Tasks: Device Configuration and Compliance Coverage (007)

Branch: feat/007-device-config-compliance | Date: 2025-12-26
Input: spec.md, plan.md

Task Format

Checkbox: - [ ] for incomplete, - [x] for complete
Task ID: Sequential T001, T002, T003...
[P] marker: Task can run in parallel (different files, no blocking dependencies)
[Story] label: User story tag (US1, US2, US3...)
File path: Always include exact file path in description

Purpose: Add missing device configuration, compliance, scripts, and update ring types with Graph contract coverage.

T001 [P] Expand policy type registry for device configuration, compliance, scripts, and update rings in config/tenantpilot.php (labels, categories, restore mode, risk).
T002 [P] Add/update Graph contracts and assignment endpoints for new policy types in config/graph_contracts.php.
T003 [P] Verify and extend permissions for the new workloads in config/intune_permissions.php.
T004 Update type metadata helpers and filters in app/Filament/Resources/PolicyResource.php and app/Filament/Resources/BackupSetResource/RelationManagers/BackupItemsRelationManager.php.

Checkpoint: New policy types are recognized across UI metadata and Graph contract registry.

Purpose: Ensure snapshots, assignments, and scope tags are captured for the new workloads.

T005 Update app/Services/Intune/PolicySnapshotService.php to fetch and hydrate the new policy types correctly (filters, select fields).
T006 Extend app/Services/Intune/PolicyCaptureOrchestrator.php to capture assignments and scope tags for the new types with existing resolvers.
T007 Update app/Services/Intune/BackupService.php to capture snapshots for the new types and propagate warnings.
T008 Add or extend normalization support in app/Services/Intune/PolicyNormalizer.php for the new policy types.

Checkpoint: Backups include snapshots and metadata for configuration/compliance policies.

Purpose: Restore new policy types safely using assignment and foundation mappings.

T009 Update app/Services/Intune/RestoreService.php to restore the new policy types using Graph contracts.
T010 Extend app/Services/AssignmentRestoreService.php for assignment endpoints of the new types.
T011 Ensure compliance notification templates are restored and referenced via mapping in app/Services/Intune/RestoreService.php.
T012 Add audit coverage for compliance action mapping outcomes in app/Services/Intune/AuditLogger.php.

Checkpoint: Restore applies policies and assignments or skips with clear reasons.

Purpose: Surface restore and compliance details clearly in the UI.

T013 Update resources/views/filament/infolists/entries/restore-preview.blade.php to surface compliance action/template warnings.
T014 Update resources/views/filament/infolists/entries/restore-results.blade.php to show compliance action mapping outcomes and skip reasons.

Checkpoint: Admins can see compliance related mapping results in preview and results.

Purpose: Cover new workloads with Pest tests and verify formatting.

T015 Add unit tests for snapshot and normalization coverage in tests/Unit/PolicySnapshotServiceTest.php and tests/Unit/PolicyNormalizerTest.php.
T016 Add feature tests for backup and restore flows in tests/Feature/Filament/RestorePreviewTest.php and tests/Feature/Filament/RestoreExecutionTest.php.
T017 Run tests: ./vendor/bin/sail artisan test tests/Unit/PolicySnapshotServiceTest.php tests/Unit/PolicyNormalizerTest.php tests/Feature/Filament/RestorePreviewTest.php tests/Feature/Filament/RestoreExecutionTest.php
T018 Run Pint: ./vendor/bin/pint --dirty

Checkpoint: Tests pass and formatting is clean.

T019 [Deferred] Add inventory/properties catalog policies (deviceManagement/inventoryPolicies) once required permissions are confirmed; include contracts, sync, snapshot hydration via /settings, and normalized UI display.

Powered by Gitea Version: 1.22.3 Page: 105ms Template: 1ms

English