ahmido/TenantAtlas
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects 1 Releases Wiki Activity
a4f2629493
TenantAtlas/specs/155-tenant-review-layer/quickstart.md
ahmido a4f2629493 feat: add tenant review layer (#185) 
## Summary
- add the tenant review domain with tenant-scoped review library, canonical workspace review register, lifecycle actions, and review-derived executive pack export
- extend review pack, operations, audit, capability, and badge infrastructure to support review composition, publication, export, and recurring review cycles
- add product backlog and audit documentation updates for tenant review and semantic-clarity follow-up candidates

## Testing
- `vendor/bin/sail bin pint --dirty --format agent`
- `vendor/bin/sail artisan test --compact --filter="TenantReview"`
- `CI=1 vendor/bin/sail artisan test --compact`

## Notes
- Livewire v4+ compliant via existing Filament v5 stack
- panel providers remain in `bootstrap/providers.php` via existing Laravel 12 structure; no provider registration moved to `bootstrap/app.php`
- `TenantReviewResource` is not globally searchable, so the Filament edit/view global-search constraint does not apply
- destructive review actions use action handlers with confirmation and policy enforcement

Co-authored-by: Ahmed Darrazi <ahmed.darrazi@live.de>
Reviewed-on: #185
2026-03-21 22:03:01 +00:00

2.3 KiB
Raw Blame History

Quickstart: Tenant Review Layer

Goal

Validate the first slice of the Tenant Review Layer locally in Sail using existing evidence snapshots and review-pack infrastructure.

Prerequisites

  1. Start Sail and ensure the application database is migrated.
  2. Seed or create:
    • one workspace
    • one tenant in that workspace
    • one authorized user with tenant access
    • one active evidence snapshot for the tenant
    • findings, permission posture, Entra admin-role report, baseline/drift posture, and operations summary inputs sufficient for review composition

Happy-path walkthrough

  1. Open the tenant admin surface for the target tenant.
  2. Navigate to the tenant review library at /admin/t/{tenant}/reviews.
  3. Create a review from the latest eligible evidence snapshot.
  4. Confirm the created review shows:
    • executive summary
    • open-risk highlights
    • accepted-risk summary
    • permission posture summary
    • baseline/drift posture summary
    • operations health summary
  5. Publish the review once required sections are complete.
  6. Export an executive pack from the published review.
  7. Download the resulting artifact and confirm it matches the review detail summary ordering.

Authorization checks

  1. As a non-member or wrong-tenant user, open the tenant review library URL.
    • Expected: 404
  2. As a tenant member without tenant_review.manage, attempt create/publish/archive/export.
    • Expected: UI disabled where applicable, server returns 403 on execution.
  3. As a workspace-scoped operator entitled to multiple tenants, open /admin/reviews.
    • Expected: only entitled tenant rows and filter values are visible.

Immutability checks

  1. Publish a tenant review.
  2. Change the underlying findings or posture data.
  3. Re-open the published review.
    • Expected: published review remains unchanged.
  4. Create a refreshed successor review.
    • Expected: the successor uses the updated evidence while the published review remains historical.

Export checks

  1. Export the executive pack twice from the same unchanged published review.
    • Expected: duplicate-prevention semantics avoid creating accidental duplicate final artifacts.
  2. Attempt export from a review missing required sections.
    • Expected: export is blocked with a clear readiness reason.