ahmido/TenantAtlas
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects 1 Releases Wiki Activity
b776623300
TenantAtlas/specs/090-action-surface-contract-compliance/quickstart.md
ahmido 90bfe1516e feat(spec-090): action surface contract compliance (#108) 
Implements Spec 090 (Action Surface Contract Compliance & RBAC Hardening).

Highlights:
- Adds/updates action surface declarations and shrinks baseline exemptions.
- Standardizes Filament action grouping/order and empty-state CTAs.
- Enforces RBAC UX semantics (non-member -> 404, member w/o capability -> disabled + tooltip, server-side 403).
- Adds audit logging for successful side-effect actions.
- Fixes Provider Connections list context so header create + row actions resolve tenant correctly.

Tests (focused):
- vendor/bin/sail artisan test --compact tests/Feature/090/
- vendor/bin/sail artisan test --compact tests/Feature/Guards/ActionSurfaceContractTest.php
- vendor/bin/sail bin pint --dirty

Livewire/Filament:
- Filament v5 + Livewire v4 compliant.
- No panel provider registration changes (Laravel 11+ registration remains in bootstrap/providers.php).

Co-authored-by: Ahmed Darrazi <ahmed.darrazi@live.de>
Reviewed-on: #108
2026-02-13 01:30:22 +00:00

1.5 KiB
Raw Blame History

Quickstart — Spec 090 (Action Surface Contract Compliance & RBAC Hardening)

Prereqs

  • Run inside Sail.

Run the guard tests (fast feedback)

  • vendor/bin/sail artisan test --compact tests/Feature/Guards/ActionSurfaceContractTest.php

Run targeted RBAC/action tests (after implementation)

Planned additions for Spec 090 will include feature tests for:

  • Policy “Capture snapshot” authorization + audit log
  • Findings list action ordering + acknowledge gating
  • Provider connections action surface + RBAC gating
  • Backup schedules action surface + empty-state CTA gating
  • Workspace resource access semantics (non-member 404, member missing capability 403)

Run the smallest set first, e.g.:

  • vendor/bin/sail artisan test --compact --filter=ActionSurfaceContract

Run only Spec 090 tests

  • vendor/bin/sail artisan test --compact tests/Feature/090/
  • vendor/bin/sail artisan test --compact --filter=Spec090

Formatting

  • vendor/bin/sail bin pint --dirty

Manual verification checklist (post-implementation)

  • Confirm each in-scope list/table provides an inspection affordance (View action or clickable row/primary link), consistent “More” grouping, and ≤2 primary row actions.
  • Confirm destructive actions require confirmation.
  • Confirm tenant/workspace isolation: non-members get 404 semantics; members without capability get 403 on execution and disabled + tooltip in UI.
  • Confirm successful side-effect actions create an audit_logs entry with sanitized metadata.