Skip to content

IdLE.Provider.Intune 2 - ContextResolvers integration for Intune device inventory #216

Open
Open
IdLE.Provider.Intune 2 - ContextResolvers integration for Intune device inventory#216
Assignees
blindzero
Labels
enhancementNew feature or requestnewNew issues to be triagedprio:mediumtype:coretype:provider
@blindzero

Description

@blindzero
blindzero
opened on Feb 22, 2026

Problem Statement

After introducing a read-only Intune capability (IdLE.Device.List) and a canonical context schema, workflows should be able to populate device inventory automatically during planning, so that:

  • Step Condition can reference device/platform hints in Request.Context
  • Hosts/operators get consistent device context for manual procedures
  • Plans remain deterministic and auditable (context captured in snapshot/export)

This requires integration with the planning-time ContextResolvers mechanism.

Proposed Solution

Add/extend a planning-time resolver configuration to call provider read capabilities and write results into Request.Context.*.

For Intune device inventory:

  • Resolver configuration calls capability IdLE.Device.List
  • Writes result to: Request.Context.Devices.Intune.ManagedDevices

The resolver must:

  • run before step condition evaluation
  • fail fast if the target path is outside Request.Context
  • only allow read-only capabilities (allow-list)

Alternatives Considered

  • Host-only population: reduces portability and consistency.
  • Runtime-only device list calls: less deterministic planning and harder to audit.

Impact

  • Workflows can declaratively request device inventory context.
  • Enables consistent BYOD orchestration patterns.

Dependencies

  • Requires the generic ContextResolvers feature (planning-time) using provider capabilities.
  • Requires Intune Issue 1 (read-only provider capability + canonical schema).
  • Requires snapshot/export rules for safely including Request.Context.

Definition of Done (Step-0-Ready / Agent-Safe)

Design / Contracts

  • Document resolver usage for device inventory:
    • Capability: IdLE.Device.List
    • To: Devices.Intune.ManagedDevices (relative to Request.Context)
  • Ensure capability is in the read-only allow-list for ContextResolvers.

Implementation

  • Ensure ContextResolvers can invoke IdLE.Device.List and write to Request.Context.Devices.Intune.ManagedDevices.
  • Ensure resolver runs before Condition evaluation and influences step applicability.

Tests (Pester)

  • Planning test: resolver runs before conditions and populates device context.
  • Validation test: resolver target outside Request.Context fails.
  • Snapshot test: populated device context appears in plan export snapshot.

Docs / Examples

  • Add example workflow:
    • ContextResolvers populates Intune devices
    • a condition references Request.Context.Devices... (e.g., platform hint for BYOD)

Non-Goals (explicit)

  • No retire/wipe device actions in this issue.
  • No interactive UI behavior in IdLE.

Metadata

Metadata

Assignees

Labels

enhancementNew feature or requestnewNew issues to be triagedprio:mediumtype:coretype:provider

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions