ahmido/TenantAtlas
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects 1 Releases Wiki Activity
983abb18a1
TenantAtlas/specs/261-provider-missing-policy-visibility/quickstart.md
ahmido feeaadd5ad feat: add provider-missing policy visibility and restore continuity (#316) 
## Summary
- separate provider-missing policy presence from local ignore semantics by introducing `missing_from_provider_at`
- update policy, backup, and restore surfaces so current-state capture stays honest while historical restore continuity remains available
- add focused sync, Filament, backup, restore, localization, and badge coverage for the new provider-missing behavior

## Scope
- policy sync and model truth
- policy resource visibility, badges, labels, and action gating
- backup/export eligibility and restore continuity messaging
- spec 261 artifacts and focused tests

## Validation
- feature-specific Pest coverage is included in the branch
- validation was not re-run as part of this commit/push/PR handoff

Co-authored-by: Ahmed Darrazi <ahmed.darrazi@live.de>
Reviewed-on: #316
2026-05-01 20:18:27 +00:00

3.9 KiB
Raw Blame History

Quickstart: Provider-Missing Policy Visibility & Restore Continuity v1

Preconditions

  1. Start the platform runtime if it is not already running:
export PATH="/bin:/usr/bin:/usr/local/bin:$PATH"
cd apps/platform && ./vendor/bin/sail up -d
  1. Keep verification inside the existing policy, backup, and restore seams. No browser smoke or heavy-governance lane is required for this slice.

Scenario 1: Provider-missing is distinct from local ignore

  1. Create or reuse a tenant policy fixture that sync normally into the local policies table.
  2. Mark a second policy as locally ignored through the existing ignore flow.
  3. Run sync with a provider payload that omits the first policy but still returns the second policy.
  4. Verify:
    • the omitted policy receives missing_from_provider_at and remains visible as provider-missing
    • the locally ignored policy keeps ignored_at
    • sync does not clear ignored_at for the ignored policy

Scenario 2: Current backup/export blocks provider-missing policies

  1. Reuse a policy marked provider-missing from Scenario 1 and apply the existing local ignore flow so the policy reaches the combined ignored-plus-missing state.
  2. Attempt the current backup/export path from the existing policy or backup selection surface.
  3. Verify:
    • the combined-state policy remains visible but blocked from fresh capture
    • the combined ignored-plus-missing policy is discoverable from both the ignored and provider_missing filter views
    • the primary blocked reason is provider-missing
    • local ignore remains visible only as secondary context, not the dominant blocker
    • no new backup/export run is created for a blocked policy

Scenario 3: Historical restore continuity remains available

  1. Create or reuse a BackupItem for a policy that is now provider-missing.
  2. Open the existing restore-run creation flow for the owning backup set.
  3. Verify:
    • the historical item remains selectable when otherwise eligible
    • the selection UI shows a provider-missing continuity note rather than filtering the item out

Scenario 4: Reappearance clears only provider-missing state

  1. Re-run sync with the previously missing policy present again.
  2. Verify:
    • missing_from_provider_at clears
    • ignored_at remains unchanged if the policy is locally ignored
    • an audit event records the reappearance transition

Focused Validation Commands

export PATH="/bin:/usr/bin:/usr/local/bin:$PATH" && cd apps/platform && ./vendor/bin/sail artisan test --compact tests/Feature/Jobs/PolicySyncProviderMissingSemanticsTest.php tests/Feature/Jobs/PolicySyncIgnoredRevivalTest.php tests/Feature/Jobs/AppProtectionPolicySyncFilteringTest.php tests/Feature/PolicySyncServiceTest.php tests/Feature/PolicySyncEnrollmentConfigurationTypeCollisionTest.php tests/Feature/PolicySyncStartSurfaceTest.php

export PATH="/bin:/usr/bin:/usr/local/bin:$PATH" && cd apps/platform && ./vendor/bin/sail artisan test --compact tests/Feature/Filament/PolicyProviderMissingUiTest.php tests/Feature/PolicyGeneralViewTest.php tests/Feature/BulkDeletePoliciesTest.php tests/Feature/BulkUnignorePoliciesTest.php tests/Unit/Badges/PolicyBadgesTest.php

export PATH="/bin:/usr/bin:/usr/local/bin:$PATH" && cd apps/platform && ./vendor/bin/sail artisan test --compact tests/Feature/BulkExportToBackupTest.php tests/Feature/Filament/BackupCreationTest.php tests/Feature/Filament/BackupSetPolicyPickerTableTest.php tests/Feature/Filament/RestoreItemSelectionTest.php tests/Feature/RestoreUnknownPolicyTypeSafetyTest.php

Finish

  1. Run Pint on touched PHP files:
export PATH="/bin:/usr/bin:/usr/local/bin:$PATH" && cd apps/platform && ./vendor/bin/sail bin pint --dirty --format agent
  1. Confirm there are no remaining sync-driven ignored_at writes in policy-sync code paths and that the slice did not introduce SoftDeletes, a purge path, or a new lifecycle framework before closing the feature.