ahmido/TenantAtlas
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects 1 Releases Wiki Activity
a97beefda3
TenantAtlas/specs/007-device-config-compliance/plan.md
ahmido d939d45bcf fix: improve assignment capture/restore and filter name handling (#8) 
Resolves assignment filter names when Graph stores filter IDs at assignment root.
Tracks assignment fetch success/failure and shows clearer UI states for versions.
Adds scope tag fallback display in backup set items.
Restored versions now capture applied assignments consistently.

Co-authored-by: Ahmed Darrazi <ahmeddarrazi@adsmac.local>
Reviewed-on: #8
2025-12-28 13:59:12 +00:00

2.7 KiB
Raw Blame History

Implementation Plan: Device Configuration and Compliance Coverage

Branch: 007-device-config-compliance | Date: 2025-12-26 | Spec: ./spec.md Input: Feature specification from /specs/007-device-config-compliance/spec.md

Summary

Expand backup and restore coverage for device configuration, compliance, scripts, and update rings. This plan focuses on policy type coverage, assignment capture, and safe restore behavior using existing foundation mappings and assignment logic.

Phase outputs:

  • Phase 0 research: n/a (no new research artifact yet)
  • Phase 1 design: n/a (no new data model artifact yet)

Technical Context

Language/Version: PHP 8.4 (Laravel 12)
Primary Dependencies: Laravel 12, Filament v4, Livewire v3, Microsoft Graph (custom client abstraction)
Storage: PostgreSQL (JSONB payload storage for snapshots)
Testing: Pest v4 + PHPUnit 12
Target Platform: Docker/Sail locally; container deploy via Dokploy
Project Type: Web application (Laravel backend + Filament admin UI)
Performance Goals: Restore preview for 100 selected items in under 2 minutes
Constraints: Restore must be defensive (no deletions); assignments only applied with valid mapping; audit logs required
Scale/Scope: Tenants with mixed configuration and compliance policies, including scripts and update rings

Constitution Check

The constitution at .specify/memory/constitution.md is currently an unfilled template. For this feature, adopt the repo rules as gates:

  • Sail-first local dev/test commands.
  • Spec gate: code changes must be accompanied by specs/007-device-config-compliance/ updates.
  • Tests required for behavior changes (Pest).
  • Restore safety: never delete; skip unsafe assignments; record reasons.
  • Auditability: backup and restore outcomes are logged per tenant.

Project Structure

Documentation (this feature)

specs/007-device-config-compliance/
├── spec.md
├── plan.md
└── tasks.md

Source Code (expected touch points)

app/
├── Filament/
│   └── Resources/
├── Models/
│   ├── BackupItem.php
│   ├── Policy.php
│   └── PolicyVersion.php
├── Services/
│   ├── Graph/
│   └── Intune/
└── Jobs/

config/
├── graph_contracts.php
├── intune_permissions.php
└── tenantpilot.php

tests/
├── Feature/
└── Unit/

Structure Decision: Extend existing services (PolicySnapshotService, PolicyCaptureOrchestrator, RestoreService) and Filament resources, adding only targeted helpers where needed.

Complexity Tracking

Violation Why Needed Simpler Alternative Rejected Because
n/a n/a n/a