ahmido/TenantAtlas
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects 1 Releases Wiki Activity
98e2b5acd9
TenantAtlas/specs/138-managed-tenant-onboarding-draft-identity/quickstart.md
ahmido 98e2b5acd9 feat: managed tenant onboarding draft identity and resume semantics (#167) 
## Summary
- add canonical managed-tenant onboarding draft routing with explicit draft identity and landing vs concrete draft behavior
- implement draft lifecycle, authorization, attribution, picker UX, resume-stage resolution, and auditable cancel or completion semantics
- add focused feature, unit, and browser coverage plus Spec 138 artifacts for the onboarding draft resume flow

## Validation
- `vendor/bin/sail artisan test --compact tests/Feature/ManagedTenantOnboardingWizardTest.php tests/Feature/Audit/OnboardingDraftAuditTest.php tests/Feature/Onboarding/OnboardingDraftAccessTest.php tests/Feature/Onboarding/OnboardingDraftAuthorizationTest.php tests/Feature/Onboarding/OnboardingDraftLifecycleTest.php tests/Feature/Onboarding/OnboardingDraftMultiTabTest.php tests/Feature/Onboarding/OnboardingDraftPickerTest.php tests/Feature/Onboarding/OnboardingDraftRoutingTest.php tests/Feature/Onboarding/OnboardingRbacSemanticsTest.php tests/Feature/Onboarding/OnboardingVerificationClustersTest.php tests/Feature/Onboarding/OnboardingVerificationTest.php tests/Feature/Onboarding/OnboardingVerificationV1_5UxTest.php tests/Feature/Verification/VerificationReportViewerDbOnlyTest.php tests/Unit/Onboarding tests/Unit/VerificationReportSanitizerEvidenceKindsTest.php tests/Browser/OnboardingDraftRefreshTest.php tests/Browser/OnboardingDraftVerificationResumeTest.php`
- passed: 69 tests, 251 assertions

Co-authored-by: Ahmed Darrazi <ahmed.darrazi@live.de>
Reviewed-on: #167
2026-03-13 23:45:23 +00:00

56 lines
2.5 KiB
Markdown
Raw Blame History

# Quickstart: Managed Tenant Onboarding Draft Identity & Resume Semantics
## Scenario 1: Start a new onboarding draft
1. Visit `/admin/onboarding` in a workspace with no open onboarding drafts.
2. Confirm the page shows a clean start state and no misleading resume banner.
3. Complete and confirm Step 1.
4. Confirm the browser redirects to `/admin/onboarding/{draft}`.
5. Refresh the page and confirm the identified tenant information still appears.
## Scenario 2: Resume the only open draft
1. Seed exactly one resumable onboarding draft in the current workspace.
2. Visit `/admin/onboarding`.
3. Confirm automatic redirect to `/admin/onboarding/{draft}`.
4. Confirm the wizard displays a resume banner with tenant name, stage, and attribution.
## Scenario 3: Choose among multiple drafts
1. Seed multiple resumable drafts in the same workspace.
2. Visit `/admin/onboarding`.
3. Confirm a draft picker appears instead of a blank Step 1 or silent redirect.
4. Resume one draft.
5. Confirm the chosen draft opens on the correct derived stage.
## Scenario 4: Hard refresh after provider selection
1. Open a concrete draft URL where Step 1 is confirmed and a provider connection has been selected.
2. Hard-refresh the browser.
3. Confirm the same draft URL remains loaded.
4. Confirm the selected provider connection and derived stage are restored.
5. Confirm any secret entry field is empty after reload.
## Scenario 5: Completed or cancelled draft direct access
1. Mark a draft as completed or cancelled.
2. Visit `/admin/onboarding/{draft}` directly.
3. Confirm the draft does not reopen in editable wizard mode.
4. Confirm the user sees a safe summary or non-resumable state.
## Scenario 6: Cross-operator continuity
1. Create a resumable draft as one authorized operator.
2. Sign in as another authorized operator in the same workspace.
3. Visit `/admin/onboarding` and resume the draft.
4. Confirm started-by and last-updated-by attribution are visible and updated appropriately.
## Scenario 7: Access semantics and activation guards survive refresh
1. Attempt to load a concrete draft URL as a non-member or with the wrong workspace selected.
2. Confirm the response remains deny-as-not-found.
3. Attempt to load the same draft as an in-scope workspace member without onboarding capability.
4. Confirm the response is policy-consistent `403`.
5. Open a draft where activation is still blocked by verification or override requirements.
6. Hard-refresh the draft URL.
7. Confirm the activation guard, confirmation requirements, and override requirements remain in force after reload.
Reference in New Issue View Git Blame Copy Permalink