ahmido/TenantAtlas
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects 1 Releases Wiki Activity
6a15fe978a
TenantAtlas/specs/104-provider-permission-posture/checklists/requirements.md
ahmido ef380b67d1 feat(104): Provider Permission Posture (#127) 
Implements Spec 104: Provider Permission Posture.

What changed
- Generates permission posture findings after each tenant permission compare (queued)
- Stores immutable posture snapshots as StoredReports (JSONB payload)
- Adds global Finding resolved lifecycle (`resolved_at`, `resolved_reason`) with `resolve()` / `reopen()`
- Adds alert pipeline event type `permission_missing` (Alerts v1) and Filament option for Alert Rules
- Adds retention pruning command + daily schedule for StoredReports
- Adds badge mappings for `resolved` finding status and `permission_posture` finding type

UX fixes discovered during manual verification
- Hide “Diff” section for non-drift findings (only drift findings show diff)
- Required Permissions page: “Re-run verification” now links to Tenant view (not onboarding)
- Preserve Technical Details `<details>` open state across Livewire re-renders (Alpine state)

Verification
- Ran `vendor/bin/sail artisan test --compact --filter=PermissionPosture` (50 tests)
- Ran `vendor/bin/sail artisan test --compact --filter="FindingResolved|FindingBadge|PermissionMissingAlert"` (20 tests)
- Ran `vendor/bin/sail bin pint --dirty`

Filament v5 / Livewire v4 compliance
- Filament v5 + Livewire v4: no Livewire v3 usage.

Panel provider registration (Laravel 11+)
- No new panels added. Existing panel providers remain registered via `bootstrap/providers.php`.

Global search rule
- No changes to global-searchable resources.

Destructive actions
- No new destructive Filament actions were added in this PR.

Assets / deploy notes
- No new Filament assets registered. Existing deploy step `php artisan filament:assets` remains unchanged.

Test coverage
- New/updated Pest feature tests cover generator behavior, job integration, alerting, retention pruning, and resolved lifecycle.

Co-authored-by: Ahmed Darrazi <ahmed.darrazi@live.de>
Reviewed-on: #127
2026-02-21 22:32:52 +00:00

46 lines
2.1 KiB
Markdown
Raw Blame History

# Specification Quality Checklist: Provider Permission Posture
**Purpose**: Validate specification completeness and quality before proceeding to planning
**Created**: 2026-02-26
**Feature**: [spec.md](../spec.md)
## Content Quality
- [x] No implementation details (languages, frameworks, APIs)
- [x] Focused on user value and business needs
- [x] Written for non-technical stakeholders
- [x] All mandatory sections completed
## Requirement Completeness
- [x] No [NEEDS CLARIFICATION] markers remain
- [x] Requirements are testable and unambiguous
- [x] Success criteria are measurable
- [x] Success criteria are technology-agnostic (no implementation details)
- [x] All acceptance scenarios are defined
- [x] Edge cases are identified
- [x] Scope is clearly bounded
- [x] Dependencies and assumptions identified
## Feature Readiness
- [x] All functional requirements have clear acceptance criteria
- [x] User scenarios cover primary flows
- [x] Feature meets measurable outcomes defined in Success Criteria
- [x] No implementation details leak into specification
## Constitution Alignment
- [x] Constitution alignment (required) -- contract registry, safety gates, tenant isolation, run observability, tests
- [x] Constitution alignment (RBAC-UX) -- authorization planes, 404/403 semantics, capability registry
- [x] Constitution alignment (OPS-EX-AUTH-001) -- not applicable, documented
- [x] Constitution alignment (BADGE-001) -- new badge values documented, centralized map extended
- [x] Constitution alignment (Filament Action Surfaces) -- exemption documented (no new surfaces)
- [x] Constitution alignment (UX-001) -- exemption documented (no new screens)
## Notes
- All checklist items pass. Spec is ready for `/speckit.clarify` or `/speckit.plan`.
- No [NEEDS CLARIFICATION] markers; all decisions were made with informed defaults based on codebase research (Q1-Q6) and architectural decision validation from prior conversation.
- Key informed defaults documented in Assumptions section: TenantPermissionService as data source, DriftFindingGenerator pattern for idempotent upsert, Alerts v1 generic framework for new event types.
Reference in New Issue View Git Blame Copy Permalink