ahmido
dedca3c612
What’s included • specs/039-inventory-program/ — program/epic overview (vision + phased plan) • specs/041-inventory-ui/ — UI skeleton (Inventory list, Coverage, Sync Runs) • specs/042-inventory-dependencies-graph/ — dependency graph skeleton (assignments/filters/scope tags → later) • specs/043-cross-tenant-compare-and-promotion/ — compare/promotion skeleton (read-only first; writes gated later) • specs/044-drift-mvp/ — drift detection skeleton (read-only by default) Why We need a clear, spec-first structure for: • separating Inventory (“last observed”) from Snapshots/Backups (immutable) • scaling to MSP / multi-tenant workflows (portfolio, compare, monitoring) • making future modules (security suite, drift, promotion) consistent with the Constitution (fail-safe, auditability, contract-driven Graph) Scope / Non-goals (this PR) • No implementation tasks executed • No DB migrations, services, jobs, or UI changes • No changes to Graph contracts or supported policy types Review focus • Naming/numbering and folder structure (spec.md, plan.md, tasks.md for each spec) • Scope boundaries and non-goals across 041–044 • Alignment with Constitution principles (tenant isolation, read-only default for analysis, explicit gating for high-risk writes) Follow-up (next PRs) • Spec 040: Inventory Core (data model + selection hash + missing semantics + NFRs + tests) • Implementation PRs will be split per spec (040 → 041 → 042/043/044) ⸻ Co-authored-by: Ahmed Darrazi <ahmeddarrazi@adsmac.local> Reviewed-on: #42
34 lines
1.7 KiB
Markdown
34 lines
1.7 KiB
Markdown
# Tasks: Inventory Core (040)
|
|
|
|
**Input**: `specs/040-inventory-core/spec.md`, `specs/040-inventory-core/plan.md`
|
|
|
|
## P1 — MVP (US1/US2)
|
|
|
|
- [ ] T001 [US1] Define Inventory Item data model (tenant-scoped identity + last_seen fields)
|
|
- [ ] T002 [US1] Define Sync Run data model (tenant_id, selection_hash, status, timestamps, counts, stable error codes)
|
|
- [ ] T003 [US1] Implement deterministic selection hashing (canonical json + sha256)
|
|
- [ ] T004 [US1] Implement inventory upsert semantics (no duplicates)
|
|
- [ ] T005 [US1] Enforce tenant isolation in all inventory/run queries
|
|
- [ ] T006 [US2] Implement derived “missing” computation relative to latest completed run (tenant_id + selection_hash)
|
|
- [ ] T007 [US2] Ensure low-confidence missing when latestRun is partial/failed or had_errors
|
|
- [ ] T008 [US2] Implement meta_jsonb whitelist enforcement (drop unknown keys, never fail sync)
|
|
|
|
## P2 — Observability & Safety (US3 + NFR)
|
|
|
|
- [ ] T009 [US3] Ensure run records include stable error codes and counts
|
|
- [ ] T010 [NFR] Add idempotency + locks to prevent overlapping runs per tenant+selection
|
|
- [ ] T011 [NFR] Add global + per-tenant concurrency limiting strategy
|
|
- [ ] T012 [NFR] Implement throttling handling strategy (backoff + jitter for transient Graph failures)
|
|
|
|
## Tests (Required for runtime behavior)
|
|
|
|
- [ ] T020 [US1] Tests: upsert does not create duplicates; last_seen updated
|
|
- [ ] T021 [US2] Tests: missing derived per latestRun(selection_hash); selection isolation
|
|
- [ ] T022 [US2] Tests: partial/failed run => low confidence missing
|
|
- [ ] T023 [US2] Tests: meta whitelist drops unknown keys without failing
|
|
- [ ] T024 [NFR] Tests: selection_hash determinism (array ordering)
|
|
|
|
## Notes
|
|
|
|
- “deleted” is reserved and MUST NOT be produced in this feature.
|