ahmido/TenantAtlas
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects 1 Releases Wiki Activity
67e72012fb
TenantAtlas/specs/095-graph-contracts-registry-completeness/research.md
ahmido eec93b510a Spec 095: Graph contracts registry completeness + registry-backed call sites (#114) 
Implements Spec 095.

What changed
- Registers 4 Graph resources in the contract registry (plus required subresource template)
- Refactors in-scope call sites to resolve Graph paths via the registry (no ad-hoc endpoints for these resources)
- Adds/updates regression tests to prevent future drift (missing registry entries and endpoint string reintroduction)
- Includes full SpecKit artifacts under specs/095-graph-contracts-registry-completeness/

Validation
- Focused tests:
  - `vendor/bin/sail artisan test --compact tests/Feature/Graph/GraphContractRegistryCoverageSpec095Test.php tests/Feature/SettingsCatalogDefinitionResolverTest.php`

Notes
- Livewire v4.0+ / Filament v5 compliant (no UI changes).
- No new routes/pages; no RBAC model changes.

Co-authored-by: Ahmed Darrazi <ahmed.darrazi@live.de>
Reviewed-on: #114
2026-02-15 15:02:27 +00:00

41 lines
1.9 KiB
Markdown
Raw Blame History

# Phase 0 — Research: Graph Contracts Registry Completeness
## Decisions
### Decision: Scope of enforcement
- **Decision**: Enforce “registry-backed paths” only for the four specified Graph resources and the five known call sites.
- **Rationale**: Keeps the change bounded and reviewable while addressing the concrete governance gap.
- **Alternatives considered**:
- Enforce across the entire codebase (rejected: scope explosion and higher regression risk).
### Decision: Acceptance evidence
- **Decision**: Pest tests passing are sufficient acceptance evidence.
- **Rationale**: Reproducible in CI/local without requiring a live tenant or delegated auth.
- **Alternatives considered**:
- Require drift-check command output (rejected: can require tenant setup and auth).
### Decision: Handling additional discoveries
- **Decision**: Do not expand scope beyond the four specified resources.
- **Rationale**: Prevents “scope creep by implementation”. Additional gaps can be handled via a follow-up spec.
- **Alternatives considered**:
- Expand to additional resources found during implementation (rejected: unbounded).
## Best Practices / Patterns (Repo-specific)
- **Contract registry**: Graph endpoint resources are centrally declared in `config/graph_contracts.php` and should be considered the source of truth.
- **Graph client**: All Graph calls route through `GraphClientInterface`.
- **Governance goal**: Feature code should avoid ad-hoc endpoint strings for governed resources.
## Testing Strategy
- **Registry completeness test**: Assert the four resources are registered and the template subresource is representable.
- **Regression guard**: Assert the five in-scope files do not contain hardcoded endpoint substrings for the governed resources.
## Notes
- This feature makes no changes to RBAC, UI, database schema, or operations observability.
## Follow-ups (out of scope)
- None identified yet.
Reference in New Issue View Git Blame Copy Permalink