ahmido
a30be84084
Summary: - Baseline Compare landing: enterprise UI (stats grid, critical drift banner, better actions), navigation grouping under Governance, and Action Surface Contract declaration. - Baseline Profile view page: switches from disabled form fields to proper Infolist entries for a clean read-only view. - Fixes tenant name column usages (`display_name` → `name`) in baseline assignment flows. - Dashboard: improved baseline governance widget with severity breakdown + last compared. Notes: - Filament v5 / Livewire v4 compatible. - Destructive actions remain confirmed (`->requiresConfirmation()`). Tests: - `vendor/bin/sail artisan test --compact tests/Feature/Baselines` - `vendor/bin/sail artisan test --compact tests/Feature/Guards/ActionSurfaceContractTest.php` Co-authored-by: Ahmed Darrazi <ahmed.darrazi@live.de> Reviewed-on: #123
61 lines
2.3 KiB
Markdown
61 lines
2.3 KiB
Markdown
# Phase 1 — Quickstart (Developer)
|
||
|
||
This quickstart is for exercising Baseline Governance v1 locally.
|
||
|
||
## Prereqs
|
||
- Docker running
|
||
- Laravel Sail available
|
||
|
||
## Setup
|
||
1. Start containers: `vendor/bin/sail up -d`
|
||
2. Install deps (if needed): `vendor/bin/sail composer install`
|
||
3. Migrate: `vendor/bin/sail artisan migrate`
|
||
4. Build frontend assets (if UI changes aren’t visible): `vendor/bin/sail npm run dev`
|
||
|
||
## Happy path walkthrough
|
||
|
||
### 1) Create a baseline profile
|
||
- Navigate to Admin → Governance → Baselines
|
||
- Create a profile with:
|
||
- name
|
||
- status = draft
|
||
- scope filter (policy types/domains)
|
||
|
||
### 2) Capture from a source tenant
|
||
- From the Baseline Profile view page, trigger “Capture from tenant”
|
||
- Select a source tenant
|
||
- Confirm the action
|
||
- You should see a queued notification with “View run” that links to Monitoring → Operations
|
||
|
||
Expected:
|
||
- An `OperationRun` of type `baseline_capture` is created (or reused if one is already queued/running)
|
||
- On success, an immutable `baseline_snapshot` is created and the profile’s `active_snapshot_id` is updated (when profile is active)
|
||
|
||
### 3) Assign baseline to a tenant
|
||
- Navigate to the tenant context (Admin → choose tenant)
|
||
- Assign the baseline profile to the tenant (v1: exactly one baseline per tenant)
|
||
- Optionally define an override filter that narrows scope
|
||
|
||
### 4) Compare now (Soll vs Ist)
|
||
- Navigate to the “Soll vs Ist” landing page for the tenant
|
||
- Click “Compare now”
|
||
|
||
Expected:
|
||
- An `OperationRun` of type `baseline_compare` is created/reused
|
||
- Findings are created/updated with stable fingerprints
|
||
- The compare run summary is persisted (totals + severity breakdown)
|
||
|
||
## Precondition failure checks
|
||
|
||
These should return **HTTP 422** with `reason_code`, and must **not** create an `OperationRun`:
|
||
- compare with no assignment: `baseline.compare.no_assignment`
|
||
- compare when profile not active: `baseline.compare.profile_not_active`
|
||
- compare when no active snapshot: `baseline.compare.no_active_snapshot`
|
||
- capture with missing source tenant: `baseline.capture.missing_source_tenant`
|
||
|
||
## Test focus (when implementation lands)
|
||
- BaselineProfile CRUD + RBAC (404 vs 403)
|
||
- Capture idempotency (dedupe snapshot identity)
|
||
- Compare idempotency (dedupe finding fingerprint)
|
||
- Action surfaces comply with the Filament Action Surface Contract
|