ahmido/TenantAtlas
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects 1 Releases Wiki Activity
8ae7a7234e
TenantAtlas/specs
History
ahmido 8ae7a7234e feat/040-inventory-core (#43) 
Summary

Implements Inventory Core (Spec 040): a tenant-scoped, mutable “last observed” inventory catalog + sync run logging, with deterministic selection hashing and safe derived “missing” semantics.

This establishes the foundation for Inventory UI (041), Dependencies Graph (042), Compare/Promotion (043), and Drift (044).

What’s included
	•	DB schema
	•	inventory_items (unique: tenant_id + policy_type + external_id; indexes; last_seen_at, last_seen_run_id)
	•	inventory_sync_runs (tenant_id, selection_hash/payload, status, started/finished, counts, error_codes, correlation_id)
	•	Selection hashing
	•	Deterministic selection_hash via canonical JSON (sorted keys + sorted arrays) + sha256
	•	Sync semantics
	•	Idempotent upsert (no duplicates)
	•	Updates last_seen_* when observed
	•	Enforces tenant scoping for all reads/writes
	•	Guardrail: inventory sync does not create snapshots/backups
	•	Missing semantics (derived)
	•	“missing” computed relative to latest completed run for same (tenant_id, selection_hash)
	•	Low confidence when latest run is partial/failed or had_errors=true
	•	Selection isolation (runs for other selections don’t affect missing)
	•	deleted is reserved (not produced here)
	•	Safety
	•	meta_jsonb whitelist enforced (unknown keys dropped; never fail sync)
	•	Safe error persistence (no bearer tokens / secrets)
	•	Locking to prevent overlapping runs for same tenant+selection
	•	Concurrency limiter (global + per-tenant) and throttling resilience (429/503 backoff + jitter)

Tests

Added Pest coverage for:
	•	selection_hash determinism (array order invariant)
	•	upsert idempotency + last_seen updates
	•	missing derived semantics + selection isolation
	•	low confidence missing on partial/had_errors
	•	meta whitelist drop (no exception)
	•	lock prevents overlapping runs
	•	no snapshots/backups side effects
	•	safe error persistence (no bearer tokens)

Non-goals
	•	Inventory UI pages/resources (Spec 041)
	•	Dependency graph hydration (Spec 042)
	•	Cross-tenant compare/promotion flows (Spec 043)
	•	Drift analysis dashboards (Spec 044)

Review focus
	•	Data model correctness + indexes/constraints
	•	Selection hash canonicalization (determinism)
	•	Missing semantics (latest completed run + confidence rule)
	•	Guardrails (no snapshot/backups side effects)
	•	Safety: error_code taxonomy + safe persistence/logging

Co-authored-by: Ahmed Darrazi <ahmeddarrazi@adsmac.local>
Reviewed-on: #43
2026-01-07 14:54:24 +00:00
..
001-rbac-onboarding feat/004-assignments-scope-tags (#4) 2025-12-23 21:49:58 +00:00
002-filament-json spec: add 002 filament json 2025-12-14 19:56:17 +01:00
003-settings-catalog-readable dev-merges/c709b36 (#3) 2025-12-21 23:15:12 +00:00
004-assignments-scope-tags feat/004-assignments-scope-tags (#4) 2025-12-23 21:49:58 +00:00
005-bulk-operations feat/005-bulk-operations (#5) 2025-12-25 13:32:36 +00:00
006-sot-foundations-assignments feat(006): foundations + assignment mapping and preview-only restore guard (#7) 2025-12-26 23:44:31 +00:00
007-device-config-compliance feat(007): device config & compliance snapshot/restore improvements (#9) 2025-12-29 12:46:20 +00:00
008-apps-app-management feat: add metadata-only mobile app coverage with scope tag restore (#10) 2025-12-29 14:01:37 +00:00
009-app-protection-policy feat/009-app-protection-policy (#11) 2025-12-29 16:11:50 +00:00
010-admin-templates feat(010): Administrative Templates – restore from PolicyVersion + version visibility (#13) 2025-12-30 01:50:05 +00:00
011-restore-run-wizard feat/011-restore-run-wizard (#37) 2026-01-07 01:40:04 +00:00
012-windows-update-rings feat/012-windows-update-rings (#18) 2026-01-01 10:44:17 +00:00
013-scripts-management 013-scripts-management (#19) 2026-01-01 22:02:30 +00:00
014-enrollment-autopilot 014-enrollment-autopilot (#20) 2026-01-02 11:59:21 +00:00
015-policy-picker-ux 015-policy-picker-ux (#21) 2026-01-02 13:59:15 +00:00
016-backup-version-reuse feat: always capture policy when adding to backup (#22) 2026-01-02 14:33:29 +00:00
017-policy-types-mam-endpoint-security-baselines feat/017-policy-types-mam-endpoint-security-baselines (#23) 2026-01-03 02:06:35 +00:00
018-driver-updates-wufb feat/018-driver-updates-wufb (#27) 2026-01-04 00:38:54 +00:00
023-endpoint-security-restore feat/018-driver-updates-wufb (#27) 2026-01-04 00:38:54 +00:00
024-terms-and-conditions spec/024-additional-intune-types (#28) 2026-01-04 02:27:44 +00:00
025-policy-sets spec/024-additional-intune-types (#28) 2026-01-04 02:27:44 +00:00
026-custom-compliance-scripts spec/024-additional-intune-types (#28) 2026-01-04 02:27:44 +00:00
027-enrollment-config-subtypes feat/027-enrollment-config-subtypes (#31) 2026-01-04 13:25:15 +00:00
028-device-categories spec/024-additional-intune-types (#28) 2026-01-04 02:27:44 +00:00
029-wip-policies spec/024-additional-intune-types (#28) 2026-01-04 02:27:44 +00:00
030-intune-rbac-backup spec/024-additional-intune-types (#28) 2026-01-04 02:27:44 +00:00
031-tenant-portfolio-context-switch feat/031-tenant-portfolio-context-switch (#32) 2026-01-04 21:28:08 +00:00
032-backup-scheduling-mvp feat/032-backup-scheduling-mvp (#36) 2026-01-07 01:12:12 +00:00
039-inventory-program spec: add inventory specs 039-044 (#42) 2026-01-07 14:01:07 +00:00
040-inventory-core feat/040-inventory-core (#43) 2026-01-07 14:54:24 +00:00
041-inventory-ui spec: add inventory specs 039-044 (#42) 2026-01-07 14:01:07 +00:00
042-inventory-dependencies-graph spec: add inventory specs 039-044 (#42) 2026-01-07 14:01:07 +00:00
043-cross-tenant-compare-and-promotion spec: add inventory specs 039-044 (#42) 2026-01-07 14:01:07 +00:00
044-drift-mvp spec: add inventory specs 039-044 (#42) 2026-01-07 14:01:07 +00:00
900-policy-lifecycle feat/005-bulk-operations (#5) 2025-12-25 13:32:36 +00:00
.gitkeep chore(specs): add baseline specs folder 2025-12-14 19:42:35 +01:00