ahmido/TenantAtlas
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects 1 Releases Wiki Activity
c57f680f39
TenantAtlas/specs/085-tenant-operate-hub/contracts/openapi.yaml
ahmido 2bf5de4663 085-tenant-operate-hub (#103) 
Summary

Consolidates the “Tenant Operate Hub” work (Spec 085) and the follow-up adjustments from the 086 session merge into a single branch ready to merge into dev.
Primary focus: stabilize Ops/Operate Hub UX flows, tighten/align authorization semantics, and make the full Sail test suite green.
Key Changes

Ops UX / Verification
Readonly members can view verification operation runs (reports) while starting verification remains restricted.
Normalized failure reason-code handling and aligned UX expectations with the provider reason-code taxonomy.
Onboarding wizard UX
“Start verification” CTA is hidden while a verification run is active; “Refresh” is shown during in-progress runs.
Treats provider_permission_denied as a blocking reason (while keeping legacy compatibility).
Test + fixture hardening
Standardized use of default provider connection fixtures in tests where sync/restore flows require it.
Fixed multiple Filament URL/tenant-context test cases to avoid 404s and reduce tenancy routing brittleness.
Policy sync / restore safety
Enrollment configuration type collision classification tests now exercise the real sync path (with required provider connection present).
Restore edge-case safety tests updated to reflect current provider-connection requirements.
Testing

vendor/bin/sail artisan test --compact (green)
vendor/bin/sail bin pint --dirty (green)
Notes

Includes merged 086 session work already (no separate PR needed).

Co-authored-by: Ahmed Darrazi <ahmeddarrazi@ebc83aaa-d947-4a08-b88e-bd72ac9645f7.fritz.box>
Co-authored-by: Ahmed Darrazi <ahmeddarrazi@MacBookPro.fritz.box>
Co-authored-by: Ahmed Darrazi <ahmeddarrazi@adsmac.fritz.box>
Reviewed-on: #103
2026-02-11 13:02:03 +00:00

77 lines
2.5 KiB
YAML
Raw Blame History

openapi: 3.0.3
info:
title: Tenant Operate Hub / Central Monitoring (UI Route Contracts)
version: 0.1.0
description: |
Internal documentation of canonical central Monitoring surfaces.
These are Filament page routes (not a public API). The contract is used to
pin down URL shapes and security semantics (404 vs 403) for acceptance.
servers:
- url: /
paths:
/admin/operations:
get:
summary: Central Monitoring - Operations index
description: |
Canonical operations list. Must render without outbound calls.
Scope semantics:
- If tenant context is active AND entitled: page is tenant-filtered by default and shows tenant-scoped header/CTAs.
- If tenant context is absent: page is workspace-wide.
- If tenant context is active but not entitled: page behaves workspace-wide and must not reveal tenant identity.
responses:
'200':
description: OK
'302':
description: Redirect to choose workspace if none selected
'403':
description: Authenticated but forbidden (capability denial after membership)
'404':
description: Deny-as-not-found when not entitled to workspace scope
/admin/clear-tenant-context:
post:
summary: Exit tenant context (Monitoring)
description: |
Clears the active tenant context for the current session.
Used by “Show all tenants” on central Monitoring pages.
responses:
'302':
description: Redirect back to a canonical Monitoring page
'404':
description: Deny-as-not-found when not entitled to workspace scope
/admin/operations/{run}:
get:
summary: Central Monitoring - Run detail
parameters:
- in: path
name: run
required: true
schema:
type: integer
responses:
'200':
description: OK
'403':
description: Authenticated but forbidden (policy denies view)
'404':
description: Deny-as-not-found when run is outside entitled scope
/admin/alerts:
get:
summary: Central Monitoring - Alerts
responses:
'200':
description: OK
'404':
description: Deny-as-not-found when not entitled to workspace scope
/admin/audit-log:
get:
summary: Central Monitoring - Audit log
responses:
'200':
description: OK
'404':
description: Deny-as-not-found when not entitled to workspace scope
Reference in New Issue View Git Blame Copy Permalink