724acef feat: harden canonical run viewer and onboarding draft state (#173) 
## Summary
- harden the canonical operation run viewer so mismatched, missing, archived, onboarding, and selector-excluded tenant context no longer invalidates authorized canonical run viewing
- extend canonical route, header-context, deep-link, and presentation coverage for Spec 144 and add the full spec artifact set under `specs/144-canonical-operation-viewer-context-decoupling/`
- harden onboarding draft provider-connection resume logic so stale persisted provider connections fall back to the connect-provider step instead of resuming invalid state
- add architecture-audit follow-up candidate material and prompt assets for the next governance hardening wave

## Testing
- `vendor/bin/sail bin pint --dirty --format agent`
- `vendor/bin/sail artisan test --compact tests/Feature/144/CanonicalOperationViewerContextMismatchTest.php tests/Feature/144/CanonicalOperationViewerDeepLinkTrustTest.php tests/Feature/Operations/TenantlessOperationRunViewerTest.php tests/Feature/OpsUx/OperateHubShellTest.php tests/Feature/Monitoring/OperationsTenantScopeTest.php tests/Feature/RunAuthorizationTenantIsolationTest.php tests/Feature/Filament/OperationRunEnterpriseDetailPageTest.php tests/Feature/Monitoring/HeaderContextBarTest.php tests/Feature/Monitoring/OperationRunResolvedReferencePresentationTest.php tests/Feature/Monitoring/OperationsCanonicalUrlsTest.php`
- `vendor/bin/sail artisan test --compact tests/Feature/ManagedTenantOnboardingWizardTest.php tests/Unit/Onboarding/OnboardingDraftStageResolverTest.php tests/Unit/Onboarding/OnboardingLifecycleServiceTest.php`

## Notes
- branch: `144-canonical-operation-viewer-context-decoupling`
- base: `dev`

Co-authored-by: Ahmed Darrazi <ahmed.darrazi@live.de>
Reviewed-on: #173
2026-03-15 18:32:04 +00:00

2.8 KiB
Raw Blame History

Quickstart: Canonical Operation Viewer Context Decoupling

Goal

Verify that canonical operation run viewing is independent of remembered tenant context while preserving tenant entitlement and capability semantics.

Preconditions

  1. Start the local environment:
vendor/bin/sail up -d
  1. Ensure test database and app state are ready:
vendor/bin/sail artisan optimize:clear

Manual Verification Flow

  1. Sign in as a user who is a member of one workspace and entitled to at least two tenants in that workspace.
  2. Open a canonical run linked to tenant A while tenant B is selected in the header.
  3. Confirm the page still renders the run and shows a non-blocking mismatch message.
  4. Clear tenant context or open the same run from a fresh session with no selected tenant.
  5. Confirm the run still renders.
  6. Open a tenantless run.
  7. Confirm the page renders with workspace-level framing and no tenant selection requirement.
  8. Open the same run from a notification-style or verification-surface View run entry point with no selected tenant.
  9. Confirm the canonical viewer still resolves the same run.
  10. Open a run linked to an onboarding, archived, or other tenant state already excluded from selector rules.
  11. Confirm the page remains viewable, lifecycle-aware messaging is shown, and tenant follow-up actions are reduced or absent without blocking the viewer.
  12. Open a canonical run for a tenant the current user is not entitled to.
  13. Confirm the response is deny-as-not-found.
  14. Open a run type that resolves a capability the current user lacks while workspace and tenant scope are otherwise valid.
  15. Confirm the response is forbidden.

Focused Test Command

vendor/bin/sail artisan test --compact \
  tests/Feature/144/CanonicalOperationViewerContextMismatchTest.php \
  tests/Feature/144/CanonicalOperationViewerDeepLinkTrustTest.php \
  tests/Feature/Operations/TenantlessOperationRunViewerTest.php \
  tests/Feature/OpsUx/OperateHubShellTest.php \
  tests/Feature/Monitoring/OperationsTenantScopeTest.php \
  tests/Feature/RunAuthorizationTenantIsolationTest.php \
  tests/Feature/Filament/OperationRunEnterpriseDetailPageTest.php

Formatting

Run the required formatter after implementation changes:

vendor/bin/sail bin pint --dirty --format agent

Expected Outcome

  • Canonical run viewing succeeds for authorized users regardless of remembered tenant context mismatch.
  • Tenant-linked runs still enforce direct tenant entitlement.
  • Tenantless runs and onboarding, archived, or otherwise selector-excluded tenant-linked runs remain viewable when authorized.
  • View run deep links remain canonical and trustworthy across tenant, notification, verification, and monitoring surfaces.
  • Reduced or unavailable tenant follow-up actions do not invalidate the canonical viewer.