ahmido/TenantAtlas
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects 1 Releases Wiki Activity
a98323d2f4
TenantAtlas/specs/101-golden-master-baseline-governance-v1/quickstart.md
Ahmed Darrazi 74ab2d1404 feat: Phase 2 foundational - capabilities, migrations, models, factories, badges, support classes 
T003-T018b: Add workspace_baselines.view/manage capabilities, role mappings,
baseline_capture/baseline_compare operation labels, severity summary keys,
5 migrations, 4 models, 4 factories, BaselineScope, BaselineReasonCodes,
BaselineProfileStatus badge domain + mapper.
2026-02-19 14:15:46 +01:00

2.3 KiB
Raw Blame History

Phase 1 — Quickstart (Developer)

This quickstart is for exercising Baseline Governance v1 locally.

Prereqs

  • Docker running
  • Laravel Sail available

Setup

  1. Start containers: vendor/bin/sail up -d
  2. Install deps (if needed): vendor/bin/sail composer install
  3. Migrate: vendor/bin/sail artisan migrate
  4. Build frontend assets (if UI changes arent visible): vendor/bin/sail npm run dev

Happy path walkthrough

1) Create a baseline profile

  • Navigate to Admin → Governance → Baselines
  • Create a profile with:
    • name
    • status = draft
    • scope filter (policy types/domains)

2) Capture from a source tenant

  • From the Baseline Profile view page, trigger “Capture from tenant”
  • Select a source tenant
  • Confirm the action
  • You should see a queued notification with “View run” that links to Monitoring → Operations

Expected:

  • An OperationRun of type baseline_capture is created (or reused if one is already queued/running)
  • On success, an immutable baseline_snapshot is created and the profiles active_snapshot_id is updated (when profile is active)

3) Assign baseline to a tenant

  • Navigate to the tenant context (Admin → choose tenant)
  • Assign the baseline profile to the tenant (v1: exactly one baseline per tenant)
  • Optionally define an override filter that narrows scope

4) Compare now (Soll vs Ist)

  • Navigate to the “Soll vs Ist” landing page for the tenant
  • Click “Compare now”

Expected:

  • An OperationRun of type baseline_compare is created/reused
  • Findings are created/updated with stable fingerprints
  • The compare run summary is persisted (totals + severity breakdown)

Precondition failure checks

These should return HTTP 422 with reason_code, and must not create an OperationRun:

  • compare with no assignment: baseline.compare.no_assignment
  • compare when profile not active: baseline.compare.profile_not_active
  • compare when no active snapshot: baseline.compare.no_active_snapshot
  • capture with missing source tenant: baseline.capture.missing_source_tenant

Test focus (when implementation lands)

  • BaselineProfile CRUD + RBAC (404 vs 403)
  • Capture idempotency (dedupe snapshot identity)
  • Compare idempotency (dedupe finding fingerprint)
  • Action surfaces comply with the Filament Action Surface Contract