ahmido/TenantAtlas
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects 1 Releases Wiki Activity
641bb4afde
TenantAtlas/specs/143-tenant-lifecycle-operability-context-semantics/data-model.md
ahmido 641bb4afde feat: implement tenant lifecycle operability semantics (#172) 
## Summary
- implement Spec 143 tenant lifecycle, operability, and tenant-context semantics across chooser, tenant management, onboarding, and canonical operation viewers
- add centralized tenant lifecycle and operability support types, audit action coverage, and lifecycle-aware badge and action handling
- add feature and unit coverage for tenant chooser eligibility, global search scoping, canonical operation access, onboarding authorization, and lifecycle presentation

## Testing
- vendor/bin/sail artisan test --compact
- vendor/bin/sail bin pint --dirty --format agent

Co-authored-by: Ahmed Darrazi <ahmed.darrazi@live.de>
Reviewed-on: #172
2026-03-15 09:08:36 +00:00

180 lines
6.1 KiB
Markdown
Raw Blame History

# Data Model: Tenant Lifecycle, Operability, and Context Semantics Foundation
## Core Entities
### Workspace
- Purpose: Primary ownership, isolation, and session boundary.
- Existing source: `App\Models\Workspace`.
- Key relationships:
- has many tenants
- has many onboarding workflow records
- has many canonical operation runs
- Validation and invariants:
- Workspace membership is required before any tenant or canonical record is revealed.
- Workspace-owned canonical viewers may exist without tenant context in the URL.
### Tenant
- Purpose: Durable workspace-owned tenant record.
- Existing source: `App\Models\Tenant`.
- Canonical fields relevant to this feature:
- `id`
- `workspace_id`
- `external_id`
- `name`
- `status`
- `deleted_at`
- `is_current`
- Canonical lifecycle states:
- `draft`
- `onboarding`
- `active`
- `archived`
- Relationships:
- belongs to workspace
- has many memberships
- may be linked from onboarding workflow records
- may be referenced by operation runs
- Validation and invariants:
- Tenant lifecycle is the durable domain status, not the full workflow progression state.
- Only `active` tenants may become normal tenant context.
- Archived tenants remain retained for auditability and controlled restoration.
### TenantOnboardingSession
- Purpose: Workspace-scoped onboarding workflow record.
- Existing source: `App\Models\TenantOnboardingSession`.
- Key fields relevant to this feature:
- `id`
- `workspace_id`
- `tenant_id`
- `lifecycle_state`
- `current_checkpoint`
- `last_completed_checkpoint`
- `state`
- `version`
- `completed_at`
- `cancelled_at`
- Relationships:
- belongs to workspace
- optionally belongs to tenant
- Validation and invariants:
- Owns onboarding progression, resumability, and conflict-safe mutation.
- Does not replace tenant lifecycle.
- Must enforce workspace entitlement, and tenant entitlement once a tenant link exists.
### OperationRun
- Purpose: Canonical workspace-owned record for long-running or operationally relevant work.
- Existing source: `App\Models\OperationRun`.
- Key fields relevant to this feature:
- `id`
- `workspace_id`
- `tenant_id` nullable
- `type`
- `status`
- `outcome`
- `context`
- `summary_counts`
- `failure_summary`
- Relationships:
- belongs to workspace
- optionally belongs to tenant
- Validation and invariants:
- A canonical viewer authorizes from the run, workspace, and entitlement checks.
- Tenant mismatch against remembered context must not invalidate the run.
- Status and outcome transitions remain service-owned.
### RememberedTenantContext
- Purpose: Operator preference state that remembers the last tenant selection per workspace.
- Existing implementation surfaces:
- `App\Support\Workspaces\WorkspaceContext`
- `App\Http\Controllers\SelectTenantController`
- `App\Http\Controllers\ClearTenantContextController`
- `App\Filament\Pages\ChooseTenant`
- Data shape:
- `workspace_id`
- `tenant_id`
- Validation and invariants:
- This is not an authorization primitive.
- It may prefilter workspace pages and drive convenience redirects.
- It must be cleared or ignored when the selected tenant is no longer eligible for normal active context.
## Derived Domain Concepts
### TenantOperabilityDecision
- Purpose: Derived policy result for what the operator may do with a tenant.
- Inputs:
- actor
- workspace
- tenant
- page category
- requested operation
- Outputs:
- `can_view_tenant_surface`
- `can_select_as_context`
- `can_operate`
- `can_archive`
- `can_restore`
- `can_resume_onboarding`
- `can_reference_in_workspace_monitoring`
### PageCategory
- Purpose: Normalize route semantics by page type.
- Canonical values:
- `workspace_scoped`
- `tenant_bound`
- `onboarding_workflow`
- `canonical_workspace_record_viewer`
- Invariants:
- Every in-scope route must map to one category.
- Route legitimacy rules are defined by category, not by remembered tenant state.
### LifecyclePresentationSpec
- Purpose: Central mapping from tenant lifecycle to operator-facing label, badge color, icon, and allowed explanatory copy.
- Existing extension point:
- `BadgeCatalog`
- `BadgeDomain::TenantStatus`
- Invariants:
- All canonical lifecycle values must map explicitly.
- No valid lifecycle may render as `Unknown`.
## State Transitions
### Tenant lifecycle transitions
- `draft -> onboarding`
- Trigger: onboarding has advanced enough that the tenant exists as an in-progress managed tenant.
- `onboarding -> active`
- Trigger: onboarding completion or activation flow defined by follow-up implementation specs.
- `active -> archived`
- Trigger: explicit archive action with authorization, confirmation, and audit logging.
- `archived -> restored_state`
- Trigger: explicit restore action defined by follow-up specs.
- Note: current model restore behavior returns to `active`, but this foundation leaves restored-state semantics to follow-up work.
### Onboarding workflow transitions
- Stay owned by `TenantOnboardingSession` lifecycle and checkpoint services.
- Must not be conflated with tenant lifecycle labels or selector eligibility.
## Route-to-entity mapping
- `/admin`, `/admin/choose-workspace`, `/admin/operations`: workspace plus remembered tenant preference, optionally filtered by tenant.
- `/admin/choose-tenant`: workspace plus eligible tenant collection.
- `/admin/tenants`, `/admin/tenants/{tenant}`: workspace plus route tenant.
- `/admin/onboarding`, `/admin/onboarding/{onboardingDraft}`: workspace plus onboarding workflow record, optionally linked tenant.
- `/admin/operations/{run}`: workspace plus canonical operation run, optionally linked tenant.
## Test focus derived from the model
- Selector eligibility tests for all tenant lifecycle states.
- Canonical run viewer tests for mismatched selected tenant versus referenced tenant.
- Badge coverage tests for every canonical tenant lifecycle state.
- Authorization tests asserting 404 for non-members and 403 for members missing capability.
- Onboarding workflow tests proving onboarding drafts remain visible and resumable without becoming active tenant context.
Reference in New Issue View Git Blame Copy Permalink