TenantAtlas/specs/297-managed-environment-canonical-route-cutover/contracts/managed-environment-canonical-route-contract.md
ahmido 3ec582a182 feat: retire legacy tenant route surfaces (#352)
## Summary
- retire legacy `/admin/t` and active `/admin/tenants` product surfaces in favor of canonical workspace-scoped managed-environment routes
- centralize runtime URL generation through `ManagedEnvironmentLinks` and update intended URL handling to reject legacy tenant paths
- remove dormant tenant panel runtime, rename test helpers to the admin environment context, and add guard coverage for route/helper regressions

## Validation
- targeted Feature guard, workspace, provider connection, required permissions, and Filament test lanes run under Sail
- browser smoke coverage run for provider connection and workspace RBAC environment access flows
- formatting and diff checks completed with Pint and `git diff --check`

## Notes
- Filament remains on v5 with Livewire v4
- provider registration stays in `apps/platform/bootstrap/providers.php`
- retired tenant resource global search is disabled and destructive action confirmation rules remain unchanged

Co-authored-by: Ahmed Darrazi <ahmed.darrazi@live.de>
Reviewed-on: #352
2026-05-12 23:35:03 +00:00

88 lines
3.5 KiB
Markdown

# Contract: Managed Environment Canonical Route Cutover
**Status**: Logical route/link contract
**Runtime persistence**: none
**Compatibility**: no broad compatibility surface
## Canonical Route Families
| Product case | Canonical route family | Notes |
|---|---|---|
| Environment index | `/admin/workspaces/{workspace}/environments` | Workspace context required |
| Environment detail | `/admin/workspaces/{workspace}/environments/{environment}` | Environment must belong to workspace |
| Required permissions / readiness | `/admin/workspaces/{workspace}/environments/{environment}/required-permissions` | Existing repo-real route preferred |
| Diagnostics / provider health | `/admin/workspaces/{workspace}/environments/{environment}/diagnostics` or repo-real equivalent | If no route exists, implementation must document canonical equivalent |
| Access scopes / memberships | `/admin/workspaces/{workspace}/environments/{environment}/access-scopes` or repo-real equivalent | If no route exists, implementation must document canonical equivalent |
| Provider connections | `/admin/provider-connections...` | Tenantless admin resource with neutral scope context |
| Operations index | `/admin/workspaces/{workspace}/operations` | Workspace context required |
| Operation detail | `/admin/workspaces/{workspace}/operations/{run}` | Run entitlement required |
## Retired Route Families
| Route family | Contract |
|---|---|
| `/admin/t` | Absent or 404 |
| `/admin/t/*` | Absent or 404 |
| `/admin/tenants` | Not active product surface; 404 or documented safe canonical resolution only |
| `/admin/tenants/{environment}` | Not active product surface; 404 or documented safe canonical resolution only |
| `/admin/tenants/{environment}/edit` | 404 |
| `/admin/tenants/{environment}/memberships` | 404 or documented safe canonical access-scope resolution only |
| `/admin/tenants/{environment}/required-permissions` | 404 or documented safe canonical required-permissions resolution only |
| `/admin/tenants/{environment}/provider-connections...` | 404 |
| `/admin/operations` | Not final intended URL; normalize to workspace operations if workspace known |
## Link Helper Contract
If `ManagedEnvironmentLinks` is introduced or extended, it must provide or delegate these behaviors:
```php
ManagedEnvironmentLinks::indexUrl($workspace)
ManagedEnvironmentLinks::viewUrl($environment)
ManagedEnvironmentLinks::requiredPermissionsUrl($environment)
ManagedEnvironmentLinks::diagnosticsUrl($environment)
ManagedEnvironmentLinks::accessScopesUrl($environment)
ManagedEnvironmentLinks::operationsUrl($workspace, ?ManagedEnvironment $environment = null)
```
The exact method names may differ if the repo already has a canonical helper. The behavior must remain equivalent.
## Authorization Contract
- Link generation does not grant authorization.
- Page/action owners still enforce workspace membership and managed-environment entitlement.
- Non-member/out-of-scope access returns 404.
- Established member missing capability returns 403.
- Managed-environment scope cannot grant role/capability authority.
## Intended URL Contract
Rejected as final destination:
```text
/admin/t
/admin/t/*
/admin/tenants
/admin/tenants/*
/admin/tenants/*/required-permissions
/admin/tenants/*/provider-connections
external URLs
```
Normalized when safe:
```text
/admin/operations -> /admin/workspaces/{workspace}/operations
```
Fallback when unsafe:
```text
/admin/workspaces/{workspace}/overview
```
or:
```text
/admin/workspaces/{workspace}/environments
```