docs(spec): add artifacts and documents for spec 368 platform UI signal-to-noise browser audit

Added browser captures, scorecard, recommendations, and follow-up spec candidates for the UI signal-to-noise browser audit.

specs/368-platform-ui-signal-to-noise-browser-audit/artifacts/raw/browser-captures.json

@@ -0,0 +1,917 @@
+[
+  {
+    "id": "001",
+    "panel": "admin",
+    "surface": "operator-surface",
+    "pageType": "dashboard",
+    "slug": "environment-dashboard",
+    "ctx": "env4",
+    "path": "/admin/workspaces/3/environments/b0091e5d-944f-4a34-bcd9-12cbfb7b75cf",
+    "requestedPath": "/admin/workspaces/3/environments/b0091e5d-944f-4a34-bcd9-12cbfb7b75cf",
+    "finalUrl": "http://localhost/admin/workspaces/3/environments/b0091e5d-944f-4a34-bcd9-12cbfb7b75cf",
+    "screenshot_path": "artifacts/screenshots/admin/001-operator-surface-dashboard-environment-dashboard.png",
+    "browser_reachable": true,
+    "status": "browser-verified",
+    "summary": {
+      "actionCount": 11,
+      "actions": [
+        "YPTW2",
+        "Clear environment scope",
+        "EN",
+        "Switch language",
+        "Save preference",
+        "23",
+        "Sign out",
+        "Request support",
+        "Open support diagnostics",
+        "Open backup posture",
+        "Open Baseline Compare"
+      ],
+      "errorish": false,
+      "h1": "YPTW2 Action needed",
+      "headings": [
+        "YPTW2 Action needed",
+        "Is this environment ready, blocked, stale, or requiring review?",
+        "Readiness dimensions",
+        "Recommended next actions",
+        "Supporting signals",
+        "Readiness proof",
+        "Notifications 23",
+        "Baseline capture completed with review notes",
+        "Inventory sync completed successfully",
+        "Review composition completed successfully"
+      ],
+      "rawIds": 0,
+      "sample": "wp YPTW2 EN TenantPilot Global search 23 ENVIRONMENT YPTW2 Workspace: wp Overview Inventory Items Policies Policy Versions Coverage Reporting Reviews Stored reports Review Packs Governance Findings Baselines Baseline Snapshots Baseline Compare Evidence Risk exceptions Backups & Restore Backup Schedules Backup Sets Restore Runs Directory Groups Workspace-wide Finding exceptions Reviews Governance inbox Decision register Operations Alerts Evidence Audit Log Customer reviews Workspace admin Manage workspaces Integrations Settings YPTW2 Action needed Environment governance overview Workspace: wp Microsoft environment Latest activity: 12 hours ago High severity findings 0 No active pressure Overdue findings 0 None overdue Missing permissions 0 Permission set complete Operations needing attention 0 No operations need attention Is this environment ready, blocked, stale, or requiring review? Action needed Recovery posture needs review Status Action needed Reason The latest completed backup was",
+      "statusLike": 16,
+      "timestamps": 4,
+      "title": "YPTW2Action needed - TenantPilot",
+      "url": "http://localhost/admin/workspaces/3/environments/b0091e5d-944f-4a34-bcd9-12cbfb7b75cf",
+      "zeroLike": 0
+    },
+    "error": null
+  },
+  {
+    "id": "002",
+    "panel": "admin",
+    "surface": "operator-surface",
+    "pageType": "list",
+    "slug": "operations-hub",
+    "ctx": "guide352",
+    "path": "/admin/workspaces/33/operations",
+    "requestedPath": "/admin/workspaces/33/operations",
+    "finalUrl": "http://localhost/admin/workspaces/33/operations",
+    "screenshot_path": "artifacts/screenshots/admin/002-operator-surface-list-operations-hub.png",
+    "browser_reachable": true,
+    "status": "browser-verified",
+    "summary": {
+      "actionCount": 14,
+      "actions": [
+        "Spec 352 Audit No Urgent Action",
+        "Spec 352 Audit Provider Blocker",
+        "Spec 352 Audit Review Output",
+        "Clear environment scope",
+        "EN",
+        "Switch language",
+        "Save preference",
+        "8",
+        "Sign out",
+        "View restore details",
+        "View restore details",
+        "0"
+      ],
+      "errorish": false,
+      "h1": "Operations",
+      "headings": [
+        "Operations",
+        "Execution follow-up",
+        "Which operation needs attention now?",
+        "No operations need follow-up",
+        "Restore execution",
+        "Restore execution",
+        "Recent runs",
+        "Filters",
+        "Columns",
+        "Notifications 8"
+      ],
+      "rawIds": 0,
+      "sample": "Spec 352 Guidance Browser Audit EN TenantPilot Global search 8 WORKSPACE Spec 352 Guidance Browser Audit 3 environments Overview Monitoring Finding exceptions Operations Alerts Evidence Audit Log Reporting Reviews Customer reviews Settings Manage workspaces Integrations Settings Governance Governance inbox Decision register Operations OPERATIONS HUB Execution follow-up Scan active, stale, failed, and partial OperationRuns. Open proof or the one safe next action without exposing diagnostics by default. Showing workspace-wide execution records across entitled environments. Needs attention 0 Failed, blocked, partial, or stale OperationRuns in scope. Active operations 0 Queued or running records with trusted progress only. Failed or blocked 2 Terminal execution records that need review before retrying. Completed recently 0 Recent execution results, not environment or governance health. DECISION WORKBENCH Which operation needs attention now? No attention needed No operations need follow-up ",
+      "statusLike": 24,
+      "timestamps": 13,
+      "title": "Operations - TenantPilot",
+      "url": "http://localhost/admin/workspaces/33/operations",
+      "zeroLike": 1
+    },
+    "error": null
+  },
+  {
+    "id": "003",
+    "panel": "admin",
+    "surface": "operator-surface",
+    "pageType": "view",
+    "slug": "operation-run",
+    "ctx": "guide352",
+    "path": "/admin/workspaces/33/operations/69",
+    "requestedPath": "/admin/workspaces/33/operations/69",
+    "finalUrl": "http://localhost/admin/workspaces/33/operations/69",
+    "screenshot_path": "artifacts/screenshots/admin/003-operator-surface-view-operation-run.png",
+    "browser_reachable": true,
+    "status": "browser-verified",
+    "summary": {
+      "actionCount": 15,
+      "actions": [
+        "Spec 352 Audit No Urgent Action",
+        "Spec 352 Audit No Urgent Action",
+        "Spec 352 Audit Provider Blocker",
+        "Spec 352 Audit Review Output",
+        "Clear environment scope",
+        "EN",
+        "Switch language",
+        "Save preference",
+        "8",
+        "Sign out",
+        "Environment scope: Spec 352 Audit No Urgent Action",
+        "Back to Operations"
+      ],
+      "errorish": false,
+      "h1": "Operation #69",
+      "headings": [
+        "Operation #69",
+        "Restore execution",
+        "Decision",
+        "Guidance",
+        "Lifecycle",
+        "Timing",
+        "Metadata",
+        "Related context",
+        "Context",
+        "Monitoring detail"
+      ],
+      "rawIds": 1,
+      "sample": "Spec 352 Guidance Browser Audit Spec 352 Audit No Urgent Action EN TenantPilot Global search 8 WORKSPACE Spec 352 Guidance Browser Audit 3 environments Overview Monitoring Finding exceptions Operations Alerts Evidence Audit Log Reporting Reviews Customer reviews Settings Manage workspaces Integrations Settings Governance Governance inbox Decision register Operation #69 Environment scope: Spec 352 Audit No Urgent Action Back to Operations Show all operations Refresh View restore details Restore continuation The restore completed without visible follow-up, but this still does not prove environment-wide recovery. Target environment recovery is not proven. Open restore run Restore execution Operation #69 Operation finished Completed successfully Decision guidance and high-signal context stay ahead of diagnostic payloads and raw JSON. TARGET No target scope details were recorded for this operation. ELAPSED 0 seconds Decision Start here to see how the operation ended, whether the result is t",
+      "statusLike": 6,
+      "timestamps": 0,
+      "title": "Operation #69 - TenantPilot",
+      "url": "http://localhost/admin/workspaces/33/operations/69",
+      "zeroLike": 0
+    },
+    "error": null
+  },
+  {
+    "id": "004",
+    "panel": "admin",
+    "surface": "workflow-surface",
+    "pageType": "list",
+    "slug": "backup-sets",
+    "ctx": "guide352",
+    "path": "/admin/workspaces/33/environments/spec-352-audit-no-urgent/backup-sets",
+    "requestedPath": "/admin/workspaces/33/environments/spec-352-audit-no-urgent/backup-sets",
+    "finalUrl": "http://localhost/admin/workspaces/33/environments/spec-352-audit-no-urgent/backup-sets",
+    "screenshot_path": "artifacts/screenshots/admin/004-workflow-surface-list-backup-sets.png",
+    "browser_reachable": true,
+    "status": "browser-verified",
+    "summary": {
+      "actionCount": 11,
+      "actions": [
+        "Spec 352 Audit No Urgent Action",
+        "Clear environment scope",
+        "EN",
+        "Switch language",
+        "Save preference",
+        "8",
+        "Sign out",
+        "Create backup set",
+        "More",
+        "Archive Backup Sets",
+        "0"
+      ],
+      "errorish": false,
+      "h1": "Backup Sets",
+      "headings": [
+        "Backup Sets",
+        "Filters",
+        "Columns",
+        "Notifications 8",
+        "Review composition was automatically reconciled",
+        "Review composition was automatically reconciled",
+        "Review composition was automatically reconciled",
+        "Review composition was automatically reconciled",
+        "Review composition was automatically reconciled",
+        "Review composition was automatically reconciled"
+      ],
+      "rawIds": 0,
+      "sample": "Spec 352 Guidance Browser Audit Spec 352 Audit No Urgent Action EN TenantPilot Global search 8 ENVIRONMENT Spec 352 Audit No Urgent Action Workspace: Spec 352 Guidance Browser Audit Overview Inventory Items Policies Policy Versions Coverage Reporting Reviews Stored reports Review Packs Governance Findings Baselines Baseline Snapshots Baseline Compare Evidence Risk exceptions Backups & Restore Backup Schedules Backup Sets Restore Runs Directory Groups Workspace-wide Finding exceptions Reviews Governance inbox Decision register Operations Alerts Evidence Audit Log Customer reviews Workspace admin Manage workspaces Integrations Settings Backup Sets List Backup Sets Create backup set Search 0 Name Status Items Backup quality Completed Spec 352 Calm Backup Completed 1 No degradations detected across 1 item Open the backup set detail to verify item-level context before relying on it for restore work. 4 days ago Open operation Showing 1 result Per page 25 50 100",
+      "statusLike": 2,
+      "timestamps": 1,
+      "title": "Backup Sets - TenantPilot",
+      "url": "http://localhost/admin/workspaces/33/environments/spec-352-audit-no-urgent/backup-sets",
+      "zeroLike": 0
+    },
+    "error": null
+  },
+  {
+    "id": "005",
+    "panel": "admin",
+    "surface": "workflow-surface",
+    "pageType": "view",
+    "slug": "backup-set",
+    "ctx": "guide352",
+    "path": "/admin/workspaces/33/environments/spec-352-audit-no-urgent/backup-sets/25",
+    "requestedPath": "/admin/workspaces/33/environments/spec-352-audit-no-urgent/backup-sets/25",
+    "finalUrl": "http://localhost/admin/workspaces/33/environments/spec-352-audit-no-urgent/backup-sets/25",
+    "screenshot_path": "artifacts/screenshots/admin/005-workflow-surface-view-backup-set.png",
+    "browser_reachable": true,
+    "status": "browser-verified",
+    "summary": {
+      "actionCount": 9,
+      "actions": [
+        "Spec 352 Audit No Urgent Action",
+        "Clear environment scope",
+        "EN",
+        "Switch language",
+        "Save preference",
+        "8",
+        "Sign out",
+        "Open operation",
+        "Archive"
+      ],
+      "errorish": false,
+      "h1": "View Backup Set",
+      "headings": [
+        "View Backup Set",
+        "Spec 352 Calm Backup",
+        "Backup quality",
+        "Backup quality counts",
+        "Timing",
+        "Lifecycle overview",
+        "Related context",
+        "Technical detail",
+        "Notifications 8",
+        "Review composition was automatically reconciled"
+      ],
+      "rawIds": 1,
+      "sample": "Spec 352 Guidance Browser Audit Spec 352 Audit No Urgent Action EN TenantPilot Global search 8 ENVIRONMENT Spec 352 Audit No Urgent Action Workspace: Spec 352 Guidance Browser Audit Overview Inventory Items Policies Policy Versions Coverage Reporting Reviews Stored reports Review Packs Governance Findings Baselines Baseline Snapshots Baseline Compare Evidence Risk exceptions Backups & Restore Backup Schedules Backup Sets Restore Runs Directory Groups Workspace-wide Finding exceptions Reviews Governance inbox Decision register Operations Alerts Evidence Audit Log Customer reviews Workspace admin Manage workspaces Integrations Settings Backup Sets View View Backup Set Open operation Spec 352 Calm Backup Backup set #25 Completed Active No degradations Backup quality, lifecycle status, and related operations stay ahead of raw backup metadata. ITEMS 1 BACKUP QUALITY No degradations detected across 1 item CREATED BY smoke-requester+352@tenantpilot.local COMPLETED Thu, Jun 4, 2026 11:30 AM CA",
+      "statusLike": 4,
+      "timestamps": 0,
+      "title": "View Backup Set - TenantPilot",
+      "url": "http://localhost/admin/workspaces/33/environments/spec-352-audit-no-urgent/backup-sets/25",
+      "zeroLike": 0
+    },
+    "error": null
+  },
+  {
+    "id": "006",
+    "panel": "admin",
+    "surface": "workflow-surface",
+    "pageType": "view",
+    "slug": "restore-run",
+    "ctx": "guide352",
+    "path": "/admin/workspaces/33/environments/spec-352-audit-no-urgent/restore-runs/4",
+    "requestedPath": "/admin/workspaces/33/environments/spec-352-audit-no-urgent/restore-runs/4",
+    "finalUrl": "http://localhost/admin/workspaces/33/environments/spec-352-audit-no-urgent/restore-runs/4",
+    "screenshot_path": "artifacts/screenshots/admin/006-workflow-surface-view-restore-run.png",
+    "browser_reachable": true,
+    "status": "browser-verified",
+    "summary": {
+      "actionCount": 9,
+      "actions": [
+        "Spec 352 Audit No Urgent Action",
+        "Clear environment scope",
+        "EN",
+        "Switch language",
+        "Save preference",
+        "8",
+        "Sign out",
+        "Open operation proof",
+        "Open operation"
+      ],
+      "errorish": false,
+      "h1": "View Restore Run",
+      "headings": [
+        "View Restore Run",
+        "Was this restore executed safely, and is recovery proof available?",
+        "Restore result summary",
+        "Item outcomes",
+        "Proof panel",
+        "Run context",
+        "Technical preview evidence",
+        "Technical record metadata",
+        "Notifications 8",
+        "Review composition was automatically reconciled"
+      ],
+      "rawIds": 0,
+      "sample": "Spec 352 Guidance Browser Audit Spec 352 Audit No Urgent Action EN TenantPilot Global search 8 ENVIRONMENT Spec 352 Audit No Urgent Action Workspace: Spec 352 Guidance Browser Audit Overview Inventory Items Policies Policy Versions Coverage Reporting Reviews Stored reports Review Packs Governance Findings Baselines Baseline Snapshots Baseline Compare Evidence Risk exceptions Backups & Restore Backup Schedules Backup Sets Restore Runs Directory Groups Workspace-wide Finding exceptions Reviews Governance inbox Decision register Operations Alerts Evidence Audit Log Customer reviews Workspace admin Manage workspaces Integrations Settings Restore Runs View View Restore Run Completed, recovery proof incomplete Completed PRIMARY OPERATOR QUESTION Was this restore executed safely, and is recovery proof available? REASON Execution completed, but post-run evidence is not available yet. The restore completed without visible follow-up, but this still does not prove environment-wide recovery. IMPAC",
+      "statusLike": 9,
+      "timestamps": 0,
+      "title": "View Restore Run - TenantPilot",
+      "url": "http://localhost/admin/workspaces/33/environments/spec-352-audit-no-urgent/restore-runs/4",
+      "zeroLike": 1
+    },
+    "error": null
+  },
+  {
+    "id": "007",
+    "panel": "admin",
+    "surface": "workflow-surface",
+    "pageType": "create",
+    "slug": "restore-create-wizard",
+    "ctx": "guide352",
+    "path": "/admin/workspaces/33/environments/spec-352-audit-no-urgent/restore-runs/create",
+    "requestedPath": "/admin/workspaces/33/environments/spec-352-audit-no-urgent/restore-runs/create",
+    "finalUrl": "http://localhost/admin/workspaces/33/environments/spec-352-audit-no-urgent/restore-runs/create",
+    "screenshot_path": "artifacts/screenshots/admin/007-workflow-surface-create-restore-create-wizard.png",
+    "browser_reachable": true,
+    "status": "browser-verified",
+    "summary": {
+      "actionCount": 12,
+      "actions": [
+        "Spec 352 Audit No Urgent Action",
+        "Clear environment scope",
+        "EN",
+        "Switch language",
+        "Save preference",
+        "8",
+        "Sign out",
+        "01 Select Backup Set Select a source.",
+        "02 Define Restore Scope Scope and mappings.",
+        "03 Safety & Conflict Checks Validate impact.",
+        "04 Preview Review changes.",
+        "05 Confirm & Execute Confirm safely."
+      ],
+      "errorish": false,
+      "h1": "Create Restore Run",
+      "headings": [
+        "Create Restore Run",
+        "Restore Safety",
+        "Backup quality summary",
+        "Safety evidence",
+        "Scope summary",
+        "Restore evidence",
+        "Validation decision",
+        "Validation evidence",
+        "Preview",
+        "Preview details"
+      ],
+      "rawIds": 0,
+      "sample": "Spec 352 Guidance Browser Audit Spec 352 Audit No Urgent Action EN TenantPilot Global search 8 ENVIRONMENT Spec 352 Audit No Urgent Action Workspace: Spec 352 Guidance Browser Audit Overview Inventory Items Policies Policy Versions Coverage Reporting Reviews Stored reports Review Packs Governance Findings Baselines Baseline Snapshots Baseline Compare Evidence Risk exceptions Backups & Restore Backup Schedules Backup Sets Restore Runs Directory Groups Workspace-wide Finding exceptions Reviews Governance inbox Decision register Operations Alerts Evidence Audit Log Customer reviews Workspace admin Manage workspaces Integrations Settings Restore Runs Create Create Restore Run 01 Select Backup Set Select a source. 02 Define Restore Scope Scope and mappings. 03 Safety & Conflict Checks Validate impact. 04 Preview Review changes. 05 Confirm & Execute Confirm safely. Restore safety decision Restore Safety Source required Status Source required Reason No backup set is selected yet. Impact Resto",
+      "statusLike": 0,
+      "timestamps": 1,
+      "title": "Create Restore Run - TenantPilot",
+      "url": "http://localhost/admin/workspaces/33/environments/spec-352-audit-no-urgent/restore-runs/create",
+      "zeroLike": 0
+    },
+    "error": null
+  },
+  {
+    "id": "008",
+    "panel": "admin",
+    "surface": "decision-surface",
+    "pageType": "view",
+    "slug": "baseline-profile",
+    "ctx": "guide352",
+    "path": "/admin/baseline-profiles/4",
+    "requestedPath": "/admin/baseline-profiles/4",
+    "finalUrl": "http://localhost/admin/baseline-profiles/4",
+    "screenshot_path": "artifacts/screenshots/admin/008-decision-surface-view-baseline-profile.png",
+    "browser_reachable": true,
+    "status": "browser-verified",
+    "summary": {
+      "actionCount": 12,
+      "actions": [
+        "Spec 352 Audit No Urgent Action",
+        "Spec 352 Audit Provider Blocker",
+        "Spec 352 Audit Review Output",
+        "Clear environment scope",
+        "EN",
+        "Switch language",
+        "Save preference",
+        "8",
+        "Sign out",
+        "Compare now",
+        "Compare assigned environments",
+        "Mark all as read"
+      ],
+      "errorish": false,
+      "h1": "View Spec 352 Calm Baseline spec-352-audit-no-urgent 20260604115033",
+      "headings": [
+        "View Spec 352 Calm Baseline spec-352-audit-no-urgent 20260604115033",
+        "Profile",
+        "Scope",
+        "Baseline truth",
+        "Related context",
+        "Metadata",
+        "Notifications 8",
+        "Review composition was automatically reconciled",
+        "Review composition was automatically reconciled",
+        "Review composition was automatically reconciled"
+      ],
+      "rawIds": 1,
+      "sample": "Spec 352 Guidance Browser Audit EN TenantPilot Global search 8 WORKSPACE Spec 352 Guidance Browser Audit 3 environments Overview Monitoring Finding exceptions Operations Alerts Evidence Audit Log Reporting Reviews Customer reviews Settings Manage workspaces Integrations Settings Governance Governance inbox Decision register Baseline Profiles Spec 352 Calm Baseline spec-352-audit-no-urgent 20260604115033 View View Spec 352 Calm Baseline spec-352-audit-no-urgent 20260604115033 Compare now Profile Name Spec 352 Calm Baseline spec-352-audit-no-urgent 20260604115033 Status Active Capture mode Opportunistic Version v4.9 Description Officia inventore a numquam ut voluptas. Scope Governed subject summary Policies: all supported Intune policy types Support readiness Capture: ready. Compare: ready. Normalization lineage Canonical governed-subject scope V2 is already stored for this baseline profile. Policy types All supported policy types (excluding foundations) Foundations None Baseline truth C",
+      "statusLike": 3,
+      "timestamps": 0,
+      "title": "View Spec 352 Calm Baseline spec-352-audit-no-urgent 20260604115033 - TenantPilot",
+      "url": "http://localhost/admin/baseline-profiles/4",
+      "zeroLike": 0
+    },
+    "error": null
+  },
+  {
+    "id": "009",
+    "panel": "admin",
+    "surface": "decision-surface",
+    "pageType": "report",
+    "slug": "baseline-compare",
+    "ctx": "guide352",
+    "path": "/admin/workspaces/33/environments/spec-352-audit-no-urgent/baseline-compare",
+    "requestedPath": "/admin/workspaces/33/environments/spec-352-audit-no-urgent/baseline-compare",
+    "finalUrl": "http://localhost/admin/workspaces/33/environments/spec-352-audit-no-urgent/baseline-compare",
+    "screenshot_path": "artifacts/screenshots/admin/009-decision-surface-report-baseline-compare.png",
+    "browser_reachable": true,
+    "status": "browser-verified",
+    "summary": {
+      "actionCount": 12,
+      "actions": [
+        "Spec 352 Audit No Urgent Action",
+        "Clear environment scope",
+        "EN",
+        "Switch language",
+        "Save preference",
+        "8",
+        "Sign out",
+        "Compare now",
+        "Review evidence",
+        "Open compare matrix",
+        "Open baseline profile",
+        "Open operation proof"
+      ],
+      "errorish": false,
+      "h1": "Baseline Compare",
+      "headings": [
+        "Baseline Compare",
+        "Which baseline drift requires action?",
+        "Compare readiness flow",
+        "Baseline compare evidence",
+        "Notifications 8",
+        "Review composition was automatically reconciled",
+        "Review composition was automatically reconciled",
+        "Review composition was automatically reconciled",
+        "Review composition was automatically reconciled",
+        "Review composition was automatically reconciled"
+      ],
+      "rawIds": 0,
+      "sample": "Spec 352 Guidance Browser Audit Spec 352 Audit No Urgent Action EN TenantPilot Global search 8 ENVIRONMENT Spec 352 Audit No Urgent Action Workspace: Spec 352 Guidance Browser Audit Overview Inventory Items Policies Policy Versions Coverage Reporting Reviews Stored reports Review Packs Governance Findings Baselines Baseline Snapshots Baseline Compare Evidence Risk exceptions Backups & Restore Backup Schedules Backup Sets Restore Runs Directory Groups Workspace-wide Finding exceptions Reviews Governance inbox Decision register Operations Alerts Evidence Audit Log Customer reviews Workspace admin Manage workspaces Integrations Settings Baseline Compare Compare now Which baseline drift requires action? No drift detected Status No drift detected Reason Current environment state matches the assigned baseline within available compare coverage. Impact No governance action is required from this compare result within available compare coverage. Assigned baseline Spec 352 Calm Baseline spec-352-",
+      "statusLike": 5,
+      "timestamps": 1,
+      "title": "Baseline Compare - TenantPilot",
+      "url": "http://localhost/admin/workspaces/33/environments/spec-352-audit-no-urgent/baseline-compare",
+      "zeroLike": 0
+    },
+    "error": null
+  },
+  {
+    "id": "011",
+    "panel": "customer",
+    "surface": "customer-surface",
+    "pageType": "report",
+    "slug": "customer-review-workspace",
+    "ctx": "review351",
+    "path": "/admin/reviews/workspace",
+    "requestedPath": "/admin/reviews/workspace",
+    "finalUrl": "http://localhost/admin/reviews/workspace",
+    "screenshot_path": "artifacts/screenshots/customer/011-customer-surface-report-customer-review-workspace.png",
+    "browser_reachable": true,
+    "status": "browser-verified",
+    "summary": {
+      "actionCount": 14,
+      "actions": [
+        "Spec 351 Browser Ready Draft",
+        "Clear environment scope",
+        "EN",
+        "Switch language",
+        "Save preference",
+        "3",
+        "Sign out",
+        "Open draft review",
+        "Review output limitations",
+        "Review accepted risks",
+        "0",
+        "Reset"
+      ],
+      "errorish": false,
+      "h1": "Customer Review Workspace",
+      "headings": [
+        "Customer Review Workspace",
+        "Customer-safe review packages",
+        "Draft review exists",
+        "Review acknowledgement",
+        "Findings needing attention",
+        "Customer-safe follow-ups",
+        "Review package index",
+        "Filters",
+        "Review consumption flow",
+        "Evidence path"
+      ],
+      "rawIds": 0,
+      "sample": "Spec 351 Review Output Smoke EN TenantPilot Global search 3 WORKSPACE Spec 351 Review Output Smoke 1 environment Overview Monitoring Finding exceptions Operations Alerts Evidence Audit Log Reporting Reviews Customer reviews Settings Manage workspaces Integrations Settings Governance Governance inbox Decision register Customer Review Workspace Customer-safe review packages Review released governance packages, evidence readiness, accepted risks, and handoff status across entitled environments. Service delivery summary only. Does not replace formal audit opinion, certification, or legal attestation. Published with limitations Requires review WHAT IS THE CURRENT REVIEW PACK OUTPUT STATE? Draft review exists A successor draft review already exists for this released output and is ready for publication. Open the draft review to publish the next governed outcome. IMPACT The next review cycle is already in progress. Open the draft review and publish it when you are ready to replace the prior re",
+      "statusLike": 21,
+      "timestamps": 0,
+      "title": "Customer Review Workspace - TenantPilot",
+      "url": "http://localhost/admin/reviews/workspace",
+      "zeroLike": 0
+    },
+    "error": null
+  },
+  {
+    "id": "010",
+    "panel": "admin",
+    "surface": "evidence-surface",
+    "pageType": "view",
+    "slug": "evidence-snapshot",
+    "ctx": "guide352Review",
+    "path": "/admin/workspaces/33/environments/spec-352-audit-review-output/evidence/22",
+    "requestedPath": "/admin/workspaces/33/environments/spec-352-audit-review-output/evidence/22",
+    "finalUrl": "http://localhost/admin/login",
+    "screenshot_path": "artifacts/screenshots/blocked-or-error/010-evidence-surface-view-evidence-snapshot-error.png",
+    "browser_reachable": false,
+    "status": "blocked-or-error",
+    "summary": {
+      "actionCount": 1,
+      "actions": [
+        "Sign in with Microsoft"
+      ],
+      "errorish": false,
+      "h1": "Sign in",
+      "headings": [
+        "Sign in"
+      ],
+      "rawIds": 0,
+      "sample": "TenantPilot Sign in Sign in with Microsoft Admin access requires an environment membership.",
+      "statusLike": 0,
+      "timestamps": 0,
+      "title": "Sign in with Microsoft - TenantPilot",
+      "url": "http://localhost/admin/login",
+      "zeroLike": 0
+    },
+    "error": null,
+    "redirectedAway": true
+  },
+  {
+    "id": "012",
+    "panel": "customer",
+    "surface": "customer-surface",
+    "pageType": "view",
+    "slug": "environment-review",
+    "ctx": "review351",
+    "path": "/admin/workspaces/32/environments/spec-351-browser-ready-draft/environment-reviews/41",
+    "requestedPath": "/admin/workspaces/32/environments/spec-351-browser-ready-draft/environment-reviews/41",
+    "finalUrl": "http://localhost/admin/workspaces/32/environments/spec-351-browser-ready-draft/environment-reviews/41",
+    "screenshot_path": "artifacts/screenshots/customer/012-customer-surface-view-environment-review.png",
+    "browser_reachable": true,
+    "status": "browser-verified",
+    "summary": {
+      "actionCount": 10,
+      "actions": [
+        "Spec 351 Browser Ready Draft",
+        "Clear environment scope",
+        "EN",
+        "Switch language",
+        "Save preference",
+        "3",
+        "Sign out",
+        "Publish review",
+        "Refresh review",
+        "Export executive pack"
+      ],
+      "errorish": false,
+      "h1": "View Review",
+      "headings": [
+        "View Review",
+        "Outcome summary",
+        "Review",
+        "Output guidance",
+        "Export not ready",
+        "Executive posture",
+        "Sections",
+        "Details",
+        "Details",
+        "Details"
+      ],
+      "rawIds": 0,
+      "sample": "Spec 351 Review Output Smoke Spec 351 Browser Ready Draft EN TenantPilot Global search 3 ENVIRONMENT Spec 351 Browser Ready Draft Workspace: Spec 351 Review Output Smoke Overview Inventory Items Policies Policy Versions Coverage Reporting Reviews Stored reports Review Packs Governance Findings Baselines Baseline Snapshots Baseline Compare Evidence Risk exceptions Backups & Restore Backup Schedules Backup Sets Restore Runs Directory Groups Workspace-wide Finding exceptions Reviews Governance inbox Decision register Operations Alerts Evidence Audit Log Customer reviews Workspace admin Manage workspaces Integrations Settings Reviews View View Review Publish review Outcome summary Publishable Publishable This review is ready for publication and executive-pack export. TECHNICAL TRUTH DETAIL REMAINS AVAILABLE BELOW THE PRIMARY EXPLANATION. NEXT STEP No action needed ARTIFACT REFERENCE Review #41 LIFECYCLE Current RETENTION Retained RESULT MEANING No issues detected RESULT TRUST Trustworthy R",
+      "statusLike": 28,
+      "timestamps": 0,
+      "title": "View Review - TenantPilot",
+      "url": "http://localhost/admin/workspaces/32/environments/spec-351-browser-ready-draft/environment-reviews/41",
+      "zeroLike": 0
+    },
+    "error": null,
+    "redirectedAway": false
+  },
+  {
+    "id": "013",
+    "panel": "customer",
+    "surface": "customer-surface",
+    "pageType": "view",
+    "slug": "review-pack",
+    "ctx": "review351",
+    "path": "/admin/workspaces/32/environments/spec-351-browser-ready-draft/review-packs/25",
+    "requestedPath": "/admin/workspaces/32/environments/spec-351-browser-ready-draft/review-packs/25",
+    "finalUrl": "http://localhost/admin/workspaces/32/environments/spec-351-browser-ready-draft/review-packs/25",
+    "screenshot_path": "artifacts/screenshots/customer/013-customer-surface-view-review-pack.png",
+    "browser_reachable": true,
+    "status": "browser-verified",
+    "summary": {
+      "actionCount": 11,
+      "actions": [
+        "Spec 351 Browser Ready Draft",
+        "Clear environment scope",
+        "EN",
+        "Switch language",
+        "Save preference",
+        "3",
+        "Sign out",
+        "View report with limitations",
+        "Download review pack with limitations",
+        "Regenerate",
+        "Mark all as read"
+      ],
+      "errorish": false,
+      "h1": "View Review Pack",
+      "headings": [
+        "View Review Pack",
+        "Outcome summary",
+        "Status",
+        "Summary",
+        "Options",
+        "Metadata",
+        "Evidence snapshot",
+        "Notifications 3",
+        "Review composition completed successfully",
+        "Review composition completed successfully"
+      ],
+      "rawIds": 0,
+      "sample": "Spec 351 Review Output Smoke Spec 351 Browser Ready Draft EN TenantPilot Global search 3 ENVIRONMENT Spec 351 Browser Ready Draft Workspace: Spec 351 Review Output Smoke Overview Inventory Items Policies Policy Versions Coverage Reporting Reviews Stored reports Review Packs Governance Findings Baselines Baseline Snapshots Baseline Compare Evidence Risk exceptions Backups & Restore Backup Schedules Backup Sets Restore Runs Directory Groups Workspace-wide Finding exceptions Reviews Governance inbox Decision register Operations Alerts Evidence Audit Log Customer reviews Workspace admin Manage workspaces Integrations Settings Review Packs View View Review Pack View report with limitations Download review pack with limitations Regenerate Outcome summary Internal only Internal only TenantPilot recorded a missing or invalid prerequisite for this workflow. TECHNICAL TRUTH DETAIL REMAINS AVAILABLE BELOW THE PRIMARY EXPLANATION. NEXT STEP Refresh the source review before sharing this pack ARTIFA",
+      "statusLike": 8,
+      "timestamps": 0,
+      "title": "View Review Pack - TenantPilot",
+      "url": "http://localhost/admin/workspaces/32/environments/spec-351-browser-ready-draft/review-packs/25",
+      "zeroLike": 0
+    },
+    "error": null,
+    "redirectedAway": false
+  },
+  {
+    "id": "014",
+    "panel": "customer",
+    "surface": "customer-surface",
+    "pageType": "view",
+    "slug": "stored-report",
+    "ctx": "review351",
+    "path": "/admin/workspaces/32/environments/spec-351-browser-ready-draft/stored-reports/51",
+    "requestedPath": "/admin/workspaces/32/environments/spec-351-browser-ready-draft/stored-reports/51",
+    "finalUrl": "http://localhost/admin/workspaces/32/environments/spec-351-browser-ready-draft/stored-reports/51",
+    "screenshot_path": "artifacts/screenshots/customer/014-customer-surface-view-stored-report.png",
+    "browser_reachable": true,
+    "status": "browser-verified",
+    "summary": {
+      "actionCount": 10,
+      "actions": [
+        "Spec 351 Browser Ready Draft",
+        "Clear environment scope",
+        "EN",
+        "Switch language",
+        "Save preference",
+        "3",
+        "Sign out",
+        "Copy JSON",
+        "Show JSON",
+        "Mark all as read"
+      ],
+      "errorish": false,
+      "h1": "View Stored Report",
+      "headings": [
+        "View Stored Report",
+        "Outcome summary",
+        "Artifact source",
+        "Stored report",
+        "Entra admin roles summary",
+        "Raw payload",
+        "Notifications 3",
+        "Review composition completed successfully",
+        "Review composition completed successfully",
+        "Review composition was automatically reconciled"
+      ],
+      "rawIds": 0,
+      "sample": "Spec 351 Review Output Smoke Spec 351 Browser Ready Draft EN TenantPilot Global search 3 ENVIRONMENT Spec 351 Browser Ready Draft Workspace: Spec 351 Review Output Smoke Overview Inventory Items Policies Policy Versions Coverage Reporting Reviews Stored reports Review Packs Governance Findings Baselines Baseline Snapshots Baseline Compare Evidence Risk exceptions Backups & Restore Backup Schedules Backup Sets Restore Runs Directory Groups Workspace-wide Finding exceptions Reviews Governance inbox Decision register Operations Alerts Evidence Audit Log Customer reviews Workspace admin Manage workspaces Integrations Settings Stored Reports View View Stored Report Outcome summary Current Current This report is the latest retained record for its report type. NEXT STEP No action needed ARTIFACT REFERENCE Stored report #51 (Entra Admin Roles report) LIFECYCLE Current RETENTION Retained RESULT MEANING No issues detected RESULT TRUST Trustworthy Artifact source Source family Stored Report Sourc",
+      "statusLike": 4,
+      "timestamps": 0,
+      "title": "View Stored Report - TenantPilot",
+      "url": "http://localhost/admin/workspaces/32/environments/spec-351-browser-ready-draft/stored-reports/51",
+      "zeroLike": 0
+    },
+    "error": null,
+    "redirectedAway": false
+  },
+  {
+    "id": "015",
+    "panel": "admin",
+    "surface": "diagnostic-surface",
+    "pageType": "diagnostics",
+    "slug": "environment-diagnostics",
+    "ctx": "guide352Provider",
+    "path": "/admin/workspaces/33/environments/spec-352-audit-provider-blocker/diagnostics",
+    "requestedPath": "/admin/workspaces/33/environments/spec-352-audit-provider-blocker/diagnostics",
+    "finalUrl": "http://localhost/admin/workspaces/33/environments/spec-352-audit-provider-blocker/diagnostics",
+    "screenshot_path": "artifacts/screenshots/admin/015-diagnostic-surface-diagnostics-environment-diagnostics.png",
+    "browser_reachable": true,
+    "status": "browser-verified",
+    "summary": {
+      "actionCount": 9,
+      "actions": [
+        "Spec 352 Audit Provider Blocker",
+        "Clear environment scope",
+        "EN",
+        "Switch language",
+        "Save preference",
+        "8",
+        "Sign out",
+        "Mark all as read",
+        "Clear"
+      ],
+      "errorish": false,
+      "h1": "Environment Diagnostics",
+      "headings": [
+        "Environment Diagnostics",
+        "ManagedEnvironment diagnostics",
+        "Notifications 8",
+        "Review composition was automatically reconciled",
+        "Review composition was automatically reconciled",
+        "Review composition was automatically reconciled",
+        "Review composition was automatically reconciled",
+        "Review composition was automatically reconciled",
+        "Review composition was automatically reconciled",
+        "Review composition was automatically reconciled"
+      ],
+      "rawIds": 0,
+      "sample": "Spec 352 Guidance Browser Audit Spec 352 Audit Provider Blocker EN TenantPilot Global search 8 ENVIRONMENT Spec 352 Audit Provider Blocker Workspace: Spec 352 Guidance Browser Audit Overview Inventory Items Policies Policy Versions Coverage Reporting Reviews Stored reports Review Packs Governance Findings Baselines Baseline Snapshots Baseline Compare Evidence Risk exceptions Backups & Restore Backup Schedules Backup Sets Restore Runs Directory Groups Workspace-wide Finding exceptions Reviews Governance inbox Decision register Operations Alerts Evidence Audit Log Customer reviews Workspace admin Manage workspaces Integrations Settings Environment Diagnostics ManagedEnvironment diagnostics Identify common tenant configuration issues and apply safe repairs. All good No known issues detected.",
+      "statusLike": 0,
+      "timestamps": 0,
+      "title": "Environment Diagnostics - TenantPilot",
+      "url": "http://localhost/admin/workspaces/33/environments/spec-352-audit-provider-blocker/diagnostics",
+      "zeroLike": 0
+    },
+    "error": null,
+    "redirectedAway": false
+  },
+  {
+    "id": "016",
+    "panel": "admin",
+    "surface": "configuration-surface",
+    "pageType": "settings",
+    "slug": "required-permissions",
+    "ctx": "guide352Provider",
+    "path": "/admin/workspaces/33/environments/spec-352-audit-provider-blocker/required-permissions",
+    "requestedPath": "/admin/workspaces/33/environments/spec-352-audit-provider-blocker/required-permissions",
+    "finalUrl": "http://localhost/admin/login",
+    "screenshot_path": "artifacts/screenshots/blocked-or-error/016-configuration-surface-settings-required-permissions-error.png",
+    "browser_reachable": false,
+    "status": "blocked-or-error",
+    "summary": {
+      "actionCount": 1,
+      "actions": [
+        "Sign in with Microsoft"
+      ],
+      "errorish": false,
+      "h1": "Sign in",
+      "headings": [
+        "Sign in"
+      ],
+      "rawIds": 0,
+      "sample": "TenantPilot Sign in Sign in with Microsoft Admin access requires an environment membership.",
+      "statusLike": 0,
+      "timestamps": 0,
+      "title": "Sign in with Microsoft - TenantPilot",
+      "url": "http://localhost/admin/login",
+      "zeroLike": 0
+    },
+    "error": null,
+    "redirectedAway": true
+  },
+  {
+    "id": "017",
+    "panel": "admin",
+    "surface": "configuration-surface",
+    "pageType": "list",
+    "slug": "provider-connections",
+    "ctx": "guide352Provider",
+    "path": "/admin/provider-connections",
+    "requestedPath": "/admin/provider-connections",
+    "finalUrl": "http://localhost/admin/provider-connections",
+    "screenshot_path": "artifacts/screenshots/admin/017-configuration-surface-list-provider-connections.png",
+    "browser_reachable": true,
+    "status": "browser-verified",
+    "summary": {
+      "actionCount": 13,
+      "actions": [
+        "Spec 352 Audit No Urgent Action",
+        "Spec 352 Audit Provider Blocker",
+        "Spec 352 Audit Review Output",
+        "Clear environment scope",
+        "EN",
+        "Switch language",
+        "Save preference",
+        "8",
+        "Sign out",
+        "0",
+        "Reset",
+        "Apply filters"
+      ],
+      "errorish": false,
+      "h1": "Provider Connections",
+      "headings": [
+        "Provider Connections",
+        "Filters",
+        "Columns"
+      ],
+      "rawIds": 0,
+      "sample": "Spec 352 Guidance Browser Audit EN TenantPilot Global search 8 WORKSPACE Spec 352 Guidance Browser Audit 3 environments Overview Monitoring Finding exceptions Operations Alerts Evidence Audit Log Reporting Reviews Customer reviews Settings Manage workspaces Integrations Settings Governance Governance inbox Decision register Provider Connections List Provider Connections Search 0 Environment Name Provider Target scope Connection type Lifecycle Consent Verification Provider capability Spec 352 Audit No Urgent Action DEV Spec 352 Audit No Urgent Action Microsoft Microsoft Spec 352 Audit No Urgent Action (spec-352-audit-no-urgent) Dedicated Enabled Granted Healthy Supported Provider connection check: Supported Spec 352 Audit Review Output DEV Spec 352 Audit Review Output Microsoft Microsoft Spec 352 Audit Review Output (spec-352-audit-review-output) Dedicated Enabled Granted Healthy Supported Provider connection check: Supported Spec 352 Audit Provider Blocker DEV Spec 352 Audit Provider B",
+      "statusLike": 3,
+      "timestamps": 0,
+      "title": "Provider Connections - TenantPilot",
+      "url": "http://localhost/admin/provider-connections",
+      "zeroLike": 0
+    },
+    "error": null,
+    "redirectedAway": false
+  },
+  {
+    "id": "031",
+    "panel": "system",
+    "surface": "system-surface",
+    "pageType": "dashboard",
+    "slug": "system-dashboard",
+    "path": "/system",
+    "requestedPath": "/system",
+    "finalUrl": "http://localhost/system/login",
+    "screenshot_path": "artifacts/screenshots/blocked-or-error/031-system-surface-dashboard-system-dashboard-error.png",
+    "browser_reachable": false,
+    "status": "blocked-or-error",
+    "summary": {
+      "actionCount": 3,
+      "actions": [
+        "Sign in",
+        "Reset settings",
+        "Search"
+      ],
+      "errorish": false,
+      "h1": "Sign in",
+      "headings": [
+        "Sign in"
+      ],
+      "rawIds": 0,
+      "sample": "Laravel Sign in Email address* Password* Remember me Sign in",
+      "statusLike": 0,
+      "timestamps": 0,
+      "title": "Login - Laravel",
+      "url": "http://localhost/system/login",
+      "zeroLike": 0
+    },
+    "error": null,
+    "screenshotError": null
+  },
+  {
+    "id": "032",
+    "panel": "system",
+    "surface": "system-surface",
+    "pageType": "list",
+    "slug": "system-operations",
+    "path": "/system/ops/runs",
+    "requestedPath": "/system/ops/runs",
+    "finalUrl": "http://localhost/system/login",
+    "screenshot_path": "artifacts/screenshots/blocked-or-error/032-system-surface-list-system-operations-error.png",
+    "browser_reachable": false,
+    "status": "blocked-or-error",
+    "summary": {
+      "actionCount": 3,
+      "actions": [
+        "Sign in",
+        "Reset settings",
+        "Search"
+      ],
+      "errorish": false,
+      "h1": "Sign in",
+      "headings": [
+        "Sign in"
+      ],
+      "rawIds": 0,
+      "sample": "Laravel Sign in Email address* Password* Remember me Sign in",
+      "statusLike": 0,
+      "timestamps": 0,
+      "title": "Login - Laravel",
+      "url": "http://localhost/system/login",
+      "zeroLike": 0
+    },
+    "error": null,
+    "screenshotError": null
+  }
+]

specs/368-platform-ui-signal-to-noise-browser-audit/artifacts/raw/browser-notes.md

@@ -0,0 +1,50 @@
+# Browser Notes
+# Browser Notes
+
+Audit date: 2026-06-08
+
+## Setup
+
+- Verification level: repo-verified
+- Laravel/Sail stack was already running when checked with `cd apps/platform && ./vendor/bin/sail ps`.
+- Local platform URL from Laravel Boost: `http://localhost/admin`.
+- Local system URL from Laravel Boost: `http://localhost/system`.
+- In-app Browser was connected in the background.
+- Viewport used for browser pass: 1440x1000 desktop.
+- Screenshot target directories were created under `specs/368-platform-ui-signal-to-noise-browser-audit/artifacts/screenshots/`.
+
+## Auth/Data Strategy
+
+- Verification level: repo-verified
+- Used the repo-provided local smoke-login route concept instead of building a new auth flow.
+- Route: `/admin/local/smoke-login`.
+- Smoke login route is limited to `local` and `testing` environments and validates user, workspace, environment, membership, tenant access, and redirect target.
+- Existing fixture configs found:
+  - `tenantpilot.backup_health.browser_smoke_fixture`
+  - `tenantpilot.review_output.browser_smoke_fixture`
+- The main intended audit workspace/environment was `spec-351-review-output-smoke` / `spec-351-browser-ready-draft`, with `spec-352-guidance-browser-audit` as a supplementary fixture set.
+
+## Runtime Interruption
+
+- Verification level: repo-verified
+- During the audit, Postgres logged a PANIC: `could not fdatasync file "000000010000000000000039": Input/output error`.
+- The failed process was a session update against the `sessions` table.
+- Postgres terminated active server processes and entered crash recovery.
+- Several subsequent read-only SQL attempts returned: `FATAL: the database system is in recovery mode`.
+- Because TenantPilot uses database sessions locally, authenticated browser page access was not reliable while recovery was active.
+
+## Browser Coverage Outcome
+
+- Verification level: browser-verified for attempted pages.
+- Postgres recovery completed and the browser pass resumed.
+- Browser-audited pages: 19.
+- Browser-reachable pages: 15.
+- Browser-blocked pages: 4.
+- Newly captured screenshots using the 368 naming convention: 19.
+- Total screenshots available in the audit directory, including pre-existing audit screenshots that were already inside the allowed directory: 43.
+- Blocked pages:
+  - Evidence Snapshot detail redirected to `/admin/login`.
+  - Required Permissions redirected to `/admin/login`.
+  - System dashboard redirected to `/system/login`.
+  - System operations redirected to `/system/login`.
+- Provider Connection detail was attempted after Provider Connections list, but browser screenshot capture timed out on that detail page. The list page was captured; the detail page remains not browser-audited in `page-inventory.csv`.

specs/368-platform-ui-signal-to-noise-browser-audit/artifacts/raw/inaccessible-pages.md

@@ -0,0 +1,10 @@
+# Inaccessible Pages
+
+Verification level: browser-verified for attempted pages, repo-verified for route existence.
+
+- 010 evidence-snapshot: requested /admin/workspaces/33/environments/spec-352-audit-review-output/evidence/22; final http://localhost/admin/login; screenshot artifacts/screenshots/blocked-or-error/010-evidence-surface-view-evidence-snapshot-error.png; verification browser-verified blocked.
+- 016 required-permissions: requested /admin/workspaces/33/environments/spec-352-audit-provider-blocker/required-permissions; final http://localhost/admin/login; screenshot artifacts/screenshots/blocked-or-error/016-configuration-surface-settings-required-permissions-error.png; verification browser-verified blocked.
+- 031 system-dashboard: requested /system; final http://localhost/system/login; screenshot artifacts/screenshots/blocked-or-error/031-system-surface-dashboard-system-dashboard-error.png; verification browser-verified blocked.
+- 032 system-operations: requested /system/ops/runs; final http://localhost/system/login; screenshot artifacts/screenshots/blocked-or-error/032-system-surface-list-system-operations-error.png; verification browser-verified blocked.
+
+Additional not-audited route surfaces are listed in page-inventory.csv with browser_reachable=not_audited.

specs/368-platform-ui-signal-to-noise-browser-audit/artifacts/raw/navigation.txt

@@ -0,0 +1,85 @@
+# Navigation Structure
+Platform-wide UI Signal-to-Noise Browser Audit Navigation Evidence
+
+Verification level: repo-verified
+Audit date: 2026-06-08
+
+Panel registration:
+- Admin panel provider: apps/platform/app/Providers/Filament/AdminPanelProvider.php
+- Admin panel path: /admin
+- System panel provider: apps/platform/app/Providers/Filament/SystemPanelProvider.php
+- System panel path: /system
+- Provider registration location: apps/platform/bootstrap/providers.php is the expected Laravel 12 location per docs/filament-guidelines.md. This audit did not modify providers.
+- Livewire runtime: Livewire 4.1.4 via Laravel Boost application_info; Filament 5.2.1.
+
+Admin navigation groups declared in AdminPanelProvider:
+- Inventory
+- Monitoring
+- Reporting
+- Settings
+- Governance
+- Backups & Restore
+- Directory
+- Workspace-wide
+- Workspace admin
+
+Admin custom navigation items declared in AdminPanelProvider:
+- Overview -> admin.home or admin.workspace.environments.show
+- Inventory / Items -> InventoryCluster
+- Inventory / Coverage -> InventoryCoverage
+- Directory / Groups -> EntraGroupResource
+- Workspace admin / Integrations -> ProviderConnectionResource
+- Workspace admin / Settings -> WorkspaceSettings
+- Workspace admin / Manage workspaces -> WorkspaceResource
+- Workspace-wide Monitoring / Operations -> OperationRunLinks::index()
+- Workspace-wide Monitoring / Alerts -> filament.admin.alerts
+- Workspace-wide Monitoring / Evidence Overview -> admin.evidence.overview
+- Workspace-wide Monitoring / Audit Log -> admin.monitoring.audit-log
+
+Admin resources declared explicitly in AdminPanelProvider:
+- PolicyResource
+- ProviderConnectionResource
+- InventoryItemResource
+- AlertDestinationResource
+- AlertRuleResource
+- AlertDeliveryResource
+- WorkspaceResource
+- BaselineProfileResource
+- BaselineSnapshotResource
+- EnvironmentReviewResource
+
+Admin discovery:
+- discoverClusters: apps/platform/app/Filament/Clusters
+- discoverResources: apps/platform/app/Filament/Resources
+- explicit pages: BaselineCompareLanding, InventoryCoverage, EnvironmentRequiredPermissions, WorkspaceSettings, CrossEnvironmentComparePage, GovernanceInbox, DecisionRegister, FindingsHygieneReport, FindingsIntakeQueue, MyFindingsInbox, FindingExceptionsQueue, CustomerReviewWorkspace, ReviewRegister.
+
+System panel discovery:
+- discoverPages: apps/platform/app/Filament/System/Pages
+- explicit page: Dashboard
+- navigation groups observed in page classes: Directory, Ops, Security, Recovery.
+
+Key custom admin routes from apps/platform/routes/web.php:
+- /admin -> admin.home
+- /admin/local/smoke-login -> local/test-only smoke login using existing users/workspace/environment
+- /admin/workspaces/{workspace}/overview -> WorkspaceOverview
+- /admin/workspaces/{workspace}/environments -> ManagedEnvironmentsLanding
+- /admin/workspaces/{workspace}/environments/{environment} -> EnvironmentDashboard
+- /admin/workspaces/{workspace}/environments/{environment}/diagnostics -> EnvironmentDiagnostics
+- /admin/workspaces/{workspace}/environments/{environment}/access-scopes -> ManageEnvironmentAccessScopes
+- /admin/workspaces/{workspace}/operations -> Operations
+- /admin/workspaces/{workspace}/operations/{run} -> TenantlessOperationRunViewer
+- /admin/evidence/overview -> EvidenceOverview
+- /admin/audit-log -> AuditLog
+- signed /admin/review-packs/{reviewPack}/download and /report
+
+Route inventory source:
+- specs/368-platform-ui-signal-to-noise-browser-audit/artifacts/raw/routes.txt
+
+Browser fixture evidence:
+- tenantpilot.backup_health.browser_smoke_fixture config exists for workspace spec-180-backup-health-smoke and user smoke-requester+180@tenantpilot.local.
+- tenantpilot.review_output.browser_smoke_fixture config exists for workspace spec-351-review-output-smoke and user smoke-requester+351@tenantpilot.local.
+- Local database read-only count before DB recovery interruption showed: users=35, workspaces=37, managed_environments=47, operation_runs=63, backup_sets=25, restore_runs=4, environment_reviews=21, evidence_snapshots=17, review_packs=15, stored_reports=31, platform_users=1.
+
+Runtime limitation observed during audit:
+- After initial data selection, Postgres logged PANIC "could not fdatasync file ... Input/output error" while updating sessions, then entered recovery mode.
+- This blocked or delayed browser verification and is recorded in browser-notes.md / inaccessible-pages.md.

specs/368-platform-ui-signal-to-noise-browser-audit/artifacts/raw/routes.txt

@@ -0,0 +1,145 @@
+
+  GET|HEAD  / ................................................................ 
+  POST      _boost/browser-logs ........................... boost.browser-logs
+  GET|HEAD  _debugbar/assets/javascript debugbar.assets.js › Barryvdh\Debugba…
+  GET|HEAD  _debugbar/assets/stylesheets debugbar.assets.css › Barryvdh\Debug…
+  DELETE    _debugbar/cache/{key}/{tags?} debugbar.cache.delete › Barryvdh\De…
+  GET|HEAD  _debugbar/clockwork/{id} debugbar.clockwork › Barryvdh\Debugbar  …
+  GET|HEAD  _debugbar/open debugbar.openhandler › Barryvdh\Debugbar › OpenHan…
+  POST      _debugbar/queries/explain debugbar.queries.explain › Barryvdh\Deb…
+  GET|HEAD  admin ................................................. admin.home
+  GET|HEAD  admin/alerts filament.admin.alerts › App\Filament\Clusters\Monito…
+  GET|HEAD  admin/alerts/alert-deliveries filament.admin.alerts.resources.ale…
+  GET|HEAD  admin/alerts/alert-deliveries/{record} filament.admin.alerts.reso…
+  GET|HEAD  admin/alerts/alert-destinations filament.admin.alerts.resources.a…
+  GET|HEAD  admin/alerts/alert-destinations/create filament.admin.alerts.reso…
+  GET|HEAD  admin/alerts/alert-destinations/{record} filament.admin.alerts.re…
+  GET|HEAD  admin/alerts/alert-destinations/{record}/edit filament.admin.aler…
+  GET|HEAD  admin/alerts/alert-rules filament.admin.alerts.resources.alert-ru…
+  GET|HEAD  admin/alerts/alert-rules/create filament.admin.alerts.resources.a…
+  GET|HEAD  admin/alerts/alert-rules/{record}/edit filament.admin.alerts.reso…
+  GET|HEAD  admin/audit-log admin.monitoring.audit-log › App\Filament\Pages\M…
+  GET|HEAD  admin/baseline-profiles filament.admin.resources.baseline-profile…
+  GET|HEAD  admin/baseline-profiles/create filament.admin.resources.baseline-…
+  GET|HEAD  admin/baseline-profiles/{record} filament.admin.resources.baselin…
+  GET|HEAD  admin/baseline-profiles/{record}/compare-matrix filament.admin.re…
+  GET|HEAD  admin/baseline-profiles/{record}/edit filament.admin.resources.ba…
+  GET|HEAD  admin/baseline-snapshots filament.admin.resources.baseline-snapsh…
+  GET|HEAD  admin/baseline-snapshots/{record} filament.admin.resources.baseli…
+  GET|HEAD  admin/choose-environment filament.admin.pages.choose-environment …
+  GET|HEAD  admin/choose-workspace filament.admin.pages.choose-workspace › Ap…
+  POST      admin/clear-environment-context admin.clear-environment-context  …
+  GET|HEAD  admin/consent/callback admin.consent.callback › AdminConsentCallb…
+  GET|HEAD  admin/consent/start admin.consent.start › ManagedEnvironmentOnboa…
+  GET|HEAD  admin/cross-environment-compare filament.admin.pages.cross-enviro…
+  GET|HEAD  admin/evidence/overview admin.evidence.overview › App\Filament\Pa…
+  GET|HEAD  admin/finding-exceptions/open-queue/{environment} admin.finding-e…
+  GET|HEAD  admin/finding-exceptions/queue filament.admin.pages.finding-excep…
+  GET|HEAD  admin/findings/hygiene filament.admin.pages.findings.hygiene › Ap…
+  GET|HEAD  admin/findings/intake filament.admin.pages.findings.intake › App\…
+  GET|HEAD  admin/findings/my-work filament.admin.pages.findings.my-work › Ap…
+  GET|HEAD  admin/governance/decisions filament.admin.pages.governance.decisi…
+  GET|HEAD  admin/governance/inbox filament.admin.pages.governance.inbox › Ap…
+  GET|HEAD  admin/local/backup-health-browser-fixture-login admin.local.backu…
+  GET|HEAD  admin/local/smoke-login .................. admin.local.smoke-login
+  GET|HEAD  admin/login filament.admin.auth.login › App\Filament\Pages\Auth\L…
+  POST      admin/logout filament.admin.auth.logout › Filament\Auth › LogoutC…
+  GET|HEAD  admin/no-access filament.admin.pages.no-access › App\Filament\Pag…
+  GET|HEAD  admin/onboarding admin.onboarding › App\Filament\Pages\Workspaces…
+  GET|HEAD  admin/onboarding/{onboardingDraft} admin.onboarding.draft › App\F…
+  GET|HEAD  admin/provider-connections filament.admin.resources.provider-conn…
+  GET|HEAD  admin/provider-connections/create filament.admin.resources.provid…
+  GET|HEAD  admin/provider-connections/{record} filament.admin.resources.prov…
+  GET|HEAD  admin/provider-connections/{record}/edit filament.admin.resources…
+  GET|HEAD  admin/rbac/callback admin.rbac.callback › RbacDelegatedAuthContro…
+  GET|HEAD  admin/rbac/start admin.rbac.start › RbacDelegatedAuthController@s…
+  GET|HEAD  admin/review-packs/{reviewPack}/download admin.review-packs.downl…
+  GET|HEAD  admin/review-packs/{reviewPack}/report admin.review-packs.report …
+  GET|HEAD  admin/reviews filament.admin.pages.reviews › App\Filament\Pages\R…
+  GET|HEAD  admin/reviews/workspace filament.admin.pages.reviews.workspace › …
+  POST      admin/select-environment admin.select-environment › SelectEnviron…
+  GET|HEAD  admin/settings/workspace filament.admin.pages.settings.workspace …
+  POST      admin/switch-workspace admin.switch-workspace › SwitchWorkspaceCo…
+  GET|HEAD  admin/workspaces filament.admin.resources.workspaces.index › App\…
+  GET|HEAD  admin/workspaces/create filament.admin.resources.workspaces.creat…
+  GET|HEAD  admin/workspaces/{record} filament.admin.resources.workspaces.vie…
+  GET|HEAD  admin/workspaces/{record}/edit filament.admin.resources.workspace…
+  GET|HEAD  admin/workspaces/{workspace}/environments admin.workspace.managed…
+  GET|HEAD  admin/workspaces/{workspace}/environments/{environment} admin.wor…
+  GET|HEAD  admin/workspaces/{workspace}/environments/{environment}/access-scopes admin.workspace.environments.access-scopes › App\Filament\Resources\ManagedEnvironmentResource\Pages\ManageEnvironmentAccessS…
+  GET|HEAD  admin/workspaces/{workspace}/environments/{environment}/backup-schedules filament.admin.resources.workspaces.{workspace}.environments.{environment}.backup-schedules.index › App\Filament\Resources\BackupScheduleResource\Pages\ListBackupS…
+  GET|HEAD  admin/workspaces/{workspace}/environments/{environment}/backup-schedules/create filament.admin.resources.workspaces.{workspace}.environments.{environment}.backup-schedules.create › App\Filament\Resources\BackupScheduleResource\Pages\Creat…
+  GET|HEAD  admin/workspaces/{workspace}/environments/{environment}/backup-schedules/{record}/edit filament.admin.resources.workspaces.{workspace}.environments.{environment}.backup-schedules.edit › App\Filament\Resources\BackupScheduleResource\Pa…
+  GET|HEAD  admin/workspaces/{workspace}/environments/{environment}/backup-sets filament.admin.resources.workspaces.{workspace}.environments.{environment}.backup-sets.index › App\Filament\Resources\BackupSetResource\Pages\ListBackupS…
+  GET|HEAD  admin/workspaces/{workspace}/environments/{environment}/backup-sets/create filament.admin.resources.workspaces.{workspace}.environments.{environment}.backup-sets.create › App\Filament\Resources\BackupSetResource\Pages\Creat…
+  GET|HEAD  admin/workspaces/{workspace}/environments/{environment}/backup-sets/{record} filament.admin.resources.workspaces.{workspace}.environments.{environment}.backup-sets.view › App\Filament\Resources\BackupSetResource\Pages\V…
+  GET|HEAD  admin/workspaces/{workspace}/environments/{environment}/baseline-compare filament.admin.pages.workspaces.{workspace}.environments.{environment}.baseline-compare › App\Filament\Pages\BaselineCompar…
+  GET|HEAD  admin/workspaces/{workspace}/environments/{environment}/diagnostics admin.workspace.environments.diagnostics › App\Filament\Pages\EnvironmentDiagnost…
+  GET|HEAD  admin/workspaces/{workspace}/environments/{environment}/entra-groups filament.admin.resources.workspaces.{workspace}.environments.{environment}.entra-groups.index › App\Filament\Resources\EntraGroupResource\Pages\ListEntraGr…
+  GET|HEAD  admin/workspaces/{workspace}/environments/{environment}/entra-groups/{record} filament.admin.resources.workspaces.{workspace}.environments.{environment}.entra-groups.view › App\Filament\Resources\EntraGroupResource\Pages\V…
+  GET|HEAD  admin/workspaces/{workspace}/environments/{environment}/environment-reviews filament.admin.resources.workspaces.{workspace}.environments.{environment}.environment-reviews.index › App\Filament\Resources\EnvironmentReviewResource\Pages\ListEnviron…
+  GET|HEAD  admin/workspaces/{workspace}/environments/{environment}/environment-reviews/{record} filament.admin.resources.workspaces.{workspace}.environments.{environment}.environment-reviews.view › App\Filament\Resources\EnvironmentReviewResource\Pages\V…
+  GET|HEAD  admin/workspaces/{workspace}/environments/{environment}/evidence …
+  GET|HEAD  admin/workspaces/{workspace}/environments/{environment}/evidence/{record} filament.admin.resources.workspaces.{workspace}.environments.{environment}.evidence.view › App\Filament\Resources\EvidenceSnapshotResource\Pages\ViewEvidenc…
+  GET|HEAD  admin/workspaces/{workspace}/environments/{environment}/finding-exceptions filament.admin.resources.workspaces.{workspace}.environments.{environment}.finding-exceptions.index › App\Filament\Resources\FindingExceptionResource\Pages\ListFinding…
+  GET|HEAD  admin/workspaces/{workspace}/environments/{environment}/finding-exceptions/{record} filament.admin.resources.workspaces.{workspace}.environments.{environment}.finding-exceptions.view › App\Filament\Resources\FindingExceptionResource\Pages\V…
+  GET|HEAD  admin/workspaces/{workspace}/environments/{environment}/findings …
+  GET|HEAD  admin/workspaces/{workspace}/environments/{environment}/findings/{record} filament.admin.resources.workspaces.{workspace}.environments.{environment}.findings.view › App\Filament\Resources\FindingResource\Pages\Vi…
+  GET|HEAD  admin/workspaces/{workspace}/environments/{environment}/inventory filament.admin.workspaces.{workspace}.environments.{environment}.inventory › App\Filament\Clusters\Inventory\InventoryCluste…
+  GET|HEAD  admin/workspaces/{workspace}/environments/{environment}/inventory-items filament.admin.resources.workspaces.{workspace}.environments.{environment}.inventory-items.index › App\Filament\Resources\InventoryItemResource\Pages\ListInvento…
+  GET|HEAD  admin/workspaces/{workspace}/environments/{environment}/inventory-items/{record} filament.admin.resources.workspaces.{workspace}.environments.{environment}.inventory-items.view › App\Filament\Resources\InventoryItemResource\Pages\V…
+  GET|HEAD  admin/workspaces/{workspace}/environments/{environment}/inventory/inventory-coverage filament.admin.workspaces.{workspace}.environments.{environment}.inventory.pages.inventory-coverage › App\Filament\Pag…
+  GET|HEAD  admin/workspaces/{workspace}/environments/{environment}/policies …
+  GET|HEAD  admin/workspaces/{workspace}/environments/{environment}/policies/{record} filament.admin.resources.workspaces.{workspace}.environments.{environment}.policies.view › App\Filament\Resources\PolicyResource\Pages\V…
+  GET|HEAD  admin/workspaces/{workspace}/environments/{environment}/policy-versions filament.admin.resources.workspaces.{workspace}.environments.{environment}.policy-versions.index › App\Filament\Resources\PolicyVersionResource\Pages\ListPolicyV…
+  GET|HEAD  admin/workspaces/{workspace}/environments/{environment}/policy-versions/{record} filament.admin.resources.workspaces.{workspace}.environments.{environment}.policy-versions.view › App\Filament\Resources\PolicyVersionResource\Pages\V…
+  GET|HEAD  admin/workspaces/{workspace}/environments/{environment}/required-permissions filament.admin.pages.workspaces.{workspace}.environments.{environment}.required-permissions › App\Filament\Pages\EnvironmentRequire…
+  GET|HEAD  admin/workspaces/{workspace}/environments/{environment}/restore-runs filament.admin.resources.workspaces.{workspace}.environments.{environment}.restore-runs.index › App\Filament\Resources\RestoreRunResource\Pages\ListRestore…
+  GET|HEAD  admin/workspaces/{workspace}/environments/{environment}/restore-runs/create filament.admin.resources.workspaces.{workspace}.environments.{environment}.restore-runs.create › App\Filament\Resources\RestoreRunResource\Pages\Creat…
+  GET|HEAD  admin/workspaces/{workspace}/environments/{environment}/restore-runs/{record} filament.admin.resources.workspaces.{workspace}.environments.{environment}.restore-runs.view › App\Filament\Resources\RestoreRunResource\Pages\V…
+  GET|HEAD  admin/workspaces/{workspace}/environments/{environment}/review-packs filament.admin.resources.workspaces.{workspace}.environments.{environment}.review-packs.index › App\Filament\Resources\ReviewPackResource\Pages\ListReviewP…
+  GET|HEAD  admin/workspaces/{workspace}/environments/{environment}/review-packs/{record} filament.admin.resources.workspaces.{workspace}.environments.{environment}.review-packs.view › App\Filament\Resources\ReviewPackResource\Pages\V…
+  GET|HEAD  admin/workspaces/{workspace}/environments/{environment}/stored-reports filament.admin.resources.workspaces.{workspace}.environments.{environment}.stored-reports.index › App\Filament\Resources\StoredReportResource\Pages\ListStoredR…
+  GET|HEAD  admin/workspaces/{workspace}/environments/{environment}/stored-reports/{record} filament.admin.resources.workspaces.{workspace}.environments.{environment}.stored-reports.view › App\Filament\Resources\StoredReportResource\Pages\V…
+  GET|HEAD  admin/workspaces/{workspace}/operations admin.operations.index › …
+  GET|HEAD  admin/workspaces/{workspace}/operations/{run} admin.operations.vi…
+  GET|HEAD  admin/workspaces/{workspace}/overview admin.workspace.home › App\…
+  GET|HEAD  admin/workspaces/{workspace}/ping ........... admin.workspace.ping
+  GET|HEAD  auth/entra/callback auth.entra.callback › Auth\EntraController@ca…
+  GET|HEAD  auth/entra/redirect auth.entra.redirect › Auth\EntraController@re…
+  GET|HEAD  filament/exports/{export}/download filament.exports.download › Fi…
+  GET|HEAD  filament/imports/{import}/failed-rows/download filament.imports.f…
+  GET|HEAD  livewire-47b331c2/css/{component}.css ............................ 
+  GET|HEAD  livewire-47b331c2/css/{component}.global.css ..................... 
+  GET|HEAD  livewire-47b331c2/js/{component}.js .............................. 
+  GET|HEAD  livewire-47b331c2/livewire.csp.min.js.map Livewire\Mechanisms › F…
+  GET|HEAD  livewire-47b331c2/livewire.js Livewire\Mechanisms › FrontendAsset…
+  GET|HEAD  livewire-47b331c2/livewire.min.js.map Livewire\Mechanisms › Front…
+  GET|HEAD  livewire-47b331c2/preview-file/{filename} livewire.preview-file  …
+  POST      livewire-47b331c2/update default-livewire.update › Livewire\Mecha…
+  POST      livewire-47b331c2/upload-file livewire.upload-file › Livewire\Fea…
+  GET|HEAD  localization/context localization.context › LocalizationControlle…
+  POST      localization/override localization.override.update › Localization…
+  DELETE    localization/override localization.override.clear › LocalizationC…
+  GET|HEAD  storage/{path} ..................................... storage.local
+  PUT       storage/{path} .............................. storage.local.upload
+  GET|HEAD  system filament.system.pages.dashboard › App\Filament\System\Page…
+  GET|HEAD  system/directory/tenants filament.system.pages.directory.tenants …
+  GET|HEAD  system/directory/tenants/{tenant} filament.system.pages.directory…
+  GET|HEAD  system/directory/workspaces filament.system.pages.directory.works…
+  GET|HEAD  system/directory/workspaces/{workspace} filament.system.pages.dir…
+  GET|HEAD  system/login filament.system.auth.login › App\Filament\System\Pag…
+  POST      system/logout filament.system.auth.logout › Filament\Auth › Logou…
+  GET|HEAD  system/ops/controls filament.system.pages.ops.controls › App\Fila…
+  GET|HEAD  system/ops/failures filament.system.pages.ops.failures › App\Fila…
+  GET|HEAD  system/ops/runbooks filament.system.pages.ops.runbooks › App\Fila…
+  GET|HEAD  system/ops/runs filament.system.pages.ops.runs › App\Filament\Sys…
+  GET|HEAD  system/ops/runs/{run} filament.system.pages.ops.runs.{run} › App\…
+  GET|HEAD  system/ops/stuck filament.system.pages.ops.stuck › App\Filament\S…
+  GET|HEAD  system/repair-workspace-owners filament.system.pages.repair-works…
+  GET|HEAD  system/security/access-logs filament.system.pages.security.access…
+  GET|HEAD  up ............................................................... 
+  POST      users/me/locale-preference localization.preference.update › Local…
+
+                                                          Showing [141] routes
+

specs/368-platform-ui-signal-to-noise-browser-audit/audit.md

@@ -0,0 +1,146 @@
+# Platform-wide UI Signal-to-Noise Browser Audit
+
+## Executive Summary
+
+Verification level: repo-verified for branch/routes/files; browser-verified for captured screenshots; derived from existing implementation for scoring and recommendations.
+
+- Audit date: 2026-06-09 (work started 2026-06-08 and completed 2026-06-09)
+- Branch: platform-dev
+- HEAD: 564da050 feat: implement operation run actionability system (#439)
+- Pages discovered: 100 repo-verified UI routes
+- Pages browser-audited: 19
+- Screenshots created/available in audit directory: 43
+- Pages blocked/inaccessible in browser pass: 4
+- Overall platform UI maturity score: 3.6/5 across reachable browser-scored pages
+
+Top 10 productization gaps:
+
+1. P1 Evidence Snapshot detail not reachable in smoke browser context (Evidence Snapshot View)
+2. P1 System panel not browser-auditable with available fixtures (System dashboard and operations)
+3. P1 Baseline Profile view is too technical by default (Baseline Profile View)
+4. P2 Backup Set view mixes usability with lifecycle/technical metadata (Backup Set View)
+5. P2 Zero and no-attention metrics repeat already-clear outcomes (Environment Dashboard and Operations Hub)
+6. P2 Navigation and notification chrome overwhelms first viewport (Most admin/customer captured pages)
+7. P2 Provider Connections list lacks a dominant readiness decision (Provider Connections List)
+8. P2 Diagnostics page needs stronger operator guidance first (Environment Diagnostics)
+9. P2 Customer Review Workspace is good but too dense (Customer Review Workspace)
+10. P2 Operation detail is strong but still shows metadata too early (OperationRun View)
+
+Top 10 pages to refactor first:
+
+1. Baseline Profile View
+2. Backup Set View
+3. OperationRun View
+4. Customer Review Workspace
+5. Provider Connections List/View
+6. Environment Diagnostics
+7. Required Permissions
+8. Evidence Snapshot View
+9. Operations Hub
+10. Environment Dashboard
+
+Recommended next specs: Spec A, Spec B, Spec C, Spec D, Spec E from spec-candidates.md.
+
+## Method
+
+- Discovery method: repo-verified route inventory from Laravel route:list JSON/text plus Filament panel provider/resource/page inspection.
+- Browser method: browser-verified local app pass through repo-provided smoke-login route where available; system panel attempted directly and redirected to login.
+- Scoring method: derived from browser screenshots, DOM summaries, visible heading/action/status density, and the requested 0-5 criteria.
+- Screenshot method: browser viewport screenshots saved under artifacts/screenshots. Existing screenshots already present in the audit directory were retained and counted as available audit artifacts.
+- Limitations: Postgres entered crash recovery once after an fsync I/O error during a sessions update; recovery completed. Evidence Snapshot, Required Permissions, and System pages were blocked by auth/fixture reachability.
+
+## Surface Inventory Summary
+
+| Panel | Pages discovered | Browser audited | Blocked | Avg score |
+|---|---:|---:|---:|---:|
+| admin | 79 | 13 | 2 | 3.7 |
+| customer | 7 | 4 | 0 | 4.1 |
+| system | 14 | 2 | 2 | 0.0 | 2 | 2 | 0.0 |
+
+## Score Distribution
+
+| Score | Meaning | Count |
+|---|---|---:|
+| 5 | enterprise-ready | 0 |
+| 4 | minor polish | 11 |
+| 3 | usable but noisy/unclear | 4 |
+| 2 | productization gap | 0 |
+| 1 | confusing/admin-tool-like | 0 |
+| 0 | broken/not assessable | 4 |
+
+## Highest Risk Pages
+
+| Page | Surface | Score | Severity | Why |
+|---|---|---:|---|---|
+| Evidence Snapshot View | evidence_surface | 0 | P1 | Redirected to login in available smoke context. |
+| Required Permissions | configuration_surface | 0 | P1 | Redirected to login in available smoke context. |
+| System Dashboard/Ops | system_surface | 0 | P1 | No system browser fixture available; redirected to system login. |
+| Baseline Profile View | decision_surface | 2.8 | P1 | Technical/metadata vocabulary dominates the default view. |
+| Provider Connections List | configuration_surface | 3.0 | P2 | Readiness must be inferred from technical table columns. |
+
+## Best Existing Pages / Patterns
+
+| Page | Why it works | Pattern to reuse |
+|---|---|---|
+| Baseline Compare | Clear primary question, status, reason, impact, and linked evidence. | Decision-first compare summary. |
+| Restore Create Wizard | Strong step sequence and safety framing. | Process flow with safety decision. |
+| Restore Run View | Excellent primary operator question. | Restore result/proof split. |
+| Review Pack / Stored Report | Customer/auditor language is comparatively calm. | Output readiness and limitations framing. |
+
+## Global UI Bloat Patterns
+
+| Pattern | Frequency | Example | Impact | Rule |
+|---|---:|---|---|---|
+| Repeated lifecycle/status language | 10+ | Operations, Backup, Restore, Customer Review | Dilutes primary decision | One status + reason + impact block per first viewport |
+| Zero metric card spam | 3+ | Environment Dashboard, Operations Hub, Restore Run | Healthy/no-action pages still feel busy | Suppress zero metrics when summary says no action |
+| Technical metadata in main content | 5+ | Backup Set, Baseline Profile, OperationRun | Operators parse internals before decision | Move IDs/timing/normalization/provider details to sidebar/details |
+| Shell chrome density | most captured pages | Admin and customer surfaces | Page question is delayed | Reduce notification replay and customer shell density |
+| Evidence/diagnostic access ambiguity | 3 blocked/partial | Evidence Snapshot, Required Permissions, System Panel | Audit cannot verify critical surfaces | Document browser fixtures and access paths |
+
+## Customer-Safety Findings
+
+Verification level: browser-verified for Customer Review Workspace, Environment Review, Review Pack, Stored Report; blocked for Evidence Snapshot. Customer surfaces are mostly safe but dense. Evidence detail reachability must be resolved before customer/auditor evidence readiness can be fully verified.
+
+## Operator Decision Findings
+
+Verification level: browser-verified. Operations, Restore, and Baseline Compare show strong decision-first work. Backup Set and Baseline Profile still expose too much lifecycle/metadata in the main flow.
+
+## Evidence / Audit Findings
+
+Verification level: browser-verified plus blocked. Audit Log route was discovered but not captured in the bounded browser pass. Evidence Snapshot detail redirected to login. Review Pack and Stored Report are stronger evidence/output surfaces.
+
+## Diagnostics Findings
+
+Verification level: browser-verified for Environment Diagnostics; blocked for Required Permissions/System. Diagnostics need a consistent first block: what failed, likely cause, next check, related operation/evidence.
+
+## System Panel Findings
+
+Verification level: browser-verified blocked. /system and /system/ops/runs redirected to /system/login; no system smoke-auth route was found.
+
+## Prioritized Refactor Candidates
+
+| Priority | Page/Area | Reason | Suggested scope |
+|---:|---|---|---|
+| 1 | Baseline Profile View | Highest technical density among reachable pages. | Decision summary + metadata demotion. |
+| 2 | Backup Set View | Restore-critical trust surface. | Usability + item inventory first. |
+| 3 | OperationRun View | Strong page that can become target pattern. | Metadata/timing details separation. |
+| 4 | Customer Review Workspace | Customer-safe but dense. | Calm first viewport and action hierarchy. |
+| 5 | Provider Connections | Readiness should not be inferred. | Provider readiness summary. |
+| 6 | Diagnostics/Permissions/System | Access and guidance gaps. | Diagnostic contract + browser fixture. |
+
+## Recommended Global UI Rules
+
+See recommendations.md.
+
+## Recommended Follow-up Specs
+
+See spec-candidates.md.
+
+## Appendix
+
+- Page inventory: page-inventory.csv
+- Scorecard: page-scorecard.csv
+- Screenshots: artifacts/screenshots/
+- Findings: findings.md
+- Raw routes: artifacts/raw/routes.txt and artifacts/raw/routes.json
+- Browser notes: artifacts/raw/browser-notes.md

specs/368-platform-ui-signal-to-noise-browser-audit/findings.md

@@ -0,0 +1,143 @@
+# Findings
+
+Verification convention: each finding states browser-verified/repo-verified status explicitly.
+
+## UI-AUDIT-368-F01 - Evidence Snapshot detail not reachable in smoke browser context
+
+- Severity: P1
+- Surface/Page: Evidence Snapshot View
+- Screenshot: artifacts/screenshots/blocked-or-error/010-evidence-surface-view-evidence-snapshot-error.png
+- Browser verified: yes
+- Repo verified: yes
+- Problem: Evidence detail route redirected to admin login for available review/evidence fixture context.
+- Why it matters: Evidence/audit surfaces cannot be evaluated or trusted as customer-ready if fixture access is unclear.
+- User impact: Auditors and operators may be unable to verify evidence details during review flows.
+- Recommended fix direction: Document/repair evidence fixture reachability; keep evidence route authorization explicit.
+- Should be global rule: no
+- Candidate spec: Spec C
+
+## UI-AUDIT-368-F02 - System panel not browser-auditable with available fixtures
+
+- Severity: P1
+- Surface/Page: System dashboard and operations
+- Screenshot: artifacts/screenshots/blocked-or-error/031-system-surface-dashboard-system-dashboard-error.png
+- Browser verified: yes
+- Repo verified: yes
+- Problem: /system and /system/ops/runs redirected to /system/login; no system smoke auth route was found.
+- Why it matters: System surfaces are high-risk operational views and need separate productization evidence.
+- User impact: Platform-admin UI quality cannot be scored from the current browser pass.
+- Recommended fix direction: Provide a documented system-panel browser fixture or audit procedure.
+- Should be global rule: no
+- Candidate spec: Spec D
+
+## UI-AUDIT-368-F03 - Baseline Profile view is too technical by default
+
+- Severity: P1
+- Surface/Page: Baseline Profile View
+- Screenshot: artifacts/screenshots/admin/008-decision-surface-view-baseline-profile.png
+- Browser verified: yes
+- Repo verified: yes
+- Problem: The first viewport emphasizes long profile naming, capture mode, normalization lineage, foundations, and metadata over an operator decision.
+- Why it matters: Baselines should answer whether a standard is assigned, ready, comparable, and actionable.
+- User impact: Operators must parse internal terms before knowing what to do.
+- Recommended fix direction: Add decision-first baseline summary; move normalization lineage and metadata to details.
+- Should be global rule: yes
+- Candidate spec: Spec B
+
+## UI-AUDIT-368-F04 - Backup Set view mixes usability with lifecycle/technical metadata
+
+- Severity: P2
+- Surface/Page: Backup Set View
+- Screenshot: artifacts/screenshots/admin/005-workflow-surface-view-backup-set.png
+- Browser verified: yes
+- Repo verified: yes
+- Problem: Usability, timing, lifecycle, related context, and technical detail all appear as peer sections.
+- Why it matters: Backup views should answer whether the backup is usable and what it contains.
+- User impact: Restore decisions require extra scanning before trust.
+- Recommended fix direction: Make backup usability and item inventory primary; demote IDs/timing to sidebar/details.
+- Should be global rule: yes
+- Candidate spec: Spec B
+
+## UI-AUDIT-368-F05 - Zero and no-attention metrics repeat already-clear outcomes
+
+- Severity: P2
+- Surface/Page: Environment Dashboard and Operations Hub
+- Screenshot: artifacts/screenshots/admin/002-operator-surface-list-operations-hub.png
+- Browser verified: yes
+- Repo verified: yes
+- Problem: Pages show no-attention/no-pressure decisions while also showing zero cards or zero metrics.
+- Why it matters: Zero-card spam lowers signal and makes healthy pages look busy.
+- User impact: Operators spend attention on confirming absence rather than acting.
+- Recommended fix direction: Suppress zero-state metric cards when the decision summary already communicates healthy/no-action.
+- Should be global rule: yes
+- Candidate spec: Spec A
+
+## UI-AUDIT-368-F06 - Navigation and notification chrome overwhelms first viewport
+
+- Severity: P2
+- Surface/Page: Most admin/customer captured pages
+- Screenshot: artifacts/screenshots/customer/011-customer-surface-report-customer-review-workspace.png
+- Browser verified: yes
+- Repo verified: yes
+- Problem: Captured body samples repeatedly begin with global search, navigation groups, environment selector, language actions, and notification text.
+- Why it matters: A page audit should see the page question before shell utility text.
+- User impact: Customer and operator pages feel denser than their actual domain content.
+- Recommended fix direction: Reduce notification replay and consider customer/report modes with quieter shell chrome.
+- Should be global rule: yes
+- Candidate spec: Spec A
+
+## UI-AUDIT-368-F07 - Provider Connections list lacks a dominant readiness decision
+
+- Severity: P2
+- Surface/Page: Provider Connections List
+- Screenshot: artifacts/screenshots/admin/017-configuration-surface-list-provider-connections.png
+- Browser verified: yes
+- Repo verified: yes
+- Problem: Table defaults expose provider, target scope, lifecycle, consent, verification, and capability fields without a single provider readiness answer.
+- Why it matters: Provider health/configuration should answer whether Graph-backed operations are ready or blocked.
+- User impact: Support/operator users must map technical columns into readiness themselves.
+- Recommended fix direction: Add provider readiness summary; keep lifecycle/capability fields secondary.
+- Should be global rule: yes
+- Candidate spec: Spec D
+
+## UI-AUDIT-368-F08 - Diagnostics page needs stronger operator guidance first
+
+- Severity: P2
+- Surface/Page: Environment Diagnostics
+- Screenshot: artifacts/screenshots/admin/015-diagnostic-surface-diagnostics-environment-diagnostics.png
+- Browser verified: yes
+- Repo verified: yes
+- Problem: The page is correctly diagnostic, but the visible summary should lead with what failed, likely cause, and what to check next.
+- Why it matters: Diagnostics can be technical, but they still need action framing.
+- User impact: Support users may start in raw context rather than remediation path.
+- Recommended fix direction: Add what failed / why likely / next check decision block.
+- Should be global rule: yes
+- Candidate spec: Spec D
+
+## UI-AUDIT-368-F09 - Customer Review Workspace is good but too dense
+
+- Severity: P2
+- Surface/Page: Customer Review Workspace
+- Screenshot: artifacts/screenshots/customer/011-customer-surface-report-customer-review-workspace.png
+- Browser verified: yes
+- Repo verified: yes
+- Problem: Customer outcome and limitations are present, but many status phrases/actions compete in the first viewport.
+- Why it matters: Customer/auditor surfaces need especially calm defaults.
+- User impact: Customers may miss the exact review state and next handoff action.
+- Recommended fix direction: Keep outcome, readiness, limitation, export/action; demote supporting flow details.
+- Should be global rule: yes
+- Candidate spec: Spec C
+
+## UI-AUDIT-368-F10 - Operation detail is strong but still shows metadata too early
+
+- Severity: P2
+- Surface/Page: OperationRun View
+- Screenshot: artifacts/screenshots/admin/003-operator-surface-view-operation-run.png
+- Browser verified: yes
+- Repo verified: yes
+- Problem: Decision/guidance appears early, but lifecycle, timing, metadata, related context, and monitoring detail are visible as peer concepts.
+- Why it matters: Operation pages should resolve whether action is needed before showing run mechanics.
+- User impact: Operators can over-focus on run internals instead of next action.
+- Recommended fix direction: Move lifecycle/timing/metadata into a technical aside; preserve decision and guidance pattern.
+- Should be global rule: yes
+- Candidate spec: Spec B

specs/368-platform-ui-signal-to-noise-browser-audit/page-inventory.csv

@@ -0,0 +1,101 @@
+id,panel,route_name,url_or_path,page_class,resource_class,page_type,surface_type,audience,scope_type,navigation_group,entity,browser_reachable,screenshot_path,notes
+r001,admin,admin.home,/admin,Closure,,dashboard,unknown,operator,workspace_scoped,unknown,none,not_audited,,repo-verified route; not browser-audited in bounded pass
+r002,admin,filament.admin.alerts,/admin/alerts,App\Filament\Clusters\Monitoring\AlertsCluster,,list,operator_surface,operator,workspace_scoped,Monitoring,alert,not_audited,,repo-verified route; not browser-audited in bounded pass
+r003,admin,filament.admin.alerts.resources.alert-deliveries.index,/admin/alerts/alert-deliveries,App\Filament\Resources\AlertDeliveryResource\Pages\ListAlertDeliveries,App\Filament\Resources\AlertDeliveryResource,list,operator_surface,operator,workspace_scoped,Monitoring,alert,not_audited,,repo-verified route; not browser-audited in bounded pass
+r004,admin,filament.admin.alerts.resources.alert-deliveries.view,/admin/alerts/alert-deliveries/{record},App\Filament\Resources\AlertDeliveryResource\Pages\ViewAlertDelivery,App\Filament\Resources\AlertDeliveryResource,view,operator_surface,operator,workspace_scoped,Monitoring,alert,not_audited,,repo-verified route; not browser-audited in bounded pass
+r005,admin,filament.admin.alerts.resources.alert-destinations.index,/admin/alerts/alert-destinations,App\Filament\Resources\AlertDestinationResource\Pages\ListAlertDestinations,App\Filament\Resources\AlertDestinationResource,list,configuration_surface,operator,workspace_scoped,Monitoring,alert,not_audited,,repo-verified route; not browser-audited in bounded pass
+r006,admin,filament.admin.alerts.resources.alert-destinations.create,/admin/alerts/alert-destinations/create,App\Filament\Resources\AlertDestinationResource\Pages\CreateAlertDestination,App\Filament\Resources\AlertDestinationResource,create,configuration_surface,operator,workspace_scoped,Monitoring,alert,not_audited,,repo-verified route; not browser-audited in bounded pass
+r007,admin,filament.admin.alerts.resources.alert-destinations.view,/admin/alerts/alert-destinations/{record},App\Filament\Resources\AlertDestinationResource\Pages\ViewAlertDestination,App\Filament\Resources\AlertDestinationResource,view,configuration_surface,operator,workspace_scoped,Monitoring,alert,not_audited,,repo-verified route; not browser-audited in bounded pass
+r008,admin,filament.admin.alerts.resources.alert-destinations.edit,/admin/alerts/alert-destinations/{record}/edit,App\Filament\Resources\AlertDestinationResource\Pages\EditAlertDestination,App\Filament\Resources\AlertDestinationResource,edit,configuration_surface,operator,workspace_scoped,Monitoring,alert,not_audited,,repo-verified route; not browser-audited in bounded pass
+r009,admin,filament.admin.alerts.resources.alert-rules.index,/admin/alerts/alert-rules,App\Filament\Resources\AlertRuleResource\Pages\ListAlertRules,App\Filament\Resources\AlertRuleResource,list,configuration_surface,operator,workspace_scoped,Monitoring,alert,not_audited,,repo-verified route; not browser-audited in bounded pass
+r010,admin,filament.admin.alerts.resources.alert-rules.create,/admin/alerts/alert-rules/create,App\Filament\Resources\AlertRuleResource\Pages\CreateAlertRule,App\Filament\Resources\AlertRuleResource,create,configuration_surface,operator,workspace_scoped,Monitoring,alert,not_audited,,repo-verified route; not browser-audited in bounded pass
+r011,admin,filament.admin.alerts.resources.alert-rules.edit,/admin/alerts/alert-rules/{record}/edit,App\Filament\Resources\AlertRuleResource\Pages\EditAlertRule,App\Filament\Resources\AlertRuleResource,edit,configuration_surface,operator,workspace_scoped,Monitoring,alert,not_audited,,repo-verified route; not browser-audited in bounded pass
+r012,admin,admin.monitoring.audit-log,/admin/audit-log,App\Filament\Pages\Monitoring\AuditLog,,report,evidence_surface,auditor,workspace_scoped,Monitoring,none,not_audited,,repo-verified route; not browser-audited in bounded pass
+r013,admin,filament.admin.resources.baseline-profiles.index,/admin/baseline-profiles,App\Filament\Resources\BaselineProfileResource\Pages\ListBaselineProfiles,App\Filament\Resources\BaselineProfileResource,list,decision_surface,operator,mixed,Governance,baseline_profile,not_audited,,repo-verified route; not browser-audited in bounded pass
+r014,admin,filament.admin.resources.baseline-profiles.create,/admin/baseline-profiles/create,App\Filament\Resources\BaselineProfileResource\Pages\CreateBaselineProfile,App\Filament\Resources\BaselineProfileResource,create,decision_surface,operator,mixed,Governance,baseline_profile,not_audited,,repo-verified route; not browser-audited in bounded pass
+008,admin,filament.admin.resources.baseline-profiles.view,/admin/baseline-profiles/{record},App\Filament\Resources\BaselineProfileResource\Pages\ViewBaselineProfile,App\Filament\Resources\BaselineProfileResource,view,decision_surface,operator,mixed,Governance,baseline_profile,yes,artifacts/screenshots/admin/008-decision-surface-view-baseline-profile.png,browser-verified; concrete /admin/baseline-profiles/4; final http://localhost/admin/baseline-profiles/4
+r016,admin,filament.admin.resources.baseline-profiles.compare-matrix,/admin/baseline-profiles/{record}/compare-matrix,App\Filament\Pages\BaselineCompareMatrix,,view,decision_surface,operator,mixed,Governance,baseline_profile,not_audited,,repo-verified route; not browser-audited in bounded pass
+r017,admin,filament.admin.resources.baseline-profiles.edit,/admin/baseline-profiles/{record}/edit,App\Filament\Resources\BaselineProfileResource\Pages\EditBaselineProfile,App\Filament\Resources\BaselineProfileResource,edit,decision_surface,operator,mixed,Governance,baseline_profile,not_audited,,repo-verified route; not browser-audited in bounded pass
+r018,admin,filament.admin.resources.baseline-snapshots.index,/admin/baseline-snapshots,App\Filament\Resources\BaselineSnapshotResource\Pages\ListBaselineSnapshots,App\Filament\Resources\BaselineSnapshotResource,list,decision_surface,operator,workspace_scoped,Governance,baseline_snapshot,not_audited,,repo-verified route; not browser-audited in bounded pass
+r019,admin,filament.admin.resources.baseline-snapshots.view,/admin/baseline-snapshots/{record},App\Filament\Resources\BaselineSnapshotResource\Pages\ViewBaselineSnapshot,App\Filament\Resources\BaselineSnapshotResource,view,decision_surface,operator,workspace_scoped,Governance,baseline_snapshot,not_audited,,repo-verified route; not browser-audited in bounded pass
+r020,admin,filament.admin.pages.choose-environment,/admin/choose-environment,App\Filament\Pages\ChooseEnvironment,,list,unknown,operator,workspace_scoped,unknown,none,not_audited,,repo-verified route; not browser-audited in bounded pass
+r021,admin,filament.admin.pages.choose-workspace,/admin/choose-workspace,App\Filament\Pages\ChooseWorkspace,,list,unknown,operator,workspace_scoped,unknown,none,not_audited,,repo-verified route; not browser-audited in bounded pass
+r022,admin,filament.admin.pages.cross-environment-compare,/admin/cross-environment-compare,App\Filament\Pages\CrossEnvironmentComparePage,,report,decision_surface,operator,workspace_scoped,Governance,none,not_audited,,repo-verified route; not browser-audited in bounded pass
+r023,admin,admin.evidence.overview,/admin/evidence/overview,App\Filament\Pages\Monitoring\EvidenceOverview,,dashboard,evidence_surface,auditor,workspace_scoped,Monitoring,evidence_snapshot,not_audited,,repo-verified route; not browser-audited in bounded pass
+r024,admin,admin.finding-exceptions.open-queue,/admin/finding-exceptions/open-queue/{environment},App\Http\Controllers\OpenFindingExceptionsQueueController,,list,decision_surface,operator,workspace_scoped,unknown,finding_exception,not_audited,,repo-verified route; not browser-audited in bounded pass
+r025,admin,filament.admin.pages.finding-exceptions.queue,/admin/finding-exceptions/queue,App\Filament\Pages\Monitoring\FindingExceptionsQueue,,list,decision_surface,operator,workspace_scoped,Monitoring,finding_exception,not_audited,,repo-verified route; not browser-audited in bounded pass
+r026,admin,filament.admin.pages.findings.hygiene,/admin/findings/hygiene,App\Filament\Pages\Findings\FindingsHygieneReport,,list,decision_surface,operator,workspace_scoped,Governance,finding,not_audited,,repo-verified route; not browser-audited in bounded pass
+r027,admin,filament.admin.pages.findings.intake,/admin/findings/intake,App\Filament\Pages\Findings\FindingsIntakeQueue,,list,decision_surface,operator,workspace_scoped,Governance,finding,not_audited,,repo-verified route; not browser-audited in bounded pass
+r028,admin,filament.admin.pages.findings.my-work,/admin/findings/my-work,App\Filament\Pages\Findings\MyFindingsInbox,,list,decision_surface,operator,workspace_scoped,Governance,finding,not_audited,,repo-verified route; not browser-audited in bounded pass
+r029,admin,filament.admin.pages.governance.decisions,/admin/governance/decisions,App\Filament\Pages\Governance\DecisionRegister,,list,decision_surface,operator,workspace_scoped,Governance,none,not_audited,,repo-verified route; not browser-audited in bounded pass
+r030,admin,filament.admin.pages.governance.inbox,/admin/governance/inbox,App\Filament\Pages\Governance\GovernanceInbox,,list,decision_surface,operator,workspace_scoped,Governance,none,not_audited,,repo-verified route; not browser-audited in bounded pass
+r031,admin,filament.admin.auth.login,/admin/login,App\Filament\Pages\Auth\Login,,list,unknown,operator,workspace_scoped,unknown,none,not_audited,,repo-verified route; not browser-audited in bounded pass
+r032,admin,filament.admin.pages.no-access,/admin/no-access,App\Filament\Pages\NoAccess,,list,unknown,operator,workspace_scoped,unknown,none,not_audited,,repo-verified route; not browser-audited in bounded pass
+r033,admin,admin.onboarding,/admin/onboarding,App\Filament\Pages\Workspaces\ManagedEnvironmentOnboardingWizard,,list,workflow_surface,operator,workspace_scoped,unknown,none,not_audited,,repo-verified route; not browser-audited in bounded pass
+r034,admin,admin.onboarding.draft,/admin/onboarding/{onboardingDraft},App\Filament\Pages\Workspaces\ManagedEnvironmentOnboardingWizard,,list,workflow_surface,operator,workspace_scoped,unknown,none,not_audited,,repo-verified route; not browser-audited in bounded pass
+017,admin,filament.admin.resources.provider-connections.index,/admin/provider-connections,App\Filament\Resources\ProviderConnectionResource\Pages\ListProviderConnections,App\Filament\Resources\ProviderConnectionResource,list,configuration_surface,operator,mixed,Settings,provider_connection,yes,artifacts/screenshots/admin/017-configuration-surface-list-provider-connections.png,browser-verified; concrete /admin/provider-connections; final http://localhost/admin/provider-connections
+r036,admin,filament.admin.resources.provider-connections.create,/admin/provider-connections/create,App\Filament\Resources\ProviderConnectionResource\Pages\CreateProviderConnection,App\Filament\Resources\ProviderConnectionResource,create,configuration_surface,operator,mixed,Settings,provider_connection,not_audited,,repo-verified route; not browser-audited in bounded pass
+r037,admin,filament.admin.resources.provider-connections.view,/admin/provider-connections/{record},App\Filament\Resources\ProviderConnectionResource\Pages\ViewProviderConnection,App\Filament\Resources\ProviderConnectionResource,view,configuration_surface,operator,mixed,Settings,provider_connection,not_audited,,repo-verified route; not browser-audited in bounded pass
+r038,admin,filament.admin.resources.provider-connections.edit,/admin/provider-connections/{record}/edit,App\Filament\Resources\ProviderConnectionResource\Pages\EditProviderConnection,App\Filament\Resources\ProviderConnectionResource,edit,configuration_surface,operator,mixed,Settings,provider_connection,not_audited,,repo-verified route; not browser-audited in bounded pass
+r039,admin,filament.admin.pages.reviews,/admin/reviews,App\Filament\Pages\Reviews\ReviewRegister,,report,unknown,operator,workspace_scoped,Reporting,environment_review,not_audited,,repo-verified route; not browser-audited in bounded pass
+011,customer,filament.admin.pages.reviews.workspace,/admin/reviews/workspace,App\Filament\Pages\Reviews\CustomerReviewWorkspace,,report,customer_surface,customer,customer_scoped,Reporting,environment_review,yes,artifacts/screenshots/customer/011-customer-surface-report-customer-review-workspace.png,browser-verified; concrete /admin/reviews/workspace; final http://localhost/admin/reviews/workspace
+r041,admin,filament.admin.pages.settings.workspace,/admin/settings/workspace,App\Filament\Pages\Settings\WorkspaceSettings,,settings,configuration_surface,operator,workspace_scoped,Settings,none,not_audited,,repo-verified route; not browser-audited in bounded pass
+r042,admin,filament.admin.resources.workspaces.index,/admin/workspaces,App\Filament\Resources\Workspaces\Pages\ListWorkspaces,,list,configuration_surface,operator,workspace_scoped,Settings,workspace,not_audited,,repo-verified route; not browser-audited in bounded pass
+r043,admin,filament.admin.resources.workspaces.create,/admin/workspaces/create,App\Filament\Resources\Workspaces\Pages\CreateWorkspace,,create,configuration_surface,operator,workspace_scoped,Settings,workspace,not_audited,,repo-verified route; not browser-audited in bounded pass
+r044,admin,filament.admin.resources.workspaces.view,/admin/workspaces/{record},App\Filament\Resources\Workspaces\Pages\ViewWorkspace,,view,configuration_surface,operator,workspace_scoped,Settings,workspace,not_audited,,repo-verified route; not browser-audited in bounded pass
+r045,admin,filament.admin.resources.workspaces.edit,/admin/workspaces/{record}/edit,App\Filament\Resources\Workspaces\Pages\EditWorkspace,,edit,configuration_surface,operator,workspace_scoped,Settings,workspace,not_audited,,repo-verified route; not browser-audited in bounded pass
+r046,admin,admin.workspace.managed-environments.index,/admin/workspaces/{workspace}/environments,App\Filament\Pages\Workspaces\ManagedEnvironmentsLanding,,view,configuration_surface,operator,workspace_scoped,Settings,workspace,not_audited,,repo-verified route; not browser-audited in bounded pass
+001,admin,admin.workspace.environments.show,/admin/workspaces/{workspace}/environments/{environment},App\Filament\Pages\EnvironmentDashboard,,dashboard,operator_surface,operator,tenant_scoped,Settings,workspace,yes,artifacts/screenshots/admin/001-operator-surface-dashboard-environment-dashboard.png,browser-verified; concrete /admin/workspaces/3/environments/b0091e5d-944f-4a34-bcd9-12cbfb7b75cf; final http://localhost/admin/workspaces/3/environments/b0091e5d-944f-4a34-bcd9-12cbfb7b75cf
+r048,admin,admin.workspace.environments.access-scopes,/admin/workspaces/{workspace}/environments/{environment}/access-scopes,App\Filament\Resources\ManagedEnvironmentResource\Pages\ManageEnvironmentAccessScopes,App\Filament\Resources\ManagedEnvironmentResource,view,configuration_surface,operator,tenant_scoped,Settings,workspace,not_audited,,repo-verified route; not browser-audited in bounded pass
+r049,admin,filament.admin.resources.workspaces.{workspace}.environments.{environment}.backup-schedules.index,/admin/workspaces/{workspace}/environments/{environment}/backup-schedules,App\Filament\Resources\BackupScheduleResource\Pages\ListBackupSchedules,App\Filament\Resources\BackupScheduleResource,view,workflow_surface,operator,tenant_scoped,Backups & Restore,backup_schedule,not_audited,,repo-verified route; not browser-audited in bounded pass
+r050,admin,filament.admin.resources.workspaces.{workspace}.environments.{environment}.backup-schedules.create,/admin/workspaces/{workspace}/environments/{environment}/backup-schedules/create,App\Filament\Resources\BackupScheduleResource\Pages\CreateBackupSchedule,App\Filament\Resources\BackupScheduleResource,create,workflow_surface,operator,tenant_scoped,Backups & Restore,backup_schedule,not_audited,,repo-verified route; not browser-audited in bounded pass
+r051,admin,filament.admin.resources.workspaces.{workspace}.environments.{environment}.backup-schedules.edit,/admin/workspaces/{workspace}/environments/{environment}/backup-schedules/{record}/edit,App\Filament\Resources\BackupScheduleResource\Pages\EditBackupSchedule,App\Filament\Resources\BackupScheduleResource,edit,workflow_surface,operator,tenant_scoped,Backups & Restore,backup_schedule,not_audited,,repo-verified route; not browser-audited in bounded pass
+004,admin,filament.admin.resources.workspaces.{workspace}.environments.{environment}.backup-sets.index,/admin/workspaces/{workspace}/environments/{environment}/backup-sets,App\Filament\Resources\BackupSetResource\Pages\ListBackupSets,App\Filament\Resources\BackupSetResource,list,workflow_surface,operator,tenant_scoped,Backups & Restore,backup_set,yes,artifacts/screenshots/admin/004-workflow-surface-list-backup-sets.png,browser-verified; concrete /admin/workspaces/33/environments/spec-352-audit-no-urgent/backup-sets; final http://localhost/admin/workspaces/33/environments/spec-352-audit-no-urgent/backup-sets
+r053,admin,filament.admin.resources.workspaces.{workspace}.environments.{environment}.backup-sets.create,/admin/workspaces/{workspace}/environments/{environment}/backup-sets/create,App\Filament\Resources\BackupSetResource\Pages\CreateBackupSet,App\Filament\Resources\BackupSetResource,create,workflow_surface,operator,tenant_scoped,Backups & Restore,backup_set,not_audited,,repo-verified route; not browser-audited in bounded pass
+005,admin,filament.admin.resources.workspaces.{workspace}.environments.{environment}.backup-sets.view,/admin/workspaces/{workspace}/environments/{environment}/backup-sets/{record},App\Filament\Resources\BackupSetResource\Pages\ViewBackupSet,App\Filament\Resources\BackupSetResource,view,workflow_surface,operator,tenant_scoped,Backups & Restore,backup_set,yes,artifacts/screenshots/admin/005-workflow-surface-view-backup-set.png,browser-verified; concrete /admin/workspaces/33/environments/spec-352-audit-no-urgent/backup-sets/25; final http://localhost/admin/workspaces/33/environments/spec-352-audit-no-urgent/backup-sets/25
+009,admin,filament.admin.pages.workspaces.{workspace}.environments.{environment}.baseline-compare,/admin/workspaces/{workspace}/environments/{environment}/baseline-compare,App\Filament\Pages\BaselineCompareLanding,,report,decision_surface,operator,tenant_scoped,Governance,baseline_profile,yes,artifacts/screenshots/admin/009-decision-surface-report-baseline-compare.png,browser-verified; concrete /admin/workspaces/33/environments/spec-352-audit-no-urgent/baseline-compare; final http://localhost/admin/workspaces/33/environments/spec-352-audit-no-urgent/baseline-compare
+015,admin,admin.workspace.environments.diagnostics,/admin/workspaces/{workspace}/environments/{environment}/diagnostics,App\Filament\Pages\EnvironmentDiagnostics,,diagnostics,diagnostic_surface,support,tenant_scoped,Settings,workspace,yes,artifacts/screenshots/admin/015-diagnostic-surface-diagnostics-environment-diagnostics.png,browser-verified; concrete /admin/workspaces/33/environments/spec-352-audit-provider-blocker/diagnostics; final http://localhost/admin/workspaces/33/environments/spec-352-audit-provider-blocker/diagnostics
+r057,admin,filament.admin.resources.workspaces.{workspace}.environments.{environment}.entra-groups.index,/admin/workspaces/{workspace}/environments/{environment}/entra-groups,App\Filament\Resources\EntraGroupResource\Pages\ListEntraGroups,App\Filament\Resources\EntraGroupResource,view,configuration_surface,operator,tenant_scoped,Directory,workspace,not_audited,,repo-verified route; not browser-audited in bounded pass
+r058,admin,filament.admin.resources.workspaces.{workspace}.environments.{environment}.entra-groups.view,/admin/workspaces/{workspace}/environments/{environment}/entra-groups/{record},App\Filament\Resources\EntraGroupResource\Pages\ViewEntraGroup,App\Filament\Resources\EntraGroupResource,view,configuration_surface,operator,tenant_scoped,Directory,workspace,not_audited,,repo-verified route; not browser-audited in bounded pass
+r059,customer,filament.admin.resources.workspaces.{workspace}.environments.{environment}.environment-reviews.index,/admin/workspaces/{workspace}/environments/{environment}/environment-reviews,App\Filament\Resources\EnvironmentReviewResource\Pages\ListEnvironmentReviews,App\Filament\Resources\EnvironmentReviewResource,view,customer_surface,customer,tenant_scoped,Reporting,environment_review,not_audited,,repo-verified route; not browser-audited in bounded pass
+012,customer,filament.admin.resources.workspaces.{workspace}.environments.{environment}.environment-reviews.view,/admin/workspaces/{workspace}/environments/{environment}/environment-reviews/{record},App\Filament\Resources\EnvironmentReviewResource\Pages\ViewEnvironmentReview,App\Filament\Resources\EnvironmentReviewResource,view,customer_surface,customer,tenant_scoped,Reporting,environment_review,yes,artifacts/screenshots/customer/012-customer-surface-view-environment-review.png,browser-verified; concrete /admin/workspaces/32/environments/spec-351-browser-ready-draft/environment-reviews/41; final http://localhost/admin/workspaces/32/environments/spec-351-browser-ready-draft/environment-reviews/41
+r061,admin,filament.admin.resources.workspaces.{workspace}.environments.{environment}.evidence.index,/admin/workspaces/{workspace}/environments/{environment}/evidence,App\Filament\Resources\EvidenceSnapshotResource\Pages\ListEvidenceSnapshots,App\Filament\Resources\EvidenceSnapshotResource,view,evidence_surface,auditor,tenant_scoped,Governance,evidence_snapshot,not_audited,,repo-verified route; not browser-audited in bounded pass
+010,admin,filament.admin.resources.workspaces.{workspace}.environments.{environment}.evidence.view,/admin/workspaces/{workspace}/environments/{environment}/evidence/{record},App\Filament\Resources\EvidenceSnapshotResource\Pages\ViewEvidenceSnapshot,App\Filament\Resources\EvidenceSnapshotResource,view,evidence_surface,auditor,tenant_scoped,Governance,evidence_snapshot,blocked,artifacts/screenshots/blocked-or-error/010-evidence-surface-view-evidence-snapshot-error.png,blocked-or-error; concrete /admin/workspaces/33/environments/spec-352-audit-review-output/evidence/22; final http://localhost/admin/login
+r063,admin,filament.admin.resources.workspaces.{workspace}.environments.{environment}.finding-exceptions.index,/admin/workspaces/{workspace}/environments/{environment}/finding-exceptions,App\Filament\Resources\FindingExceptionResource\Pages\ListFindingExceptions,App\Filament\Resources\FindingExceptionResource,view,decision_surface,operator,tenant_scoped,Settings,finding_exception,not_audited,,repo-verified route; not browser-audited in bounded pass
+r064,admin,filament.admin.resources.workspaces.{workspace}.environments.{environment}.finding-exceptions.view,/admin/workspaces/{workspace}/environments/{environment}/finding-exceptions/{record},App\Filament\Resources\FindingExceptionResource\Pages\ViewFindingException,App\Filament\Resources\FindingExceptionResource,view,decision_surface,operator,tenant_scoped,Settings,finding_exception,not_audited,,repo-verified route; not browser-audited in bounded pass
+r065,admin,filament.admin.resources.workspaces.{workspace}.environments.{environment}.findings.index,/admin/workspaces/{workspace}/environments/{environment}/findings,App\Filament\Resources\FindingResource\Pages\ListFindings,App\Filament\Resources\FindingResource,view,decision_surface,operator,tenant_scoped,Governance,finding,not_audited,,repo-verified route; not browser-audited in bounded pass
+r066,admin,filament.admin.resources.workspaces.{workspace}.environments.{environment}.findings.view,/admin/workspaces/{workspace}/environments/{environment}/findings/{record},App\Filament\Resources\FindingResource\Pages\ViewFinding,App\Filament\Resources\FindingResource,view,decision_surface,operator,tenant_scoped,Governance,finding,not_audited,,repo-verified route; not browser-audited in bounded pass
+r067,admin,filament.admin.workspaces.{workspace}.environments.{environment}.inventory,/admin/workspaces/{workspace}/environments/{environment}/inventory,App\Filament\Clusters\Inventory\InventoryCluster,,view,configuration_surface,operator,tenant_scoped,Inventory,inventory_item,not_audited,,repo-verified route; not browser-audited in bounded pass
+r068,admin,filament.admin.resources.workspaces.{workspace}.environments.{environment}.inventory-items.index,/admin/workspaces/{workspace}/environments/{environment}/inventory-items,App\Filament\Resources\InventoryItemResource\Pages\ListInventoryItems,App\Filament\Resources\InventoryItemResource,view,configuration_surface,operator,tenant_scoped,Inventory,inventory_item,not_audited,,repo-verified route; not browser-audited in bounded pass
+r069,admin,filament.admin.resources.workspaces.{workspace}.environments.{environment}.inventory-items.view,/admin/workspaces/{workspace}/environments/{environment}/inventory-items/{record},App\Filament\Resources\InventoryItemResource\Pages\ViewInventoryItem,App\Filament\Resources\InventoryItemResource,view,configuration_surface,operator,tenant_scoped,Inventory,inventory_item,not_audited,,repo-verified route; not browser-audited in bounded pass
+r070,admin,filament.admin.workspaces.{workspace}.environments.{environment}.inventory.pages.inventory-coverage,/admin/workspaces/{workspace}/environments/{environment}/inventory/inventory-coverage,App\Filament\Pages\InventoryCoverage,,view,configuration_surface,operator,tenant_scoped,Inventory,inventory_item,not_audited,,repo-verified route; not browser-audited in bounded pass
+r071,admin,filament.admin.resources.workspaces.{workspace}.environments.{environment}.policies.index,/admin/workspaces/{workspace}/environments/{environment}/policies,App\Filament\Resources\PolicyResource\Pages\ListPolicies,App\Filament\Resources\PolicyResource,view,configuration_surface,operator,tenant_scoped,Inventory,policy,not_audited,,repo-verified route; not browser-audited in bounded pass
+r072,admin,filament.admin.resources.workspaces.{workspace}.environments.{environment}.policies.view,/admin/workspaces/{workspace}/environments/{environment}/policies/{record},App\Filament\Resources\PolicyResource\Pages\ViewPolicy,App\Filament\Resources\PolicyResource,view,configuration_surface,operator,tenant_scoped,Inventory,policy,not_audited,,repo-verified route; not browser-audited in bounded pass
+r073,admin,filament.admin.resources.workspaces.{workspace}.environments.{environment}.policy-versions.index,/admin/workspaces/{workspace}/environments/{environment}/policy-versions,App\Filament\Resources\PolicyVersionResource\Pages\ListPolicyVersions,App\Filament\Resources\PolicyVersionResource,view,configuration_surface,operator,tenant_scoped,Inventory,policy_version,not_audited,,repo-verified route; not browser-audited in bounded pass
+r074,admin,filament.admin.resources.workspaces.{workspace}.environments.{environment}.policy-versions.view,/admin/workspaces/{workspace}/environments/{environment}/policy-versions/{record},App\Filament\Resources\PolicyVersionResource\Pages\ViewPolicyVersion,App\Filament\Resources\PolicyVersionResource,view,configuration_surface,operator,tenant_scoped,Inventory,policy_version,not_audited,,repo-verified route; not browser-audited in bounded pass
+016,admin,filament.admin.pages.workspaces.{workspace}.environments.{environment}.required-permissions,/admin/workspaces/{workspace}/environments/{environment}/required-permissions,App\Filament\Pages\EnvironmentRequiredPermissions,,settings,configuration_surface,support,tenant_scoped,Settings,workspace,blocked,artifacts/screenshots/blocked-or-error/016-configuration-surface-settings-required-permissions-error.png,blocked-or-error; concrete /admin/workspaces/33/environments/spec-352-audit-provider-blocker/required-permissions; final http://localhost/admin/login
+r076,admin,filament.admin.resources.workspaces.{workspace}.environments.{environment}.restore-runs.index,/admin/workspaces/{workspace}/environments/{environment}/restore-runs,App\Filament\Resources\RestoreRunResource\Pages\ListRestoreRuns,App\Filament\Resources\RestoreRunResource,view,workflow_surface,operator,tenant_scoped,Backups & Restore,restore_run,not_audited,,repo-verified route; not browser-audited in bounded pass
+007,admin,filament.admin.resources.workspaces.{workspace}.environments.{environment}.restore-runs.create,/admin/workspaces/{workspace}/environments/{environment}/restore-runs/create,App\Filament\Resources\RestoreRunResource\Pages\CreateRestoreRun,App\Filament\Resources\RestoreRunResource,create,workflow_surface,operator,tenant_scoped,Backups & Restore,restore_run,yes,artifacts/screenshots/admin/007-workflow-surface-create-restore-create-wizard.png,browser-verified; concrete /admin/workspaces/33/environments/spec-352-audit-no-urgent/restore-runs/create; final http://localhost/admin/workspaces/33/environments/spec-352-audit-no-urgent/restore-runs/create
+006,admin,filament.admin.resources.workspaces.{workspace}.environments.{environment}.restore-runs.view,/admin/workspaces/{workspace}/environments/{environment}/restore-runs/{record},App\Filament\Resources\RestoreRunResource\Pages\ViewRestoreRun,App\Filament\Resources\RestoreRunResource,view,workflow_surface,operator,tenant_scoped,Backups & Restore,restore_run,yes,artifacts/screenshots/admin/006-workflow-surface-view-restore-run.png,browser-verified; concrete /admin/workspaces/33/environments/spec-352-audit-no-urgent/restore-runs/4; final http://localhost/admin/workspaces/33/environments/spec-352-audit-no-urgent/restore-runs/4
+r079,customer,filament.admin.resources.workspaces.{workspace}.environments.{environment}.review-packs.index,/admin/workspaces/{workspace}/environments/{environment}/review-packs,App\Filament\Resources\ReviewPackResource\Pages\ListReviewPacks,App\Filament\Resources\ReviewPackResource,view,customer_surface,customer,tenant_scoped,Reporting,review_pack,not_audited,,repo-verified route; not browser-audited in bounded pass
+013,customer,filament.admin.resources.workspaces.{workspace}.environments.{environment}.review-packs.view,/admin/workspaces/{workspace}/environments/{environment}/review-packs/{record},App\Filament\Resources\ReviewPackResource\Pages\ViewReviewPack,App\Filament\Resources\ReviewPackResource,view,customer_surface,customer,tenant_scoped,Reporting,review_pack,yes,artifacts/screenshots/customer/013-customer-surface-view-review-pack.png,browser-verified; concrete /admin/workspaces/32/environments/spec-351-browser-ready-draft/review-packs/25; final http://localhost/admin/workspaces/32/environments/spec-351-browser-ready-draft/review-packs/25
+r081,customer,filament.admin.resources.workspaces.{workspace}.environments.{environment}.stored-reports.index,/admin/workspaces/{workspace}/environments/{environment}/stored-reports,App\Filament\Resources\StoredReportResource\Pages\ListStoredReports,App\Filament\Resources\StoredReportResource,view,customer_surface,customer,tenant_scoped,Reporting,stored_report,not_audited,,repo-verified route; not browser-audited in bounded pass
+014,customer,filament.admin.resources.workspaces.{workspace}.environments.{environment}.stored-reports.view,/admin/workspaces/{workspace}/environments/{environment}/stored-reports/{record},App\Filament\Resources\StoredReportResource\Pages\ViewStoredReport,App\Filament\Resources\StoredReportResource,view,customer_surface,customer,tenant_scoped,Reporting,stored_report,yes,artifacts/screenshots/customer/014-customer-surface-view-stored-report.png,browser-verified; concrete /admin/workspaces/32/environments/spec-351-browser-ready-draft/stored-reports/51; final http://localhost/admin/workspaces/32/environments/spec-351-browser-ready-draft/stored-reports/51
+002,admin,admin.operations.index,/admin/workspaces/{workspace}/operations,App\Filament\Pages\Monitoring\Operations,,list,operator_surface,operator,workspace_scoped,Monitoring,operation,yes,artifacts/screenshots/admin/002-operator-surface-list-operations-hub.png,browser-verified; concrete /admin/workspaces/33/operations; final http://localhost/admin/workspaces/33/operations
+003,admin,admin.operations.view,/admin/workspaces/{workspace}/operations/{run},App\Filament\Pages\Operations\TenantlessOperationRunViewer,,view,operator_surface,operator,workspace_scoped,Monitoring,operation,yes,artifacts/screenshots/admin/003-operator-surface-view-operation-run.png,browser-verified; concrete /admin/workspaces/33/operations/69; final http://localhost/admin/workspaces/33/operations/69
+r085,admin,admin.workspace.home,/admin/workspaces/{workspace}/overview,App\Filament\Pages\WorkspaceOverview,,view,configuration_surface,operator,workspace_scoped,Settings,workspace,not_audited,,repo-verified route; not browser-audited in bounded pass
+r086,admin,admin.workspace.ping,/admin/workspaces/{workspace}/ping,Closure,,view,configuration_surface,operator,workspace_scoped,Settings,workspace,not_audited,,repo-verified route; not browser-audited in bounded pass
+031,system,filament.system.pages.dashboard,/system,App\Filament\System\Pages\Dashboard,,dashboard,system_surface,platform_admin,system_scoped,System,none,blocked,artifacts/screenshots/blocked-or-error/031-system-surface-dashboard-system-dashboard-error.png,blocked-or-error; concrete /system; final http://localhost/system/login
+r088,system,filament.system.pages.directory.tenants,/system/directory/tenants,App\Filament\System\Pages\Directory\Tenants,,list,system_surface,platform_admin,system_scoped,Directory,none,not_audited,,repo-verified route; not browser-audited in bounded pass
+r089,system,filament.system.pages.directory.tenants.{tenant},/system/directory/tenants/{tenant},App\Filament\System\Pages\Directory\ViewTenant,,view,system_surface,platform_admin,system_scoped,Directory,none,not_audited,,repo-verified route; not browser-audited in bounded pass
+r090,system,filament.system.pages.directory.workspaces,/system/directory/workspaces,App\Filament\System\Pages\Directory\Workspaces,,list,system_surface,platform_admin,system_scoped,Settings,workspace,not_audited,,repo-verified route; not browser-audited in bounded pass
+r091,system,filament.system.pages.directory.workspaces.{workspace},/system/directory/workspaces/{workspace},App\Filament\System\Pages\Directory\ViewWorkspace,,view,system_surface,platform_admin,system_scoped,Settings,workspace,not_audited,,repo-verified route; not browser-audited in bounded pass
+r092,system,filament.system.auth.login,/system/login,App\Filament\System\Pages\Auth\Login,,list,system_surface,platform_admin,system_scoped,System,none,not_audited,,repo-verified route; not browser-audited in bounded pass
+r093,system,filament.system.pages.ops.controls,/system/ops/controls,App\Filament\System\Pages\Ops\Controls,,settings,system_surface,platform_admin,system_scoped,Ops,none,not_audited,,repo-verified route; not browser-audited in bounded pass
+r094,system,filament.system.pages.ops.failures,/system/ops/failures,App\Filament\System\Pages\Ops\Failures,,diagnostics,system_surface,platform_admin,system_scoped,Ops,none,not_audited,,repo-verified route; not browser-audited in bounded pass
+r095,system,filament.system.pages.ops.runbooks,/system/ops/runbooks,App\Filament\System\Pages\Ops\Runbooks,,list,system_surface,platform_admin,system_scoped,Ops,none,not_audited,,repo-verified route; not browser-audited in bounded pass
+032,system,filament.system.pages.ops.runs,/system/ops/runs,App\Filament\System\Pages\Ops\Runs,,list,system_surface,platform_admin,system_scoped,Ops,none,blocked,artifacts/screenshots/blocked-or-error/032-system-surface-list-system-operations-error.png,blocked-or-error; concrete /system/ops/runs; final http://localhost/system/login
+r097,system,filament.system.pages.ops.runs.{run},/system/ops/runs/{run},App\Filament\System\Pages\Ops\ViewRun,,view,system_surface,platform_admin,system_scoped,Ops,none,not_audited,,repo-verified route; not browser-audited in bounded pass
+r098,system,filament.system.pages.ops.stuck,/system/ops/stuck,App\Filament\System\Pages\Ops\Stuck,,list,system_surface,platform_admin,system_scoped,Ops,none,not_audited,,repo-verified route; not browser-audited in bounded pass
+r099,system,filament.system.pages.repair-workspace-owners,/system/repair-workspace-owners,App\Filament\System\Pages\RepairWorkspaceOwners,,list,system_surface,platform_admin,system_scoped,System,none,not_audited,,repo-verified route; not browser-audited in bounded pass
+r100,system,filament.system.pages.security.access-logs,/system/security/access-logs,App\Filament\System\Pages\Security\AccessLogs,,diagnostics,system_surface,platform_admin,system_scoped,Security,none,not_audited,,repo-verified route; not browser-audited in bounded pass

specs/368-platform-ui-signal-to-noise-browser-audit/page-scorecard.csv

@@ -0,0 +1,20 @@
+id,panel,path,page_title,surface_type,audience,scope_type,screenshot_path,primary_question_clear_score,decision_first_score,signal_to_noise_score,progressive_disclosure_score,metadata_separation_score,zero_state_suppression_score,next_action_score,evidence_access_score,customer_safety_score,overall_score,severity,top_problem,recommended_action,recommended_spec_candidate
+001,admin,/admin/workspaces/3/environments/b0091e5d-944f-4a34-bcd9-12cbfb7b75cf,YPTW2 Action needed,operator_surface,operator,tenant_scoped,artifacts/screenshots/admin/001-operator-surface-dashboard-environment-dashboard.png,4,4,3,4,3,3,4,3,4,3.6,P2,"Dashboard answers readiness, but navigation chrome and repeated zero/health metrics compete with the decision.",Keep readiness decision first; suppress zero-pressure cards and demote support signals.,Spec B
+002,admin,/admin/workspaces/33/operations,Operations,operator_surface,operator,workspace_scoped,artifacts/screenshots/admin/002-operator-surface-list-operations-hub.png,4,4,3,4,3,3,4,3,4,3.6,P2,Operations hub is decision-oriented but repeats counts/status and shows zero metrics beside no-attention copy.,Collapse zero-state counts and keep failed/blocked queue as the dominant operator path.,Spec B
+003,admin,/admin/workspaces/33/operations/69,Operation #69,operator_surface,operator,workspace_scoped,artifacts/screenshots/admin/003-operator-surface-view-operation-run.png,5,5,4,4,3,4,4,4,4,4.1,P2,"Operation detail is strong, but lifecycle/timing/metadata still take visible space in the default view.","Move timing, context, and metadata further into technical detail/sidebar.",Spec B
+004,admin,/admin/workspaces/33/environments/spec-352-audit-no-urgent/backup-sets,Backup Sets,workflow_surface,operator,tenant_scoped,artifacts/screenshots/admin/004-workflow-surface-list-backup-sets.png,4,4,4,4,4,4,4,3,4,3.9,P2,"Backup list is scan-friendly, but backup quality and operation links need a stronger usability decision.",Keep quality sentence; add a single dominant backup usability/filter decision.,Spec B
+005,admin,/admin/workspaces/33/environments/spec-352-audit-no-urgent/backup-sets/25,View Backup Set,workflow_surface,operator,tenant_scoped,artifacts/screenshots/admin/005-workflow-surface-view-backup-set.png,4,4,3,3,2,4,3,3,4,3.4,P2,"Backup set view exposes lifecycle, timing, related context, and technical detail close to the main decision.",Make usability and included items primary; move IDs/timing/technical detail to sidebar/details.,Spec B
+006,admin,/admin/workspaces/33/environments/spec-352-audit-no-urgent/restore-runs/4,View Restore Run,workflow_surface,operator,tenant_scoped,artifacts/screenshots/admin/006-workflow-surface-view-restore-run.png,5,5,4,4,4,3,4,4,4,4.1,P2,"Restore run view has the right primary question, but still shows proof gaps and technical preview evidence prominently.",Keep safety/proof decision first; collapse technical preview evidence by default.,Spec B
+007,admin,/admin/workspaces/33/environments/spec-352-audit-no-urgent/restore-runs/create,Create Restore Run,workflow_surface,operator,tenant_scoped,artifacts/screenshots/admin/007-workflow-surface-create-restore-create-wizard.png,5,5,4,4,4,4,5,4,4,4.3,P2,Restore wizard is process-oriented and clear; default source-required state is still dense.,Preserve process flow; ensure preview/details stay collapsed until a backup is selected.,Spec B
+008,admin,/admin/baseline-profiles/4,View Spec 352 Calm Baseline spec-352-audit-no-urgent 20260604115033,decision_surface,operator,mixed,artifacts/screenshots/admin/008-decision-surface-view-baseline-profile.png,3,3,2,2,2,4,4,2,3,2.8,P1,"Baseline profile view is dominated by long names, normalized scope terms, metadata, and technical governance vocabulary.",Create a baseline decision summary and move normalization lineage/metadata to details.,Spec B
+009,admin,/admin/workspaces/33/environments/spec-352-audit-no-urgent/baseline-compare,Baseline Compare,decision_surface,operator,tenant_scoped,artifacts/screenshots/admin/009-decision-surface-report-baseline-compare.png,5,5,4,4,4,4,4,4,4,4.2,P2,"Baseline compare is one of the better decision surfaces, but notification/chrome repetition still distracts.",Use as a target pattern; reduce notification replay in first viewport.,Spec A
+010,admin,/admin/workspaces/33/environments/spec-352-audit-review-output/evidence/22,Sign in,evidence_surface,auditor,tenant_scoped,artifacts/screenshots/blocked-or-error/010-evidence-surface-view-evidence-snapshot-error.png,0,0,0,0,0,0,0,0,0,0,P1,Evidence snapshot detail redirected to admin login with available smoke context.,Clarify route/auth requirements or provide documented fixture access for evidence surface audits.,Spec C
+011,customer,/admin/reviews/workspace,Customer Review Workspace,customer_surface,customer,customer_scoped,artifacts/screenshots/customer/011-customer-surface-report-customer-review-workspace.png,5,5,3,4,4,4,5,4,4,4.2,P2,"Customer review workspace is customer-safe overall but dense, with many status phrases and actions in the first viewport.",Keep customer outcome copy; reduce competing action/link density.,Spec C
+012,customer,/admin/workspaces/32/environments/spec-351-browser-ready-draft/environment-reviews/41,View Review,customer_surface,customer,tenant_scoped,artifacts/screenshots/customer/012-customer-surface-view-environment-review.png,4,4,3,3,3,4,4,4,4,3.7,P2,Review detail has customer-safe framing but high status repetition and broad navigation chrome.,Make acknowledgement/outcome the first card and collapse supporting diagnostics.,Spec C
+013,customer,/admin/workspaces/32/environments/spec-351-browser-ready-draft/review-packs/25,View Review Pack,customer_surface,auditor,tenant_scoped,artifacts/screenshots/customer/013-customer-surface-view-review-pack.png,4,4,4,4,4,4,4,5,5,4.2,P2,Review pack detail is comparatively strong; keep evidence/output readiness language reusable.,Reuse as customer output pattern.,Spec C
+014,customer,/admin/workspaces/32/environments/spec-351-browser-ready-draft/stored-reports/51,View Stored Report,customer_surface,auditor,tenant_scoped,artifacts/screenshots/customer/014-customer-surface-view-stored-report.png,4,4,4,4,4,4,4,5,5,4.2,P2,Stored report detail is customer/auditor-ready but still carries operator navigation shell.,Keep report readiness first; consider customer-mode shell reduction later.,Spec C
+015,admin,/admin/workspaces/33/environments/spec-352-audit-provider-blocker/diagnostics,Environment Diagnostics,diagnostic_surface,support,tenant_scoped,artifacts/screenshots/admin/015-diagnostic-surface-diagnostics-environment-diagnostics.png,4,3,4,3,3,4,3,3,3,3.3,P2,"Diagnostics page is clearly diagnostic, but guidance to resolve provider blockers should be more dominant.",Add what failed / what to check next summary before technical sections.,Spec D
+016,admin,/admin/workspaces/33/environments/spec-352-audit-provider-blocker/required-permissions,Sign in,configuration_surface,support,tenant_scoped,artifacts/screenshots/blocked-or-error/016-configuration-surface-settings-required-permissions-error.png,0,0,0,0,0,0,0,0,0,0,P1,Required permissions route redirected to admin login with available smoke context.,Document fixture/access preconditions; audit page once reachable.,Spec D
+017,admin,/admin/provider-connections,Provider Connections,configuration_surface,operator,mixed,artifacts/screenshots/admin/017-configuration-surface-list-provider-connections.png,3,3,3,3,3,4,3,2,3,3,P2,Provider connections list shows provider lifecycle/capability fields as table truth without a strong readiness decision.,Introduce provider readiness summary and make technical columns secondary.,Spec D
+031,system,/system,Sign in,system_surface,platform_admin,system_scoped,artifacts/screenshots/blocked-or-error/031-system-surface-dashboard-system-dashboard-error.png,0,0,0,0,0,0,0,0,0,0,P1,System dashboard redirected to system login; no system smoke auth path was available.,Add documented system-panel audit fixture or mark system panel as separately auditable.,Spec D
+032,system,/system/ops/runs,Sign in,system_surface,platform_admin,system_scoped,artifacts/screenshots/blocked-or-error/032-system-surface-list-system-operations-error.png,0,0,0,0,0,0,0,0,0,0,P1,System operations redirected to system login; no system smoke auth path was available.,Add documented system-panel audit fixture or mark system panel as separately auditable.,Spec D

specs/368-platform-ui-signal-to-noise-browser-audit/recommendations.md

@@ -0,0 +1,29 @@
+# Recommendations
+
+Verification level: derived from browser-verified screenshots plus repo-verified route/provider inventory.
+
+## Recommended Global UI Rules
+
+1. Decision-first header: every operator/customer detail page should answer status, reason, impact, and next action before metadata.
+2. Metadata separation: IDs, timestamps, run context, provider capability details, and normalization lineage belong in a sidebar or collapsed technical detail by default.
+3. Zero-state suppression: do not show 0 errors, 0 degraded, 0 active, or 0 follow-up cards when the primary decision already says no action needed.
+4. Customer-safe default: customer/auditor views show outcome, readiness, risk, limitations, and export/handoff actions; diagnostics and internal IDs stay collapsed.
+5. Diagnostic contract: diagnostics pages lead with what failed, why it likely failed, what to check next, and related evidence/operation.
+6. Shell density guard: notification replay and navigation chrome should not dominate the first viewport of decision/report pages.
+7. Provider readiness rule: provider configuration surfaces need a single readiness decision before lifecycle/capability columns.
+
+## Prioritized Refactor Candidates
+
+1. Baseline Profile View: high technical density and weak primary decision.
+2. Backup Set View: restore-critical but metadata/lifecycle compete with usability.
+3. OperationRun View: strong foundation; metadata needs stronger separation.
+4. Customer Review Workspace: already productized, but first viewport should be calmer.
+5. Provider Connections List/View: readiness should be more prominent than provider field inventory.
+6. Environment Diagnostics / Required Permissions: diagnostic access and guidance need a consistent contract.
+7. Evidence Snapshot View: route/fixture reachability must be resolved before UI quality can be trusted.
+
+## Out of Scope
+
+- No runtime changes were made.
+- No CSS, Blade, PHP, policy, migration, seeder, or navigation changes are recommended for immediate implementation in this audit artifact.
+- Detailed remediation belongs in follow-up specs.

specs/368-platform-ui-signal-to-noise-browser-audit/spec-candidates.md

@@ -0,0 +1,103 @@
+# Recommended Follow-up Specs
+
+Verification level: derived from browser-verified audit findings and repo-verified surface inventory.
+
+## Spec Candidate A - Global Surface Information Architecture Contract v1
+
+Goal: Define platform-wide UI rules for decision-first display, metadata separation, zero-state suppression, and progressive disclosure.
+
+Why now: The same bloat patterns recur across dashboards, operations, backup, customer review, and provider surfaces.
+
+Pages included: shared guidance and examples from Operations Hub, Environment Dashboard, Baseline Compare, Customer Review Workspace.
+
+Pages explicitly excluded: mass refactors of individual resource pages.
+
+Expected impact: Prevents new UI bloat and gives future specs a stable target.
+
+Risk: Over-generalizing into a UI framework. Keep this as rules and examples, not a new abstraction layer.
+
+DoD: global rules documented; UI-COV registry alignment checked; no runtime code required unless separately approved.
+
+Required screenshots: before examples from this audit and one target mock/example per archetype.
+
+Tests/guards: optional static guard proposal only; no app changes in this spec unless approved.
+
+## Spec Candidate B - Core Operator View Surfaces Productization Pass v1
+
+Goal: Refactor highest-impact operator view pages into calmer decision-first layouts.
+
+Why now: OperationRun, Backup Set, Restore Run, and Baseline Profile are restore/audit-critical operator surfaces.
+
+Pages included: OperationRun View, Backup Set View, Restore Run View, Baseline Profile View, Baseline Compare.
+
+Pages explicitly excluded: customer review workspace and system panel.
+
+Expected impact: Faster operator decisions and less technical scanning in critical workflows.
+
+Risk: Touching restore/operation UI can regress high-impact admin flows; keep changes page-local and test with Filament/browser smoke.
+
+DoD: before/after screenshots; decision-first first viewport; metadata collapsed/sidebar; destructive action behavior unchanged.
+
+Required screenshots: desktop default, details expanded, mobile for OperationRun and RestoreRun.
+
+Tests/guards: Pest/Livewire action coverage where actions are affected; browser smoke for key view pages.
+
+## Spec Candidate C - Customer/Auditor Surface Safety Pass v1
+
+Goal: Ensure customer-facing surfaces are readable, evidence-first, and free from internal diagnostics by default.
+
+Why now: Customer Review Workspace is strong but dense; evidence detail was not reachable in the available browser context.
+
+Pages included: Customer Review Workspace, Environment Review View, Review Pack View, Stored Report View, Evidence Snapshot View.
+
+Pages explicitly excluded: operator diagnostics and system panel.
+
+Expected impact: Calmer customer/auditor handoff and clearer limitations/evidence readiness.
+
+Risk: Hiding useful operator context; preserve explicit details disclosures for support users.
+
+DoD: customer-safe first viewport; limitations and export/handoff actions visible; technical details collapsed.
+
+Required screenshots: customer default, details expanded, mobile, evidence inaccessible state resolved.
+
+Tests/guards: browser smoke for customer-safe text and absence of internal IDs/raw diagnostics in default view.
+
+## Spec Candidate D - Diagnostic Surface Separation v1
+
+Goal: Move diagnostic and raw technical details into explicit diagnostic surfaces/disclosures and make diagnostic pages action-oriented.
+
+Why now: Required Permissions and system panel were blocked in browser context; Environment Diagnostics needs stronger next-check guidance.
+
+Pages included: Environment Diagnostics, Required Permissions, Provider Connections, System Ops pages, OperationRun technical detail.
+
+Pages explicitly excluded: customer reports except links into diagnostics.
+
+Expected impact: Better support workflows without leaking debug/provider language into customer/operator decision surfaces.
+
+Risk: Insufficient fixture/auth coverage for system panel; start by documenting access and screenshots.
+
+DoD: diagnostic pages lead with failure, likely cause, next check, related operation/evidence; raw payloads collapsed.
+
+Required screenshots: provider blocker state, required permissions, system ops login/reachable state.
+
+Tests/guards: browser smoke for diagnostics summary and access fixture.
+
+## Spec Candidate E - UI Bloat Regression Guard v1
+
+Goal: Add lightweight guardrails to detect repeated status, zero-card spam, raw IDs in customer surfaces, and missing primary actions.
+
+Why now: Recurring bloat is likely to return with agent-generated UI unless checked.
+
+Pages included: guard/checklist docs first; selected smoke pages if implementation is approved.
+
+Pages explicitly excluded: direct UI refactors.
+
+Expected impact: Prevents future regressions without a large redesign.
+
+Risk: Brittle tests if implemented as markup snapshots. Prefer semantic text/structure checks.
+
+DoD: checklist and small proof-of-concept guard with explicit exceptions.
+
+Required screenshots: examples of pass/fail states from this audit.
+
+Tests/guards: one bounded browser/static guard; no broad visual snapshot suite.