ahmido/TenantAtlas
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects 1 Releases Wiki Activity
662b0e0aa8
TenantAtlas/specs/023-endpoint-security-restore/tasks.md
Ahmed Darrazi 662b0e0aa8 spec: refresh specs/plans + add 018 scaffolding
2026-01-04 00:18:34 +01:00

2.1 KiB
Raw Blame History

Tasks: Endpoint Security Policy Restore (023)

Branch: feat/023-endpoint-security-restore Date: 2026-01-03 Input: spec.md, plan.md

Phase 1: Setup

  • T001 Create spec/plan/tasks and checklist.

Phase 2: Inventory & Design

  • T002 Confirm current restore mode + code paths for endpointSecurityPolicy (config/tenantpilot.php, restore services).
  • T003 Decide template resolution strategy (ID vs family/display name) and required Graph calls.
  • T004 Define settings instance validation rules (warning vs block) for restore preview/execution.

Phase 3: Tests (TDD)

  • T005 Add feature tests for restore execution create/update for endpointSecurityPolicy.
  • T006 Add feature tests for preview warnings when template is missing.
  • T007 Add feature tests asserting restore execution fails gracefully when template is missing.
  • T008 Add tests for settings validation failure paths (invalid/unknown settings instances).
  • T009 Add feature tests asserting assignments are applied for endpoint security policies.

Phase 4: Implementation

  • T010 Enable restore for endpointSecurityPolicy in config/tenantpilot.php.
  • T011 Implement template existence validation in restore preview and execution gating.
  • T012 Implement settings instance validation against resolved template definitions.
  • T013 Implement template mapping (if required) and ensure restore payload uses mapped template reference.
  • T014 Ensure restore applies assignments for endpoint security policies using existing mapping logic.

Phase 5: Verification

  • T015 Run targeted tests.
  • T016 Run Pint (./vendor/bin/pint --dirty).

Phase 6: Hardening (Incident-driven)

  • T017 Default unknown policy types to preview-only to avoid invalid Graph endpoints.
  • T018 Harden endpoint resolution fallback for configuration policy types (avoid deviceManagement/{policyType}).
  • T019 Surface Graph method/path in RestoreRun Results for faster debugging.
  • T020 Strip non-patchable fields for endpointSecurityIntent PATCH (isAssigned, templateId, isMigratingToConfigurationPolicy).