TenantAtlas/specs/090-action-surface-contract-compliance/quickstart.md

Quickstart — Spec 090 (Action Surface Contract Compliance & RBAC Hardening)

Prereqs

• Run inside Sail.

Run the guard tests (fast feedback)

• vendor/bin/sail artisan test --compact tests/Feature/Guards/ActionSurfaceContractTest.php

Run targeted RBAC/action tests (after implementation)

Planned additions for Spec 090 will include feature tests for:

• Policy “Capture snapshot” authorization + audit log
• Findings list action ordering + acknowledge gating
• Provider connections action surface + RBAC gating
• Backup schedules action surface + empty-state CTA gating
• Workspace resource access semantics (non-member 404, member missing capability 403)

Run the smallest set first, e.g.:

• vendor/bin/sail artisan test --compact --filter=ActionSurfaceContract

Run only Spec 090 tests

• vendor/bin/sail artisan test --compact tests/Feature/090/
• vendor/bin/sail artisan test --compact --filter=Spec090

Formatting

• vendor/bin/sail bin pint --dirty

Manual verification checklist (post-implementation)

• Confirm each in-scope list/table provides an inspection affordance (View action or clickable row/primary link), consistent “More” grouping, and ≤2 primary row actions.
• Confirm destructive actions require confirmation.
• Confirm tenant/workspace isolation: non-members get 404 semantics; members without capability get 403 on execution and disabled + tooltip in UI.
• Confirm successful side-effect actions create an audit_logs entry with sanitized metadata.