ahmido/TenantAtlas
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects 1 Releases Wiki Activity
9e435ea91f
TenantAtlas/.codex/skills/tenantpilot-audit/SKILL.md
ahmido 252cd4513d feat: implement report evidence reconciliation (#432) 
Implemented report evidence reconciliation.

Co-authored-by: Ahmed Darrazi <ahmed.darrazi@live.de>
Reviewed-on: #432
2026-06-06 22:40:59 +00:00

2.7 KiB
Raw Blame History

name description compatibility metadata
tenantpilot-audit Scan the TenantPilot repository for architecture and safety violations against the workspace-first, RBAC-first, audit-first governance model. Requires the TenantPilot/TenantAtlas repository structure with docs/audits and specs/
author source
tenantpilot .codex/prompts/tenantpilot.audit.md

TenantPilot Architecture Audit

Use this skill when the user asks for a TenantPilot or TenantAtlas architecture, safety, RBAC, isolation, or auditability review.

This is not a generic code review. Audit the repository against the TenantPilot audit constitution at docs/audits/tenantpilot-architecture-audit-constitution.md.

Audit Focus

Prioritize:

  • workspace and tenant isolation
  • route model binding safety
  • Filament resources, pages, relation managers, widgets, and actions
  • Livewire public properties and serialized state risks
  • jobs, queue boundaries, and backend authorization rechecks
  • provider access boundaries
  • OperationRun consistency
  • findings, exceptions, review, drift, and baseline workflow integrity
  • audit trail completeness
  • wrong-tenant regression coverage
  • unauthorized action coverage
  • workflow misuse and invalid transition coverage

Output Rules

Classify every finding as exactly one of:

  • Constitutional Violation
  • Architectural Drift
  • Workflow Trust Gap
  • Test Blind Spot

Assign one severity:

  • Severity 1: Critical
  • Severity 2: High
  • Severity 3: Medium
  • Severity 4: Low

Anything directly touching isolation, RBAC, secrets, or auditability must not be rated Low.

For each finding provide:

  1. Title
  2. Classification
  3. Severity
  4. Affected Area
  5. Evidence with specific files, classes, methods, routes, or test gaps
  6. Why this matters in TenantPilot
  7. Recommended structural correction
  8. Delivery recommendation: hotfix, follow-up refactor, or dedicated spec required

Constraints

  • Do not praise the codebase.
  • Do not focus on style unless it affects architecture or safety.
  • Do not suggest random patterns without proving fit.
  • Group multiple symptoms under one deeper diagnosis when appropriate.
  • Be explicit when a local fix is insufficient and a dedicated spec is required.

Repository Context

TenantPilot is an enterprise SaaS product for Intune and Microsoft 365 governance, backup, restore, inventory, drift detection, findings, exceptions, operations, and auditability.

The strategic priorities are:

  • workspace-first context modeling
  • capability-first RBAC
  • strong auditability
  • deterministic workflow semantics
  • provider access through canonical boundaries
  • minimal duplication of domain logic across UI surfaces

Return the audit as a concise but substantive findings report.